New in version 2.8.
The below requirements are needed on the host that executes this module.
Parameter | Choices/Defaults | Comments | |
---|---|---|---|
firewall_ssl_setting
-
|
Default: null
|
SSL proxy settings.
|
|
abbreviate-handshake
-
|
|
Enable/disable use of SSL abbreviated handshake.
|
|
cert-cache-capacity
-
|
Maximum capacity of the host certificate cache (0 - 500, default = 200).
|
||
cert-cache-timeout
-
|
Time limit to keep certificate cache (1 - 120 min, default = 10).
|
||
kxp-queue-threshold
-
|
Maximum length of the CP KXP queue. When the queue becomes full, the proxy switches cipher functions to the main CPU (0 - 512, default = 16).
|
||
no-matching-cipher-action
-
|
|
Bypass or drop the connection when no matching cipher is found.
|
|
proxy-connect-timeout
-
|
Time limit to make an internal connection to the appropriate proxy process (1 - 60 sec, default = 30).
|
||
session-cache-capacity
-
|
Capacity of the SSL session cache (--Obsolete--) (1 - 1000, default = 500).
|
||
session-cache-timeout
-
|
Time limit to keep SSL session state (1 - 60 min, default = 20).
|
||
ssl-dh-bits
-
|
|
Bit-size of Diffie-Hellman (DH) prime used in DHE-RSA negotiation (default = 2048).
|
|
ssl-queue-threshold
-
|
Maximum length of the CP SSL queue. When the queue becomes full, the proxy switches cipher functions to the main CPU (0 - 512, default = 32).
|
||
ssl-send-empty-frags
-
|
|
Enable/disable sending empty fragments to avoid attack on CBC IV (for SSL 3.0 and TLS 1.0 only).
|
|
host
-
/ required
|
FortiOS or FortiGate ip adress.
|
||
https
boolean
|
|
Indicates if the requests towards FortiGate must use HTTPS protocol
|
|
password
-
|
Default: ""
|
FortiOS or FortiGate password.
|
|
username
-
/ required
|
FortiOS or FortiGate username.
|
||
vdom
-
|
Default: "root"
|
Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit.
|
Note
- hosts: localhost
vars:
host: "192.168.122.40"
username: "admin"
password: ""
vdom: "root"
tasks:
- name: SSL proxy settings.
fortios_firewall_ssl_setting:
host: "{{ host }}"
username: "{{ username }}"
password: "{{ password }}"
vdom: "{{ vdom }}"
https: "False"
firewall_ssl_setting:
abbreviate-handshake: "enable"
cert-cache-capacity: "4"
cert-cache-timeout: "5"
kxp-queue-threshold: "6"
no-matching-cipher-action: "bypass"
proxy-connect-timeout: "8"
session-cache-capacity: "9"
session-cache-timeout: "10"
ssl-dh-bits: "768"
ssl-queue-threshold: "12"
ssl-send-empty-frags: "enable"
Common return values are documented here, the following are the fields unique to this module:
Key | Returned | Description |
---|---|---|
build
string
|
always |
Build number of the fortigate image
Sample:
1547
|
http_method
string
|
always |
Last method used to provision the content into FortiGate
Sample:
PUT
|
http_status
string
|
always |
Last result given by FortiGate on last operation applied
Sample:
200
|
mkey
string
|
success |
Master key (id) used in the last call to FortiGate
Sample:
id
|
name
string
|
always |
Name of the table used to fulfill the request
Sample:
urlfilter
|
path
string
|
always |
Path of the table used to fulfill the request
Sample:
webfilter
|
revision
string
|
always |
Internal revision number
Sample:
17.0.2.10658
|
serial
string
|
always |
Serial number of the unit
Sample:
FGVMEVYYQT3AB5352
|
status
string
|
always |
Indication of the operation's result
Sample:
success
|
vdom
string
|
always |
Virtual domain used
Sample:
root
|
version
string
|
always |
Version of the FortiGate
Sample:
v5.6.3
|
Hint
If you notice any issues in this documentation you can edit this document to improve it.