fortios_vpn_ssl_web_portal – Portal in Fortinet’s FortiOS and FortiGate

New in version 2.8.

Synopsis
Requirements
Parameters
Notes
Examples
Return Values
Status

Synopsis

This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify vpn_ssl_web feature and portal category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.5

Requirements

The below requirements are needed on the host that executes this module.

fortiosapi>=0.9.8

Parameters

Parameter					Choices/Defaults	Comments
host string						FortiOS or FortiGate IP address.
https boolean					no yes ←	Indicates if the requests towards FortiGate must use HTTPS protocol.
password string					Default: ""	FortiOS or FortiGate password.
ssl_verify boolean added in 2.9					no yes ←	Ensures FortiGate certificate must be verified by a proper CA.
state string added in 2.9					present absent	Indicates whether to create or remove the object. This attribute was present already in previous version in a deeper level. It has been moved out to this outer level.
username string						FortiOS or FortiGate username.
vdom string					Default: "root"	Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit.
vpn_ssl_web_portal dictionary					Default: null	Portal.
	allow_user_access string				web ftp smb telnet ssh vnc rdp ping citrix portforward	Allow user access to SSL-VPN applications.
	auto_connect string				enable disable	Enable/disable automatic connect by client when system is up.
	bookmark_group list					Portal bookmark group.
		bookmarks list				Bookmark table.
			additional_params string			Additional parameters.
			apptype string		citrix ftp portforward rdp smb ssh telnet vnc web	Application type.
			description string			Description.
			folder string			Network shared file folder parameter.
			form_data list			Form data.
				name string / required		Name.
				value string		Value.
			host string			Host name/IP parameter.
			listening_port integer			Listening port (0 - 65535).
			load_balancing_info string			The load balancing information or cookie which should be provided to the connection broker.
			logon_password string			Logon password.
			logon_user string			Logon user.
			name string / required			Bookmark name.
			port integer			Remote port.
			preconnection_blob string			An arbitrary string which identifies the RDP source.
			preconnection_id integer			The numeric ID of the RDP source (0-2147483648).
			remote_port integer			Remote port (0 - 65535).
			security string		rdp nla tls any	Security mode for RDP connection.
			server_layout string		de-de-qwertz en-gb-qwerty en-us-qwerty es-es-qwerty fr-fr-azerty fr-ch-qwertz it-it-qwerty ja-jp-qwerty pt-br-qwerty sv-se-qwerty tr-tr-qwerty failsafe	Server side keyboard layout.
			show_status_window string		enable disable	Enable/disable showing of status window.
			sso string		disable static auto	Single Sign-On.
			sso_credential string		sslvpn-login alternative	Single sign-on credentials.
			sso_credential_sent_once string		enable disable	Single sign-on credentials are only sent once to remote server.
			sso_password string			SSO password.
			sso_username string			SSO user name.
			url string			URL parameter.
		name string / required				Bookmark group name.
	custom_lang string					Change the web portal display language. Overrides config system global set language. You can use config system custom-language and execute system custom-language to add custom language files. Source system.custom-language.name.
	customize_forticlient_download_url string				enable disable	Enable support of customized download URL for FortiClient.
	display_bookmark string				enable disable	Enable to display the web portal bookmark widget.
	display_connection_tools string				enable disable	Enable to display the web portal connection tools widget.
	display_history string				enable disable	Enable to display the web portal user login history widget.
	display_status string				enable disable	Enable to display the web portal status widget.
	dns_server1 string					IPv4 DNS server 1.
	dns_server2 string					IPv4 DNS server 2.
	dns_suffix string					DNS suffix.
	exclusive_routing string				enable disable	Enable/disable all traffic go through tunnel only.
	forticlient_download string				enable disable	Enable/disable download option for FortiClient.
	forticlient_download_method string				direct ssl-vpn	FortiClient download method.
	heading string					Web portal heading message.
	hide_sso_credential string				enable disable	Enable to prevent SSO credential being sent to client.
	host_check string				none av fw av-fw custom	Type of host checking performed on endpoints.
	host_check_interval integer					Periodic host check interval. Value of 0 means disabled and host checking only happens when the endpoint connects.
	host_check_policy list					One or more policies to require the endpoint to have specific security software.
		name string / required				Host check software list name. Source vpn.ssl.web.host-check-software.name.
	ip_mode string				range user-group	Method by which users of this SSL-VPN tunnel obtain IP addresses.
	ip_pools list					IPv4 firewall source address objects reserved for SSL-VPN tunnel mode clients.
		name string / required				Address name. Source firewall.address.name firewall.addrgrp.name.
	ipv6_dns_server1 string					IPv6 DNS server 1.
	ipv6_dns_server2 string					IPv6 DNS server 2.
	ipv6_exclusive_routing string				enable disable	Enable/disable all IPv6 traffic go through tunnel only.
	ipv6_pools list					IPv4 firewall source address objects reserved for SSL-VPN tunnel mode clients.
		name string / required				Address name. Source firewall.address6.name firewall.addrgrp6.name.
	ipv6_service_restriction string				enable disable	Enable/disable IPv6 tunnel service restriction.
	ipv6_split_tunneling string				enable disable	Enable/disable IPv6 split tunneling.
	ipv6_split_tunneling_routing_address list					IPv6 SSL-VPN tunnel mode firewall address objects that override firewall policy destination addresses to control split-tunneling access.
		name string / required				Address name. Source firewall.address6.name firewall.addrgrp6.name.
	ipv6_tunnel_mode string				enable disable	Enable/disable IPv6 SSL-VPN tunnel mode.
	ipv6_wins_server1 string					IPv6 WINS server 1.
	ipv6_wins_server2 string					IPv6 WINS server 2.
	keep_alive string				enable disable	Enable/disable automatic reconnect for FortiClient connections.
	limit_user_logins string				enable disable	Enable to limit each user to one SSL-VPN session at a time.
	mac_addr_action string				allow deny	Client MAC address action.
	mac_addr_check string				enable disable	Enable/disable MAC address host checking.
	mac_addr_check_rule list					Client MAC address check rule.
		mac_addr_list list				Client MAC address list.
			addr string / required			Client MAC address.
		mac_addr_mask integer				Client MAC address mask.
		name string / required				Client MAC address check rule name.
	macos_forticlient_download_url string					Download URL for Mac FortiClient.
	name string / required					Portal name.
	os_check string				enable disable	Enable to let the FortiGate decide action based on client OS.
	os_check_list list					SSL VPN OS checks.
		action string			deny allow check-up-to-date	OS check options.
		latest_patch_level string				Latest OS patch level.
		name string / required				Name.
		tolerance integer				OS patch level tolerance.
	redir_url string					Client login redirect URL.
	save_password string				enable disable	Enable/disable FortiClient saving the user's password.
	service_restriction string				enable disable	Enable/disable tunnel service restriction.
	skip_check_for_unsupported_browser string				enable disable	Enable to skip host check if browser does not support it.
	skip_check_for_unsupported_os string				enable disable	Enable to skip host check if client OS does not support it.
	smb_ntlmv1_auth string				enable disable	Enable support of NTLMv1 for Samba authentication.
	smbv1 string				enable disable	Enable/disable support of SMBv1 for Samba.
	split_dns list					Split DNS for SSL VPN.
		dns_server1 string				DNS server 1.
		dns_server2 string				DNS server 2.
		domains string				Split DNS domains used for SSL-VPN clients separated by comma(,).
		id integer / required				ID.
		ipv6_dns_server1 string				IPv6 DNS server 1.
		ipv6_dns_server2 string				IPv6 DNS server 2.
	split_tunneling string				enable disable	Enable/disable IPv4 split tunneling.
	split_tunneling_routing_address list					IPv4 SSL-VPN tunnel mode firewall address objects that override firewall policy destination addresses to control split-tunneling access.
		name string / required				Address name. Source firewall.address.name firewall.addrgrp.name.
	state string				present absent	Deprecated Starting with Ansible 2.9 we recommend using the top-level 'state' parameter. Indicates whether to create or remove the object.
	theme string				blue green red melongene mariner	Web portal color scheme.
	tunnel_mode string				enable disable	Enable/disable IPv4 SSL-VPN tunnel mode.
	user_bookmark string				enable disable	Enable to allow web portal users to create their own bookmarks.
	user_group_bookmark string				enable disable	Enable to allow web portal users to create bookmarks for all users in the same user group.
	web_mode string				enable disable	Enable/disable SSL VPN web mode.
	windows_forticlient_download_url string					Download URL for Windows FortiClient.
	wins_server1 string					IPv4 WINS server 1.
	wins_server2 string					IPv4 WINS server 1.

Notes

Note

Requires fortiosapi library developed by Fortinet
Run as a local_action in your playbook

Examples

- hosts: localhost
  vars:
   host: "192.168.122.40"
   username: "admin"
   password: ""
   vdom: "root"
   ssl_verify: "False"
  tasks:
  - name: Portal.
    fortios_vpn_ssl_web_portal:
      host:  "{{ host }}"
      username: "{{ username }}"
      password: "{{ password }}"
      vdom:  "{{ vdom }}"
      https: "False"
      state: "present"
      vpn_ssl_web_portal:
        allow_user_access: "web"
        auto_connect: "enable"
        bookmark_group:
         -
            bookmarks:
             -
                additional_params: "<your_own_value>"
                apptype: "citrix"
                description: "<your_own_value>"
                folder: "<your_own_value>"
                form_data:
                 -
                    name: "default_name_12"
                    value: "<your_own_value>"
                host: "<your_own_value>"
                listening_port: "15"
                load_balancing_info: "<your_own_value>"
                logon_password: "<your_own_value>"
                logon_user: "<your_own_value>"
                name: "default_name_19"
                port: "20"
                preconnection_blob: "<your_own_value>"
                preconnection_id: "22"
                remote_port: "23"
                security: "rdp"
                server_layout: "de-de-qwertz"
                show_status_window: "enable"
                sso: "disable"
                sso_credential: "sslvpn-login"
                sso_credential_sent_once: "enable"
                sso_password: "<your_own_value>"
                sso_username: "<your_own_value>"
                url: "myurl.com"
            name: "default_name_33"
        custom_lang: "<your_own_value> (source system.custom-language.name)"
        customize_forticlient_download_url: "enable"
        display_bookmark: "enable"
        display_connection_tools: "enable"
        display_history: "enable"
        display_status: "enable"
        dns_server1: "<your_own_value>"
        dns_server2: "<your_own_value>"
        dns_suffix: "<your_own_value>"
        exclusive_routing: "enable"
        forticlient_download: "enable"
        forticlient_download_method: "direct"
        heading: "<your_own_value>"
        hide_sso_credential: "enable"
        host_check: "none"
        host_check_interval: "49"
        host_check_policy:
         -
            name: "default_name_51 (source vpn.ssl.web.host-check-software.name)"
        ip_mode: "range"
        ip_pools:
         -
            name: "default_name_54 (source firewall.address.name firewall.addrgrp.name)"
        ipv6_dns_server1: "<your_own_value>"
        ipv6_dns_server2: "<your_own_value>"
        ipv6_exclusive_routing: "enable"
        ipv6_pools:
         -
            name: "default_name_59 (source firewall.address6.name firewall.addrgrp6.name)"
        ipv6_service_restriction: "enable"
        ipv6_split_tunneling: "enable"
        ipv6_split_tunneling_routing_address:
         -
            name: "default_name_63 (source firewall.address6.name firewall.addrgrp6.name)"
        ipv6_tunnel_mode: "enable"
        ipv6_wins_server1: "<your_own_value>"
        ipv6_wins_server2: "<your_own_value>"
        keep_alive: "enable"
        limit_user_logins: "enable"
        mac_addr_action: "allow"
        mac_addr_check: "enable"
        mac_addr_check_rule:
         -
            mac_addr_list:
             -
                addr: "<your_own_value>"
            mac_addr_mask: "74"
            name: "default_name_75"
        macos_forticlient_download_url: "<your_own_value>"
        name: "default_name_77"
        os_check: "enable"
        os_check_list:
         -
            action: "deny"
            latest_patch_level: "<your_own_value>"
            name: "default_name_82"
            tolerance: "83"
        redir_url: "<your_own_value>"
        save_password: "enable"
        service_restriction: "enable"
        skip_check_for_unsupported_browser: "enable"
        skip_check_for_unsupported_os: "enable"
        smb_ntlmv1_auth: "enable"
        smbv1: "enable"
        split_dns:
         -
            dns_server1: "<your_own_value>"
            dns_server2: "<your_own_value>"
            domains: "<your_own_value>"
            id:  "95"
            ipv6_dns_server1: "<your_own_value>"
            ipv6_dns_server2: "<your_own_value>"
        split_tunneling: "enable"
        split_tunneling_routing_address:
         -
            name: "default_name_100 (source firewall.address.name firewall.addrgrp.name)"
        theme: "blue"
        tunnel_mode: "enable"
        user_bookmark: "enable"
        user_group_bookmark: "enable"
        web_mode: "enable"
        windows_forticlient_download_url: "<your_own_value>"
        wins_server1: "<your_own_value>"
        wins_server2: "<your_own_value>"

Return Values

Common return values are documented here, the following are the fields unique to this module:

Key	Returned	Description
build string	always	Build number of the fortigate image Sample: 1547
http_method string	always	Last method used to provision the content into FortiGate Sample: PUT
http_status string	always	Last result given by FortiGate on last operation applied Sample: 200
mkey string	success	Master key (id) used in the last call to FortiGate Sample: id
name string	always	Name of the table used to fulfill the request Sample: urlfilter
path string	always	Path of the table used to fulfill the request Sample: webfilter
revision string	always	Internal revision number Sample: 17.0.2.10658
serial string	always	Serial number of the unit Sample: FGVMEVYYQT3AB5352
status string	always	Indication of the operation's result Sample: success
vdom string	always	Virtual domain used Sample: root
version string	always	Version of the FortiGate Sample: v5.6.3

Status

This module is not guaranteed to have a backwards compatible interface. [preview]
This module is maintained by the Ansible Community. [community]

Authors

Miguel Angel Munoz (@mamunozgonzalez)
Nicolas Thomas (@thomnico)

Hint

If you notice any issues in this documentation, you can edit this document to improve it.

© 2012–2018 Michael DeHaan
© 2018–2019 Red Hat, Inc.
Licensed under the GNU General Public License version 3.
https://docs.ansible.com/ansible/2.9/modules/fortios_vpn_ssl_web_portal_module.html