fortinet.fortimanager.fmgr_firewall_sslsshprofile_obj – Configure SSL/SSH protocol options.

Note

This plugin is part of the fortinet.fortimanager collection (version 1.0.5).

To install it use: ansible-galaxy collection install fortinet.fortimanager.

To use it in a playbook, specify: fortinet.fortimanager.fmgr_firewall_sslsshprofile_obj.

New in version 2.10: of fortinet.fortimanager

Synopsis

  • This module is able to configure a FortiManager device by allowing the user to [ clone delete get set update ] the following apis.
  • /pm/config/adom/{adom}/obj/firewall/ssl-ssh-profile/{ssl-ssh-profile}
  • /pm/config/global/obj/firewall/ssl-ssh-profile/{ssl-ssh-profile}
  • Examples include all parameters and values need to be adjusted to data sources before usage.

Parameters

Parameter Choices/Defaults Comments
loose_validation
boolean
    Choices:
  • no
  • yes
Do parameter validation in a loose way
method
string / required
    Choices:
  • clone
  • delete
  • get
  • set
  • update
The method in request
params
list / elements=string
The parameters for each method
See full parameters list in https://ansible-galaxy-fortimanager-docs.readthedocs.io/en/latest
url_params
dictionary
The parameters for each API request URL
Also see full URL parameters in https://ansible-galaxy-fortimanager-docs.readthedocs.io/en/latest
workspace_locking_adom
string
the adom name to lock in case FortiManager running in workspace mode
it can be global or any other custom adom names
workspace_locking_timeout
integer
Default:
300
the maximum time in seconds to wait for other user to release the workspace lock

Notes

Note

  • There are only three top-level parameters where ‘method’ is always required while other two ‘params’ and ‘url_params’ can be optional
  • Due to the complexity of fortimanager api schema, the validation is done out of Ansible native parameter validation procedure.
  • The syntax of OPTIONS doen not comply with the standard Ansible argument specification, but with the structure of fortimanager API schema, we need a trivial transformation when we are filling the ansible playbook

Examples

- hosts: fortimanager-inventory
  collections:
    - fortinet.fortimanager
  connection: httpapi
  vars:
     ansible_httpapi_use_ssl: True
     ansible_httpapi_validate_certs: False
     ansible_httpapi_port: 443
  tasks:

   - name: REQUESTING /PM/CONFIG/OBJ/FIREWALL/SSL-SSH-PROFILE/{SSL-SSH-PROFILE}
     fmgr_firewall_sslsshprofile_obj:
        loose_validation: False
        workspace_locking_adom: <value in [global, custom adom]>
        workspace_locking_timeout: 300
        method: <value in [clone, set, update]>
        url_params:
           adom: <value in [none, global, custom dom]>
           ssl-ssh-profile: <value of string>
        params:
           -
              data:
                 caname: <value of string>
                 comment: <value of string>
                 mapi-over-https: <value in [disable, enable]>
                 name: <value of string>
                 rpc-over-https: <value in [disable, enable]>
                 server-cert: <value of string>
                 server-cert-mode: <value in [re-sign, replace]>
                 ssl-anomalies-log: <value in [disable, enable]>
                 ssl-exempt:
                   -
                       address: <value of string>
                       address6: <value of string>
                       fortiguard-category: <value of string>
                       id: <value of integer>
                       regex: <value of string>
                       type: <value in [fortiguard-category, address, address6, ...]>
                       wildcard-fqdn: <value of string>
                 ssl-exemptions-log: <value in [disable, enable]>
                 ssl-server:
                   -
                       ftps-client-cert-request: <value in [bypass, inspect, block]>
                       https-client-cert-request: <value in [bypass, inspect, block]>
                       id: <value of integer>
                       imaps-client-cert-request: <value in [bypass, inspect, block]>
                       ip: <value of string>
                       pop3s-client-cert-request: <value in [bypass, inspect, block]>
                       smtps-client-cert-request: <value in [bypass, inspect, block]>
                       ssl-other-client-cert-request: <value in [bypass, inspect, block]>
                 untrusted-caname: <value of string>
                 use-ssl-server: <value in [disable, enable]>
                 whitelist: <value in [disable, enable]>

   - name: REQUESTING /PM/CONFIG/OBJ/FIREWALL/SSL-SSH-PROFILE/{SSL-SSH-PROFILE}
     fmgr_firewall_sslsshprofile_obj:
        loose_validation: False
        workspace_locking_adom: <value in [global, custom adom]>
        workspace_locking_timeout: 300
        method: <value in [get]>
        url_params:
           adom: <value in [none, global, custom dom]>
           ssl-ssh-profile: <value of string>
        params:
           -
              option: <value in [object member, chksum, datasrc]>

Return Values

Common return values are documented here, the following are the fields unique to this module:

Key Returned Description
data
dictionary
always
The payload returned in the request
status
dictionary
always
The status of api request
url
string
always
The full url requested

Sample:
/sys/login/user


Authors

  • Frank Shen (@fshen01)
  • Link Zheng (@zhengl)

© 2012–2018 Michael DeHaan
© 2018–2019 Red Hat, Inc.
Licensed under the GNU General Public License version 3.
https://docs.ansible.com/ansible/2.10/collections/fortinet/fortimanager/fmgr_firewall_sslsshprofile_obj_module.html