New in version 2.8.
The below requirements are needed on the host that executes this module.
| Parameter | Choices/Defaults | Comments | |
|---|---|---|---|
| firewall_ssl_setting dictionary | Default: null | SSL proxy settings. | |
| abbreviate_handshake string |
| Enable/disable use of SSL abbreviated handshake. | |
| cert_cache_capacity integer | Maximum capacity of the host certificate cache (0 - 500). | ||
| cert_cache_timeout integer | Time limit to keep certificate cache (1 - 120 min). | ||
| kxp_queue_threshold integer | Maximum length of the CP KXP queue. When the queue becomes full, the proxy switches cipher functions to the main CPU (0 - 512). | ||
| no_matching_cipher_action string |
| Bypass or drop the connection when no matching cipher is found. | |
| proxy_connect_timeout integer | Time limit to make an internal connection to the appropriate proxy process (1 - 60 sec). | ||
| session_cache_capacity integer | Capacity of the SSL session cache (--Obsolete--) (1 - 1000). | ||
| session_cache_timeout integer | Time limit to keep SSL session state (1 - 60 min). | ||
| ssl_dh_bits string |
| Bit-size of Diffie-Hellman (DH) prime used in DHE-RSA negotiation. | |
| ssl_queue_threshold integer | Maximum length of the CP SSL queue. When the queue becomes full, the proxy switches cipher functions to the main CPU (0 - 512). | ||
| ssl_send_empty_frags string |
| Enable/disable sending empty fragments to avoid attack on CBC IV (for SSL 3.0 and TLS 1.0 only). | |
| host string | FortiOS or FortiGate IP address. | ||
| https boolean |
| Indicates if the requests towards FortiGate must use HTTPS protocol. | |
| password string | Default: "" | FortiOS or FortiGate password. | |
| ssl_verify boolean added in 2.9 |
| Ensures FortiGate certificate must be verified by a proper CA. | |
| username string | FortiOS or FortiGate username. | ||
| vdom string | Default: "root" | Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. | |
Note
- hosts: localhost
vars:
host: "192.168.122.40"
username: "admin"
password: ""
vdom: "root"
ssl_verify: "False"
tasks:
- name: SSL proxy settings.
fortios_firewall_ssl_setting:
host: "{{ host }}"
username: "{{ username }}"
password: "{{ password }}"
vdom: "{{ vdom }}"
https: "False"
firewall_ssl_setting:
abbreviate_handshake: "enable"
cert_cache_capacity: "4"
cert_cache_timeout: "5"
kxp_queue_threshold: "6"
no_matching_cipher_action: "bypass"
proxy_connect_timeout: "8"
session_cache_capacity: "9"
session_cache_timeout: "10"
ssl_dh_bits: "768"
ssl_queue_threshold: "12"
ssl_send_empty_frags: "enable"
Common return values are documented here, the following are the fields unique to this module:
| Key | Returned | Description |
|---|---|---|
| build string | always | Build number of the fortigate image Sample: 1547 |
| http_method string | always | Last method used to provision the content into FortiGate Sample: PUT |
| http_status string | always | Last result given by FortiGate on last operation applied Sample: 200 |
| mkey string | success | Master key (id) used in the last call to FortiGate Sample: id |
| name string | always | Name of the table used to fulfill the request Sample: urlfilter |
| path string | always | Path of the table used to fulfill the request Sample: webfilter |
| revision string | always | Internal revision number Sample: 17.0.2.10658 |
| serial string | always | Serial number of the unit Sample: FGVMEVYYQT3AB5352 |
| status string | always | Indication of the operation's result Sample: success |
| vdom string | always | Virtual domain used Sample: root |
| version string | always | Version of the FortiGate Sample: v5.6.3 |
Hint
If you notice any issues in this documentation, you can edit this document to improve it.
© 2012–2018 Michael DeHaan
© 2018–2019 Red Hat, Inc.
Licensed under the GNU General Public License version 3.
https://docs.ansible.com/ansible/2.9/modules/fortios_firewall_ssl_setting_module.html