fadcos_application_profile – application profile configuration in Fortinet’s FortiADC

New in version 1.0.0.

Synopsis

  • Configure FortiADC application profile

Requirements

The below requirements are needed on the host that executes this module.

  • ansible>=2.8

FortiADC Version Compatibility


v7.0.0 v7.0.1 v7.0.2 v7.1.0 v7.1.4 v7.2.2 v7.4.0
fortiadc_application_profile yes yes yes yes yes yes yes

Parameters

  • action - Type of action to perform on the object. type: str required: true
  • name - Application profile name. type: str required: true
  • type - Application profile type. type: str required: true
  • timeout_tcp_session - Client-side timeout for connections where the client has not sent a FIN signal, but the connection has been idle. The default is 100 seconds. The valid range is 1 to 86,400. type: str required: false default: 100
  • timeout_tcp_session_after_fin - Client-side connection timeout. The default is 100 seconds. The valid range is 1 to 86,400. type: str required: false default: 100
  • ip_reputation - Enable to apply FortiGuard IP reputation service.type: str required: false default: disable
  • ip_reputation_redirect - Type a URL including the FQDN/IP and path, if any, to which a client will be redirected if the request violates the IP reputation policy.type: str required: false default: http://
  • stateless - Enable to apply UDP stateless function.type: str required: false default: disable
  • timeout_udp_session - Client-side session timeout. The default is 100 seconds. The valid range is 1 to 86,400.type: str required: false default: 100
  • client_timeout - This timeout is counted as the amount of time when the client did not send a complete request HTTP header to the FortiADC after the client connected to the FortiADC. If this timeout expires, FortiADC will send a 408 message to client and close the connection to the client.type: str required: false default: 50
  • server_timeout - This timeout is counted as the amount of time when the server did not send a complete response HTTP header to the FortiADC after the FortiADC sent a request to server. If this timeout expires, FortiADC will close the server side connection and send a 503 message to the client and close the connection to the client.type: str required: false default: 50
  • connect_timeout - This timeout is counted as the amount of time during which FortiADC tried to connect to the server with TCP SYN. After this timeout, if TCP connection is not established, FortiADC will drop this current connection to server and respond with a 503 message to client side and close the connection to the client.type: str required: false default: 5
  • queue_timeout - This timeout is counted as the amount of time during which the request is queued in the dispatched queue. When the request cannot be dispatched to a server by a load balance method (for example, the server's connection limited is reached), it will be put into a queue. If this timeout expires, the request in the queue will be dropped and FortiADC will respond with a 503 message to client side and close the connection to the client.type: str required: false default: 5
  • http_send_timeout - This timeout is counted as the amount of time it took FortiADC to send a response body data (not including the header); the time is counted starting from when the body is transferred. If this timeout expires, FortiADC will close the connection of both side.type: str required: false default: 0
  • http_request_timeout - This timeout is counted as the amount of time the client did not send a complete request (including both HTTP header and request body) to FortiADC after the client connected to FortiADC. If this timeout expires, FortiADC will send a 408 message to client and close the connection to the client.type: str required: false default: 50
  • http_keepalive_timeout - This timeout is counted as the time FortiADC can wait for a new request after the previous transaction is completed. This is an idle timeout if the client does not send anything in this period. If this timeout expires, FortiADC will close the connection to the client.type: str required: false default: 50
  • client_address - Use the original client IP address as the source address when connecting to the real server.type: str required: false
  • http_x_forwarded_for - Enable this option to append the client IP address found in IP layer packets to the HTTP header.type: str required: false default: disable
  • http_x_forwarded_for_header - Specify a custom name for the HTTP header which carries the client IP address.type: str required: false
  • http_mode - HTTP mode. (serverclose/onceonly/KeepAlive)type: str required: false default: KeepAlive
  • security_mode - Security Mode (none/explicit/implicit)type: str required: false default: none
  • timeout_ip_session - Client-side session timeout. The default is 100 seconds. The valid range is 1 to 86,400.type: str required: false default: 100
  • timeout_radius_session - The default is 300 seconds. The valid range is 1 to 3,600.type: str required: false default: 300
  • source_port - Use the original client port as the source port when connecting to the real server.type: str required: false
  • dynamic_auth - Enable or disable Dynamic Authorization for RADIUS Change of Authorization(CoA)type: str required: false default: disable
  • dynamic_auth_port - Configures the UDP port for CoA requests. The default is 3799.type: str required: false default: 3799
  • max_header_size - Specify the maximum size of the RTSP header.type: str required: false default: 4096
  • max_http_headers - Adjust the max header number that HTTP/HTTPS VS can process for every request or response. If a request or response has a header over this limit, it will be dropped, and error message 400 will be returned.type: str required: false default: 100
  • tune_bufsize - Adjust the value of the HTTP/HTTPS VS's connection buffer size.type: str required: false default: 8030
  • response_half_closed_request - Continue to response to the half-closed connections.type: str required: false default: disable
  • vdom - VDOM name if enabled.type: str required: true (if VDOM is enabled) default: N/A

Examples

- name:
  hosts: all
  connection: httpapi
  gather_facts: false
  tasks:
        - name: Manage Application Profile
          fadcos_application_profile:
                action: add
                name: ansible_test_1
                type: tcp
                timeout_tcp_session: 150
                ip_reputation: disable

Return Values

Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module:

  • 200 - OK: Request returns successful.
  • 400 - Bad Request: Request cannot be processed by the API.
  • 401 - Not Authorized: Request without successful login session.
  • 403 - Forbidden: Request is missing CSRF token or administrator is missing access profile permissions.
  • 404 - Resource Not Found: Unable to find the specified resource.
  • 405 - Method Not Allowed: Specified HTTP method is not allowed for this resource.
  • 413 - Request Entity Too Large: Request cannot be processed due to large entity.
  • 424 - Failed Dependency: Fail dependency can be duplicate resource, missing required parameter, missing required attribute, or invalid attribute value.
  • 429 - Access temporarily blocked: Maximum failed authentications reached. The offended source is temporarily blocked for certain amount of time.
  • 500 - Internal Server Error: Internal error when processing the request.

For errorcode please check FortiADC API errorcode at : https://fndn.fortinet.net/index.php?/fortiapi/981-fortiadc/

Status

  • This module is not guaranteed to have a backwards compatible interface.

Authors

  • Jie Li
  • Aravindh Sri

Hint

If you notice any issues in this documentation, you can create a pull request to improve it.