fortinet.fortios.fortios_vpn_ssl_web_portal – Portal in Fortinet’s FortiOS and FortiGate.
Note
This plugin is part of the fortinet.fortios collection (version 1.1.8).
To install it use: ansible-galaxy collection install fortinet.fortios.
To use it in a playbook, specify: fortinet.fortios.fortios_vpn_ssl_web_portal.
New in version 2.8: of fortinet.fortios
Synopsis
- This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify vpn_ssl_web feature and portal category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.0
Requirements
The below requirements are needed on the host that executes this module.
- ansible>=2.9.0
Parameters
| Parameter | Choices/Defaults | Comments | ||||
|---|---|---|---|---|---|---|
| access_token  string  | Token-based authentication. Generated from GUI of Fortigate. | |||||
| state  string   added in 2.9 of fortinet.fortios  | 
 | Indicates whether to create or remove the object. This attribute was present already in previous version in a deeper level. It has been moved out to this outer level. | ||||
| vdom  string  | Default: "root" | Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. | ||||
| vpn_ssl_web_portal  dictionary  | Portal. | |||||
| allow_user_access  string  | 
 | Allow user access to SSL-VPN applications. | ||||
| auto_connect  string  | 
 | Enable/disable automatic connect by client when system is up. | ||||
| bookmark_group  list / elements=string  | Portal bookmark group. | |||||
| bookmarks  list / elements=string  | Bookmark table. | |||||
| additional_params  string  | Additional parameters. | |||||
| apptype  string  | 
 | Application type. | ||||
| description  string  | Description. | |||||
| folder  string  | Network shared file folder parameter. | |||||
| form_data  list / elements=string  | Form data. | |||||
| name  string / required  | Name. | |||||
| value  string  | Value. | |||||
| host  string  | Host name/IP parameter. | |||||
| listening_port  integer  | Listening port (0 - 65535). | |||||
| logon_password  string  | Logon password. | |||||
| logon_user  string  | Logon user. | |||||
| name  string / required  | Bookmark name. | |||||
| port  integer  | Remote port. | |||||
| remote_port  integer  | Remote port (0 - 65535). | |||||
| security  string  | 
 | Security mode for RDP connection. | ||||
| server_layout  string  | 
 | Server side keyboard layout. | ||||
| show_status_window  string  | 
 | Enable/disable showing of status window. | ||||
| sso  string  | 
 | Single Sign-On. | ||||
| sso_credential  string  | 
 | Single sign-on credentials. | ||||
| sso_credential_sent_once  string  | 
 | Single sign-on credentials are only sent once to remote server. | ||||
| sso_password  string  | SSO password. | |||||
| sso_username  string  | SSO user name. | |||||
| url  string  | URL parameter. | |||||
| name  string / required  | Bookmark group name. | |||||
| custom_lang  string  | Change the web portal display language. Overrides config system global set language. You can use config system custom-language and execute system custom-language to add custom language files. Source system.custom-language.name. | |||||
| customize_forticlient_download_url  string  | 
 | Enable support of customized download URL for FortiClient. | ||||
| display_bookmark  string  | 
 | Enable to display the web portal bookmark widget. | ||||
| display_connection_tools  string  | 
 | Enable to display the web portal connection tools widget. | ||||
| display_history  string  | 
 | Enable to display the web portal user login history widget. | ||||
| display_status  string  | 
 | Enable to display the web portal status widget. | ||||
| dns_server1  string  | IPv4 DNS server 1. | |||||
| dns_server2  string  | IPv4 DNS server 2. | |||||
| dns_suffix  string  | DNS suffix. | |||||
| exclusive_routing  string  | 
 | Enable/disable all traffic go through tunnel only. | ||||
| forticlient_download  string  | 
 | Enable/disable download option for FortiClient. | ||||
| forticlient_download_method  string  | 
 | FortiClient download method. | ||||
| heading  string  | Web portal heading message. | |||||
| host_check  string  | 
 | Type of host checking performed on endpoints. | ||||
| host_check_interval  integer  | Periodic host check interval. Value of 0 means disabled and host checking only happens when the endpoint connects. | |||||
| host_check_policy  list / elements=string  | One or more policies to require the endpoint to have specific security software. | |||||
| name  string / required  | Host check software list name. Source vpn.ssl.web.host-check-software.name. | |||||
| ip_mode  string  | 
 | Method by which users of this SSL-VPN tunnel obtain IP addresses. | ||||
| ip_pools  list / elements=string  | IPv4 firewall source address objects reserved for SSL-VPN tunnel mode clients. | |||||
| name  string / required  | Address name. Source firewall.address.name firewall.addrgrp.name. | |||||
| ipv6_dns_server1  string  | IPv6 DNS server 1. | |||||
| ipv6_dns_server2  string  | IPv6 DNS server 2. | |||||
| ipv6_exclusive_routing  string  | 
 | Enable/disable all IPv6 traffic go through tunnel only. | ||||
| ipv6_pools  list / elements=string  | IPv4 firewall source address objects reserved for SSL-VPN tunnel mode clients. | |||||
| name  string / required  | Address name. Source firewall.address6.name firewall.addrgrp6.name. | |||||
| ipv6_service_restriction  string  | 
 | Enable/disable IPv6 tunnel service restriction. | ||||
| ipv6_split_tunneling  string  | 
 | Enable/disable IPv6 split tunneling. | ||||
| ipv6_split_tunneling_routing_address  list / elements=string  | IPv6 SSL-VPN tunnel mode firewall address objects that override firewall policy destination addresses to control split-tunneling access. | |||||
| name  string / required  | Address name. Source firewall.address6.name firewall.addrgrp6.name. | |||||
| ipv6_tunnel_mode  string  | 
 | Enable/disable IPv6 SSL-VPN tunnel mode. | ||||
| ipv6_wins_server1  string  | IPv6 WINS server 1. | |||||
| ipv6_wins_server2  string  | IPv6 WINS server 2. | |||||
| keep_alive  string  | 
 | Enable/disable automatic reconnect for FortiClient connections. | ||||
| limit_user_logins  string  | 
 | Enable to limit each user to one SSL-VPN session at a time. | ||||
| mac_addr_action  string  | 
 | Client MAC address action. | ||||
| mac_addr_check  string  | 
 | Enable/disable MAC address host checking. | ||||
| mac_addr_check_rule  list / elements=string  | Client MAC address check rule. | |||||
| mac_addr_list  list / elements=string  | Client MAC address list. | |||||
| addr  string / required  | Client MAC address. | |||||
| mac_addr_mask  integer  | Client MAC address mask. | |||||
| name  string / required  | Client MAC address check rule name. | |||||
| macos_forticlient_download_url  string  | Download URL for Mac FortiClient. | |||||
| name  string / required  | Portal name. | |||||
| os_check  string  | 
 | Enable to let the FortiGate decide action based on client OS. | ||||
| os_check_list  list / elements=string  | SSL VPN OS checks. | |||||
| action  string  | 
 | OS check options. | ||||
| latest_patch_level  string  | Latest OS patch level. | |||||
| name  string / required  | Name. | |||||
| tolerance  integer  | OS patch level tolerance. | |||||
| redir_url  string  | Client login redirect URL. | |||||
| save_password  string  | 
 | Enable/disable FortiClient saving the user"s password. | ||||
| service_restriction  string  | 
 | Enable/disable tunnel service restriction. | ||||
| skip_check_for_unsupported_browser  string  | 
 | Enable to skip host check if browser does not support it. | ||||
| skip_check_for_unsupported_os  string  | 
 | Enable to skip host check if client OS does not support it. | ||||
| smb_ntlmv1_auth  string  | 
 | Enable support of NTLMv1 for Samba authentication. | ||||
| split_dns  list / elements=string  | Split DNS for SSL VPN. | |||||
| dns_server1  string  | DNS server 1. | |||||
| dns_server2  string  | DNS server 2. | |||||
| domains  string  | Split DNS domains used for SSL-VPN clients separated by comma(,). | |||||
| id  integer / required  | ID. | |||||
| ipv6_dns_server1  string  | IPv6 DNS server 1. | |||||
| ipv6_dns_server2  string  | IPv6 DNS server 2. | |||||
| split_tunneling  string  | 
 | Enable/disable IPv4 split tunneling. | ||||
| split_tunneling_routing_address  list / elements=string  | IPv4 SSL-VPN tunnel mode firewall address objects that override firewall policy destination addresses to control split-tunneling access. | |||||
| name  string / required  | Address name. Source firewall.address.name firewall.addrgrp.name. | |||||
| state  string  | 
 | Deprecated Starting with Ansible 2.9 we recommend using the top-level 'state' parameter. Indicates whether to create or remove the object. | ||||
| theme  string  | 
 | Web portal color scheme. | ||||
| tunnel_mode  string  | 
 | Enable/disable IPv4 SSL-VPN tunnel mode. | ||||
| user_bookmark  string  | 
 | Enable to allow web portal users to create their own bookmarks. | ||||
| user_group_bookmark  string  | 
 | Enable to allow web portal users to create bookmarks for all users in the same user group. | ||||
| web_mode  string  | 
 | Enable/disable SSL VPN web mode. | ||||
| windows_forticlient_download_url  string  | Download URL for Windows FortiClient. | |||||
| wins_server1  string  | IPv4 WINS server 1. | |||||
| wins_server2  string  | IPv4 WINS server 1. | |||||
Notes
Note
- Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks
Examples
- hosts: fortigates
  collections:
    - fortinet.fortios
  connection: httpapi
  vars:
   vdom: "root"
   ansible_httpapi_use_ssl: yes
   ansible_httpapi_validate_certs: no
   ansible_httpapi_port: 443
  tasks:
  - name: Portal.
    fortios_vpn_ssl_web_portal:
      vdom:  "{{ vdom }}"
      state: "present"
      access_token: "<your_own_value>"
      vpn_ssl_web_portal:
        allow_user_access: "web"
        auto_connect: "enable"
        bookmark_group:
         -
            bookmarks:
             -
                additional_params: "<your_own_value>"
                apptype: "citrix"
                description: "<your_own_value>"
                folder: "<your_own_value>"
                form_data:
                 -
                    name: "default_name_12"
                    value: "<your_own_value>"
                host: "<your_own_value>"
                listening_port: "15"
                logon_password: "<your_own_value>"
                logon_user: "<your_own_value>"
                name: "default_name_18"
                port: "19"
                remote_port: "20"
                security: "rdp"
                server_layout: "en-us-qwerty"
                show_status_window: "enable"
                sso: "disable"
                sso_credential: "sslvpn-login"
                sso_credential_sent_once: "enable"
                sso_password: "<your_own_value>"
                sso_username: "<your_own_value>"
                url: "myurl.com"
            name: "default_name_30"
        custom_lang: "<your_own_value> (source system.custom-language.name)"
        customize_forticlient_download_url: "enable"
        display_bookmark: "enable"
        display_connection_tools: "enable"
        display_history: "enable"
        display_status: "enable"
        dns_server1: "<your_own_value>"
        dns_server2: "<your_own_value>"
        dns_suffix: "<your_own_value>"
        exclusive_routing: "enable"
        forticlient_download: "enable"
        forticlient_download_method: "direct"
        heading: "<your_own_value>"
        host_check: "none"
        host_check_interval: "45"
        host_check_policy:
         -
            name: "default_name_47 (source vpn.ssl.web.host-check-software.name)"
        ip_mode: "range"
        ip_pools:
         -
            name: "default_name_50 (source firewall.address.name firewall.addrgrp.name)"
        ipv6_dns_server1: "<your_own_value>"
        ipv6_dns_server2: "<your_own_value>"
        ipv6_exclusive_routing: "enable"
        ipv6_pools:
         -
            name: "default_name_55 (source firewall.address6.name firewall.addrgrp6.name)"
        ipv6_service_restriction: "enable"
        ipv6_split_tunneling: "enable"
        ipv6_split_tunneling_routing_address:
         -
            name: "default_name_59 (source firewall.address6.name firewall.addrgrp6.name)"
        ipv6_tunnel_mode: "enable"
        ipv6_wins_server1: "<your_own_value>"
        ipv6_wins_server2: "<your_own_value>"
        keep_alive: "enable"
        limit_user_logins: "enable"
        mac_addr_action: "allow"
        mac_addr_check: "enable"
        mac_addr_check_rule:
         -
            mac_addr_list:
             -
                addr: "<your_own_value>"
            mac_addr_mask: "70"
            name: "default_name_71"
        macos_forticlient_download_url: "<your_own_value>"
        name: "default_name_73"
        os_check: "enable"
        os_check_list:
         -
            action: "deny"
            latest_patch_level: "<your_own_value>"
            name: "default_name_78"
            tolerance: "79"
        redir_url: "<your_own_value>"
        save_password: "enable"
        service_restriction: "enable"
        skip_check_for_unsupported_browser: "enable"
        skip_check_for_unsupported_os: "enable"
        smb_ntlmv1_auth: "enable"
        split_dns:
         -
            dns_server1: "<your_own_value>"
            dns_server2: "<your_own_value>"
            domains: "<your_own_value>"
            id:  "90"
            ipv6_dns_server1: "<your_own_value>"
            ipv6_dns_server2: "<your_own_value>"
        split_tunneling: "enable"
        split_tunneling_routing_address:
         -
            name: "default_name_95 (source firewall.address.name firewall.addrgrp.name)"
        theme: "blue"
        tunnel_mode: "enable"
        user_bookmark: "enable"
        user_group_bookmark: "enable"
        web_mode: "enable"
        windows_forticlient_download_url: "<your_own_value>"
        wins_server1: "<your_own_value>"
        wins_server2: "<your_own_value>"
   Return Values
Common return values are documented here, the following are the fields unique to this module:
| Key | Returned | Description | 
|---|---|---|
| build  string  | always | Build number of the fortigate image Sample: 1547 | 
| http_method  string  | always | Last method used to provision the content into FortiGate Sample: PUT | 
| http_status  string  | always | Last result given by FortiGate on last operation applied Sample: 200 | 
| mkey  string  | success | Master key (id) used in the last call to FortiGate Sample: id | 
| name  string  | always | Name of the table used to fulfill the request Sample: urlfilter | 
| path  string  | always | Path of the table used to fulfill the request Sample: webfilter | 
| revision  string  | always | Internal revision number Sample: 17.0.2.10658 | 
| serial  string  | always | Serial number of the unit Sample: FGVMEVYYQT3AB5352 | 
| status  string  | always | Indication of the operation's result Sample: success | 
| vdom  string  | always | Virtual domain used Sample: root | 
| version  string  | always | Version of the FortiGate Sample: v5.6.3 | 
Authors
- Link Zheng (@chillancezen)
- Jie Xue (@JieX19)
- Hongbin Lu (@fgtdev-hblu)
- Frank Shen (@frankshen01)
- Miguel Angel Munoz (@mamunozgonzalez)
- Nicolas Thomas (@thomnico)
    © 2012–2018 Michael DeHaan
© 2018–2019 Red Hat, Inc.
Licensed under the GNU General Public License version 3.
    https://docs.ansible.com/ansible/2.10/collections/fortinet/fortios/fortios_vpn_ssl_web_portal_module.html