fortios_vpn_ssl_web_portal – Portal in Fortinet’s FortiOS and FortiGate
New in version 2.8.
Synopsis
- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify vpn_ssl_web feature and portal category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.5
Requirements
The below requirements are needed on the host that executes this module.
- fortiosapi>=0.9.8
Parameters
Parameter | Choices/Defaults | Comments | ||||
---|---|---|---|---|---|---|
host
string
|
FortiOS or FortiGate IP address.
|
|||||
https
boolean
|
|
Indicates if the requests towards FortiGate must use HTTPS protocol.
|
||||
password
string
|
Default:
""
|
FortiOS or FortiGate password.
|
||||
ssl_verify
boolean
added in 2.9
|
|
Ensures FortiGate certificate must be verified by a proper CA.
|
||||
state
string
added in 2.9
|
|
Indicates whether to create or remove the object. This attribute was present already in previous version in a deeper level. It has been moved out to this outer level.
|
||||
username
string
|
FortiOS or FortiGate username.
|
|||||
vdom
string
|
Default:
"root"
|
Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit.
|
||||
vpn_ssl_web_portal
dictionary
|
Default:
null
|
Portal.
|
||||
allow_user_access
string
|
|
Allow user access to SSL-VPN applications.
|
||||
auto_connect
string
|
|
Enable/disable automatic connect by client when system is up.
|
||||
bookmark_group
list
|
Portal bookmark group.
|
|||||
bookmarks
list
|
Bookmark table.
|
|||||
additional_params
string
|
Additional parameters.
|
|||||
apptype
string
|
|
Application type.
|
||||
description
string
|
Description.
|
|||||
folder
string
|
Network shared file folder parameter.
|
|||||
form_data
list
|
Form data.
|
|||||
name
string /
required
|
Name.
|
|||||
value
string
|
Value.
|
|||||
host
string
|
Host name/IP parameter.
|
|||||
listening_port
integer
|
Listening port (0 - 65535).
|
|||||
load_balancing_info
string
|
The load balancing information or cookie which should be provided to the connection broker.
|
|||||
logon_password
string
|
Logon password.
|
|||||
logon_user
string
|
Logon user.
|
|||||
name
string /
required
|
Bookmark name.
|
|||||
port
integer
|
Remote port.
|
|||||
preconnection_blob
string
|
An arbitrary string which identifies the RDP source.
|
|||||
preconnection_id
integer
|
The numeric ID of the RDP source (0-2147483648).
|
|||||
remote_port
integer
|
Remote port (0 - 65535).
|
|||||
security
string
|
|
Security mode for RDP connection.
|
||||
server_layout
string
|
|
Server side keyboard layout.
|
||||
show_status_window
string
|
|
Enable/disable showing of status window.
|
||||
sso
string
|
|
Single Sign-On.
|
||||
sso_credential
string
|
|
Single sign-on credentials.
|
||||
sso_credential_sent_once
string
|
|
Single sign-on credentials are only sent once to remote server.
|
||||
sso_password
string
|
SSO password.
|
|||||
sso_username
string
|
SSO user name.
|
|||||
url
string
|
URL parameter.
|
|||||
name
string /
required
|
Bookmark group name.
|
|||||
custom_lang
string
|
Change the web portal display language. Overrides config system global set language. You can use config system custom-language and execute system custom-language to add custom language files. Source system.custom-language.name.
|
|||||
customize_forticlient_download_url
string
|
|
Enable support of customized download URL for FortiClient.
|
||||
display_bookmark
string
|
|
Enable to display the web portal bookmark widget.
|
||||
display_connection_tools
string
|
|
Enable to display the web portal connection tools widget.
|
||||
display_history
string
|
|
Enable to display the web portal user login history widget.
|
||||
display_status
string
|
|
Enable to display the web portal status widget.
|
||||
dns_server1
string
|
IPv4 DNS server 1.
|
|||||
dns_server2
string
|
IPv4 DNS server 2.
|
|||||
dns_suffix
string
|
DNS suffix.
|
|||||
exclusive_routing
string
|
|
Enable/disable all traffic go through tunnel only.
|
||||
forticlient_download
string
|
|
Enable/disable download option for FortiClient.
|
||||
forticlient_download_method
string
|
|
FortiClient download method.
|
||||
heading
string
|
Web portal heading message.
|
|||||
hide_sso_credential
string
|
|
Enable to prevent SSO credential being sent to client.
|
||||
host_check
string
|
|
Type of host checking performed on endpoints.
|
||||
host_check_interval
integer
|
Periodic host check interval. Value of 0 means disabled and host checking only happens when the endpoint connects.
|
|||||
host_check_policy
list
|
One or more policies to require the endpoint to have specific security software.
|
|||||
name
string /
required
|
Host check software list name. Source vpn.ssl.web.host-check-software.name.
|
|||||
ip_mode
string
|
|
Method by which users of this SSL-VPN tunnel obtain IP addresses.
|
||||
ip_pools
list
|
IPv4 firewall source address objects reserved for SSL-VPN tunnel mode clients.
|
|||||
name
string /
required
|
Address name. Source firewall.address.name firewall.addrgrp.name.
|
|||||
ipv6_dns_server1
string
|
IPv6 DNS server 1.
|
|||||
ipv6_dns_server2
string
|
IPv6 DNS server 2.
|
|||||
ipv6_exclusive_routing
string
|
|
Enable/disable all IPv6 traffic go through tunnel only.
|
||||
ipv6_pools
list
|
IPv4 firewall source address objects reserved for SSL-VPN tunnel mode clients.
|
|||||
name
string /
required
|
Address name. Source firewall.address6.name firewall.addrgrp6.name.
|
|||||
ipv6_service_restriction
string
|
|
Enable/disable IPv6 tunnel service restriction.
|
||||
ipv6_split_tunneling
string
|
|
Enable/disable IPv6 split tunneling.
|
||||
ipv6_split_tunneling_routing_address
list
|
IPv6 SSL-VPN tunnel mode firewall address objects that override firewall policy destination addresses to control split-tunneling access.
|
|||||
name
string /
required
|
Address name. Source firewall.address6.name firewall.addrgrp6.name.
|
|||||
ipv6_tunnel_mode
string
|
|
Enable/disable IPv6 SSL-VPN tunnel mode.
|
||||
ipv6_wins_server1
string
|
IPv6 WINS server 1.
|
|||||
ipv6_wins_server2
string
|
IPv6 WINS server 2.
|
|||||
keep_alive
string
|
|
Enable/disable automatic reconnect for FortiClient connections.
|
||||
limit_user_logins
string
|
|
Enable to limit each user to one SSL-VPN session at a time.
|
||||
mac_addr_action
string
|
|
Client MAC address action.
|
||||
mac_addr_check
string
|
|
Enable/disable MAC address host checking.
|
||||
mac_addr_check_rule
list
|
Client MAC address check rule.
|
|||||
mac_addr_list
list
|
Client MAC address list.
|
|||||
addr
string /
required
|
Client MAC address.
|
|||||
mac_addr_mask
integer
|
Client MAC address mask.
|
|||||
name
string /
required
|
Client MAC address check rule name.
|
|||||
macos_forticlient_download_url
string
|
Download URL for Mac FortiClient.
|
|||||
name
string /
required
|
Portal name.
|
|||||
os_check
string
|
|
Enable to let the FortiGate decide action based on client OS.
|
||||
os_check_list
list
|
SSL VPN OS checks.
|
|||||
action
string
|
|
OS check options.
|
||||
latest_patch_level
string
|
Latest OS patch level.
|
|||||
name
string /
required
|
Name.
|
|||||
tolerance
integer
|
OS patch level tolerance.
|
|||||
redir_url
string
|
Client login redirect URL.
|
|||||
save_password
string
|
|
Enable/disable FortiClient saving the user's password.
|
||||
service_restriction
string
|
|
Enable/disable tunnel service restriction.
|
||||
skip_check_for_unsupported_browser
string
|
|
Enable to skip host check if browser does not support it.
|
||||
skip_check_for_unsupported_os
string
|
|
Enable to skip host check if client OS does not support it.
|
||||
smb_ntlmv1_auth
string
|
|
Enable support of NTLMv1 for Samba authentication.
|
||||
smbv1
string
|
|
Enable/disable support of SMBv1 for Samba.
|
||||
split_dns
list
|
Split DNS for SSL VPN.
|
|||||
dns_server1
string
|
DNS server 1.
|
|||||
dns_server2
string
|
DNS server 2.
|
|||||
domains
string
|
Split DNS domains used for SSL-VPN clients separated by comma(,).
|
|||||
id
integer /
required
|
ID.
|
|||||
ipv6_dns_server1
string
|
IPv6 DNS server 1.
|
|||||
ipv6_dns_server2
string
|
IPv6 DNS server 2.
|
|||||
split_tunneling
string
|
|
Enable/disable IPv4 split tunneling.
|
||||
split_tunneling_routing_address
list
|
IPv4 SSL-VPN tunnel mode firewall address objects that override firewall policy destination addresses to control split-tunneling access.
|
|||||
name
string /
required
|
Address name. Source firewall.address.name firewall.addrgrp.name.
|
|||||
state
string
|
|
Deprecated
Starting with Ansible 2.9 we recommend using the top-level 'state' parameter.
Indicates whether to create or remove the object.
|
||||
theme
string
|
|
Web portal color scheme.
|
||||
tunnel_mode
string
|
|
Enable/disable IPv4 SSL-VPN tunnel mode.
|
||||
user_bookmark
string
|
|
Enable to allow web portal users to create their own bookmarks.
|
||||
user_group_bookmark
string
|
|
Enable to allow web portal users to create bookmarks for all users in the same user group.
|
||||
web_mode
string
|
|
Enable/disable SSL VPN web mode.
|
||||
windows_forticlient_download_url
string
|
Download URL for Windows FortiClient.
|
|||||
wins_server1
string
|
IPv4 WINS server 1.
|
|||||
wins_server2
string
|
IPv4 WINS server 1.
|
Notes
Note
- Requires fortiosapi library developed by Fortinet
- Run as a local_action in your playbook
Examples
- hosts: localhost vars: host: "192.168.122.40" username: "admin" password: "" vdom: "root" ssl_verify: "False" tasks: - name: Portal. fortios_vpn_ssl_web_portal: host: "{{ host }}" username: "{{ username }}" password: "{{ password }}" vdom: "{{ vdom }}" https: "False" state: "present" vpn_ssl_web_portal: allow_user_access: "web" auto_connect: "enable" bookmark_group: - bookmarks: - additional_params: "<your_own_value>" apptype: "citrix" description: "<your_own_value>" folder: "<your_own_value>" form_data: - name: "default_name_12" value: "<your_own_value>" host: "<your_own_value>" listening_port: "15" load_balancing_info: "<your_own_value>" logon_password: "<your_own_value>" logon_user: "<your_own_value>" name: "default_name_19" port: "20" preconnection_blob: "<your_own_value>" preconnection_id: "22" remote_port: "23" security: "rdp" server_layout: "de-de-qwertz" show_status_window: "enable" sso: "disable" sso_credential: "sslvpn-login" sso_credential_sent_once: "enable" sso_password: "<your_own_value>" sso_username: "<your_own_value>" url: "myurl.com" name: "default_name_33" custom_lang: "<your_own_value> (source system.custom-language.name)" customize_forticlient_download_url: "enable" display_bookmark: "enable" display_connection_tools: "enable" display_history: "enable" display_status: "enable" dns_server1: "<your_own_value>" dns_server2: "<your_own_value>" dns_suffix: "<your_own_value>" exclusive_routing: "enable" forticlient_download: "enable" forticlient_download_method: "direct" heading: "<your_own_value>" hide_sso_credential: "enable" host_check: "none" host_check_interval: "49" host_check_policy: - name: "default_name_51 (source vpn.ssl.web.host-check-software.name)" ip_mode: "range" ip_pools: - name: "default_name_54 (source firewall.address.name firewall.addrgrp.name)" ipv6_dns_server1: "<your_own_value>" ipv6_dns_server2: "<your_own_value>" ipv6_exclusive_routing: "enable" ipv6_pools: - name: "default_name_59 (source firewall.address6.name firewall.addrgrp6.name)" ipv6_service_restriction: "enable" ipv6_split_tunneling: "enable" ipv6_split_tunneling_routing_address: - name: "default_name_63 (source firewall.address6.name firewall.addrgrp6.name)" ipv6_tunnel_mode: "enable" ipv6_wins_server1: "<your_own_value>" ipv6_wins_server2: "<your_own_value>" keep_alive: "enable" limit_user_logins: "enable" mac_addr_action: "allow" mac_addr_check: "enable" mac_addr_check_rule: - mac_addr_list: - addr: "<your_own_value>" mac_addr_mask: "74" name: "default_name_75" macos_forticlient_download_url: "<your_own_value>" name: "default_name_77" os_check: "enable" os_check_list: - action: "deny" latest_patch_level: "<your_own_value>" name: "default_name_82" tolerance: "83" redir_url: "<your_own_value>" save_password: "enable" service_restriction: "enable" skip_check_for_unsupported_browser: "enable" skip_check_for_unsupported_os: "enable" smb_ntlmv1_auth: "enable" smbv1: "enable" split_dns: - dns_server1: "<your_own_value>" dns_server2: "<your_own_value>" domains: "<your_own_value>" id: "95" ipv6_dns_server1: "<your_own_value>" ipv6_dns_server2: "<your_own_value>" split_tunneling: "enable" split_tunneling_routing_address: - name: "default_name_100 (source firewall.address.name firewall.addrgrp.name)" theme: "blue" tunnel_mode: "enable" user_bookmark: "enable" user_group_bookmark: "enable" web_mode: "enable" windows_forticlient_download_url: "<your_own_value>" wins_server1: "<your_own_value>" wins_server2: "<your_own_value>"
Return Values
Common return values are documented here, the following are the fields unique to this module:
Key | Returned | Description |
---|---|---|
build
string
|
always |
Build number of the fortigate image
Sample:
1547
|
http_method
string
|
always |
Last method used to provision the content into FortiGate
Sample:
PUT
|
http_status
string
|
always |
Last result given by FortiGate on last operation applied
Sample:
200
|
mkey
string
|
success |
Master key (id) used in the last call to FortiGate
Sample:
id
|
name
string
|
always |
Name of the table used to fulfill the request
Sample:
urlfilter
|
path
string
|
always |
Path of the table used to fulfill the request
Sample:
webfilter
|
revision
string
|
always |
Internal revision number
Sample:
17.0.2.10658
|
serial
string
|
always |
Serial number of the unit
Sample:
FGVMEVYYQT3AB5352
|
status
string
|
always |
Indication of the operation's result
Sample:
success
|
vdom
string
|
always |
Virtual domain used
Sample:
root
|
version
string
|
always |
Version of the FortiGate
Sample:
v5.6.3
|
Status
- This module is not guaranteed to have a backwards compatible interface. [preview]
- This module is maintained by the Ansible Community. [community]
Authors
- Miguel Angel Munoz (@mamunozgonzalez)
- Nicolas Thomas (@thomnico)
Hint
If you notice any issues in this documentation, you can edit this document to improve it.
© 2012–2018 Michael DeHaan
© 2018–2019 Red Hat, Inc.
Licensed under the GNU General Public License version 3.
https://docs.ansible.com/ansible/2.9/modules/fortios_vpn_ssl_web_portal_module.html