fortinet.fortimanager.fmgr_vpnsslweb_portal – Portal.
Note
This plugin is part of the fortinet.fortimanager collection (version 2.0.1).
To install it use: ansible-galaxy collection install fortinet.fortimanager.
To use it in a playbook, specify: fortinet.fortimanager.fmgr_vpnsslweb_portal.
New in version 2.10: of fortinet.fortimanager
Synopsis
- This module is able to configure a FortiManager device.
- Examples include all parameters and values which need to be adjusted to data sources before usage.
Parameters
| Parameter | Choices/Defaults | Comments | ||||
|---|---|---|---|---|---|---|
| adom
string / required
|
the parameter (adom) in requested url
|
|||||
| bypass_validation
boolean
|
|
only set to True when module schema diffs with FortiManager API structure, module continues to execute without validating parameters
|
||||
| rc_failed
list / elements=string
|
the rc codes list with which the conditions to fail will be overriden
|
|||||
| rc_succeeded
list / elements=string
|
the rc codes list with which the conditions to succeed will be overriden
|
|||||
| state
string / required
|
|
the directive to create, update or delete an object
|
||||
| vpnsslweb_portal
dictionary
|
the top level parameters set
|
|||||
| allow-user-access
list / elements=string
|
|
no description
|
||||
| auto-connect
string
|
|
Enable/disable automatic connect by client when system is up.
|
||||
| bookmark-group
list / elements=string
|
no description
|
|||||
| bookmarks
list / elements=string
|
no description
|
|||||
| additional-params
string
|
Additional parameters.
|
|||||
| apptype
string
|
|
Application type.
|
||||
| description
string
|
Description.
|
|||||
| folder
string
|
Network shared file folder parameter.
|
|||||
| form-data
list / elements=string
|
no description
|
|||||
| name
string
|
Name.
|
|||||
| value
string
|
Value.
|
|||||
| host
string
|
Host name/IP parameter.
|
|||||
| listening-port
integer
|
Listening port (0 - 65535).
|
|||||
| load-balancing-info
string
|
The load balancing information or cookie which should be provided to the connection broker.
|
|||||
| logon-password
string
|
no description
|
|||||
| logon-user
string
|
Logon user.
|
|||||
| name
string
|
Bookmark name.
|
|||||
| port
integer
|
Remote port.
|
|||||
| preconnection-blob
string
|
An arbitrary string which identifies the RDP source.
|
|||||
| preconnection-id
integer
|
The numeric ID of the RDP source (0-2147483648).
|
|||||
| remote-port
integer
|
Remote port (0 - 65535).
|
|||||
| security
string
|
|
Security mode for RDP connection.
|
||||
| server-layout
string
|
|
Server side keyboard layout.
|
||||
| show-status-window
string
|
|
Enable/disable showing of status window.
|
||||
| sso
string
|
|
Single Sign-On.
|
||||
| sso-credential
string
|
|
Single sign-on credentials.
|
||||
| sso-credential-sent-once
string
|
|
Single sign-on credentials are only sent once to remote server.
|
||||
| sso-password
string
|
no description
|
|||||
| sso-username
string
|
SSO user name.
|
|||||
| url
string
|
URL parameter.
|
|||||
| name
string
|
Bookmark group name.
|
|||||
| custom-lang
string
|
Change the web portal display language. Overrides config system global set language. You can use config system custom-language...
|
|||||
| customize-forticlient-download-url
string
|
|
Enable support of customized download URL for FortiClient.
|
||||
| display-bookmark
string
|
|
Enable to display the web portal bookmark widget.
|
||||
| display-connection-tools
string
|
|
Enable to display the web portal connection tools widget.
|
||||
| display-history
string
|
|
Enable to display the web portal user login history widget.
|
||||
| display-status
string
|
|
Enable to display the web portal status widget.
|
||||
| dns-server1
string
|
IPv4 DNS server 1.
|
|||||
| dns-server2
string
|
IPv4 DNS server 2.
|
|||||
| dns-suffix
string
|
DNS suffix.
|
|||||
| exclusive-routing
string
|
|
Enable/disable all traffic go through tunnel only.
|
||||
| forticlient-download
string
|
|
Enable/disable download option for FortiClient.
|
||||
| forticlient-download-method
string
|
|
FortiClient download method.
|
||||
| heading
string
|
Web portal heading message.
|
|||||
| hide-sso-credential
string
|
|
Enable to prevent SSO credential being sent to client.
|
||||
| host-check
string
|
|
Type of host checking performed on endpoints.
|
||||
| host-check-interval
integer
|
Periodic host check interval. Value of 0 means disabled and host checking only happens when the endpoint connects.
|
|||||
| host-check-policy
string
|
One or more policies to require the endpoint to have specific security software.
|
|||||
| ip-mode
string
|
|
Method by which users of this SSL-VPN tunnel obtain IP addresses.
|
||||
| ip-pools
string
|
IPv4 firewall source address objects reserved for SSL-VPN tunnel mode clients.
|
|||||
| ipv6-dns-server1
string
|
IPv6 DNS server 1.
|
|||||
| ipv6-dns-server2
string
|
IPv6 DNS server 2.
|
|||||
| ipv6-exclusive-routing
string
|
|
Enable/disable all IPv6 traffic go through tunnel only.
|
||||
| ipv6-pools
string
|
IPv4 firewall source address objects reserved for SSL-VPN tunnel mode clients.
|
|||||
| ipv6-service-restriction
string
|
|
Enable/disable IPv6 tunnel service restriction.
|
||||
| ipv6-split-tunneling
string
|
|
Enable/disable IPv6 split tunneling.
|
||||
| ipv6-split-tunneling-routing-address
string
|
IPv6 SSL-VPN tunnel mode firewall address objects that override firewall policy destination addresses to control split-tunneli...
|
|||||
| ipv6-tunnel-mode
string
|
|
Enable/disable IPv6 SSL-VPN tunnel mode.
|
||||
| ipv6-wins-server1
string
|
IPv6 WINS server 1.
|
|||||
| ipv6-wins-server2
string
|
IPv6 WINS server 2.
|
|||||
| keep-alive
string
|
|
Enable/disable automatic reconnect for FortiClient connections.
|
||||
| limit-user-logins
string
|
|
Enable to limit each user to one SSL-VPN session at a time.
|
||||
| mac-addr-action
string
|
|
Client MAC address action.
|
||||
| mac-addr-check
string
|
|
Enable/disable MAC address host checking.
|
||||
| mac-addr-check-rule
list / elements=string
|
no description
|
|||||
| mac-addr-list
string
|
no description
|
|||||
| mac-addr-mask
integer
|
Client MAC address mask.
|
|||||
| name
string
|
Client MAC address check rule name.
|
|||||
| macos-forticlient-download-url
string
|
Download URL for Mac FortiClient.
|
|||||
| name
string
|
Portal name.
|
|||||
| os-check
string
|
|
Enable to let the FortiGate decide action based on client OS.
|
||||
| redir-url
string
|
Client login redirect URL.
|
|||||
| save-password
string
|
|
Enable/disable FortiClient saving the users password.
|
||||
| service-restriction
string
|
|
Enable/disable tunnel service restriction.
|
||||
| skip-check-for-unsupported-browser
string
|
|
Enable to skip host check if browser does not support it.
|
||||
| skip-check-for-unsupported-os
string
|
|
Enable to skip host check if client OS does not support it.
|
||||
| smb-ntlmv1-auth
string
|
|
Enable support of NTLMv1 for Samba authentication.
|
||||
| smbv1
string
|
|
Enable/disable support of SMBv1 for Samba.
|
||||
| split-dns
list / elements=string
|
no description
|
|||||
| dns-server1
string
|
DNS server 1.
|
|||||
| dns-server2
string
|
DNS server 2.
|
|||||
| domains
string
|
Split DNS domains used for SSL-VPN clients separated by comma(,).
|
|||||
| id
integer
|
ID.
|
|||||
| ipv6-dns-server1
string
|
IPv6 DNS server 1.
|
|||||
| ipv6-dns-server2
string
|
IPv6 DNS server 2.
|
|||||
| split-tunneling
string
|
|
Enable/disable IPv4 split tunneling.
|
||||
| split-tunneling-routing-address
string
|
IPv4 SSL-VPN tunnel mode firewall address objects that override firewall policy destination addresses to control split-tunneli...
|
|||||
| theme
string
|
|
Web portal color scheme.
|
||||
| tunnel-mode
string
|
|
Enable/disable IPv4 SSL-VPN tunnel mode.
|
||||
| user-bookmark
string
|
|
Enable to allow web portal users to create their own bookmarks.
|
||||
| user-group-bookmark
string
|
|
Enable to allow web portal users to create bookmarks for all users in the same user group.
|
||||
| web-mode
string
|
|
Enable/disable SSL VPN web mode.
|
||||
| windows-forticlient-download-url
string
|
Download URL for Windows FortiClient.
|
|||||
| wins-server1
string
|
IPv4 WINS server 1.
|
|||||
| wins-server2
string
|
IPv4 WINS server 1.
|
|||||
| workspace_locking_adom
string
|
the adom to lock for FortiManager running in workspace mode, the value can be global and others including root
|
|||||
| workspace_locking_timeout
integer
|
Default:
300
|
the maximum time in seconds to wait for other user to release the workspace lock
|
||||
Notes
Note
- Running in workspace locking mode is supported in this FortiManager module, the top level parameters workspace_locking_adom and workspace_locking_timeout help do the work.
- To create or update an object, use state present directive.
- To delete an object, use state absent directive.
- Normally, running one module can fail when a non-zero rc is returned. you can also override the conditions to fail or succeed with parameters rc_failed and rc_succeeded
Examples
- hosts: fortimanager-inventory
collections:
- fortinet.fortimanager
connection: httpapi
vars:
ansible_httpapi_use_ssl: True
ansible_httpapi_validate_certs: False
ansible_httpapi_port: 443
tasks:
- name: Portal.
fmgr_vpnsslweb_portal:
bypass_validation: False
workspace_locking_adom: <value in [global, custom adom including root]>
workspace_locking_timeout: 300
rc_succeeded: [0, -2, -3, ...]
rc_failed: [-2, -3, ...]
adom: <your own value>
state: <value in [present, absent]>
vpnsslweb_portal:
allow-user-access:
- web
- ftp
- telnet
- smb
- vnc
- rdp
- ssh
- ping
- citrix
- portforward
- sftp
auto-connect: <value in [disable, enable]>
bookmark-group:
-
bookmarks:
-
additional-params: <value of string>
apptype: <value in [web, telnet, ssh, ...]>
description: <value of string>
folder: <value of string>
form-data:
-
name: <value of string>
value: <value of string>
host: <value of string>
listening-port: <value of integer>
load-balancing-info: <value of string>
logon-password: <value of string>
logon-user: <value of string>
name: <value of string>
port: <value of integer>
preconnection-blob: <value of string>
preconnection-id: <value of integer>
remote-port: <value of integer>
security: <value in [rdp, nla, tls, ...]>
server-layout: <value in [en-us-qwerty, de-de-qwertz, fr-fr-azerty, ...]>
show-status-window: <value in [disable, enable]>
sso: <value in [disable, static, auto]>
sso-credential: <value in [sslvpn-login, alternative]>
sso-credential-sent-once: <value in [disable, enable]>
sso-password: <value of string>
sso-username: <value of string>
url: <value of string>
name: <value of string>
custom-lang: <value of string>
customize-forticlient-download-url: <value in [disable, enable]>
display-bookmark: <value in [disable, enable]>
display-connection-tools: <value in [disable, enable]>
display-history: <value in [disable, enable]>
display-status: <value in [disable, enable]>
dns-server1: <value of string>
dns-server2: <value of string>
dns-suffix: <value of string>
exclusive-routing: <value in [disable, enable]>
forticlient-download: <value in [disable, enable]>
forticlient-download-method: <value in [direct, ssl-vpn]>
heading: <value of string>
hide-sso-credential: <value in [disable, enable]>
host-check: <value in [none, av, fw, ...]>
host-check-interval: <value of integer>
host-check-policy: <value of string>
ip-mode: <value in [range, user-group]>
ip-pools: <value of string>
ipv6-dns-server1: <value of string>
ipv6-dns-server2: <value of string>
ipv6-exclusive-routing: <value in [disable, enable]>
ipv6-pools: <value of string>
ipv6-service-restriction: <value in [disable, enable]>
ipv6-split-tunneling: <value in [disable, enable]>
ipv6-split-tunneling-routing-address: <value of string>
ipv6-tunnel-mode: <value in [disable, enable]>
ipv6-wins-server1: <value of string>
ipv6-wins-server2: <value of string>
keep-alive: <value in [disable, enable]>
limit-user-logins: <value in [disable, enable]>
mac-addr-action: <value in [deny, allow]>
mac-addr-check: <value in [disable, enable]>
mac-addr-check-rule:
-
mac-addr-list: <value of string>
mac-addr-mask: <value of integer>
name: <value of string>
macos-forticlient-download-url: <value of string>
name: <value of string>
os-check: <value in [disable, enable]>
redir-url: <value of string>
save-password: <value in [disable, enable]>
service-restriction: <value in [disable, enable]>
skip-check-for-unsupported-browser: <value in [disable, enable]>
skip-check-for-unsupported-os: <value in [disable, enable]>
smb-ntlmv1-auth: <value in [disable, enable]>
smbv1: <value in [disable, enable]>
split-dns:
-
dns-server1: <value of string>
dns-server2: <value of string>
domains: <value of string>
id: <value of integer>
ipv6-dns-server1: <value of string>
ipv6-dns-server2: <value of string>
split-tunneling: <value in [disable, enable]>
split-tunneling-routing-address: <value of string>
theme: <value in [gray, blue, orange, ...]>
tunnel-mode: <value in [disable, enable]>
user-bookmark: <value in [disable, enable]>
user-group-bookmark: <value in [disable, enable]>
web-mode: <value in [disable, enable]>
windows-forticlient-download-url: <value of string>
wins-server1: <value of string>
wins-server2: <value of string>
Return Values
Common return values are documented here, the following are the fields unique to this module:
| Key | Returned | Description |
|---|---|---|
| request_url
string
|
always |
The full url requested
Sample:
/sys/login/user
|
| response_code
integer
|
always |
The status of api request
|
| response_message
string
|
always |
The descriptive message of the api response
Sample:
OK.
|
Authors
- Link Zheng (@chillancezen)
- Jie Xue (@JieX19)
- Frank Shen (@fshen01)
- Hongbin Lu (@fgtdev-hblu)
© 2012–2018 Michael DeHaan
© 2018–2021 Red Hat, Inc.
Licensed under the GNU General Public License version 3.
https://docs.ansible.com/ansible/2.11/collections/fortinet/fortimanager/fmgr_vpnsslweb_portal_module.html