Fortinet Firewall Object - Virtual IPs (#47637)

* PR Candidate

* PR Candidate - pylint fix

* PR Candidate minor pylint fix v2

* Fixed Odd type annotation -- needed double comments

* Missed one of the # type: comments in fixture...

* Fixing Edits. Nixing Stale CI Flag

* Fixing Edits.

* Fixed Authors -- Fixed Changes.

* Fixing pep8...

* Fixing a description

1 files changed, 2591 insertions, 0 deletions

diff --git a/lib/ansible/modules/network/fortimanager/fmgr_fwobj_vip.py b/lib/ansible/modules/network/fortimanager/fmgr_fwobj_vip.py
new file mode 100644
index 0000000000..65ab2d5c25
--- /dev/null
+++ b/lib/ansible/modules/network/fortimanager/fmgr_fwobj_vip.py
@@ -0,0 +1,2591 @@
+#!/usr/bin/python
+#
+# This file is part of Ansible
+#
+# Ansible is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# Ansible is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with Ansible.  If not, see <http://www.gnu.org/licenses/>.
+#
+
+from __future__ import absolute_import, division, print_function
+
+__metaclass__ = type
+
+ANSIBLE_METADATA = {'status': ['preview'],
+                    'supported_by': 'community',
+                    'metadata_version': '1.1'}
+
+DOCUMENTATION = '''
+---
+module: fmgr_fwobj_vip
+version_added: "2.8"
+author:
+    - Luke Weighall (@lweighall)
+    - Andrew Welsh (@Ghilli3)
+    - Jim Huber (@p4r4n0y1ng)
+short_description: Manages Virtual IPs objects in FortiManager
+description:
+  -  Manages Virtual IP objects in FortiManager for IPv4
+
+options:
+  adom:
+    description:
+      - The ADOM the configuration should belong to.
+    required: false
+    default: root
+
+  host:
+    description:
+      - The FortiManager's Address.
+    required: true
+
+  username:
+    description:
+      - The username associated with the account.
+    required: true
+
+  password:
+    description:
+      - The password associated with the username account.
+    required: true
+
+  mode:
+    description:
+      - Sets one of three modes for managing the object.
+      - Allows use of soft-adds instead of overwriting existing values
+    choices: ['add', 'set', 'delete', 'update']
+    required: false
+    default: add
+
+  websphere_server:
+    description:
+      - Enable to add an HTTP header to indicate SSL offloading for a WebSphere server.
+      - choice | disable | Do not add HTTP header indicating SSL offload for WebSphere server.
+      - choice | enable | Add HTTP header indicating SSL offload for WebSphere server.
+    required: false
+    choices: ["disable", "enable"]
+
+  weblogic_server:
+    description:
+      - Enable to add an HTTP header to indicate SSL offloading for a WebLogic server.
+      - choice | disable | Do not add HTTP header indicating SSL offload for WebLogic server.
+      - choice | enable | Add HTTP header indicating SSL offload for WebLogic server.
+    required: false
+    choices: ["disable", "enable"]
+
+  type:
+    description:
+      - Configure a static NAT, load balance, server load balance, DNS translation, or FQDN VIP.
+      - choice | static-nat | Static NAT.
+      - choice | load-balance | Load balance.
+      - choice | server-load-balance | Server load balance.
+      - choice | dns-translation | DNS translation.
+      - choice | fqdn | FQDN Translation
+    required: false
+    choices: ["static-nat", "load-balance", "server-load-balance", "dns-translation", "fqdn"]
+
+  ssl_server_session_state_type:
+    description:
+      - How to expire SSL sessions for the segment of the SSL connection between the server and the FortiGate.
+      - choice | disable | Do not keep session states.
+      - choice | time | Expire session states after this many minutes.
+      - choice | count | Expire session states when this maximum is reached.
+      - choice | both | Expire session states based on time or count, whichever occurs first.
+    required: false
+    choices: ["disable", "time", "count", "both"]
+
+  ssl_server_session_state_timeout:
+    description:
+      - Number of minutes to keep FortiGate to Server SSL session state.
+    required: false
+
+  ssl_server_session_state_max:
+    description:
+      - Maximum number of FortiGate to Server SSL session states to keep.
+    required: false
+
+  ssl_server_min_version:
+    description:
+      - Lowest SSL/TLS version acceptable from a server. Use the client setting by default.
+      - choice | ssl-3.0 | SSL 3.0.
+      - choice | tls-1.0 | TLS 1.0.
+      - choice | tls-1.1 | TLS 1.1.
+      - choice | tls-1.2 | TLS 1.2.
+      - choice | client | Use same value as client configuration.
+    required: false
+    choices: ["ssl-3.0", "tls-1.0", "tls-1.1", "tls-1.2", "client"]
+
+  ssl_server_max_version:
+    description:
+      - Highest SSL/TLS version acceptable from a server. Use the client setting by default.
+      - choice | ssl-3.0 | SSL 3.0.
+      - choice | tls-1.0 | TLS 1.0.
+      - choice | tls-1.1 | TLS 1.1.
+      - choice | tls-1.2 | TLS 1.2.
+      - choice | client | Use same value as client configuration.
+    required: false
+    choices: ["ssl-3.0", "tls-1.0", "tls-1.1", "tls-1.2", "client"]
+
+  ssl_server_algorithm:
+    description:
+      - Permitted encryption algorithms for the server side of SSL full mode sessions according to encryption strength
+      - choice | high | High encryption. Allow only AES and ChaCha.
+      - choice | low | Low encryption. Allow AES, ChaCha, 3DES, RC4, and DES.
+      - choice | medium | Medium encryption. Allow AES, ChaCha, 3DES, and RC4.
+      - choice | custom | Custom encryption. Use ssl-server-cipher-suites to select the cipher suites that are allowed.
+      - choice | client | Use the same encryption algorithms for both client and server sessions.
+    required: false
+    choices: ["high", "low", "medium", "custom", "client"]
+
+  ssl_send_empty_frags:
+    description:
+      - Enable/disable sending empty fragments to avoid CBC IV attacks (SSL 3.0 &amp; TLS 1.0 only).
+      - choice | disable | Do not send empty fragments.
+      - choice | enable | Send empty fragments.
+    required: false
+    choices: ["disable", "enable"]
+
+  ssl_pfs:
+    description:
+      - Select the cipher suites that can be used for SSL perfect forward secrecy (PFS).
+      - choice | require | Allow only Diffie-Hellman cipher-suites, so PFS is applied.
+      - choice | deny | Allow only non-Diffie-Hellman cipher-suites, so PFS is not applied.
+      - choice | allow | Allow use of any cipher suite so PFS may or may not be used depending on the cipher suite
+    required: false
+    choices: ["require", "deny", "allow"]
+
+  ssl_mode:
+    description:
+      - Apply SSL offloading mode
+      - choice | half | Client to FortiGate SSL.
+      - choice | full | Client to FortiGate and FortiGate to Server SSL.
+    required: false
+    choices: ["half", "full"]
+
+  ssl_min_version:
+    description:
+      - Lowest SSL/TLS version acceptable from a client.
+      - choice | ssl-3.0 | SSL 3.0.
+      - choice | tls-1.0 | TLS 1.0.
+      - choice | tls-1.1 | TLS 1.1.
+      - choice | tls-1.2 | TLS 1.2.
+    required: false
+    choices: ["ssl-3.0", "tls-1.0", "tls-1.1", "tls-1.2"]
+
+  ssl_max_version:
+    description:
+      - Highest SSL/TLS version acceptable from a client.
+      - choice | ssl-3.0 | SSL 3.0.
+      - choice | tls-1.0 | TLS 1.0.
+      - choice | tls-1.1 | TLS 1.1.
+      - choice | tls-1.2 | TLS 1.2.
+    required: false
+    choices: ["ssl-3.0", "tls-1.0", "tls-1.1", "tls-1.2"]
+
+  ssl_http_match_host:
+    description:
+      - Enable/disable HTTP host matching for location conversion.
+      - choice | disable | Do not match HTTP host.
+      - choice | enable | Match HTTP host in response header.
+    required: false
+    choices: ["disable", "enable"]
+
+  ssl_http_location_conversion:
+    description:
+      - Enable to replace HTTP with HTTPS in the reply's Location HTTP header field.
+      - choice | disable | Disable HTTP location conversion.
+      - choice | enable | Enable HTTP location conversion.
+    required: false
+    choices: ["disable", "enable"]
+
+  ssl_hsts_include_subdomains:
+    description:
+      - Indicate that HSTS header applies to all subdomains.
+      - choice | disable | HSTS header does not apply to subdomains.
+      - choice | enable | HSTS header applies to subdomains.
+    required: false
+    choices: ["disable", "enable"]
+
+  ssl_hsts_age:
+    description:
+      - Number of seconds the client should honour the HSTS setting.
+    required: false
+
+  ssl_hsts:
+    description:
+      - Enable/disable including HSTS header in response.
+      - choice | disable | Do not add a HSTS header to each a HTTP response.
+      - choice | enable | Add a HSTS header to each HTTP response.
+    required: false
+    choices: ["disable", "enable"]
+
+  ssl_hpkp_report_uri:
+    description:
+      - URL to report HPKP violations to.
+    required: false
+
+  ssl_hpkp_primary:
+    description:
+      - Certificate to generate primary HPKP pin from.
+    required: false
+
+  ssl_hpkp_include_subdomains:
+    description:
+      - Indicate that HPKP header applies to all subdomains.
+      - choice | disable | HPKP header does not apply to subdomains.
+      - choice | enable | HPKP header applies to subdomains.
+    required: false
+    choices: ["disable", "enable"]
+
+  ssl_hpkp_backup:
+    description:
+      - Certificate to generate backup HPKP pin from.
+    required: false
+
+  ssl_hpkp_age:
+    description:
+      - Number of seconds the client should honour the HPKP setting.
+    required: false
+
+  ssl_hpkp:
+    description:
+      - Enable/disable including HPKP header in response.
+      - choice | disable | Do not add a HPKP header to each HTTP response.
+      - choice | enable | Add a HPKP header to each a HTTP response.
+      - choice | report-only | Add a HPKP Report-Only header to each HTTP response.
+    required: false
+    choices: ["disable", "enable", "report-only"]
+
+  ssl_dh_bits:
+    description:
+      - Number of bits to use in the Diffie-Hellman exchange for RSA encryption of SSL sessions.
+      - choice | 768 | 768-bit Diffie-Hellman prime.
+      - choice | 1024 | 1024-bit Diffie-Hellman prime.
+      - choice | 1536 | 1536-bit Diffie-Hellman prime.
+      - choice | 2048 | 2048-bit Diffie-Hellman prime.
+      - choice | 3072 | 3072-bit Diffie-Hellman prime.
+      - choice | 4096 | 4096-bit Diffie-Hellman prime.
+    required: false
+    choices: ["768", "1024", "1536", "2048", "3072", "4096"]
+
+  ssl_client_session_state_type:
+    description:
+      - How to expire SSL sessions for the segment of the SSL connection between the client and the FortiGate.
+      - choice | disable | Do not keep session states.
+      - choice | time | Expire session states after this many minutes.
+      - choice | count | Expire session states when this maximum is reached.
+      - choice | both | Expire session states based on time or count, whichever occurs first.
+    required: false
+    choices: ["disable", "time", "count", "both"]
+
+  ssl_client_session_state_timeout:
+    description:
+      - Number of minutes to keep client to FortiGate SSL session state.
+    required: false
+
+  ssl_client_session_state_max:
+    description:
+      - Maximum number of client to FortiGate SSL session states to keep.
+    required: false
+
+  ssl_client_renegotiation:
+    description:
+      - Allow, deny, or require secure renegotiation of client sessions to comply with RFC 5746.
+      - choice | deny | Abort any client initiated SSL re-negotiation attempt.
+      - choice | allow | Allow a SSL client to renegotiate.
+      - choice | secure | Abort any client initiated SSL re-negotiation attempt that does not use RFC 5746.
+    required: false
+    choices: ["deny", "allow", "secure"]
+
+  ssl_client_fallback:
+    description:
+      - Enable/disable support for preventing Downgrade Attacks on client connections (RFC 7507).
+      - choice | disable | Disable.
+      - choice | enable | Enable.
+    required: false
+    choices: ["disable", "enable"]
+
+  ssl_certificate:
+    description:
+      - The name of the SSL certificate to use for SSL acceleration.
+    required: false
+
+  ssl_algorithm:
+    description:
+      - Permitted encryption algorithms for SSL sessions according to encryption strength.
+      - choice | high | High encryption. Allow only AES and ChaCha.
+      - choice | medium | Medium encryption. Allow AES, ChaCha, 3DES, and RC4.
+      - choice | low | Low encryption. Allow AES, ChaCha, 3DES, RC4, and DES.
+      - choice | custom | Custom encryption. Use config ssl-cipher-suites to select the cipher suites that are allow
+    required: false
+    choices: ["high", "medium", "low", "custom"]
+
+  srcintf_filter:
+    description:
+      - Interfaces to which the VIP applies. Separate the names with spaces.
+    required: false
+
+  src_filter:
+    description:
+      - Source address filter. Each address must be either an IP/subnet (x.x.x.x/n) or a range (x.x.x.x-y.y.y.y).
+      - Separate addresses with spaces.
+    required: false
+
+  service:
+    description:
+      - Service name.
+    required: false
+
+  server_type:
+    description:
+      - Protocol to be load balanced by the virtual server (also called the server load balance virtual IP).
+      - choice | http | HTTP
+      - choice | https | HTTPS
+      - choice | ssl | SSL
+      - choice | tcp | TCP
+      - choice | udp | UDP
+      - choice | ip | IP
+      - choice | imaps | IMAPS
+      - choice | pop3s | POP3S
+      - choice | smtps | SMTPS
+    required: false
+    choices: ["http", "https", "ssl", "tcp", "udp", "ip", "imaps", "pop3s", "smtps"]
+
+  protocol:
+    description:
+      - Protocol to use when forwarding packets.
+      - choice | tcp | TCP.
+      - choice | udp | UDP.
+      - choice | sctp | SCTP.
+      - choice | icmp | ICMP.
+    required: false
+    choices: ["tcp", "udp", "sctp", "icmp"]
+
+  portmapping_type:
+    description:
+      - Port mapping type.
+      - choice | 1-to-1 | One to one.
+      - choice | m-to-n | Many to many.
+    required: false
+    choices: ["1-to-1", "m-to-n"]
+
+  portforward:
+    description:
+      - Enable/disable port forwarding.
+      - choice | disable | Disable port forward.
+      - choice | enable | Enable port forward.
+    required: false
+    choices: ["disable", "enable"]
+
+  persistence:
+    description:
+      - Configure how to make sure that clients connect to the same server every time they make a request that is part
+      - of the same session.
+      - choice | none | None.
+      - choice | http-cookie | HTTP cookie.
+      - choice | ssl-session-id | SSL session ID.
+    required: false
+    choices: ["none", "http-cookie", "ssl-session-id"]
+
+  outlook_web_access:
+    description:
+      - Enable to add the Front-End-Https header for Microsoft Outlook Web Access.
+      - choice | disable | Disable Outlook Web Access support.
+      - choice | enable | Enable Outlook Web Access support.
+    required: false
+    choices: ["disable", "enable"]
+
+  nat_source_vip:
+    description:
+      - Enable to prevent unintended servers from using a virtual IP.
+      - Disable to use the actual IP address of the server as the source address.
+      - choice | disable | Do not force to NAT as VIP.
+      - choice | enable | Force to NAT as VIP.
+    required: false
+    choices: ["disable", "enable"]
+
+  name:
+    description:
+      - Virtual IP name.
+    required: false
+
+  monitor:
+    description:
+      - Name of the health check monitor to use when polling to determine a virtual server's connectivity status.
+    required: false
+
+  max_embryonic_connections:
+    description:
+      - Maximum number of incomplete connections.
+    required: false
+
+  mappedport:
+    description:
+      - Port number range on the destination network to which the external port number range is mapped.
+    required: false
+
+  mappedip:
+    description:
+      - IP address or address range on the destination network to which the external IP address is mapped.
+    required: false
+
+  mapped_addr:
+    description:
+      - Mapped FQDN address name.
+    required: false
+
+  ldb_method:
+    description:
+      - Method used to distribute sessions to real servers.
+      - choice | static | Distribute to server based on source IP.
+      - choice | round-robin | Distribute to server based round robin order.
+      - choice | weighted | Distribute to server based on weight.
+      - choice | least-session | Distribute to server with lowest session count.
+      - choice | least-rtt | Distribute to server with lowest Round-Trip-Time.
+      - choice | first-alive | Distribute to the first server that is alive.
+      - choice | http-host | Distribute to server based on host field in HTTP header.
+    required: false
+    choices: ["static", "round-robin", "weighted", "least-session", "least-rtt", "first-alive", "http-host"]
+
+  https_cookie_secure:
+    description:
+      - Enable/disable verification that inserted HTTPS cookies are secure.
+      - choice | disable | Do not mark cookie as secure, allow sharing between an HTTP and HTTPS connection.
+      - choice | enable | Mark inserted cookie as secure, cookie can only be used for HTTPS a connection.
+    required: false
+    choices: ["disable", "enable"]
+
+  http_multiplex:
+    description:
+      - Enable/disable HTTP multiplexing.
+      - choice | disable | Disable HTTP session multiplexing.
+      - choice | enable | Enable HTTP session multiplexing.
+    required: false
+    choices: ["disable", "enable"]
+
+  http_ip_header_name:
+    description:
+      - For HTTP multiplexing, enter a custom HTTPS header name. The orig client IP address is added to this header.
+      - If empty, X-Forwarded-For is used.
+    required: false
+
+  http_ip_header:
+    description:
+      - For HTTP multiplexing, enable to add the original client IP address in the XForwarded-For HTTP header.
+      - choice | disable | Disable adding HTTP header.
+      - choice | enable | Enable adding HTTP header.
+    required: false
+    choices: ["disable", "enable"]
+
+  http_cookie_share:
+    description:
+      - Control sharing of cookies across virtual servers. same-ip means a cookie from one virtual server can be used
+      - by another. Disable stops cookie sharing.
+      - choice | disable | Only allow HTTP cookie to match this virtual server.
+      - choice | same-ip | Allow HTTP cookie to match any virtual server with same IP.
+    required: false
+    choices: ["disable", "same-ip"]
+
+  http_cookie_path:
+    description:
+      - Limit HTTP cookie persistence to the specified path.
+    required: false
+
+  http_cookie_generation:
+    description:
+      - Generation of HTTP cookie to be accepted. Changing invalidates all existing cookies.
+    required: false
+
+  http_cookie_domain_from_host:
+    description:
+      - Enable/disable use of HTTP cookie domain from host field in HTTP.
+      - choice | disable | Disable use of HTTP cookie domain from host field in HTTP (use http-cooke-domain setting).
+      - choice | enable | Enable use of HTTP cookie domain from host field in HTTP.
+    required: false
+    choices: ["disable", "enable"]
+
+  http_cookie_domain:
+    description:
+      - Domain that HTTP cookie persistence should apply to.
+    required: false
+
+  http_cookie_age:
+    description:
+      - Time in minutes that client web browsers should keep a cookie. Default is 60 seconds. 0 = no time limit.
+    required: false
+
+  gratuitous_arp_interval:
+    description:
+      - Enable to have the VIP send gratuitous ARPs. 0=disabled. Set from 5 up to 8640000 seconds to enable.
+    required: false
+
+  extport:
+    description:
+      - Incoming port number range that you want to map to a port number range on the destination network.
+    required: false
+
+  extip:
+    description:
+      - IP address or address range on the external interface that you want to map to an address or address range on t
+      - he destination network.
+    required: false
+
+  extintf:
+    description:
+      - Interface connected to the source network that receives the packets that will be forwarded to the destination
+      - network.
+    required: false
+
+  extaddr:
+    description:
+      - External FQDN address name.
+    required: false
+
+  dns_mapping_ttl:
+    description:
+      - DNS mapping TTL (Set to zero to use TTL in DNS response, default = 0).
+    required: false
+
+  comment:
+    description:
+      - Comment.
+    required: false
+
+  color:
+    description:
+      - Color of icon on the GUI.
+    required: false
+
+  arp_reply:
+    description:
+      - Enable to respond to ARP requests for this virtual IP address. Enabled by default.
+      - choice | disable | Disable ARP reply.
+      - choice | enable | Enable ARP reply.
+    required: false
+    choices: ["disable", "enable"]
+
+  dynamic_mapping:
+    description:
+      - EXPERTS ONLY! KNOWLEDGE OF FMGR JSON API IS REQUIRED!
+      - List of multiple child objects to be added. Expects a list of dictionaries.
+      - Dictionaries must use FortiManager API parameters, not the ansible ones listed below.
+      - If submitted, all other prefixed sub-parameters ARE IGNORED.
+      - This object is MUTUALLY EXCLUSIVE with its options.
+      - We expect that you know what you are doing with these list parameters, and are leveraging the JSON API Guide.
+      - WHEN IN DOUBT, USE THE SUB OPTIONS BELOW INSTEAD TO CREATE OBJECTS WITH MULTIPLE TASKS
+    required: false
+
+  dynamic_mapping_arp_reply:
+    description:
+      - Dynamic Mapping Version of Suffixed Option Name. Sub-Table. Same Descriptions as Parent.
+      - choice | disable |
+      - choice | enable |
+    required: false
+    choices: ["disable", "enable"]
+
+  dynamic_mapping_color:
+    description:
+      - Dynamic Mapping Version of Suffixed Option Name. Sub-Table. Same Descriptions as Parent.
+    required: false
+
+  dynamic_mapping_comment:
+    description:
+      - Dynamic Mapping Version of Suffixed Option Name. Sub-Table. Same Descriptions as Parent.
+    required: false
+
+  dynamic_mapping_dns_mapping_ttl:
+    description:
+      - Dynamic Mapping Version of Suffixed Option Name. Sub-Table. Same Descriptions as Parent.
+    required: false
+
+  dynamic_mapping_extaddr:
+    description:
+      - Dynamic Mapping Version of Suffixed Option Name. Sub-Table. Same Descriptions as Parent.
+    required: false
+
+  dynamic_mapping_extintf:
+    description:
+      - Dynamic Mapping Version of Suffixed Option Name. Sub-Table. Same Descriptions as Parent.
+    required: false
+
+  dynamic_mapping_extip:
+    description:
+      - Dynamic Mapping Version of Suffixed Option Name. Sub-Table. Same Descriptions as Parent.
+    required: false
+
+  dynamic_mapping_extport:
+    description:
+      - Dynamic Mapping Version of Suffixed Option Name. Sub-Table. Same Descriptions as Parent.
+    required: false
+
+  dynamic_mapping_gratuitous_arp_interval:
+    description:
+      - Dynamic Mapping Version of Suffixed Option Name. Sub-Table. Same Descriptions as Parent.
+    required: false
+
+  dynamic_mapping_http_cookie_age:
+    description:
+      - Dynamic Mapping Version of Suffixed Option Name. Sub-Table. Same Descriptions as Parent.
+    required: false
+
+  dynamic_mapping_http_cookie_domain:
+    description:
+      - Dynamic Mapping Version of Suffixed Option Name. Sub-Table. Same Descriptions as Parent.
+    required: false
+
+  dynamic_mapping_http_cookie_domain_from_host:
+    description:
+      - Dynamic Mapping Version of Suffixed Option Name. Sub-Table. Same Descriptions as Parent.
+      - choice | disable |
+      - choice | enable |
+    required: false
+    choices: ["disable", "enable"]
+
+  dynamic_mapping_http_cookie_generation:
+    description:
+      - Dynamic Mapping Version of Suffixed Option Name. Sub-Table. Same Descriptions as Parent.
+    required: false
+
+  dynamic_mapping_http_cookie_path:
+    description:
+      - Dynamic Mapping Version of Suffixed Option Name. Sub-Table. Same Descriptions as Parent.
+    required: false
+
+  dynamic_mapping_http_cookie_share:
+    description:
+      - Dynamic Mapping Version of Suffixed Option Name. Sub-Table. Same Descriptions as Parent.
+      - choice | disable |
+      - choice | same-ip |
+    required: false
+    choices: ["disable", "same-ip"]
+
+  dynamic_mapping_http_ip_header:
+    description:
+      - Dynamic Mapping Version of Suffixed Option Name. Sub-Table. Same Descriptions as Parent.
+      - choice | disable |
+      - choice | enable |
+    required: false
+    choices: ["disable", "enable"]
+
+  dynamic_mapping_http_ip_header_name:
+    description:
+      - Dynamic Mapping Version of Suffixed Option Name. Sub-Table. Same Descriptions as Parent.
+    required: false
+
+  dynamic_mapping_http_multiplex:
+    description:
+      - Dynamic Mapping Version of Suffixed Option Name. Sub-Table. Same Descriptions as Parent.
+      - choice | disable |
+      - choice | enable |
+    required: false
+    choices: ["disable", "enable"]
+
+  dynamic_mapping_https_cookie_secure:
+    description:
+      - Dynamic Mapping Version of Suffixed Option Name. Sub-Table. Same Descriptions as Parent.
+      - choice | disable |
+      - choice | enable |
+    required: false
+    choices: ["disable", "enable"]
+
+  dynamic_mapping_ldb_method:
+    description:
+      - Dynamic Mapping Version of Suffixed Option Name. Sub-Table. Same Descriptions as Parent.
+      - choice | static |
+      - choice | round-robin |
+      - choice | weighted |
+      - choice | least-session |
+      - choice | least-rtt |
+      - choice | first-alive |
+      - choice | http-host |
+    required: false
+    choices: ["static", "round-robin", "weighted", "least-session", "least-rtt", "first-alive", "http-host"]
+
+  dynamic_mapping_mapped_addr:
+    description:
+      - Dynamic Mapping Version of Suffixed Option Name. Sub-Table. Same Descriptions as Parent.
+    required: false
+
+  dynamic_mapping_mappedip:
+    description:
+      - Dynamic Mapping Version of Suffixed Option Name. Sub-Table. Same Descriptions as Parent.
+    required: false
+
+  dynamic_mapping_mappedport:
+    description:
+      - Dynamic Mapping Version of Suffixed Option Name. Sub-Table. Same Descriptions as Parent.
+    required: false
+
+  dynamic_mapping_max_embryonic_connections:
+    description:
+      - Dynamic Mapping Version of Suffixed Option Name. Sub-Table. Same Descriptions as Parent.
+    required: false
+
+  dynamic_mapping_monitor:
+    description:
+      - Dynamic Mapping Version of Suffixed Option Name. Sub-Table. Same Descriptions as Parent.
+    required: false
+
+  dynamic_mapping_nat_source_vip:
+    description:
+      - Dynamic Mapping Version of Suffixed Option Name. Sub-Table. Same Descriptions as Parent.
+      - choice | disable |
+      - choice | enable |
+    required: false
+    choices: ["disable", "enable"]
+
+  dynamic_mapping_outlook_web_access:
+    description:
+      - Dynamic Mapping Version of Suffixed Option Name. Sub-Table. Same Descriptions as Parent.
+      - choice | disable |
+      - choice | enable |
+    required: false
+    choices: ["disable", "enable"]
+
+  dynamic_mapping_persistence:
+    description:
+      - Dynamic Mapping Version of Suffixed Option Name. Sub-Table. Same Descriptions as Parent.
+      - choice | none |
+      - choice | http-cookie |
+      - choice | ssl-session-id |
+    required: false
+    choices: ["none", "http-cookie", "ssl-session-id"]
+
+  dynamic_mapping_portforward:
+    description:
+      - Dynamic Mapping Version of Suffixed Option Name. Sub-Table. Same Descriptions as Parent.
+      - choice | disable |
+      - choice | enable |
+    required: false
+    choices: ["disable", "enable"]
+
+  dynamic_mapping_portmapping_type:
+    description:
+      - Dynamic Mapping Version of Suffixed Option Name. Sub-Table. Same Descriptions as Parent.
+      - choice | 1-to-1 |
+      - choice | m-to-n |
+    required: false
+    choices: ["1-to-1", "m-to-n"]
+
+  dynamic_mapping_protocol:
+    description:
+      - Dynamic Mapping Version of Suffixed Option Name. Sub-Table. Same Descriptions as Parent.
+      - choice | tcp |
+      - choice | udp |
+      - choice | sctp |
+      - choice | icmp |
+    required: false
+    choices: ["tcp", "udp", "sctp", "icmp"]
+
+  dynamic_mapping_server_type:
+    description:
+      - Dynamic Mapping Version of Suffixed Option Name. Sub-Table. Same Descriptions as Parent.
+      - choice | http |
+      - choice | https |
+      - choice | ssl |
+      - choice | tcp |
+      - choice | udp |
+      - choice | ip |
+      - choice | imaps |
+      - choice | pop3s |
+      - choice | smtps |
+    required: false
+    choices: ["http", "https", "ssl", "tcp", "udp", "ip", "imaps", "pop3s", "smtps"]
+
+  dynamic_mapping_service:
+    description:
+      - Dynamic Mapping Version of Suffixed Option Name. Sub-Table. Same Descriptions as Parent.
+    required: false
+
+  dynamic_mapping_src_filter:
+    description:
+      - Dynamic Mapping Version of Suffixed Option Name. Sub-Table. Same Descriptions as Parent.
+    required: false
+
+  dynamic_mapping_srcintf_filter:
+    description:
+      - Dynamic Mapping Version of Suffixed Option Name. Sub-Table. Same Descriptions as Parent.
+    required: false
+
+  dynamic_mapping_ssl_algorithm:
+    description:
+      - Dynamic Mapping Version of Suffixed Option Name. Sub-Table. Same Descriptions as Parent.
+      - choice | high |
+      - choice | medium |
+      - choice | low |
+      - choice | custom |
+    required: false
+    choices: ["high", "medium", "low", "custom"]
+
+  dynamic_mapping_ssl_certificate:
+    description:
+      - Dynamic Mapping Version of Suffixed Option Name. Sub-Table. Same Descriptions as Parent.
+    required: false
+
+  dynamic_mapping_ssl_client_fallback:
+    description:
+      - Dynamic Mapping Version of Suffixed Option Name. Sub-Table. Same Descriptions as Parent.
+      - choice | disable |
+      - choice | enable |
+    required: false
+    choices: ["disable", "enable"]
+
+  dynamic_mapping_ssl_client_renegotiation:
+    description:
+      - Dynamic Mapping Version of Suffixed Option Name. Sub-Table. Same Descriptions as Parent.
+      - choice | deny |
+      - choice | allow |
+      - choice | secure |
+    required: false
+    choices: ["deny", "allow", "secure"]
+
+  dynamic_mapping_ssl_client_session_state_max:
+    description:
+      - Dynamic Mapping Version of Suffixed Option Name. Sub-Table. Same Descriptions as Parent.
+    required: false
+
+  dynamic_mapping_ssl_client_session_state_timeout:
+    description:
+      - Dynamic Mapping Version of Suffixed Option Name. Sub-Table. Same Descriptions as Parent.
+    required: false
+
+  dynamic_mapping_ssl_client_session_state_type:
+    description:
+      - Dynamic Mapping Version of Suffixed Option Name. Sub-Table. Same Descriptions as Parent.
+      - choice | disable |
+      - choice | time |
+      - choice | count |
+      - choice | both |
+    required: false
+    choices: ["disable", "time", "count", "both"]
+
+  dynamic_mapping_ssl_dh_bits:
+    description:
+      - Dynamic Mapping Version of Suffixed Option Name. Sub-Table. Same Descriptions as Parent.
+      - choice | 768 |
+      - choice | 1024 |
+      - choice | 1536 |
+      - choice | 2048 |
+      - choice | 3072 |
+      - choice | 4096 |
+    required: false
+    choices: ["768", "1024", "1536", "2048", "3072", "4096"]
+
+  dynamic_mapping_ssl_hpkp:
+    description:
+      - Dynamic Mapping Version of Suffixed Option Name. Sub-Table. Same Descriptions as Parent.
+      - choice | disable |
+      - choice | enable |
+      - choice | report-only |
+    required: false
+    choices: ["disable", "enable", "report-only"]
+
+  dynamic_mapping_ssl_hpkp_age:
+    description:
+      - Dynamic Mapping Version of Suffixed Option Name. Sub-Table. Same Descriptions as Parent.
+    required: false
+
+  dynamic_mapping_ssl_hpkp_backup:
+    description:
+      - Dynamic Mapping Version of Suffixed Option Name. Sub-Table. Same Descriptions as Parent.
+    required: false
+
+  dynamic_mapping_ssl_hpkp_include_subdomains:
+    description:
+      - Dynamic Mapping Version of Suffixed Option Name. Sub-Table. Same Descriptions as Parent.
+      - choice | disable |
+      - choice | enable |
+    required: false
+    choices: ["disable", "enable"]
+
+  dynamic_mapping_ssl_hpkp_primary:
+    description:
+      - Dynamic Mapping Version of Suffixed Option Name. Sub-Table. Same Descriptions as Parent.
+    required: false
+
+  dynamic_mapping_ssl_hpkp_report_uri:
+    description:
+      - Dynamic Mapping Version of Suffixed Option Name. Sub-Table. Same Descriptions as Parent.
+    required: false
+
+  dynamic_mapping_ssl_hsts:
+    description:
+      - Dynamic Mapping Version of Suffixed Option Name. Sub-Table. Same Descriptions as Parent.
+      - choice | disable |
+      - choice | enable |
+    required: false
+    choices: ["disable", "enable"]
+
+  dynamic_mapping_ssl_hsts_age:
+    description:
+      - Dynamic Mapping Version of Suffixed Option Name. Sub-Table. Same Descriptions as Parent.
+    required: false
+
+  dynamic_mapping_ssl_hsts_include_subdomains:
+    description:
+      - Dynamic Mapping Version of Suffixed Option Name. Sub-Table. Same Descriptions as Parent.
+      - choice | disable |
+      - choice | enable |
+    required: false
+    choices: ["disable", "enable"]
+
+  dynamic_mapping_ssl_http_location_conversion:
+    description:
+      - Dynamic Mapping Version of Suffixed Option Name. Sub-Table. Same Descriptions as Parent.
+      - choice | disable |
+      - choice | enable |
+    required: false
+    choices: ["disable", "enable"]
+
+  dynamic_mapping_ssl_http_match_host:
+    description:
+      - Dynamic Mapping Version of Suffixed Option Name. Sub-Table. Same Descriptions as Parent.
+      - choice | disable |
+      - choice | enable |
+    required: false
+    choices: ["disable", "enable"]
+
+  dynamic_mapping_ssl_max_version:
+    description:
+      - Dynamic Mapping Version of Suffixed Option Name. Sub-Table. Same Descriptions as Parent.
+      - choice | ssl-3.0 |
+      - choice | tls-1.0 |
+      - choice | tls-1.1 |
+      - choice | tls-1.2 |
+    required: false
+    choices: ["ssl-3.0", "tls-1.0", "tls-1.1", "tls-1.2"]
+
+  dynamic_mapping_ssl_min_version:
+    description:
+      - Dynamic Mapping Version of Suffixed Option Name. Sub-Table. Same Descriptions as Parent.
+      - choice | ssl-3.0 |
+      - choice | tls-1.0 |
+      - choice | tls-1.1 |
+      - choice | tls-1.2 |
+    required: false
+    choices: ["ssl-3.0", "tls-1.0", "tls-1.1", "tls-1.2"]
+
+  dynamic_mapping_ssl_mode:
+    description:
+      - Dynamic Mapping Version of Suffixed Option Name. Sub-Table. Same Descriptions as Parent.
+      - choice | half |
+      - choice | full |
+    required: false
+    choices: ["half", "full"]
+
+  dynamic_mapping_ssl_pfs:
+    description:
+      - Dynamic Mapping Version of Suffixed Option Name. Sub-Table. Same Descriptions as Parent.
+      - choice | require |
+      - choice | deny |
+      - choice | allow |
+    required: false
+    choices: ["require", "deny", "allow"]
+
+  dynamic_mapping_ssl_send_empty_frags:
+    description:
+      - Dynamic Mapping Version of Suffixed Option Name. Sub-Table. Same Descriptions as Parent.
+      - choice | disable |
+      - choice | enable |
+    required: false
+    choices: ["disable", "enable"]
+
+  dynamic_mapping_ssl_server_algorithm:
+    description:
+      - Dynamic Mapping Version of Suffixed Option Name. Sub-Table. Same Descriptions as Parent.
+      - choice | high |
+      - choice | low |
+      - choice | medium |
+      - choice | custom |
+      - choice | client |
+    required: false
+    choices: ["high", "low", "medium", "custom", "client"]
+
+  dynamic_mapping_ssl_server_max_version:
+    description:
+      - Dynamic Mapping Version of Suffixed Option Name. Sub-Table. Same Descriptions as Parent.
+      - choice | ssl-3.0 |
+      - choice | tls-1.0 |
+      - choice | tls-1.1 |
+      - choice | tls-1.2 |
+      - choice | client |
+    required: false
+    choices: ["ssl-3.0", "tls-1.0", "tls-1.1", "tls-1.2", "client"]
+
+  dynamic_mapping_ssl_server_min_version:
+    description:
+      - Dynamic Mapping Version of Suffixed Option Name. Sub-Table. Same Descriptions as Parent.
+      - choice | ssl-3.0 |
+      - choice | tls-1.0 |
+      - choice | tls-1.1 |
+      - choice | tls-1.2 |
+      - choice | client |
+    required: false
+    choices: ["ssl-3.0", "tls-1.0", "tls-1.1", "tls-1.2", "client"]
+
+  dynamic_mapping_ssl_server_session_state_max:
+    description:
+      - Dynamic Mapping Version of Suffixed Option Name. Sub-Table. Same Descriptions as Parent.
+    required: false
+
+  dynamic_mapping_ssl_server_session_state_timeout:
+    description:
+      - Dynamic Mapping Version of Suffixed Option Name. Sub-Table. Same Descriptions as Parent.
+    required: false
+
+  dynamic_mapping_ssl_server_session_state_type:
+    description:
+      - Dynamic Mapping Version of Suffixed Option Name. Sub-Table. Same Descriptions as Parent.
+      - choice | disable |
+      - choice | time |
+      - choice | count |
+      - choice | both |
+    required: false
+    choices: ["disable", "time", "count", "both"]
+
+  dynamic_mapping_type:
+    description:
+      - Dynamic Mapping Version of Suffixed Option Name. Sub-Table. Same Descriptions as Parent.
+      - choice | static-nat |
+      - choice | load-balance |
+      - choice | server-load-balance |
+      - choice | dns-translation |
+      - choice | fqdn |
+    required: false
+    choices: ["static-nat", "load-balance", "server-load-balance", "dns-translation", "fqdn"]
+
+  dynamic_mapping_weblogic_server:
+    description:
+      - Dynamic Mapping Version of Suffixed Option Name. Sub-Table. Same Descriptions as Parent.
+      - choice | disable |
+      - choice | enable |
+    required: false
+    choices: ["disable", "enable"]
+
+  dynamic_mapping_websphere_server:
+    description:
+      - Dynamic Mapping Version of Suffixed Option Name. Sub-Table. Same Descriptions as Parent.
+      - choice | disable |
+      - choice | enable |
+    required: false
+    choices: ["disable", "enable"]
+
+  dynamic_mapping_realservers_client_ip:
+    description:
+      - Dynamic Mapping Version of Suffixed Option Name. Sub-Table. Same Descriptions as Parent.
+    required: false
+
+  dynamic_mapping_realservers_healthcheck:
+    description:
+      - Dynamic Mapping Version of Suffixed Option Name. Sub-Table. Same Descriptions as Parent.
+      - choice | disable |
+      - choice | enable |
+      - choice | vip |
+    required: false
+    choices: ["disable", "enable", "vip"]
+
+  dynamic_mapping_realservers_holddown_interval:
+    description:
+      - Dynamic Mapping Version of Suffixed Option Name. Sub-Table. Same Descriptions as Parent.
+    required: false
+
+  dynamic_mapping_realservers_http_host:
+    description:
+      - Dynamic Mapping Version of Suffixed Option Name. Sub-Table. Same Descriptions as Parent.
+    required: false
+
+  dynamic_mapping_realservers_ip:
+    description:
+      - Dynamic Mapping Version of Suffixed Option Name. Sub-Table. Same Descriptions as Parent.
+    required: false
+
+  dynamic_mapping_realservers_max_connections:
+    description:
+      - Dynamic Mapping Version of Suffixed Option Name. Sub-Table. Same Descriptions as Parent.
+    required: false
+
+  dynamic_mapping_realservers_monitor:
+    description:
+      - Dynamic Mapping Version of Suffixed Option Name. Sub-Table. Same Descriptions as Parent.
+    required: false
+
+  dynamic_mapping_realservers_port:
+    description:
+      - Dynamic Mapping Version of Suffixed Option Name. Sub-Table. Same Descriptions as Parent.
+    required: false
+
+  dynamic_mapping_realservers_seq:
+    description:
+      - Dynamic Mapping Version of Suffixed Option Name. Sub-Table. Same Descriptions as Parent.
+    required: false
+
+  dynamic_mapping_realservers_status:
+    description:
+      - Dynamic Mapping Version of Suffixed Option Name. Sub-Table. Same Descriptions as Parent.
+      - choice | active |
+      - choice | standby |
+      - choice | disable |
+    required: false
+    choices: ["active", "standby", "disable"]
+
+  dynamic_mapping_realservers_weight:
+    description:
+      - Dynamic Mapping Version of Suffixed Option Name. Sub-Table. Same Descriptions as Parent.
+    required: false
+
+  dynamic_mapping_ssl_cipher_suites_cipher:
+    description:
+      - Dynamic Mapping Version of Suffixed Option Name. Sub-Table. Same Descriptions as Parent.
+      - choice | TLS-RSA-WITH-RC4-128-MD5 |
+      - choice | TLS-RSA-WITH-RC4-128-SHA |
+      - choice | TLS-RSA-WITH-DES-CBC-SHA |
+      - choice | TLS-RSA-WITH-3DES-EDE-CBC-SHA |
+      - choice | TLS-RSA-WITH-AES-128-CBC-SHA |
+      - choice | TLS-RSA-WITH-AES-256-CBC-SHA |
+      - choice | TLS-RSA-WITH-AES-128-CBC-SHA256 |
+      - choice | TLS-RSA-WITH-AES-256-CBC-SHA256 |
+      - choice | TLS-RSA-WITH-CAMELLIA-128-CBC-SHA |
+      - choice | TLS-RSA-WITH-CAMELLIA-256-CBC-SHA |
+      - choice | TLS-RSA-WITH-CAMELLIA-128-CBC-SHA256 |
+      - choice | TLS-RSA-WITH-CAMELLIA-256-CBC-SHA256 |
+      - choice | TLS-RSA-WITH-SEED-CBC-SHA |
+      - choice | TLS-RSA-WITH-ARIA-128-CBC-SHA256 |
+      - choice | TLS-RSA-WITH-ARIA-256-CBC-SHA384 |
+      - choice | TLS-DHE-RSA-WITH-DES-CBC-SHA |
+      - choice | TLS-DHE-RSA-WITH-3DES-EDE-CBC-SHA |
+      - choice | TLS-DHE-RSA-WITH-AES-128-CBC-SHA |
+      - choice | TLS-DHE-RSA-WITH-AES-256-CBC-SHA |
+      - choice | TLS-DHE-RSA-WITH-AES-128-CBC-SHA256 |
+      - choice | TLS-DHE-RSA-WITH-AES-256-CBC-SHA256 |
+      - choice | TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA |
+      - choice | TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA |
+      - choice | TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA256 |
+      - choice | TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA256 |
+      - choice | TLS-DHE-RSA-WITH-SEED-CBC-SHA |
+      - choice | TLS-DHE-RSA-WITH-ARIA-128-CBC-SHA256 |
+      - choice | TLS-DHE-RSA-WITH-ARIA-256-CBC-SHA384 |
+      - choice | TLS-ECDHE-RSA-WITH-RC4-128-SHA |
+      - choice | TLS-ECDHE-RSA-WITH-3DES-EDE-CBC-SHA |
+      - choice | TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA |
+      - choice | TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA |
+      - choice | TLS-ECDHE-RSA-WITH-CHACHA20-POLY1305-SHA256 |
+      - choice | TLS-ECDHE-ECDSA-WITH-CHACHA20-POLY1305-SHA256 |
+      - choice | TLS-DHE-RSA-WITH-CHACHA20-POLY1305-SHA256 |
+      - choice | TLS-DHE-RSA-WITH-AES-128-GCM-SHA256 |
+      - choice | TLS-DHE-RSA-WITH-AES-256-GCM-SHA384 |
+      - choice | TLS-DHE-DSS-WITH-AES-128-CBC-SHA |
+      - choice | TLS-DHE-DSS-WITH-AES-256-CBC-SHA |
+      - choice | TLS-DHE-DSS-WITH-AES-128-CBC-SHA256 |
+      - choice | TLS-DHE-DSS-WITH-AES-128-GCM-SHA256 |
+      - choice | TLS-DHE-DSS-WITH-AES-256-CBC-SHA256 |
+      - choice | TLS-DHE-DSS-WITH-AES-256-GCM-SHA384 |
+      - choice | TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA256 |
+      - choice | TLS-ECDHE-RSA-WITH-AES-128-GCM-SHA256 |
+      - choice | TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA384 |
+      - choice | TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384 |
+      - choice | TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA |
+      - choice | TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA256 |
+      - choice | TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256 |
+      - choice | TLS-ECDHE-ECDSA-WITH-AES-256-CBC-SHA384 |
+      - choice | TLS-ECDHE-ECDSA-WITH-AES-256-GCM-SHA384 |
+      - choice | TLS-RSA-WITH-AES-128-GCM-SHA256 |
+      - choice | TLS-RSA-WITH-AES-256-GCM-SHA384 |
+      - choice | TLS-DHE-DSS-WITH-CAMELLIA-128-CBC-SHA |
+      - choice | TLS-DHE-DSS-WITH-CAMELLIA-256-CBC-SHA |
+      - choice | TLS-DHE-DSS-WITH-CAMELLIA-128-CBC-SHA256 |
+      - choice | TLS-DHE-DSS-WITH-CAMELLIA-256-CBC-SHA256 |
+      - choice | TLS-DHE-DSS-WITH-SEED-CBC-SHA |
+      - choice | TLS-DHE-DSS-WITH-ARIA-128-CBC-SHA256 |
+      - choice | TLS-DHE-DSS-WITH-ARIA-256-CBC-SHA384 |
+      - choice | TLS-ECDHE-RSA-WITH-ARIA-128-CBC-SHA256 |
+      - choice | TLS-ECDHE-RSA-WITH-ARIA-256-CBC-SHA384 |
+      - choice | TLS-ECDHE-ECDSA-WITH-ARIA-128-CBC-SHA256 |
+      - choice | TLS-ECDHE-ECDSA-WITH-ARIA-256-CBC-SHA384 |
+      - choice | TLS-DHE-DSS-WITH-3DES-EDE-CBC-SHA |
+      - choice | TLS-DHE-DSS-WITH-DES-CBC-SHA |
+    required: false
+    choices: ["TLS-RSA-WITH-RC4-128-MD5",
+                "TLS-RSA-WITH-RC4-128-SHA",
+                "TLS-RSA-WITH-DES-CBC-SHA",
+                "TLS-RSA-WITH-3DES-EDE-CBC-SHA",
+                "TLS-RSA-WITH-AES-128-CBC-SHA",
+                "TLS-RSA-WITH-AES-256-CBC-SHA",
+                "TLS-RSA-WITH-AES-128-CBC-SHA256",
+                "TLS-RSA-WITH-AES-256-CBC-SHA256",
+                "TLS-RSA-WITH-CAMELLIA-128-CBC-SHA",
+                "TLS-RSA-WITH-CAMELLIA-256-CBC-SHA",
+                "TLS-RSA-WITH-CAMELLIA-128-CBC-SHA256",
+                "TLS-RSA-WITH-CAMELLIA-256-CBC-SHA256",
+                "TLS-RSA-WITH-SEED-CBC-SHA",
+                "TLS-RSA-WITH-ARIA-128-CBC-SHA256",
+                "TLS-RSA-WITH-ARIA-256-CBC-SHA384",
+                "TLS-DHE-RSA-WITH-DES-CBC-SHA",
+                "TLS-DHE-RSA-WITH-3DES-EDE-CBC-SHA",
+                "TLS-DHE-RSA-WITH-AES-128-CBC-SHA",
+                "TLS-DHE-RSA-WITH-AES-256-CBC-SHA",
+                "TLS-DHE-RSA-WITH-AES-128-CBC-SHA256",
+                "TLS-DHE-RSA-WITH-AES-256-CBC-SHA256",
+                "TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA",
+                "TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA",
+                "TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA256",
+                "TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA256",
+                "TLS-DHE-RSA-WITH-SEED-CBC-SHA",
+                "TLS-DHE-RSA-WITH-ARIA-128-CBC-SHA256",
+                "TLS-DHE-RSA-WITH-ARIA-256-CBC-SHA384",
+                "TLS-ECDHE-RSA-WITH-RC4-128-SHA",
+                "TLS-ECDHE-RSA-WITH-3DES-EDE-CBC-SHA",
+                "TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA",
+                "TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA",
+                "TLS-ECDHE-RSA-WITH-CHACHA20-POLY1305-SHA256",
+                "TLS-ECDHE-ECDSA-WITH-CHACHA20-POLY1305-SHA256",
+                "TLS-DHE-RSA-WITH-CHACHA20-POLY1305-SHA256",
+                "TLS-DHE-RSA-WITH-AES-128-GCM-SHA256",
+                "TLS-DHE-RSA-WITH-AES-256-GCM-SHA384",
+                "TLS-DHE-DSS-WITH-AES-128-CBC-SHA",
+                "TLS-DHE-DSS-WITH-AES-256-CBC-SHA",
+                "TLS-DHE-DSS-WITH-AES-128-CBC-SHA256",
+                "TLS-DHE-DSS-WITH-AES-128-GCM-SHA256",
+                "TLS-DHE-DSS-WITH-AES-256-CBC-SHA256",
+                "TLS-DHE-DSS-WITH-AES-256-GCM-SHA384",
+                "TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA256",
+                "TLS-ECDHE-RSA-WITH-AES-128-GCM-SHA256",
+                "TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA384",
+                "TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384",
+                "TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA",
+                "TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA256",
+                "TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256",
+                "TLS-ECDHE-ECDSA-WITH-AES-256-CBC-SHA384",
+                "TLS-ECDHE-ECDSA-WITH-AES-256-GCM-SHA384",
+                "TLS-RSA-WITH-AES-128-GCM-SHA256",
+                "TLS-RSA-WITH-AES-256-GCM-SHA384",
+                "TLS-DHE-DSS-WITH-CAMELLIA-128-CBC-SHA",
+                "TLS-DHE-DSS-WITH-CAMELLIA-256-CBC-SHA",
+                "TLS-DHE-DSS-WITH-CAMELLIA-128-CBC-SHA256",
+                "TLS-DHE-DSS-WITH-CAMELLIA-256-CBC-SHA256",
+                "TLS-DHE-DSS-WITH-SEED-CBC-SHA",
+                "TLS-DHE-DSS-WITH-ARIA-128-CBC-SHA256",
+                "TLS-DHE-DSS-WITH-ARIA-256-CBC-SHA384",
+                "TLS-ECDHE-RSA-WITH-ARIA-128-CBC-SHA256",
+                "TLS-ECDHE-RSA-WITH-ARIA-256-CBC-SHA384",
+                "TLS-ECDHE-ECDSA-WITH-ARIA-128-CBC-SHA256",
+                "TLS-ECDHE-ECDSA-WITH-ARIA-256-CBC-SHA384",
+                "TLS-DHE-DSS-WITH-3DES-EDE-CBC-SHA",
+                "TLS-DHE-DSS-WITH-DES-CBC-SHA"]
+
+  dynamic_mapping_ssl_cipher_suites_versions:
+    description:
+      - Dynamic Mapping Version of Suffixed Option Name. Sub-Table. Same Descriptions as Parent.
+      - FLAG Based Options. Specify multiple in list form.
+      - flag | ssl-3.0 |
+      - flag | tls-1.0 |
+      - flag | tls-1.1 |
+      - flag | tls-1.2 |
+    required: false
+    choices: ["ssl-3.0", "tls-1.0", "tls-1.1", "tls-1.2"]
+
+  realservers:
+    description:
+      - EXPERTS ONLY! KNOWLEDGE OF FMGR JSON API IS REQUIRED!
+      - List of multiple child objects to be added. Expects a list of dictionaries.
+      - Dictionaries must use FortiManager API parameters, not the ansible ones listed below.
+      - If submitted, all other prefixed sub-parameters ARE IGNORED.
+      - This object is MUTUALLY EXCLUSIVE with its options.
+      - We expect that you know what you are doing with these list parameters, and are leveraging the JSON API Guide.
+      - WHEN IN DOUBT, USE THE SUB OPTIONS BELOW INSTEAD TO CREATE OBJECTS WITH MULTIPLE TASKS
+    required: false
+
+  realservers_client_ip:
+    description:
+      - Only clients in this IP range can connect to this real server.
+    required: false
+
+  realservers_healthcheck:
+    description:
+      - Enable to check the responsiveness of the real server before forwarding traffic.
+      - choice | disable | Disable per server health check.
+      - choice | enable | Enable per server health check.
+      - choice | vip | Use health check defined in VIP.
+    required: false
+    choices: ["disable", "enable", "vip"]
+
+  realservers_holddown_interval:
+    description:
+      - Time in seconds that the health check monitor monitors an unresponsive server that should be active.
+    required: false
+
+  realservers_http_host:
+    description:
+      - HTTP server domain name in HTTP header.
+    required: false
+
+  realservers_ip:
+    description:
+      - IP address of the real server.
+    required: false
+
+  realservers_max_connections:
+    description:
+      - Max number of active connections that can be directed to the real server. When reached, sessions are sent to
+      - their real servers.
+    required: false
+
+  realservers_monitor:
+    description:
+      - Name of the health check monitor to use when polling to determine a virtual server's connectivity status.
+    required: false
+
+  realservers_port:
+    description:
+      - Port for communicating with the real server. Required if port forwarding is enabled.
+    required: false
+
+  realservers_seq:
+    description:
+      - Real Server Sequence Number
+    required: false
+
+  realservers_status:
+    description:
+      - Set the status of the real server to active so that it can accept traffic.
+      - Or on standby or disabled so no traffic is sent.
+      - choice | active | Server status active.
+      - choice | standby | Server status standby.
+      - choice | disable | Server status disable.
+    required: false
+    choices: ["active", "standby", "disable"]
+
+  realservers_weight:
+    description:
+      - Weight of the real server. If weighted load balancing is enabled, the server with the highest weight gets more
+      - connections.
+    required: false
+
+  ssl_cipher_suites:
+    description:
+      - EXPERTS ONLY! KNOWLEDGE OF FMGR JSON API IS REQUIRED!
+      - List of multiple child objects to be added. Expects a list of dictionaries.
+      - Dictionaries must use FortiManager API parameters, not the ansible ones listed below.
+      - If submitted, all other prefixed sub-parameters ARE IGNORED.
+      - This object is MUTUALLY EXCLUSIVE with its options.
+      - We expect that you know what you are doing with these list parameters, and are leveraging the JSON API Guide.
+      - WHEN IN DOUBT, USE THE SUB OPTIONS BELOW INSTEAD TO CREATE OBJECTS WITH MULTIPLE TASKS
+    required: false
+
+  ssl_cipher_suites_cipher:
+    description:
+      - Cipher suite name.
+      - choice | TLS-RSA-WITH-RC4-128-MD5 | Cipher suite TLS-RSA-WITH-RC4-128-MD5.
+      - choice | TLS-RSA-WITH-RC4-128-SHA | Cipher suite TLS-RSA-WITH-RC4-128-SHA.
+      - choice | TLS-RSA-WITH-DES-CBC-SHA | Cipher suite TLS-RSA-WITH-DES-CBC-SHA.
+      - choice | TLS-RSA-WITH-3DES-EDE-CBC-SHA | Cipher suite TLS-RSA-WITH-3DES-EDE-CBC-SHA.
+      - choice | TLS-RSA-WITH-AES-128-CBC-SHA | Cipher suite TLS-RSA-WITH-AES-128-CBC-SHA.
+      - choice | TLS-RSA-WITH-AES-256-CBC-SHA | Cipher suite TLS-RSA-WITH-AES-256-CBC-SHA.
+      - choice | TLS-RSA-WITH-AES-128-CBC-SHA256 | Cipher suite TLS-RSA-WITH-AES-128-CBC-SHA256.
+      - choice | TLS-RSA-WITH-AES-256-CBC-SHA256 | Cipher suite TLS-RSA-WITH-AES-256-CBC-SHA256.
+      - choice | TLS-RSA-WITH-CAMELLIA-128-CBC-SHA | Cipher suite TLS-RSA-WITH-CAMELLIA-128-CBC-SHA.
+      - choice | TLS-RSA-WITH-CAMELLIA-256-CBC-SHA | Cipher suite TLS-RSA-WITH-CAMELLIA-256-CBC-SHA.
+      - choice | TLS-RSA-WITH-CAMELLIA-128-CBC-SHA256 | Cipher suite TLS-RSA-WITH-CAMELLIA-128-CBC-SHA256.
+      - choice | TLS-RSA-WITH-CAMELLIA-256-CBC-SHA256 | Cipher suite TLS-RSA-WITH-CAMELLIA-256-CBC-SHA256.
+      - choice | TLS-RSA-WITH-SEED-CBC-SHA | Cipher suite TLS-RSA-WITH-SEED-CBC-SHA.
+      - choice | TLS-RSA-WITH-ARIA-128-CBC-SHA256 | Cipher suite TLS-RSA-WITH-ARIA-128-CBC-SHA256.
+      - choice | TLS-RSA-WITH-ARIA-256-CBC-SHA384 | Cipher suite TLS-RSA-WITH-ARIA-256-CBC-SHA384.
+      - choice | TLS-DHE-RSA-WITH-DES-CBC-SHA | Cipher suite TLS-DHE-RSA-WITH-DES-CBC-SHA.
+      - choice | TLS-DHE-RSA-WITH-3DES-EDE-CBC-SHA | Cipher suite TLS-DHE-RSA-WITH-3DES-EDE-CBC-SHA.
+      - choice | TLS-DHE-RSA-WITH-AES-128-CBC-SHA | Cipher suite TLS-DHE-RSA-WITH-AES-128-CBC-SHA.
+      - choice | TLS-DHE-RSA-WITH-AES-256-CBC-SHA | Cipher suite TLS-DHE-RSA-WITH-AES-256-CBC-SHA.
+      - choice | TLS-DHE-RSA-WITH-AES-128-CBC-SHA256 | Cipher suite TLS-DHE-RSA-WITH-AES-128-CBC-SHA256.
+      - choice | TLS-DHE-RSA-WITH-AES-256-CBC-SHA256 | Cipher suite TLS-DHE-RSA-WITH-AES-256-CBC-SHA256.
+      - choice | TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA | Cipher suite TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA.
+      - choice | TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA | Cipher suite TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA.
+      - choice | TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA256 | Cipher suite TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA256.
+      - choice | TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA256 | Cipher suite TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA256.
+      - choice | TLS-DHE-RSA-WITH-SEED-CBC-SHA | Cipher suite TLS-DHE-RSA-WITH-SEED-CBC-SHA.
+      - choice | TLS-DHE-RSA-WITH-ARIA-128-CBC-SHA256 | Cipher suite TLS-DHE-RSA-WITH-ARIA-128-CBC-SHA256.
+      - choice | TLS-DHE-RSA-WITH-ARIA-256-CBC-SHA384 | Cipher suite TLS-DHE-RSA-WITH-ARIA-256-CBC-SHA384.
+      - choice | TLS-ECDHE-RSA-WITH-RC4-128-SHA | Cipher suite TLS-ECDHE-RSA-WITH-RC4-128-SHA.
+      - choice | TLS-ECDHE-RSA-WITH-3DES-EDE-CBC-SHA | Cipher suite TLS-ECDHE-RSA-WITH-3DES-EDE-CBC-SHA.
+      - choice | TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA | Cipher suite TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA.
+      - choice | TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA | Cipher suite TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA.
+      - choice | TLS-ECDHE-RSA-WITH-CHACHA20-POLY1305-SHA256 | Cipher suite TLS-ECDHE-RSA-WITH-CHACHA20-POLY1305-SHA256.
+      - choice | TLS-ECDHE-ECDSA-WITH-CHACHA20-POLY1305-SHA256 | Cipher suite TLS-ECDHE-ECDSA-WITH-CHACHA20-POLY1305-SHA256.
+      - choice | TLS-DHE-RSA-WITH-CHACHA20-POLY1305-SHA256 | Cipher suite TLS-DHE-RSA-WITH-CHACHA20-POLY1305-SHA256.
+      - choice | TLS-DHE-RSA-WITH-AES-128-GCM-SHA256 | Cipher suite TLS-DHE-RSA-WITH-AES-128-GCM-SHA256.
+      - choice | TLS-DHE-RSA-WITH-AES-256-GCM-SHA384 | Cipher suite TLS-DHE-RSA-WITH-AES-256-GCM-SHA384.
+      - choice | TLS-DHE-DSS-WITH-AES-128-CBC-SHA | Cipher suite TLS-DHE-DSS-WITH-AES-128-CBC-SHA.
+      - choice | TLS-DHE-DSS-WITH-AES-256-CBC-SHA | Cipher suite TLS-DHE-DSS-WITH-AES-256-CBC-SHA.
+      - choice | TLS-DHE-DSS-WITH-AES-128-CBC-SHA256 | Cipher suite TLS-DHE-DSS-WITH-AES-128-CBC-SHA256.
+      - choice | TLS-DHE-DSS-WITH-AES-128-GCM-SHA256 | Cipher suite TLS-DHE-DSS-WITH-AES-128-GCM-SHA256.
+      - choice | TLS-DHE-DSS-WITH-AES-256-CBC-SHA256 | Cipher suite TLS-DHE-DSS-WITH-AES-256-CBC-SHA256.
+      - choice | TLS-DHE-DSS-WITH-AES-256-GCM-SHA384 | Cipher suite TLS-DHE-DSS-WITH-AES-256-GCM-SHA384.
+      - choice | TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA256 | Cipher suite TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA256.
+      - choice | TLS-ECDHE-RSA-WITH-AES-128-GCM-SHA256 | Cipher suite TLS-ECDHE-RSA-WITH-AES-128-GCM-SHA256.
+      - choice | TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA384 | Cipher suite TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA384.
+      - choice | TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384 | Cipher suite TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384.
+      - choice | TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA | Cipher suite TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA.
+      - choice | TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA256 | Cipher suite TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA256.
+      - choice | TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256 | Cipher suite TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256.
+      - choice | TLS-ECDHE-ECDSA-WITH-AES-256-CBC-SHA384 | Cipher suite TLS-ECDHE-ECDSA-WITH-AES-256-CBC-SHA384.
+      - choice | TLS-ECDHE-ECDSA-WITH-AES-256-GCM-SHA384 | Cipher suite TLS-ECDHE-ECDSA-WITH-AES-256-GCM-SHA384.
+      - choice | TLS-RSA-WITH-AES-128-GCM-SHA256 | Cipher suite TLS-RSA-WITH-AES-128-GCM-SHA256.
+      - choice | TLS-RSA-WITH-AES-256-GCM-SHA384 | Cipher suite TLS-RSA-WITH-AES-256-GCM-SHA384.
+      - choice | TLS-DHE-DSS-WITH-CAMELLIA-128-CBC-SHA | Cipher suite TLS-DSS-RSA-WITH-CAMELLIA-128-CBC-SHA.
+      - choice | TLS-DHE-DSS-WITH-CAMELLIA-256-CBC-SHA | Cipher suite TLS-DHE-DSS-WITH-CAMELLIA-256-CBC-SHA.
+      - choice | TLS-DHE-DSS-WITH-CAMELLIA-128-CBC-SHA256 | Cipher suite TLS-DHE-DSS-WITH-CAMELLIA-128-CBC-SHA256.
+      - choice | TLS-DHE-DSS-WITH-CAMELLIA-256-CBC-SHA256 | Cipher suite TLS-DHE-DSS-WITH-CAMELLIA-256-CBC-SHA256.
+      - choice | TLS-DHE-DSS-WITH-SEED-CBC-SHA | Cipher suite TLS-DHE-DSS-WITH-SEED-CBC-SHA.
+      - choice | TLS-DHE-DSS-WITH-ARIA-128-CBC-SHA256 | Cipher suite TLS-DHE-DSS-WITH-ARIA-128-CBC-SHA256.
+      - choice | TLS-DHE-DSS-WITH-ARIA-256-CBC-SHA384 | Cipher suite TLS-DHE-DSS-WITH-ARIA-256-CBC-SHA384.
+      - choice | TLS-ECDHE-RSA-WITH-ARIA-128-CBC-SHA256 | Cipher suite TLS-ECDHE-RSA-WITH-ARIA-128-CBC-SHA256.
+      - choice | TLS-ECDHE-RSA-WITH-ARIA-256-CBC-SHA384 | Cipher suite TLS-ECDHE-RSA-WITH-ARIA-256-CBC-SHA384.
+      - choice | TLS-ECDHE-ECDSA-WITH-ARIA-128-CBC-SHA256 | Cipher suite TLS-ECDHE-ECDSA-WITH-ARIA-128-CBC_SHA256.
+      - choice | TLS-ECDHE-ECDSA-WITH-ARIA-256-CBC-SHA384 | Cipher suite TLS-ECDHE-ECDSA-WITH-ARIA-256-CBC_SHA384.
+      - choice | TLS-DHE-DSS-WITH-3DES-EDE-CBC-SHA | Cipher suite TLS-DHE-DSS-WITH-3DES-EDE-CBC-SHA.
+      - choice | TLS-DHE-DSS-WITH-DES-CBC-SHA | Cipher suite TLS-DHE-DSS-WITH-DES-CBC-SHA.
+    required: false
+    choices: ["TLS-RSA-WITH-RC4-128-MD5",
+            "TLS-RSA-WITH-RC4-128-SHA",
+            "TLS-RSA-WITH-DES-CBC-SHA",
+            "TLS-RSA-WITH-3DES-EDE-CBC-SHA",
+            "TLS-RSA-WITH-AES-128-CBC-SHA",
+            "TLS-RSA-WITH-AES-256-CBC-SHA",
+            "TLS-RSA-WITH-AES-128-CBC-SHA256",
+            "TLS-RSA-WITH-AES-256-CBC-SHA256",
+            "TLS-RSA-WITH-CAMELLIA-128-CBC-SHA",
+            "TLS-RSA-WITH-CAMELLIA-256-CBC-SHA",
+            "TLS-RSA-WITH-CAMELLIA-128-CBC-SHA256",
+            "TLS-RSA-WITH-CAMELLIA-256-CBC-SHA256",
+            "TLS-RSA-WITH-SEED-CBC-SHA",
+            "TLS-RSA-WITH-ARIA-128-CBC-SHA256",
+            "TLS-RSA-WITH-ARIA-256-CBC-SHA384",
+            "TLS-DHE-RSA-WITH-DES-CBC-SHA",
+            "TLS-DHE-RSA-WITH-3DES-EDE-CBC-SHA",
+            "TLS-DHE-RSA-WITH-AES-128-CBC-SHA",
+            "TLS-DHE-RSA-WITH-AES-256-CBC-SHA",
+            "TLS-DHE-RSA-WITH-AES-128-CBC-SHA256",
+            "TLS-DHE-RSA-WITH-AES-256-CBC-SHA256",
+            "TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA",
+            "TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA",
+            "TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA256",
+            "TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA256",
+            "TLS-DHE-RSA-WITH-SEED-CBC-SHA",
+            "TLS-DHE-RSA-WITH-ARIA-128-CBC-SHA256",
+            "TLS-DHE-RSA-WITH-ARIA-256-CBC-SHA384",
+            "TLS-ECDHE-RSA-WITH-RC4-128-SHA",
+            "TLS-ECDHE-RSA-WITH-3DES-EDE-CBC-SHA",
+            "TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA",
+            "TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA",
+            "TLS-ECDHE-RSA-WITH-CHACHA20-POLY1305-SHA256",
+            "TLS-ECDHE-ECDSA-WITH-CHACHA20-POLY1305-SHA256",
+            "TLS-DHE-RSA-WITH-CHACHA20-POLY1305-SHA256",
+            "TLS-DHE-RSA-WITH-AES-128-GCM-SHA256",
+            "TLS-DHE-RSA-WITH-AES-256-GCM-SHA384",
+            "TLS-DHE-DSS-WITH-AES-128-CBC-SHA",
+            "TLS-DHE-DSS-WITH-AES-256-CBC-SHA",
+            "TLS-DHE-DSS-WITH-AES-128-CBC-SHA256",
+            "TLS-DHE-DSS-WITH-AES-128-GCM-SHA256",
+            "TLS-DHE-DSS-WITH-AES-256-CBC-SHA256",
+            "TLS-DHE-DSS-WITH-AES-256-GCM-SHA384",
+            "TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA256",
+            "TLS-ECDHE-RSA-WITH-AES-128-GCM-SHA256",
+            "TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA384",
+            "TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384",
+            "TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA",
+            "TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA256",
+            "TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256",
+            "TLS-ECDHE-ECDSA-WITH-AES-256-CBC-SHA384",
+            "TLS-ECDHE-ECDSA-WITH-AES-256-GCM-SHA384",
+            "TLS-RSA-WITH-AES-128-GCM-SHA256",
+            "TLS-RSA-WITH-AES-256-GCM-SHA384",
+            "TLS-DHE-DSS-WITH-CAMELLIA-128-CBC-SHA",
+            "TLS-DHE-DSS-WITH-CAMELLIA-256-CBC-SHA",
+            "TLS-DHE-DSS-WITH-CAMELLIA-128-CBC-SHA256",
+            "TLS-DHE-DSS-WITH-CAMELLIA-256-CBC-SHA256",
+            "TLS-DHE-DSS-WITH-SEED-CBC-SHA",
+            "TLS-DHE-DSS-WITH-ARIA-128-CBC-SHA256",
+            "TLS-DHE-DSS-WITH-ARIA-256-CBC-SHA384",
+            "TLS-ECDHE-RSA-WITH-ARIA-128-CBC-SHA256",
+            "TLS-ECDHE-RSA-WITH-ARIA-256-CBC-SHA384",
+            "TLS-ECDHE-ECDSA-WITH-ARIA-128-CBC-SHA256",
+            "TLS-ECDHE-ECDSA-WITH-ARIA-256-CBC-SHA384",
+            "TLS-DHE-DSS-WITH-3DES-EDE-CBC-SHA",
+            "TLS-DHE-DSS-WITH-DES-CBC-SHA"]
+
+  ssl_cipher_suites_versions:
+    description:
+      - SSL/TLS versions that the cipher suite can be used with.
+      - FLAG Based Options. Specify multiple in list form.
+      - flag | ssl-3.0 | SSL 3.0.
+      - flag | tls-1.0 | TLS 1.0.
+      - flag | tls-1.1 | TLS 1.1.
+      - flag | tls-1.2 | TLS 1.2.
+    required: false
+    choices: ["ssl-3.0", "tls-1.0", "tls-1.1", "tls-1.2"]
+
+  ssl_server_cipher_suites:
+    description:
+      - EXPERTS ONLY! KNOWLEDGE OF FMGR JSON API IS REQUIRED!
+      - List of multiple child objects to be added. Expects a list of dictionaries.
+      - Dictionaries must use FortiManager API parameters, not the ansible ones listed below.
+      - If submitted, all other prefixed sub-parameters ARE IGNORED.
+      - This object is MUTUALLY EXCLUSIVE with its options.
+      - We expect that you know what you are doing with these list parameters, and are leveraging the JSON API Guide.
+      - WHEN IN DOUBT, USE THE SUB OPTIONS BELOW INSTEAD TO CREATE OBJECTS WITH MULTIPLE TASKS
+    required: false
+
+  ssl_server_cipher_suites_cipher:
+    description:
+      - Cipher suite name.
+      - choice | TLS-RSA-WITH-RC4-128-MD5 | Cipher suite TLS-RSA-WITH-RC4-128-MD5.
+      - choice | TLS-RSA-WITH-RC4-128-SHA | Cipher suite TLS-RSA-WITH-RC4-128-SHA.
+      - choice | TLS-RSA-WITH-DES-CBC-SHA | Cipher suite TLS-RSA-WITH-DES-CBC-SHA.
+      - choice | TLS-RSA-WITH-3DES-EDE-CBC-SHA | Cipher suite TLS-RSA-WITH-3DES-EDE-CBC-SHA.
+      - choice | TLS-RSA-WITH-AES-128-CBC-SHA | Cipher suite TLS-RSA-WITH-AES-128-CBC-SHA.
+      - choice | TLS-RSA-WITH-AES-256-CBC-SHA | Cipher suite TLS-RSA-WITH-AES-256-CBC-SHA.
+      - choice | TLS-RSA-WITH-AES-128-CBC-SHA256 | Cipher suite TLS-RSA-WITH-AES-128-CBC-SHA256.
+      - choice | TLS-RSA-WITH-AES-256-CBC-SHA256 | Cipher suite TLS-RSA-WITH-AES-256-CBC-SHA256.
+      - choice | TLS-RSA-WITH-CAMELLIA-128-CBC-SHA | Cipher suite TLS-RSA-WITH-CAMELLIA-128-CBC-SHA.
+      - choice | TLS-RSA-WITH-CAMELLIA-256-CBC-SHA | Cipher suite TLS-RSA-WITH-CAMELLIA-256-CBC-SHA.
+      - choice | TLS-RSA-WITH-CAMELLIA-128-CBC-SHA256 | Cipher suite TLS-RSA-WITH-CAMELLIA-128-CBC-SHA256.
+      - choice | TLS-RSA-WITH-CAMELLIA-256-CBC-SHA256 | Cipher suite TLS-RSA-WITH-CAMELLIA-256-CBC-SHA256.
+      - choice | TLS-RSA-WITH-SEED-CBC-SHA | Cipher suite TLS-RSA-WITH-SEED-CBC-SHA.
+      - choice | TLS-RSA-WITH-ARIA-128-CBC-SHA256 | Cipher suite TLS-RSA-WITH-ARIA-128-CBC-SHA256.
+      - choice | TLS-RSA-WITH-ARIA-256-CBC-SHA384 | Cipher suite TLS-RSA-WITH-ARIA-256-CBC-SHA384.
+      - choice | TLS-DHE-RSA-WITH-DES-CBC-SHA | Cipher suite TLS-DHE-RSA-WITH-DES-CBC-SHA.
+      - choice | TLS-DHE-RSA-WITH-3DES-EDE-CBC-SHA | Cipher suite TLS-DHE-RSA-WITH-3DES-EDE-CBC-SHA.
+      - choice | TLS-DHE-RSA-WITH-AES-128-CBC-SHA | Cipher suite TLS-DHE-RSA-WITH-AES-128-CBC-SHA.
+      - choice | TLS-DHE-RSA-WITH-AES-256-CBC-SHA | Cipher suite TLS-DHE-RSA-WITH-AES-256-CBC-SHA.
+      - choice | TLS-DHE-RSA-WITH-AES-128-CBC-SHA256 | Cipher suite TLS-DHE-RSA-WITH-AES-128-CBC-SHA256.
+      - choice | TLS-DHE-RSA-WITH-AES-256-CBC-SHA256 | Cipher suite TLS-DHE-RSA-WITH-AES-256-CBC-SHA256.
+      - choice | TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA | Cipher suite TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA.
+      - choice | TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA | Cipher suite TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA.
+      - choice | TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA256 | Cipher suite TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA256.
+      - choice | TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA256 | Cipher suite TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA256.
+      - choice | TLS-DHE-RSA-WITH-SEED-CBC-SHA | Cipher suite TLS-DHE-RSA-WITH-SEED-CBC-SHA.
+      - choice | TLS-DHE-RSA-WITH-ARIA-128-CBC-SHA256 | Cipher suite TLS-DHE-RSA-WITH-ARIA-128-CBC-SHA256.
+      - choice | TLS-DHE-RSA-WITH-ARIA-256-CBC-SHA384 | Cipher suite TLS-DHE-RSA-WITH-ARIA-256-CBC-SHA384.
+      - choice | TLS-ECDHE-RSA-WITH-RC4-128-SHA | Cipher suite TLS-ECDHE-RSA-WITH-RC4-128-SHA.
+      - choice | TLS-ECDHE-RSA-WITH-3DES-EDE-CBC-SHA | Cipher suite TLS-ECDHE-RSA-WITH-3DES-EDE-CBC-SHA.
+      - choice | TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA | Cipher suite TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA.
+      - choice | TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA | Cipher suite TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA.
+      - choice | TLS-ECDHE-RSA-WITH-CHACHA20-POLY1305-SHA256 | Cipher suite TLS-ECDHE-RSA-WITH-CHACHA20-POLY1305-SHA256.
+      - choice | TLS-ECDHE-ECDSA-WITH-CHACHA20-POLY1305-SHA256 | Suite TLS-ECDHE-ECDSA-WITH-CHACHA20-POLY1305-SHA256.
+      - choice | TLS-DHE-RSA-WITH-CHACHA20-POLY1305-SHA256 | Cipher suite TLS-DHE-RSA-WITH-CHACHA20-POLY1305-SHA256.
+      - choice | TLS-DHE-RSA-WITH-AES-128-GCM-SHA256 | Cipher suite TLS-DHE-RSA-WITH-AES-128-GCM-SHA256.
+      - choice | TLS-DHE-RSA-WITH-AES-256-GCM-SHA384 | Cipher suite TLS-DHE-RSA-WITH-AES-256-GCM-SHA384.
+      - choice | TLS-DHE-DSS-WITH-AES-128-CBC-SHA | Cipher suite TLS-DHE-DSS-WITH-AES-128-CBC-SHA.
+      - choice | TLS-DHE-DSS-WITH-AES-256-CBC-SHA | Cipher suite TLS-DHE-DSS-WITH-AES-256-CBC-SHA.
+      - choice | TLS-DHE-DSS-WITH-AES-128-CBC-SHA256 | Cipher suite TLS-DHE-DSS-WITH-AES-128-CBC-SHA256.
+      - choice | TLS-DHE-DSS-WITH-AES-128-GCM-SHA256 | Cipher suite TLS-DHE-DSS-WITH-AES-128-GCM-SHA256.
+      - choice | TLS-DHE-DSS-WITH-AES-256-CBC-SHA256 | Cipher suite TLS-DHE-DSS-WITH-AES-256-CBC-SHA256.
+      - choice | TLS-DHE-DSS-WITH-AES-256-GCM-SHA384 | Cipher suite TLS-DHE-DSS-WITH-AES-256-GCM-SHA384.
+      - choice | TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA256 | Cipher suite TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA256.
+      - choice | TLS-ECDHE-RSA-WITH-AES-128-GCM-SHA256 | Cipher suite TLS-ECDHE-RSA-WITH-AES-128-GCM-SHA256.
+      - choice | TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA384 | Cipher suite TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA384.
+      - choice | TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384 | Cipher suite TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384.
+      - choice | TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA | Cipher suite TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA.
+      - choice | TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA256 | Cipher suite TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA256.
+      - choice | TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256 | Cipher suite TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256.
+      - choice | TLS-ECDHE-ECDSA-WITH-AES-256-CBC-SHA384 | Cipher suite TLS-ECDHE-ECDSA-WITH-AES-256-CBC-SHA384.
+      - choice | TLS-ECDHE-ECDSA-WITH-AES-256-GCM-SHA384 | Cipher suite TLS-ECDHE-ECDSA-WITH-AES-256-GCM-SHA384.
+      - choice | TLS-RSA-WITH-AES-128-GCM-SHA256 | Cipher suite TLS-RSA-WITH-AES-128-GCM-SHA256.
+      - choice | TLS-RSA-WITH-AES-256-GCM-SHA384 | Cipher suite TLS-RSA-WITH-AES-256-GCM-SHA384.
+      - choice | TLS-DHE-DSS-WITH-CAMELLIA-128-CBC-SHA | Cipher suite TLS-DSS-RSA-WITH-CAMELLIA-128-CBC-SHA.
+      - choice | TLS-DHE-DSS-WITH-CAMELLIA-256-CBC-SHA | Cipher suite TLS-DHE-DSS-WITH-CAMELLIA-256-CBC-SHA.
+      - choice | TLS-DHE-DSS-WITH-CAMELLIA-128-CBC-SHA256 | Cipher suite TLS-DHE-DSS-WITH-CAMELLIA-128-CBC-SHA256.
+      - choice | TLS-DHE-DSS-WITH-CAMELLIA-256-CBC-SHA256 | Cipher suite TLS-DHE-DSS-WITH-CAMELLIA-256-CBC-SHA256.
+      - choice | TLS-DHE-DSS-WITH-SEED-CBC-SHA | Cipher suite TLS-DHE-DSS-WITH-SEED-CBC-SHA.
+      - choice | TLS-DHE-DSS-WITH-ARIA-128-CBC-SHA256 | Cipher suite TLS-DHE-DSS-WITH-ARIA-128-CBC-SHA256.
+      - choice | TLS-DHE-DSS-WITH-ARIA-256-CBC-SHA384 | Cipher suite TLS-DHE-DSS-WITH-ARIA-256-CBC-SHA384.
+      - choice | TLS-ECDHE-RSA-WITH-ARIA-128-CBC-SHA256 | Cipher suite TLS-ECDHE-RSA-WITH-ARIA-128-CBC-SHA256.
+      - choice | TLS-ECDHE-RSA-WITH-ARIA-256-CBC-SHA384 | Cipher suite TLS-ECDHE-RSA-WITH-ARIA-256-CBC-SHA384.
+      - choice | TLS-ECDHE-ECDSA-WITH-ARIA-128-CBC-SHA256 | Cipher suite TLS-ECDHE-ECDSA-WITH-ARIA-128-CBC_SHA256.
+      - choice | TLS-ECDHE-ECDSA-WITH-ARIA-256-CBC-SHA384 | Cipher suite TLS-ECDHE-ECDSA-WITH-ARIA-256-CBC_SHA384.
+      - choice | TLS-DHE-DSS-WITH-3DES-EDE-CBC-SHA | Cipher suite TLS-DHE-DSS-WITH-3DES-EDE-CBC-SHA.
+      - choice | TLS-DHE-DSS-WITH-DES-CBC-SHA | Cipher suite TLS-DHE-DSS-WITH-DES-CBC-SHA.
+    required: false
+    choices: ["TLS-RSA-WITH-RC4-128-MD5",
+            "TLS-RSA-WITH-RC4-128-SHA",
+            "TLS-RSA-WITH-DES-CBC-SHA",
+            "TLS-RSA-WITH-3DES-EDE-CBC-SHA",
+            "TLS-RSA-WITH-AES-128-CBC-SHA",
+            "TLS-RSA-WITH-AES-256-CBC-SHA",
+            "TLS-RSA-WITH-AES-128-CBC-SHA256",
+            "TLS-RSA-WITH-AES-256-CBC-SHA256",
+            "TLS-RSA-WITH-CAMELLIA-128-CBC-SHA",
+            "TLS-RSA-WITH-CAMELLIA-256-CBC-SHA",
+            "TLS-RSA-WITH-CAMELLIA-128-CBC-SHA256",
+            "TLS-RSA-WITH-CAMELLIA-256-CBC-SHA256",
+            "TLS-RSA-WITH-SEED-CBC-SHA",
+            "TLS-RSA-WITH-ARIA-128-CBC-SHA256",
+            "TLS-RSA-WITH-ARIA-256-CBC-SHA384",
+            "TLS-DHE-RSA-WITH-DES-CBC-SHA",
+            "TLS-DHE-RSA-WITH-3DES-EDE-CBC-SHA",
+            "TLS-DHE-RSA-WITH-AES-128-CBC-SHA",
+            "TLS-DHE-RSA-WITH-AES-256-CBC-SHA",
+            "TLS-DHE-RSA-WITH-AES-128-CBC-SHA256",
+            "TLS-DHE-RSA-WITH-AES-256-CBC-SHA256",
+            "TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA",
+            "TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA",
+            "TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA256",
+            "TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA256",
+            "TLS-DHE-RSA-WITH-SEED-CBC-SHA",
+            "TLS-DHE-RSA-WITH-ARIA-128-CBC-SHA256",
+            "TLS-DHE-RSA-WITH-ARIA-256-CBC-SHA384",
+            "TLS-ECDHE-RSA-WITH-RC4-128-SHA",
+            "TLS-ECDHE-RSA-WITH-3DES-EDE-CBC-SHA",
+            "TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA",
+            "TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA",
+            "TLS-ECDHE-RSA-WITH-CHACHA20-POLY1305-SHA256",
+            "TLS-ECDHE-ECDSA-WITH-CHACHA20-POLY1305-SHA256",
+            "TLS-DHE-RSA-WITH-CHACHA20-POLY1305-SHA256",
+            "TLS-DHE-RSA-WITH-AES-128-GCM-SHA256",
+            "TLS-DHE-RSA-WITH-AES-256-GCM-SHA384",
+            "TLS-DHE-DSS-WITH-AES-128-CBC-SHA",
+            "TLS-DHE-DSS-WITH-AES-256-CBC-SHA",
+            "TLS-DHE-DSS-WITH-AES-128-CBC-SHA256",
+            "TLS-DHE-DSS-WITH-AES-128-GCM-SHA256",
+            "TLS-DHE-DSS-WITH-AES-256-CBC-SHA256",
+            "TLS-DHE-DSS-WITH-AES-256-GCM-SHA384",
+            "TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA256",
+            "TLS-ECDHE-RSA-WITH-AES-128-GCM-SHA256",
+            "TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA384",
+            "TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384",
+            "TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA",
+            "TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA256",
+            "TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256",
+            "TLS-ECDHE-ECDSA-WITH-AES-256-CBC-SHA384",
+            "TLS-ECDHE-ECDSA-WITH-AES-256-GCM-SHA384",
+            "TLS-RSA-WITH-AES-128-GCM-SHA256",
+            "TLS-RSA-WITH-AES-256-GCM-SHA384",
+            "TLS-DHE-DSS-WITH-CAMELLIA-128-CBC-SHA",
+            "TLS-DHE-DSS-WITH-CAMELLIA-256-CBC-SHA",
+            "TLS-DHE-DSS-WITH-CAMELLIA-128-CBC-SHA256",
+            "TLS-DHE-DSS-WITH-CAMELLIA-256-CBC-SHA256",
+            "TLS-DHE-DSS-WITH-SEED-CBC-SHA",
+            "TLS-DHE-DSS-WITH-ARIA-128-CBC-SHA256",
+            "TLS-DHE-DSS-WITH-ARIA-256-CBC-SHA384",
+            "TLS-ECDHE-RSA-WITH-ARIA-128-CBC-SHA256",
+            "TLS-ECDHE-RSA-WITH-ARIA-256-CBC-SHA384",
+            "TLS-ECDHE-ECDSA-WITH-ARIA-128-CBC-SHA256",
+            "TLS-ECDHE-ECDSA-WITH-ARIA-256-CBC-SHA384",
+            "TLS-DHE-DSS-WITH-3DES-EDE-CBC-SHA",
+            "TLS-DHE-DSS-WITH-DES-CBC-SHA"]
+
+  ssl_server_cipher_suites_priority:
+    description:
+      - SSL/TLS cipher suites priority.
+    required: false
+
+  ssl_server_cipher_suites_versions:
+    description:
+      - SSL/TLS versions that the cipher suite can be used with.
+      - FLAG Based Options. Specify multiple in list form.
+      - flag | ssl-3.0 | SSL 3.0.
+      - flag | tls-1.0 | TLS 1.0.
+      - flag | tls-1.1 | TLS 1.1.
+      - flag | tls-1.2 | TLS 1.2.
+    required: false
+    choices: ["ssl-3.0", "tls-1.0", "tls-1.1", "tls-1.2"]
+
+
+'''
+
+EXAMPLES = '''
+# BASIC FULL STATIC NAT MAPPING
+- name: EDIT FMGR_FIREWALL_VIP SNAT
+  fmgr_fwobj_vip:
+    host: "{{ inventory_hostname }}"
+    username: "{{ username }}"
+    password: "{{ password }}"
+    name: "Basic StaticNAT Map"
+    mode: "set"
+    adom: "ansible"
+    type: "static-nat"
+    extip: "82.72.192.185"
+    extintf: "any"
+    mappedip: "10.7.220.25"
+    comment: "Created by Ansible"
+    color: "17"
+
+# BASIC PORT PNAT MAPPING
+- name: EDIT FMGR_FIREWALL_VIP PNAT
+  fmgr_fwobj_vip:
+    host: "{{ inventory_hostname }}"
+    username: "{{ username }}"
+    password: "{{ password }}"
+    name: "Basic PNAT Map Port 10443"
+    mode: "set"
+    adom: "ansible"
+    type: "static-nat"
+    extip: "82.72.192.185"
+    extport: "10443"
+    extintf: "any"
+    portforward: "enable"
+    protocol: "tcp"
+    mappedip: "10.7.220.25"
+    mappedport: "443"
+    comment: "Created by Ansible"
+    color: "17"
+
+# BASIC DNS TRANSLATION NAT
+- name: EDIT FMGR_FIREWALL_DNST
+  fmgr_fwobj_vip:
+    host: "{{ inventory_hostname }}"
+    username: "{{ username }}"
+    password: "{{ password }}"
+    name: "Basic DNS Translation"
+    mode: "set"
+    adom: "ansible"
+    type: "dns-translation"
+    extip: "192.168.0.1-192.168.0.100"
+    extintf: "dmz"
+    mappedip: "3.3.3.0/24, 4.0.0.0/24"
+    comment: "Created by Ansible"
+    color: "12"
+
+# BASIC FQDN NAT
+- name: EDIT FMGR_FIREWALL_FQDN
+  fmgr_fwobj_vip:
+    host: "{{ inventory_hostname }}"
+    username: "{{ username }}"
+    password: "{{ password }}"
+    name: "Basic FQDN Translation"
+    mode: "set"
+    adom: "ansible"
+    type: "fqdn"
+    mapped_addr: "google-play"
+    comment: "Created by Ansible"
+    color: "5"
+
+# DELETE AN ENTRY
+- name: DELETE FMGR_FIREWALL_VIP PNAT
+  fmgr_fwobj_vip:
+    host: "{{ inventory_hostname }}"
+    username: "{{ username }}"
+    password: "{{ password }}"
+    name: "Basic PNAT Map Port 10443"
+    mode: "delete"
+    adom: "ansible"
+'''
+
+RETURN = """
+api_result:
+  description: full API response, includes status code and message
+  returned: always
+  type: string
+"""
+
+from ansible.module_utils.basic import AnsibleModule, env_fallback
+from ansible.module_utils.network.fortimanager.fortimanager import AnsibleFortiManager
+
+# check for pyFMG lib
+try:
+    from pyFMG.fortimgr import FortiManager
+
+    HAS_PYFMGR = True
+except ImportError:
+    HAS_PYFMGR = False
+
+
+###############
+# START METHODS
+###############
+
+
+def fmgr_firewall_vip_addsetdelete(fmg, paramgram):
+    """
+    fmgr_firewall_vip -- Add/Set/Deletes Firewall Virtual IP Objects
+    """
+
+    mode = paramgram["mode"]
+    adom = paramgram["adom"]
+    # INIT A BASIC OBJECTS
+    response = (-100000, {"msg": "Illegal or malformed paramgram discovered. System Exception"})
+    url = ""
+    datagram = {}
+
+    # EVAL THE MODE PARAMETER FOR SET OR ADD
+    if mode in ['set', 'add', 'update']:
+        url = '/pm/config/adom/{adom}/obj/firewall/vip'.format(adom=adom)
+        datagram = fmgr_del_none(fmgr_prepare_dict(paramgram))
+
+    # EVAL THE MODE PARAMETER FOR DELETE
+    elif mode == "delete":
+        # SET THE CORRECT URL FOR DELETE
+        url = '/pm/config/adom/{adom}/obj/firewall/vip/{name}'.format(adom=adom, name=paramgram["name"])
+        datagram = {}
+
+    # IF MODE = SET -- USE THE 'SET' API CALL MODE
+    if mode == "set":
+        response = fmg.set(url, datagram)
+    # IF MODE = UPDATE -- USER THE 'UPDATE' API CALL MODE
+    elif mode == "update":
+        response = fmg.update(url, datagram)
+    # IF MODE = ADD  -- USE THE 'ADD' API CALL MODE
+    elif mode == "add":
+        response = fmg.add(url, datagram)
+    # IF MODE = DELETE  -- USE THE DELETE URL AND API CALL MODE
+    elif mode == "delete":
+        response = fmg.delete(url, datagram)
+
+    return response
+
+
+# ADDITIONAL COMMON FUNCTIONS
+def fmgr_logout(fmg, module, msg="NULL", results=(), good_codes=(0,), logout_on_fail=True, logout_on_success=False):
+    """
+    THIS METHOD CONTROLS THE LOGOUT AND ERROR REPORTING AFTER AN METHOD OR FUNCTION RUNS
+    """
+    # VALIDATION ERROR (NO RESULTS, JUST AN EXIT)
+    if msg != "NULL" and len(results) == 0:
+        try:
+            fmg.logout()
+        except:
+            pass
+        module.fail_json(msg=msg)
+
+    # SUBMISSION ERROR
+    if len(results) > 0:
+        if msg == "NULL":
+            try:
+                msg = results[1]['status']['message']
+            except:
+                msg = "No status message returned from pyFMG. Possible that this was a GET with a tuple result."
+
+        if results[0] not in good_codes:
+            if logout_on_fail:
+                fmg.logout()
+                module.fail_json(msg=msg, **results[1])
+        else:
+            if logout_on_success:
+                fmg.logout()
+                module.exit_json(msg="API Called worked, but logout handler has been asked to logout on success",
+                                 **results[1])
+    return msg
+
+
+# FUNCTION/METHOD FOR CONVERTING CIDR TO A NETMASK
+# DID NOT USE IP ADDRESS MODULE TO KEEP INCLUDES TO A MINIMUM
+def fmgr_cidr_to_netmask(cidr):
+    cidr = int(cidr)
+    mask = (0xffffffff >> (32 - cidr)) << (32 - cidr)
+    return (str((0xff000000 & mask) >> 24) + '.' +
+            str((0x00ff0000 & mask) >> 16) + '.' +
+            str((0x0000ff00 & mask) >> 8) + '.' +
+            str((0x000000ff & mask)))
+
+
+# utility function: removing keys wih value of None, nothing in playbook for that key
+def fmgr_del_none(obj):
+    if isinstance(obj, dict):
+        return type(obj)((fmgr_del_none(k), fmgr_del_none(v))
+                         for k, v in obj.items() if k is not None and (v is not None and not fmgr_is_empty_dict(v)))
+    else:
+        return obj
+
+
+# utility function: remove keys that are need for the logic but the FMG API won't accept them
+def fmgr_prepare_dict(obj):
+    list_of_elems = ["mode", "adom", "host", "username", "password"]
+    if isinstance(obj, dict):
+        obj = dict((key, fmgr_prepare_dict(value)) for (key, value) in obj.items() if key not in list_of_elems)
+    return obj
+
+
+def fmgr_is_empty_dict(obj):
+    return_val = False
+    if isinstance(obj, dict):
+        if len(obj) > 0:
+            for k, v in obj.items():
+                if isinstance(v, dict):
+                    if len(v) == 0:
+                        return_val = True
+                    elif len(v) > 0:
+                        for k1, v1 in v.items():
+                            if v1 is None:
+                                return_val = True
+                            elif v1 is not None:
+                                return_val = False
+                                return return_val
+                elif v is None:
+                    return_val = True
+                elif v is not None:
+                    return_val = False
+                    return return_val
+        elif len(obj) == 0:
+            return_val = True
+
+    return return_val
+
+
+def fmgr_split_comma_strings_into_lists(obj):
+    if isinstance(obj, dict):
+        if len(obj) > 0:
+            for k, v in obj.items():
+                if isinstance(v, str):
+                    new_list = list()
+                    if "," in v:
+                        new_items = v.split(",")
+                        for item in new_items:
+                            new_list.append(item.strip())
+                        obj[k] = new_list
+
+    return obj
+
+
+#############
+# END METHODS
+#############
+
+
+def main():
+    argument_spec = dict(
+        adom=dict(type="str", default="root"),
+        host=dict(required=True, type="str"),
+        password=dict(fallback=(env_fallback, ["ANSIBLE_NET_PASSWORD"]), no_log=True, required=True),
+        username=dict(fallback=(env_fallback, ["ANSIBLE_NET_USERNAME"]), no_log=True, required=True),
+        mode=dict(choices=["add", "set", "delete", "update"], type="str", default="add"),
+
+        websphere_server=dict(required=False, type="str", choices=["disable", "enable"]),
+        weblogic_server=dict(required=False, type="str", choices=["disable", "enable"]),
+        type=dict(required=False, type="str",
+                  choices=["static-nat", "load-balance", "server-load-balance", "dns-translation", "fqdn"]),
+        ssl_server_session_state_type=dict(required=False, type="str", choices=["disable", "time", "count", "both"]),
+        ssl_server_session_state_timeout=dict(required=False, type="int"),
+        ssl_server_session_state_max=dict(required=False, type="int"),
+        ssl_server_min_version=dict(required=False, type="str",
+                                    choices=["ssl-3.0", "tls-1.0", "tls-1.1", "tls-1.2", "client"]),
+        ssl_server_max_version=dict(required=False, type="str",
+                                    choices=["ssl-3.0", "tls-1.0", "tls-1.1", "tls-1.2", "client"]),
+        ssl_server_algorithm=dict(required=False, type="str", choices=["high", "low", "medium", "custom", "client"]),
+        ssl_send_empty_frags=dict(required=False, type="str", choices=["disable", "enable"]),
+        ssl_pfs=dict(required=False, type="str", choices=["require", "deny", "allow"]),
+        ssl_mode=dict(required=False, type="str", choices=["half", "full"]),
+        ssl_min_version=dict(required=False, type="str", choices=["ssl-3.0", "tls-1.0", "tls-1.1", "tls-1.2"]),
+        ssl_max_version=dict(required=False, type="str", choices=["ssl-3.0", "tls-1.0", "tls-1.1", "tls-1.2"]),
+        ssl_http_match_host=dict(required=False, type="str", choices=["disable", "enable"]),
+        ssl_http_location_conversion=dict(required=False, type="str", choices=["disable", "enable"]),
+        ssl_hsts_include_subdomains=dict(required=False, type="str", choices=["disable", "enable"]),
+        ssl_hsts_age=dict(required=False, type="int"),
+        ssl_hsts=dict(required=False, type="str", choices=["disable", "enable"]),
+        ssl_hpkp_report_uri=dict(required=False, type="str"),
+        ssl_hpkp_primary=dict(required=False, type="str"),
+        ssl_hpkp_include_subdomains=dict(required=False, type="str", choices=["disable", "enable"]),
+        ssl_hpkp_backup=dict(required=False, type="str"),
+        ssl_hpkp_age=dict(required=False, type="int"),
+        ssl_hpkp=dict(required=False, type="str", choices=["disable", "enable", "report-only"]),
+        ssl_dh_bits=dict(required=False, type="str", choices=["768", "1024", "1536", "2048", "3072", "4096"]),
+        ssl_client_session_state_type=dict(required=False, type="str", choices=["disable", "time", "count", "both"]),
+        ssl_client_session_state_timeout=dict(required=False, type="int"),
+        ssl_client_session_state_max=dict(required=False, type="int"),
+        ssl_client_renegotiation=dict(required=False, type="str", choices=["deny", "allow", "secure"]),
+        ssl_client_fallback=dict(required=False, type="str", choices=["disable", "enable"]),
+        ssl_certificate=dict(required=False, type="str"),
+        ssl_algorithm=dict(required=False, type="str", choices=["high", "medium", "low", "custom"]),
+        srcintf_filter=dict(required=False, type="str"),
+        src_filter=dict(required=False, type="str"),
+        service=dict(required=False, type="str"),
+        server_type=dict(required=False, type="str",
+                         choices=["http", "https", "ssl", "tcp", "udp", "ip", "imaps", "pop3s", "smtps"]),
+        protocol=dict(required=False, type="str", choices=["tcp", "udp", "sctp", "icmp"]),
+        portmapping_type=dict(required=False, type="str", choices=["1-to-1", "m-to-n"]),
+        portforward=dict(required=False, type="str", choices=["disable", "enable"]),
+        persistence=dict(required=False, type="str", choices=["none", "http-cookie", "ssl-session-id"]),
+        outlook_web_access=dict(required=False, type="str", choices=["disable", "enable"]),
+        nat_source_vip=dict(required=False, type="str", choices=["disable", "enable"]),
+        name=dict(required=False, type="str"),
+        monitor=dict(required=False, type="str"),
+        max_embryonic_connections=dict(required=False, type="int"),
+        mappedport=dict(required=False, type="str"),
+        mappedip=dict(required=False, type="str"),
+        mapped_addr=dict(required=False, type="str"),
+        ldb_method=dict(required=False, type="str",
+                        choices=["static", "round-robin", "weighted", "least-session", "least-rtt", "first-alive",
+                                 "http-host"]),
+        https_cookie_secure=dict(required=False, type="str", choices=["disable", "enable"]),
+        http_multiplex=dict(required=False, type="str", choices=["disable", "enable"]),
+        http_ip_header_name=dict(required=False, type="str"),
+        http_ip_header=dict(required=False, type="str", choices=["disable", "enable"]),
+        http_cookie_share=dict(required=False, type="str", choices=["disable", "same-ip"]),
+        http_cookie_path=dict(required=False, type="str"),
+        http_cookie_generation=dict(required=False, type="int"),
+        http_cookie_domain_from_host=dict(required=False, type="str", choices=["disable", "enable"]),
+        http_cookie_domain=dict(required=False, type="str"),
+        http_cookie_age=dict(required=False, type="int"),
+        gratuitous_arp_interval=dict(required=False, type="int"),
+        extport=dict(required=False, type="str"),
+        extip=dict(required=False, type="str"),
+        extintf=dict(required=False, type="str"),
+        extaddr=dict(required=False, type="str"),
+        dns_mapping_ttl=dict(required=False, type="int"),
+        comment=dict(required=False, type="str"),
+        color=dict(required=False, type="int"),
+        arp_reply=dict(required=False, type="str", choices=["disable", "enable"]),
+        dynamic_mapping=dict(required=False, type="list"),
+        dynamic_mapping_arp_reply=dict(required=False, type="str", choices=["disable", "enable"]),
+        dynamic_mapping_color=dict(required=False, type="int"),
+        dynamic_mapping_comment=dict(required=False, type="str"),
+        dynamic_mapping_dns_mapping_ttl=dict(required=False, type="int"),
+        dynamic_mapping_extaddr=dict(required=False, type="str"),
+        dynamic_mapping_extintf=dict(required=False, type="str"),
+        dynamic_mapping_extip=dict(required=False, type="str"),
+        dynamic_mapping_extport=dict(required=False, type="str"),
+        dynamic_mapping_gratuitous_arp_interval=dict(required=False, type="int"),
+        dynamic_mapping_http_cookie_age=dict(required=False, type="int"),
+        dynamic_mapping_http_cookie_domain=dict(required=False, type="str"),
+        dynamic_mapping_http_cookie_domain_from_host=dict(required=False, type="str", choices=["disable", "enable"]),
+        dynamic_mapping_http_cookie_generation=dict(required=False, type="int"),
+        dynamic_mapping_http_cookie_path=dict(required=False, type="str"),
+        dynamic_mapping_http_cookie_share=dict(required=False, type="str", choices=["disable", "same-ip"]),
+        dynamic_mapping_http_ip_header=dict(required=False, type="str", choices=["disable", "enable"]),
+        dynamic_mapping_http_ip_header_name=dict(required=False, type="str"),
+        dynamic_mapping_http_multiplex=dict(required=False, type="str", choices=["disable", "enable"]),
+        dynamic_mapping_https_cookie_secure=dict(required=False, type="str", choices=["disable", "enable"]),
+        dynamic_mapping_ldb_method=dict(required=False, type="str", choices=["static",
+                                                                             "round-robin",
+                                                                             "weighted",
+                                                                             "least-session",
+                                                                             "least-rtt",
+                                                                             "first-alive",
+                                                                             "http-host"]),
+        dynamic_mapping_mapped_addr=dict(required=False, type="str"),
+        dynamic_mapping_mappedip=dict(required=False, type="str"),
+        dynamic_mapping_mappedport=dict(required=False, type="str"),
+        dynamic_mapping_max_embryonic_connections=dict(required=False, type="int"),
+        dynamic_mapping_monitor=dict(required=False, type="str"),
+        dynamic_mapping_nat_source_vip=dict(required=False, type="str", choices=["disable", "enable"]),
+        dynamic_mapping_outlook_web_access=dict(required=False, type="str", choices=["disable", "enable"]),
+        dynamic_mapping_persistence=dict(required=False, type="str", choices=["none", "http-cookie", "ssl-session-id"]),
+        dynamic_mapping_portforward=dict(required=False, type="str", choices=["disable", "enable"]),
+        dynamic_mapping_portmapping_type=dict(required=False, type="str", choices=["1-to-1", "m-to-n"]),
+        dynamic_mapping_protocol=dict(required=False, type="str", choices=["tcp", "udp", "sctp", "icmp"]),
+        dynamic_mapping_server_type=dict(required=False, type="str",
+                                         choices=["http", "https", "ssl", "tcp", "udp", "ip", "imaps", "pop3s",
+                                                  "smtps"]),
+        dynamic_mapping_service=dict(required=False, type="str"),
+        dynamic_mapping_src_filter=dict(required=False, type="str"),
+        dynamic_mapping_srcintf_filter=dict(required=False, type="str"),
+        dynamic_mapping_ssl_algorithm=dict(required=False, type="str", choices=["high", "medium", "low", "custom"]),
+        dynamic_mapping_ssl_certificate=dict(required=False, type="str"),
+        dynamic_mapping_ssl_client_fallback=dict(required=False, type="str", choices=["disable", "enable"]),
+        dynamic_mapping_ssl_client_renegotiation=dict(required=False, type="str", choices=["deny", "allow", "secure"]),
+        dynamic_mapping_ssl_client_session_state_max=dict(required=False, type="int"),
+        dynamic_mapping_ssl_client_session_state_timeout=dict(required=False, type="int"),
+        dynamic_mapping_ssl_client_session_state_type=dict(required=False, type="str",
+                                                           choices=["disable", "time", "count", "both"]),
+        dynamic_mapping_ssl_dh_bits=dict(required=False, type="str",
+                                         choices=["768", "1024", "1536", "2048", "3072", "4096"]),
+        dynamic_mapping_ssl_hpkp=dict(required=False, type="str", choices=["disable", "enable", "report-only"]),
+        dynamic_mapping_ssl_hpkp_age=dict(required=False, type="int"),
+        dynamic_mapping_ssl_hpkp_backup=dict(required=False, type="str"),
+        dynamic_mapping_ssl_hpkp_include_subdomains=dict(required=False, type="str", choices=["disable", "enable"]),
+        dynamic_mapping_ssl_hpkp_primary=dict(required=False, type="str"),
+        dynamic_mapping_ssl_hpkp_report_uri=dict(required=False, type="str"),
+        dynamic_mapping_ssl_hsts=dict(required=False, type="str", choices=["disable", "enable"]),
+        dynamic_mapping_ssl_hsts_age=dict(required=False, type="int"),
+        dynamic_mapping_ssl_hsts_include_subdomains=dict(required=False, type="str", choices=["disable", "enable"]),
+        dynamic_mapping_ssl_http_location_conversion=dict(required=False, type="str", choices=["disable", "enable"]),
+        dynamic_mapping_ssl_http_match_host=dict(required=False, type="str", choices=["disable", "enable"]),
+        dynamic_mapping_ssl_max_version=dict(required=False, type="str",
+                                             choices=["ssl-3.0", "tls-1.0", "tls-1.1", "tls-1.2"]),
+        dynamic_mapping_ssl_min_version=dict(required=False, type="str",
+                                             choices=["ssl-3.0", "tls-1.0", "tls-1.1", "tls-1.2"]),
+        dynamic_mapping_ssl_mode=dict(required=False, type="str", choices=["half", "full"]),
+        dynamic_mapping_ssl_pfs=dict(required=False, type="str", choices=["require", "deny", "allow"]),
+        dynamic_mapping_ssl_send_empty_frags=dict(required=False, type="str", choices=["disable", "enable"]),
+        dynamic_mapping_ssl_server_algorithm=dict(required=False, type="str",
+                                                  choices=["high", "low", "medium", "custom", "client"]),
+        dynamic_mapping_ssl_server_max_version=dict(required=False, type="str",
+                                                    choices=["ssl-3.0", "tls-1.0", "tls-1.1", "tls-1.2", "client"]),
+        dynamic_mapping_ssl_server_min_version=dict(required=False, type="str",
+                                                    choices=["ssl-3.0", "tls-1.0", "tls-1.1", "tls-1.2", "client"]),
+        dynamic_mapping_ssl_server_session_state_max=dict(required=False, type="int"),
+        dynamic_mapping_ssl_server_session_state_timeout=dict(required=False, type="int"),
+        dynamic_mapping_ssl_server_session_state_type=dict(required=False, type="str",
+                                                           choices=["disable", "time", "count", "both"]),
+        dynamic_mapping_type=dict(required=False, type="str",
+                                  choices=["static-nat", "load-balance", "server-load-balance", "dns-translation",
+                                           "fqdn"]),
+        dynamic_mapping_weblogic_server=dict(required=False, type="str", choices=["disable", "enable"]),
+        dynamic_mapping_websphere_server=dict(required=False, type="str", choices=["disable", "enable"]),
+
+        dynamic_mapping_realservers_client_ip=dict(required=False, type="str"),
+        dynamic_mapping_realservers_healthcheck=dict(required=False, type="str", choices=["disable", "enable", "vip"]),
+        dynamic_mapping_realservers_holddown_interval=dict(required=False, type="int"),
+        dynamic_mapping_realservers_http_host=dict(required=False, type="str"),
+        dynamic_mapping_realservers_ip=dict(required=False, type="str"),
+        dynamic_mapping_realservers_max_connections=dict(required=False, type="int"),
+        dynamic_mapping_realservers_monitor=dict(required=False, type="str"),
+        dynamic_mapping_realservers_port=dict(required=False, type="int"),
+        dynamic_mapping_realservers_seq=dict(required=False, type="str"),
+        dynamic_mapping_realservers_status=dict(required=False, type="str", choices=["active", "standby", "disable"]),
+        dynamic_mapping_realservers_weight=dict(required=False, type="int"),
+
+        dynamic_mapping_ssl_cipher_suites_cipher=dict(required=False,
+                                                      type="str",
+                                                      choices=["TLS-RSA-WITH-RC4-128-MD5",
+                                                               "TLS-RSA-WITH-RC4-128-SHA",
+                                                               "TLS-RSA-WITH-DES-CBC-SHA",
+                                                               "TLS-RSA-WITH-3DES-EDE-CBC-SHA",
+                                                               "TLS-RSA-WITH-AES-128-CBC-SHA",
+                                                               "TLS-RSA-WITH-AES-256-CBC-SHA",
+                                                               "TLS-RSA-WITH-AES-128-CBC-SHA256",
+                                                               "TLS-RSA-WITH-AES-256-CBC-SHA256",
+                                                               "TLS-RSA-WITH-CAMELLIA-128-CBC-SHA",
+                                                               "TLS-RSA-WITH-CAMELLIA-256-CBC-SHA",
+                                                               "TLS-RSA-WITH-CAMELLIA-128-CBC-SHA256",
+                                                               "TLS-RSA-WITH-CAMELLIA-256-CBC-SHA256",
+                                                               "TLS-RSA-WITH-SEED-CBC-SHA",
+                                                               "TLS-RSA-WITH-ARIA-128-CBC-SHA256",
+                                                               "TLS-RSA-WITH-ARIA-256-CBC-SHA384",
+                                                               "TLS-DHE-RSA-WITH-DES-CBC-SHA",
+                                                               "TLS-DHE-RSA-WITH-3DES-EDE-CBC-SHA",
+                                                               "TLS-DHE-RSA-WITH-AES-128-CBC-SHA",
+                                                               "TLS-DHE-RSA-WITH-AES-256-CBC-SHA",
+                                                               "TLS-DHE-RSA-WITH-AES-128-CBC-SHA256",
+                                                               "TLS-DHE-RSA-WITH-AES-256-CBC-SHA256",
+                                                               "TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA",
+                                                               "TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA",
+                                                               "TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA256",
+                                                               "TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA256",
+                                                               "TLS-DHE-RSA-WITH-SEED-CBC-SHA",
+                                                               "TLS-DHE-RSA-WITH-ARIA-128-CBC-SHA256",
+                                                               "TLS-DHE-RSA-WITH-ARIA-256-CBC-SHA384",
+                                                               "TLS-ECDHE-RSA-WITH-RC4-128-SHA",
+                                                               "TLS-ECDHE-RSA-WITH-3DES-EDE-CBC-SHA",
+                                                               "TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA",
+                                                               "TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA",
+                                                               "TLS-ECDHE-RSA-WITH-CHACHA20-POLY1305-SHA256",
+                                                               "TLS-ECDHE-ECDSA-WITH-CHACHA20-POLY1305-SHA256",
+                                                               "TLS-DHE-RSA-WITH-CHACHA20-POLY1305-SHA256",
+                                                               "TLS-DHE-RSA-WITH-AES-128-GCM-SHA256",
+                                                               "TLS-DHE-RSA-WITH-AES-256-GCM-SHA384",
+                                                               "TLS-DHE-DSS-WITH-AES-128-CBC-SHA",
+                                                               "TLS-DHE-DSS-WITH-AES-256-CBC-SHA",
+                                                               "TLS-DHE-DSS-WITH-AES-128-CBC-SHA256",
+                                                               "TLS-DHE-DSS-WITH-AES-128-GCM-SHA256",
+                                                               "TLS-DHE-DSS-WITH-AES-256-CBC-SHA256",
+                                                               "TLS-DHE-DSS-WITH-AES-256-GCM-SHA384",
+                                                               "TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA256",
+                                                               "TLS-ECDHE-RSA-WITH-AES-128-GCM-SHA256",
+                                                               "TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA384",
+                                                               "TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384",
+                                                               "TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA",
+                                                               "TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA256",
+                                                               "TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256",
+                                                               "TLS-ECDHE-ECDSA-WITH-AES-256-CBC-SHA384",
+                                                               "TLS-ECDHE-ECDSA-WITH-AES-256-GCM-SHA384",
+                                                               "TLS-RSA-WITH-AES-128-GCM-SHA256",
+                                                               "TLS-RSA-WITH-AES-256-GCM-SHA384",
+                                                               "TLS-DHE-DSS-WITH-CAMELLIA-128-CBC-SHA",
+                                                               "TLS-DHE-DSS-WITH-CAMELLIA-256-CBC-SHA",
+                                                               "TLS-DHE-DSS-WITH-CAMELLIA-128-CBC-SHA256",
+                                                               "TLS-DHE-DSS-WITH-CAMELLIA-256-CBC-SHA256",
+                                                               "TLS-DHE-DSS-WITH-SEED-CBC-SHA",
+                                                               "TLS-DHE-DSS-WITH-ARIA-128-CBC-SHA256",
+                                                               "TLS-DHE-DSS-WITH-ARIA-256-CBC-SHA384",
+                                                               "TLS-ECDHE-RSA-WITH-ARIA-128-CBC-SHA256",
+                                                               "TLS-ECDHE-RSA-WITH-ARIA-256-CBC-SHA384",
+                                                               "TLS-ECDHE-ECDSA-WITH-ARIA-128-CBC-SHA256",
+                                                               "TLS-ECDHE-ECDSA-WITH-ARIA-256-CBC-SHA384",
+                                                               "TLS-DHE-DSS-WITH-3DES-EDE-CBC-SHA",
+                                                               "TLS-DHE-DSS-WITH-DES-CBC-SHA"]),
+        dynamic_mapping_ssl_cipher_suites_versions=dict(required=False, type="str",
+                                                        choices=["ssl-3.0", "tls-1.0", "tls-1.1", "tls-1.2"]),
+        realservers=dict(required=False, type="list"),
+        realservers_client_ip=dict(required=False, type="str"),
+        realservers_healthcheck=dict(required=False, type="str", choices=["disable", "enable", "vip"]),
+        realservers_holddown_interval=dict(required=False, type="int"),
+        realservers_http_host=dict(required=False, type="str"),
+        realservers_ip=dict(required=False, type="str"),
+        realservers_max_connections=dict(required=False, type="int"),
+        realservers_monitor=dict(required=False, type="str"),
+        realservers_port=dict(required=False, type="int"),
+        realservers_seq=dict(required=False, type="str"),
+        realservers_status=dict(required=False, type="str", choices=["active", "standby", "disable"]),
+        realservers_weight=dict(required=False, type="int"),
+        ssl_cipher_suites=dict(required=False, type="list"),
+        ssl_cipher_suites_cipher=dict(required=False,
+                                      type="str",
+                                      choices=["TLS-RSA-WITH-RC4-128-MD5",
+                                               "TLS-RSA-WITH-RC4-128-SHA",
+                                               "TLS-RSA-WITH-DES-CBC-SHA",
+                                               "TLS-RSA-WITH-3DES-EDE-CBC-SHA",
+                                               "TLS-RSA-WITH-AES-128-CBC-SHA",
+                                               "TLS-RSA-WITH-AES-256-CBC-SHA",
+                                               "TLS-RSA-WITH-AES-128-CBC-SHA256",
+                                               "TLS-RSA-WITH-AES-256-CBC-SHA256",
+                                               "TLS-RSA-WITH-CAMELLIA-128-CBC-SHA",
+                                               "TLS-RSA-WITH-CAMELLIA-256-CBC-SHA",
+                                               "TLS-RSA-WITH-CAMELLIA-128-CBC-SHA256",
+                                               "TLS-RSA-WITH-CAMELLIA-256-CBC-SHA256",
+                                               "TLS-RSA-WITH-SEED-CBC-SHA",
+                                               "TLS-RSA-WITH-ARIA-128-CBC-SHA256",
+                                               "TLS-RSA-WITH-ARIA-256-CBC-SHA384",
+                                               "TLS-DHE-RSA-WITH-DES-CBC-SHA",
+                                               "TLS-DHE-RSA-WITH-3DES-EDE-CBC-SHA",
+                                               "TLS-DHE-RSA-WITH-AES-128-CBC-SHA",
+                                               "TLS-DHE-RSA-WITH-AES-256-CBC-SHA",
+                                               "TLS-DHE-RSA-WITH-AES-128-CBC-SHA256",
+                                               "TLS-DHE-RSA-WITH-AES-256-CBC-SHA256",
+                                               "TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA",
+                                               "TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA",
+                                               "TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA256",
+                                               "TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA256",
+                                               "TLS-DHE-RSA-WITH-SEED-CBC-SHA",
+                                               "TLS-DHE-RSA-WITH-ARIA-128-CBC-SHA256",
+                                               "TLS-DHE-RSA-WITH-ARIA-256-CBC-SHA384",
+                                               "TLS-ECDHE-RSA-WITH-RC4-128-SHA",
+                                               "TLS-ECDHE-RSA-WITH-3DES-EDE-CBC-SHA",
+                                               "TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA",
+                                               "TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA",
+                                               "TLS-ECDHE-RSA-WITH-CHACHA20-POLY1305-SHA256",
+                                               "TLS-ECDHE-ECDSA-WITH-CHACHA20-POLY1305-SHA256",
+                                               "TLS-DHE-RSA-WITH-CHACHA20-POLY1305-SHA256",
+                                               "TLS-DHE-RSA-WITH-AES-128-GCM-SHA256",
+                                               "TLS-DHE-RSA-WITH-AES-256-GCM-SHA384",
+                                               "TLS-DHE-DSS-WITH-AES-128-CBC-SHA",
+                                               "TLS-DHE-DSS-WITH-AES-256-CBC-SHA",
+                                               "TLS-DHE-DSS-WITH-AES-128-CBC-SHA256",
+                                               "TLS-DHE-DSS-WITH-AES-128-GCM-SHA256",
+                                               "TLS-DHE-DSS-WITH-AES-256-CBC-SHA256",
+                                               "TLS-DHE-DSS-WITH-AES-256-GCM-SHA384",
+                                               "TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA256",
+                                               "TLS-ECDHE-RSA-WITH-AES-128-GCM-SHA256",
+                                               "TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA384",
+                                               "TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384",
+                                               "TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA",
+                                               "TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA256",
+                                               "TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256",
+                                               "TLS-ECDHE-ECDSA-WITH-AES-256-CBC-SHA384",
+                                               "TLS-ECDHE-ECDSA-WITH-AES-256-GCM-SHA384",
+                                               "TLS-RSA-WITH-AES-128-GCM-SHA256",
+                                               "TLS-RSA-WITH-AES-256-GCM-SHA384",
+                                               "TLS-DHE-DSS-WITH-CAMELLIA-128-CBC-SHA",
+                                               "TLS-DHE-DSS-WITH-CAMELLIA-256-CBC-SHA",
+                                               "TLS-DHE-DSS-WITH-CAMELLIA-128-CBC-SHA256",
+                                               "TLS-DHE-DSS-WITH-CAMELLIA-256-CBC-SHA256",
+                                               "TLS-DHE-DSS-WITH-SEED-CBC-SHA",
+                                               "TLS-DHE-DSS-WITH-ARIA-128-CBC-SHA256",
+                                               "TLS-DHE-DSS-WITH-ARIA-256-CBC-SHA384",
+                                               "TLS-ECDHE-RSA-WITH-ARIA-128-CBC-SHA256",
+                                               "TLS-ECDHE-RSA-WITH-ARIA-256-CBC-SHA384",
+                                               "TLS-ECDHE-ECDSA-WITH-ARIA-128-CBC-SHA256",
+                                               "TLS-ECDHE-ECDSA-WITH-ARIA-256-CBC-SHA384",
+                                               "TLS-DHE-DSS-WITH-3DES-EDE-CBC-SHA",
+                                               "TLS-DHE-DSS-WITH-DES-CBC-SHA"]),
+        ssl_cipher_suites_versions=dict(required=False, type="str",
+                                        choices=["ssl-3.0", "tls-1.0", "tls-1.1", "tls-1.2"]),
+        ssl_server_cipher_suites=dict(required=False, type="list"),
+        ssl_server_cipher_suites_cipher=dict(required=False,
+                                             type="str",
+                                             choices=["TLS-RSA-WITH-RC4-128-MD5",
+                                                      "TLS-RSA-WITH-RC4-128-SHA",
+                                                      "TLS-RSA-WITH-DES-CBC-SHA",
+                                                      "TLS-RSA-WITH-3DES-EDE-CBC-SHA",
+                                                      "TLS-RSA-WITH-AES-128-CBC-SHA",
+                                                      "TLS-RSA-WITH-AES-256-CBC-SHA",
+                                                      "TLS-RSA-WITH-AES-128-CBC-SHA256",
+                                                      "TLS-RSA-WITH-AES-256-CBC-SHA256",
+                                                      "TLS-RSA-WITH-CAMELLIA-128-CBC-SHA",
+                                                      "TLS-RSA-WITH-CAMELLIA-256-CBC-SHA",
+                                                      "TLS-RSA-WITH-CAMELLIA-128-CBC-SHA256",
+                                                      "TLS-RSA-WITH-CAMELLIA-256-CBC-SHA256",
+                                                      "TLS-RSA-WITH-SEED-CBC-SHA",
+                                                      "TLS-RSA-WITH-ARIA-128-CBC-SHA256",
+                                                      "TLS-RSA-WITH-ARIA-256-CBC-SHA384",
+                                                      "TLS-DHE-RSA-WITH-DES-CBC-SHA",
+                                                      "TLS-DHE-RSA-WITH-3DES-EDE-CBC-SHA",
+                                                      "TLS-DHE-RSA-WITH-AES-128-CBC-SHA",
+                                                      "TLS-DHE-RSA-WITH-AES-256-CBC-SHA",
+                                                      "TLS-DHE-RSA-WITH-AES-128-CBC-SHA256",
+                                                      "TLS-DHE-RSA-WITH-AES-256-CBC-SHA256",
+                                                      "TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA",
+                                                      "TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA",
+                                                      "TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA256",
+                                                      "TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA256",
+                                                      "TLS-DHE-RSA-WITH-SEED-CBC-SHA",
+                                                      "TLS-DHE-RSA-WITH-ARIA-128-CBC-SHA256",
+                                                      "TLS-DHE-RSA-WITH-ARIA-256-CBC-SHA384",
+                                                      "TLS-ECDHE-RSA-WITH-RC4-128-SHA",
+                                                      "TLS-ECDHE-RSA-WITH-3DES-EDE-CBC-SHA",
+                                                      "TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA",
+                                                      "TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA",
+                                                      "TLS-ECDHE-RSA-WITH-CHACHA20-POLY1305-SHA256",
+                                                      "TLS-ECDHE-ECDSA-WITH-CHACHA20-POLY1305-SHA256",
+                                                      "TLS-DHE-RSA-WITH-CHACHA20-POLY1305-SHA256",
+                                                      "TLS-DHE-RSA-WITH-AES-128-GCM-SHA256",
+                                                      "TLS-DHE-RSA-WITH-AES-256-GCM-SHA384",
+                                                      "TLS-DHE-DSS-WITH-AES-128-CBC-SHA",
+                                                      "TLS-DHE-DSS-WITH-AES-256-CBC-SHA",
+                                                      "TLS-DHE-DSS-WITH-AES-128-CBC-SHA256",
+                                                      "TLS-DHE-DSS-WITH-AES-128-GCM-SHA256",
+                                                      "TLS-DHE-DSS-WITH-AES-256-CBC-SHA256",
+                                                      "TLS-DHE-DSS-WITH-AES-256-GCM-SHA384",
+                                                      "TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA256",
+                                                      "TLS-ECDHE-RSA-WITH-AES-128-GCM-SHA256",
+                                                      "TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA384",
+                                                      "TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384",
+                                                      "TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA",
+                                                      "TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA256",
+                                                      "TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256",
+                                                      "TLS-ECDHE-ECDSA-WITH-AES-256-CBC-SHA384",
+                                                      "TLS-ECDHE-ECDSA-WITH-AES-256-GCM-SHA384",
+                                                      "TLS-RSA-WITH-AES-128-GCM-SHA256",
+                                                      "TLS-RSA-WITH-AES-256-GCM-SHA384",
+                                                      "TLS-DHE-DSS-WITH-CAMELLIA-128-CBC-SHA",
+                                                      "TLS-DHE-DSS-WITH-CAMELLIA-256-CBC-SHA",
+                                                      "TLS-DHE-DSS-WITH-CAMELLIA-128-CBC-SHA256",
+                                                      "TLS-DHE-DSS-WITH-CAMELLIA-256-CBC-SHA256",
+                                                      "TLS-DHE-DSS-WITH-SEED-CBC-SHA",
+                                                      "TLS-DHE-DSS-WITH-ARIA-128-CBC-SHA256",
+                                                      "TLS-DHE-DSS-WITH-ARIA-256-CBC-SHA384",
+                                                      "TLS-ECDHE-RSA-WITH-ARIA-128-CBC-SHA256",
+                                                      "TLS-ECDHE-RSA-WITH-ARIA-256-CBC-SHA384",
+                                                      "TLS-ECDHE-ECDSA-WITH-ARIA-128-CBC-SHA256",
+                                                      "TLS-ECDHE-ECDSA-WITH-ARIA-256-CBC-SHA384",
+                                                      "TLS-DHE-DSS-WITH-3DES-EDE-CBC-SHA",
+                                                      "TLS-DHE-DSS-WITH-DES-CBC-SHA"]),
+        ssl_server_cipher_suites_priority=dict(required=False, type="str"),
+        ssl_server_cipher_suites_versions=dict(required=False, type="str",
+                                               choices=["ssl-3.0", "tls-1.0", "tls-1.1", "tls-1.2"]),
+
+    )
+
+    module = AnsibleModule(argument_spec, supports_check_mode=False)
+
+    # MODULE PARAMGRAM
+    paramgram = {
+        "mode": module.params["mode"],
+        "adom": module.params["adom"],
+        "websphere-server": module.params["websphere_server"],
+        "weblogic-server": module.params["weblogic_server"],
+        "type": module.params["type"],
+        "ssl-server-session-state-type": module.params["ssl_server_session_state_type"],
+        "ssl-server-session-state-timeout": module.params["ssl_server_session_state_timeout"],
+        "ssl-server-session-state-max": module.params["ssl_server_session_state_max"],
+        "ssl-server-min-version": module.params["ssl_server_min_version"],
+        "ssl-server-max-version": module.params["ssl_server_max_version"],
+        "ssl-server-algorithm": module.params["ssl_server_algorithm"],
+        "ssl-send-empty-frags": module.params["ssl_send_empty_frags"],
+        "ssl-pfs": module.params["ssl_pfs"],
+        "ssl-mode": module.params["ssl_mode"],
+        "ssl-min-version": module.params["ssl_min_version"],
+        "ssl-max-version": module.params["ssl_max_version"],
+        "ssl-http-match-host": module.params["ssl_http_match_host"],
+        "ssl-http-location-conversion": module.params["ssl_http_location_conversion"],
+        "ssl-hsts-include-subdomains": module.params["ssl_hsts_include_subdomains"],
+        "ssl-hsts-age": module.params["ssl_hsts_age"],
+        "ssl-hsts": module.params["ssl_hsts"],
+        "ssl-hpkp-report-uri": module.params["ssl_hpkp_report_uri"],
+        "ssl-hpkp-primary": module.params["ssl_hpkp_primary"],
+        "ssl-hpkp-include-subdomains": module.params["ssl_hpkp_include_subdomains"],
+        "ssl-hpkp-backup": module.params["ssl_hpkp_backup"],
+        "ssl-hpkp-age": module.params["ssl_hpkp_age"],
+        "ssl-hpkp": module.params["ssl_hpkp"],
+        "ssl-dh-bits": module.params["ssl_dh_bits"],
+        "ssl-client-session-state-type": module.params["ssl_client_session_state_type"],
+        "ssl-client-session-state-timeout": module.params["ssl_client_session_state_timeout"],
+        "ssl-client-session-state-max": module.params["ssl_client_session_state_max"],
+        "ssl-client-renegotiation": module.params["ssl_client_renegotiation"],
+        "ssl-client-fallback": module.params["ssl_client_fallback"],
+        "ssl-certificate": module.params["ssl_certificate"],
+        "ssl-algorithm": module.params["ssl_algorithm"],
+        "srcintf-filter": module.params["srcintf_filter"],
+        "src-filter": module.params["src_filter"],
+        "service": module.params["service"],
+        "server-type": module.params["server_type"],
+        "protocol": module.params["protocol"],
+        "portmapping-type": module.params["portmapping_type"],
+        "portforward": module.params["portforward"],
+        "persistence": module.params["persistence"],
+        "outlook-web-access": module.params["outlook_web_access"],
+        "nat-source-vip": module.params["nat_source_vip"],
+        "name": module.params["name"],
+        "monitor": module.params["monitor"],
+        "max-embryonic-connections": module.params["max_embryonic_connections"],
+        "mappedport": module.params["mappedport"],
+        "mappedip": module.params["mappedip"],
+        "mapped-addr": module.params["mapped_addr"],
+        "ldb-method": module.params["ldb_method"],
+        "https-cookie-secure": module.params["https_cookie_secure"],
+        "http-multiplex": module.params["http_multiplex"],
+        "http-ip-header-name": module.params["http_ip_header_name"],
+        "http-ip-header": module.params["http_ip_header"],
+        "http-cookie-share": module.params["http_cookie_share"],
+        "http-cookie-path": module.params["http_cookie_path"],
+        "http-cookie-generation": module.params["http_cookie_generation"],
+        "http-cookie-domain-from-host": module.params["http_cookie_domain_from_host"],
+        "http-cookie-domain": module.params["http_cookie_domain"],
+        "http-cookie-age": module.params["http_cookie_age"],
+        "gratuitous-arp-interval": module.params["gratuitous_arp_interval"],
+        "extport": module.params["extport"],
+        "extip": module.params["extip"],
+        "extintf": module.params["extintf"],
+        "extaddr": module.params["extaddr"],
+        "dns-mapping-ttl": module.params["dns_mapping_ttl"],
+        "comment": module.params["comment"],
+        "color": module.params["color"],
+        "arp-reply": module.params["arp_reply"],
+        "dynamic_mapping": {
+            "arp-reply": module.params["dynamic_mapping_arp_reply"],
+            "color": module.params["dynamic_mapping_color"],
+            "comment": module.params["dynamic_mapping_comment"],
+            "dns-mapping-ttl": module.params["dynamic_mapping_dns_mapping_ttl"],
+            "extaddr": module.params["dynamic_mapping_extaddr"],
+            "extintf": module.params["dynamic_mapping_extintf"],
+            "extip": module.params["dynamic_mapping_extip"],
+            "extport": module.params["dynamic_mapping_extport"],
+            "gratuitous-arp-interval": module.params["dynamic_mapping_gratuitous_arp_interval"],
+            "http-cookie-age": module.params["dynamic_mapping_http_cookie_age"],
+            "http-cookie-domain": module.params["dynamic_mapping_http_cookie_domain"],
+            "http-cookie-domain-from-host": module.params["dynamic_mapping_http_cookie_domain_from_host"],
+            "http-cookie-generation": module.params["dynamic_mapping_http_cookie_generation"],
+            "http-cookie-path": module.params["dynamic_mapping_http_cookie_path"],
+            "http-cookie-share": module.params["dynamic_mapping_http_cookie_share"],
+            "http-ip-header": module.params["dynamic_mapping_http_ip_header"],
+            "http-ip-header-name": module.params["dynamic_mapping_http_ip_header_name"],
+            "http-multiplex": module.params["dynamic_mapping_http_multiplex"],
+            "https-cookie-secure": module.params["dynamic_mapping_https_cookie_secure"],
+            "ldb-method": module.params["dynamic_mapping_ldb_method"],
+            "mapped-addr": module.params["dynamic_mapping_mapped_addr"],
+            "mappedip": module.params["dynamic_mapping_mappedip"],
+            "mappedport": module.params["dynamic_mapping_mappedport"],
+            "max-embryonic-connections": module.params["dynamic_mapping_max_embryonic_connections"],
+            "monitor": module.params["dynamic_mapping_monitor"],
+            "nat-source-vip": module.params["dynamic_mapping_nat_source_vip"],
+            "outlook-web-access": module.params["dynamic_mapping_outlook_web_access"],
+            "persistence": module.params["dynamic_mapping_persistence"],
+            "portforward": module.params["dynamic_mapping_portforward"],
+            "portmapping-type": module.params["dynamic_mapping_portmapping_type"],
+            "protocol": module.params["dynamic_mapping_protocol"],
+            "server-type": module.params["dynamic_mapping_server_type"],
+            "service": module.params["dynamic_mapping_service"],
+            "src-filter": module.params["dynamic_mapping_src_filter"],
+            "srcintf-filter": module.params["dynamic_mapping_srcintf_filter"],
+            "ssl-algorithm": module.params["dynamic_mapping_ssl_algorithm"],
+            "ssl-certificate": module.params["dynamic_mapping_ssl_certificate"],
+            "ssl-client-fallback": module.params["dynamic_mapping_ssl_client_fallback"],
+            "ssl-client-renegotiation": module.params["dynamic_mapping_ssl_client_renegotiation"],
+            "ssl-client-session-state-max": module.params["dynamic_mapping_ssl_client_session_state_max"],
+            "ssl-client-session-state-timeout": module.params["dynamic_mapping_ssl_client_session_state_timeout"],
+            "ssl-client-session-state-type": module.params["dynamic_mapping_ssl_client_session_state_type"],
+            "ssl-dh-bits": module.params["dynamic_mapping_ssl_dh_bits"],
+            "ssl-hpkp": module.params["dynamic_mapping_ssl_hpkp"],
+            "ssl-hpkp-age": module.params["dynamic_mapping_ssl_hpkp_age"],
+            "ssl-hpkp-backup": module.params["dynamic_mapping_ssl_hpkp_backup"],
+            "ssl-hpkp-include-subdomains": module.params["dynamic_mapping_ssl_hpkp_include_subdomains"],
+            "ssl-hpkp-primary": module.params["dynamic_mapping_ssl_hpkp_primary"],
+            "ssl-hpkp-report-uri": module.params["dynamic_mapping_ssl_hpkp_report_uri"],
+            "ssl-hsts": module.params["dynamic_mapping_ssl_hsts"],
+            "ssl-hsts-age": module.params["dynamic_mapping_ssl_hsts_age"],
+            "ssl-hsts-include-subdomains": module.params["dynamic_mapping_ssl_hsts_include_subdomains"],
+            "ssl-http-location-conversion": module.params["dynamic_mapping_ssl_http_location_conversion"],
+            "ssl-http-match-host": module.params["dynamic_mapping_ssl_http_match_host"],
+            "ssl-max-version": module.params["dynamic_mapping_ssl_max_version"],
+            "ssl-min-version": module.params["dynamic_mapping_ssl_min_version"],
+            "ssl-mode": module.params["dynamic_mapping_ssl_mode"],
+            "ssl-pfs": module.params["dynamic_mapping_ssl_pfs"],
+            "ssl-send-empty-frags": module.params["dynamic_mapping_ssl_send_empty_frags"],
+            "ssl-server-algorithm": module.params["dynamic_mapping_ssl_server_algorithm"],
+            "ssl-server-max-version": module.params["dynamic_mapping_ssl_server_max_version"],
+            "ssl-server-min-version": module.params["dynamic_mapping_ssl_server_min_version"],
+            "ssl-server-session-state-max": module.params["dynamic_mapping_ssl_server_session_state_max"],
+            "ssl-server-session-state-timeout": module.params["dynamic_mapping_ssl_server_session_state_timeout"],
+            "ssl-server-session-state-type": module.params["dynamic_mapping_ssl_server_session_state_type"],
+            "type": module.params["dynamic_mapping_type"],
+            "weblogic-server": module.params["dynamic_mapping_weblogic_server"],
+            "websphere-server": module.params["dynamic_mapping_websphere_server"],
+            "realservers": {
+                "client-ip": module.params["dynamic_mapping_realservers_client_ip"],
+                "healthcheck": module.params["dynamic_mapping_realservers_healthcheck"],
+                "holddown-interval": module.params["dynamic_mapping_realservers_holddown_interval"],
+                "http-host": module.params["dynamic_mapping_realservers_http_host"],
+                "ip": module.params["dynamic_mapping_realservers_ip"],
+                "max-connections": module.params["dynamic_mapping_realservers_max_connections"],
+                "monitor": module.params["dynamic_mapping_realservers_monitor"],
+                "port": module.params["dynamic_mapping_realservers_port"],
+                "seq": module.params["dynamic_mapping_realservers_seq"],
+                "status": module.params["dynamic_mapping_realservers_status"],
+                "weight": module.params["dynamic_mapping_realservers_weight"],
+            },
+            "ssl-cipher-suites": {
+                "cipher": module.params["dynamic_mapping_ssl_cipher_suites_cipher"],
+                "versions": module.params["dynamic_mapping_ssl_cipher_suites_versions"],
+            },
+        },
+        "realservers": {
+            "client-ip": module.params["realservers_client_ip"],
+            "healthcheck": module.params["realservers_healthcheck"],
+            "holddown-interval": module.params["realservers_holddown_interval"],
+            "http-host": module.params["realservers_http_host"],
+            "ip": module.params["realservers_ip"],
+            "max-connections": module.params["realservers_max_connections"],
+            "monitor": module.params["realservers_monitor"],
+            "port": module.params["realservers_port"],
+            "seq": module.params["realservers_seq"],
+            "status": module.params["realservers_status"],
+            "weight": module.params["realservers_weight"],
+        },
+        "ssl-cipher-suites": {
+            "cipher": module.params["ssl_cipher_suites_cipher"],
+            "versions": module.params["ssl_cipher_suites_versions"],
+        },
+        "ssl-server-cipher-suites": {
+            "cipher": module.params["ssl_server_cipher_suites_cipher"],
+            "priority": module.params["ssl_server_cipher_suites_priority"],
+            "versions": module.params["ssl_server_cipher_suites_versions"],
+        }
+    }
+
+    list_overrides = ['dynamic_mapping', 'realservers', 'ssl-cipher-suites', 'ssl-server-cipher-suites']
+    for list_variable in list_overrides:
+        override_data = list()
+        try:
+            override_data = module.params[list_variable]
+        except:
+            pass
+        try:
+            if override_data:
+                del paramgram[list_variable]
+                paramgram[list_variable] = override_data
+        except:
+            pass
+
+    # CHECK IF THE HOST/USERNAME/PW EXISTS, AND IF IT DOES, LOGIN.
+    host = module.params["host"]
+    password = module.params["password"]
+    username = module.params["username"]
+    if host is None or username is None or password is None:
+        module.fail_json(msg="Host and username and password are required")
+
+    # CHECK IF LOGIN FAILED
+    fmg = AnsibleFortiManager(module, module.params["host"], module.params["username"], module.params["password"])
+
+    response = fmg.login()
+    if response[1]['status']['code'] != 0:
+        module.fail_json(msg="Connection to FortiManager Failed")
+
+    results = fmgr_firewall_vip_addsetdelete(fmg, paramgram)
+    if results[0] != 0:
+        fmgr_logout(fmg, module, results=results, good_codes=[0, -3])
+
+    fmg.logout()
+
+    if results is not None:
+        return module.exit_json(**results[1])
+    else:
+        return module.exit_json(msg="No results were returned from the API call.")
+
+
+if __name__ == "__main__":
+    main()