#!/usr/bin/python # # This file is part of Ansible # # Ansible is free software: you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation, either version 3 of the License, or # (at your option) any later version. # # Ansible is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with Ansible. If not, see . # from __future__ import absolute_import, division, print_function __metaclass__ = type ANSIBLE_METADATA = {'status': ['preview'], 'supported_by': 'community', 'metadata_version': '1.1'} DOCUMENTATION = ''' --- module: fmgr_fwobj_vip version_added: "2.8" author: - Luke Weighall (@lweighall) - Andrew Welsh (@Ghilli3) - Jim Huber (@p4r4n0y1ng) short_description: Manages Virtual IPs objects in FortiManager description: - Manages Virtual IP objects in FortiManager for IPv4 options: adom: description: - The ADOM the configuration should belong to. required: false default: root host: description: - The FortiManager's Address. required: true username: description: - The username associated with the account. required: true password: description: - The password associated with the username account. required: true mode: description: - Sets one of three modes for managing the object. - Allows use of soft-adds instead of overwriting existing values choices: ['add', 'set', 'delete', 'update'] required: false default: add websphere_server: description: - Enable to add an HTTP header to indicate SSL offloading for a WebSphere server. - choice | disable | Do not add HTTP header indicating SSL offload for WebSphere server. - choice | enable | Add HTTP header indicating SSL offload for WebSphere server. required: false choices: ["disable", "enable"] weblogic_server: description: - Enable to add an HTTP header to indicate SSL offloading for a WebLogic server. - choice | disable | Do not add HTTP header indicating SSL offload for WebLogic server. - choice | enable | Add HTTP header indicating SSL offload for WebLogic server. required: false choices: ["disable", "enable"] type: description: - Configure a static NAT, load balance, server load balance, DNS translation, or FQDN VIP. - choice | static-nat | Static NAT. - choice | load-balance | Load balance. - choice | server-load-balance | Server load balance. - choice | dns-translation | DNS translation. - choice | fqdn | FQDN Translation required: false choices: ["static-nat", "load-balance", "server-load-balance", "dns-translation", "fqdn"] ssl_server_session_state_type: description: - How to expire SSL sessions for the segment of the SSL connection between the server and the FortiGate. - choice | disable | Do not keep session states. - choice | time | Expire session states after this many minutes. - choice | count | Expire session states when this maximum is reached. - choice | both | Expire session states based on time or count, whichever occurs first. required: false choices: ["disable", "time", "count", "both"] ssl_server_session_state_timeout: description: - Number of minutes to keep FortiGate to Server SSL session state. required: false ssl_server_session_state_max: description: - Maximum number of FortiGate to Server SSL session states to keep. required: false ssl_server_min_version: description: - Lowest SSL/TLS version acceptable from a server. Use the client setting by default. - choice | ssl-3.0 | SSL 3.0. - choice | tls-1.0 | TLS 1.0. - choice | tls-1.1 | TLS 1.1. - choice | tls-1.2 | TLS 1.2. - choice | client | Use same value as client configuration. required: false choices: ["ssl-3.0", "tls-1.0", "tls-1.1", "tls-1.2", "client"] ssl_server_max_version: description: - Highest SSL/TLS version acceptable from a server. Use the client setting by default. - choice | ssl-3.0 | SSL 3.0. - choice | tls-1.0 | TLS 1.0. - choice | tls-1.1 | TLS 1.1. - choice | tls-1.2 | TLS 1.2. - choice | client | Use same value as client configuration. required: false choices: ["ssl-3.0", "tls-1.0", "tls-1.1", "tls-1.2", "client"] ssl_server_algorithm: description: - Permitted encryption algorithms for the server side of SSL full mode sessions according to encryption strength - choice | high | High encryption. Allow only AES and ChaCha. - choice | low | Low encryption. Allow AES, ChaCha, 3DES, RC4, and DES. - choice | medium | Medium encryption. Allow AES, ChaCha, 3DES, and RC4. - choice | custom | Custom encryption. Use ssl-server-cipher-suites to select the cipher suites that are allowed. - choice | client | Use the same encryption algorithms for both client and server sessions. required: false choices: ["high", "low", "medium", "custom", "client"] ssl_send_empty_frags: description: - Enable/disable sending empty fragments to avoid CBC IV attacks (SSL 3.0 & TLS 1.0 only). - choice | disable | Do not send empty fragments. - choice | enable | Send empty fragments. required: false choices: ["disable", "enable"] ssl_pfs: description: - Select the cipher suites that can be used for SSL perfect forward secrecy (PFS). - choice | require | Allow only Diffie-Hellman cipher-suites, so PFS is applied. - choice | deny | Allow only non-Diffie-Hellman cipher-suites, so PFS is not applied. - choice | allow | Allow use of any cipher suite so PFS may or may not be used depending on the cipher suite required: false choices: ["require", "deny", "allow"] ssl_mode: description: - Apply SSL offloading mode - choice | half | Client to FortiGate SSL. - choice | full | Client to FortiGate and FortiGate to Server SSL. required: false choices: ["half", "full"] ssl_min_version: description: - Lowest SSL/TLS version acceptable from a client. - choice | ssl-3.0 | SSL 3.0. - choice | tls-1.0 | TLS 1.0. - choice | tls-1.1 | TLS 1.1. - choice | tls-1.2 | TLS 1.2. required: false choices: ["ssl-3.0", "tls-1.0", "tls-1.1", "tls-1.2"] ssl_max_version: description: - Highest SSL/TLS version acceptable from a client. - choice | ssl-3.0 | SSL 3.0. - choice | tls-1.0 | TLS 1.0. - choice | tls-1.1 | TLS 1.1. - choice | tls-1.2 | TLS 1.2. required: false choices: ["ssl-3.0", "tls-1.0", "tls-1.1", "tls-1.2"] ssl_http_match_host: description: - Enable/disable HTTP host matching for location conversion. - choice | disable | Do not match HTTP host. - choice | enable | Match HTTP host in response header. required: false choices: ["disable", "enable"] ssl_http_location_conversion: description: - Enable to replace HTTP with HTTPS in the reply's Location HTTP header field. - choice | disable | Disable HTTP location conversion. - choice | enable | Enable HTTP location conversion. required: false choices: ["disable", "enable"] ssl_hsts_include_subdomains: description: - Indicate that HSTS header applies to all subdomains. - choice | disable | HSTS header does not apply to subdomains. - choice | enable | HSTS header applies to subdomains. required: false choices: ["disable", "enable"] ssl_hsts_age: description: - Number of seconds the client should honour the HSTS setting. required: false ssl_hsts: description: - Enable/disable including HSTS header in response. - choice | disable | Do not add a HSTS header to each a HTTP response. - choice | enable | Add a HSTS header to each HTTP response. required: false choices: ["disable", "enable"] ssl_hpkp_report_uri: description: - URL to report HPKP violations to. required: false ssl_hpkp_primary: description: - Certificate to generate primary HPKP pin from. required: false ssl_hpkp_include_subdomains: description: - Indicate that HPKP header applies to all subdomains. - choice | disable | HPKP header does not apply to subdomains. - choice | enable | HPKP header applies to subdomains. required: false choices: ["disable", "enable"] ssl_hpkp_backup: description: - Certificate to generate backup HPKP pin from. required: false ssl_hpkp_age: description: - Number of seconds the client should honour the HPKP setting. required: false ssl_hpkp: description: - Enable/disable including HPKP header in response. - choice | disable | Do not add a HPKP header to each HTTP response. - choice | enable | Add a HPKP header to each a HTTP response. - choice | report-only | Add a HPKP Report-Only header to each HTTP response. required: false choices: ["disable", "enable", "report-only"] ssl_dh_bits: description: - Number of bits to use in the Diffie-Hellman exchange for RSA encryption of SSL sessions. - choice | 768 | 768-bit Diffie-Hellman prime. - choice | 1024 | 1024-bit Diffie-Hellman prime. - choice | 1536 | 1536-bit Diffie-Hellman prime. - choice | 2048 | 2048-bit Diffie-Hellman prime. - choice | 3072 | 3072-bit Diffie-Hellman prime. - choice | 4096 | 4096-bit Diffie-Hellman prime. required: false choices: ["768", "1024", "1536", "2048", "3072", "4096"] ssl_client_session_state_type: description: - How to expire SSL sessions for the segment of the SSL connection between the client and the FortiGate. - choice | disable | Do not keep session states. - choice | time | Expire session states after this many minutes. - choice | count | Expire session states when this maximum is reached. - choice | both | Expire session states based on time or count, whichever occurs first. required: false choices: ["disable", "time", "count", "both"] ssl_client_session_state_timeout: description: - Number of minutes to keep client to FortiGate SSL session state. required: false ssl_client_session_state_max: description: - Maximum number of client to FortiGate SSL session states to keep. required: false ssl_client_renegotiation: description: - Allow, deny, or require secure renegotiation of client sessions to comply with RFC 5746. - choice | deny | Abort any client initiated SSL re-negotiation attempt. - choice | allow | Allow a SSL client to renegotiate. - choice | secure | Abort any client initiated SSL re-negotiation attempt that does not use RFC 5746. required: false choices: ["deny", "allow", "secure"] ssl_client_fallback: description: - Enable/disable support for preventing Downgrade Attacks on client connections (RFC 7507). - choice | disable | Disable. - choice | enable | Enable. required: false choices: ["disable", "enable"] ssl_certificate: description: - The name of the SSL certificate to use for SSL acceleration. required: false ssl_algorithm: description: - Permitted encryption algorithms for SSL sessions according to encryption strength. - choice | high | High encryption. Allow only AES and ChaCha. - choice | medium | Medium encryption. Allow AES, ChaCha, 3DES, and RC4. - choice | low | Low encryption. Allow AES, ChaCha, 3DES, RC4, and DES. - choice | custom | Custom encryption. Use config ssl-cipher-suites to select the cipher suites that are allow required: false choices: ["high", "medium", "low", "custom"] srcintf_filter: description: - Interfaces to which the VIP applies. Separate the names with spaces. required: false src_filter: description: - Source address filter. Each address must be either an IP/subnet (x.x.x.x/n) or a range (x.x.x.x-y.y.y.y). - Separate addresses with spaces. required: false service: description: - Service name. required: false server_type: description: - Protocol to be load balanced by the virtual server (also called the server load balance virtual IP). - choice | http | HTTP - choice | https | HTTPS - choice | ssl | SSL - choice | tcp | TCP - choice | udp | UDP - choice | ip | IP - choice | imaps | IMAPS - choice | pop3s | POP3S - choice | smtps | SMTPS required: false choices: ["http", "https", "ssl", "tcp", "udp", "ip", "imaps", "pop3s", "smtps"] protocol: description: - Protocol to use when forwarding packets. - choice | tcp | TCP. - choice | udp | UDP. - choice | sctp | SCTP. - choice | icmp | ICMP. required: false choices: ["tcp", "udp", "sctp", "icmp"] portmapping_type: description: - Port mapping type. - choice | 1-to-1 | One to one. - choice | m-to-n | Many to many. required: false choices: ["1-to-1", "m-to-n"] portforward: description: - Enable/disable port forwarding. - choice | disable | Disable port forward. - choice | enable | Enable port forward. required: false choices: ["disable", "enable"] persistence: description: - Configure how to make sure that clients connect to the same server every time they make a request that is part - of the same session. - choice | none | None. - choice | http-cookie | HTTP cookie. - choice | ssl-session-id | SSL session ID. required: false choices: ["none", "http-cookie", "ssl-session-id"] outlook_web_access: description: - Enable to add the Front-End-Https header for Microsoft Outlook Web Access. - choice | disable | Disable Outlook Web Access support. - choice | enable | Enable Outlook Web Access support. required: false choices: ["disable", "enable"] nat_source_vip: description: - Enable to prevent unintended servers from using a virtual IP. - Disable to use the actual IP address of the server as the source address. - choice | disable | Do not force to NAT as VIP. - choice | enable | Force to NAT as VIP. required: false choices: ["disable", "enable"] name: description: - Virtual IP name. required: false monitor: description: - Name of the health check monitor to use when polling to determine a virtual server's connectivity status. required: false max_embryonic_connections: description: - Maximum number of incomplete connections. required: false mappedport: description: - Port number range on the destination network to which the external port number range is mapped. required: false mappedip: description: - IP address or address range on the destination network to which the external IP address is mapped. required: false mapped_addr: description: - Mapped FQDN address name. required: false ldb_method: description: - Method used to distribute sessions to real servers. - choice | static | Distribute to server based on source IP. - choice | round-robin | Distribute to server based round robin order. - choice | weighted | Distribute to server based on weight. - choice | least-session | Distribute to server with lowest session count. - choice | least-rtt | Distribute to server with lowest Round-Trip-Time. - choice | first-alive | Distribute to the first server that is alive. - choice | http-host | Distribute to server based on host field in HTTP header. required: false choices: ["static", "round-robin", "weighted", "least-session", "least-rtt", "first-alive", "http-host"] https_cookie_secure: description: - Enable/disable verification that inserted HTTPS cookies are secure. - choice | disable | Do not mark cookie as secure, allow sharing between an HTTP and HTTPS connection. - choice | enable | Mark inserted cookie as secure, cookie can only be used for HTTPS a connection. required: false choices: ["disable", "enable"] http_multiplex: description: - Enable/disable HTTP multiplexing. - choice | disable | Disable HTTP session multiplexing. - choice | enable | Enable HTTP session multiplexing. required: false choices: ["disable", "enable"] http_ip_header_name: description: - For HTTP multiplexing, enter a custom HTTPS header name. The orig client IP address is added to this header. - If empty, X-Forwarded-For is used. required: false http_ip_header: description: - For HTTP multiplexing, enable to add the original client IP address in the XForwarded-For HTTP header. - choice | disable | Disable adding HTTP header. - choice | enable | Enable adding HTTP header. required: false choices: ["disable", "enable"] http_cookie_share: description: - Control sharing of cookies across virtual servers. same-ip means a cookie from one virtual server can be used - by another. Disable stops cookie sharing. - choice | disable | Only allow HTTP cookie to match this virtual server. - choice | same-ip | Allow HTTP cookie to match any virtual server with same IP. required: false choices: ["disable", "same-ip"] http_cookie_path: description: - Limit HTTP cookie persistence to the specified path. required: false http_cookie_generation: description: - Generation of HTTP cookie to be accepted. Changing invalidates all existing cookies. required: false http_cookie_domain_from_host: description: - Enable/disable use of HTTP cookie domain from host field in HTTP. - choice | disable | Disable use of HTTP cookie domain from host field in HTTP (use http-cooke-domain setting). - choice | enable | Enable use of HTTP cookie domain from host field in HTTP. required: false choices: ["disable", "enable"] http_cookie_domain: description: - Domain that HTTP cookie persistence should apply to. required: false http_cookie_age: description: - Time in minutes that client web browsers should keep a cookie. Default is 60 seconds. 0 = no time limit. required: false gratuitous_arp_interval: description: - Enable to have the VIP send gratuitous ARPs. 0=disabled. Set from 5 up to 8640000 seconds to enable. required: false extport: description: - Incoming port number range that you want to map to a port number range on the destination network. required: false extip: description: - IP address or address range on the external interface that you want to map to an address or address range on t - he destination network. required: false extintf: description: - Interface connected to the source network that receives the packets that will be forwarded to the destination - network. required: false extaddr: description: - External FQDN address name. required: false dns_mapping_ttl: description: - DNS mapping TTL (Set to zero to use TTL in DNS response, default = 0). required: false comment: description: - Comment. required: false color: description: - Color of icon on the GUI. required: false arp_reply: description: - Enable to respond to ARP requests for this virtual IP address. Enabled by default. - choice | disable | Disable ARP reply. - choice | enable | Enable ARP reply. required: false choices: ["disable", "enable"] dynamic_mapping: description: - EXPERTS ONLY! KNOWLEDGE OF FMGR JSON API IS REQUIRED! - List of multiple child objects to be added. Expects a list of dictionaries. - Dictionaries must use FortiManager API parameters, not the ansible ones listed below. - If submitted, all other prefixed sub-parameters ARE IGNORED. - This object is MUTUALLY EXCLUSIVE with its options. - We expect that you know what you are doing with these list parameters, and are leveraging the JSON API Guide. - WHEN IN DOUBT, USE THE SUB OPTIONS BELOW INSTEAD TO CREATE OBJECTS WITH MULTIPLE TASKS required: false dynamic_mapping_arp_reply: description: - Dynamic Mapping Version of Suffixed Option Name. Sub-Table. Same Descriptions as Parent. - choice | disable | - choice | enable | required: false choices: ["disable", "enable"] dynamic_mapping_color: description: - Dynamic Mapping Version of Suffixed Option Name. Sub-Table. Same Descriptions as Parent. required: false dynamic_mapping_comment: description: - Dynamic Mapping Version of Suffixed Option Name. Sub-Table. Same Descriptions as Parent. required: false dynamic_mapping_dns_mapping_ttl: description: - Dynamic Mapping Version of Suffixed Option Name. Sub-Table. Same Descriptions as Parent. required: false dynamic_mapping_extaddr: description: - Dynamic Mapping Version of Suffixed Option Name. Sub-Table. Same Descriptions as Parent. required: false dynamic_mapping_extintf: description: - Dynamic Mapping Version of Suffixed Option Name. Sub-Table. Same Descriptions as Parent. required: false dynamic_mapping_extip: description: - Dynamic Mapping Version of Suffixed Option Name. Sub-Table. Same Descriptions as Parent. required: false dynamic_mapping_extport: description: - Dynamic Mapping Version of Suffixed Option Name. Sub-Table. Same Descriptions as Parent. required: false dynamic_mapping_gratuitous_arp_interval: description: - Dynamic Mapping Version of Suffixed Option Name. Sub-Table. Same Descriptions as Parent. required: false dynamic_mapping_http_cookie_age: description: - Dynamic Mapping Version of Suffixed Option Name. Sub-Table. Same Descriptions as Parent. required: false dynamic_mapping_http_cookie_domain: description: - Dynamic Mapping Version of Suffixed Option Name. Sub-Table. Same Descriptions as Parent. required: false dynamic_mapping_http_cookie_domain_from_host: description: - Dynamic Mapping Version of Suffixed Option Name. Sub-Table. Same Descriptions as Parent. - choice | disable | - choice | enable | required: false choices: ["disable", "enable"] dynamic_mapping_http_cookie_generation: description: - Dynamic Mapping Version of Suffixed Option Name. Sub-Table. Same Descriptions as Parent. required: false dynamic_mapping_http_cookie_path: description: - Dynamic Mapping Version of Suffixed Option Name. Sub-Table. Same Descriptions as Parent. required: false dynamic_mapping_http_cookie_share: description: - Dynamic Mapping Version of Suffixed Option Name. Sub-Table. Same Descriptions as Parent. - choice | disable | - choice | same-ip | required: false choices: ["disable", "same-ip"] dynamic_mapping_http_ip_header: description: - Dynamic Mapping Version of Suffixed Option Name. Sub-Table. Same Descriptions as Parent. - choice | disable | - choice | enable | required: false choices: ["disable", "enable"] dynamic_mapping_http_ip_header_name: description: - Dynamic Mapping Version of Suffixed Option Name. Sub-Table. Same Descriptions as Parent. required: false dynamic_mapping_http_multiplex: description: - Dynamic Mapping Version of Suffixed Option Name. Sub-Table. Same Descriptions as Parent. - choice | disable | - choice | enable | required: false choices: ["disable", "enable"] dynamic_mapping_https_cookie_secure: description: - Dynamic Mapping Version of Suffixed Option Name. Sub-Table. Same Descriptions as Parent. - choice | disable | - choice | enable | required: false choices: ["disable", "enable"] dynamic_mapping_ldb_method: description: - Dynamic Mapping Version of Suffixed Option Name. Sub-Table. Same Descriptions as Parent. - choice | static | - choice | round-robin | - choice | weighted | - choice | least-session | - choice | least-rtt | - choice | first-alive | - choice | http-host | required: false choices: ["static", "round-robin", "weighted", "least-session", "least-rtt", "first-alive", "http-host"] dynamic_mapping_mapped_addr: description: - Dynamic Mapping Version of Suffixed Option Name. Sub-Table. Same Descriptions as Parent. required: false dynamic_mapping_mappedip: description: - Dynamic Mapping Version of Suffixed Option Name. Sub-Table. Same Descriptions as Parent. required: false dynamic_mapping_mappedport: description: - Dynamic Mapping Version of Suffixed Option Name. Sub-Table. Same Descriptions as Parent. required: false dynamic_mapping_max_embryonic_connections: description: - Dynamic Mapping Version of Suffixed Option Name. Sub-Table. Same Descriptions as Parent. required: false dynamic_mapping_monitor: description: - Dynamic Mapping Version of Suffixed Option Name. Sub-Table. Same Descriptions as Parent. required: false dynamic_mapping_nat_source_vip: description: - Dynamic Mapping Version of Suffixed Option Name. Sub-Table. Same Descriptions as Parent. - choice | disable | - choice | enable | required: false choices: ["disable", "enable"] dynamic_mapping_outlook_web_access: description: - Dynamic Mapping Version of Suffixed Option Name. Sub-Table. Same Descriptions as Parent. - choice | disable | - choice | enable | required: false choices: ["disable", "enable"] dynamic_mapping_persistence: description: - Dynamic Mapping Version of Suffixed Option Name. Sub-Table. Same Descriptions as Parent. - choice | none | - choice | http-cookie | - choice | ssl-session-id | required: false choices: ["none", "http-cookie", "ssl-session-id"] dynamic_mapping_portforward: description: - Dynamic Mapping Version of Suffixed Option Name. Sub-Table. Same Descriptions as Parent. - choice | disable | - choice | enable | required: false choices: ["disable", "enable"] dynamic_mapping_portmapping_type: description: - Dynamic Mapping Version of Suffixed Option Name. Sub-Table. Same Descriptions as Parent. - choice | 1-to-1 | - choice | m-to-n | required: false choices: ["1-to-1", "m-to-n"] dynamic_mapping_protocol: description: - Dynamic Mapping Version of Suffixed Option Name. Sub-Table. Same Descriptions as Parent. - choice | tcp | - choice | udp | - choice | sctp | - choice | icmp | required: false choices: ["tcp", "udp", "sctp", "icmp"] dynamic_mapping_server_type: description: - Dynamic Mapping Version of Suffixed Option Name. Sub-Table. Same Descriptions as Parent. - choice | http | - choice | https | - choice | ssl | - choice | tcp | - choice | udp | - choice | ip | - choice | imaps | - choice | pop3s | - choice | smtps | required: false choices: ["http", "https", "ssl", "tcp", "udp", "ip", "imaps", "pop3s", "smtps"] dynamic_mapping_service: description: - Dynamic Mapping Version of Suffixed Option Name. Sub-Table. Same Descriptions as Parent. required: false dynamic_mapping_src_filter: description: - Dynamic Mapping Version of Suffixed Option Name. Sub-Table. Same Descriptions as Parent. required: false dynamic_mapping_srcintf_filter: description: - Dynamic Mapping Version of Suffixed Option Name. Sub-Table. Same Descriptions as Parent. required: false dynamic_mapping_ssl_algorithm: description: - Dynamic Mapping Version of Suffixed Option Name. Sub-Table. Same Descriptions as Parent. - choice | high | - choice | medium | - choice | low | - choice | custom | required: false choices: ["high", "medium", "low", "custom"] dynamic_mapping_ssl_certificate: description: - Dynamic Mapping Version of Suffixed Option Name. Sub-Table. Same Descriptions as Parent. required: false dynamic_mapping_ssl_client_fallback: description: - Dynamic Mapping Version of Suffixed Option Name. Sub-Table. Same Descriptions as Parent. - choice | disable | - choice | enable | required: false choices: ["disable", "enable"] dynamic_mapping_ssl_client_renegotiation: description: - Dynamic Mapping Version of Suffixed Option Name. Sub-Table. Same Descriptions as Parent. - choice | deny | - choice | allow | - choice | secure | required: false choices: ["deny", "allow", "secure"] dynamic_mapping_ssl_client_session_state_max: description: - Dynamic Mapping Version of Suffixed Option Name. Sub-Table. Same Descriptions as Parent. required: false dynamic_mapping_ssl_client_session_state_timeout: description: - Dynamic Mapping Version of Suffixed Option Name. Sub-Table. Same Descriptions as Parent. required: false dynamic_mapping_ssl_client_session_state_type: description: - Dynamic Mapping Version of Suffixed Option Name. Sub-Table. Same Descriptions as Parent. - choice | disable | - choice | time | - choice | count | - choice | both | required: false choices: ["disable", "time", "count", "both"] dynamic_mapping_ssl_dh_bits: description: - Dynamic Mapping Version of Suffixed Option Name. Sub-Table. Same Descriptions as Parent. - choice | 768 | - choice | 1024 | - choice | 1536 | - choice | 2048 | - choice | 3072 | - choice | 4096 | required: false choices: ["768", "1024", "1536", "2048", "3072", "4096"] dynamic_mapping_ssl_hpkp: description: - Dynamic Mapping Version of Suffixed Option Name. Sub-Table. Same Descriptions as Parent. - choice | disable | - choice | enable | - choice | report-only | required: false choices: ["disable", "enable", "report-only"] dynamic_mapping_ssl_hpkp_age: description: - Dynamic Mapping Version of Suffixed Option Name. Sub-Table. Same Descriptions as Parent. required: false dynamic_mapping_ssl_hpkp_backup: description: - Dynamic Mapping Version of Suffixed Option Name. Sub-Table. Same Descriptions as Parent. required: false dynamic_mapping_ssl_hpkp_include_subdomains: description: - Dynamic Mapping Version of Suffixed Option Name. Sub-Table. Same Descriptions as Parent. - choice | disable | - choice | enable | required: false choices: ["disable", "enable"] dynamic_mapping_ssl_hpkp_primary: description: - Dynamic Mapping Version of Suffixed Option Name. Sub-Table. Same Descriptions as Parent. required: false dynamic_mapping_ssl_hpkp_report_uri: description: - Dynamic Mapping Version of Suffixed Option Name. Sub-Table. Same Descriptions as Parent. required: false dynamic_mapping_ssl_hsts: description: - Dynamic Mapping Version of Suffixed Option Name. Sub-Table. Same Descriptions as Parent. - choice | disable | - choice | enable | required: false choices: ["disable", "enable"] dynamic_mapping_ssl_hsts_age: description: - Dynamic Mapping Version of Suffixed Option Name. Sub-Table. Same Descriptions as Parent. required: false dynamic_mapping_ssl_hsts_include_subdomains: description: - Dynamic Mapping Version of Suffixed Option Name. Sub-Table. Same Descriptions as Parent. - choice | disable | - choice | enable | required: false choices: ["disable", "enable"] dynamic_mapping_ssl_http_location_conversion: description: - Dynamic Mapping Version of Suffixed Option Name. Sub-Table. Same Descriptions as Parent. - choice | disable | - choice | enable | required: false choices: ["disable", "enable"] dynamic_mapping_ssl_http_match_host: description: - Dynamic Mapping Version of Suffixed Option Name. Sub-Table. Same Descriptions as Parent. - choice | disable | - choice | enable | required: false choices: ["disable", "enable"] dynamic_mapping_ssl_max_version: description: - Dynamic Mapping Version of Suffixed Option Name. Sub-Table. Same Descriptions as Parent. - choice | ssl-3.0 | - choice | tls-1.0 | - choice | tls-1.1 | - choice | tls-1.2 | required: false choices: ["ssl-3.0", "tls-1.0", "tls-1.1", "tls-1.2"] dynamic_mapping_ssl_min_version: description: - Dynamic Mapping Version of Suffixed Option Name. Sub-Table. Same Descriptions as Parent. - choice | ssl-3.0 | - choice | tls-1.0 | - choice | tls-1.1 | - choice | tls-1.2 | required: false choices: ["ssl-3.0", "tls-1.0", "tls-1.1", "tls-1.2"] dynamic_mapping_ssl_mode: description: - Dynamic Mapping Version of Suffixed Option Name. Sub-Table. Same Descriptions as Parent. - choice | half | - choice | full | required: false choices: ["half", "full"] dynamic_mapping_ssl_pfs: description: - Dynamic Mapping Version of Suffixed Option Name. Sub-Table. Same Descriptions as Parent. - choice | require | - choice | deny | - choice | allow | required: false choices: ["require", "deny", "allow"] dynamic_mapping_ssl_send_empty_frags: description: - Dynamic Mapping Version of Suffixed Option Name. Sub-Table. Same Descriptions as Parent. - choice | disable | - choice | enable | required: false choices: ["disable", "enable"] dynamic_mapping_ssl_server_algorithm: description: - Dynamic Mapping Version of Suffixed Option Name. Sub-Table. Same Descriptions as Parent. - choice | high | - choice | low | - choice | medium | - choice | custom | - choice | client | required: false choices: ["high", "low", "medium", "custom", "client"] dynamic_mapping_ssl_server_max_version: description: - Dynamic Mapping Version of Suffixed Option Name. Sub-Table. Same Descriptions as Parent. - choice | ssl-3.0 | - choice | tls-1.0 | - choice | tls-1.1 | - choice | tls-1.2 | - choice | client | required: false choices: ["ssl-3.0", "tls-1.0", "tls-1.1", "tls-1.2", "client"] dynamic_mapping_ssl_server_min_version: description: - Dynamic Mapping Version of Suffixed Option Name. Sub-Table. Same Descriptions as Parent. - choice | ssl-3.0 | - choice | tls-1.0 | - choice | tls-1.1 | - choice | tls-1.2 | - choice | client | required: false choices: ["ssl-3.0", "tls-1.0", "tls-1.1", "tls-1.2", "client"] dynamic_mapping_ssl_server_session_state_max: description: - Dynamic Mapping Version of Suffixed Option Name. Sub-Table. Same Descriptions as Parent. required: false dynamic_mapping_ssl_server_session_state_timeout: description: - Dynamic Mapping Version of Suffixed Option Name. Sub-Table. Same Descriptions as Parent. required: false dynamic_mapping_ssl_server_session_state_type: description: - Dynamic Mapping Version of Suffixed Option Name. Sub-Table. Same Descriptions as Parent. - choice | disable | - choice | time | - choice | count | - choice | both | required: false choices: ["disable", "time", "count", "both"] dynamic_mapping_type: description: - Dynamic Mapping Version of Suffixed Option Name. Sub-Table. Same Descriptions as Parent. - choice | static-nat | - choice | load-balance | - choice | server-load-balance | - choice | dns-translation | - choice | fqdn | required: false choices: ["static-nat", "load-balance", "server-load-balance", "dns-translation", "fqdn"] dynamic_mapping_weblogic_server: description: - Dynamic Mapping Version of Suffixed Option Name. Sub-Table. Same Descriptions as Parent. - choice | disable | - choice | enable | required: false choices: ["disable", "enable"] dynamic_mapping_websphere_server: description: - Dynamic Mapping Version of Suffixed Option Name. Sub-Table. Same Descriptions as Parent. - choice | disable | - choice | enable | required: false choices: ["disable", "enable"] dynamic_mapping_realservers_client_ip: description: - Dynamic Mapping Version of Suffixed Option Name. Sub-Table. Same Descriptions as Parent. required: false dynamic_mapping_realservers_healthcheck: description: - Dynamic Mapping Version of Suffixed Option Name. Sub-Table. Same Descriptions as Parent. - choice | disable | - choice | enable | - choice | vip | required: false choices: ["disable", "enable", "vip"] dynamic_mapping_realservers_holddown_interval: description: - Dynamic Mapping Version of Suffixed Option Name. Sub-Table. Same Descriptions as Parent. required: false dynamic_mapping_realservers_http_host: description: - Dynamic Mapping Version of Suffixed Option Name. Sub-Table. Same Descriptions as Parent. required: false dynamic_mapping_realservers_ip: description: - Dynamic Mapping Version of Suffixed Option Name. Sub-Table. Same Descriptions as Parent. required: false dynamic_mapping_realservers_max_connections: description: - Dynamic Mapping Version of Suffixed Option Name. Sub-Table. Same Descriptions as Parent. required: false dynamic_mapping_realservers_monitor: description: - Dynamic Mapping Version of Suffixed Option Name. Sub-Table. Same Descriptions as Parent. required: false dynamic_mapping_realservers_port: description: - Dynamic Mapping Version of Suffixed Option Name. Sub-Table. Same Descriptions as Parent. required: false dynamic_mapping_realservers_seq: description: - Dynamic Mapping Version of Suffixed Option Name. Sub-Table. Same Descriptions as Parent. required: false dynamic_mapping_realservers_status: description: - Dynamic Mapping Version of Suffixed Option Name. Sub-Table. Same Descriptions as Parent. - choice | active | - choice | standby | - choice | disable | required: false choices: ["active", "standby", "disable"] dynamic_mapping_realservers_weight: description: - Dynamic Mapping Version of Suffixed Option Name. Sub-Table. Same Descriptions as Parent. required: false dynamic_mapping_ssl_cipher_suites_cipher: description: - Dynamic Mapping Version of Suffixed Option Name. Sub-Table. Same Descriptions as Parent. - choice | TLS-RSA-WITH-RC4-128-MD5 | - choice | TLS-RSA-WITH-RC4-128-SHA | - choice | TLS-RSA-WITH-DES-CBC-SHA | - choice | TLS-RSA-WITH-3DES-EDE-CBC-SHA | - choice | TLS-RSA-WITH-AES-128-CBC-SHA | - choice | TLS-RSA-WITH-AES-256-CBC-SHA | - choice | TLS-RSA-WITH-AES-128-CBC-SHA256 | - choice | TLS-RSA-WITH-AES-256-CBC-SHA256 | - choice | TLS-RSA-WITH-CAMELLIA-128-CBC-SHA | - choice | TLS-RSA-WITH-CAMELLIA-256-CBC-SHA | - choice | TLS-RSA-WITH-CAMELLIA-128-CBC-SHA256 | - choice | TLS-RSA-WITH-CAMELLIA-256-CBC-SHA256 | - choice | TLS-RSA-WITH-SEED-CBC-SHA | - choice | TLS-RSA-WITH-ARIA-128-CBC-SHA256 | - choice | TLS-RSA-WITH-ARIA-256-CBC-SHA384 | - choice | TLS-DHE-RSA-WITH-DES-CBC-SHA | - choice | TLS-DHE-RSA-WITH-3DES-EDE-CBC-SHA | - choice | TLS-DHE-RSA-WITH-AES-128-CBC-SHA | - choice | TLS-DHE-RSA-WITH-AES-256-CBC-SHA | - choice | TLS-DHE-RSA-WITH-AES-128-CBC-SHA256 | - choice | TLS-DHE-RSA-WITH-AES-256-CBC-SHA256 | - choice | TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA | - choice | TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA | - choice | TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA256 | - choice | TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA256 | - choice | TLS-DHE-RSA-WITH-SEED-CBC-SHA | - choice | TLS-DHE-RSA-WITH-ARIA-128-CBC-SHA256 | - choice | TLS-DHE-RSA-WITH-ARIA-256-CBC-SHA384 | - choice | TLS-ECDHE-RSA-WITH-RC4-128-SHA | - choice | TLS-ECDHE-RSA-WITH-3DES-EDE-CBC-SHA | - choice | TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA | - choice | TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA | - choice | TLS-ECDHE-RSA-WITH-CHACHA20-POLY1305-SHA256 | - choice | TLS-ECDHE-ECDSA-WITH-CHACHA20-POLY1305-SHA256 | - choice | TLS-DHE-RSA-WITH-CHACHA20-POLY1305-SHA256 | - choice | TLS-DHE-RSA-WITH-AES-128-GCM-SHA256 | - choice | TLS-DHE-RSA-WITH-AES-256-GCM-SHA384 | - choice | TLS-DHE-DSS-WITH-AES-128-CBC-SHA | - choice | TLS-DHE-DSS-WITH-AES-256-CBC-SHA | - choice | TLS-DHE-DSS-WITH-AES-128-CBC-SHA256 | - choice | TLS-DHE-DSS-WITH-AES-128-GCM-SHA256 | - choice | TLS-DHE-DSS-WITH-AES-256-CBC-SHA256 | - choice | TLS-DHE-DSS-WITH-AES-256-GCM-SHA384 | - choice | TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA256 | - choice | TLS-ECDHE-RSA-WITH-AES-128-GCM-SHA256 | - choice | TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA384 | - choice | TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384 | - choice | TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA | - choice | TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA256 | - choice | TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256 | - choice | TLS-ECDHE-ECDSA-WITH-AES-256-CBC-SHA384 | - choice | TLS-ECDHE-ECDSA-WITH-AES-256-GCM-SHA384 | - choice | TLS-RSA-WITH-AES-128-GCM-SHA256 | - choice | TLS-RSA-WITH-AES-256-GCM-SHA384 | - choice | TLS-DHE-DSS-WITH-CAMELLIA-128-CBC-SHA | - choice | TLS-DHE-DSS-WITH-CAMELLIA-256-CBC-SHA | - choice | TLS-DHE-DSS-WITH-CAMELLIA-128-CBC-SHA256 | - choice | TLS-DHE-DSS-WITH-CAMELLIA-256-CBC-SHA256 | - choice | TLS-DHE-DSS-WITH-SEED-CBC-SHA | - choice | TLS-DHE-DSS-WITH-ARIA-128-CBC-SHA256 | - choice | TLS-DHE-DSS-WITH-ARIA-256-CBC-SHA384 | - choice | TLS-ECDHE-RSA-WITH-ARIA-128-CBC-SHA256 | - choice | TLS-ECDHE-RSA-WITH-ARIA-256-CBC-SHA384 | - choice | TLS-ECDHE-ECDSA-WITH-ARIA-128-CBC-SHA256 | - choice | TLS-ECDHE-ECDSA-WITH-ARIA-256-CBC-SHA384 | - choice | TLS-DHE-DSS-WITH-3DES-EDE-CBC-SHA | - choice | TLS-DHE-DSS-WITH-DES-CBC-SHA | required: false choices: ["TLS-RSA-WITH-RC4-128-MD5", "TLS-RSA-WITH-RC4-128-SHA", "TLS-RSA-WITH-DES-CBC-SHA", "TLS-RSA-WITH-3DES-EDE-CBC-SHA", "TLS-RSA-WITH-AES-128-CBC-SHA", "TLS-RSA-WITH-AES-256-CBC-SHA", "TLS-RSA-WITH-AES-128-CBC-SHA256", "TLS-RSA-WITH-AES-256-CBC-SHA256", "TLS-RSA-WITH-CAMELLIA-128-CBC-SHA", "TLS-RSA-WITH-CAMELLIA-256-CBC-SHA", "TLS-RSA-WITH-CAMELLIA-128-CBC-SHA256", "TLS-RSA-WITH-CAMELLIA-256-CBC-SHA256", "TLS-RSA-WITH-SEED-CBC-SHA", "TLS-RSA-WITH-ARIA-128-CBC-SHA256", "TLS-RSA-WITH-ARIA-256-CBC-SHA384", "TLS-DHE-RSA-WITH-DES-CBC-SHA", "TLS-DHE-RSA-WITH-3DES-EDE-CBC-SHA", "TLS-DHE-RSA-WITH-AES-128-CBC-SHA", "TLS-DHE-RSA-WITH-AES-256-CBC-SHA", "TLS-DHE-RSA-WITH-AES-128-CBC-SHA256", "TLS-DHE-RSA-WITH-AES-256-CBC-SHA256", "TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA", "TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA", "TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA256", "TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA256", "TLS-DHE-RSA-WITH-SEED-CBC-SHA", "TLS-DHE-RSA-WITH-ARIA-128-CBC-SHA256", "TLS-DHE-RSA-WITH-ARIA-256-CBC-SHA384", "TLS-ECDHE-RSA-WITH-RC4-128-SHA", "TLS-ECDHE-RSA-WITH-3DES-EDE-CBC-SHA", "TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA", "TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA", "TLS-ECDHE-RSA-WITH-CHACHA20-POLY1305-SHA256", "TLS-ECDHE-ECDSA-WITH-CHACHA20-POLY1305-SHA256", "TLS-DHE-RSA-WITH-CHACHA20-POLY1305-SHA256", "TLS-DHE-RSA-WITH-AES-128-GCM-SHA256", "TLS-DHE-RSA-WITH-AES-256-GCM-SHA384", "TLS-DHE-DSS-WITH-AES-128-CBC-SHA", "TLS-DHE-DSS-WITH-AES-256-CBC-SHA", "TLS-DHE-DSS-WITH-AES-128-CBC-SHA256", "TLS-DHE-DSS-WITH-AES-128-GCM-SHA256", "TLS-DHE-DSS-WITH-AES-256-CBC-SHA256", "TLS-DHE-DSS-WITH-AES-256-GCM-SHA384", "TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA256", "TLS-ECDHE-RSA-WITH-AES-128-GCM-SHA256", "TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA384", "TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384", "TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA", "TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA256", "TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256", "TLS-ECDHE-ECDSA-WITH-AES-256-CBC-SHA384", "TLS-ECDHE-ECDSA-WITH-AES-256-GCM-SHA384", "TLS-RSA-WITH-AES-128-GCM-SHA256", "TLS-RSA-WITH-AES-256-GCM-SHA384", "TLS-DHE-DSS-WITH-CAMELLIA-128-CBC-SHA", "TLS-DHE-DSS-WITH-CAMELLIA-256-CBC-SHA", "TLS-DHE-DSS-WITH-CAMELLIA-128-CBC-SHA256", "TLS-DHE-DSS-WITH-CAMELLIA-256-CBC-SHA256", "TLS-DHE-DSS-WITH-SEED-CBC-SHA", "TLS-DHE-DSS-WITH-ARIA-128-CBC-SHA256", "TLS-DHE-DSS-WITH-ARIA-256-CBC-SHA384", "TLS-ECDHE-RSA-WITH-ARIA-128-CBC-SHA256", "TLS-ECDHE-RSA-WITH-ARIA-256-CBC-SHA384", "TLS-ECDHE-ECDSA-WITH-ARIA-128-CBC-SHA256", "TLS-ECDHE-ECDSA-WITH-ARIA-256-CBC-SHA384", "TLS-DHE-DSS-WITH-3DES-EDE-CBC-SHA", "TLS-DHE-DSS-WITH-DES-CBC-SHA"] dynamic_mapping_ssl_cipher_suites_versions: description: - Dynamic Mapping Version of Suffixed Option Name. Sub-Table. Same Descriptions as Parent. - FLAG Based Options. Specify multiple in list form. - flag | ssl-3.0 | - flag | tls-1.0 | - flag | tls-1.1 | - flag | tls-1.2 | required: false choices: ["ssl-3.0", "tls-1.0", "tls-1.1", "tls-1.2"] realservers: description: - EXPERTS ONLY! KNOWLEDGE OF FMGR JSON API IS REQUIRED! - List of multiple child objects to be added. Expects a list of dictionaries. - Dictionaries must use FortiManager API parameters, not the ansible ones listed below. - If submitted, all other prefixed sub-parameters ARE IGNORED. - This object is MUTUALLY EXCLUSIVE with its options. - We expect that you know what you are doing with these list parameters, and are leveraging the JSON API Guide. - WHEN IN DOUBT, USE THE SUB OPTIONS BELOW INSTEAD TO CREATE OBJECTS WITH MULTIPLE TASKS required: false realservers_client_ip: description: - Only clients in this IP range can connect to this real server. required: false realservers_healthcheck: description: - Enable to check the responsiveness of the real server before forwarding traffic. - choice | disable | Disable per server health check. - choice | enable | Enable per server health check. - choice | vip | Use health check defined in VIP. required: false choices: ["disable", "enable", "vip"] realservers_holddown_interval: description: - Time in seconds that the health check monitor monitors an unresponsive server that should be active. required: false realservers_http_host: description: - HTTP server domain name in HTTP header. required: false realservers_ip: description: - IP address of the real server. required: false realservers_max_connections: description: - Max number of active connections that can be directed to the real server. When reached, sessions are sent to - their real servers. required: false realservers_monitor: description: - Name of the health check monitor to use when polling to determine a virtual server's connectivity status. required: false realservers_port: description: - Port for communicating with the real server. Required if port forwarding is enabled. required: false realservers_seq: description: - Real Server Sequence Number required: false realservers_status: description: - Set the status of the real server to active so that it can accept traffic. - Or on standby or disabled so no traffic is sent. - choice | active | Server status active. - choice | standby | Server status standby. - choice | disable | Server status disable. required: false choices: ["active", "standby", "disable"] realservers_weight: description: - Weight of the real server. If weighted load balancing is enabled, the server with the highest weight gets more - connections. required: false ssl_cipher_suites: description: - EXPERTS ONLY! KNOWLEDGE OF FMGR JSON API IS REQUIRED! - List of multiple child objects to be added. Expects a list of dictionaries. - Dictionaries must use FortiManager API parameters, not the ansible ones listed below. - If submitted, all other prefixed sub-parameters ARE IGNORED. - This object is MUTUALLY EXCLUSIVE with its options. - We expect that you know what you are doing with these list parameters, and are leveraging the JSON API Guide. - WHEN IN DOUBT, USE THE SUB OPTIONS BELOW INSTEAD TO CREATE OBJECTS WITH MULTIPLE TASKS required: false ssl_cipher_suites_cipher: description: - Cipher suite name. - choice | TLS-RSA-WITH-RC4-128-MD5 | Cipher suite TLS-RSA-WITH-RC4-128-MD5. - choice | TLS-RSA-WITH-RC4-128-SHA | Cipher suite TLS-RSA-WITH-RC4-128-SHA. - choice | TLS-RSA-WITH-DES-CBC-SHA | Cipher suite TLS-RSA-WITH-DES-CBC-SHA. - choice | TLS-RSA-WITH-3DES-EDE-CBC-SHA | Cipher suite TLS-RSA-WITH-3DES-EDE-CBC-SHA. - choice | TLS-RSA-WITH-AES-128-CBC-SHA | Cipher suite TLS-RSA-WITH-AES-128-CBC-SHA. - choice | TLS-RSA-WITH-AES-256-CBC-SHA | Cipher suite TLS-RSA-WITH-AES-256-CBC-SHA. - choice | TLS-RSA-WITH-AES-128-CBC-SHA256 | Cipher suite TLS-RSA-WITH-AES-128-CBC-SHA256. - choice | TLS-RSA-WITH-AES-256-CBC-SHA256 | Cipher suite TLS-RSA-WITH-AES-256-CBC-SHA256. - choice | TLS-RSA-WITH-CAMELLIA-128-CBC-SHA | Cipher suite TLS-RSA-WITH-CAMELLIA-128-CBC-SHA. - choice | TLS-RSA-WITH-CAMELLIA-256-CBC-SHA | Cipher suite TLS-RSA-WITH-CAMELLIA-256-CBC-SHA. - choice | TLS-RSA-WITH-CAMELLIA-128-CBC-SHA256 | Cipher suite TLS-RSA-WITH-CAMELLIA-128-CBC-SHA256. - choice | TLS-RSA-WITH-CAMELLIA-256-CBC-SHA256 | Cipher suite TLS-RSA-WITH-CAMELLIA-256-CBC-SHA256. - choice | TLS-RSA-WITH-SEED-CBC-SHA | Cipher suite TLS-RSA-WITH-SEED-CBC-SHA. - choice | TLS-RSA-WITH-ARIA-128-CBC-SHA256 | Cipher suite TLS-RSA-WITH-ARIA-128-CBC-SHA256. - choice | TLS-RSA-WITH-ARIA-256-CBC-SHA384 | Cipher suite TLS-RSA-WITH-ARIA-256-CBC-SHA384. - choice | TLS-DHE-RSA-WITH-DES-CBC-SHA | Cipher suite TLS-DHE-RSA-WITH-DES-CBC-SHA. - choice | TLS-DHE-RSA-WITH-3DES-EDE-CBC-SHA | Cipher suite TLS-DHE-RSA-WITH-3DES-EDE-CBC-SHA. - choice | TLS-DHE-RSA-WITH-AES-128-CBC-SHA | Cipher suite TLS-DHE-RSA-WITH-AES-128-CBC-SHA. - choice | TLS-DHE-RSA-WITH-AES-256-CBC-SHA | Cipher suite TLS-DHE-RSA-WITH-AES-256-CBC-SHA. - choice | TLS-DHE-RSA-WITH-AES-128-CBC-SHA256 | Cipher suite TLS-DHE-RSA-WITH-AES-128-CBC-SHA256. - choice | TLS-DHE-RSA-WITH-AES-256-CBC-SHA256 | Cipher suite TLS-DHE-RSA-WITH-AES-256-CBC-SHA256. - choice | TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA | Cipher suite TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA. - choice | TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA | Cipher suite TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA. - choice | TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA256 | Cipher suite TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA256. - choice | TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA256 | Cipher suite TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA256. - choice | TLS-DHE-RSA-WITH-SEED-CBC-SHA | Cipher suite TLS-DHE-RSA-WITH-SEED-CBC-SHA. - choice | TLS-DHE-RSA-WITH-ARIA-128-CBC-SHA256 | Cipher suite TLS-DHE-RSA-WITH-ARIA-128-CBC-SHA256. - choice | TLS-DHE-RSA-WITH-ARIA-256-CBC-SHA384 | Cipher suite TLS-DHE-RSA-WITH-ARIA-256-CBC-SHA384. - choice | TLS-ECDHE-RSA-WITH-RC4-128-SHA | Cipher suite TLS-ECDHE-RSA-WITH-RC4-128-SHA. - choice | TLS-ECDHE-RSA-WITH-3DES-EDE-CBC-SHA | Cipher suite TLS-ECDHE-RSA-WITH-3DES-EDE-CBC-SHA. - choice | TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA | Cipher suite TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA. - choice | TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA | Cipher suite TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA. - choice | TLS-ECDHE-RSA-WITH-CHACHA20-POLY1305-SHA256 | Cipher suite TLS-ECDHE-RSA-WITH-CHACHA20-POLY1305-SHA256. - choice | TLS-ECDHE-ECDSA-WITH-CHACHA20-POLY1305-SHA256 | Cipher suite TLS-ECDHE-ECDSA-WITH-CHACHA20-POLY1305-SHA256. - choice | TLS-DHE-RSA-WITH-CHACHA20-POLY1305-SHA256 | Cipher suite TLS-DHE-RSA-WITH-CHACHA20-POLY1305-SHA256. - choice | TLS-DHE-RSA-WITH-AES-128-GCM-SHA256 | Cipher suite TLS-DHE-RSA-WITH-AES-128-GCM-SHA256. - choice | TLS-DHE-RSA-WITH-AES-256-GCM-SHA384 | Cipher suite TLS-DHE-RSA-WITH-AES-256-GCM-SHA384. - choice | TLS-DHE-DSS-WITH-AES-128-CBC-SHA | Cipher suite TLS-DHE-DSS-WITH-AES-128-CBC-SHA. - choice | TLS-DHE-DSS-WITH-AES-256-CBC-SHA | Cipher suite TLS-DHE-DSS-WITH-AES-256-CBC-SHA. - choice | TLS-DHE-DSS-WITH-AES-128-CBC-SHA256 | Cipher suite TLS-DHE-DSS-WITH-AES-128-CBC-SHA256. - choice | TLS-DHE-DSS-WITH-AES-128-GCM-SHA256 | Cipher suite TLS-DHE-DSS-WITH-AES-128-GCM-SHA256. - choice | TLS-DHE-DSS-WITH-AES-256-CBC-SHA256 | Cipher suite TLS-DHE-DSS-WITH-AES-256-CBC-SHA256. - choice | TLS-DHE-DSS-WITH-AES-256-GCM-SHA384 | Cipher suite TLS-DHE-DSS-WITH-AES-256-GCM-SHA384. - choice | TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA256 | Cipher suite TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA256. - choice | TLS-ECDHE-RSA-WITH-AES-128-GCM-SHA256 | Cipher suite TLS-ECDHE-RSA-WITH-AES-128-GCM-SHA256. - choice | TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA384 | Cipher suite TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA384. - choice | TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384 | Cipher suite TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384. - choice | TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA | Cipher suite TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA. - choice | TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA256 | Cipher suite TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA256. - choice | TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256 | Cipher suite TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256. - choice | TLS-ECDHE-ECDSA-WITH-AES-256-CBC-SHA384 | Cipher suite TLS-ECDHE-ECDSA-WITH-AES-256-CBC-SHA384. - choice | TLS-ECDHE-ECDSA-WITH-AES-256-GCM-SHA384 | Cipher suite TLS-ECDHE-ECDSA-WITH-AES-256-GCM-SHA384. - choice | TLS-RSA-WITH-AES-128-GCM-SHA256 | Cipher suite TLS-RSA-WITH-AES-128-GCM-SHA256. - choice | TLS-RSA-WITH-AES-256-GCM-SHA384 | Cipher suite TLS-RSA-WITH-AES-256-GCM-SHA384. - choice | TLS-DHE-DSS-WITH-CAMELLIA-128-CBC-SHA | Cipher suite TLS-DSS-RSA-WITH-CAMELLIA-128-CBC-SHA. - choice | TLS-DHE-DSS-WITH-CAMELLIA-256-CBC-SHA | Cipher suite TLS-DHE-DSS-WITH-CAMELLIA-256-CBC-SHA. - choice | TLS-DHE-DSS-WITH-CAMELLIA-128-CBC-SHA256 | Cipher suite TLS-DHE-DSS-WITH-CAMELLIA-128-CBC-SHA256. - choice | TLS-DHE-DSS-WITH-CAMELLIA-256-CBC-SHA256 | Cipher suite TLS-DHE-DSS-WITH-CAMELLIA-256-CBC-SHA256. - choice | TLS-DHE-DSS-WITH-SEED-CBC-SHA | Cipher suite TLS-DHE-DSS-WITH-SEED-CBC-SHA. - choice | TLS-DHE-DSS-WITH-ARIA-128-CBC-SHA256 | Cipher suite TLS-DHE-DSS-WITH-ARIA-128-CBC-SHA256. - choice | TLS-DHE-DSS-WITH-ARIA-256-CBC-SHA384 | Cipher suite TLS-DHE-DSS-WITH-ARIA-256-CBC-SHA384. - choice | TLS-ECDHE-RSA-WITH-ARIA-128-CBC-SHA256 | Cipher suite TLS-ECDHE-RSA-WITH-ARIA-128-CBC-SHA256. - choice | TLS-ECDHE-RSA-WITH-ARIA-256-CBC-SHA384 | Cipher suite TLS-ECDHE-RSA-WITH-ARIA-256-CBC-SHA384. - choice | TLS-ECDHE-ECDSA-WITH-ARIA-128-CBC-SHA256 | Cipher suite TLS-ECDHE-ECDSA-WITH-ARIA-128-CBC_SHA256. - choice | TLS-ECDHE-ECDSA-WITH-ARIA-256-CBC-SHA384 | Cipher suite TLS-ECDHE-ECDSA-WITH-ARIA-256-CBC_SHA384. - choice | TLS-DHE-DSS-WITH-3DES-EDE-CBC-SHA | Cipher suite TLS-DHE-DSS-WITH-3DES-EDE-CBC-SHA. - choice | TLS-DHE-DSS-WITH-DES-CBC-SHA | Cipher suite TLS-DHE-DSS-WITH-DES-CBC-SHA. required: false choices: ["TLS-RSA-WITH-RC4-128-MD5", "TLS-RSA-WITH-RC4-128-SHA", "TLS-RSA-WITH-DES-CBC-SHA", "TLS-RSA-WITH-3DES-EDE-CBC-SHA", "TLS-RSA-WITH-AES-128-CBC-SHA", "TLS-RSA-WITH-AES-256-CBC-SHA", "TLS-RSA-WITH-AES-128-CBC-SHA256", "TLS-RSA-WITH-AES-256-CBC-SHA256", "TLS-RSA-WITH-CAMELLIA-128-CBC-SHA", "TLS-RSA-WITH-CAMELLIA-256-CBC-SHA", "TLS-RSA-WITH-CAMELLIA-128-CBC-SHA256", "TLS-RSA-WITH-CAMELLIA-256-CBC-SHA256", "TLS-RSA-WITH-SEED-CBC-SHA", "TLS-RSA-WITH-ARIA-128-CBC-SHA256", "TLS-RSA-WITH-ARIA-256-CBC-SHA384", "TLS-DHE-RSA-WITH-DES-CBC-SHA", "TLS-DHE-RSA-WITH-3DES-EDE-CBC-SHA", "TLS-DHE-RSA-WITH-AES-128-CBC-SHA", "TLS-DHE-RSA-WITH-AES-256-CBC-SHA", "TLS-DHE-RSA-WITH-AES-128-CBC-SHA256", "TLS-DHE-RSA-WITH-AES-256-CBC-SHA256", "TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA", "TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA", "TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA256", "TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA256", "TLS-DHE-RSA-WITH-SEED-CBC-SHA", "TLS-DHE-RSA-WITH-ARIA-128-CBC-SHA256", "TLS-DHE-RSA-WITH-ARIA-256-CBC-SHA384", "TLS-ECDHE-RSA-WITH-RC4-128-SHA", "TLS-ECDHE-RSA-WITH-3DES-EDE-CBC-SHA", "TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA", "TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA", "TLS-ECDHE-RSA-WITH-CHACHA20-POLY1305-SHA256", "TLS-ECDHE-ECDSA-WITH-CHACHA20-POLY1305-SHA256", "TLS-DHE-RSA-WITH-CHACHA20-POLY1305-SHA256", "TLS-DHE-RSA-WITH-AES-128-GCM-SHA256", "TLS-DHE-RSA-WITH-AES-256-GCM-SHA384", "TLS-DHE-DSS-WITH-AES-128-CBC-SHA", "TLS-DHE-DSS-WITH-AES-256-CBC-SHA", "TLS-DHE-DSS-WITH-AES-128-CBC-SHA256", "TLS-DHE-DSS-WITH-AES-128-GCM-SHA256", "TLS-DHE-DSS-WITH-AES-256-CBC-SHA256", "TLS-DHE-DSS-WITH-AES-256-GCM-SHA384", "TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA256", "TLS-ECDHE-RSA-WITH-AES-128-GCM-SHA256", "TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA384", "TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384", "TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA", "TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA256", "TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256", "TLS-ECDHE-ECDSA-WITH-AES-256-CBC-SHA384", "TLS-ECDHE-ECDSA-WITH-AES-256-GCM-SHA384", "TLS-RSA-WITH-AES-128-GCM-SHA256", "TLS-RSA-WITH-AES-256-GCM-SHA384", "TLS-DHE-DSS-WITH-CAMELLIA-128-CBC-SHA", "TLS-DHE-DSS-WITH-CAMELLIA-256-CBC-SHA", "TLS-DHE-DSS-WITH-CAMELLIA-128-CBC-SHA256", "TLS-DHE-DSS-WITH-CAMELLIA-256-CBC-SHA256", "TLS-DHE-DSS-WITH-SEED-CBC-SHA", "TLS-DHE-DSS-WITH-ARIA-128-CBC-SHA256", "TLS-DHE-DSS-WITH-ARIA-256-CBC-SHA384", "TLS-ECDHE-RSA-WITH-ARIA-128-CBC-SHA256", "TLS-ECDHE-RSA-WITH-ARIA-256-CBC-SHA384", "TLS-ECDHE-ECDSA-WITH-ARIA-128-CBC-SHA256", "TLS-ECDHE-ECDSA-WITH-ARIA-256-CBC-SHA384", "TLS-DHE-DSS-WITH-3DES-EDE-CBC-SHA", "TLS-DHE-DSS-WITH-DES-CBC-SHA"] ssl_cipher_suites_versions: description: - SSL/TLS versions that the cipher suite can be used with. - FLAG Based Options. Specify multiple in list form. - flag | ssl-3.0 | SSL 3.0. - flag | tls-1.0 | TLS 1.0. - flag | tls-1.1 | TLS 1.1. - flag | tls-1.2 | TLS 1.2. required: false choices: ["ssl-3.0", "tls-1.0", "tls-1.1", "tls-1.2"] ssl_server_cipher_suites: description: - EXPERTS ONLY! KNOWLEDGE OF FMGR JSON API IS REQUIRED! - List of multiple child objects to be added. Expects a list of dictionaries. - Dictionaries must use FortiManager API parameters, not the ansible ones listed below. - If submitted, all other prefixed sub-parameters ARE IGNORED. - This object is MUTUALLY EXCLUSIVE with its options. - We expect that you know what you are doing with these list parameters, and are leveraging the JSON API Guide. - WHEN IN DOUBT, USE THE SUB OPTIONS BELOW INSTEAD TO CREATE OBJECTS WITH MULTIPLE TASKS required: false ssl_server_cipher_suites_cipher: description: - Cipher suite name. - choice | TLS-RSA-WITH-RC4-128-MD5 | Cipher suite TLS-RSA-WITH-RC4-128-MD5. - choice | TLS-RSA-WITH-RC4-128-SHA | Cipher suite TLS-RSA-WITH-RC4-128-SHA. - choice | TLS-RSA-WITH-DES-CBC-SHA | Cipher suite TLS-RSA-WITH-DES-CBC-SHA. - choice | TLS-RSA-WITH-3DES-EDE-CBC-SHA | Cipher suite TLS-RSA-WITH-3DES-EDE-CBC-SHA. - choice | TLS-RSA-WITH-AES-128-CBC-SHA | Cipher suite TLS-RSA-WITH-AES-128-CBC-SHA. - choice | TLS-RSA-WITH-AES-256-CBC-SHA | Cipher suite TLS-RSA-WITH-AES-256-CBC-SHA. - choice | TLS-RSA-WITH-AES-128-CBC-SHA256 | Cipher suite TLS-RSA-WITH-AES-128-CBC-SHA256. - choice | TLS-RSA-WITH-AES-256-CBC-SHA256 | Cipher suite TLS-RSA-WITH-AES-256-CBC-SHA256. - choice | TLS-RSA-WITH-CAMELLIA-128-CBC-SHA | Cipher suite TLS-RSA-WITH-CAMELLIA-128-CBC-SHA. - choice | TLS-RSA-WITH-CAMELLIA-256-CBC-SHA | Cipher suite TLS-RSA-WITH-CAMELLIA-256-CBC-SHA. - choice | TLS-RSA-WITH-CAMELLIA-128-CBC-SHA256 | Cipher suite TLS-RSA-WITH-CAMELLIA-128-CBC-SHA256. - choice | TLS-RSA-WITH-CAMELLIA-256-CBC-SHA256 | Cipher suite TLS-RSA-WITH-CAMELLIA-256-CBC-SHA256. - choice | TLS-RSA-WITH-SEED-CBC-SHA | Cipher suite TLS-RSA-WITH-SEED-CBC-SHA. - choice | TLS-RSA-WITH-ARIA-128-CBC-SHA256 | Cipher suite TLS-RSA-WITH-ARIA-128-CBC-SHA256. - choice | TLS-RSA-WITH-ARIA-256-CBC-SHA384 | Cipher suite TLS-RSA-WITH-ARIA-256-CBC-SHA384. - choice | TLS-DHE-RSA-WITH-DES-CBC-SHA | Cipher suite TLS-DHE-RSA-WITH-DES-CBC-SHA. - choice | TLS-DHE-RSA-WITH-3DES-EDE-CBC-SHA | Cipher suite TLS-DHE-RSA-WITH-3DES-EDE-CBC-SHA. - choice | TLS-DHE-RSA-WITH-AES-128-CBC-SHA | Cipher suite TLS-DHE-RSA-WITH-AES-128-CBC-SHA. - choice | TLS-DHE-RSA-WITH-AES-256-CBC-SHA | Cipher suite TLS-DHE-RSA-WITH-AES-256-CBC-SHA. - choice | TLS-DHE-RSA-WITH-AES-128-CBC-SHA256 | Cipher suite TLS-DHE-RSA-WITH-AES-128-CBC-SHA256. - choice | TLS-DHE-RSA-WITH-AES-256-CBC-SHA256 | Cipher suite TLS-DHE-RSA-WITH-AES-256-CBC-SHA256. - choice | TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA | Cipher suite TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA. - choice | TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA | Cipher suite TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA. - choice | TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA256 | Cipher suite TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA256. - choice | TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA256 | Cipher suite TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA256. - choice | TLS-DHE-RSA-WITH-SEED-CBC-SHA | Cipher suite TLS-DHE-RSA-WITH-SEED-CBC-SHA. - choice | TLS-DHE-RSA-WITH-ARIA-128-CBC-SHA256 | Cipher suite TLS-DHE-RSA-WITH-ARIA-128-CBC-SHA256. - choice | TLS-DHE-RSA-WITH-ARIA-256-CBC-SHA384 | Cipher suite TLS-DHE-RSA-WITH-ARIA-256-CBC-SHA384. - choice | TLS-ECDHE-RSA-WITH-RC4-128-SHA | Cipher suite TLS-ECDHE-RSA-WITH-RC4-128-SHA. - choice | TLS-ECDHE-RSA-WITH-3DES-EDE-CBC-SHA | Cipher suite TLS-ECDHE-RSA-WITH-3DES-EDE-CBC-SHA. - choice | TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA | Cipher suite TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA. - choice | TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA | Cipher suite TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA. - choice | TLS-ECDHE-RSA-WITH-CHACHA20-POLY1305-SHA256 | Cipher suite TLS-ECDHE-RSA-WITH-CHACHA20-POLY1305-SHA256. - choice | TLS-ECDHE-ECDSA-WITH-CHACHA20-POLY1305-SHA256 | Suite TLS-ECDHE-ECDSA-WITH-CHACHA20-POLY1305-SHA256. - choice | TLS-DHE-RSA-WITH-CHACHA20-POLY1305-SHA256 | Cipher suite TLS-DHE-RSA-WITH-CHACHA20-POLY1305-SHA256. - choice | TLS-DHE-RSA-WITH-AES-128-GCM-SHA256 | Cipher suite TLS-DHE-RSA-WITH-AES-128-GCM-SHA256. - choice | TLS-DHE-RSA-WITH-AES-256-GCM-SHA384 | Cipher suite TLS-DHE-RSA-WITH-AES-256-GCM-SHA384. - choice | TLS-DHE-DSS-WITH-AES-128-CBC-SHA | Cipher suite TLS-DHE-DSS-WITH-AES-128-CBC-SHA. - choice | TLS-DHE-DSS-WITH-AES-256-CBC-SHA | Cipher suite TLS-DHE-DSS-WITH-AES-256-CBC-SHA. - choice | TLS-DHE-DSS-WITH-AES-128-CBC-SHA256 | Cipher suite TLS-DHE-DSS-WITH-AES-128-CBC-SHA256. - choice | TLS-DHE-DSS-WITH-AES-128-GCM-SHA256 | Cipher suite TLS-DHE-DSS-WITH-AES-128-GCM-SHA256. - choice | TLS-DHE-DSS-WITH-AES-256-CBC-SHA256 | Cipher suite TLS-DHE-DSS-WITH-AES-256-CBC-SHA256. - choice | TLS-DHE-DSS-WITH-AES-256-GCM-SHA384 | Cipher suite TLS-DHE-DSS-WITH-AES-256-GCM-SHA384. - choice | TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA256 | Cipher suite TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA256. - choice | TLS-ECDHE-RSA-WITH-AES-128-GCM-SHA256 | Cipher suite TLS-ECDHE-RSA-WITH-AES-128-GCM-SHA256. - choice | TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA384 | Cipher suite TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA384. - choice | TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384 | Cipher suite TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384. - choice | TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA | Cipher suite TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA. - choice | TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA256 | Cipher suite TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA256. - choice | TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256 | Cipher suite TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256. - choice | TLS-ECDHE-ECDSA-WITH-AES-256-CBC-SHA384 | Cipher suite TLS-ECDHE-ECDSA-WITH-AES-256-CBC-SHA384. - choice | TLS-ECDHE-ECDSA-WITH-AES-256-GCM-SHA384 | Cipher suite TLS-ECDHE-ECDSA-WITH-AES-256-GCM-SHA384. - choice | TLS-RSA-WITH-AES-128-GCM-SHA256 | Cipher suite TLS-RSA-WITH-AES-128-GCM-SHA256. - choice | TLS-RSA-WITH-AES-256-GCM-SHA384 | Cipher suite TLS-RSA-WITH-AES-256-GCM-SHA384. - choice | TLS-DHE-DSS-WITH-CAMELLIA-128-CBC-SHA | Cipher suite TLS-DSS-RSA-WITH-CAMELLIA-128-CBC-SHA. - choice | TLS-DHE-DSS-WITH-CAMELLIA-256-CBC-SHA | Cipher suite TLS-DHE-DSS-WITH-CAMELLIA-256-CBC-SHA. - choice | TLS-DHE-DSS-WITH-CAMELLIA-128-CBC-SHA256 | Cipher suite TLS-DHE-DSS-WITH-CAMELLIA-128-CBC-SHA256. - choice | TLS-DHE-DSS-WITH-CAMELLIA-256-CBC-SHA256 | Cipher suite TLS-DHE-DSS-WITH-CAMELLIA-256-CBC-SHA256. - choice | TLS-DHE-DSS-WITH-SEED-CBC-SHA | Cipher suite TLS-DHE-DSS-WITH-SEED-CBC-SHA. - choice | TLS-DHE-DSS-WITH-ARIA-128-CBC-SHA256 | Cipher suite TLS-DHE-DSS-WITH-ARIA-128-CBC-SHA256. - choice | TLS-DHE-DSS-WITH-ARIA-256-CBC-SHA384 | Cipher suite TLS-DHE-DSS-WITH-ARIA-256-CBC-SHA384. - choice | TLS-ECDHE-RSA-WITH-ARIA-128-CBC-SHA256 | Cipher suite TLS-ECDHE-RSA-WITH-ARIA-128-CBC-SHA256. - choice | TLS-ECDHE-RSA-WITH-ARIA-256-CBC-SHA384 | Cipher suite TLS-ECDHE-RSA-WITH-ARIA-256-CBC-SHA384. - choice | TLS-ECDHE-ECDSA-WITH-ARIA-128-CBC-SHA256 | Cipher suite TLS-ECDHE-ECDSA-WITH-ARIA-128-CBC_SHA256. - choice | TLS-ECDHE-ECDSA-WITH-ARIA-256-CBC-SHA384 | Cipher suite TLS-ECDHE-ECDSA-WITH-ARIA-256-CBC_SHA384. - choice | TLS-DHE-DSS-WITH-3DES-EDE-CBC-SHA | Cipher suite TLS-DHE-DSS-WITH-3DES-EDE-CBC-SHA. - choice | TLS-DHE-DSS-WITH-DES-CBC-SHA | Cipher suite TLS-DHE-DSS-WITH-DES-CBC-SHA. required: false choices: ["TLS-RSA-WITH-RC4-128-MD5", "TLS-RSA-WITH-RC4-128-SHA", "TLS-RSA-WITH-DES-CBC-SHA", "TLS-RSA-WITH-3DES-EDE-CBC-SHA", "TLS-RSA-WITH-AES-128-CBC-SHA", "TLS-RSA-WITH-AES-256-CBC-SHA", "TLS-RSA-WITH-AES-128-CBC-SHA256", "TLS-RSA-WITH-AES-256-CBC-SHA256", "TLS-RSA-WITH-CAMELLIA-128-CBC-SHA", "TLS-RSA-WITH-CAMELLIA-256-CBC-SHA", "TLS-RSA-WITH-CAMELLIA-128-CBC-SHA256", "TLS-RSA-WITH-CAMELLIA-256-CBC-SHA256", "TLS-RSA-WITH-SEED-CBC-SHA", "TLS-RSA-WITH-ARIA-128-CBC-SHA256", "TLS-RSA-WITH-ARIA-256-CBC-SHA384", "TLS-DHE-RSA-WITH-DES-CBC-SHA", "TLS-DHE-RSA-WITH-3DES-EDE-CBC-SHA", "TLS-DHE-RSA-WITH-AES-128-CBC-SHA", "TLS-DHE-RSA-WITH-AES-256-CBC-SHA", "TLS-DHE-RSA-WITH-AES-128-CBC-SHA256", "TLS-DHE-RSA-WITH-AES-256-CBC-SHA256", "TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA", "TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA", "TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA256", "TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA256", "TLS-DHE-RSA-WITH-SEED-CBC-SHA", "TLS-DHE-RSA-WITH-ARIA-128-CBC-SHA256", "TLS-DHE-RSA-WITH-ARIA-256-CBC-SHA384", "TLS-ECDHE-RSA-WITH-RC4-128-SHA", "TLS-ECDHE-RSA-WITH-3DES-EDE-CBC-SHA", "TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA", "TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA", "TLS-ECDHE-RSA-WITH-CHACHA20-POLY1305-SHA256", "TLS-ECDHE-ECDSA-WITH-CHACHA20-POLY1305-SHA256", "TLS-DHE-RSA-WITH-CHACHA20-POLY1305-SHA256", "TLS-DHE-RSA-WITH-AES-128-GCM-SHA256", "TLS-DHE-RSA-WITH-AES-256-GCM-SHA384", "TLS-DHE-DSS-WITH-AES-128-CBC-SHA", "TLS-DHE-DSS-WITH-AES-256-CBC-SHA", "TLS-DHE-DSS-WITH-AES-128-CBC-SHA256", "TLS-DHE-DSS-WITH-AES-128-GCM-SHA256", "TLS-DHE-DSS-WITH-AES-256-CBC-SHA256", "TLS-DHE-DSS-WITH-AES-256-GCM-SHA384", "TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA256", "TLS-ECDHE-RSA-WITH-AES-128-GCM-SHA256", "TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA384", "TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384", "TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA", "TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA256", "TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256", "TLS-ECDHE-ECDSA-WITH-AES-256-CBC-SHA384", "TLS-ECDHE-ECDSA-WITH-AES-256-GCM-SHA384", "TLS-RSA-WITH-AES-128-GCM-SHA256", "TLS-RSA-WITH-AES-256-GCM-SHA384", "TLS-DHE-DSS-WITH-CAMELLIA-128-CBC-SHA", "TLS-DHE-DSS-WITH-CAMELLIA-256-CBC-SHA", "TLS-DHE-DSS-WITH-CAMELLIA-128-CBC-SHA256", "TLS-DHE-DSS-WITH-CAMELLIA-256-CBC-SHA256", "TLS-DHE-DSS-WITH-SEED-CBC-SHA", "TLS-DHE-DSS-WITH-ARIA-128-CBC-SHA256", "TLS-DHE-DSS-WITH-ARIA-256-CBC-SHA384", "TLS-ECDHE-RSA-WITH-ARIA-128-CBC-SHA256", "TLS-ECDHE-RSA-WITH-ARIA-256-CBC-SHA384", "TLS-ECDHE-ECDSA-WITH-ARIA-128-CBC-SHA256", "TLS-ECDHE-ECDSA-WITH-ARIA-256-CBC-SHA384", "TLS-DHE-DSS-WITH-3DES-EDE-CBC-SHA", "TLS-DHE-DSS-WITH-DES-CBC-SHA"] ssl_server_cipher_suites_priority: description: - SSL/TLS cipher suites priority. required: false ssl_server_cipher_suites_versions: description: - SSL/TLS versions that the cipher suite can be used with. - FLAG Based Options. Specify multiple in list form. - flag | ssl-3.0 | SSL 3.0. - flag | tls-1.0 | TLS 1.0. - flag | tls-1.1 | TLS 1.1. - flag | tls-1.2 | TLS 1.2. required: false choices: ["ssl-3.0", "tls-1.0", "tls-1.1", "tls-1.2"] ''' EXAMPLES = ''' # BASIC FULL STATIC NAT MAPPING - name: EDIT FMGR_FIREWALL_VIP SNAT fmgr_fwobj_vip: host: "{{ inventory_hostname }}" username: "{{ username }}" password: "{{ password }}" name: "Basic StaticNAT Map" mode: "set" adom: "ansible" type: "static-nat" extip: "82.72.192.185" extintf: "any" mappedip: "10.7.220.25" comment: "Created by Ansible" color: "17" # BASIC PORT PNAT MAPPING - name: EDIT FMGR_FIREWALL_VIP PNAT fmgr_fwobj_vip: host: "{{ inventory_hostname }}" username: "{{ username }}" password: "{{ password }}" name: "Basic PNAT Map Port 10443" mode: "set" adom: "ansible" type: "static-nat" extip: "82.72.192.185" extport: "10443" extintf: "any" portforward: "enable" protocol: "tcp" mappedip: "10.7.220.25" mappedport: "443" comment: "Created by Ansible" color: "17" # BASIC DNS TRANSLATION NAT - name: EDIT FMGR_FIREWALL_DNST fmgr_fwobj_vip: host: "{{ inventory_hostname }}" username: "{{ username }}" password: "{{ password }}" name: "Basic DNS Translation" mode: "set" adom: "ansible" type: "dns-translation" extip: "192.168.0.1-192.168.0.100" extintf: "dmz" mappedip: "3.3.3.0/24, 4.0.0.0/24" comment: "Created by Ansible" color: "12" # BASIC FQDN NAT - name: EDIT FMGR_FIREWALL_FQDN fmgr_fwobj_vip: host: "{{ inventory_hostname }}" username: "{{ username }}" password: "{{ password }}" name: "Basic FQDN Translation" mode: "set" adom: "ansible" type: "fqdn" mapped_addr: "google-play" comment: "Created by Ansible" color: "5" # DELETE AN ENTRY - name: DELETE FMGR_FIREWALL_VIP PNAT fmgr_fwobj_vip: host: "{{ inventory_hostname }}" username: "{{ username }}" password: "{{ password }}" name: "Basic PNAT Map Port 10443" mode: "delete" adom: "ansible" ''' RETURN = """ api_result: description: full API response, includes status code and message returned: always type: string """ from ansible.module_utils.basic import AnsibleModule, env_fallback from ansible.module_utils.network.fortimanager.fortimanager import AnsibleFortiManager # check for pyFMG lib try: from pyFMG.fortimgr import FortiManager HAS_PYFMGR = True except ImportError: HAS_PYFMGR = False ############### # START METHODS ############### def fmgr_firewall_vip_addsetdelete(fmg, paramgram): """ fmgr_firewall_vip -- Add/Set/Deletes Firewall Virtual IP Objects """ mode = paramgram["mode"] adom = paramgram["adom"] # INIT A BASIC OBJECTS response = (-100000, {"msg": "Illegal or malformed paramgram discovered. System Exception"}) url = "" datagram = {} # EVAL THE MODE PARAMETER FOR SET OR ADD if mode in ['set', 'add', 'update']: url = '/pm/config/adom/{adom}/obj/firewall/vip'.format(adom=adom) datagram = fmgr_del_none(fmgr_prepare_dict(paramgram)) # EVAL THE MODE PARAMETER FOR DELETE elif mode == "delete": # SET THE CORRECT URL FOR DELETE url = '/pm/config/adom/{adom}/obj/firewall/vip/{name}'.format(adom=adom, name=paramgram["name"]) datagram = {} # IF MODE = SET -- USE THE 'SET' API CALL MODE if mode == "set": response = fmg.set(url, datagram) # IF MODE = UPDATE -- USER THE 'UPDATE' API CALL MODE elif mode == "update": response = fmg.update(url, datagram) # IF MODE = ADD -- USE THE 'ADD' API CALL MODE elif mode == "add": response = fmg.add(url, datagram) # IF MODE = DELETE -- USE THE DELETE URL AND API CALL MODE elif mode == "delete": response = fmg.delete(url, datagram) return response # ADDITIONAL COMMON FUNCTIONS def fmgr_logout(fmg, module, msg="NULL", results=(), good_codes=(0,), logout_on_fail=True, logout_on_success=False): """ THIS METHOD CONTROLS THE LOGOUT AND ERROR REPORTING AFTER AN METHOD OR FUNCTION RUNS """ # VALIDATION ERROR (NO RESULTS, JUST AN EXIT) if msg != "NULL" and len(results) == 0: try: fmg.logout() except: pass module.fail_json(msg=msg) # SUBMISSION ERROR if len(results) > 0: if msg == "NULL": try: msg = results[1]['status']['message'] except: msg = "No status message returned from pyFMG. Possible that this was a GET with a tuple result." if results[0] not in good_codes: if logout_on_fail: fmg.logout() module.fail_json(msg=msg, **results[1]) else: if logout_on_success: fmg.logout() module.exit_json(msg="API Called worked, but logout handler has been asked to logout on success", **results[1]) return msg # FUNCTION/METHOD FOR CONVERTING CIDR TO A NETMASK # DID NOT USE IP ADDRESS MODULE TO KEEP INCLUDES TO A MINIMUM def fmgr_cidr_to_netmask(cidr): cidr = int(cidr) mask = (0xffffffff >> (32 - cidr)) << (32 - cidr) return (str((0xff000000 & mask) >> 24) + '.' + str((0x00ff0000 & mask) >> 16) + '.' + str((0x0000ff00 & mask) >> 8) + '.' + str((0x000000ff & mask))) # utility function: removing keys wih value of None, nothing in playbook for that key def fmgr_del_none(obj): if isinstance(obj, dict): return type(obj)((fmgr_del_none(k), fmgr_del_none(v)) for k, v in obj.items() if k is not None and (v is not None and not fmgr_is_empty_dict(v))) else: return obj # utility function: remove keys that are need for the logic but the FMG API won't accept them def fmgr_prepare_dict(obj): list_of_elems = ["mode", "adom", "host", "username", "password"] if isinstance(obj, dict): obj = dict((key, fmgr_prepare_dict(value)) for (key, value) in obj.items() if key not in list_of_elems) return obj def fmgr_is_empty_dict(obj): return_val = False if isinstance(obj, dict): if len(obj) > 0: for k, v in obj.items(): if isinstance(v, dict): if len(v) == 0: return_val = True elif len(v) > 0: for k1, v1 in v.items(): if v1 is None: return_val = True elif v1 is not None: return_val = False return return_val elif v is None: return_val = True elif v is not None: return_val = False return return_val elif len(obj) == 0: return_val = True return return_val def fmgr_split_comma_strings_into_lists(obj): if isinstance(obj, dict): if len(obj) > 0: for k, v in obj.items(): if isinstance(v, str): new_list = list() if "," in v: new_items = v.split(",") for item in new_items: new_list.append(item.strip()) obj[k] = new_list return obj ############# # END METHODS ############# def main(): argument_spec = dict( adom=dict(type="str", default="root"), host=dict(required=True, type="str"), password=dict(fallback=(env_fallback, ["ANSIBLE_NET_PASSWORD"]), no_log=True, required=True), username=dict(fallback=(env_fallback, ["ANSIBLE_NET_USERNAME"]), no_log=True, required=True), mode=dict(choices=["add", "set", "delete", "update"], type="str", default="add"), websphere_server=dict(required=False, type="str", choices=["disable", "enable"]), weblogic_server=dict(required=False, type="str", choices=["disable", "enable"]), type=dict(required=False, type="str", choices=["static-nat", "load-balance", "server-load-balance", "dns-translation", "fqdn"]), ssl_server_session_state_type=dict(required=False, type="str", choices=["disable", "time", "count", "both"]), ssl_server_session_state_timeout=dict(required=False, type="int"), ssl_server_session_state_max=dict(required=False, type="int"), ssl_server_min_version=dict(required=False, type="str", choices=["ssl-3.0", "tls-1.0", "tls-1.1", "tls-1.2", "client"]), ssl_server_max_version=dict(required=False, type="str", choices=["ssl-3.0", "tls-1.0", "tls-1.1", "tls-1.2", "client"]), ssl_server_algorithm=dict(required=False, type="str", choices=["high", "low", "medium", "custom", "client"]), ssl_send_empty_frags=dict(required=False, type="str", choices=["disable", "enable"]), ssl_pfs=dict(required=False, type="str", choices=["require", "deny", "allow"]), ssl_mode=dict(required=False, type="str", choices=["half", "full"]), ssl_min_version=dict(required=False, type="str", choices=["ssl-3.0", "tls-1.0", "tls-1.1", "tls-1.2"]), ssl_max_version=dict(required=False, type="str", choices=["ssl-3.0", "tls-1.0", "tls-1.1", "tls-1.2"]), ssl_http_match_host=dict(required=False, type="str", choices=["disable", "enable"]), ssl_http_location_conversion=dict(required=False, type="str", choices=["disable", "enable"]), ssl_hsts_include_subdomains=dict(required=False, type="str", choices=["disable", "enable"]), ssl_hsts_age=dict(required=False, type="int"), ssl_hsts=dict(required=False, type="str", choices=["disable", "enable"]), ssl_hpkp_report_uri=dict(required=False, type="str"), ssl_hpkp_primary=dict(required=False, type="str"), ssl_hpkp_include_subdomains=dict(required=False, type="str", choices=["disable", "enable"]), ssl_hpkp_backup=dict(required=False, type="str"), ssl_hpkp_age=dict(required=False, type="int"), ssl_hpkp=dict(required=False, type="str", choices=["disable", "enable", "report-only"]), ssl_dh_bits=dict(required=False, type="str", choices=["768", "1024", "1536", "2048", "3072", "4096"]), ssl_client_session_state_type=dict(required=False, type="str", choices=["disable", "time", "count", "both"]), ssl_client_session_state_timeout=dict(required=False, type="int"), ssl_client_session_state_max=dict(required=False, type="int"), ssl_client_renegotiation=dict(required=False, type="str", choices=["deny", "allow", "secure"]), ssl_client_fallback=dict(required=False, type="str", choices=["disable", "enable"]), ssl_certificate=dict(required=False, type="str"), ssl_algorithm=dict(required=False, type="str", choices=["high", "medium", "low", "custom"]), srcintf_filter=dict(required=False, type="str"), src_filter=dict(required=False, type="str"), service=dict(required=False, type="str"), server_type=dict(required=False, type="str", choices=["http", "https", "ssl", "tcp", "udp", "ip", "imaps", "pop3s", "smtps"]), protocol=dict(required=False, type="str", choices=["tcp", "udp", "sctp", "icmp"]), portmapping_type=dict(required=False, type="str", choices=["1-to-1", "m-to-n"]), portforward=dict(required=False, type="str", choices=["disable", "enable"]), persistence=dict(required=False, type="str", choices=["none", "http-cookie", "ssl-session-id"]), outlook_web_access=dict(required=False, type="str", choices=["disable", "enable"]), nat_source_vip=dict(required=False, type="str", choices=["disable", "enable"]), name=dict(required=False, type="str"), monitor=dict(required=False, type="str"), max_embryonic_connections=dict(required=False, type="int"), mappedport=dict(required=False, type="str"), mappedip=dict(required=False, type="str"), mapped_addr=dict(required=False, type="str"), ldb_method=dict(required=False, type="str", choices=["static", "round-robin", "weighted", "least-session", "least-rtt", "first-alive", "http-host"]), https_cookie_secure=dict(required=False, type="str", choices=["disable", "enable"]), http_multiplex=dict(required=False, type="str", choices=["disable", "enable"]), http_ip_header_name=dict(required=False, type="str"), http_ip_header=dict(required=False, type="str", choices=["disable", "enable"]), http_cookie_share=dict(required=False, type="str", choices=["disable", "same-ip"]), http_cookie_path=dict(required=False, type="str"), http_cookie_generation=dict(required=False, type="int"), http_cookie_domain_from_host=dict(required=False, type="str", choices=["disable", "enable"]), http_cookie_domain=dict(required=False, type="str"), http_cookie_age=dict(required=False, type="int"), gratuitous_arp_interval=dict(required=False, type="int"), extport=dict(required=False, type="str"), extip=dict(required=False, type="str"), extintf=dict(required=False, type="str"), extaddr=dict(required=False, type="str"), dns_mapping_ttl=dict(required=False, type="int"), comment=dict(required=False, type="str"), color=dict(required=False, type="int"), arp_reply=dict(required=False, type="str", choices=["disable", "enable"]), dynamic_mapping=dict(required=False, type="list"), dynamic_mapping_arp_reply=dict(required=False, type="str", choices=["disable", "enable"]), dynamic_mapping_color=dict(required=False, type="int"), dynamic_mapping_comment=dict(required=False, type="str"), dynamic_mapping_dns_mapping_ttl=dict(required=False, type="int"), dynamic_mapping_extaddr=dict(required=False, type="str"), dynamic_mapping_extintf=dict(required=False, type="str"), dynamic_mapping_extip=dict(required=False, type="str"), dynamic_mapping_extport=dict(required=False, type="str"), dynamic_mapping_gratuitous_arp_interval=dict(required=False, type="int"), dynamic_mapping_http_cookie_age=dict(required=False, type="int"), dynamic_mapping_http_cookie_domain=dict(required=False, type="str"), dynamic_mapping_http_cookie_domain_from_host=dict(required=False, type="str", choices=["disable", "enable"]), dynamic_mapping_http_cookie_generation=dict(required=False, type="int"), dynamic_mapping_http_cookie_path=dict(required=False, type="str"), dynamic_mapping_http_cookie_share=dict(required=False, type="str", choices=["disable", "same-ip"]), dynamic_mapping_http_ip_header=dict(required=False, type="str", choices=["disable", "enable"]), dynamic_mapping_http_ip_header_name=dict(required=False, type="str"), dynamic_mapping_http_multiplex=dict(required=False, type="str", choices=["disable", "enable"]), dynamic_mapping_https_cookie_secure=dict(required=False, type="str", choices=["disable", "enable"]), dynamic_mapping_ldb_method=dict(required=False, type="str", choices=["static", "round-robin", "weighted", "least-session", "least-rtt", "first-alive", "http-host"]), dynamic_mapping_mapped_addr=dict(required=False, type="str"), dynamic_mapping_mappedip=dict(required=False, type="str"), dynamic_mapping_mappedport=dict(required=False, type="str"), dynamic_mapping_max_embryonic_connections=dict(required=False, type="int"), dynamic_mapping_monitor=dict(required=False, type="str"), dynamic_mapping_nat_source_vip=dict(required=False, type="str", choices=["disable", "enable"]), dynamic_mapping_outlook_web_access=dict(required=False, type="str", choices=["disable", "enable"]), dynamic_mapping_persistence=dict(required=False, type="str", choices=["none", "http-cookie", "ssl-session-id"]), dynamic_mapping_portforward=dict(required=False, type="str", choices=["disable", "enable"]), dynamic_mapping_portmapping_type=dict(required=False, type="str", choices=["1-to-1", "m-to-n"]), dynamic_mapping_protocol=dict(required=False, type="str", choices=["tcp", "udp", "sctp", "icmp"]), dynamic_mapping_server_type=dict(required=False, type="str", choices=["http", "https", "ssl", "tcp", "udp", "ip", "imaps", "pop3s", "smtps"]), dynamic_mapping_service=dict(required=False, type="str"), dynamic_mapping_src_filter=dict(required=False, type="str"), dynamic_mapping_srcintf_filter=dict(required=False, type="str"), dynamic_mapping_ssl_algorithm=dict(required=False, type="str", choices=["high", "medium", "low", "custom"]), dynamic_mapping_ssl_certificate=dict(required=False, type="str"), dynamic_mapping_ssl_client_fallback=dict(required=False, type="str", choices=["disable", "enable"]), dynamic_mapping_ssl_client_renegotiation=dict(required=False, type="str", choices=["deny", "allow", "secure"]), dynamic_mapping_ssl_client_session_state_max=dict(required=False, type="int"), dynamic_mapping_ssl_client_session_state_timeout=dict(required=False, type="int"), dynamic_mapping_ssl_client_session_state_type=dict(required=False, type="str", choices=["disable", "time", "count", "both"]), dynamic_mapping_ssl_dh_bits=dict(required=False, type="str", choices=["768", "1024", "1536", "2048", "3072", "4096"]), dynamic_mapping_ssl_hpkp=dict(required=False, type="str", choices=["disable", "enable", "report-only"]), dynamic_mapping_ssl_hpkp_age=dict(required=False, type="int"), dynamic_mapping_ssl_hpkp_backup=dict(required=False, type="str"), dynamic_mapping_ssl_hpkp_include_subdomains=dict(required=False, type="str", choices=["disable", "enable"]), dynamic_mapping_ssl_hpkp_primary=dict(required=False, type="str"), dynamic_mapping_ssl_hpkp_report_uri=dict(required=False, type="str"), dynamic_mapping_ssl_hsts=dict(required=False, type="str", choices=["disable", "enable"]), dynamic_mapping_ssl_hsts_age=dict(required=False, type="int"), dynamic_mapping_ssl_hsts_include_subdomains=dict(required=False, type="str", choices=["disable", "enable"]), dynamic_mapping_ssl_http_location_conversion=dict(required=False, type="str", choices=["disable", "enable"]), dynamic_mapping_ssl_http_match_host=dict(required=False, type="str", choices=["disable", "enable"]), dynamic_mapping_ssl_max_version=dict(required=False, type="str", choices=["ssl-3.0", "tls-1.0", "tls-1.1", "tls-1.2"]), dynamic_mapping_ssl_min_version=dict(required=False, type="str", choices=["ssl-3.0", "tls-1.0", "tls-1.1", "tls-1.2"]), dynamic_mapping_ssl_mode=dict(required=False, type="str", choices=["half", "full"]), dynamic_mapping_ssl_pfs=dict(required=False, type="str", choices=["require", "deny", "allow"]), dynamic_mapping_ssl_send_empty_frags=dict(required=False, type="str", choices=["disable", "enable"]), dynamic_mapping_ssl_server_algorithm=dict(required=False, type="str", choices=["high", "low", "medium", "custom", "client"]), dynamic_mapping_ssl_server_max_version=dict(required=False, type="str", choices=["ssl-3.0", "tls-1.0", "tls-1.1", "tls-1.2", "client"]), dynamic_mapping_ssl_server_min_version=dict(required=False, type="str", choices=["ssl-3.0", "tls-1.0", "tls-1.1", "tls-1.2", "client"]), dynamic_mapping_ssl_server_session_state_max=dict(required=False, type="int"), dynamic_mapping_ssl_server_session_state_timeout=dict(required=False, type="int"), dynamic_mapping_ssl_server_session_state_type=dict(required=False, type="str", choices=["disable", "time", "count", "both"]), dynamic_mapping_type=dict(required=False, type="str", choices=["static-nat", "load-balance", "server-load-balance", "dns-translation", "fqdn"]), dynamic_mapping_weblogic_server=dict(required=False, type="str", choices=["disable", "enable"]), dynamic_mapping_websphere_server=dict(required=False, type="str", choices=["disable", "enable"]), dynamic_mapping_realservers_client_ip=dict(required=False, type="str"), dynamic_mapping_realservers_healthcheck=dict(required=False, type="str", choices=["disable", "enable", "vip"]), dynamic_mapping_realservers_holddown_interval=dict(required=False, type="int"), dynamic_mapping_realservers_http_host=dict(required=False, type="str"), dynamic_mapping_realservers_ip=dict(required=False, type="str"), dynamic_mapping_realservers_max_connections=dict(required=False, type="int"), dynamic_mapping_realservers_monitor=dict(required=False, type="str"), dynamic_mapping_realservers_port=dict(required=False, type="int"), dynamic_mapping_realservers_seq=dict(required=False, type="str"), dynamic_mapping_realservers_status=dict(required=False, type="str", choices=["active", "standby", "disable"]), dynamic_mapping_realservers_weight=dict(required=False, type="int"), dynamic_mapping_ssl_cipher_suites_cipher=dict(required=False, type="str", choices=["TLS-RSA-WITH-RC4-128-MD5", "TLS-RSA-WITH-RC4-128-SHA", "TLS-RSA-WITH-DES-CBC-SHA", "TLS-RSA-WITH-3DES-EDE-CBC-SHA", "TLS-RSA-WITH-AES-128-CBC-SHA", "TLS-RSA-WITH-AES-256-CBC-SHA", "TLS-RSA-WITH-AES-128-CBC-SHA256", "TLS-RSA-WITH-AES-256-CBC-SHA256", "TLS-RSA-WITH-CAMELLIA-128-CBC-SHA", "TLS-RSA-WITH-CAMELLIA-256-CBC-SHA", "TLS-RSA-WITH-CAMELLIA-128-CBC-SHA256", "TLS-RSA-WITH-CAMELLIA-256-CBC-SHA256", "TLS-RSA-WITH-SEED-CBC-SHA", "TLS-RSA-WITH-ARIA-128-CBC-SHA256", "TLS-RSA-WITH-ARIA-256-CBC-SHA384", "TLS-DHE-RSA-WITH-DES-CBC-SHA", "TLS-DHE-RSA-WITH-3DES-EDE-CBC-SHA", "TLS-DHE-RSA-WITH-AES-128-CBC-SHA", "TLS-DHE-RSA-WITH-AES-256-CBC-SHA", "TLS-DHE-RSA-WITH-AES-128-CBC-SHA256", "TLS-DHE-RSA-WITH-AES-256-CBC-SHA256", "TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA", "TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA", "TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA256", "TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA256", "TLS-DHE-RSA-WITH-SEED-CBC-SHA", "TLS-DHE-RSA-WITH-ARIA-128-CBC-SHA256", "TLS-DHE-RSA-WITH-ARIA-256-CBC-SHA384", "TLS-ECDHE-RSA-WITH-RC4-128-SHA", "TLS-ECDHE-RSA-WITH-3DES-EDE-CBC-SHA", "TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA", "TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA", "TLS-ECDHE-RSA-WITH-CHACHA20-POLY1305-SHA256", "TLS-ECDHE-ECDSA-WITH-CHACHA20-POLY1305-SHA256", "TLS-DHE-RSA-WITH-CHACHA20-POLY1305-SHA256", "TLS-DHE-RSA-WITH-AES-128-GCM-SHA256", "TLS-DHE-RSA-WITH-AES-256-GCM-SHA384", "TLS-DHE-DSS-WITH-AES-128-CBC-SHA", "TLS-DHE-DSS-WITH-AES-256-CBC-SHA", "TLS-DHE-DSS-WITH-AES-128-CBC-SHA256", "TLS-DHE-DSS-WITH-AES-128-GCM-SHA256", "TLS-DHE-DSS-WITH-AES-256-CBC-SHA256", "TLS-DHE-DSS-WITH-AES-256-GCM-SHA384", "TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA256", "TLS-ECDHE-RSA-WITH-AES-128-GCM-SHA256", "TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA384", "TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384", "TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA", "TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA256", "TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256", "TLS-ECDHE-ECDSA-WITH-AES-256-CBC-SHA384", "TLS-ECDHE-ECDSA-WITH-AES-256-GCM-SHA384", "TLS-RSA-WITH-AES-128-GCM-SHA256", "TLS-RSA-WITH-AES-256-GCM-SHA384", "TLS-DHE-DSS-WITH-CAMELLIA-128-CBC-SHA", "TLS-DHE-DSS-WITH-CAMELLIA-256-CBC-SHA", "TLS-DHE-DSS-WITH-CAMELLIA-128-CBC-SHA256", "TLS-DHE-DSS-WITH-CAMELLIA-256-CBC-SHA256", "TLS-DHE-DSS-WITH-SEED-CBC-SHA", "TLS-DHE-DSS-WITH-ARIA-128-CBC-SHA256", "TLS-DHE-DSS-WITH-ARIA-256-CBC-SHA384", "TLS-ECDHE-RSA-WITH-ARIA-128-CBC-SHA256", "TLS-ECDHE-RSA-WITH-ARIA-256-CBC-SHA384", "TLS-ECDHE-ECDSA-WITH-ARIA-128-CBC-SHA256", "TLS-ECDHE-ECDSA-WITH-ARIA-256-CBC-SHA384", "TLS-DHE-DSS-WITH-3DES-EDE-CBC-SHA", "TLS-DHE-DSS-WITH-DES-CBC-SHA"]), dynamic_mapping_ssl_cipher_suites_versions=dict(required=False, type="str", choices=["ssl-3.0", "tls-1.0", "tls-1.1", "tls-1.2"]), realservers=dict(required=False, type="list"), realservers_client_ip=dict(required=False, type="str"), realservers_healthcheck=dict(required=False, type="str", choices=["disable", "enable", "vip"]), realservers_holddown_interval=dict(required=False, type="int"), realservers_http_host=dict(required=False, type="str"), realservers_ip=dict(required=False, type="str"), realservers_max_connections=dict(required=False, type="int"), realservers_monitor=dict(required=False, type="str"), realservers_port=dict(required=False, type="int"), realservers_seq=dict(required=False, type="str"), realservers_status=dict(required=False, type="str", choices=["active", "standby", "disable"]), realservers_weight=dict(required=False, type="int"), ssl_cipher_suites=dict(required=False, type="list"), ssl_cipher_suites_cipher=dict(required=False, type="str", choices=["TLS-RSA-WITH-RC4-128-MD5", "TLS-RSA-WITH-RC4-128-SHA", "TLS-RSA-WITH-DES-CBC-SHA", "TLS-RSA-WITH-3DES-EDE-CBC-SHA", "TLS-RSA-WITH-AES-128-CBC-SHA", "TLS-RSA-WITH-AES-256-CBC-SHA", "TLS-RSA-WITH-AES-128-CBC-SHA256", "TLS-RSA-WITH-AES-256-CBC-SHA256", "TLS-RSA-WITH-CAMELLIA-128-CBC-SHA", "TLS-RSA-WITH-CAMELLIA-256-CBC-SHA", "TLS-RSA-WITH-CAMELLIA-128-CBC-SHA256", "TLS-RSA-WITH-CAMELLIA-256-CBC-SHA256", "TLS-RSA-WITH-SEED-CBC-SHA", "TLS-RSA-WITH-ARIA-128-CBC-SHA256", "TLS-RSA-WITH-ARIA-256-CBC-SHA384", "TLS-DHE-RSA-WITH-DES-CBC-SHA", "TLS-DHE-RSA-WITH-3DES-EDE-CBC-SHA", "TLS-DHE-RSA-WITH-AES-128-CBC-SHA", "TLS-DHE-RSA-WITH-AES-256-CBC-SHA", "TLS-DHE-RSA-WITH-AES-128-CBC-SHA256", "TLS-DHE-RSA-WITH-AES-256-CBC-SHA256", "TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA", "TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA", "TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA256", "TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA256", "TLS-DHE-RSA-WITH-SEED-CBC-SHA", "TLS-DHE-RSA-WITH-ARIA-128-CBC-SHA256", "TLS-DHE-RSA-WITH-ARIA-256-CBC-SHA384", "TLS-ECDHE-RSA-WITH-RC4-128-SHA", "TLS-ECDHE-RSA-WITH-3DES-EDE-CBC-SHA", "TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA", "TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA", "TLS-ECDHE-RSA-WITH-CHACHA20-POLY1305-SHA256", "TLS-ECDHE-ECDSA-WITH-CHACHA20-POLY1305-SHA256", "TLS-DHE-RSA-WITH-CHACHA20-POLY1305-SHA256", "TLS-DHE-RSA-WITH-AES-128-GCM-SHA256", "TLS-DHE-RSA-WITH-AES-256-GCM-SHA384", "TLS-DHE-DSS-WITH-AES-128-CBC-SHA", "TLS-DHE-DSS-WITH-AES-256-CBC-SHA", "TLS-DHE-DSS-WITH-AES-128-CBC-SHA256", "TLS-DHE-DSS-WITH-AES-128-GCM-SHA256", "TLS-DHE-DSS-WITH-AES-256-CBC-SHA256", "TLS-DHE-DSS-WITH-AES-256-GCM-SHA384", "TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA256", "TLS-ECDHE-RSA-WITH-AES-128-GCM-SHA256", "TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA384", "TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384", "TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA", "TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA256", "TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256", "TLS-ECDHE-ECDSA-WITH-AES-256-CBC-SHA384", "TLS-ECDHE-ECDSA-WITH-AES-256-GCM-SHA384", "TLS-RSA-WITH-AES-128-GCM-SHA256", "TLS-RSA-WITH-AES-256-GCM-SHA384", "TLS-DHE-DSS-WITH-CAMELLIA-128-CBC-SHA", "TLS-DHE-DSS-WITH-CAMELLIA-256-CBC-SHA", "TLS-DHE-DSS-WITH-CAMELLIA-128-CBC-SHA256", "TLS-DHE-DSS-WITH-CAMELLIA-256-CBC-SHA256", "TLS-DHE-DSS-WITH-SEED-CBC-SHA", "TLS-DHE-DSS-WITH-ARIA-128-CBC-SHA256", "TLS-DHE-DSS-WITH-ARIA-256-CBC-SHA384", "TLS-ECDHE-RSA-WITH-ARIA-128-CBC-SHA256", "TLS-ECDHE-RSA-WITH-ARIA-256-CBC-SHA384", "TLS-ECDHE-ECDSA-WITH-ARIA-128-CBC-SHA256", "TLS-ECDHE-ECDSA-WITH-ARIA-256-CBC-SHA384", "TLS-DHE-DSS-WITH-3DES-EDE-CBC-SHA", "TLS-DHE-DSS-WITH-DES-CBC-SHA"]), ssl_cipher_suites_versions=dict(required=False, type="str", choices=["ssl-3.0", "tls-1.0", "tls-1.1", "tls-1.2"]), ssl_server_cipher_suites=dict(required=False, type="list"), ssl_server_cipher_suites_cipher=dict(required=False, type="str", choices=["TLS-RSA-WITH-RC4-128-MD5", "TLS-RSA-WITH-RC4-128-SHA", "TLS-RSA-WITH-DES-CBC-SHA", "TLS-RSA-WITH-3DES-EDE-CBC-SHA", "TLS-RSA-WITH-AES-128-CBC-SHA", "TLS-RSA-WITH-AES-256-CBC-SHA", "TLS-RSA-WITH-AES-128-CBC-SHA256", "TLS-RSA-WITH-AES-256-CBC-SHA256", "TLS-RSA-WITH-CAMELLIA-128-CBC-SHA", "TLS-RSA-WITH-CAMELLIA-256-CBC-SHA", "TLS-RSA-WITH-CAMELLIA-128-CBC-SHA256", "TLS-RSA-WITH-CAMELLIA-256-CBC-SHA256", "TLS-RSA-WITH-SEED-CBC-SHA", "TLS-RSA-WITH-ARIA-128-CBC-SHA256", "TLS-RSA-WITH-ARIA-256-CBC-SHA384", "TLS-DHE-RSA-WITH-DES-CBC-SHA", "TLS-DHE-RSA-WITH-3DES-EDE-CBC-SHA", "TLS-DHE-RSA-WITH-AES-128-CBC-SHA", "TLS-DHE-RSA-WITH-AES-256-CBC-SHA", "TLS-DHE-RSA-WITH-AES-128-CBC-SHA256", "TLS-DHE-RSA-WITH-AES-256-CBC-SHA256", "TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA", "TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA", "TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA256", "TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA256", "TLS-DHE-RSA-WITH-SEED-CBC-SHA", "TLS-DHE-RSA-WITH-ARIA-128-CBC-SHA256", "TLS-DHE-RSA-WITH-ARIA-256-CBC-SHA384", "TLS-ECDHE-RSA-WITH-RC4-128-SHA", "TLS-ECDHE-RSA-WITH-3DES-EDE-CBC-SHA", "TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA", "TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA", "TLS-ECDHE-RSA-WITH-CHACHA20-POLY1305-SHA256", "TLS-ECDHE-ECDSA-WITH-CHACHA20-POLY1305-SHA256", "TLS-DHE-RSA-WITH-CHACHA20-POLY1305-SHA256", "TLS-DHE-RSA-WITH-AES-128-GCM-SHA256", "TLS-DHE-RSA-WITH-AES-256-GCM-SHA384", "TLS-DHE-DSS-WITH-AES-128-CBC-SHA", "TLS-DHE-DSS-WITH-AES-256-CBC-SHA", "TLS-DHE-DSS-WITH-AES-128-CBC-SHA256", "TLS-DHE-DSS-WITH-AES-128-GCM-SHA256", "TLS-DHE-DSS-WITH-AES-256-CBC-SHA256", "TLS-DHE-DSS-WITH-AES-256-GCM-SHA384", "TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA256", "TLS-ECDHE-RSA-WITH-AES-128-GCM-SHA256", "TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA384", "TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384", "TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA", "TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA256", "TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256", "TLS-ECDHE-ECDSA-WITH-AES-256-CBC-SHA384", "TLS-ECDHE-ECDSA-WITH-AES-256-GCM-SHA384", "TLS-RSA-WITH-AES-128-GCM-SHA256", "TLS-RSA-WITH-AES-256-GCM-SHA384", "TLS-DHE-DSS-WITH-CAMELLIA-128-CBC-SHA", "TLS-DHE-DSS-WITH-CAMELLIA-256-CBC-SHA", "TLS-DHE-DSS-WITH-CAMELLIA-128-CBC-SHA256", "TLS-DHE-DSS-WITH-CAMELLIA-256-CBC-SHA256", "TLS-DHE-DSS-WITH-SEED-CBC-SHA", "TLS-DHE-DSS-WITH-ARIA-128-CBC-SHA256", "TLS-DHE-DSS-WITH-ARIA-256-CBC-SHA384", "TLS-ECDHE-RSA-WITH-ARIA-128-CBC-SHA256", "TLS-ECDHE-RSA-WITH-ARIA-256-CBC-SHA384", "TLS-ECDHE-ECDSA-WITH-ARIA-128-CBC-SHA256", "TLS-ECDHE-ECDSA-WITH-ARIA-256-CBC-SHA384", "TLS-DHE-DSS-WITH-3DES-EDE-CBC-SHA", "TLS-DHE-DSS-WITH-DES-CBC-SHA"]), ssl_server_cipher_suites_priority=dict(required=False, type="str"), ssl_server_cipher_suites_versions=dict(required=False, type="str", choices=["ssl-3.0", "tls-1.0", "tls-1.1", "tls-1.2"]), ) module = AnsibleModule(argument_spec, supports_check_mode=False) # MODULE PARAMGRAM paramgram = { "mode": module.params["mode"], "adom": module.params["adom"], "websphere-server": module.params["websphere_server"], "weblogic-server": module.params["weblogic_server"], "type": module.params["type"], "ssl-server-session-state-type": module.params["ssl_server_session_state_type"], "ssl-server-session-state-timeout": module.params["ssl_server_session_state_timeout"], "ssl-server-session-state-max": module.params["ssl_server_session_state_max"], "ssl-server-min-version": module.params["ssl_server_min_version"], "ssl-server-max-version": module.params["ssl_server_max_version"], "ssl-server-algorithm": module.params["ssl_server_algorithm"], "ssl-send-empty-frags": module.params["ssl_send_empty_frags"], "ssl-pfs": module.params["ssl_pfs"], "ssl-mode": module.params["ssl_mode"], "ssl-min-version": module.params["ssl_min_version"], "ssl-max-version": module.params["ssl_max_version"], "ssl-http-match-host": module.params["ssl_http_match_host"], "ssl-http-location-conversion": module.params["ssl_http_location_conversion"], "ssl-hsts-include-subdomains": module.params["ssl_hsts_include_subdomains"], "ssl-hsts-age": module.params["ssl_hsts_age"], "ssl-hsts": module.params["ssl_hsts"], "ssl-hpkp-report-uri": module.params["ssl_hpkp_report_uri"], "ssl-hpkp-primary": module.params["ssl_hpkp_primary"], "ssl-hpkp-include-subdomains": module.params["ssl_hpkp_include_subdomains"], "ssl-hpkp-backup": module.params["ssl_hpkp_backup"], "ssl-hpkp-age": module.params["ssl_hpkp_age"], "ssl-hpkp": module.params["ssl_hpkp"], "ssl-dh-bits": module.params["ssl_dh_bits"], "ssl-client-session-state-type": module.params["ssl_client_session_state_type"], "ssl-client-session-state-timeout": module.params["ssl_client_session_state_timeout"], "ssl-client-session-state-max": module.params["ssl_client_session_state_max"], "ssl-client-renegotiation": module.params["ssl_client_renegotiation"], "ssl-client-fallback": module.params["ssl_client_fallback"], "ssl-certificate": module.params["ssl_certificate"], "ssl-algorithm": module.params["ssl_algorithm"], "srcintf-filter": module.params["srcintf_filter"], "src-filter": module.params["src_filter"], "service": module.params["service"], "server-type": module.params["server_type"], "protocol": module.params["protocol"], "portmapping-type": module.params["portmapping_type"], "portforward": module.params["portforward"], "persistence": module.params["persistence"], "outlook-web-access": module.params["outlook_web_access"], "nat-source-vip": module.params["nat_source_vip"], "name": module.params["name"], "monitor": module.params["monitor"], "max-embryonic-connections": module.params["max_embryonic_connections"], "mappedport": module.params["mappedport"], "mappedip": module.params["mappedip"], "mapped-addr": module.params["mapped_addr"], "ldb-method": module.params["ldb_method"], "https-cookie-secure": module.params["https_cookie_secure"], "http-multiplex": module.params["http_multiplex"], "http-ip-header-name": module.params["http_ip_header_name"], "http-ip-header": module.params["http_ip_header"], "http-cookie-share": module.params["http_cookie_share"], "http-cookie-path": module.params["http_cookie_path"], "http-cookie-generation": module.params["http_cookie_generation"], "http-cookie-domain-from-host": module.params["http_cookie_domain_from_host"], "http-cookie-domain": module.params["http_cookie_domain"], "http-cookie-age": module.params["http_cookie_age"], "gratuitous-arp-interval": module.params["gratuitous_arp_interval"], "extport": module.params["extport"], "extip": module.params["extip"], "extintf": module.params["extintf"], "extaddr": module.params["extaddr"], "dns-mapping-ttl": module.params["dns_mapping_ttl"], "comment": module.params["comment"], "color": module.params["color"], "arp-reply": module.params["arp_reply"], "dynamic_mapping": { "arp-reply": module.params["dynamic_mapping_arp_reply"], "color": module.params["dynamic_mapping_color"], "comment": module.params["dynamic_mapping_comment"], "dns-mapping-ttl": module.params["dynamic_mapping_dns_mapping_ttl"], "extaddr": module.params["dynamic_mapping_extaddr"], "extintf": module.params["dynamic_mapping_extintf"], "extip": module.params["dynamic_mapping_extip"], "extport": module.params["dynamic_mapping_extport"], "gratuitous-arp-interval": module.params["dynamic_mapping_gratuitous_arp_interval"], "http-cookie-age": module.params["dynamic_mapping_http_cookie_age"], "http-cookie-domain": module.params["dynamic_mapping_http_cookie_domain"], "http-cookie-domain-from-host": module.params["dynamic_mapping_http_cookie_domain_from_host"], "http-cookie-generation": module.params["dynamic_mapping_http_cookie_generation"], "http-cookie-path": module.params["dynamic_mapping_http_cookie_path"], "http-cookie-share": module.params["dynamic_mapping_http_cookie_share"], "http-ip-header": module.params["dynamic_mapping_http_ip_header"], "http-ip-header-name": module.params["dynamic_mapping_http_ip_header_name"], "http-multiplex": module.params["dynamic_mapping_http_multiplex"], "https-cookie-secure": module.params["dynamic_mapping_https_cookie_secure"], "ldb-method": module.params["dynamic_mapping_ldb_method"], "mapped-addr": module.params["dynamic_mapping_mapped_addr"], "mappedip": module.params["dynamic_mapping_mappedip"], "mappedport": module.params["dynamic_mapping_mappedport"], "max-embryonic-connections": module.params["dynamic_mapping_max_embryonic_connections"], "monitor": module.params["dynamic_mapping_monitor"], "nat-source-vip": module.params["dynamic_mapping_nat_source_vip"], "outlook-web-access": module.params["dynamic_mapping_outlook_web_access"], "persistence": module.params["dynamic_mapping_persistence"], "portforward": module.params["dynamic_mapping_portforward"], "portmapping-type": module.params["dynamic_mapping_portmapping_type"], "protocol": module.params["dynamic_mapping_protocol"], "server-type": module.params["dynamic_mapping_server_type"], "service": module.params["dynamic_mapping_service"], "src-filter": module.params["dynamic_mapping_src_filter"], "srcintf-filter": module.params["dynamic_mapping_srcintf_filter"], "ssl-algorithm": module.params["dynamic_mapping_ssl_algorithm"], "ssl-certificate": module.params["dynamic_mapping_ssl_certificate"], "ssl-client-fallback": module.params["dynamic_mapping_ssl_client_fallback"], "ssl-client-renegotiation": module.params["dynamic_mapping_ssl_client_renegotiation"], "ssl-client-session-state-max": module.params["dynamic_mapping_ssl_client_session_state_max"], "ssl-client-session-state-timeout": module.params["dynamic_mapping_ssl_client_session_state_timeout"], "ssl-client-session-state-type": module.params["dynamic_mapping_ssl_client_session_state_type"], "ssl-dh-bits": module.params["dynamic_mapping_ssl_dh_bits"], "ssl-hpkp": module.params["dynamic_mapping_ssl_hpkp"], "ssl-hpkp-age": module.params["dynamic_mapping_ssl_hpkp_age"], "ssl-hpkp-backup": module.params["dynamic_mapping_ssl_hpkp_backup"], "ssl-hpkp-include-subdomains": module.params["dynamic_mapping_ssl_hpkp_include_subdomains"], "ssl-hpkp-primary": module.params["dynamic_mapping_ssl_hpkp_primary"], "ssl-hpkp-report-uri": module.params["dynamic_mapping_ssl_hpkp_report_uri"], "ssl-hsts": module.params["dynamic_mapping_ssl_hsts"], "ssl-hsts-age": module.params["dynamic_mapping_ssl_hsts_age"], "ssl-hsts-include-subdomains": module.params["dynamic_mapping_ssl_hsts_include_subdomains"], "ssl-http-location-conversion": module.params["dynamic_mapping_ssl_http_location_conversion"], "ssl-http-match-host": module.params["dynamic_mapping_ssl_http_match_host"], "ssl-max-version": module.params["dynamic_mapping_ssl_max_version"], "ssl-min-version": module.params["dynamic_mapping_ssl_min_version"], "ssl-mode": module.params["dynamic_mapping_ssl_mode"], "ssl-pfs": module.params["dynamic_mapping_ssl_pfs"], "ssl-send-empty-frags": module.params["dynamic_mapping_ssl_send_empty_frags"], "ssl-server-algorithm": module.params["dynamic_mapping_ssl_server_algorithm"], "ssl-server-max-version": module.params["dynamic_mapping_ssl_server_max_version"], "ssl-server-min-version": module.params["dynamic_mapping_ssl_server_min_version"], "ssl-server-session-state-max": module.params["dynamic_mapping_ssl_server_session_state_max"], "ssl-server-session-state-timeout": module.params["dynamic_mapping_ssl_server_session_state_timeout"], "ssl-server-session-state-type": module.params["dynamic_mapping_ssl_server_session_state_type"], "type": module.params["dynamic_mapping_type"], "weblogic-server": module.params["dynamic_mapping_weblogic_server"], "websphere-server": module.params["dynamic_mapping_websphere_server"], "realservers": { "client-ip": module.params["dynamic_mapping_realservers_client_ip"], "healthcheck": module.params["dynamic_mapping_realservers_healthcheck"], "holddown-interval": module.params["dynamic_mapping_realservers_holddown_interval"], "http-host": module.params["dynamic_mapping_realservers_http_host"], "ip": module.params["dynamic_mapping_realservers_ip"], "max-connections": module.params["dynamic_mapping_realservers_max_connections"], "monitor": module.params["dynamic_mapping_realservers_monitor"], "port": module.params["dynamic_mapping_realservers_port"], "seq": module.params["dynamic_mapping_realservers_seq"], "status": module.params["dynamic_mapping_realservers_status"], "weight": module.params["dynamic_mapping_realservers_weight"], }, "ssl-cipher-suites": { "cipher": module.params["dynamic_mapping_ssl_cipher_suites_cipher"], "versions": module.params["dynamic_mapping_ssl_cipher_suites_versions"], }, }, "realservers": { "client-ip": module.params["realservers_client_ip"], "healthcheck": module.params["realservers_healthcheck"], "holddown-interval": module.params["realservers_holddown_interval"], "http-host": module.params["realservers_http_host"], "ip": module.params["realservers_ip"], "max-connections": module.params["realservers_max_connections"], "monitor": module.params["realservers_monitor"], "port": module.params["realservers_port"], "seq": module.params["realservers_seq"], "status": module.params["realservers_status"], "weight": module.params["realservers_weight"], }, "ssl-cipher-suites": { "cipher": module.params["ssl_cipher_suites_cipher"], "versions": module.params["ssl_cipher_suites_versions"], }, "ssl-server-cipher-suites": { "cipher": module.params["ssl_server_cipher_suites_cipher"], "priority": module.params["ssl_server_cipher_suites_priority"], "versions": module.params["ssl_server_cipher_suites_versions"], } } list_overrides = ['dynamic_mapping', 'realservers', 'ssl-cipher-suites', 'ssl-server-cipher-suites'] for list_variable in list_overrides: override_data = list() try: override_data = module.params[list_variable] except: pass try: if override_data: del paramgram[list_variable] paramgram[list_variable] = override_data except: pass # CHECK IF THE HOST/USERNAME/PW EXISTS, AND IF IT DOES, LOGIN. host = module.params["host"] password = module.params["password"] username = module.params["username"] if host is None or username is None or password is None: module.fail_json(msg="Host and username and password are required") # CHECK IF LOGIN FAILED fmg = AnsibleFortiManager(module, module.params["host"], module.params["username"], module.params["password"]) response = fmg.login() if response[1]['status']['code'] != 0: module.fail_json(msg="Connection to FortiManager Failed") results = fmgr_firewall_vip_addsetdelete(fmg, paramgram) if results[0] != 0: fmgr_logout(fmg, module, results=results, good_codes=[0, -3]) fmg.logout() if results is not None: return module.exit_json(**results[1]) else: return module.exit_json(msg="No results were returned from the API call.") if __name__ == "__main__": main()