New in version 2.8.
The below requirements are needed on the host that executes this module.
Parameter | Choices/Defaults | Comments | ||||
---|---|---|---|---|---|---|
host
-
/ required
|
FortiOS or FortiGate ip address.
|
|||||
https
boolean
|
|
Indicates if the requests towards FortiGate must use HTTPS protocol
|
||||
password
-
|
Default: ""
|
FortiOS or FortiGate password.
|
||||
username
-
/ required
|
FortiOS or FortiGate username.
|
|||||
vdom
-
|
Default: "root"
|
Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit.
|
||||
vpn_ssl_web_portal
-
|
Default: null
|
Portal.
|
||||
allow-user-access
-
|
|
Allow user access to SSL-VPN applications.
|
||||
auto-connect
-
|
|
Enable/disable automatic connect by client when system is up.
|
||||
bookmark-group
-
|
Portal bookmark group.
|
|||||
bookmarks
-
|
Bookmark table.
|
|||||
additional-params
-
|
Additional parameters.
|
|||||
apptype
-
|
|
Application type.
|
||||
description
-
|
Description.
|
|||||
folder
-
|
Network shared file folder parameter.
|
|||||
form-data
-
|
Form data.
|
|||||
name
-
/ required
|
Name.
|
|||||
value
-
|
Value.
|
|||||
host
-
|
Host name/IP parameter.
|
|||||
listening-port
-
|
Listening port (0 - 65535).
|
|||||
load-balancing-info
-
|
The load balancing information or cookie which should be provided to the connection broker.
|
|||||
logon-password
-
|
Logon password.
|
|||||
logon-user
-
|
Logon user.
|
|||||
name
-
/ required
|
Bookmark name.
|
|||||
port
-
|
Remote port.
|
|||||
preconnection-blob
-
|
An arbitrary string which identifies the RDP source.
|
|||||
preconnection-id
-
|
The numeric ID of the RDP source (0-2147483648).
|
|||||
remote-port
-
|
Remote port (0 - 65535).
|
|||||
security
-
|
|
Security mode for RDP connection.
|
||||
server-layout
-
|
|
Server side keyboard layout.
|
||||
show-status-window
-
|
|
Enable/disable showing of status window.
|
||||
sso
-
|
|
Single Sign-On.
|
||||
sso-credential
-
|
|
Single sign-on credentials.
|
||||
sso-credential-sent-once
-
|
|
Single sign-on credentials are only sent once to remote server.
|
||||
sso-password
-
|
SSO password.
|
|||||
sso-username
-
|
SSO user name.
|
|||||
url
-
|
URL parameter.
|
|||||
name
-
/ required
|
Bookmark group name.
|
|||||
custom-lang
-
|
Change the web portal display language. Overrides config system global set language. You can use config system custom-language and execute system custom-language to add custom language files. Source system.custom-language.name.
|
|||||
customize-forticlient-download-url
-
|
|
Enable support of customized download URL for FortiClient.
|
||||
display-bookmark
-
|
|
Enable to display the web portal bookmark widget.
|
||||
display-connection-tools
-
|
|
Enable to display the web portal connection tools widget.
|
||||
display-history
-
|
|
Enable to display the web portal user login history widget.
|
||||
display-status
-
|
|
Enable to display the web portal status widget.
|
||||
dns-server1
-
|
IPv4 DNS server 1.
|
|||||
dns-server2
-
|
IPv4 DNS server 2.
|
|||||
dns-suffix
-
|
DNS suffix.
|
|||||
exclusive-routing
-
|
|
Enable/disable all traffic go through tunnel only.
|
||||
forticlient-download
-
|
|
Enable/disable download option for FortiClient.
|
||||
forticlient-download-method
-
|
|
FortiClient download method.
|
||||
heading
-
|
Web portal heading message.
|
|||||
hide-sso-credential
-
|
|
Enable to prevent SSO credential being sent to client.
|
||||
host-check
-
|
|
Type of host checking performed on endpoints.
|
||||
host-check-interval
-
|
Periodic host check interval. Value of 0 means disabled and host checking only happens when the endpoint connects.
|
|||||
host-check-policy
-
|
One or more policies to require the endpoint to have specific security software.
|
|||||
name
-
/ required
|
Host check software list name. Source vpn.ssl.web.host-check-software.name.
|
|||||
ip-mode
-
|
|
Method by which users of this SSL-VPN tunnel obtain IP addresses.
|
||||
ip-pools
-
|
IPv4 firewall source address objects reserved for SSL-VPN tunnel mode clients.
|
|||||
name
-
/ required
|
Address name. Source firewall.address.name firewall.addrgrp.name.
|
|||||
ipv6-dns-server1
-
|
IPv6 DNS server 1.
|
|||||
ipv6-dns-server2
-
|
IPv6 DNS server 2.
|
|||||
ipv6-exclusive-routing
-
|
|
Enable/disable all IPv6 traffic go through tunnel only.
|
||||
ipv6-pools
-
|
IPv4 firewall source address objects reserved for SSL-VPN tunnel mode clients.
|
|||||
name
-
/ required
|
Address name. Source firewall.address6.name firewall.addrgrp6.name.
|
|||||
ipv6-service-restriction
-
|
|
Enable/disable IPv6 tunnel service restriction.
|
||||
ipv6-split-tunneling
-
|
|
Enable/disable IPv6 split tunneling.
|
||||
ipv6-split-tunneling-routing-address
-
|
IPv6 SSL-VPN tunnel mode firewall address objects that override firewall policy destination addresses to control split-tunneling access.
|
|||||
name
-
/ required
|
Address name. Source firewall.address6.name firewall.addrgrp6.name.
|
|||||
ipv6-tunnel-mode
-
|
|
Enable/disable IPv6 SSL-VPN tunnel mode.
|
||||
ipv6-wins-server1
-
|
IPv6 WINS server 1.
|
|||||
ipv6-wins-server2
-
|
IPv6 WINS server 2.
|
|||||
keep-alive
-
|
|
Enable/disable automatic reconnect for FortiClient connections.
|
||||
limit-user-logins
-
|
|
Enable to limit each user to one SSL-VPN session at a time.
|
||||
mac-addr-action
-
|
|
Client MAC address action.
|
||||
mac-addr-check
-
|
|
Enable/disable MAC address host checking.
|
||||
mac-addr-check-rule
-
|
Client MAC address check rule.
|
|||||
mac-addr-list
-
|
Client MAC address list.
|
|||||
addr
-
/ required
|
Client MAC address.
|
|||||
mac-addr-mask
-
|
Client MAC address mask.
|
|||||
name
-
/ required
|
Client MAC address check rule name.
|
|||||
macos-forticlient-download-url
-
|
Download URL for Mac FortiClient.
|
|||||
name
-
/ required
|
Portal name.
|
|||||
os-check
-
|
|
Enable to let the FortiGate decide action based on client OS.
|
||||
os-check-list
-
|
SSL VPN OS checks.
|
|||||
action
-
|
|
OS check options.
|
||||
latest-patch-level
-
|
Latest OS patch level.
|
|||||
name
-
/ required
|
Name.
|
|||||
tolerance
-
|
OS patch level tolerance.
|
|||||
redir-url
-
|
Client login redirect URL.
|
|||||
save-password
-
|
|
Enable/disable FortiClient saving the user's password.
|
||||
service-restriction
-
|
|
Enable/disable tunnel service restriction.
|
||||
skip-check-for-unsupported-browser
-
|
|
Enable to skip host check if browser does not support it.
|
||||
skip-check-for-unsupported-os
-
|
|
Enable to skip host check if client OS does not support it.
|
||||
smb-ntlmv1-auth
-
|
|
Enable support of NTLMv1 for Samba authentication.
|
||||
smbv1
-
|
|
Enable/disable support of SMBv1 for Samba.
|
||||
split-dns
-
|
Split DNS for SSL VPN.
|
|||||
dns-server1
-
|
DNS server 1.
|
|||||
dns-server2
-
|
DNS server 2.
|
|||||
domains
-
|
Split DNS domains used for SSL-VPN clients separated by comma(,).
|
|||||
id
-
/ required
|
ID.
|
|||||
ipv6-dns-server1
-
|
IPv6 DNS server 1.
|
|||||
ipv6-dns-server2
-
|
IPv6 DNS server 2.
|
|||||
split-tunneling
-
|
|
Enable/disable IPv4 split tunneling.
|
||||
split-tunneling-routing-address
-
|
IPv4 SSL-VPN tunnel mode firewall address objects that override firewall policy destination addresses to control split-tunneling access.
|
|||||
name
-
/ required
|
Address name. Source firewall.address.name firewall.addrgrp.name.
|
|||||
state
-
|
|
Indicates whether to create or remove the object
|
||||
theme
-
|
|
Web portal color scheme.
|
||||
tunnel-mode
-
|
|
Enable/disable IPv4 SSL-VPN tunnel mode.
|
||||
user-bookmark
-
|
|
Enable to allow web portal users to create their own bookmarks.
|
||||
user-group-bookmark
-
|
|
Enable to allow web portal users to create bookmarks for all users in the same user group.
|
||||
web-mode
-
|
|
Enable/disable SSL VPN web mode.
|
||||
windows-forticlient-download-url
-
|
Download URL for Windows FortiClient.
|
|||||
wins-server1
-
|
IPv4 WINS server 1.
|
|||||
wins-server2
-
|
IPv4 WINS server 1.
|
Note
- hosts: localhost
vars:
host: "192.168.122.40"
username: "admin"
password: ""
vdom: "root"
tasks:
- name: Portal.
fortios_vpn_ssl_web_portal:
host: "{{ host }}"
username: "{{ username }}"
password: "{{ password }}"
vdom: "{{ vdom }}"
https: "False"
vpn_ssl_web_portal:
state: "present"
allow-user-access: "web"
auto-connect: "enable"
bookmark-group:
-
bookmarks:
-
additional-params: "<your_own_value>"
apptype: "citrix"
description: "<your_own_value>"
folder: "<your_own_value>"
form-data:
-
name: "default_name_12"
value: "<your_own_value>"
host: "<your_own_value>"
listening-port: "15"
load-balancing-info: "<your_own_value>"
logon-password: "<your_own_value>"
logon-user: "<your_own_value>"
name: "default_name_19"
port: "20"
preconnection-blob: "<your_own_value>"
preconnection-id: "22"
remote-port: "23"
security: "rdp"
server-layout: "de-de-qwertz"
show-status-window: "enable"
sso: "disable"
sso-credential: "sslvpn-login"
sso-credential-sent-once: "enable"
sso-password: "<your_own_value>"
sso-username: "<your_own_value>"
url: "myurl.com"
name: "default_name_33"
custom-lang: "<your_own_value> (source system.custom-language.name)"
customize-forticlient-download-url: "enable"
display-bookmark: "enable"
display-connection-tools: "enable"
display-history: "enable"
display-status: "enable"
dns-server1: "<your_own_value>"
dns-server2: "<your_own_value>"
dns-suffix: "<your_own_value>"
exclusive-routing: "enable"
forticlient-download: "enable"
forticlient-download-method: "direct"
heading: "<your_own_value>"
hide-sso-credential: "enable"
host-check: "none"
host-check-interval: "49"
host-check-policy:
-
name: "default_name_51 (source vpn.ssl.web.host-check-software.name)"
ip-mode: "range"
ip-pools:
-
name: "default_name_54 (source firewall.address.name firewall.addrgrp.name)"
ipv6-dns-server1: "<your_own_value>"
ipv6-dns-server2: "<your_own_value>"
ipv6-exclusive-routing: "enable"
ipv6-pools:
-
name: "default_name_59 (source firewall.address6.name firewall.addrgrp6.name)"
ipv6-service-restriction: "enable"
ipv6-split-tunneling: "enable"
ipv6-split-tunneling-routing-address:
-
name: "default_name_63 (source firewall.address6.name firewall.addrgrp6.name)"
ipv6-tunnel-mode: "enable"
ipv6-wins-server1: "<your_own_value>"
ipv6-wins-server2: "<your_own_value>"
keep-alive: "enable"
limit-user-logins: "enable"
mac-addr-action: "allow"
mac-addr-check: "enable"
mac-addr-check-rule:
-
mac-addr-list:
-
addr: "<your_own_value>"
mac-addr-mask: "74"
name: "default_name_75"
macos-forticlient-download-url: "<your_own_value>"
name: "default_name_77"
os-check: "enable"
os-check-list:
-
action: "deny"
latest-patch-level: "<your_own_value>"
name: "default_name_82"
tolerance: "83"
redir-url: "<your_own_value>"
save-password: "enable"
service-restriction: "enable"
skip-check-for-unsupported-browser: "enable"
skip-check-for-unsupported-os: "enable"
smb-ntlmv1-auth: "enable"
smbv1: "enable"
split-dns:
-
dns-server1: "<your_own_value>"
dns-server2: "<your_own_value>"
domains: "<your_own_value>"
id: "95"
ipv6-dns-server1: "<your_own_value>"
ipv6-dns-server2: "<your_own_value>"
split-tunneling: "enable"
split-tunneling-routing-address:
-
name: "default_name_100 (source firewall.address.name firewall.addrgrp.name)"
theme: "blue"
tunnel-mode: "enable"
user-bookmark: "enable"
user-group-bookmark: "enable"
web-mode: "enable"
windows-forticlient-download-url: "<your_own_value>"
wins-server1: "<your_own_value>"
wins-server2: "<your_own_value>"
Common return values are documented here, the following are the fields unique to this module:
Key | Returned | Description |
---|---|---|
build
string
|
always |
Build number of the fortigate image
Sample:
1547
|
http_method
string
|
always |
Last method used to provision the content into FortiGate
Sample:
PUT
|
http_status
string
|
always |
Last result given by FortiGate on last operation applied
Sample:
200
|
mkey
string
|
success |
Master key (id) used in the last call to FortiGate
Sample:
id
|
name
string
|
always |
Name of the table used to fulfill the request
Sample:
urlfilter
|
path
string
|
always |
Path of the table used to fulfill the request
Sample:
webfilter
|
revision
string
|
always |
Internal revision number
Sample:
17.0.2.10658
|
serial
string
|
always |
Serial number of the unit
Sample:
FGVMEVYYQT3AB5352
|
status
string
|
always |
Indication of the operation's result
Sample:
success
|
vdom
string
|
always |
Virtual domain used
Sample:
root
|
version
string
|
always |
Version of the FortiGate
Sample:
v5.6.3
|
Hint
If you notice any issues in this documentation you can edit this document to improve it.