1
0
Fork 0
mirror of https://github.com/ansible-collections/community.general.git synced 2024-09-14 20:13:21 +02:00
community.general/plugins/modules/network/fortimanager/fmgr_fwobj_vip.py

2429 lines
122 KiB
Python
Raw Normal View History

2020-03-09 10:11:07 +01:00
#!/usr/bin/python
#
# This file is part of Ansible
#
# Ansible is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# Ansible is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with Ansible. If not, see <http://www.gnu.org/licenses/>.
#
from __future__ import absolute_import, division, print_function
__metaclass__ = type
ANSIBLE_METADATA = {'status': ['preview'],
'supported_by': 'community',
'metadata_version': '1.1'}
DOCUMENTATION = '''
---
module: fmgr_fwobj_vip
notes:
- Full Documentation at U(https://ftnt-ansible-docs.readthedocs.io/en/latest/).
author:
- Luke Weighall (@lweighall)
- Andrew Welsh (@Ghilli3)
- Jim Huber (@p4r4n0y1ng)
short_description: Manages Virtual IPs objects in FortiManager
description:
- Manages Virtual IP objects in FortiManager for IPv4
options:
adom:
description:
- The ADOM the configuration should belong to.
required: false
default: root
mode:
description:
- Sets one of three modes for managing the object.
- Allows use of soft-adds instead of overwriting existing values
choices: ['add', 'set', 'delete', 'update']
required: false
default: add
websphere_server:
description:
- Enable to add an HTTP header to indicate SSL offloading for a WebSphere server.
- choice | disable | Do not add HTTP header indicating SSL offload for WebSphere server.
- choice | enable | Add HTTP header indicating SSL offload for WebSphere server.
required: false
choices: ["disable", "enable"]
weblogic_server:
description:
- Enable to add an HTTP header to indicate SSL offloading for a WebLogic server.
- choice | disable | Do not add HTTP header indicating SSL offload for WebLogic server.
- choice | enable | Add HTTP header indicating SSL offload for WebLogic server.
required: false
choices: ["disable", "enable"]
type:
description:
- Configure a static NAT, load balance, server load balance, DNS translation, or FQDN VIP.
- choice | static-nat | Static NAT.
- choice | load-balance | Load balance.
- choice | server-load-balance | Server load balance.
- choice | dns-translation | DNS translation.
- choice | fqdn | FQDN Translation
required: false
choices: ["static-nat", "load-balance", "server-load-balance", "dns-translation", "fqdn"]
ssl_server_session_state_type:
description:
- How to expire SSL sessions for the segment of the SSL connection between the server and the FortiGate.
- choice | disable | Do not keep session states.
- choice | time | Expire session states after this many minutes.
- choice | count | Expire session states when this maximum is reached.
- choice | both | Expire session states based on time or count, whichever occurs first.
required: false
choices: ["disable", "time", "count", "both"]
ssl_server_session_state_timeout:
description:
- Number of minutes to keep FortiGate to Server SSL session state.
required: false
ssl_server_session_state_max:
description:
- Maximum number of FortiGate to Server SSL session states to keep.
required: false
ssl_server_min_version:
description:
- Lowest SSL/TLS version acceptable from a server. Use the client setting by default.
- choice | ssl-3.0 | SSL 3.0.
- choice | tls-1.0 | TLS 1.0.
- choice | tls-1.1 | TLS 1.1.
- choice | tls-1.2 | TLS 1.2.
- choice | client | Use same value as client configuration.
required: false
choices: ["ssl-3.0", "tls-1.0", "tls-1.1", "tls-1.2", "client"]
ssl_server_max_version:
description:
- Highest SSL/TLS version acceptable from a server. Use the client setting by default.
- choice | ssl-3.0 | SSL 3.0.
- choice | tls-1.0 | TLS 1.0.
- choice | tls-1.1 | TLS 1.1.
- choice | tls-1.2 | TLS 1.2.
- choice | client | Use same value as client configuration.
required: false
choices: ["ssl-3.0", "tls-1.0", "tls-1.1", "tls-1.2", "client"]
ssl_server_algorithm:
description:
- Permitted encryption algorithms for the server side of SSL full mode sessions according to encryption strength
- choice | high | High encryption. Allow only AES and ChaCha.
- choice | low | Low encryption. Allow AES, ChaCha, 3DES, RC4, and DES.
- choice | medium | Medium encryption. Allow AES, ChaCha, 3DES, and RC4.
- choice | custom | Custom encryption. Use ssl-server-cipher-suites to select the cipher suites that are allowed.
- choice | client | Use the same encryption algorithms for both client and server sessions.
required: false
choices: ["high", "low", "medium", "custom", "client"]
ssl_send_empty_frags:
description:
- Enable/disable sending empty fragments to avoid CBC IV attacks (SSL 3.0 &amp; TLS 1.0 only).
- choice | disable | Do not send empty fragments.
- choice | enable | Send empty fragments.
required: false
choices: ["disable", "enable"]
ssl_pfs:
description:
- Select the cipher suites that can be used for SSL perfect forward secrecy (PFS).
- choice | require | Allow only Diffie-Hellman cipher-suites, so PFS is applied.
- choice | deny | Allow only non-Diffie-Hellman cipher-suites, so PFS is not applied.
- choice | allow | Allow use of any cipher suite so PFS may or may not be used depending on the cipher suite
required: false
choices: ["require", "deny", "allow"]
ssl_mode:
description:
- Apply SSL offloading mode
- choice | half | Client to FortiGate SSL.
- choice | full | Client to FortiGate and FortiGate to Server SSL.
required: false
choices: ["half", "full"]
ssl_min_version:
description:
- Lowest SSL/TLS version acceptable from a client.
- choice | ssl-3.0 | SSL 3.0.
- choice | tls-1.0 | TLS 1.0.
- choice | tls-1.1 | TLS 1.1.
- choice | tls-1.2 | TLS 1.2.
required: false
choices: ["ssl-3.0", "tls-1.0", "tls-1.1", "tls-1.2"]
ssl_max_version:
description:
- Highest SSL/TLS version acceptable from a client.
- choice | ssl-3.0 | SSL 3.0.
- choice | tls-1.0 | TLS 1.0.
- choice | tls-1.1 | TLS 1.1.
- choice | tls-1.2 | TLS 1.2.
required: false
choices: ["ssl-3.0", "tls-1.0", "tls-1.1", "tls-1.2"]
ssl_http_match_host:
description:
- Enable/disable HTTP host matching for location conversion.
- choice | disable | Do not match HTTP host.
- choice | enable | Match HTTP host in response header.
required: false
choices: ["disable", "enable"]
ssl_http_location_conversion:
description:
- Enable to replace HTTP with HTTPS in the reply's Location HTTP header field.
- choice | disable | Disable HTTP location conversion.
- choice | enable | Enable HTTP location conversion.
required: false
choices: ["disable", "enable"]
ssl_hsts_include_subdomains:
description:
- Indicate that HSTS header applies to all subdomains.
- choice | disable | HSTS header does not apply to subdomains.
- choice | enable | HSTS header applies to subdomains.
required: false
choices: ["disable", "enable"]
ssl_hsts_age:
description:
- Number of seconds the client should honour the HSTS setting.
required: false
ssl_hsts:
description:
- Enable/disable including HSTS header in response.
- choice | disable | Do not add a HSTS header to each a HTTP response.
- choice | enable | Add a HSTS header to each HTTP response.
required: false
choices: ["disable", "enable"]
ssl_hpkp_report_uri:
description:
- URL to report HPKP violations to.
required: false
ssl_hpkp_primary:
description:
- Certificate to generate primary HPKP pin from.
required: false
ssl_hpkp_include_subdomains:
description:
- Indicate that HPKP header applies to all subdomains.
- choice | disable | HPKP header does not apply to subdomains.
- choice | enable | HPKP header applies to subdomains.
required: false
choices: ["disable", "enable"]
ssl_hpkp_backup:
description:
- Certificate to generate backup HPKP pin from.
required: false
ssl_hpkp_age:
description:
- Number of seconds the client should honour the HPKP setting.
required: false
ssl_hpkp:
description:
- Enable/disable including HPKP header in response.
- choice | disable | Do not add a HPKP header to each HTTP response.
- choice | enable | Add a HPKP header to each a HTTP response.
- choice | report-only | Add a HPKP Report-Only header to each HTTP response.
required: false
choices: ["disable", "enable", "report-only"]
ssl_dh_bits:
description:
- Number of bits to use in the Diffie-Hellman exchange for RSA encryption of SSL sessions.
- choice | 768 | 768-bit Diffie-Hellman prime.
- choice | 1024 | 1024-bit Diffie-Hellman prime.
- choice | 1536 | 1536-bit Diffie-Hellman prime.
- choice | 2048 | 2048-bit Diffie-Hellman prime.
- choice | 3072 | 3072-bit Diffie-Hellman prime.
- choice | 4096 | 4096-bit Diffie-Hellman prime.
required: false
choices: ["768", "1024", "1536", "2048", "3072", "4096"]
ssl_client_session_state_type:
description:
- How to expire SSL sessions for the segment of the SSL connection between the client and the FortiGate.
- choice | disable | Do not keep session states.
- choice | time | Expire session states after this many minutes.
- choice | count | Expire session states when this maximum is reached.
- choice | both | Expire session states based on time or count, whichever occurs first.
required: false
choices: ["disable", "time", "count", "both"]
ssl_client_session_state_timeout:
description:
- Number of minutes to keep client to FortiGate SSL session state.
required: false
ssl_client_session_state_max:
description:
- Maximum number of client to FortiGate SSL session states to keep.
required: false
ssl_client_renegotiation:
description:
- Allow, deny, or require secure renegotiation of client sessions to comply with RFC 5746.
- choice | deny | Abort any client initiated SSL re-negotiation attempt.
- choice | allow | Allow a SSL client to renegotiate.
- choice | secure | Abort any client initiated SSL re-negotiation attempt that does not use RFC 5746.
required: false
choices: ["deny", "allow", "secure"]
ssl_client_fallback:
description:
- Enable/disable support for preventing Downgrade Attacks on client connections (RFC 7507).
- choice | disable | Disable.
- choice | enable | Enable.
required: false
choices: ["disable", "enable"]
ssl_certificate:
description:
- The name of the SSL certificate to use for SSL acceleration.
required: false
ssl_algorithm:
description:
- Permitted encryption algorithms for SSL sessions according to encryption strength.
- choice | high | High encryption. Allow only AES and ChaCha.
- choice | medium | Medium encryption. Allow AES, ChaCha, 3DES, and RC4.
- choice | low | Low encryption. Allow AES, ChaCha, 3DES, RC4, and DES.
- choice | custom | Custom encryption. Use config ssl-cipher-suites to select the cipher suites that are allowed.
required: false
choices: ["high", "medium", "low", "custom"]
srcintf_filter:
description:
- Interfaces to which the VIP applies. Separate the names with spaces.
required: false
src_filter:
description:
- Source address filter. Each address must be either an IP/subnet (x.x.x.x/n) or a range (x.x.x.x-y.y.y.y).
- Separate addresses with spaces.
required: false
service:
description:
- Service name.
required: false
server_type:
description:
- Protocol to be load balanced by the virtual server (also called the server load balance virtual IP).
- choice | http | HTTP
- choice | https | HTTPS
- choice | ssl | SSL
- choice | tcp | TCP
- choice | udp | UDP
- choice | ip | IP
- choice | imaps | IMAPS
- choice | pop3s | POP3S
- choice | smtps | SMTPS
required: false
choices: ["http", "https", "ssl", "tcp", "udp", "ip", "imaps", "pop3s", "smtps"]
protocol:
description:
- Protocol to use when forwarding packets.
- choice | tcp | TCP.
- choice | udp | UDP.
- choice | sctp | SCTP.
- choice | icmp | ICMP.
required: false
choices: ["tcp", "udp", "sctp", "icmp"]
portmapping_type:
description:
- Port mapping type.
- choice | 1-to-1 | One to one.
- choice | m-to-n | Many to many.
required: false
choices: ["1-to-1", "m-to-n"]
portforward:
description:
- Enable/disable port forwarding.
- choice | disable | Disable port forward.
- choice | enable | Enable port forward.
required: false
choices: ["disable", "enable"]
persistence:
description:
- Configure how to make sure that clients connect to the same server every time they make a request that is part
- of the same session.
- choice | none | None.
- choice | http-cookie | HTTP cookie.
- choice | ssl-session-id | SSL session ID.
required: false
choices: ["none", "http-cookie", "ssl-session-id"]
outlook_web_access:
description:
- Enable to add the Front-End-Https header for Microsoft Outlook Web Access.
- choice | disable | Disable Outlook Web Access support.
- choice | enable | Enable Outlook Web Access support.
required: false
choices: ["disable", "enable"]
nat_source_vip:
description:
- Enable to prevent unintended servers from using a virtual IP.
- Disable to use the actual IP address of the server as the source address.
- choice | disable | Do not force to NAT as VIP.
- choice | enable | Force to NAT as VIP.
required: false
choices: ["disable", "enable"]
name:
description:
- Virtual IP name.
required: false
monitor:
description:
- Name of the health check monitor to use when polling to determine a virtual server's connectivity status.
required: false
max_embryonic_connections:
description:
- Maximum number of incomplete connections.
required: false
mappedport:
description:
- Port number range on the destination network to which the external port number range is mapped.
required: false
mappedip:
description:
- IP address or address range on the destination network to which the external IP address is mapped.
required: false
mapped_addr:
description:
- Mapped FQDN address name.
required: false
ldb_method:
description:
- Method used to distribute sessions to real servers.
- choice | static | Distribute to server based on source IP.
- choice | round-robin | Distribute to server based round robin order.
- choice | weighted | Distribute to server based on weight.
- choice | least-session | Distribute to server with lowest session count.
- choice | least-rtt | Distribute to server with lowest Round-Trip-Time.
- choice | first-alive | Distribute to the first server that is alive.
- choice | http-host | Distribute to server based on host field in HTTP header.
required: false
choices: ["static", "round-robin", "weighted", "least-session", "least-rtt", "first-alive", "http-host"]
https_cookie_secure:
description:
- Enable/disable verification that inserted HTTPS cookies are secure.
- choice | disable | Do not mark cookie as secure, allow sharing between an HTTP and HTTPS connection.
- choice | enable | Mark inserted cookie as secure, cookie can only be used for HTTPS a connection.
required: false
choices: ["disable", "enable"]
http_multiplex:
description:
- Enable/disable HTTP multiplexing.
- choice | disable | Disable HTTP session multiplexing.
- choice | enable | Enable HTTP session multiplexing.
required: false
choices: ["disable", "enable"]
http_ip_header_name:
description:
- For HTTP multiplexing, enter a custom HTTPS header name. The orig client IP address is added to this header.
- If empty, X-Forwarded-For is used.
required: false
http_ip_header:
description:
- For HTTP multiplexing, enable to add the original client IP address in the XForwarded-For HTTP header.
- choice | disable | Disable adding HTTP header.
- choice | enable | Enable adding HTTP header.
required: false
choices: ["disable", "enable"]
http_cookie_share:
description:
- Control sharing of cookies across virtual servers. same-ip means a cookie from one virtual server can be used
- by another. Disable stops cookie sharing.
- choice | disable | Only allow HTTP cookie to match this virtual server.
- choice | same-ip | Allow HTTP cookie to match any virtual server with same IP.
required: false
choices: ["disable", "same-ip"]
http_cookie_path:
description:
- Limit HTTP cookie persistence to the specified path.
required: false
http_cookie_generation:
description:
- Generation of HTTP cookie to be accepted. Changing invalidates all existing cookies.
required: false
http_cookie_domain_from_host:
description:
- Enable/disable use of HTTP cookie domain from host field in HTTP.
- choice | disable | Disable use of HTTP cookie domain from host field in HTTP (use http-cooke-domain setting).
- choice | enable | Enable use of HTTP cookie domain from host field in HTTP.
required: false
choices: ["disable", "enable"]
http_cookie_domain:
description:
- Domain that HTTP cookie persistence should apply to.
required: false
http_cookie_age:
description:
- Time in minutes that client web browsers should keep a cookie. Default is 60 seconds. 0 = no time limit.
required: false
gratuitous_arp_interval:
description:
- Enable to have the VIP send gratuitous ARPs. 0=disabled. Set from 5 up to 8640000 seconds to enable.
required: false
extport:
description:
- Incoming port number range that you want to map to a port number range on the destination network.
required: false
extip:
description:
- IP address or address range on the external interface that you want to map to an address or address range on t
- he destination network.
required: false
extintf:
description:
- Interface connected to the source network that receives the packets that will be forwarded to the destination
- network.
required: false
extaddr:
description:
- External FQDN address name.
required: false
dns_mapping_ttl:
description:
- DNS mapping TTL (Set to zero to use TTL in DNS response, default = 0).
required: false
comment:
description:
- Comment.
required: false
color:
description:
- Color of icon on the GUI.
required: false
arp_reply:
description:
- Enable to respond to ARP requests for this virtual IP address. Enabled by default.
- choice | disable | Disable ARP reply.
- choice | enable | Enable ARP reply.
required: false
choices: ["disable", "enable"]
dynamic_mapping:
description:
- EXPERTS ONLY! KNOWLEDGE OF FMGR JSON API IS REQUIRED!
- List of multiple child objects to be added. Expects a list of dictionaries.
- Dictionaries must use FortiManager API parameters, not the ansible ones listed below.
- If submitted, all other prefixed sub-parameters ARE IGNORED.
- This object is MUTUALLY EXCLUSIVE with its options.
- We expect that you know what you are doing with these list parameters, and are leveraging the JSON API Guide.
- WHEN IN DOUBT, USE THE SUB OPTIONS BELOW INSTEAD TO CREATE OBJECTS WITH MULTIPLE TASKS
required: false
dynamic_mapping_arp_reply:
description:
- Dynamic Mapping Version of Suffixed Option Name. Sub-Table. Same Descriptions as Parent.
- choice | disable |
- choice | enable |
required: false
choices: ["disable", "enable"]
dynamic_mapping_color:
description:
- Dynamic Mapping Version of Suffixed Option Name. Sub-Table. Same Descriptions as Parent.
required: false
dynamic_mapping_comment:
description:
- Dynamic Mapping Version of Suffixed Option Name. Sub-Table. Same Descriptions as Parent.
required: false
dynamic_mapping_dns_mapping_ttl:
description:
- Dynamic Mapping Version of Suffixed Option Name. Sub-Table. Same Descriptions as Parent.
required: false
dynamic_mapping_extaddr:
description:
- Dynamic Mapping Version of Suffixed Option Name. Sub-Table. Same Descriptions as Parent.
required: false
dynamic_mapping_extintf:
description:
- Dynamic Mapping Version of Suffixed Option Name. Sub-Table. Same Descriptions as Parent.
required: false
dynamic_mapping_extip:
description:
- Dynamic Mapping Version of Suffixed Option Name. Sub-Table. Same Descriptions as Parent.
required: false
dynamic_mapping_extport:
description:
- Dynamic Mapping Version of Suffixed Option Name. Sub-Table. Same Descriptions as Parent.
required: false
dynamic_mapping_gratuitous_arp_interval:
description:
- Dynamic Mapping Version of Suffixed Option Name. Sub-Table. Same Descriptions as Parent.
required: false
dynamic_mapping_http_cookie_age:
description:
- Dynamic Mapping Version of Suffixed Option Name. Sub-Table. Same Descriptions as Parent.
required: false
dynamic_mapping_http_cookie_domain:
description:
- Dynamic Mapping Version of Suffixed Option Name. Sub-Table. Same Descriptions as Parent.
required: false
dynamic_mapping_http_cookie_domain_from_host:
description:
- Dynamic Mapping Version of Suffixed Option Name. Sub-Table. Same Descriptions as Parent.
- choice | disable |
- choice | enable |
required: false
choices: ["disable", "enable"]
dynamic_mapping_http_cookie_generation:
description:
- Dynamic Mapping Version of Suffixed Option Name. Sub-Table. Same Descriptions as Parent.
required: false
dynamic_mapping_http_cookie_path:
description:
- Dynamic Mapping Version of Suffixed Option Name. Sub-Table. Same Descriptions as Parent.
required: false
dynamic_mapping_http_cookie_share:
description:
- Dynamic Mapping Version of Suffixed Option Name. Sub-Table. Same Descriptions as Parent.
- choice | disable |
- choice | same-ip |
required: false
choices: ["disable", "same-ip"]
dynamic_mapping_http_ip_header:
description:
- Dynamic Mapping Version of Suffixed Option Name. Sub-Table. Same Descriptions as Parent.
- choice | disable |
- choice | enable |
required: false
choices: ["disable", "enable"]
dynamic_mapping_http_ip_header_name:
description:
- Dynamic Mapping Version of Suffixed Option Name. Sub-Table. Same Descriptions as Parent.
required: false
dynamic_mapping_http_multiplex:
description:
- Dynamic Mapping Version of Suffixed Option Name. Sub-Table. Same Descriptions as Parent.
- choice | disable |
- choice | enable |
required: false
choices: ["disable", "enable"]
dynamic_mapping_https_cookie_secure:
description:
- Dynamic Mapping Version of Suffixed Option Name. Sub-Table. Same Descriptions as Parent.
- choice | disable |
- choice | enable |
required: false
choices: ["disable", "enable"]
dynamic_mapping_ldb_method:
description:
- Dynamic Mapping Version of Suffixed Option Name. Sub-Table. Same Descriptions as Parent.
- choice | static |
- choice | round-robin |
- choice | weighted |
- choice | least-session |
- choice | least-rtt |
- choice | first-alive |
- choice | http-host |
required: false
choices: ["static", "round-robin", "weighted", "least-session", "least-rtt", "first-alive", "http-host"]
dynamic_mapping_mapped_addr:
description:
- Dynamic Mapping Version of Suffixed Option Name. Sub-Table. Same Descriptions as Parent.
required: false
dynamic_mapping_mappedip:
description:
- Dynamic Mapping Version of Suffixed Option Name. Sub-Table. Same Descriptions as Parent.
required: false
dynamic_mapping_mappedport:
description:
- Dynamic Mapping Version of Suffixed Option Name. Sub-Table. Same Descriptions as Parent.
required: false
dynamic_mapping_max_embryonic_connections:
description:
- Dynamic Mapping Version of Suffixed Option Name. Sub-Table. Same Descriptions as Parent.
required: false
dynamic_mapping_monitor:
description:
- Dynamic Mapping Version of Suffixed Option Name. Sub-Table. Same Descriptions as Parent.
required: false
dynamic_mapping_nat_source_vip:
description:
- Dynamic Mapping Version of Suffixed Option Name. Sub-Table. Same Descriptions as Parent.
- choice | disable |
- choice | enable |
required: false
choices: ["disable", "enable"]
dynamic_mapping_outlook_web_access:
description:
- Dynamic Mapping Version of Suffixed Option Name. Sub-Table. Same Descriptions as Parent.
- choice | disable |
- choice | enable |
required: false
choices: ["disable", "enable"]
dynamic_mapping_persistence:
description:
- Dynamic Mapping Version of Suffixed Option Name. Sub-Table. Same Descriptions as Parent.
- choice | none |
- choice | http-cookie |
- choice | ssl-session-id |
required: false
choices: ["none", "http-cookie", "ssl-session-id"]
dynamic_mapping_portforward:
description:
- Dynamic Mapping Version of Suffixed Option Name. Sub-Table. Same Descriptions as Parent.
- choice | disable |
- choice | enable |
required: false
choices: ["disable", "enable"]
dynamic_mapping_portmapping_type:
description:
- Dynamic Mapping Version of Suffixed Option Name. Sub-Table. Same Descriptions as Parent.
- choice | 1-to-1 |
- choice | m-to-n |
required: false
choices: ["1-to-1", "m-to-n"]
dynamic_mapping_protocol:
description:
- Dynamic Mapping Version of Suffixed Option Name. Sub-Table. Same Descriptions as Parent.
- choice | tcp |
- choice | udp |
- choice | sctp |
- choice | icmp |
required: false
choices: ["tcp", "udp", "sctp", "icmp"]
dynamic_mapping_server_type:
description:
- Dynamic Mapping Version of Suffixed Option Name. Sub-Table. Same Descriptions as Parent.
- choice | http |
- choice | https |
- choice | ssl |
- choice | tcp |
- choice | udp |
- choice | ip |
- choice | imaps |
- choice | pop3s |
- choice | smtps |
required: false
choices: ["http", "https", "ssl", "tcp", "udp", "ip", "imaps", "pop3s", "smtps"]
dynamic_mapping_service:
description:
- Dynamic Mapping Version of Suffixed Option Name. Sub-Table. Same Descriptions as Parent.
required: false
dynamic_mapping_src_filter:
description:
- Dynamic Mapping Version of Suffixed Option Name. Sub-Table. Same Descriptions as Parent.
required: false
dynamic_mapping_srcintf_filter:
description:
- Dynamic Mapping Version of Suffixed Option Name. Sub-Table. Same Descriptions as Parent.
required: false
dynamic_mapping_ssl_algorithm:
description:
- Dynamic Mapping Version of Suffixed Option Name. Sub-Table. Same Descriptions as Parent.
- choice | high |
- choice | medium |
- choice | low |
- choice | custom |
required: false
choices: ["high", "medium", "low", "custom"]
dynamic_mapping_ssl_certificate:
description:
- Dynamic Mapping Version of Suffixed Option Name. Sub-Table. Same Descriptions as Parent.
required: false
dynamic_mapping_ssl_client_fallback:
description:
- Dynamic Mapping Version of Suffixed Option Name. Sub-Table. Same Descriptions as Parent.
- choice | disable |
- choice | enable |
required: false
choices: ["disable", "enable"]
dynamic_mapping_ssl_client_renegotiation:
description:
- Dynamic Mapping Version of Suffixed Option Name. Sub-Table. Same Descriptions as Parent.
- choice | deny |
- choice | allow |
- choice | secure |
required: false
choices: ["deny", "allow", "secure"]
dynamic_mapping_ssl_client_session_state_max:
description:
- Dynamic Mapping Version of Suffixed Option Name. Sub-Table. Same Descriptions as Parent.
required: false
dynamic_mapping_ssl_client_session_state_timeout:
description:
- Dynamic Mapping Version of Suffixed Option Name. Sub-Table. Same Descriptions as Parent.
required: false
dynamic_mapping_ssl_client_session_state_type:
description:
- Dynamic Mapping Version of Suffixed Option Name. Sub-Table. Same Descriptions as Parent.
- choice | disable |
- choice | time |
- choice | count |
- choice | both |
required: false
choices: ["disable", "time", "count", "both"]
dynamic_mapping_ssl_dh_bits:
description:
- Dynamic Mapping Version of Suffixed Option Name. Sub-Table. Same Descriptions as Parent.
- choice | 768 |
- choice | 1024 |
- choice | 1536 |
- choice | 2048 |
- choice | 3072 |
- choice | 4096 |
required: false
choices: ["768", "1024", "1536", "2048", "3072", "4096"]
dynamic_mapping_ssl_hpkp:
description:
- Dynamic Mapping Version of Suffixed Option Name. Sub-Table. Same Descriptions as Parent.
- choice | disable |
- choice | enable |
- choice | report-only |
required: false
choices: ["disable", "enable", "report-only"]
dynamic_mapping_ssl_hpkp_age:
description:
- Dynamic Mapping Version of Suffixed Option Name. Sub-Table. Same Descriptions as Parent.
required: false
dynamic_mapping_ssl_hpkp_backup:
description:
- Dynamic Mapping Version of Suffixed Option Name. Sub-Table. Same Descriptions as Parent.
required: false
dynamic_mapping_ssl_hpkp_include_subdomains:
description:
- Dynamic Mapping Version of Suffixed Option Name. Sub-Table. Same Descriptions as Parent.
- choice | disable |
- choice | enable |
required: false
choices: ["disable", "enable"]
dynamic_mapping_ssl_hpkp_primary:
description:
- Dynamic Mapping Version of Suffixed Option Name. Sub-Table. Same Descriptions as Parent.
required: false
dynamic_mapping_ssl_hpkp_report_uri:
description:
- Dynamic Mapping Version of Suffixed Option Name. Sub-Table. Same Descriptions as Parent.
required: false
dynamic_mapping_ssl_hsts:
description:
- Dynamic Mapping Version of Suffixed Option Name. Sub-Table. Same Descriptions as Parent.
- choice | disable |
- choice | enable |
required: false
choices: ["disable", "enable"]
dynamic_mapping_ssl_hsts_age:
description:
- Dynamic Mapping Version of Suffixed Option Name. Sub-Table. Same Descriptions as Parent.
required: false
dynamic_mapping_ssl_hsts_include_subdomains:
description:
- Dynamic Mapping Version of Suffixed Option Name. Sub-Table. Same Descriptions as Parent.
- choice | disable |
- choice | enable |
required: false
choices: ["disable", "enable"]
dynamic_mapping_ssl_http_location_conversion:
description:
- Dynamic Mapping Version of Suffixed Option Name. Sub-Table. Same Descriptions as Parent.
- choice | disable |
- choice | enable |
required: false
choices: ["disable", "enable"]
dynamic_mapping_ssl_http_match_host:
description:
- Dynamic Mapping Version of Suffixed Option Name. Sub-Table. Same Descriptions as Parent.
- choice | disable |
- choice | enable |
required: false
choices: ["disable", "enable"]
dynamic_mapping_ssl_max_version:
description:
- Dynamic Mapping Version of Suffixed Option Name. Sub-Table. Same Descriptions as Parent.
- choice | ssl-3.0 |
- choice | tls-1.0 |
- choice | tls-1.1 |
- choice | tls-1.2 |
required: false
choices: ["ssl-3.0", "tls-1.0", "tls-1.1", "tls-1.2"]
dynamic_mapping_ssl_min_version:
description:
- Dynamic Mapping Version of Suffixed Option Name. Sub-Table. Same Descriptions as Parent.
- choice | ssl-3.0 |
- choice | tls-1.0 |
- choice | tls-1.1 |
- choice | tls-1.2 |
required: false
choices: ["ssl-3.0", "tls-1.0", "tls-1.1", "tls-1.2"]
dynamic_mapping_ssl_mode:
description:
- Dynamic Mapping Version of Suffixed Option Name. Sub-Table. Same Descriptions as Parent.
- choice | half |
- choice | full |
required: false
choices: ["half", "full"]
dynamic_mapping_ssl_pfs:
description:
- Dynamic Mapping Version of Suffixed Option Name. Sub-Table. Same Descriptions as Parent.
- choice | require |
- choice | deny |
- choice | allow |
required: false
choices: ["require", "deny", "allow"]
dynamic_mapping_ssl_send_empty_frags:
description:
- Dynamic Mapping Version of Suffixed Option Name. Sub-Table. Same Descriptions as Parent.
- choice | disable |
- choice | enable |
required: false
choices: ["disable", "enable"]
dynamic_mapping_ssl_server_algorithm:
description:
- Dynamic Mapping Version of Suffixed Option Name. Sub-Table. Same Descriptions as Parent.
- choice | high |
- choice | low |
- choice | medium |
- choice | custom |
- choice | client |
required: false
choices: ["high", "low", "medium", "custom", "client"]
dynamic_mapping_ssl_server_max_version:
description:
- Dynamic Mapping Version of Suffixed Option Name. Sub-Table. Same Descriptions as Parent.
- choice | ssl-3.0 |
- choice | tls-1.0 |
- choice | tls-1.1 |
- choice | tls-1.2 |
- choice | client |
required: false
choices: ["ssl-3.0", "tls-1.0", "tls-1.1", "tls-1.2", "client"]
dynamic_mapping_ssl_server_min_version:
description:
- Dynamic Mapping Version of Suffixed Option Name. Sub-Table. Same Descriptions as Parent.
- choice | ssl-3.0 |
- choice | tls-1.0 |
- choice | tls-1.1 |
- choice | tls-1.2 |
- choice | client |
required: false
choices: ["ssl-3.0", "tls-1.0", "tls-1.1", "tls-1.2", "client"]
dynamic_mapping_ssl_server_session_state_max:
description:
- Dynamic Mapping Version of Suffixed Option Name. Sub-Table. Same Descriptions as Parent.
required: false
dynamic_mapping_ssl_server_session_state_timeout:
description:
- Dynamic Mapping Version of Suffixed Option Name. Sub-Table. Same Descriptions as Parent.
required: false
dynamic_mapping_ssl_server_session_state_type:
description:
- Dynamic Mapping Version of Suffixed Option Name. Sub-Table. Same Descriptions as Parent.
- choice | disable |
- choice | time |
- choice | count |
- choice | both |
required: false
choices: ["disable", "time", "count", "both"]
dynamic_mapping_type:
description:
- Dynamic Mapping Version of Suffixed Option Name. Sub-Table. Same Descriptions as Parent.
- choice | static-nat |
- choice | load-balance |
- choice | server-load-balance |
- choice | dns-translation |
- choice | fqdn |
required: false
choices: ["static-nat", "load-balance", "server-load-balance", "dns-translation", "fqdn"]
dynamic_mapping_weblogic_server:
description:
- Dynamic Mapping Version of Suffixed Option Name. Sub-Table. Same Descriptions as Parent.
- choice | disable |
- choice | enable |
required: false
choices: ["disable", "enable"]
dynamic_mapping_websphere_server:
description:
- Dynamic Mapping Version of Suffixed Option Name. Sub-Table. Same Descriptions as Parent.
- choice | disable |
- choice | enable |
required: false
choices: ["disable", "enable"]
dynamic_mapping_realservers_client_ip:
description:
- Dynamic Mapping Version of Suffixed Option Name. Sub-Table. Same Descriptions as Parent.
required: false
dynamic_mapping_realservers_healthcheck:
description:
- Dynamic Mapping Version of Suffixed Option Name. Sub-Table. Same Descriptions as Parent.
- choice | disable |
- choice | enable |
- choice | vip |
required: false
choices: ["disable", "enable", "vip"]
dynamic_mapping_realservers_holddown_interval:
description:
- Dynamic Mapping Version of Suffixed Option Name. Sub-Table. Same Descriptions as Parent.
required: false
dynamic_mapping_realservers_http_host:
description:
- Dynamic Mapping Version of Suffixed Option Name. Sub-Table. Same Descriptions as Parent.
required: false
dynamic_mapping_realservers_ip:
description:
- Dynamic Mapping Version of Suffixed Option Name. Sub-Table. Same Descriptions as Parent.
required: false
dynamic_mapping_realservers_max_connections:
description:
- Dynamic Mapping Version of Suffixed Option Name. Sub-Table. Same Descriptions as Parent.
required: false
dynamic_mapping_realservers_monitor:
description:
- Dynamic Mapping Version of Suffixed Option Name. Sub-Table. Same Descriptions as Parent.
required: false
dynamic_mapping_realservers_port:
description:
- Dynamic Mapping Version of Suffixed Option Name. Sub-Table. Same Descriptions as Parent.
required: false
dynamic_mapping_realservers_seq:
description:
- Dynamic Mapping Version of Suffixed Option Name. Sub-Table. Same Descriptions as Parent.
required: false
dynamic_mapping_realservers_status:
description:
- Dynamic Mapping Version of Suffixed Option Name. Sub-Table. Same Descriptions as Parent.
- choice | active |
- choice | standby |
- choice | disable |
required: false
choices: ["active", "standby", "disable"]
dynamic_mapping_realservers_weight:
description:
- Dynamic Mapping Version of Suffixed Option Name. Sub-Table. Same Descriptions as Parent.
required: false
dynamic_mapping_ssl_cipher_suites_cipher:
description:
- Dynamic Mapping Version of Suffixed Option Name. Sub-Table. Same Descriptions as Parent.
- choice | TLS-RSA-WITH-RC4-128-MD5 |
- choice | TLS-RSA-WITH-RC4-128-SHA |
- choice | TLS-RSA-WITH-DES-CBC-SHA |
- choice | TLS-RSA-WITH-3DES-EDE-CBC-SHA |
- choice | TLS-RSA-WITH-AES-128-CBC-SHA |
- choice | TLS-RSA-WITH-AES-256-CBC-SHA |
- choice | TLS-RSA-WITH-AES-128-CBC-SHA256 |
- choice | TLS-RSA-WITH-AES-256-CBC-SHA256 |
- choice | TLS-RSA-WITH-CAMELLIA-128-CBC-SHA |
- choice | TLS-RSA-WITH-CAMELLIA-256-CBC-SHA |
- choice | TLS-RSA-WITH-CAMELLIA-128-CBC-SHA256 |
- choice | TLS-RSA-WITH-CAMELLIA-256-CBC-SHA256 |
- choice | TLS-RSA-WITH-SEED-CBC-SHA |
- choice | TLS-RSA-WITH-ARIA-128-CBC-SHA256 |
- choice | TLS-RSA-WITH-ARIA-256-CBC-SHA384 |
- choice | TLS-DHE-RSA-WITH-DES-CBC-SHA |
- choice | TLS-DHE-RSA-WITH-3DES-EDE-CBC-SHA |
- choice | TLS-DHE-RSA-WITH-AES-128-CBC-SHA |
- choice | TLS-DHE-RSA-WITH-AES-256-CBC-SHA |
- choice | TLS-DHE-RSA-WITH-AES-128-CBC-SHA256 |
- choice | TLS-DHE-RSA-WITH-AES-256-CBC-SHA256 |
- choice | TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA |
- choice | TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA |
- choice | TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA256 |
- choice | TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA256 |
- choice | TLS-DHE-RSA-WITH-SEED-CBC-SHA |
- choice | TLS-DHE-RSA-WITH-ARIA-128-CBC-SHA256 |
- choice | TLS-DHE-RSA-WITH-ARIA-256-CBC-SHA384 |
- choice | TLS-ECDHE-RSA-WITH-RC4-128-SHA |
- choice | TLS-ECDHE-RSA-WITH-3DES-EDE-CBC-SHA |
- choice | TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA |
- choice | TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA |
- choice | TLS-ECDHE-RSA-WITH-CHACHA20-POLY1305-SHA256 |
- choice | TLS-ECDHE-ECDSA-WITH-CHACHA20-POLY1305-SHA256 |
- choice | TLS-DHE-RSA-WITH-CHACHA20-POLY1305-SHA256 |
- choice | TLS-DHE-RSA-WITH-AES-128-GCM-SHA256 |
- choice | TLS-DHE-RSA-WITH-AES-256-GCM-SHA384 |
- choice | TLS-DHE-DSS-WITH-AES-128-CBC-SHA |
- choice | TLS-DHE-DSS-WITH-AES-256-CBC-SHA |
- choice | TLS-DHE-DSS-WITH-AES-128-CBC-SHA256 |
- choice | TLS-DHE-DSS-WITH-AES-128-GCM-SHA256 |
- choice | TLS-DHE-DSS-WITH-AES-256-CBC-SHA256 |
- choice | TLS-DHE-DSS-WITH-AES-256-GCM-SHA384 |
- choice | TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA256 |
- choice | TLS-ECDHE-RSA-WITH-AES-128-GCM-SHA256 |
- choice | TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA384 |
- choice | TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384 |
- choice | TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA |
- choice | TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA256 |
- choice | TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256 |
- choice | TLS-ECDHE-ECDSA-WITH-AES-256-CBC-SHA384 |
- choice | TLS-ECDHE-ECDSA-WITH-AES-256-GCM-SHA384 |
- choice | TLS-RSA-WITH-AES-128-GCM-SHA256 |
- choice | TLS-RSA-WITH-AES-256-GCM-SHA384 |
- choice | TLS-DHE-DSS-WITH-CAMELLIA-128-CBC-SHA |
- choice | TLS-DHE-DSS-WITH-CAMELLIA-256-CBC-SHA |
- choice | TLS-DHE-DSS-WITH-CAMELLIA-128-CBC-SHA256 |
- choice | TLS-DHE-DSS-WITH-CAMELLIA-256-CBC-SHA256 |
- choice | TLS-DHE-DSS-WITH-SEED-CBC-SHA |
- choice | TLS-DHE-DSS-WITH-ARIA-128-CBC-SHA256 |
- choice | TLS-DHE-DSS-WITH-ARIA-256-CBC-SHA384 |
- choice | TLS-ECDHE-RSA-WITH-ARIA-128-CBC-SHA256 |
- choice | TLS-ECDHE-RSA-WITH-ARIA-256-CBC-SHA384 |
- choice | TLS-ECDHE-ECDSA-WITH-ARIA-128-CBC-SHA256 |
- choice | TLS-ECDHE-ECDSA-WITH-ARIA-256-CBC-SHA384 |
- choice | TLS-DHE-DSS-WITH-3DES-EDE-CBC-SHA |
- choice | TLS-DHE-DSS-WITH-DES-CBC-SHA |
required: false
choices: ["TLS-RSA-WITH-RC4-128-MD5",
"TLS-RSA-WITH-RC4-128-SHA",
"TLS-RSA-WITH-DES-CBC-SHA",
"TLS-RSA-WITH-3DES-EDE-CBC-SHA",
"TLS-RSA-WITH-AES-128-CBC-SHA",
"TLS-RSA-WITH-AES-256-CBC-SHA",
"TLS-RSA-WITH-AES-128-CBC-SHA256",
"TLS-RSA-WITH-AES-256-CBC-SHA256",
"TLS-RSA-WITH-CAMELLIA-128-CBC-SHA",
"TLS-RSA-WITH-CAMELLIA-256-CBC-SHA",
"TLS-RSA-WITH-CAMELLIA-128-CBC-SHA256",
"TLS-RSA-WITH-CAMELLIA-256-CBC-SHA256",
"TLS-RSA-WITH-SEED-CBC-SHA",
"TLS-RSA-WITH-ARIA-128-CBC-SHA256",
"TLS-RSA-WITH-ARIA-256-CBC-SHA384",
"TLS-DHE-RSA-WITH-DES-CBC-SHA",
"TLS-DHE-RSA-WITH-3DES-EDE-CBC-SHA",
"TLS-DHE-RSA-WITH-AES-128-CBC-SHA",
"TLS-DHE-RSA-WITH-AES-256-CBC-SHA",
"TLS-DHE-RSA-WITH-AES-128-CBC-SHA256",
"TLS-DHE-RSA-WITH-AES-256-CBC-SHA256",
"TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA",
"TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA",
"TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA256",
"TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA256",
"TLS-DHE-RSA-WITH-SEED-CBC-SHA",
"TLS-DHE-RSA-WITH-ARIA-128-CBC-SHA256",
"TLS-DHE-RSA-WITH-ARIA-256-CBC-SHA384",
"TLS-ECDHE-RSA-WITH-RC4-128-SHA",
"TLS-ECDHE-RSA-WITH-3DES-EDE-CBC-SHA",
"TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA",
"TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA",
"TLS-ECDHE-RSA-WITH-CHACHA20-POLY1305-SHA256",
"TLS-ECDHE-ECDSA-WITH-CHACHA20-POLY1305-SHA256",
"TLS-DHE-RSA-WITH-CHACHA20-POLY1305-SHA256",
"TLS-DHE-RSA-WITH-AES-128-GCM-SHA256",
"TLS-DHE-RSA-WITH-AES-256-GCM-SHA384",
"TLS-DHE-DSS-WITH-AES-128-CBC-SHA",
"TLS-DHE-DSS-WITH-AES-256-CBC-SHA",
"TLS-DHE-DSS-WITH-AES-128-CBC-SHA256",
"TLS-DHE-DSS-WITH-AES-128-GCM-SHA256",
"TLS-DHE-DSS-WITH-AES-256-CBC-SHA256",
"TLS-DHE-DSS-WITH-AES-256-GCM-SHA384",
"TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA256",
"TLS-ECDHE-RSA-WITH-AES-128-GCM-SHA256",
"TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA384",
"TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384",
"TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA",
"TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA256",
"TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256",
"TLS-ECDHE-ECDSA-WITH-AES-256-CBC-SHA384",
"TLS-ECDHE-ECDSA-WITH-AES-256-GCM-SHA384",
"TLS-RSA-WITH-AES-128-GCM-SHA256",
"TLS-RSA-WITH-AES-256-GCM-SHA384",
"TLS-DHE-DSS-WITH-CAMELLIA-128-CBC-SHA",
"TLS-DHE-DSS-WITH-CAMELLIA-256-CBC-SHA",
"TLS-DHE-DSS-WITH-CAMELLIA-128-CBC-SHA256",
"TLS-DHE-DSS-WITH-CAMELLIA-256-CBC-SHA256",
"TLS-DHE-DSS-WITH-SEED-CBC-SHA",
"TLS-DHE-DSS-WITH-ARIA-128-CBC-SHA256",
"TLS-DHE-DSS-WITH-ARIA-256-CBC-SHA384",
"TLS-ECDHE-RSA-WITH-ARIA-128-CBC-SHA256",
"TLS-ECDHE-RSA-WITH-ARIA-256-CBC-SHA384",
"TLS-ECDHE-ECDSA-WITH-ARIA-128-CBC-SHA256",
"TLS-ECDHE-ECDSA-WITH-ARIA-256-CBC-SHA384",
"TLS-DHE-DSS-WITH-3DES-EDE-CBC-SHA",
"TLS-DHE-DSS-WITH-DES-CBC-SHA"]
dynamic_mapping_ssl_cipher_suites_versions:
description:
- Dynamic Mapping Version of Suffixed Option Name. Sub-Table. Same Descriptions as Parent.
- FLAG Based Options. Specify multiple in list form.
- flag | ssl-3.0 |
- flag | tls-1.0 |
- flag | tls-1.1 |
- flag | tls-1.2 |
required: false
choices: ["ssl-3.0", "tls-1.0", "tls-1.1", "tls-1.2"]
realservers:
description:
- EXPERTS ONLY! KNOWLEDGE OF FMGR JSON API IS REQUIRED!
- List of multiple child objects to be added. Expects a list of dictionaries.
- Dictionaries must use FortiManager API parameters, not the ansible ones listed below.
- If submitted, all other prefixed sub-parameters ARE IGNORED.
- This object is MUTUALLY EXCLUSIVE with its options.
- We expect that you know what you are doing with these list parameters, and are leveraging the JSON API Guide.
- WHEN IN DOUBT, USE THE SUB OPTIONS BELOW INSTEAD TO CREATE OBJECTS WITH MULTIPLE TASKS
required: false
realservers_client_ip:
description:
- Only clients in this IP range can connect to this real server.
required: false
realservers_healthcheck:
description:
- Enable to check the responsiveness of the real server before forwarding traffic.
- choice | disable | Disable per server health check.
- choice | enable | Enable per server health check.
- choice | vip | Use health check defined in VIP.
required: false
choices: ["disable", "enable", "vip"]
realservers_holddown_interval:
description:
- Time in seconds that the health check monitor monitors an unresponsive server that should be active.
required: false
realservers_http_host:
description:
- HTTP server domain name in HTTP header.
required: false
realservers_ip:
description:
- IP address of the real server.
required: false
realservers_max_connections:
description:
- Max number of active connections that can be directed to the real server. When reached, sessions are sent to
- their real servers.
required: false
realservers_monitor:
description:
- Name of the health check monitor to use when polling to determine a virtual server's connectivity status.
required: false
realservers_port:
description:
- Port for communicating with the real server. Required if port forwarding is enabled.
required: false
realservers_seq:
description:
- Real Server Sequence Number
required: false
realservers_status:
description:
- Set the status of the real server to active so that it can accept traffic.
- Or on standby or disabled so no traffic is sent.
- choice | active | Server status active.
- choice | standby | Server status standby.
- choice | disable | Server status disable.
required: false
choices: ["active", "standby", "disable"]
realservers_weight:
description:
- Weight of the real server. If weighted load balancing is enabled, the server with the highest weight gets more
- connections.
required: false
ssl_cipher_suites:
description:
- EXPERTS ONLY! KNOWLEDGE OF FMGR JSON API IS REQUIRED!
- List of multiple child objects to be added. Expects a list of dictionaries.
- Dictionaries must use FortiManager API parameters, not the ansible ones listed below.
- If submitted, all other prefixed sub-parameters ARE IGNORED.
- This object is MUTUALLY EXCLUSIVE with its options.
- We expect that you know what you are doing with these list parameters, and are leveraging the JSON API Guide.
- WHEN IN DOUBT, USE THE SUB OPTIONS BELOW INSTEAD TO CREATE OBJECTS WITH MULTIPLE TASKS
required: false
ssl_cipher_suites_cipher:
description:
- Cipher suite name.
- choice | TLS-RSA-WITH-RC4-128-MD5 | Cipher suite TLS-RSA-WITH-RC4-128-MD5.
- choice | TLS-RSA-WITH-RC4-128-SHA | Cipher suite TLS-RSA-WITH-RC4-128-SHA.
- choice | TLS-RSA-WITH-DES-CBC-SHA | Cipher suite TLS-RSA-WITH-DES-CBC-SHA.
- choice | TLS-RSA-WITH-3DES-EDE-CBC-SHA | Cipher suite TLS-RSA-WITH-3DES-EDE-CBC-SHA.
- choice | TLS-RSA-WITH-AES-128-CBC-SHA | Cipher suite TLS-RSA-WITH-AES-128-CBC-SHA.
- choice | TLS-RSA-WITH-AES-256-CBC-SHA | Cipher suite TLS-RSA-WITH-AES-256-CBC-SHA.
- choice | TLS-RSA-WITH-AES-128-CBC-SHA256 | Cipher suite TLS-RSA-WITH-AES-128-CBC-SHA256.
- choice | TLS-RSA-WITH-AES-256-CBC-SHA256 | Cipher suite TLS-RSA-WITH-AES-256-CBC-SHA256.
- choice | TLS-RSA-WITH-CAMELLIA-128-CBC-SHA | Cipher suite TLS-RSA-WITH-CAMELLIA-128-CBC-SHA.
- choice | TLS-RSA-WITH-CAMELLIA-256-CBC-SHA | Cipher suite TLS-RSA-WITH-CAMELLIA-256-CBC-SHA.
- choice | TLS-RSA-WITH-CAMELLIA-128-CBC-SHA256 | Cipher suite TLS-RSA-WITH-CAMELLIA-128-CBC-SHA256.
- choice | TLS-RSA-WITH-CAMELLIA-256-CBC-SHA256 | Cipher suite TLS-RSA-WITH-CAMELLIA-256-CBC-SHA256.
- choice | TLS-RSA-WITH-SEED-CBC-SHA | Cipher suite TLS-RSA-WITH-SEED-CBC-SHA.
- choice | TLS-RSA-WITH-ARIA-128-CBC-SHA256 | Cipher suite TLS-RSA-WITH-ARIA-128-CBC-SHA256.
- choice | TLS-RSA-WITH-ARIA-256-CBC-SHA384 | Cipher suite TLS-RSA-WITH-ARIA-256-CBC-SHA384.
- choice | TLS-DHE-RSA-WITH-DES-CBC-SHA | Cipher suite TLS-DHE-RSA-WITH-DES-CBC-SHA.
- choice | TLS-DHE-RSA-WITH-3DES-EDE-CBC-SHA | Cipher suite TLS-DHE-RSA-WITH-3DES-EDE-CBC-SHA.
- choice | TLS-DHE-RSA-WITH-AES-128-CBC-SHA | Cipher suite TLS-DHE-RSA-WITH-AES-128-CBC-SHA.
- choice | TLS-DHE-RSA-WITH-AES-256-CBC-SHA | Cipher suite TLS-DHE-RSA-WITH-AES-256-CBC-SHA.
- choice | TLS-DHE-RSA-WITH-AES-128-CBC-SHA256 | Cipher suite TLS-DHE-RSA-WITH-AES-128-CBC-SHA256.
- choice | TLS-DHE-RSA-WITH-AES-256-CBC-SHA256 | Cipher suite TLS-DHE-RSA-WITH-AES-256-CBC-SHA256.
- choice | TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA | Cipher suite TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA.
- choice | TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA | Cipher suite TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA.
- choice | TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA256 | Cipher suite TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA256.
- choice | TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA256 | Cipher suite TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA256.
- choice | TLS-DHE-RSA-WITH-SEED-CBC-SHA | Cipher suite TLS-DHE-RSA-WITH-SEED-CBC-SHA.
- choice | TLS-DHE-RSA-WITH-ARIA-128-CBC-SHA256 | Cipher suite TLS-DHE-RSA-WITH-ARIA-128-CBC-SHA256.
- choice | TLS-DHE-RSA-WITH-ARIA-256-CBC-SHA384 | Cipher suite TLS-DHE-RSA-WITH-ARIA-256-CBC-SHA384.
- choice | TLS-ECDHE-RSA-WITH-RC4-128-SHA | Cipher suite TLS-ECDHE-RSA-WITH-RC4-128-SHA.
- choice | TLS-ECDHE-RSA-WITH-3DES-EDE-CBC-SHA | Cipher suite TLS-ECDHE-RSA-WITH-3DES-EDE-CBC-SHA.
- choice | TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA | Cipher suite TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA.
- choice | TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA | Cipher suite TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA.
- choice | TLS-ECDHE-RSA-WITH-CHACHA20-POLY1305-SHA256 | Cipher suite TLS-ECDHE-RSA-WITH-CHACHA20-POLY1305-SHA256.
- choice | TLS-ECDHE-ECDSA-WITH-CHACHA20-POLY1305-SHA256 | Cipher suite TLS-ECDHE-ECDSA-WITH-CHACHA20-POLY1305-SHA256.
- choice | TLS-DHE-RSA-WITH-CHACHA20-POLY1305-SHA256 | Cipher suite TLS-DHE-RSA-WITH-CHACHA20-POLY1305-SHA256.
- choice | TLS-DHE-RSA-WITH-AES-128-GCM-SHA256 | Cipher suite TLS-DHE-RSA-WITH-AES-128-GCM-SHA256.
- choice | TLS-DHE-RSA-WITH-AES-256-GCM-SHA384 | Cipher suite TLS-DHE-RSA-WITH-AES-256-GCM-SHA384.
- choice | TLS-DHE-DSS-WITH-AES-128-CBC-SHA | Cipher suite TLS-DHE-DSS-WITH-AES-128-CBC-SHA.
- choice | TLS-DHE-DSS-WITH-AES-256-CBC-SHA | Cipher suite TLS-DHE-DSS-WITH-AES-256-CBC-SHA.
- choice | TLS-DHE-DSS-WITH-AES-128-CBC-SHA256 | Cipher suite TLS-DHE-DSS-WITH-AES-128-CBC-SHA256.
- choice | TLS-DHE-DSS-WITH-AES-128-GCM-SHA256 | Cipher suite TLS-DHE-DSS-WITH-AES-128-GCM-SHA256.
- choice | TLS-DHE-DSS-WITH-AES-256-CBC-SHA256 | Cipher suite TLS-DHE-DSS-WITH-AES-256-CBC-SHA256.
- choice | TLS-DHE-DSS-WITH-AES-256-GCM-SHA384 | Cipher suite TLS-DHE-DSS-WITH-AES-256-GCM-SHA384.
- choice | TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA256 | Cipher suite TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA256.
- choice | TLS-ECDHE-RSA-WITH-AES-128-GCM-SHA256 | Cipher suite TLS-ECDHE-RSA-WITH-AES-128-GCM-SHA256.
- choice | TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA384 | Cipher suite TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA384.
- choice | TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384 | Cipher suite TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384.
- choice | TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA | Cipher suite TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA.
- choice | TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA256 | Cipher suite TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA256.
- choice | TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256 | Cipher suite TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256.
- choice | TLS-ECDHE-ECDSA-WITH-AES-256-CBC-SHA384 | Cipher suite TLS-ECDHE-ECDSA-WITH-AES-256-CBC-SHA384.
- choice | TLS-ECDHE-ECDSA-WITH-AES-256-GCM-SHA384 | Cipher suite TLS-ECDHE-ECDSA-WITH-AES-256-GCM-SHA384.
- choice | TLS-RSA-WITH-AES-128-GCM-SHA256 | Cipher suite TLS-RSA-WITH-AES-128-GCM-SHA256.
- choice | TLS-RSA-WITH-AES-256-GCM-SHA384 | Cipher suite TLS-RSA-WITH-AES-256-GCM-SHA384.
- choice | TLS-DHE-DSS-WITH-CAMELLIA-128-CBC-SHA | Cipher suite TLS-DSS-RSA-WITH-CAMELLIA-128-CBC-SHA.
- choice | TLS-DHE-DSS-WITH-CAMELLIA-256-CBC-SHA | Cipher suite TLS-DHE-DSS-WITH-CAMELLIA-256-CBC-SHA.
- choice | TLS-DHE-DSS-WITH-CAMELLIA-128-CBC-SHA256 | Cipher suite TLS-DHE-DSS-WITH-CAMELLIA-128-CBC-SHA256.
- choice | TLS-DHE-DSS-WITH-CAMELLIA-256-CBC-SHA256 | Cipher suite TLS-DHE-DSS-WITH-CAMELLIA-256-CBC-SHA256.
- choice | TLS-DHE-DSS-WITH-SEED-CBC-SHA | Cipher suite TLS-DHE-DSS-WITH-SEED-CBC-SHA.
- choice | TLS-DHE-DSS-WITH-ARIA-128-CBC-SHA256 | Cipher suite TLS-DHE-DSS-WITH-ARIA-128-CBC-SHA256.
- choice | TLS-DHE-DSS-WITH-ARIA-256-CBC-SHA384 | Cipher suite TLS-DHE-DSS-WITH-ARIA-256-CBC-SHA384.
- choice | TLS-ECDHE-RSA-WITH-ARIA-128-CBC-SHA256 | Cipher suite TLS-ECDHE-RSA-WITH-ARIA-128-CBC-SHA256.
- choice | TLS-ECDHE-RSA-WITH-ARIA-256-CBC-SHA384 | Cipher suite TLS-ECDHE-RSA-WITH-ARIA-256-CBC-SHA384.
- choice | TLS-ECDHE-ECDSA-WITH-ARIA-128-CBC-SHA256 | Cipher suite TLS-ECDHE-ECDSA-WITH-ARIA-128-CBC_SHA256.
- choice | TLS-ECDHE-ECDSA-WITH-ARIA-256-CBC-SHA384 | Cipher suite TLS-ECDHE-ECDSA-WITH-ARIA-256-CBC_SHA384.
- choice | TLS-DHE-DSS-WITH-3DES-EDE-CBC-SHA | Cipher suite TLS-DHE-DSS-WITH-3DES-EDE-CBC-SHA.
- choice | TLS-DHE-DSS-WITH-DES-CBC-SHA | Cipher suite TLS-DHE-DSS-WITH-DES-CBC-SHA.
required: false
choices: ["TLS-RSA-WITH-RC4-128-MD5",
"TLS-RSA-WITH-RC4-128-SHA",
"TLS-RSA-WITH-DES-CBC-SHA",
"TLS-RSA-WITH-3DES-EDE-CBC-SHA",
"TLS-RSA-WITH-AES-128-CBC-SHA",
"TLS-RSA-WITH-AES-256-CBC-SHA",
"TLS-RSA-WITH-AES-128-CBC-SHA256",
"TLS-RSA-WITH-AES-256-CBC-SHA256",
"TLS-RSA-WITH-CAMELLIA-128-CBC-SHA",
"TLS-RSA-WITH-CAMELLIA-256-CBC-SHA",
"TLS-RSA-WITH-CAMELLIA-128-CBC-SHA256",
"TLS-RSA-WITH-CAMELLIA-256-CBC-SHA256",
"TLS-RSA-WITH-SEED-CBC-SHA",
"TLS-RSA-WITH-ARIA-128-CBC-SHA256",
"TLS-RSA-WITH-ARIA-256-CBC-SHA384",
"TLS-DHE-RSA-WITH-DES-CBC-SHA",
"TLS-DHE-RSA-WITH-3DES-EDE-CBC-SHA",
"TLS-DHE-RSA-WITH-AES-128-CBC-SHA",
"TLS-DHE-RSA-WITH-AES-256-CBC-SHA",
"TLS-DHE-RSA-WITH-AES-128-CBC-SHA256",
"TLS-DHE-RSA-WITH-AES-256-CBC-SHA256",
"TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA",
"TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA",
"TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA256",
"TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA256",
"TLS-DHE-RSA-WITH-SEED-CBC-SHA",
"TLS-DHE-RSA-WITH-ARIA-128-CBC-SHA256",
"TLS-DHE-RSA-WITH-ARIA-256-CBC-SHA384",
"TLS-ECDHE-RSA-WITH-RC4-128-SHA",
"TLS-ECDHE-RSA-WITH-3DES-EDE-CBC-SHA",
"TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA",
"TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA",
"TLS-ECDHE-RSA-WITH-CHACHA20-POLY1305-SHA256",
"TLS-ECDHE-ECDSA-WITH-CHACHA20-POLY1305-SHA256",
"TLS-DHE-RSA-WITH-CHACHA20-POLY1305-SHA256",
"TLS-DHE-RSA-WITH-AES-128-GCM-SHA256",
"TLS-DHE-RSA-WITH-AES-256-GCM-SHA384",
"TLS-DHE-DSS-WITH-AES-128-CBC-SHA",
"TLS-DHE-DSS-WITH-AES-256-CBC-SHA",
"TLS-DHE-DSS-WITH-AES-128-CBC-SHA256",
"TLS-DHE-DSS-WITH-AES-128-GCM-SHA256",
"TLS-DHE-DSS-WITH-AES-256-CBC-SHA256",
"TLS-DHE-DSS-WITH-AES-256-GCM-SHA384",
"TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA256",
"TLS-ECDHE-RSA-WITH-AES-128-GCM-SHA256",
"TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA384",
"TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384",
"TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA",
"TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA256",
"TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256",
"TLS-ECDHE-ECDSA-WITH-AES-256-CBC-SHA384",
"TLS-ECDHE-ECDSA-WITH-AES-256-GCM-SHA384",
"TLS-RSA-WITH-AES-128-GCM-SHA256",
"TLS-RSA-WITH-AES-256-GCM-SHA384",
"TLS-DHE-DSS-WITH-CAMELLIA-128-CBC-SHA",
"TLS-DHE-DSS-WITH-CAMELLIA-256-CBC-SHA",
"TLS-DHE-DSS-WITH-CAMELLIA-128-CBC-SHA256",
"TLS-DHE-DSS-WITH-CAMELLIA-256-CBC-SHA256",
"TLS-DHE-DSS-WITH-SEED-CBC-SHA",
"TLS-DHE-DSS-WITH-ARIA-128-CBC-SHA256",
"TLS-DHE-DSS-WITH-ARIA-256-CBC-SHA384",
"TLS-ECDHE-RSA-WITH-ARIA-128-CBC-SHA256",
"TLS-ECDHE-RSA-WITH-ARIA-256-CBC-SHA384",
"TLS-ECDHE-ECDSA-WITH-ARIA-128-CBC-SHA256",
"TLS-ECDHE-ECDSA-WITH-ARIA-256-CBC-SHA384",
"TLS-DHE-DSS-WITH-3DES-EDE-CBC-SHA",
"TLS-DHE-DSS-WITH-DES-CBC-SHA"]
ssl_cipher_suites_versions:
description:
- SSL/TLS versions that the cipher suite can be used with.
- FLAG Based Options. Specify multiple in list form.
- flag | ssl-3.0 | SSL 3.0.
- flag | tls-1.0 | TLS 1.0.
- flag | tls-1.1 | TLS 1.1.
- flag | tls-1.2 | TLS 1.2.
required: false
choices: ["ssl-3.0", "tls-1.0", "tls-1.1", "tls-1.2"]
ssl_server_cipher_suites:
description:
- EXPERTS ONLY! KNOWLEDGE OF FMGR JSON API IS REQUIRED!
- List of multiple child objects to be added. Expects a list of dictionaries.
- Dictionaries must use FortiManager API parameters, not the ansible ones listed below.
- If submitted, all other prefixed sub-parameters ARE IGNORED.
- This object is MUTUALLY EXCLUSIVE with its options.
- We expect that you know what you are doing with these list parameters, and are leveraging the JSON API Guide.
- WHEN IN DOUBT, USE THE SUB OPTIONS BELOW INSTEAD TO CREATE OBJECTS WITH MULTIPLE TASKS
required: false
ssl_server_cipher_suites_cipher:
description:
- Cipher suite name.
- choice | TLS-RSA-WITH-RC4-128-MD5 | Cipher suite TLS-RSA-WITH-RC4-128-MD5.
- choice | TLS-RSA-WITH-RC4-128-SHA | Cipher suite TLS-RSA-WITH-RC4-128-SHA.
- choice | TLS-RSA-WITH-DES-CBC-SHA | Cipher suite TLS-RSA-WITH-DES-CBC-SHA.
- choice | TLS-RSA-WITH-3DES-EDE-CBC-SHA | Cipher suite TLS-RSA-WITH-3DES-EDE-CBC-SHA.
- choice | TLS-RSA-WITH-AES-128-CBC-SHA | Cipher suite TLS-RSA-WITH-AES-128-CBC-SHA.
- choice | TLS-RSA-WITH-AES-256-CBC-SHA | Cipher suite TLS-RSA-WITH-AES-256-CBC-SHA.
- choice | TLS-RSA-WITH-AES-128-CBC-SHA256 | Cipher suite TLS-RSA-WITH-AES-128-CBC-SHA256.
- choice | TLS-RSA-WITH-AES-256-CBC-SHA256 | Cipher suite TLS-RSA-WITH-AES-256-CBC-SHA256.
- choice | TLS-RSA-WITH-CAMELLIA-128-CBC-SHA | Cipher suite TLS-RSA-WITH-CAMELLIA-128-CBC-SHA.
- choice | TLS-RSA-WITH-CAMELLIA-256-CBC-SHA | Cipher suite TLS-RSA-WITH-CAMELLIA-256-CBC-SHA.
- choice | TLS-RSA-WITH-CAMELLIA-128-CBC-SHA256 | Cipher suite TLS-RSA-WITH-CAMELLIA-128-CBC-SHA256.
- choice | TLS-RSA-WITH-CAMELLIA-256-CBC-SHA256 | Cipher suite TLS-RSA-WITH-CAMELLIA-256-CBC-SHA256.
- choice | TLS-RSA-WITH-SEED-CBC-SHA | Cipher suite TLS-RSA-WITH-SEED-CBC-SHA.
- choice | TLS-RSA-WITH-ARIA-128-CBC-SHA256 | Cipher suite TLS-RSA-WITH-ARIA-128-CBC-SHA256.
- choice | TLS-RSA-WITH-ARIA-256-CBC-SHA384 | Cipher suite TLS-RSA-WITH-ARIA-256-CBC-SHA384.
- choice | TLS-DHE-RSA-WITH-DES-CBC-SHA | Cipher suite TLS-DHE-RSA-WITH-DES-CBC-SHA.
- choice | TLS-DHE-RSA-WITH-3DES-EDE-CBC-SHA | Cipher suite TLS-DHE-RSA-WITH-3DES-EDE-CBC-SHA.
- choice | TLS-DHE-RSA-WITH-AES-128-CBC-SHA | Cipher suite TLS-DHE-RSA-WITH-AES-128-CBC-SHA.
- choice | TLS-DHE-RSA-WITH-AES-256-CBC-SHA | Cipher suite TLS-DHE-RSA-WITH-AES-256-CBC-SHA.
- choice | TLS-DHE-RSA-WITH-AES-128-CBC-SHA256 | Cipher suite TLS-DHE-RSA-WITH-AES-128-CBC-SHA256.
- choice | TLS-DHE-RSA-WITH-AES-256-CBC-SHA256 | Cipher suite TLS-DHE-RSA-WITH-AES-256-CBC-SHA256.
- choice | TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA | Cipher suite TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA.
- choice | TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA | Cipher suite TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA.
- choice | TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA256 | Cipher suite TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA256.
- choice | TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA256 | Cipher suite TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA256.
- choice | TLS-DHE-RSA-WITH-SEED-CBC-SHA | Cipher suite TLS-DHE-RSA-WITH-SEED-CBC-SHA.
- choice | TLS-DHE-RSA-WITH-ARIA-128-CBC-SHA256 | Cipher suite TLS-DHE-RSA-WITH-ARIA-128-CBC-SHA256.
- choice | TLS-DHE-RSA-WITH-ARIA-256-CBC-SHA384 | Cipher suite TLS-DHE-RSA-WITH-ARIA-256-CBC-SHA384.
- choice | TLS-ECDHE-RSA-WITH-RC4-128-SHA | Cipher suite TLS-ECDHE-RSA-WITH-RC4-128-SHA.
- choice | TLS-ECDHE-RSA-WITH-3DES-EDE-CBC-SHA | Cipher suite TLS-ECDHE-RSA-WITH-3DES-EDE-CBC-SHA.
- choice | TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA | Cipher suite TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA.
- choice | TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA | Cipher suite TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA.
- choice | TLS-ECDHE-RSA-WITH-CHACHA20-POLY1305-SHA256 | Cipher suite TLS-ECDHE-RSA-WITH-CHACHA20-POLY1305-SHA256.
- choice | TLS-ECDHE-ECDSA-WITH-CHACHA20-POLY1305-SHA256 | Suite TLS-ECDHE-ECDSA-WITH-CHACHA20-POLY1305-SHA256.
- choice | TLS-DHE-RSA-WITH-CHACHA20-POLY1305-SHA256 | Cipher suite TLS-DHE-RSA-WITH-CHACHA20-POLY1305-SHA256.
- choice | TLS-DHE-RSA-WITH-AES-128-GCM-SHA256 | Cipher suite TLS-DHE-RSA-WITH-AES-128-GCM-SHA256.
- choice | TLS-DHE-RSA-WITH-AES-256-GCM-SHA384 | Cipher suite TLS-DHE-RSA-WITH-AES-256-GCM-SHA384.
- choice | TLS-DHE-DSS-WITH-AES-128-CBC-SHA | Cipher suite TLS-DHE-DSS-WITH-AES-128-CBC-SHA.
- choice | TLS-DHE-DSS-WITH-AES-256-CBC-SHA | Cipher suite TLS-DHE-DSS-WITH-AES-256-CBC-SHA.
- choice | TLS-DHE-DSS-WITH-AES-128-CBC-SHA256 | Cipher suite TLS-DHE-DSS-WITH-AES-128-CBC-SHA256.
- choice | TLS-DHE-DSS-WITH-AES-128-GCM-SHA256 | Cipher suite TLS-DHE-DSS-WITH-AES-128-GCM-SHA256.
- choice | TLS-DHE-DSS-WITH-AES-256-CBC-SHA256 | Cipher suite TLS-DHE-DSS-WITH-AES-256-CBC-SHA256.
- choice | TLS-DHE-DSS-WITH-AES-256-GCM-SHA384 | Cipher suite TLS-DHE-DSS-WITH-AES-256-GCM-SHA384.
- choice | TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA256 | Cipher suite TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA256.
- choice | TLS-ECDHE-RSA-WITH-AES-128-GCM-SHA256 | Cipher suite TLS-ECDHE-RSA-WITH-AES-128-GCM-SHA256.
- choice | TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA384 | Cipher suite TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA384.
- choice | TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384 | Cipher suite TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384.
- choice | TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA | Cipher suite TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA.
- choice | TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA256 | Cipher suite TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA256.
- choice | TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256 | Cipher suite TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256.
- choice | TLS-ECDHE-ECDSA-WITH-AES-256-CBC-SHA384 | Cipher suite TLS-ECDHE-ECDSA-WITH-AES-256-CBC-SHA384.
- choice | TLS-ECDHE-ECDSA-WITH-AES-256-GCM-SHA384 | Cipher suite TLS-ECDHE-ECDSA-WITH-AES-256-GCM-SHA384.
- choice | TLS-RSA-WITH-AES-128-GCM-SHA256 | Cipher suite TLS-RSA-WITH-AES-128-GCM-SHA256.
- choice | TLS-RSA-WITH-AES-256-GCM-SHA384 | Cipher suite TLS-RSA-WITH-AES-256-GCM-SHA384.
- choice | TLS-DHE-DSS-WITH-CAMELLIA-128-CBC-SHA | Cipher suite TLS-DSS-RSA-WITH-CAMELLIA-128-CBC-SHA.
- choice | TLS-DHE-DSS-WITH-CAMELLIA-256-CBC-SHA | Cipher suite TLS-DHE-DSS-WITH-CAMELLIA-256-CBC-SHA.
- choice | TLS-DHE-DSS-WITH-CAMELLIA-128-CBC-SHA256 | Cipher suite TLS-DHE-DSS-WITH-CAMELLIA-128-CBC-SHA256.
- choice | TLS-DHE-DSS-WITH-CAMELLIA-256-CBC-SHA256 | Cipher suite TLS-DHE-DSS-WITH-CAMELLIA-256-CBC-SHA256.
- choice | TLS-DHE-DSS-WITH-SEED-CBC-SHA | Cipher suite TLS-DHE-DSS-WITH-SEED-CBC-SHA.
- choice | TLS-DHE-DSS-WITH-ARIA-128-CBC-SHA256 | Cipher suite TLS-DHE-DSS-WITH-ARIA-128-CBC-SHA256.
- choice | TLS-DHE-DSS-WITH-ARIA-256-CBC-SHA384 | Cipher suite TLS-DHE-DSS-WITH-ARIA-256-CBC-SHA384.
- choice | TLS-ECDHE-RSA-WITH-ARIA-128-CBC-SHA256 | Cipher suite TLS-ECDHE-RSA-WITH-ARIA-128-CBC-SHA256.
- choice | TLS-ECDHE-RSA-WITH-ARIA-256-CBC-SHA384 | Cipher suite TLS-ECDHE-RSA-WITH-ARIA-256-CBC-SHA384.
- choice | TLS-ECDHE-ECDSA-WITH-ARIA-128-CBC-SHA256 | Cipher suite TLS-ECDHE-ECDSA-WITH-ARIA-128-CBC_SHA256.
- choice | TLS-ECDHE-ECDSA-WITH-ARIA-256-CBC-SHA384 | Cipher suite TLS-ECDHE-ECDSA-WITH-ARIA-256-CBC_SHA384.
- choice | TLS-DHE-DSS-WITH-3DES-EDE-CBC-SHA | Cipher suite TLS-DHE-DSS-WITH-3DES-EDE-CBC-SHA.
- choice | TLS-DHE-DSS-WITH-DES-CBC-SHA | Cipher suite TLS-DHE-DSS-WITH-DES-CBC-SHA.
required: false
choices: ["TLS-RSA-WITH-RC4-128-MD5",
"TLS-RSA-WITH-RC4-128-SHA",
"TLS-RSA-WITH-DES-CBC-SHA",
"TLS-RSA-WITH-3DES-EDE-CBC-SHA",
"TLS-RSA-WITH-AES-128-CBC-SHA",
"TLS-RSA-WITH-AES-256-CBC-SHA",
"TLS-RSA-WITH-AES-128-CBC-SHA256",
"TLS-RSA-WITH-AES-256-CBC-SHA256",
"TLS-RSA-WITH-CAMELLIA-128-CBC-SHA",
"TLS-RSA-WITH-CAMELLIA-256-CBC-SHA",
"TLS-RSA-WITH-CAMELLIA-128-CBC-SHA256",
"TLS-RSA-WITH-CAMELLIA-256-CBC-SHA256",
"TLS-RSA-WITH-SEED-CBC-SHA",
"TLS-RSA-WITH-ARIA-128-CBC-SHA256",
"TLS-RSA-WITH-ARIA-256-CBC-SHA384",
"TLS-DHE-RSA-WITH-DES-CBC-SHA",
"TLS-DHE-RSA-WITH-3DES-EDE-CBC-SHA",
"TLS-DHE-RSA-WITH-AES-128-CBC-SHA",
"TLS-DHE-RSA-WITH-AES-256-CBC-SHA",
"TLS-DHE-RSA-WITH-AES-128-CBC-SHA256",
"TLS-DHE-RSA-WITH-AES-256-CBC-SHA256",
"TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA",
"TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA",
"TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA256",
"TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA256",
"TLS-DHE-RSA-WITH-SEED-CBC-SHA",
"TLS-DHE-RSA-WITH-ARIA-128-CBC-SHA256",
"TLS-DHE-RSA-WITH-ARIA-256-CBC-SHA384",
"TLS-ECDHE-RSA-WITH-RC4-128-SHA",
"TLS-ECDHE-RSA-WITH-3DES-EDE-CBC-SHA",
"TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA",
"TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA",
"TLS-ECDHE-RSA-WITH-CHACHA20-POLY1305-SHA256",
"TLS-ECDHE-ECDSA-WITH-CHACHA20-POLY1305-SHA256",
"TLS-DHE-RSA-WITH-CHACHA20-POLY1305-SHA256",
"TLS-DHE-RSA-WITH-AES-128-GCM-SHA256",
"TLS-DHE-RSA-WITH-AES-256-GCM-SHA384",
"TLS-DHE-DSS-WITH-AES-128-CBC-SHA",
"TLS-DHE-DSS-WITH-AES-256-CBC-SHA",
"TLS-DHE-DSS-WITH-AES-128-CBC-SHA256",
"TLS-DHE-DSS-WITH-AES-128-GCM-SHA256",
"TLS-DHE-DSS-WITH-AES-256-CBC-SHA256",
"TLS-DHE-DSS-WITH-AES-256-GCM-SHA384",
"TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA256",
"TLS-ECDHE-RSA-WITH-AES-128-GCM-SHA256",
"TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA384",
"TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384",
"TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA",
"TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA256",
"TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256",
"TLS-ECDHE-ECDSA-WITH-AES-256-CBC-SHA384",
"TLS-ECDHE-ECDSA-WITH-AES-256-GCM-SHA384",
"TLS-RSA-WITH-AES-128-GCM-SHA256",
"TLS-RSA-WITH-AES-256-GCM-SHA384",
"TLS-DHE-DSS-WITH-CAMELLIA-128-CBC-SHA",
"TLS-DHE-DSS-WITH-CAMELLIA-256-CBC-SHA",
"TLS-DHE-DSS-WITH-CAMELLIA-128-CBC-SHA256",
"TLS-DHE-DSS-WITH-CAMELLIA-256-CBC-SHA256",
"TLS-DHE-DSS-WITH-SEED-CBC-SHA",
"TLS-DHE-DSS-WITH-ARIA-128-CBC-SHA256",
"TLS-DHE-DSS-WITH-ARIA-256-CBC-SHA384",
"TLS-ECDHE-RSA-WITH-ARIA-128-CBC-SHA256",
"TLS-ECDHE-RSA-WITH-ARIA-256-CBC-SHA384",
"TLS-ECDHE-ECDSA-WITH-ARIA-128-CBC-SHA256",
"TLS-ECDHE-ECDSA-WITH-ARIA-256-CBC-SHA384",
"TLS-DHE-DSS-WITH-3DES-EDE-CBC-SHA",
"TLS-DHE-DSS-WITH-DES-CBC-SHA"]
ssl_server_cipher_suites_priority:
description:
- SSL/TLS cipher suites priority.
required: false
ssl_server_cipher_suites_versions:
description:
- SSL/TLS versions that the cipher suite can be used with.
- FLAG Based Options. Specify multiple in list form.
- flag | ssl-3.0 | SSL 3.0.
- flag | tls-1.0 | TLS 1.0.
- flag | tls-1.1 | TLS 1.1.
- flag | tls-1.2 | TLS 1.2.
required: false
choices: ["ssl-3.0", "tls-1.0", "tls-1.1", "tls-1.2"]
'''
EXAMPLES = '''
# BASIC FULL STATIC NAT MAPPING
- name: EDIT FMGR_FIREWALL_VIP SNAT
fmgr_fwobj_vip:
name: "Basic StaticNAT Map"
mode: "set"
adom: "ansible"
type: "static-nat"
extip: "82.72.192.185"
extintf: "any"
mappedip: "10.7.220.25"
comment: "Created by Ansible"
color: "17"
# BASIC PORT PNAT MAPPING
- name: EDIT FMGR_FIREWALL_VIP PNAT
fmgr_fwobj_vip:
name: "Basic PNAT Map Port 10443"
mode: "set"
adom: "ansible"
type: "static-nat"
extip: "82.72.192.185"
extport: "10443"
extintf: "any"
portforward: "enable"
protocol: "tcp"
mappedip: "10.7.220.25"
mappedport: "443"
comment: "Created by Ansible"
color: "17"
# BASIC DNS TRANSLATION NAT
- name: EDIT FMGR_FIREWALL_DNST
fmgr_fwobj_vip:
name: "Basic DNS Translation"
mode: "set"
adom: "ansible"
type: "dns-translation"
extip: "192.168.0.1-192.168.0.100"
extintf: "dmz"
mappedip: "3.3.3.0/24, 4.0.0.0/24"
comment: "Created by Ansible"
color: "12"
# BASIC FQDN NAT
- name: EDIT FMGR_FIREWALL_FQDN
fmgr_fwobj_vip:
name: "Basic FQDN Translation"
mode: "set"
adom: "ansible"
type: "fqdn"
mapped_addr: "google-play"
comment: "Created by Ansible"
color: "5"
# DELETE AN ENTRY
- name: DELETE FMGR_FIREWALL_VIP PNAT
fmgr_fwobj_vip:
name: "Basic PNAT Map Port 10443"
mode: "delete"
adom: "ansible"
'''
RETURN = """
api_result:
description: full API response, includes status code and message
returned: always
type: str
"""
from ansible.module_utils.basic import AnsibleModule, env_fallback
from ansible.module_utils.connection import Connection
from ansible_collections.fortinet.fortios.plugins.module_utils.fortimanager.fortimanager import FortiManagerHandler
from ansible_collections.fortinet.fortios.plugins.module_utils.fortimanager.common import FMGBaseException
from ansible_collections.fortinet.fortios.plugins.module_utils.fortimanager.common import FMGRCommon
from ansible_collections.fortinet.fortios.plugins.module_utils.fortimanager.common import FMGRMethods
from ansible_collections.fortinet.fortios.plugins.module_utils.fortimanager.common import DEFAULT_RESULT_OBJ
from ansible_collections.fortinet.fortios.plugins.module_utils.fortimanager.common import FAIL_SOCKET_MSG
from ansible_collections.fortinet.fortios.plugins.module_utils.fortimanager.common import prepare_dict
from ansible_collections.fortinet.fortios.plugins.module_utils.fortimanager.common import scrub_dict
2020-03-09 10:11:07 +01:00
def fmgr_firewall_vip_modify(fmgr, paramgram):
"""
:param fmgr: The fmgr object instance from fortimanager.py
:type fmgr: class object
:param paramgram: The formatted dictionary of options to process
:type paramgram: dict
:return: The response from the FortiManager
:rtype: dict
"""
mode = paramgram["mode"]
adom = paramgram["adom"]
# INIT A BASIC OBJECTS
response = DEFAULT_RESULT_OBJ
url = ""
datagram = {}
# EVAL THE MODE PARAMETER FOR SET OR ADD
if mode in ['set', 'add', 'update']:
url = '/pm/config/adom/{adom}/obj/firewall/vip'.format(adom=adom)
datagram = scrub_dict(prepare_dict(paramgram))
# EVAL THE MODE PARAMETER FOR DELETE
elif mode == "delete":
# SET THE CORRECT URL FOR DELETE
url = '/pm/config/adom/{adom}/obj/firewall/vip/{name}'.format(adom=adom, name=paramgram["name"])
datagram = {}
response = fmgr.process_request(url, datagram, paramgram["mode"])
return response
#############
# END METHODS
#############
def main():
argument_spec = dict(
adom=dict(type="str", default="root"),
mode=dict(choices=["add", "set", "delete", "update"], type="str", default="add"),
websphere_server=dict(required=False, type="str", choices=["disable", "enable"]),
weblogic_server=dict(required=False, type="str", choices=["disable", "enable"]),
type=dict(required=False, type="str",
choices=["static-nat", "load-balance", "server-load-balance", "dns-translation", "fqdn"]),
ssl_server_session_state_type=dict(required=False, type="str", choices=["disable", "time", "count", "both"]),
ssl_server_session_state_timeout=dict(required=False, type="int"),
ssl_server_session_state_max=dict(required=False, type="int"),
ssl_server_min_version=dict(required=False, type="str",
choices=["ssl-3.0", "tls-1.0", "tls-1.1", "tls-1.2", "client"]),
ssl_server_max_version=dict(required=False, type="str",
choices=["ssl-3.0", "tls-1.0", "tls-1.1", "tls-1.2", "client"]),
ssl_server_algorithm=dict(required=False, type="str", choices=["high", "low", "medium", "custom", "client"]),
ssl_send_empty_frags=dict(required=False, type="str", choices=["disable", "enable"]),
ssl_pfs=dict(required=False, type="str", choices=["require", "deny", "allow"]),
ssl_mode=dict(required=False, type="str", choices=["half", "full"]),
ssl_min_version=dict(required=False, type="str", choices=["ssl-3.0", "tls-1.0", "tls-1.1", "tls-1.2"]),
ssl_max_version=dict(required=False, type="str", choices=["ssl-3.0", "tls-1.0", "tls-1.1", "tls-1.2"]),
ssl_http_match_host=dict(required=False, type="str", choices=["disable", "enable"]),
ssl_http_location_conversion=dict(required=False, type="str", choices=["disable", "enable"]),
ssl_hsts_include_subdomains=dict(required=False, type="str", choices=["disable", "enable"]),
ssl_hsts_age=dict(required=False, type="int"),
ssl_hsts=dict(required=False, type="str", choices=["disable", "enable"]),
ssl_hpkp_report_uri=dict(required=False, type="str"),
ssl_hpkp_primary=dict(required=False, type="str"),
ssl_hpkp_include_subdomains=dict(required=False, type="str", choices=["disable", "enable"]),
ssl_hpkp_backup=dict(required=False, type="str"),
ssl_hpkp_age=dict(required=False, type="int"),
ssl_hpkp=dict(required=False, type="str", choices=["disable", "enable", "report-only"]),
ssl_dh_bits=dict(required=False, type="str", choices=["768", "1024", "1536", "2048", "3072", "4096"]),
ssl_client_session_state_type=dict(required=False, type="str", choices=["disable", "time", "count", "both"]),
ssl_client_session_state_timeout=dict(required=False, type="int"),
ssl_client_session_state_max=dict(required=False, type="int"),
ssl_client_renegotiation=dict(required=False, type="str", choices=["deny", "allow", "secure"]),
ssl_client_fallback=dict(required=False, type="str", choices=["disable", "enable"]),
ssl_certificate=dict(required=False, type="str"),
ssl_algorithm=dict(required=False, type="str", choices=["high", "medium", "low", "custom"]),
srcintf_filter=dict(required=False, type="str"),
src_filter=dict(required=False, type="str"),
service=dict(required=False, type="str"),
server_type=dict(required=False, type="str",
choices=["http", "https", "ssl", "tcp", "udp", "ip", "imaps", "pop3s", "smtps"]),
protocol=dict(required=False, type="str", choices=["tcp", "udp", "sctp", "icmp"]),
portmapping_type=dict(required=False, type="str", choices=["1-to-1", "m-to-n"]),
portforward=dict(required=False, type="str", choices=["disable", "enable"]),
persistence=dict(required=False, type="str", choices=["none", "http-cookie", "ssl-session-id"]),
outlook_web_access=dict(required=False, type="str", choices=["disable", "enable"]),
nat_source_vip=dict(required=False, type="str", choices=["disable", "enable"]),
name=dict(required=False, type="str"),
monitor=dict(required=False, type="str"),
max_embryonic_connections=dict(required=False, type="int"),
mappedport=dict(required=False, type="str"),
mappedip=dict(required=False, type="str"),
mapped_addr=dict(required=False, type="str"),
ldb_method=dict(required=False, type="str",
choices=["static", "round-robin", "weighted", "least-session", "least-rtt", "first-alive",
"http-host"]),
https_cookie_secure=dict(required=False, type="str", choices=["disable", "enable"]),
http_multiplex=dict(required=False, type="str", choices=["disable", "enable"]),
http_ip_header_name=dict(required=False, type="str"),
http_ip_header=dict(required=False, type="str", choices=["disable", "enable"]),
http_cookie_share=dict(required=False, type="str", choices=["disable", "same-ip"]),
http_cookie_path=dict(required=False, type="str"),
http_cookie_generation=dict(required=False, type="int"),
http_cookie_domain_from_host=dict(required=False, type="str", choices=["disable", "enable"]),
http_cookie_domain=dict(required=False, type="str"),
http_cookie_age=dict(required=False, type="int"),
gratuitous_arp_interval=dict(required=False, type="int"),
extport=dict(required=False, type="str"),
extip=dict(required=False, type="str"),
extintf=dict(required=False, type="str"),
extaddr=dict(required=False, type="str"),
dns_mapping_ttl=dict(required=False, type="int"),
comment=dict(required=False, type="str"),
color=dict(required=False, type="int"),
arp_reply=dict(required=False, type="str", choices=["disable", "enable"]),
dynamic_mapping=dict(required=False, type="list"),
dynamic_mapping_arp_reply=dict(required=False, type="str", choices=["disable", "enable"]),
dynamic_mapping_color=dict(required=False, type="int"),
dynamic_mapping_comment=dict(required=False, type="str"),
dynamic_mapping_dns_mapping_ttl=dict(required=False, type="int"),
dynamic_mapping_extaddr=dict(required=False, type="str"),
dynamic_mapping_extintf=dict(required=False, type="str"),
dynamic_mapping_extip=dict(required=False, type="str"),
dynamic_mapping_extport=dict(required=False, type="str"),
dynamic_mapping_gratuitous_arp_interval=dict(required=False, type="int"),
dynamic_mapping_http_cookie_age=dict(required=False, type="int"),
dynamic_mapping_http_cookie_domain=dict(required=False, type="str"),
dynamic_mapping_http_cookie_domain_from_host=dict(required=False, type="str", choices=["disable", "enable"]),
dynamic_mapping_http_cookie_generation=dict(required=False, type="int"),
dynamic_mapping_http_cookie_path=dict(required=False, type="str"),
dynamic_mapping_http_cookie_share=dict(required=False, type="str", choices=["disable", "same-ip"]),
dynamic_mapping_http_ip_header=dict(required=False, type="str", choices=["disable", "enable"]),
dynamic_mapping_http_ip_header_name=dict(required=False, type="str"),
dynamic_mapping_http_multiplex=dict(required=False, type="str", choices=["disable", "enable"]),
dynamic_mapping_https_cookie_secure=dict(required=False, type="str", choices=["disable", "enable"]),
dynamic_mapping_ldb_method=dict(required=False, type="str", choices=["static",
"round-robin",
"weighted",
"least-session",
"least-rtt",
"first-alive",
"http-host"]),
dynamic_mapping_mapped_addr=dict(required=False, type="str"),
dynamic_mapping_mappedip=dict(required=False, type="str"),
dynamic_mapping_mappedport=dict(required=False, type="str"),
dynamic_mapping_max_embryonic_connections=dict(required=False, type="int"),
dynamic_mapping_monitor=dict(required=False, type="str"),
dynamic_mapping_nat_source_vip=dict(required=False, type="str", choices=["disable", "enable"]),
dynamic_mapping_outlook_web_access=dict(required=False, type="str", choices=["disable", "enable"]),
dynamic_mapping_persistence=dict(required=False, type="str", choices=["none", "http-cookie", "ssl-session-id"]),
dynamic_mapping_portforward=dict(required=False, type="str", choices=["disable", "enable"]),
dynamic_mapping_portmapping_type=dict(required=False, type="str", choices=["1-to-1", "m-to-n"]),
dynamic_mapping_protocol=dict(required=False, type="str", choices=["tcp", "udp", "sctp", "icmp"]),
dynamic_mapping_server_type=dict(required=False, type="str",
choices=["http", "https", "ssl", "tcp", "udp", "ip", "imaps", "pop3s",
"smtps"]),
dynamic_mapping_service=dict(required=False, type="str"),
dynamic_mapping_src_filter=dict(required=False, type="str"),
dynamic_mapping_srcintf_filter=dict(required=False, type="str"),
dynamic_mapping_ssl_algorithm=dict(required=False, type="str", choices=["high", "medium", "low", "custom"]),
dynamic_mapping_ssl_certificate=dict(required=False, type="str"),
dynamic_mapping_ssl_client_fallback=dict(required=False, type="str", choices=["disable", "enable"]),
dynamic_mapping_ssl_client_renegotiation=dict(required=False, type="str", choices=["deny", "allow", "secure"]),
dynamic_mapping_ssl_client_session_state_max=dict(required=False, type="int"),
dynamic_mapping_ssl_client_session_state_timeout=dict(required=False, type="int"),
dynamic_mapping_ssl_client_session_state_type=dict(required=False, type="str",
choices=["disable", "time", "count", "both"]),
dynamic_mapping_ssl_dh_bits=dict(required=False, type="str",
choices=["768", "1024", "1536", "2048", "3072", "4096"]),
dynamic_mapping_ssl_hpkp=dict(required=False, type="str", choices=["disable", "enable", "report-only"]),
dynamic_mapping_ssl_hpkp_age=dict(required=False, type="int"),
dynamic_mapping_ssl_hpkp_backup=dict(required=False, type="str"),
dynamic_mapping_ssl_hpkp_include_subdomains=dict(required=False, type="str", choices=["disable", "enable"]),
dynamic_mapping_ssl_hpkp_primary=dict(required=False, type="str"),
dynamic_mapping_ssl_hpkp_report_uri=dict(required=False, type="str"),
dynamic_mapping_ssl_hsts=dict(required=False, type="str", choices=["disable", "enable"]),
dynamic_mapping_ssl_hsts_age=dict(required=False, type="int"),
dynamic_mapping_ssl_hsts_include_subdomains=dict(required=False, type="str", choices=["disable", "enable"]),
dynamic_mapping_ssl_http_location_conversion=dict(required=False, type="str", choices=["disable", "enable"]),
dynamic_mapping_ssl_http_match_host=dict(required=False, type="str", choices=["disable", "enable"]),
dynamic_mapping_ssl_max_version=dict(required=False, type="str",
choices=["ssl-3.0", "tls-1.0", "tls-1.1", "tls-1.2"]),
dynamic_mapping_ssl_min_version=dict(required=False, type="str",
choices=["ssl-3.0", "tls-1.0", "tls-1.1", "tls-1.2"]),
dynamic_mapping_ssl_mode=dict(required=False, type="str", choices=["half", "full"]),
dynamic_mapping_ssl_pfs=dict(required=False, type="str", choices=["require", "deny", "allow"]),
dynamic_mapping_ssl_send_empty_frags=dict(required=False, type="str", choices=["disable", "enable"]),
dynamic_mapping_ssl_server_algorithm=dict(required=False, type="str",
choices=["high", "low", "medium", "custom", "client"]),
dynamic_mapping_ssl_server_max_version=dict(required=False, type="str",
choices=["ssl-3.0", "tls-1.0", "tls-1.1", "tls-1.2", "client"]),
dynamic_mapping_ssl_server_min_version=dict(required=False, type="str",
choices=["ssl-3.0", "tls-1.0", "tls-1.1", "tls-1.2", "client"]),
dynamic_mapping_ssl_server_session_state_max=dict(required=False, type="int"),
dynamic_mapping_ssl_server_session_state_timeout=dict(required=False, type="int"),
dynamic_mapping_ssl_server_session_state_type=dict(required=False, type="str",
choices=["disable", "time", "count", "both"]),
dynamic_mapping_type=dict(required=False, type="str",
choices=["static-nat", "load-balance", "server-load-balance", "dns-translation",
"fqdn"]),
dynamic_mapping_weblogic_server=dict(required=False, type="str", choices=["disable", "enable"]),
dynamic_mapping_websphere_server=dict(required=False, type="str", choices=["disable", "enable"]),
dynamic_mapping_realservers_client_ip=dict(required=False, type="str"),
dynamic_mapping_realservers_healthcheck=dict(required=False, type="str", choices=["disable", "enable", "vip"]),
dynamic_mapping_realservers_holddown_interval=dict(required=False, type="int"),
dynamic_mapping_realservers_http_host=dict(required=False, type="str"),
dynamic_mapping_realservers_ip=dict(required=False, type="str"),
dynamic_mapping_realservers_max_connections=dict(required=False, type="int"),
dynamic_mapping_realservers_monitor=dict(required=False, type="str"),
dynamic_mapping_realservers_port=dict(required=False, type="int"),
dynamic_mapping_realservers_seq=dict(required=False, type="str"),
dynamic_mapping_realservers_status=dict(required=False, type="str", choices=["active", "standby", "disable"]),
dynamic_mapping_realservers_weight=dict(required=False, type="int"),
dynamic_mapping_ssl_cipher_suites_cipher=dict(required=False,
type="str",
choices=["TLS-RSA-WITH-RC4-128-MD5",
"TLS-RSA-WITH-RC4-128-SHA",
"TLS-RSA-WITH-DES-CBC-SHA",
"TLS-RSA-WITH-3DES-EDE-CBC-SHA",
"TLS-RSA-WITH-AES-128-CBC-SHA",
"TLS-RSA-WITH-AES-256-CBC-SHA",
"TLS-RSA-WITH-AES-128-CBC-SHA256",
"TLS-RSA-WITH-AES-256-CBC-SHA256",
"TLS-RSA-WITH-CAMELLIA-128-CBC-SHA",
"TLS-RSA-WITH-CAMELLIA-256-CBC-SHA",
"TLS-RSA-WITH-CAMELLIA-128-CBC-SHA256",
"TLS-RSA-WITH-CAMELLIA-256-CBC-SHA256",
"TLS-RSA-WITH-SEED-CBC-SHA",
"TLS-RSA-WITH-ARIA-128-CBC-SHA256",
"TLS-RSA-WITH-ARIA-256-CBC-SHA384",
"TLS-DHE-RSA-WITH-DES-CBC-SHA",
"TLS-DHE-RSA-WITH-3DES-EDE-CBC-SHA",
"TLS-DHE-RSA-WITH-AES-128-CBC-SHA",
"TLS-DHE-RSA-WITH-AES-256-CBC-SHA",
"TLS-DHE-RSA-WITH-AES-128-CBC-SHA256",
"TLS-DHE-RSA-WITH-AES-256-CBC-SHA256",
"TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA",
"TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA",
"TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA256",
"TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA256",
"TLS-DHE-RSA-WITH-SEED-CBC-SHA",
"TLS-DHE-RSA-WITH-ARIA-128-CBC-SHA256",
"TLS-DHE-RSA-WITH-ARIA-256-CBC-SHA384",
"TLS-ECDHE-RSA-WITH-RC4-128-SHA",
"TLS-ECDHE-RSA-WITH-3DES-EDE-CBC-SHA",
"TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA",
"TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA",
"TLS-ECDHE-RSA-WITH-CHACHA20-POLY1305-SHA256",
"TLS-ECDHE-ECDSA-WITH-CHACHA20-POLY1305-SHA256",
"TLS-DHE-RSA-WITH-CHACHA20-POLY1305-SHA256",
"TLS-DHE-RSA-WITH-AES-128-GCM-SHA256",
"TLS-DHE-RSA-WITH-AES-256-GCM-SHA384",
"TLS-DHE-DSS-WITH-AES-128-CBC-SHA",
"TLS-DHE-DSS-WITH-AES-256-CBC-SHA",
"TLS-DHE-DSS-WITH-AES-128-CBC-SHA256",
"TLS-DHE-DSS-WITH-AES-128-GCM-SHA256",
"TLS-DHE-DSS-WITH-AES-256-CBC-SHA256",
"TLS-DHE-DSS-WITH-AES-256-GCM-SHA384",
"TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA256",
"TLS-ECDHE-RSA-WITH-AES-128-GCM-SHA256",
"TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA384",
"TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384",
"TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA",
"TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA256",
"TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256",
"TLS-ECDHE-ECDSA-WITH-AES-256-CBC-SHA384",
"TLS-ECDHE-ECDSA-WITH-AES-256-GCM-SHA384",
"TLS-RSA-WITH-AES-128-GCM-SHA256",
"TLS-RSA-WITH-AES-256-GCM-SHA384",
"TLS-DHE-DSS-WITH-CAMELLIA-128-CBC-SHA",
"TLS-DHE-DSS-WITH-CAMELLIA-256-CBC-SHA",
"TLS-DHE-DSS-WITH-CAMELLIA-128-CBC-SHA256",
"TLS-DHE-DSS-WITH-CAMELLIA-256-CBC-SHA256",
"TLS-DHE-DSS-WITH-SEED-CBC-SHA",
"TLS-DHE-DSS-WITH-ARIA-128-CBC-SHA256",
"TLS-DHE-DSS-WITH-ARIA-256-CBC-SHA384",
"TLS-ECDHE-RSA-WITH-ARIA-128-CBC-SHA256",
"TLS-ECDHE-RSA-WITH-ARIA-256-CBC-SHA384",
"TLS-ECDHE-ECDSA-WITH-ARIA-128-CBC-SHA256",
"TLS-ECDHE-ECDSA-WITH-ARIA-256-CBC-SHA384",
"TLS-DHE-DSS-WITH-3DES-EDE-CBC-SHA",
"TLS-DHE-DSS-WITH-DES-CBC-SHA"]),
dynamic_mapping_ssl_cipher_suites_versions=dict(required=False, type="str",
choices=["ssl-3.0", "tls-1.0", "tls-1.1", "tls-1.2"]),
realservers=dict(required=False, type="list"),
realservers_client_ip=dict(required=False, type="str"),
realservers_healthcheck=dict(required=False, type="str", choices=["disable", "enable", "vip"]),
realservers_holddown_interval=dict(required=False, type="int"),
realservers_http_host=dict(required=False, type="str"),
realservers_ip=dict(required=False, type="str"),
realservers_max_connections=dict(required=False, type="int"),
realservers_monitor=dict(required=False, type="str"),
realservers_port=dict(required=False, type="int"),
realservers_seq=dict(required=False, type="str"),
realservers_status=dict(required=False, type="str", choices=["active", "standby", "disable"]),
realservers_weight=dict(required=False, type="int"),
ssl_cipher_suites=dict(required=False, type="list"),
ssl_cipher_suites_cipher=dict(required=False,
type="str",
choices=["TLS-RSA-WITH-RC4-128-MD5",
"TLS-RSA-WITH-RC4-128-SHA",
"TLS-RSA-WITH-DES-CBC-SHA",
"TLS-RSA-WITH-3DES-EDE-CBC-SHA",
"TLS-RSA-WITH-AES-128-CBC-SHA",
"TLS-RSA-WITH-AES-256-CBC-SHA",
"TLS-RSA-WITH-AES-128-CBC-SHA256",
"TLS-RSA-WITH-AES-256-CBC-SHA256",
"TLS-RSA-WITH-CAMELLIA-128-CBC-SHA",
"TLS-RSA-WITH-CAMELLIA-256-CBC-SHA",
"TLS-RSA-WITH-CAMELLIA-128-CBC-SHA256",
"TLS-RSA-WITH-CAMELLIA-256-CBC-SHA256",
"TLS-RSA-WITH-SEED-CBC-SHA",
"TLS-RSA-WITH-ARIA-128-CBC-SHA256",
"TLS-RSA-WITH-ARIA-256-CBC-SHA384",
"TLS-DHE-RSA-WITH-DES-CBC-SHA",
"TLS-DHE-RSA-WITH-3DES-EDE-CBC-SHA",
"TLS-DHE-RSA-WITH-AES-128-CBC-SHA",
"TLS-DHE-RSA-WITH-AES-256-CBC-SHA",
"TLS-DHE-RSA-WITH-AES-128-CBC-SHA256",
"TLS-DHE-RSA-WITH-AES-256-CBC-SHA256",
"TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA",
"TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA",
"TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA256",
"TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA256",
"TLS-DHE-RSA-WITH-SEED-CBC-SHA",
"TLS-DHE-RSA-WITH-ARIA-128-CBC-SHA256",
"TLS-DHE-RSA-WITH-ARIA-256-CBC-SHA384",
"TLS-ECDHE-RSA-WITH-RC4-128-SHA",
"TLS-ECDHE-RSA-WITH-3DES-EDE-CBC-SHA",
"TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA",
"TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA",
"TLS-ECDHE-RSA-WITH-CHACHA20-POLY1305-SHA256",
"TLS-ECDHE-ECDSA-WITH-CHACHA20-POLY1305-SHA256",
"TLS-DHE-RSA-WITH-CHACHA20-POLY1305-SHA256",
"TLS-DHE-RSA-WITH-AES-128-GCM-SHA256",
"TLS-DHE-RSA-WITH-AES-256-GCM-SHA384",
"TLS-DHE-DSS-WITH-AES-128-CBC-SHA",
"TLS-DHE-DSS-WITH-AES-256-CBC-SHA",
"TLS-DHE-DSS-WITH-AES-128-CBC-SHA256",
"TLS-DHE-DSS-WITH-AES-128-GCM-SHA256",
"TLS-DHE-DSS-WITH-AES-256-CBC-SHA256",
"TLS-DHE-DSS-WITH-AES-256-GCM-SHA384",
"TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA256",
"TLS-ECDHE-RSA-WITH-AES-128-GCM-SHA256",
"TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA384",
"TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384",
"TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA",
"TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA256",
"TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256",
"TLS-ECDHE-ECDSA-WITH-AES-256-CBC-SHA384",
"TLS-ECDHE-ECDSA-WITH-AES-256-GCM-SHA384",
"TLS-RSA-WITH-AES-128-GCM-SHA256",
"TLS-RSA-WITH-AES-256-GCM-SHA384",
"TLS-DHE-DSS-WITH-CAMELLIA-128-CBC-SHA",
"TLS-DHE-DSS-WITH-CAMELLIA-256-CBC-SHA",
"TLS-DHE-DSS-WITH-CAMELLIA-128-CBC-SHA256",
"TLS-DHE-DSS-WITH-CAMELLIA-256-CBC-SHA256",
"TLS-DHE-DSS-WITH-SEED-CBC-SHA",
"TLS-DHE-DSS-WITH-ARIA-128-CBC-SHA256",
"TLS-DHE-DSS-WITH-ARIA-256-CBC-SHA384",
"TLS-ECDHE-RSA-WITH-ARIA-128-CBC-SHA256",
"TLS-ECDHE-RSA-WITH-ARIA-256-CBC-SHA384",
"TLS-ECDHE-ECDSA-WITH-ARIA-128-CBC-SHA256",
"TLS-ECDHE-ECDSA-WITH-ARIA-256-CBC-SHA384",
"TLS-DHE-DSS-WITH-3DES-EDE-CBC-SHA",
"TLS-DHE-DSS-WITH-DES-CBC-SHA"]),
ssl_cipher_suites_versions=dict(required=False, type="str",
choices=["ssl-3.0", "tls-1.0", "tls-1.1", "tls-1.2"]),
ssl_server_cipher_suites=dict(required=False, type="list"),
ssl_server_cipher_suites_cipher=dict(required=False,
type="str",
choices=["TLS-RSA-WITH-RC4-128-MD5",
"TLS-RSA-WITH-RC4-128-SHA",
"TLS-RSA-WITH-DES-CBC-SHA",
"TLS-RSA-WITH-3DES-EDE-CBC-SHA",
"TLS-RSA-WITH-AES-128-CBC-SHA",
"TLS-RSA-WITH-AES-256-CBC-SHA",
"TLS-RSA-WITH-AES-128-CBC-SHA256",
"TLS-RSA-WITH-AES-256-CBC-SHA256",
"TLS-RSA-WITH-CAMELLIA-128-CBC-SHA",
"TLS-RSA-WITH-CAMELLIA-256-CBC-SHA",
"TLS-RSA-WITH-CAMELLIA-128-CBC-SHA256",
"TLS-RSA-WITH-CAMELLIA-256-CBC-SHA256",
"TLS-RSA-WITH-SEED-CBC-SHA",
"TLS-RSA-WITH-ARIA-128-CBC-SHA256",
"TLS-RSA-WITH-ARIA-256-CBC-SHA384",
"TLS-DHE-RSA-WITH-DES-CBC-SHA",
"TLS-DHE-RSA-WITH-3DES-EDE-CBC-SHA",
"TLS-DHE-RSA-WITH-AES-128-CBC-SHA",
"TLS-DHE-RSA-WITH-AES-256-CBC-SHA",
"TLS-DHE-RSA-WITH-AES-128-CBC-SHA256",
"TLS-DHE-RSA-WITH-AES-256-CBC-SHA256",
"TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA",
"TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA",
"TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA256",
"TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA256",
"TLS-DHE-RSA-WITH-SEED-CBC-SHA",
"TLS-DHE-RSA-WITH-ARIA-128-CBC-SHA256",
"TLS-DHE-RSA-WITH-ARIA-256-CBC-SHA384",
"TLS-ECDHE-RSA-WITH-RC4-128-SHA",
"TLS-ECDHE-RSA-WITH-3DES-EDE-CBC-SHA",
"TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA",
"TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA",
"TLS-ECDHE-RSA-WITH-CHACHA20-POLY1305-SHA256",
"TLS-ECDHE-ECDSA-WITH-CHACHA20-POLY1305-SHA256",
"TLS-DHE-RSA-WITH-CHACHA20-POLY1305-SHA256",
"TLS-DHE-RSA-WITH-AES-128-GCM-SHA256",
"TLS-DHE-RSA-WITH-AES-256-GCM-SHA384",
"TLS-DHE-DSS-WITH-AES-128-CBC-SHA",
"TLS-DHE-DSS-WITH-AES-256-CBC-SHA",
"TLS-DHE-DSS-WITH-AES-128-CBC-SHA256",
"TLS-DHE-DSS-WITH-AES-128-GCM-SHA256",
"TLS-DHE-DSS-WITH-AES-256-CBC-SHA256",
"TLS-DHE-DSS-WITH-AES-256-GCM-SHA384",
"TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA256",
"TLS-ECDHE-RSA-WITH-AES-128-GCM-SHA256",
"TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA384",
"TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384",
"TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA",
"TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA256",
"TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256",
"TLS-ECDHE-ECDSA-WITH-AES-256-CBC-SHA384",
"TLS-ECDHE-ECDSA-WITH-AES-256-GCM-SHA384",
"TLS-RSA-WITH-AES-128-GCM-SHA256",
"TLS-RSA-WITH-AES-256-GCM-SHA384",
"TLS-DHE-DSS-WITH-CAMELLIA-128-CBC-SHA",
"TLS-DHE-DSS-WITH-CAMELLIA-256-CBC-SHA",
"TLS-DHE-DSS-WITH-CAMELLIA-128-CBC-SHA256",
"TLS-DHE-DSS-WITH-CAMELLIA-256-CBC-SHA256",
"TLS-DHE-DSS-WITH-SEED-CBC-SHA",
"TLS-DHE-DSS-WITH-ARIA-128-CBC-SHA256",
"TLS-DHE-DSS-WITH-ARIA-256-CBC-SHA384",
"TLS-ECDHE-RSA-WITH-ARIA-128-CBC-SHA256",
"TLS-ECDHE-RSA-WITH-ARIA-256-CBC-SHA384",
"TLS-ECDHE-ECDSA-WITH-ARIA-128-CBC-SHA256",
"TLS-ECDHE-ECDSA-WITH-ARIA-256-CBC-SHA384",
"TLS-DHE-DSS-WITH-3DES-EDE-CBC-SHA",
"TLS-DHE-DSS-WITH-DES-CBC-SHA"]),
ssl_server_cipher_suites_priority=dict(required=False, type="str"),
ssl_server_cipher_suites_versions=dict(required=False, type="str",
choices=["ssl-3.0", "tls-1.0", "tls-1.1", "tls-1.2"]),
)
module = AnsibleModule(argument_spec=argument_spec, supports_check_mode=False, )
# MODULE PARAMGRAM
paramgram = {
"mode": module.params["mode"],
"adom": module.params["adom"],
"websphere-server": module.params["websphere_server"],
"weblogic-server": module.params["weblogic_server"],
"type": module.params["type"],
"ssl-server-session-state-type": module.params["ssl_server_session_state_type"],
"ssl-server-session-state-timeout": module.params["ssl_server_session_state_timeout"],
"ssl-server-session-state-max": module.params["ssl_server_session_state_max"],
"ssl-server-min-version": module.params["ssl_server_min_version"],
"ssl-server-max-version": module.params["ssl_server_max_version"],
"ssl-server-algorithm": module.params["ssl_server_algorithm"],
"ssl-send-empty-frags": module.params["ssl_send_empty_frags"],
"ssl-pfs": module.params["ssl_pfs"],
"ssl-mode": module.params["ssl_mode"],
"ssl-min-version": module.params["ssl_min_version"],
"ssl-max-version": module.params["ssl_max_version"],
"ssl-http-match-host": module.params["ssl_http_match_host"],
"ssl-http-location-conversion": module.params["ssl_http_location_conversion"],
"ssl-hsts-include-subdomains": module.params["ssl_hsts_include_subdomains"],
"ssl-hsts-age": module.params["ssl_hsts_age"],
"ssl-hsts": module.params["ssl_hsts"],
"ssl-hpkp-report-uri": module.params["ssl_hpkp_report_uri"],
"ssl-hpkp-primary": module.params["ssl_hpkp_primary"],
"ssl-hpkp-include-subdomains": module.params["ssl_hpkp_include_subdomains"],
"ssl-hpkp-backup": module.params["ssl_hpkp_backup"],
"ssl-hpkp-age": module.params["ssl_hpkp_age"],
"ssl-hpkp": module.params["ssl_hpkp"],
"ssl-dh-bits": module.params["ssl_dh_bits"],
"ssl-client-session-state-type": module.params["ssl_client_session_state_type"],
"ssl-client-session-state-timeout": module.params["ssl_client_session_state_timeout"],
"ssl-client-session-state-max": module.params["ssl_client_session_state_max"],
"ssl-client-renegotiation": module.params["ssl_client_renegotiation"],
"ssl-client-fallback": module.params["ssl_client_fallback"],
"ssl-certificate": module.params["ssl_certificate"],
"ssl-algorithm": module.params["ssl_algorithm"],
"srcintf-filter": module.params["srcintf_filter"],
"src-filter": module.params["src_filter"],
"service": module.params["service"],
"server-type": module.params["server_type"],
"protocol": module.params["protocol"],
"portmapping-type": module.params["portmapping_type"],
"portforward": module.params["portforward"],
"persistence": module.params["persistence"],
"outlook-web-access": module.params["outlook_web_access"],
"nat-source-vip": module.params["nat_source_vip"],
"name": module.params["name"],
"monitor": module.params["monitor"],
"max-embryonic-connections": module.params["max_embryonic_connections"],
"mappedport": module.params["mappedport"],
"mappedip": module.params["mappedip"],
"mapped-addr": module.params["mapped_addr"],
"ldb-method": module.params["ldb_method"],
"https-cookie-secure": module.params["https_cookie_secure"],
"http-multiplex": module.params["http_multiplex"],
"http-ip-header-name": module.params["http_ip_header_name"],
"http-ip-header": module.params["http_ip_header"],
"http-cookie-share": module.params["http_cookie_share"],
"http-cookie-path": module.params["http_cookie_path"],
"http-cookie-generation": module.params["http_cookie_generation"],
"http-cookie-domain-from-host": module.params["http_cookie_domain_from_host"],
"http-cookie-domain": module.params["http_cookie_domain"],
"http-cookie-age": module.params["http_cookie_age"],
"gratuitous-arp-interval": module.params["gratuitous_arp_interval"],
"extport": module.params["extport"],
"extip": module.params["extip"],
"extintf": module.params["extintf"],
"extaddr": module.params["extaddr"],
"dns-mapping-ttl": module.params["dns_mapping_ttl"],
"comment": module.params["comment"],
"color": module.params["color"],
"arp-reply": module.params["arp_reply"],
"dynamic_mapping": {
"arp-reply": module.params["dynamic_mapping_arp_reply"],
"color": module.params["dynamic_mapping_color"],
"comment": module.params["dynamic_mapping_comment"],
"dns-mapping-ttl": module.params["dynamic_mapping_dns_mapping_ttl"],
"extaddr": module.params["dynamic_mapping_extaddr"],
"extintf": module.params["dynamic_mapping_extintf"],
"extip": module.params["dynamic_mapping_extip"],
"extport": module.params["dynamic_mapping_extport"],
"gratuitous-arp-interval": module.params["dynamic_mapping_gratuitous_arp_interval"],
"http-cookie-age": module.params["dynamic_mapping_http_cookie_age"],
"http-cookie-domain": module.params["dynamic_mapping_http_cookie_domain"],
"http-cookie-domain-from-host": module.params["dynamic_mapping_http_cookie_domain_from_host"],
"http-cookie-generation": module.params["dynamic_mapping_http_cookie_generation"],
"http-cookie-path": module.params["dynamic_mapping_http_cookie_path"],
"http-cookie-share": module.params["dynamic_mapping_http_cookie_share"],
"http-ip-header": module.params["dynamic_mapping_http_ip_header"],
"http-ip-header-name": module.params["dynamic_mapping_http_ip_header_name"],
"http-multiplex": module.params["dynamic_mapping_http_multiplex"],
"https-cookie-secure": module.params["dynamic_mapping_https_cookie_secure"],
"ldb-method": module.params["dynamic_mapping_ldb_method"],
"mapped-addr": module.params["dynamic_mapping_mapped_addr"],
"mappedip": module.params["dynamic_mapping_mappedip"],
"mappedport": module.params["dynamic_mapping_mappedport"],
"max-embryonic-connections": module.params["dynamic_mapping_max_embryonic_connections"],
"monitor": module.params["dynamic_mapping_monitor"],
"nat-source-vip": module.params["dynamic_mapping_nat_source_vip"],
"outlook-web-access": module.params["dynamic_mapping_outlook_web_access"],
"persistence": module.params["dynamic_mapping_persistence"],
"portforward": module.params["dynamic_mapping_portforward"],
"portmapping-type": module.params["dynamic_mapping_portmapping_type"],
"protocol": module.params["dynamic_mapping_protocol"],
"server-type": module.params["dynamic_mapping_server_type"],
"service": module.params["dynamic_mapping_service"],
"src-filter": module.params["dynamic_mapping_src_filter"],
"srcintf-filter": module.params["dynamic_mapping_srcintf_filter"],
"ssl-algorithm": module.params["dynamic_mapping_ssl_algorithm"],
"ssl-certificate": module.params["dynamic_mapping_ssl_certificate"],
"ssl-client-fallback": module.params["dynamic_mapping_ssl_client_fallback"],
"ssl-client-renegotiation": module.params["dynamic_mapping_ssl_client_renegotiation"],
"ssl-client-session-state-max": module.params["dynamic_mapping_ssl_client_session_state_max"],
"ssl-client-session-state-timeout": module.params["dynamic_mapping_ssl_client_session_state_timeout"],
"ssl-client-session-state-type": module.params["dynamic_mapping_ssl_client_session_state_type"],
"ssl-dh-bits": module.params["dynamic_mapping_ssl_dh_bits"],
"ssl-hpkp": module.params["dynamic_mapping_ssl_hpkp"],
"ssl-hpkp-age": module.params["dynamic_mapping_ssl_hpkp_age"],
"ssl-hpkp-backup": module.params["dynamic_mapping_ssl_hpkp_backup"],
"ssl-hpkp-include-subdomains": module.params["dynamic_mapping_ssl_hpkp_include_subdomains"],
"ssl-hpkp-primary": module.params["dynamic_mapping_ssl_hpkp_primary"],
"ssl-hpkp-report-uri": module.params["dynamic_mapping_ssl_hpkp_report_uri"],
"ssl-hsts": module.params["dynamic_mapping_ssl_hsts"],
"ssl-hsts-age": module.params["dynamic_mapping_ssl_hsts_age"],
"ssl-hsts-include-subdomains": module.params["dynamic_mapping_ssl_hsts_include_subdomains"],
"ssl-http-location-conversion": module.params["dynamic_mapping_ssl_http_location_conversion"],
"ssl-http-match-host": module.params["dynamic_mapping_ssl_http_match_host"],
"ssl-max-version": module.params["dynamic_mapping_ssl_max_version"],
"ssl-min-version": module.params["dynamic_mapping_ssl_min_version"],
"ssl-mode": module.params["dynamic_mapping_ssl_mode"],
"ssl-pfs": module.params["dynamic_mapping_ssl_pfs"],
"ssl-send-empty-frags": module.params["dynamic_mapping_ssl_send_empty_frags"],
"ssl-server-algorithm": module.params["dynamic_mapping_ssl_server_algorithm"],
"ssl-server-max-version": module.params["dynamic_mapping_ssl_server_max_version"],
"ssl-server-min-version": module.params["dynamic_mapping_ssl_server_min_version"],
"ssl-server-session-state-max": module.params["dynamic_mapping_ssl_server_session_state_max"],
"ssl-server-session-state-timeout": module.params["dynamic_mapping_ssl_server_session_state_timeout"],
"ssl-server-session-state-type": module.params["dynamic_mapping_ssl_server_session_state_type"],
"type": module.params["dynamic_mapping_type"],
"weblogic-server": module.params["dynamic_mapping_weblogic_server"],
"websphere-server": module.params["dynamic_mapping_websphere_server"],
"realservers": {
"client-ip": module.params["dynamic_mapping_realservers_client_ip"],
"healthcheck": module.params["dynamic_mapping_realservers_healthcheck"],
"holddown-interval": module.params["dynamic_mapping_realservers_holddown_interval"],
"http-host": module.params["dynamic_mapping_realservers_http_host"],
"ip": module.params["dynamic_mapping_realservers_ip"],
"max-connections": module.params["dynamic_mapping_realservers_max_connections"],
"monitor": module.params["dynamic_mapping_realservers_monitor"],
"port": module.params["dynamic_mapping_realservers_port"],
"seq": module.params["dynamic_mapping_realservers_seq"],
"status": module.params["dynamic_mapping_realservers_status"],
"weight": module.params["dynamic_mapping_realservers_weight"],
},
"ssl-cipher-suites": {
"cipher": module.params["dynamic_mapping_ssl_cipher_suites_cipher"],
"versions": module.params["dynamic_mapping_ssl_cipher_suites_versions"],
},
},
"realservers": {
"client-ip": module.params["realservers_client_ip"],
"healthcheck": module.params["realservers_healthcheck"],
"holddown-interval": module.params["realservers_holddown_interval"],
"http-host": module.params["realservers_http_host"],
"ip": module.params["realservers_ip"],
"max-connections": module.params["realservers_max_connections"],
"monitor": module.params["realservers_monitor"],
"port": module.params["realservers_port"],
"seq": module.params["realservers_seq"],
"status": module.params["realservers_status"],
"weight": module.params["realservers_weight"],
},
"ssl-cipher-suites": {
"cipher": module.params["ssl_cipher_suites_cipher"],
"versions": module.params["ssl_cipher_suites_versions"],
},
"ssl-server-cipher-suites": {
"cipher": module.params["ssl_server_cipher_suites_cipher"],
"priority": module.params["ssl_server_cipher_suites_priority"],
"versions": module.params["ssl_server_cipher_suites_versions"],
}
}
module.paramgram = paramgram
fmgr = None
if module._socket_path:
connection = Connection(module._socket_path)
fmgr = FortiManagerHandler(connection, module)
fmgr.tools = FMGRCommon()
else:
module.fail_json(**FAIL_SOCKET_MSG)
list_overrides = ['dynamic_mapping', 'realservers', 'ssl-cipher-suites', 'ssl-server-cipher-suites']
paramgram = fmgr.tools.paramgram_child_list_override(list_overrides=list_overrides,
paramgram=paramgram, module=module)
results = DEFAULT_RESULT_OBJ
try:
results = fmgr_firewall_vip_modify(fmgr, paramgram)
fmgr.govern_response(module=module, results=results,
ansible_facts=fmgr.construct_ansible_facts(results, module.params, paramgram))
except Exception as err:
raise FMGBaseException(err)
return module.exit_json(**results[1])
if __name__ == "__main__":
main()