fadcos_real_server_ssl_profile – real server ssl profile configuration in Fortinet’s FortiADC

New in version 1.0.0.

Synopsis

  • Configure FortiADC real server ssl profile

Requirements

The below requirements are needed on the host that executes this module.

  • ansible>=2.8

FortiADC Version Compatibility


v7.0.0 v7.0.1 v7.0.2 v7.1.0 v7.1.4 v7.2.2 v7.4.0
fortiadc_real_server_ssl_profile yes yes yes yes yes yes yes

Parameters

  • action - Type of action to perform on the object.type: str required: true
  • name - Real server SSL profile object name.type: str required: true
  • allow_ssl_versions - Allowed SSL version.type: str required: false default: sslv3 tlsv1.0 tlsv1.1 tlsv1.2
  • ciphers_tlsv13 - TLSv1.3 ciphers.type: str required: false
  • customized_ssl_ciphers_flag - Enable/disable use of user-specified cipher suites. When enabled, you must select a Customized SSL Cipher.type: str required: false default: disable
  • new_ssl_ciphers_long - If the customize cipher flag is enabled, specify a colon-separated, ordered list of cipher suites. An empty string is allowed. If empty, the default cipher suite list is used.type: List required: false
  • renegotiate_period - Specify the interval from the initial connect time that FortiADC renegotiates an SSL session. The unit of measurement canbe second (default), minute, or hour, e.g., 100s, 20m, or 1h.type: str required: false default: 0
  • renegotiate_size - Specify the amount (in MB) of application data that must have been transmitted over the secure connection before FortiADC initiates the renegotiation of an SSL session.type: str required: false default: 0
  • renegotiation - This option controls how FortiADC responds to mid-stream SSL reconnection requests either initiated by real servers or forced by FortiADC.type: str required: false default: enable
  • renegotiation_deny_action - This option becomes available when Renegotiation is disabled on the server side. In that case, you must select an action that FortiADC will take when denying an SSL renegotiation request: ignore or terminate.type: str required: false default: ignore
  • secure_renegotiation - Secure renegotiation of SSL connections. (request/require/require_strict)type: str required: false default: require
  • server_OCSP_stapling - Enable/disable server side OCSP stapling.type: str required: false default: disable
  • session_reuse_flag - Enable/disable SSL session reuse.type: str required: false default: disable
  • session_reuse_limit - Session reuse limit, the default is 0 (disabled). The valid range is 0-1048576.type: str required: false default: 0
  • sni_forward_flag - Enable/disable forwarding the client SNI value to the server. The SNI value will be forwarded to the real server only when the client-side ClientHello message contains a valid SNI value; otherwise, nothing is forwarded.type: str required: false default: disable
  • ssl - Enable/disable SSL for the connection between the FortiADC and the real server.type: str required: false default: disable
  • tls_ticket_flag - Enable/disable TLS ticket-based session reuse.type: str required: false default: disable
  • local_cert - Select a local certificate.type: str required: false default: Factory
  • cert_verify - Specify a Certificate Verify configuration object to validate server certificates. This Certificate Verify object must include a CA group and may include OCSP and CRL checks.type: str required: false
  • vdom - VDOM name if enabled.type: str required: true(if VDOM is enabled)

Examples

- name:
  hosts: all
  connection: httpapi
  gather_facts: false
  tasks:
        - name: Manage Real Server SSL Profile
          fadcos_real_server_ssl_profile:
                action: add
                name: ansible_test_server_ssl

Return Values

Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module:

  • 200 - OK: Request returns successful.
  • 400 - Bad Request: Request cannot be processed by the API.
  • 401 - Not Authorized: Request without successful login session.
  • 403 - Forbidden: Request is missing CSRF token or administrator is missing access profile permissions.
  • 404 - Resource Not Found: Unable to find the specified resource.
  • 405 - Method Not Allowed: Specified HTTP method is not allowed for this resource.
  • 413 - Request Entity Too Large: Request cannot be processed due to large entity.
  • 424 - Failed Dependency: Fail dependency can be duplicate resource, missing required parameter, missing required attribute, or invalid attribute value.
  • 429 - Access temporarily blocked: Maximum failed authentications reached. The offended source is temporarily blocked for certain amount of time.
  • 500 - Internal Server Error: Internal error when processing the request.

For errorcode please check FortiADC API errorcode at : https://fndn.fortinet.net/index.php?/fortiapi/981-fortiadc/

Status

  • This module is not guaranteed to have a backwards compatible interface.

Authors

  • Jie Li
  • Aravindh Sri

Hint

If you notice any issues in this documentation, you can create a pull request to improve it at: https://github.com/fortinet-ansible-dev/ansible-galaxy-fortiadc-sphinxdoc/pulls