New in version 2.8.
The below requirements are needed on the host that executes this module.
| Parameter | Choices/Defaults | Comments | ||||
|---|---|---|---|---|---|---|
| host string | FortiOS or FortiGate IP address. | |||||
| https boolean |
| Indicates if the requests towards FortiGate must use HTTPS protocol. | ||||
| password string | Default: "" | FortiOS or FortiGate password. | ||||
| ssl_verify boolean added in 2.9 |
| Ensures FortiGate certificate must be verified by a proper CA. | ||||
| state string added in 2.9 |
| Indicates whether to create or remove the object. This attribute was present already in previous version in a deeper level. It has been moved out to this outer level. | ||||
| username string | FortiOS or FortiGate username. | |||||
| vdom string | Default: "root" | Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. | ||||
| vpn_ssl_web_portal dictionary | Default: null | Portal. | ||||
| allow_user_access string |
| Allow user access to SSL-VPN applications. | ||||
| auto_connect string |
| Enable/disable automatic connect by client when system is up. | ||||
| bookmark_group list | Portal bookmark group. | |||||
| bookmarks list | Bookmark table. | |||||
| additional_params string | Additional parameters. | |||||
| apptype string |
| Application type. | ||||
| description string | Description. | |||||
| folder string | Network shared file folder parameter. | |||||
| form_data list | Form data. | |||||
| name string / required | Name. | |||||
| value string | Value. | |||||
| host string | Host name/IP parameter. | |||||
| listening_port integer | Listening port (0 - 65535). | |||||
| load_balancing_info string | The load balancing information or cookie which should be provided to the connection broker. | |||||
| logon_password string | Logon password. | |||||
| logon_user string | Logon user. | |||||
| name string / required | Bookmark name. | |||||
| port integer | Remote port. | |||||
| preconnection_blob string | An arbitrary string which identifies the RDP source. | |||||
| preconnection_id integer | The numeric ID of the RDP source (0-2147483648). | |||||
| remote_port integer | Remote port (0 - 65535). | |||||
| security string |
| Security mode for RDP connection. | ||||
| server_layout string |
| Server side keyboard layout. | ||||
| show_status_window string |
| Enable/disable showing of status window. | ||||
| sso string |
| Single Sign-On. | ||||
| sso_credential string |
| Single sign-on credentials. | ||||
| sso_credential_sent_once string |
| Single sign-on credentials are only sent once to remote server. | ||||
| sso_password string | SSO password. | |||||
| sso_username string | SSO user name. | |||||
| url string | URL parameter. | |||||
| name string / required | Bookmark group name. | |||||
| custom_lang string | Change the web portal display language. Overrides config system global set language. You can use config system custom-language and execute system custom-language to add custom language files. Source system.custom-language.name. | |||||
| customize_forticlient_download_url string |
| Enable support of customized download URL for FortiClient. | ||||
| display_bookmark string |
| Enable to display the web portal bookmark widget. | ||||
| display_connection_tools string |
| Enable to display the web portal connection tools widget. | ||||
| display_history string |
| Enable to display the web portal user login history widget. | ||||
| display_status string |
| Enable to display the web portal status widget. | ||||
| dns_server1 string | IPv4 DNS server 1. | |||||
| dns_server2 string | IPv4 DNS server 2. | |||||
| dns_suffix string | DNS suffix. | |||||
| exclusive_routing string |
| Enable/disable all traffic go through tunnel only. | ||||
| forticlient_download string |
| Enable/disable download option for FortiClient. | ||||
| forticlient_download_method string |
| FortiClient download method. | ||||
| heading string | Web portal heading message. | |||||
| hide_sso_credential string |
| Enable to prevent SSO credential being sent to client. | ||||
| host_check string |
| Type of host checking performed on endpoints. | ||||
| host_check_interval integer | Periodic host check interval. Value of 0 means disabled and host checking only happens when the endpoint connects. | |||||
| host_check_policy list | One or more policies to require the endpoint to have specific security software. | |||||
| name string / required | Host check software list name. Source vpn.ssl.web.host-check-software.name. | |||||
| ip_mode string |
| Method by which users of this SSL-VPN tunnel obtain IP addresses. | ||||
| ip_pools list | IPv4 firewall source address objects reserved for SSL-VPN tunnel mode clients. | |||||
| name string / required | Address name. Source firewall.address.name firewall.addrgrp.name. | |||||
| ipv6_dns_server1 string | IPv6 DNS server 1. | |||||
| ipv6_dns_server2 string | IPv6 DNS server 2. | |||||
| ipv6_exclusive_routing string |
| Enable/disable all IPv6 traffic go through tunnel only. | ||||
| ipv6_pools list | IPv4 firewall source address objects reserved for SSL-VPN tunnel mode clients. | |||||
| name string / required | Address name. Source firewall.address6.name firewall.addrgrp6.name. | |||||
| ipv6_service_restriction string |
| Enable/disable IPv6 tunnel service restriction. | ||||
| ipv6_split_tunneling string |
| Enable/disable IPv6 split tunneling. | ||||
| ipv6_split_tunneling_routing_address list | IPv6 SSL-VPN tunnel mode firewall address objects that override firewall policy destination addresses to control split-tunneling access. | |||||
| name string / required | Address name. Source firewall.address6.name firewall.addrgrp6.name. | |||||
| ipv6_tunnel_mode string |
| Enable/disable IPv6 SSL-VPN tunnel mode. | ||||
| ipv6_wins_server1 string | IPv6 WINS server 1. | |||||
| ipv6_wins_server2 string | IPv6 WINS server 2. | |||||
| keep_alive string |
| Enable/disable automatic reconnect for FortiClient connections. | ||||
| limit_user_logins string |
| Enable to limit each user to one SSL-VPN session at a time. | ||||
| mac_addr_action string |
| Client MAC address action. | ||||
| mac_addr_check string |
| Enable/disable MAC address host checking. | ||||
| mac_addr_check_rule list | Client MAC address check rule. | |||||
| mac_addr_list list | Client MAC address list. | |||||
| addr string / required | Client MAC address. | |||||
| mac_addr_mask integer | Client MAC address mask. | |||||
| name string / required | Client MAC address check rule name. | |||||
| macos_forticlient_download_url string | Download URL for Mac FortiClient. | |||||
| name string / required | Portal name. | |||||
| os_check string |
| Enable to let the FortiGate decide action based on client OS. | ||||
| os_check_list list | SSL VPN OS checks. | |||||
| action string |
| OS check options. | ||||
| latest_patch_level string | Latest OS patch level. | |||||
| name string / required | Name. | |||||
| tolerance integer | OS patch level tolerance. | |||||
| redir_url string | Client login redirect URL. | |||||
| save_password string |
| Enable/disable FortiClient saving the user's password. | ||||
| service_restriction string |
| Enable/disable tunnel service restriction. | ||||
| skip_check_for_unsupported_browser string |
| Enable to skip host check if browser does not support it. | ||||
| skip_check_for_unsupported_os string |
| Enable to skip host check if client OS does not support it. | ||||
| smb_ntlmv1_auth string |
| Enable support of NTLMv1 for Samba authentication. | ||||
| smbv1 string |
| Enable/disable support of SMBv1 for Samba. | ||||
| split_dns list | Split DNS for SSL VPN. | |||||
| dns_server1 string | DNS server 1. | |||||
| dns_server2 string | DNS server 2. | |||||
| domains string | Split DNS domains used for SSL-VPN clients separated by comma(,). | |||||
| id integer / required | ID. | |||||
| ipv6_dns_server1 string | IPv6 DNS server 1. | |||||
| ipv6_dns_server2 string | IPv6 DNS server 2. | |||||
| split_tunneling string |
| Enable/disable IPv4 split tunneling. | ||||
| split_tunneling_routing_address list | IPv4 SSL-VPN tunnel mode firewall address objects that override firewall policy destination addresses to control split-tunneling access. | |||||
| name string / required | Address name. Source firewall.address.name firewall.addrgrp.name. | |||||
| state string |
| Deprecated Starting with Ansible 2.9 we recommend using the top-level 'state' parameter. Indicates whether to create or remove the object. | ||||
| theme string |
| Web portal color scheme. | ||||
| tunnel_mode string |
| Enable/disable IPv4 SSL-VPN tunnel mode. | ||||
| user_bookmark string |
| Enable to allow web portal users to create their own bookmarks. | ||||
| user_group_bookmark string |
| Enable to allow web portal users to create bookmarks for all users in the same user group. | ||||
| web_mode string |
| Enable/disable SSL VPN web mode. | ||||
| windows_forticlient_download_url string | Download URL for Windows FortiClient. | |||||
| wins_server1 string | IPv4 WINS server 1. | |||||
| wins_server2 string | IPv4 WINS server 1. | |||||
Note
- hosts: localhost
vars:
host: "192.168.122.40"
username: "admin"
password: ""
vdom: "root"
ssl_verify: "False"
tasks:
- name: Portal.
fortios_vpn_ssl_web_portal:
host: "{{ host }}"
username: "{{ username }}"
password: "{{ password }}"
vdom: "{{ vdom }}"
https: "False"
state: "present"
vpn_ssl_web_portal:
allow_user_access: "web"
auto_connect: "enable"
bookmark_group:
-
bookmarks:
-
additional_params: "<your_own_value>"
apptype: "citrix"
description: "<your_own_value>"
folder: "<your_own_value>"
form_data:
-
name: "default_name_12"
value: "<your_own_value>"
host: "<your_own_value>"
listening_port: "15"
load_balancing_info: "<your_own_value>"
logon_password: "<your_own_value>"
logon_user: "<your_own_value>"
name: "default_name_19"
port: "20"
preconnection_blob: "<your_own_value>"
preconnection_id: "22"
remote_port: "23"
security: "rdp"
server_layout: "de-de-qwertz"
show_status_window: "enable"
sso: "disable"
sso_credential: "sslvpn-login"
sso_credential_sent_once: "enable"
sso_password: "<your_own_value>"
sso_username: "<your_own_value>"
url: "myurl.com"
name: "default_name_33"
custom_lang: "<your_own_value> (source system.custom-language.name)"
customize_forticlient_download_url: "enable"
display_bookmark: "enable"
display_connection_tools: "enable"
display_history: "enable"
display_status: "enable"
dns_server1: "<your_own_value>"
dns_server2: "<your_own_value>"
dns_suffix: "<your_own_value>"
exclusive_routing: "enable"
forticlient_download: "enable"
forticlient_download_method: "direct"
heading: "<your_own_value>"
hide_sso_credential: "enable"
host_check: "none"
host_check_interval: "49"
host_check_policy:
-
name: "default_name_51 (source vpn.ssl.web.host-check-software.name)"
ip_mode: "range"
ip_pools:
-
name: "default_name_54 (source firewall.address.name firewall.addrgrp.name)"
ipv6_dns_server1: "<your_own_value>"
ipv6_dns_server2: "<your_own_value>"
ipv6_exclusive_routing: "enable"
ipv6_pools:
-
name: "default_name_59 (source firewall.address6.name firewall.addrgrp6.name)"
ipv6_service_restriction: "enable"
ipv6_split_tunneling: "enable"
ipv6_split_tunneling_routing_address:
-
name: "default_name_63 (source firewall.address6.name firewall.addrgrp6.name)"
ipv6_tunnel_mode: "enable"
ipv6_wins_server1: "<your_own_value>"
ipv6_wins_server2: "<your_own_value>"
keep_alive: "enable"
limit_user_logins: "enable"
mac_addr_action: "allow"
mac_addr_check: "enable"
mac_addr_check_rule:
-
mac_addr_list:
-
addr: "<your_own_value>"
mac_addr_mask: "74"
name: "default_name_75"
macos_forticlient_download_url: "<your_own_value>"
name: "default_name_77"
os_check: "enable"
os_check_list:
-
action: "deny"
latest_patch_level: "<your_own_value>"
name: "default_name_82"
tolerance: "83"
redir_url: "<your_own_value>"
save_password: "enable"
service_restriction: "enable"
skip_check_for_unsupported_browser: "enable"
skip_check_for_unsupported_os: "enable"
smb_ntlmv1_auth: "enable"
smbv1: "enable"
split_dns:
-
dns_server1: "<your_own_value>"
dns_server2: "<your_own_value>"
domains: "<your_own_value>"
id: "95"
ipv6_dns_server1: "<your_own_value>"
ipv6_dns_server2: "<your_own_value>"
split_tunneling: "enable"
split_tunneling_routing_address:
-
name: "default_name_100 (source firewall.address.name firewall.addrgrp.name)"
theme: "blue"
tunnel_mode: "enable"
user_bookmark: "enable"
user_group_bookmark: "enable"
web_mode: "enable"
windows_forticlient_download_url: "<your_own_value>"
wins_server1: "<your_own_value>"
wins_server2: "<your_own_value>"
Common return values are documented here, the following are the fields unique to this module:
| Key | Returned | Description |
|---|---|---|
| build string | always | Build number of the fortigate image Sample: 1547 |
| http_method string | always | Last method used to provision the content into FortiGate Sample: PUT |
| http_status string | always | Last result given by FortiGate on last operation applied Sample: 200 |
| mkey string | success | Master key (id) used in the last call to FortiGate Sample: id |
| name string | always | Name of the table used to fulfill the request Sample: urlfilter |
| path string | always | Path of the table used to fulfill the request Sample: webfilter |
| revision string | always | Internal revision number Sample: 17.0.2.10658 |
| serial string | always | Serial number of the unit Sample: FGVMEVYYQT3AB5352 |
| status string | always | Indication of the operation's result Sample: success |
| vdom string | always | Virtual domain used Sample: root |
| version string | always | Version of the FortiGate Sample: v5.6.3 |
Hint
If you notice any issues in this documentation, you can edit this document to improve it.
© 2012–2018 Michael DeHaan
© 2018–2019 Red Hat, Inc.
Licensed under the GNU General Public License version 3.
https://docs.ansible.com/ansible/2.9/modules/fortios_vpn_ssl_web_portal_module.html