fortinet.fortimanager.fmgr_firewall_vip_dynamicmapping – Configure virtual IP for IPv4.

Note

This plugin is part of the fortinet.fortimanager collection (version 2.1.3).

You might already have this collection installed if you are using the ansible package. It is not included in ansible-core. To check whether it is installed, run ansible-galaxy collection list.

To install it, use: ansible-galaxy collection install fortinet.fortimanager.

To use it in a playbook, specify: fortinet.fortimanager.fmgr_firewall_vip_dynamicmapping.

New in version 2.10: of fortinet.fortimanager

Synopsis

  • This module is able to configure a FortiManager device.
  • Examples include all parameters and values which need to be adjusted to data sources before usage.

Parameters

Parameter Choices/Defaults Comments
adom
string / required
the parameter (adom) in requested url
bypass_validation
boolean
    Choices:
  • no
  • yes
only set to True when module schema diffs with FortiManager API structure, module continues to execute without validating parameters
enable_log
boolean
    Choices:
  • no
  • yes
Enable/Disable logging for task
firewall_vip_dynamicmapping
dictionary
the top level parameters set
_scope
list / elements=string
no description
name
string
no description
vdom
string
no description
arp-reply
string
    Choices:
  • disable
  • enable
no description
color
integer
no description
comment
string
no description
dns-mapping-ttl
integer
no description
extaddr
string
no description
extintf
string
no description
extip
string
no description
extport
string
no description
gratuitous-arp-interval
integer
no description
http-cookie-age
integer
no description
http-cookie-domain
string
no description
http-cookie-domain-from-host
string
    Choices:
  • disable
  • enable
no description
http-cookie-generation
integer
no description
http-cookie-path
string
no description
http-cookie-share
string
    Choices:
  • disable
  • same-ip
no description
http-ip-header
string
    Choices:
  • disable
  • enable
no description
http-ip-header-name
string
no description
http-multiplex
string
    Choices:
  • disable
  • enable
no description
http-redirect
string
    Choices:
  • disable
  • enable
no description
https-cookie-secure
string
    Choices:
  • disable
  • enable
no description
id
integer
no description
ldb-method
string
    Choices:
  • static
  • round-robin
  • weighted
  • least-session
  • least-rtt
  • first-alive
  • http-host
no description
mapped-addr
string
no description
mappedip
string
no description
mappedport
string
no description
max-embryonic-connections
integer
no description
monitor
string
no description
nat-source-vip
string
    Choices:
  • disable
  • enable
no description
outlook-web-access
string
    Choices:
  • disable
  • enable
no description
persistence
string
    Choices:
  • none
  • http-cookie
  • ssl-session-id
no description
portforward
string
    Choices:
  • disable
  • enable
no description
portmapping-type
string
    Choices:
  • 1-to-1
  • m-to-n
no description
protocol
string
    Choices:
  • tcp
  • udp
  • sctp
  • icmp
no description
realservers
list / elements=string
no description
address
string
no description
client-ip
string
no description
healthcheck
string
    Choices:
  • disable
  • enable
  • vip
no description
holddown-interval
integer
no description
http-host
string
no description
id
integer
no description
ip
string
no description
max-connections
integer
no description
monitor
string
no description
port
integer
no description
seq
integer
no description
status
string
    Choices:
  • active
  • standby
  • disable
no description
type
string
    Choices:
  • ip
  • address
no description
weight
integer
no description
server-type
string
    Choices:
  • http
  • https
  • ssl
  • tcp
  • udp
  • ip
  • imaps
  • pop3s
  • smtps
  • ssh
no description
service
string
no description
src-filter
string
no description
srcintf-filter
string
no description
ssl-algorithm
string
    Choices:
  • high
  • medium
  • low
  • custom
no description
ssl-certificate
string
no description
ssl-cipher-suites
list / elements=string
no description
cipher
string
    Choices:
  • TLS-RSA-WITH-RC4-128-MD5
  • TLS-RSA-WITH-RC4-128-SHA
  • TLS-RSA-WITH-DES-CBC-SHA
  • TLS-RSA-WITH-3DES-EDE-CBC-SHA
  • TLS-RSA-WITH-AES-128-CBC-SHA
  • TLS-RSA-WITH-AES-256-CBC-SHA
  • TLS-RSA-WITH-AES-128-CBC-SHA256
  • TLS-RSA-WITH-AES-256-CBC-SHA256
  • TLS-RSA-WITH-CAMELLIA-128-CBC-SHA
  • TLS-RSA-WITH-CAMELLIA-256-CBC-SHA
  • TLS-RSA-WITH-CAMELLIA-128-CBC-SHA256
  • TLS-RSA-WITH-CAMELLIA-256-CBC-SHA256
  • TLS-RSA-WITH-SEED-CBC-SHA
  • TLS-RSA-WITH-ARIA-128-CBC-SHA256
  • TLS-RSA-WITH-ARIA-256-CBC-SHA384
  • TLS-DHE-RSA-WITH-DES-CBC-SHA
  • TLS-DHE-RSA-WITH-3DES-EDE-CBC-SHA
  • TLS-DHE-RSA-WITH-AES-128-CBC-SHA
  • TLS-DHE-RSA-WITH-AES-256-CBC-SHA
  • TLS-DHE-RSA-WITH-AES-128-CBC-SHA256
  • TLS-DHE-RSA-WITH-AES-256-CBC-SHA256
  • TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA
  • TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA
  • TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA256
  • TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA256
  • TLS-DHE-RSA-WITH-SEED-CBC-SHA
  • TLS-DHE-RSA-WITH-ARIA-128-CBC-SHA256
  • TLS-DHE-RSA-WITH-ARIA-256-CBC-SHA384
  • TLS-ECDHE-RSA-WITH-RC4-128-SHA
  • TLS-ECDHE-RSA-WITH-3DES-EDE-CBC-SHA
  • TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA
  • TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA
  • TLS-ECDHE-RSA-WITH-CHACHA20-POLY1305-SHA256
  • TLS-ECDHE-ECDSA-WITH-CHACHA20-POLY1305-SHA256
  • TLS-DHE-RSA-WITH-CHACHA20-POLY1305-SHA256
  • TLS-DHE-RSA-WITH-AES-128-GCM-SHA256
  • TLS-DHE-RSA-WITH-AES-256-GCM-SHA384
  • TLS-DHE-DSS-WITH-AES-128-CBC-SHA
  • TLS-DHE-DSS-WITH-AES-256-CBC-SHA
  • TLS-DHE-DSS-WITH-AES-128-CBC-SHA256
  • TLS-DHE-DSS-WITH-AES-128-GCM-SHA256
  • TLS-DHE-DSS-WITH-AES-256-CBC-SHA256
  • TLS-DHE-DSS-WITH-AES-256-GCM-SHA384
  • TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA256
  • TLS-ECDHE-RSA-WITH-AES-128-GCM-SHA256
  • TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA384
  • TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384
  • TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA
  • TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA256
  • TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256
  • TLS-ECDHE-ECDSA-WITH-AES-256-CBC-SHA384
  • TLS-ECDHE-ECDSA-WITH-AES-256-GCM-SHA384
  • TLS-RSA-WITH-AES-128-GCM-SHA256
  • TLS-RSA-WITH-AES-256-GCM-SHA384
  • TLS-DHE-DSS-WITH-CAMELLIA-128-CBC-SHA
  • TLS-DHE-DSS-WITH-CAMELLIA-256-CBC-SHA
  • TLS-DHE-DSS-WITH-CAMELLIA-128-CBC-SHA256
  • TLS-DHE-DSS-WITH-CAMELLIA-256-CBC-SHA256
  • TLS-DHE-DSS-WITH-SEED-CBC-SHA
  • TLS-DHE-DSS-WITH-ARIA-128-CBC-SHA256
  • TLS-DHE-DSS-WITH-ARIA-256-CBC-SHA384
  • TLS-ECDHE-RSA-WITH-ARIA-128-CBC-SHA256
  • TLS-ECDHE-RSA-WITH-ARIA-256-CBC-SHA384
  • TLS-ECDHE-ECDSA-WITH-ARIA-128-CBC-SHA256
  • TLS-ECDHE-ECDSA-WITH-ARIA-256-CBC-SHA384
  • TLS-DHE-DSS-WITH-3DES-EDE-CBC-SHA
  • TLS-DHE-DSS-WITH-DES-CBC-SHA
  • TLS-AES-128-GCM-SHA256
  • TLS-AES-256-GCM-SHA384
  • TLS-CHACHA20-POLY1305-SHA256
no description
id
integer
no description
priority
integer
no description
versions
list / elements=string
    Choices:
  • ssl-3.0
  • tls-1.0
  • tls-1.1
  • tls-1.2
  • tls-1.3
no description
ssl-client-fallback
string
    Choices:
  • disable
  • enable
no description
ssl-client-rekey-count
integer
no description
ssl-client-renegotiation
string
    Choices:
  • deny
  • allow
  • secure
no description
ssl-client-session-state-max
integer
no description
ssl-client-session-state-timeout
integer
no description
ssl-client-session-state-type
string
    Choices:
  • disable
  • time
  • count
  • both
no description
ssl-dh-bits
string
    Choices:
  • 768
  • 1024
  • 1536
  • 2048
  • 3072
  • 4096
no description
ssl-hpkp
string
    Choices:
  • disable
  • enable
  • report-only
no description
ssl-hpkp-age
integer
no description
ssl-hpkp-backup
string
no description
ssl-hpkp-include-subdomains
string
    Choices:
  • disable
  • enable
no description
ssl-hpkp-primary
string
no description
ssl-hpkp-report-uri
string
no description
ssl-hsts
string
    Choices:
  • disable
  • enable
no description
ssl-hsts-age
integer
no description
ssl-hsts-include-subdomains
string
    Choices:
  • disable
  • enable
no description
ssl-http-location-conversion
string
    Choices:
  • disable
  • enable
no description
ssl-http-match-host
string
    Choices:
  • disable
  • enable
no description
ssl-max-version
string
    Choices:
  • ssl-3.0
  • tls-1.0
  • tls-1.1
  • tls-1.2
  • tls-1.3
no description
ssl-min-version
string
    Choices:
  • ssl-3.0
  • tls-1.0
  • tls-1.1
  • tls-1.2
  • tls-1.3
no description
ssl-mode
string
    Choices:
  • half
  • full
no description
ssl-pfs
string
    Choices:
  • require
  • deny
  • allow
no description
ssl-send-empty-frags
string
    Choices:
  • disable
  • enable
no description
ssl-server-algorithm
string
    Choices:
  • high
  • low
  • medium
  • custom
  • client
no description
ssl-server-max-version
string
    Choices:
  • ssl-3.0
  • tls-1.0
  • tls-1.1
  • tls-1.2
  • client
  • tls-1.3
no description
ssl-server-min-version
string
    Choices:
  • ssl-3.0
  • tls-1.0
  • tls-1.1
  • tls-1.2
  • client
  • tls-1.3
no description
ssl-server-session-state-max
integer
no description
ssl-server-session-state-timeout
integer
no description
ssl-server-session-state-type
string
    Choices:
  • disable
  • time
  • count
  • both
no description
status
string
    Choices:
  • disable
  • enable
Enable/disable VIP.
type
string
    Choices:
  • static-nat
  • load-balance
  • server-load-balance
  • dns-translation
  • fqdn
  • access-proxy
no description
uuid
string
no description
weblogic-server
string
    Choices:
  • disable
  • enable
no description
websphere-server
string
    Choices:
  • disable
  • enable
no description
proposed_method
string
    Choices:
  • update
  • set
  • add
The overridden method for the underlying Json RPC request
rc_failed
list / elements=string
the rc codes list with which the conditions to fail will be overriden
rc_succeeded
list / elements=string
the rc codes list with which the conditions to succeed will be overriden
state
string / required
    Choices:
  • present
  • absent
the directive to create, update or delete an object
vip
string / required
the parameter (vip) in requested url
workspace_locking_adom
string
the adom to lock for FortiManager running in workspace mode, the value can be global and others including root
workspace_locking_timeout
integer
Default:
300
the maximum time in seconds to wait for other user to release the workspace lock

Notes

Note

  • Running in workspace locking mode is supported in this FortiManager module, the top level parameters workspace_locking_adom and workspace_locking_timeout help do the work.
  • To create or update an object, use state present directive.
  • To delete an object, use state absent directive.
  • Normally, running one module can fail when a non-zero rc is returned. you can also override the conditions to fail or succeed with parameters rc_failed and rc_succeeded

Examples

- hosts: fortimanager-inventory
  collections:
    - fortinet.fortimanager
  connection: httpapi
  vars:
     ansible_httpapi_use_ssl: True
     ansible_httpapi_validate_certs: False
     ansible_httpapi_port: 443
  tasks:
   - name: Configure virtual IP for IPv4.
     fmgr_firewall_vip_dynamicmapping:
        bypass_validation: False
        workspace_locking_adom: <value in [global, custom adom including root]>
        workspace_locking_timeout: 300
        rc_succeeded: [0, -2, -3, ...]
        rc_failed: [-2, -3, ...]
        adom: <your own value>
        vip: <your own value>
        state: <value in [present, absent]>
        firewall_vip_dynamicmapping:
           _scope:
             -
                 name: <value of string>
                 vdom: <value of string>
           arp-reply: <value in [disable, enable]>
           color: <value of integer>
           comment: <value of string>
           dns-mapping-ttl: <value of integer>
           extaddr: <value of string>
           extintf: <value of string>
           extip: <value of string>
           extport: <value of string>
           gratuitous-arp-interval: <value of integer>
           http-cookie-age: <value of integer>
           http-cookie-domain: <value of string>
           http-cookie-domain-from-host: <value in [disable, enable]>
           http-cookie-generation: <value of integer>
           http-cookie-path: <value of string>
           http-cookie-share: <value in [disable, same-ip]>
           http-ip-header: <value in [disable, enable]>
           http-ip-header-name: <value of string>
           http-multiplex: <value in [disable, enable]>
           https-cookie-secure: <value in [disable, enable]>
           id: <value of integer>
           ldb-method: <value in [static, round-robin, weighted, ...]>
           mapped-addr: <value of string>
           mappedip: <value of string>
           mappedport: <value of string>
           max-embryonic-connections: <value of integer>
           monitor: <value of string>
           nat-source-vip: <value in [disable, enable]>
           outlook-web-access: <value in [disable, enable]>
           persistence: <value in [none, http-cookie, ssl-session-id]>
           portforward: <value in [disable, enable]>
           portmapping-type: <value in [1-to-1, m-to-n]>
           protocol: <value in [tcp, udp, sctp, ...]>
           realservers:
             -
                 client-ip: <value of string>
                 healthcheck: <value in [disable, enable, vip]>
                 holddown-interval: <value of integer>
                 http-host: <value of string>
                 ip: <value of string>
                 max-connections: <value of integer>
                 monitor: <value of string>
                 port: <value of integer>
                 seq: <value of integer>
                 status: <value in [active, standby, disable]>
                 weight: <value of integer>
                 address: <value of string>
                 id: <value of integer>
                 type: <value in [ip, address]>
           server-type: <value in [http, https, ssl, ...]>
           service: <value of string>
           src-filter: <value of string>
           srcintf-filter: <value of string>
           ssl-algorithm: <value in [high, medium, low, ...]>
           ssl-certificate: <value of string>
           ssl-cipher-suites:
             -
                 cipher: <value in [TLS-RSA-WITH-RC4-128-MD5, TLS-RSA-WITH-RC4-128-SHA, TLS-RSA-WITH-DES-CBC-SHA, ...]>
                 id: <value of integer>
                 versions:
                   - ssl-3.0
                   - tls-1.0
                   - tls-1.1
                   - tls-1.2
                   - tls-1.3
                 priority: <value of integer>
           ssl-client-fallback: <value in [disable, enable]>
           ssl-client-renegotiation: <value in [deny, allow, secure]>
           ssl-client-session-state-max: <value of integer>
           ssl-client-session-state-timeout: <value of integer>
           ssl-client-session-state-type: <value in [disable, time, count, ...]>
           ssl-dh-bits: <value in [768, 1024, 1536, ...]>
           ssl-hpkp: <value in [disable, enable, report-only]>
           ssl-hpkp-age: <value of integer>
           ssl-hpkp-backup: <value of string>
           ssl-hpkp-include-subdomains: <value in [disable, enable]>
           ssl-hpkp-primary: <value of string>
           ssl-hpkp-report-uri: <value of string>
           ssl-hsts: <value in [disable, enable]>
           ssl-hsts-age: <value of integer>
           ssl-hsts-include-subdomains: <value in [disable, enable]>
           ssl-http-location-conversion: <value in [disable, enable]>
           ssl-http-match-host: <value in [disable, enable]>
           ssl-max-version: <value in [ssl-3.0, tls-1.0, tls-1.1, ...]>
           ssl-min-version: <value in [ssl-3.0, tls-1.0, tls-1.1, ...]>
           ssl-mode: <value in [half, full]>
           ssl-pfs: <value in [require, deny, allow]>
           ssl-send-empty-frags: <value in [disable, enable]>
           ssl-server-algorithm: <value in [high, low, medium, ...]>
           ssl-server-max-version: <value in [ssl-3.0, tls-1.0, tls-1.1, ...]>
           ssl-server-min-version: <value in [ssl-3.0, tls-1.0, tls-1.1, ...]>
           ssl-server-session-state-max: <value of integer>
           ssl-server-session-state-timeout: <value of integer>
           ssl-server-session-state-type: <value in [disable, time, count, ...]>
           type: <value in [static-nat, load-balance, server-load-balance, ...]>
           uuid: <value of string>
           weblogic-server: <value in [disable, enable]>
           websphere-server: <value in [disable, enable]>
           http-redirect: <value in [disable, enable]>
           ssl-client-rekey-count: <value of integer>
           status: <value in [disable, enable]>

Return Values

Common return values are documented here, the following are the fields unique to this module:

Key Returned Description
request_url
string
always
The full url requested

Sample:
/sys/login/user
response_code
integer
always
The status of api request

response_message
string
always
The descriptive message of the api response

Sample:
OK.


Authors

  • Link Zheng (@chillancezen)
  • Jie Xue (@JieX19)
  • Frank Shen (@fshen01)
  • Hongbin Lu (@fgtdev-hblu)

© 2012–2018 Michael DeHaan
© 2018–2021 Red Hat, Inc.
Licensed under the GNU General Public License version 3.
https://docs.ansible.com/ansible/latest/collections/fortinet/fortimanager/fmgr_firewall_vip_dynamicmapping_module.html