fmgr_fwobj_vip – Manages Virtual IPs objects in FortiManager¶

New in version 2.8.

Synopsis
Parameters
Notes
Examples
Return Values
Status

Synopsis ¶

Manages Virtual IP objects in FortiManager for IPv4

Parameters ¶

Parameter	Choices/Defaults	Comments
adom -	Default: "root"	The ADOM the configuration should belong to.
arp_reply -	Choices: disable enable	Enable to respond to ARP requests for this virtual IP address. Enabled by default. choice \| disable \| Disable ARP reply. choice \| enable \| Enable ARP reply.
color -		Color of icon on the GUI.
comment -		Comment.
dns_mapping_ttl -		DNS mapping TTL (Set to zero to use TTL in DNS response, default = 0).
dynamic_mapping -		EXPERTS ONLY! KNOWLEDGE OF FMGR JSON API IS REQUIRED! List of multiple child objects to be added. Expects a list of dictionaries. Dictionaries must use FortiManager API parameters, not the ansible ones listed below. If submitted, all other prefixed sub-parameters ARE IGNORED. This object is MUTUALLY EXCLUSIVE with its options. We expect that you know what you are doing with these list parameters, and are leveraging the JSON API Guide. WHEN IN DOUBT, USE THE SUB OPTIONS BELOW INSTEAD TO CREATE OBJECTS WITH MULTIPLE TASKS
dynamic_mapping_arp_reply -	Choices: disable enable	Dynamic Mapping Version of Suffixed Option Name. Sub-Table. Same Descriptions as Parent. choice \| disable \| choice \| enable \|
dynamic_mapping_color -		Dynamic Mapping Version of Suffixed Option Name. Sub-Table. Same Descriptions as Parent.
dynamic_mapping_comment -		Dynamic Mapping Version of Suffixed Option Name. Sub-Table. Same Descriptions as Parent.
dynamic_mapping_dns_mapping_ttl -		Dynamic Mapping Version of Suffixed Option Name. Sub-Table. Same Descriptions as Parent.
dynamic_mapping_extaddr -		Dynamic Mapping Version of Suffixed Option Name. Sub-Table. Same Descriptions as Parent.
dynamic_mapping_extintf -		Dynamic Mapping Version of Suffixed Option Name. Sub-Table. Same Descriptions as Parent.
dynamic_mapping_extip -		Dynamic Mapping Version of Suffixed Option Name. Sub-Table. Same Descriptions as Parent.
dynamic_mapping_extport -		Dynamic Mapping Version of Suffixed Option Name. Sub-Table. Same Descriptions as Parent.
dynamic_mapping_gratuitous_arp_interval -		Dynamic Mapping Version of Suffixed Option Name. Sub-Table. Same Descriptions as Parent.
dynamic_mapping_http_cookie_age -		Dynamic Mapping Version of Suffixed Option Name. Sub-Table. Same Descriptions as Parent.
dynamic_mapping_http_cookie_domain -		Dynamic Mapping Version of Suffixed Option Name. Sub-Table. Same Descriptions as Parent.
dynamic_mapping_http_cookie_domain_from_host -	Choices: disable enable	Dynamic Mapping Version of Suffixed Option Name. Sub-Table. Same Descriptions as Parent. choice \| disable \| choice \| enable \|
dynamic_mapping_http_cookie_generation -		Dynamic Mapping Version of Suffixed Option Name. Sub-Table. Same Descriptions as Parent.
dynamic_mapping_http_cookie_path -		Dynamic Mapping Version of Suffixed Option Name. Sub-Table. Same Descriptions as Parent.
dynamic_mapping_http_cookie_share -	Choices: disable same-ip	Dynamic Mapping Version of Suffixed Option Name. Sub-Table. Same Descriptions as Parent. choice \| disable \| choice \| same-ip \|
dynamic_mapping_http_ip_header -	Choices: disable enable	Dynamic Mapping Version of Suffixed Option Name. Sub-Table. Same Descriptions as Parent. choice \| disable \| choice \| enable \|
dynamic_mapping_http_ip_header_name -		Dynamic Mapping Version of Suffixed Option Name. Sub-Table. Same Descriptions as Parent.
dynamic_mapping_http_multiplex -	Choices: disable enable	Dynamic Mapping Version of Suffixed Option Name. Sub-Table. Same Descriptions as Parent. choice \| disable \| choice \| enable \|
dynamic_mapping_https_cookie_secure -	Choices: disable enable	Dynamic Mapping Version of Suffixed Option Name. Sub-Table. Same Descriptions as Parent. choice \| disable \| choice \| enable \|
dynamic_mapping_ldb_method -	Choices: static round-robin weighted least-session least-rtt first-alive http-host	Dynamic Mapping Version of Suffixed Option Name. Sub-Table. Same Descriptions as Parent. choice \| static \| choice \| round-robin \| choice \| weighted \| choice \| least-session \| choice \| least-rtt \| choice \| first-alive \| choice \| http-host \|
dynamic_mapping_mapped_addr -		Dynamic Mapping Version of Suffixed Option Name. Sub-Table. Same Descriptions as Parent.
dynamic_mapping_mappedip -		Dynamic Mapping Version of Suffixed Option Name. Sub-Table. Same Descriptions as Parent.
dynamic_mapping_mappedport -		Dynamic Mapping Version of Suffixed Option Name. Sub-Table. Same Descriptions as Parent.
dynamic_mapping_max_embryonic_connections -		Dynamic Mapping Version of Suffixed Option Name. Sub-Table. Same Descriptions as Parent.
dynamic_mapping_monitor -		Dynamic Mapping Version of Suffixed Option Name. Sub-Table. Same Descriptions as Parent.
dynamic_mapping_nat_source_vip -	Choices: disable enable	Dynamic Mapping Version of Suffixed Option Name. Sub-Table. Same Descriptions as Parent. choice \| disable \| choice \| enable \|
dynamic_mapping_outlook_web_access -	Choices: disable enable	Dynamic Mapping Version of Suffixed Option Name. Sub-Table. Same Descriptions as Parent. choice \| disable \| choice \| enable \|
dynamic_mapping_persistence -	Choices: none http-cookie ssl-session-id	Dynamic Mapping Version of Suffixed Option Name. Sub-Table. Same Descriptions as Parent. choice \| none \| choice \| http-cookie \| choice \| ssl-session-id \|
dynamic_mapping_portforward -	Choices: disable enable	Dynamic Mapping Version of Suffixed Option Name. Sub-Table. Same Descriptions as Parent. choice \| disable \| choice \| enable \|
dynamic_mapping_portmapping_type -	Choices: 1-to-1 m-to-n	Dynamic Mapping Version of Suffixed Option Name. Sub-Table. Same Descriptions as Parent. choice \| 1-to-1 \| choice \| m-to-n \|
dynamic_mapping_protocol -	Choices: tcp udp sctp icmp	Dynamic Mapping Version of Suffixed Option Name. Sub-Table. Same Descriptions as Parent. choice \| tcp \| choice \| udp \| choice \| sctp \| choice \| icmp \|
dynamic_mapping_realservers_client_ip -		Dynamic Mapping Version of Suffixed Option Name. Sub-Table. Same Descriptions as Parent.
dynamic_mapping_realservers_healthcheck -	Choices: disable enable vip	Dynamic Mapping Version of Suffixed Option Name. Sub-Table. Same Descriptions as Parent. choice \| disable \| choice \| enable \| choice \| vip \|
dynamic_mapping_realservers_holddown_interval -		Dynamic Mapping Version of Suffixed Option Name. Sub-Table. Same Descriptions as Parent.
dynamic_mapping_realservers_http_host -		Dynamic Mapping Version of Suffixed Option Name. Sub-Table. Same Descriptions as Parent.
dynamic_mapping_realservers_ip -		Dynamic Mapping Version of Suffixed Option Name. Sub-Table. Same Descriptions as Parent.
dynamic_mapping_realservers_max_connections -		Dynamic Mapping Version of Suffixed Option Name. Sub-Table. Same Descriptions as Parent.
dynamic_mapping_realservers_monitor -		Dynamic Mapping Version of Suffixed Option Name. Sub-Table. Same Descriptions as Parent.
dynamic_mapping_realservers_port -		Dynamic Mapping Version of Suffixed Option Name. Sub-Table. Same Descriptions as Parent.
dynamic_mapping_realservers_seq -		Dynamic Mapping Version of Suffixed Option Name. Sub-Table. Same Descriptions as Parent.
dynamic_mapping_realservers_status -	Choices: active standby disable	Dynamic Mapping Version of Suffixed Option Name. Sub-Table. Same Descriptions as Parent. choice \| active \| choice \| standby \| choice \| disable \|
dynamic_mapping_realservers_weight -		Dynamic Mapping Version of Suffixed Option Name. Sub-Table. Same Descriptions as Parent.
dynamic_mapping_server_type -	Choices: http https ssl tcp udp ip imaps pop3s smtps	Dynamic Mapping Version of Suffixed Option Name. Sub-Table. Same Descriptions as Parent. choice \| http \| choice \| https \| choice \| ssl \| choice \| tcp \| choice \| udp \| choice \| ip \| choice \| imaps \| choice \| pop3s \| choice \| smtps \|
dynamic_mapping_service -		Dynamic Mapping Version of Suffixed Option Name. Sub-Table. Same Descriptions as Parent.
dynamic_mapping_src_filter -		Dynamic Mapping Version of Suffixed Option Name. Sub-Table. Same Descriptions as Parent.
dynamic_mapping_srcintf_filter -		Dynamic Mapping Version of Suffixed Option Name. Sub-Table. Same Descriptions as Parent.
dynamic_mapping_ssl_algorithm -	Choices: high medium low custom	Dynamic Mapping Version of Suffixed Option Name. Sub-Table. Same Descriptions as Parent. choice \| high \| choice \| medium \| choice \| low \| choice \| custom \|
dynamic_mapping_ssl_certificate -		Dynamic Mapping Version of Suffixed Option Name. Sub-Table. Same Descriptions as Parent.
dynamic_mapping_ssl_cipher_suites_cipher -	Choices: TLS-RSA-WITH-RC4-128-MD5 TLS-RSA-WITH-RC4-128-SHA TLS-RSA-WITH-DES-CBC-SHA TLS-RSA-WITH-3DES-EDE-CBC-SHA TLS-RSA-WITH-AES-128-CBC-SHA TLS-RSA-WITH-AES-256-CBC-SHA TLS-RSA-WITH-AES-128-CBC-SHA256 TLS-RSA-WITH-AES-256-CBC-SHA256 TLS-RSA-WITH-CAMELLIA-128-CBC-SHA TLS-RSA-WITH-CAMELLIA-256-CBC-SHA TLS-RSA-WITH-CAMELLIA-128-CBC-SHA256 TLS-RSA-WITH-CAMELLIA-256-CBC-SHA256 TLS-RSA-WITH-SEED-CBC-SHA TLS-RSA-WITH-ARIA-128-CBC-SHA256 TLS-RSA-WITH-ARIA-256-CBC-SHA384 TLS-DHE-RSA-WITH-DES-CBC-SHA TLS-DHE-RSA-WITH-3DES-EDE-CBC-SHA TLS-DHE-RSA-WITH-AES-128-CBC-SHA TLS-DHE-RSA-WITH-AES-256-CBC-SHA TLS-DHE-RSA-WITH-AES-128-CBC-SHA256 TLS-DHE-RSA-WITH-AES-256-CBC-SHA256 TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA256 TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA256 TLS-DHE-RSA-WITH-SEED-CBC-SHA TLS-DHE-RSA-WITH-ARIA-128-CBC-SHA256 TLS-DHE-RSA-WITH-ARIA-256-CBC-SHA384 TLS-ECDHE-RSA-WITH-RC4-128-SHA TLS-ECDHE-RSA-WITH-3DES-EDE-CBC-SHA TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA TLS-ECDHE-RSA-WITH-CHACHA20-POLY1305-SHA256 TLS-ECDHE-ECDSA-WITH-CHACHA20-POLY1305-SHA256 TLS-DHE-RSA-WITH-CHACHA20-POLY1305-SHA256 TLS-DHE-RSA-WITH-AES-128-GCM-SHA256 TLS-DHE-RSA-WITH-AES-256-GCM-SHA384 TLS-DHE-DSS-WITH-AES-128-CBC-SHA TLS-DHE-DSS-WITH-AES-256-CBC-SHA TLS-DHE-DSS-WITH-AES-128-CBC-SHA256 TLS-DHE-DSS-WITH-AES-128-GCM-SHA256 TLS-DHE-DSS-WITH-AES-256-CBC-SHA256 TLS-DHE-DSS-WITH-AES-256-GCM-SHA384 TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA256 TLS-ECDHE-RSA-WITH-AES-128-GCM-SHA256 TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA384 TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384 TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA256 TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256 TLS-ECDHE-ECDSA-WITH-AES-256-CBC-SHA384 TLS-ECDHE-ECDSA-WITH-AES-256-GCM-SHA384 TLS-RSA-WITH-AES-128-GCM-SHA256 TLS-RSA-WITH-AES-256-GCM-SHA384 TLS-DHE-DSS-WITH-CAMELLIA-128-CBC-SHA TLS-DHE-DSS-WITH-CAMELLIA-256-CBC-SHA TLS-DHE-DSS-WITH-CAMELLIA-128-CBC-SHA256 TLS-DHE-DSS-WITH-CAMELLIA-256-CBC-SHA256 TLS-DHE-DSS-WITH-SEED-CBC-SHA TLS-DHE-DSS-WITH-ARIA-128-CBC-SHA256 TLS-DHE-DSS-WITH-ARIA-256-CBC-SHA384 TLS-ECDHE-RSA-WITH-ARIA-128-CBC-SHA256 TLS-ECDHE-RSA-WITH-ARIA-256-CBC-SHA384 TLS-ECDHE-ECDSA-WITH-ARIA-128-CBC-SHA256 TLS-ECDHE-ECDSA-WITH-ARIA-256-CBC-SHA384 TLS-DHE-DSS-WITH-3DES-EDE-CBC-SHA TLS-DHE-DSS-WITH-DES-CBC-SHA	Dynamic Mapping Version of Suffixed Option Name. Sub-Table. Same Descriptions as Parent. choice \| TLS-RSA-WITH-RC4-128-MD5 \| choice \| TLS-RSA-WITH-RC4-128-SHA \| choice \| TLS-RSA-WITH-DES-CBC-SHA \| choice \| TLS-RSA-WITH-3DES-EDE-CBC-SHA \| choice \| TLS-RSA-WITH-AES-128-CBC-SHA \| choice \| TLS-RSA-WITH-AES-256-CBC-SHA \| choice \| TLS-RSA-WITH-AES-128-CBC-SHA256 \| choice \| TLS-RSA-WITH-AES-256-CBC-SHA256 \| choice \| TLS-RSA-WITH-CAMELLIA-128-CBC-SHA \| choice \| TLS-RSA-WITH-CAMELLIA-256-CBC-SHA \| choice \| TLS-RSA-WITH-CAMELLIA-128-CBC-SHA256 \| choice \| TLS-RSA-WITH-CAMELLIA-256-CBC-SHA256 \| choice \| TLS-RSA-WITH-SEED-CBC-SHA \| choice \| TLS-RSA-WITH-ARIA-128-CBC-SHA256 \| choice \| TLS-RSA-WITH-ARIA-256-CBC-SHA384 \| choice \| TLS-DHE-RSA-WITH-DES-CBC-SHA \| choice \| TLS-DHE-RSA-WITH-3DES-EDE-CBC-SHA \| choice \| TLS-DHE-RSA-WITH-AES-128-CBC-SHA \| choice \| TLS-DHE-RSA-WITH-AES-256-CBC-SHA \| choice \| TLS-DHE-RSA-WITH-AES-128-CBC-SHA256 \| choice \| TLS-DHE-RSA-WITH-AES-256-CBC-SHA256 \| choice \| TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA \| choice \| TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA \| choice \| TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA256 \| choice \| TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA256 \| choice \| TLS-DHE-RSA-WITH-SEED-CBC-SHA \| choice \| TLS-DHE-RSA-WITH-ARIA-128-CBC-SHA256 \| choice \| TLS-DHE-RSA-WITH-ARIA-256-CBC-SHA384 \| choice \| TLS-ECDHE-RSA-WITH-RC4-128-SHA \| choice \| TLS-ECDHE-RSA-WITH-3DES-EDE-CBC-SHA \| choice \| TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA \| choice \| TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA \| choice \| TLS-ECDHE-RSA-WITH-CHACHA20-POLY1305-SHA256 \| choice \| TLS-ECDHE-ECDSA-WITH-CHACHA20-POLY1305-SHA256 \| choice \| TLS-DHE-RSA-WITH-CHACHA20-POLY1305-SHA256 \| choice \| TLS-DHE-RSA-WITH-AES-128-GCM-SHA256 \| choice \| TLS-DHE-RSA-WITH-AES-256-GCM-SHA384 \| choice \| TLS-DHE-DSS-WITH-AES-128-CBC-SHA \| choice \| TLS-DHE-DSS-WITH-AES-256-CBC-SHA \| choice \| TLS-DHE-DSS-WITH-AES-128-CBC-SHA256 \| choice \| TLS-DHE-DSS-WITH-AES-128-GCM-SHA256 \| choice \| TLS-DHE-DSS-WITH-AES-256-CBC-SHA256 \| choice \| TLS-DHE-DSS-WITH-AES-256-GCM-SHA384 \| choice \| TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA256 \| choice \| TLS-ECDHE-RSA-WITH-AES-128-GCM-SHA256 \| choice \| TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA384 \| choice \| TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384 \| choice \| TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA \| choice \| TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA256 \| choice \| TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256 \| choice \| TLS-ECDHE-ECDSA-WITH-AES-256-CBC-SHA384 \| choice \| TLS-ECDHE-ECDSA-WITH-AES-256-GCM-SHA384 \| choice \| TLS-RSA-WITH-AES-128-GCM-SHA256 \| choice \| TLS-RSA-WITH-AES-256-GCM-SHA384 \| choice \| TLS-DHE-DSS-WITH-CAMELLIA-128-CBC-SHA \| choice \| TLS-DHE-DSS-WITH-CAMELLIA-256-CBC-SHA \| choice \| TLS-DHE-DSS-WITH-CAMELLIA-128-CBC-SHA256 \| choice \| TLS-DHE-DSS-WITH-CAMELLIA-256-CBC-SHA256 \| choice \| TLS-DHE-DSS-WITH-SEED-CBC-SHA \| choice \| TLS-DHE-DSS-WITH-ARIA-128-CBC-SHA256 \| choice \| TLS-DHE-DSS-WITH-ARIA-256-CBC-SHA384 \| choice \| TLS-ECDHE-RSA-WITH-ARIA-128-CBC-SHA256 \| choice \| TLS-ECDHE-RSA-WITH-ARIA-256-CBC-SHA384 \| choice \| TLS-ECDHE-ECDSA-WITH-ARIA-128-CBC-SHA256 \| choice \| TLS-ECDHE-ECDSA-WITH-ARIA-256-CBC-SHA384 \| choice \| TLS-DHE-DSS-WITH-3DES-EDE-CBC-SHA \| choice \| TLS-DHE-DSS-WITH-DES-CBC-SHA \|
dynamic_mapping_ssl_cipher_suites_versions -	Choices: ssl-3.0 tls-1.0 tls-1.1 tls-1.2	Dynamic Mapping Version of Suffixed Option Name. Sub-Table. Same Descriptions as Parent. FLAG Based Options. Specify multiple in list form. flag \| ssl-3.0 \| flag \| tls-1.0 \| flag \| tls-1.1 \| flag \| tls-1.2 \|
dynamic_mapping_ssl_client_fallback -	Choices: disable enable	Dynamic Mapping Version of Suffixed Option Name. Sub-Table. Same Descriptions as Parent. choice \| disable \| choice \| enable \|
dynamic_mapping_ssl_client_renegotiation -	Choices: deny allow secure	Dynamic Mapping Version of Suffixed Option Name. Sub-Table. Same Descriptions as Parent. choice \| deny \| choice \| allow \| choice \| secure \|
dynamic_mapping_ssl_client_session_state_max -		Dynamic Mapping Version of Suffixed Option Name. Sub-Table. Same Descriptions as Parent.
dynamic_mapping_ssl_client_session_state_timeout -		Dynamic Mapping Version of Suffixed Option Name. Sub-Table. Same Descriptions as Parent.
dynamic_mapping_ssl_client_session_state_type -	Choices: disable time count both	Dynamic Mapping Version of Suffixed Option Name. Sub-Table. Same Descriptions as Parent. choice \| disable \| choice \| time \| choice \| count \| choice \| both \|
dynamic_mapping_ssl_dh_bits -	Choices: 768 1024 1536 2048 3072 4096	Dynamic Mapping Version of Suffixed Option Name. Sub-Table. Same Descriptions as Parent. choice \| 768 \| choice \| 1024 \| choice \| 1536 \| choice \| 2048 \| choice \| 3072 \| choice \| 4096 \|
dynamic_mapping_ssl_hpkp -	Choices: disable enable report-only	Dynamic Mapping Version of Suffixed Option Name. Sub-Table. Same Descriptions as Parent. choice \| disable \| choice \| enable \| choice \| report-only \|
dynamic_mapping_ssl_hpkp_age -		Dynamic Mapping Version of Suffixed Option Name. Sub-Table. Same Descriptions as Parent.
dynamic_mapping_ssl_hpkp_backup -		Dynamic Mapping Version of Suffixed Option Name. Sub-Table. Same Descriptions as Parent.
dynamic_mapping_ssl_hpkp_include_subdomains -	Choices: disable enable	Dynamic Mapping Version of Suffixed Option Name. Sub-Table. Same Descriptions as Parent. choice \| disable \| choice \| enable \|
dynamic_mapping_ssl_hpkp_primary -		Dynamic Mapping Version of Suffixed Option Name. Sub-Table. Same Descriptions as Parent.
dynamic_mapping_ssl_hpkp_report_uri -		Dynamic Mapping Version of Suffixed Option Name. Sub-Table. Same Descriptions as Parent.
dynamic_mapping_ssl_hsts -	Choices: disable enable	Dynamic Mapping Version of Suffixed Option Name. Sub-Table. Same Descriptions as Parent. choice \| disable \| choice \| enable \|
dynamic_mapping_ssl_hsts_age -		Dynamic Mapping Version of Suffixed Option Name. Sub-Table. Same Descriptions as Parent.
dynamic_mapping_ssl_hsts_include_subdomains -	Choices: disable enable	Dynamic Mapping Version of Suffixed Option Name. Sub-Table. Same Descriptions as Parent. choice \| disable \| choice \| enable \|
dynamic_mapping_ssl_http_location_conversion -	Choices: disable enable	Dynamic Mapping Version of Suffixed Option Name. Sub-Table. Same Descriptions as Parent. choice \| disable \| choice \| enable \|
dynamic_mapping_ssl_http_match_host -	Choices: disable enable	Dynamic Mapping Version of Suffixed Option Name. Sub-Table. Same Descriptions as Parent. choice \| disable \| choice \| enable \|
dynamic_mapping_ssl_max_version -	Choices: ssl-3.0 tls-1.0 tls-1.1 tls-1.2	Dynamic Mapping Version of Suffixed Option Name. Sub-Table. Same Descriptions as Parent. choice \| ssl-3.0 \| choice \| tls-1.0 \| choice \| tls-1.1 \| choice \| tls-1.2 \|
dynamic_mapping_ssl_min_version -	Choices: ssl-3.0 tls-1.0 tls-1.1 tls-1.2	Dynamic Mapping Version of Suffixed Option Name. Sub-Table. Same Descriptions as Parent. choice \| ssl-3.0 \| choice \| tls-1.0 \| choice \| tls-1.1 \| choice \| tls-1.2 \|
dynamic_mapping_ssl_mode -	Choices: half full	Dynamic Mapping Version of Suffixed Option Name. Sub-Table. Same Descriptions as Parent. choice \| half \| choice \| full \|
dynamic_mapping_ssl_pfs -	Choices: require deny allow	Dynamic Mapping Version of Suffixed Option Name. Sub-Table. Same Descriptions as Parent. choice \| require \| choice \| deny \| choice \| allow \|
dynamic_mapping_ssl_send_empty_frags -	Choices: disable enable	Dynamic Mapping Version of Suffixed Option Name. Sub-Table. Same Descriptions as Parent. choice \| disable \| choice \| enable \|
dynamic_mapping_ssl_server_algorithm -	Choices: high low medium custom client	Dynamic Mapping Version of Suffixed Option Name. Sub-Table. Same Descriptions as Parent. choice \| high \| choice \| low \| choice \| medium \| choice \| custom \| choice \| client \|
dynamic_mapping_ssl_server_max_version -	Choices: ssl-3.0 tls-1.0 tls-1.1 tls-1.2 client	Dynamic Mapping Version of Suffixed Option Name. Sub-Table. Same Descriptions as Parent. choice \| ssl-3.0 \| choice \| tls-1.0 \| choice \| tls-1.1 \| choice \| tls-1.2 \| choice \| client \|
dynamic_mapping_ssl_server_min_version -	Choices: ssl-3.0 tls-1.0 tls-1.1 tls-1.2 client	Dynamic Mapping Version of Suffixed Option Name. Sub-Table. Same Descriptions as Parent. choice \| ssl-3.0 \| choice \| tls-1.0 \| choice \| tls-1.1 \| choice \| tls-1.2 \| choice \| client \|
dynamic_mapping_ssl_server_session_state_max -		Dynamic Mapping Version of Suffixed Option Name. Sub-Table. Same Descriptions as Parent.
dynamic_mapping_ssl_server_session_state_timeout -		Dynamic Mapping Version of Suffixed Option Name. Sub-Table. Same Descriptions as Parent.
dynamic_mapping_ssl_server_session_state_type -	Choices: disable time count both	Dynamic Mapping Version of Suffixed Option Name. Sub-Table. Same Descriptions as Parent. choice \| disable \| choice \| time \| choice \| count \| choice \| both \|
dynamic_mapping_type -	Choices: static-nat load-balance server-load-balance dns-translation fqdn	Dynamic Mapping Version of Suffixed Option Name. Sub-Table. Same Descriptions as Parent. choice \| static-nat \| choice \| load-balance \| choice \| server-load-balance \| choice \| dns-translation \| choice \| fqdn \|
dynamic_mapping_weblogic_server -	Choices: disable enable	Dynamic Mapping Version of Suffixed Option Name. Sub-Table. Same Descriptions as Parent. choice \| disable \| choice \| enable \|
dynamic_mapping_websphere_server -	Choices: disable enable	Dynamic Mapping Version of Suffixed Option Name. Sub-Table. Same Descriptions as Parent. choice \| disable \| choice \| enable \|
extaddr -		External FQDN address name.
extintf -		Interface connected to the source network that receives the packets that will be forwarded to the destination network.
extip -		IP address or address range on the external interface that you want to map to an address or address range on t he destination network.
extport -		Incoming port number range that you want to map to a port number range on the destination network.
gratuitous_arp_interval -		Enable to have the VIP send gratuitous ARPs. 0=disabled. Set from 5 up to 8640000 seconds to enable.
http_cookie_age -		Time in minutes that client web browsers should keep a cookie. Default is 60 seconds. 0 = no time limit.
http_cookie_domain -		Domain that HTTP cookie persistence should apply to.
http_cookie_domain_from_host -	Choices: disable enable	Enable/disable use of HTTP cookie domain from host field in HTTP. choice \| disable \| Disable use of HTTP cookie domain from host field in HTTP (use http-cooke-domain setting). choice \| enable \| Enable use of HTTP cookie domain from host field in HTTP.
http_cookie_generation -		Generation of HTTP cookie to be accepted. Changing invalidates all existing cookies.
http_cookie_path -		Limit HTTP cookie persistence to the specified path.
http_cookie_share -	Choices: disable same-ip	Control sharing of cookies across virtual servers. same-ip means a cookie from one virtual server can be used by another. Disable stops cookie sharing. choice \| disable \| Only allow HTTP cookie to match this virtual server. choice \| same-ip \| Allow HTTP cookie to match any virtual server with same IP.
http_ip_header -	Choices: disable enable	For HTTP multiplexing, enable to add the original client IP address in the XForwarded-For HTTP header. choice \| disable \| Disable adding HTTP header. choice \| enable \| Enable adding HTTP header.
http_ip_header_name -		For HTTP multiplexing, enter a custom HTTPS header name. The orig client IP address is added to this header. If empty, X-Forwarded-For is used.
http_multiplex -	Choices: disable enable	Enable/disable HTTP multiplexing. choice \| disable \| Disable HTTP session multiplexing. choice \| enable \| Enable HTTP session multiplexing.
https_cookie_secure -	Choices: disable enable	Enable/disable verification that inserted HTTPS cookies are secure. choice \| disable \| Do not mark cookie as secure, allow sharing between an HTTP and HTTPS connection. choice \| enable \| Mark inserted cookie as secure, cookie can only be used for HTTPS a connection.
ldb_method -	Choices: static round-robin weighted least-session least-rtt first-alive http-host	Method used to distribute sessions to real servers. choice \| static \| Distribute to server based on source IP. choice \| round-robin \| Distribute to server based round robin order. choice \| weighted \| Distribute to server based on weight. choice \| least-session \| Distribute to server with lowest session count. choice \| least-rtt \| Distribute to server with lowest Round-Trip-Time. choice \| first-alive \| Distribute to the first server that is alive. choice \| http-host \| Distribute to server based on host field in HTTP header.
mapped_addr -		Mapped FQDN address name.
mappedip -		IP address or address range on the destination network to which the external IP address is mapped.
mappedport -		Port number range on the destination network to which the external port number range is mapped.
max_embryonic_connections -		Maximum number of incomplete connections.
mode -	Choices: add ← set delete update	Sets one of three modes for managing the object. Allows use of soft-adds instead of overwriting existing values
monitor -		Name of the health check monitor to use when polling to determine a virtual server's connectivity status.
name -		Virtual IP name.
nat_source_vip -	Choices: disable enable	Enable to prevent unintended servers from using a virtual IP. Disable to use the actual IP address of the server as the source address. choice \| disable \| Do not force to NAT as VIP. choice \| enable \| Force to NAT as VIP.
outlook_web_access -	Choices: disable enable	Enable to add the Front-End-Https header for Microsoft Outlook Web Access. choice \| disable \| Disable Outlook Web Access support. choice \| enable \| Enable Outlook Web Access support.
persistence -	Choices: none http-cookie ssl-session-id	Configure how to make sure that clients connect to the same server every time they make a request that is part of the same session. choice \| none \| None. choice \| http-cookie \| HTTP cookie. choice \| ssl-session-id \| SSL session ID.
portforward -	Choices: disable enable	Enable/disable port forwarding. choice \| disable \| Disable port forward. choice \| enable \| Enable port forward.
portmapping_type -	Choices: 1-to-1 m-to-n	Port mapping type. choice \| 1-to-1 \| One to one. choice \| m-to-n \| Many to many.
protocol -	Choices: tcp udp sctp icmp	Protocol to use when forwarding packets. choice \| tcp \| TCP. choice \| udp \| UDP. choice \| sctp \| SCTP. choice \| icmp \| ICMP.
realservers -		EXPERTS ONLY! KNOWLEDGE OF FMGR JSON API IS REQUIRED! List of multiple child objects to be added. Expects a list of dictionaries. Dictionaries must use FortiManager API parameters, not the ansible ones listed below. If submitted, all other prefixed sub-parameters ARE IGNORED. This object is MUTUALLY EXCLUSIVE with its options. We expect that you know what you are doing with these list parameters, and are leveraging the JSON API Guide. WHEN IN DOUBT, USE THE SUB OPTIONS BELOW INSTEAD TO CREATE OBJECTS WITH MULTIPLE TASKS
realservers_client_ip -		Only clients in this IP range can connect to this real server.
realservers_healthcheck -	Choices: disable enable vip	Enable to check the responsiveness of the real server before forwarding traffic. choice \| disable \| Disable per server health check. choice \| enable \| Enable per server health check. choice \| vip \| Use health check defined in VIP.
realservers_holddown_interval -		Time in seconds that the health check monitor monitors an unresponsive server that should be active.
realservers_http_host -		HTTP server domain name in HTTP header.
realservers_ip -		IP address of the real server.
realservers_max_connections -		Max number of active connections that can be directed to the real server. When reached, sessions are sent to their real servers.
realservers_monitor -		Name of the health check monitor to use when polling to determine a virtual server's connectivity status.
realservers_port -		Port for communicating with the real server. Required if port forwarding is enabled.
realservers_seq -		Real Server Sequence Number
realservers_status -	Choices: active standby disable	Set the status of the real server to active so that it can accept traffic. Or on standby or disabled so no traffic is sent. choice \| active \| Server status active. choice \| standby \| Server status standby. choice \| disable \| Server status disable.
realservers_weight -		Weight of the real server. If weighted load balancing is enabled, the server with the highest weight gets more connections.
server_type -	Choices: http https ssl tcp udp ip imaps pop3s smtps	Protocol to be load balanced by the virtual server (also called the server load balance virtual IP). choice \| http \| HTTP choice \| https \| HTTPS choice \| ssl \| SSL choice \| tcp \| TCP choice \| udp \| UDP choice \| ip \| IP choice \| imaps \| IMAPS choice \| pop3s \| POP3S choice \| smtps \| SMTPS
service -		Service name.
src_filter -		Source address filter. Each address must be either an IP/subnet (x.x.x.x/n) or a range (x.x.x.x-y.y.y.y). Separate addresses with spaces.
srcintf_filter -		Interfaces to which the VIP applies. Separate the names with spaces.
ssl_algorithm -	Choices: high medium low custom	Permitted encryption algorithms for SSL sessions according to encryption strength. choice \| high \| High encryption. Allow only AES and ChaCha. choice \| medium \| Medium encryption. Allow AES, ChaCha, 3DES, and RC4. choice \| low \| Low encryption. Allow AES, ChaCha, 3DES, RC4, and DES. choice \| custom \| Custom encryption. Use config ssl-cipher-suites to select the cipher suites that are allowed.
ssl_certificate -		The name of the SSL certificate to use for SSL acceleration.
ssl_cipher_suites -		EXPERTS ONLY! KNOWLEDGE OF FMGR JSON API IS REQUIRED! List of multiple child objects to be added. Expects a list of dictionaries. Dictionaries must use FortiManager API parameters, not the ansible ones listed below. If submitted, all other prefixed sub-parameters ARE IGNORED. This object is MUTUALLY EXCLUSIVE with its options. We expect that you know what you are doing with these list parameters, and are leveraging the JSON API Guide. WHEN IN DOUBT, USE THE SUB OPTIONS BELOW INSTEAD TO CREATE OBJECTS WITH MULTIPLE TASKS
ssl_cipher_suites_cipher -	Choices: TLS-RSA-WITH-RC4-128-MD5 TLS-RSA-WITH-RC4-128-SHA TLS-RSA-WITH-DES-CBC-SHA TLS-RSA-WITH-3DES-EDE-CBC-SHA TLS-RSA-WITH-AES-128-CBC-SHA TLS-RSA-WITH-AES-256-CBC-SHA TLS-RSA-WITH-AES-128-CBC-SHA256 TLS-RSA-WITH-AES-256-CBC-SHA256 TLS-RSA-WITH-CAMELLIA-128-CBC-SHA TLS-RSA-WITH-CAMELLIA-256-CBC-SHA TLS-RSA-WITH-CAMELLIA-128-CBC-SHA256 TLS-RSA-WITH-CAMELLIA-256-CBC-SHA256 TLS-RSA-WITH-SEED-CBC-SHA TLS-RSA-WITH-ARIA-128-CBC-SHA256 TLS-RSA-WITH-ARIA-256-CBC-SHA384 TLS-DHE-RSA-WITH-DES-CBC-SHA TLS-DHE-RSA-WITH-3DES-EDE-CBC-SHA TLS-DHE-RSA-WITH-AES-128-CBC-SHA TLS-DHE-RSA-WITH-AES-256-CBC-SHA TLS-DHE-RSA-WITH-AES-128-CBC-SHA256 TLS-DHE-RSA-WITH-AES-256-CBC-SHA256 TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA256 TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA256 TLS-DHE-RSA-WITH-SEED-CBC-SHA TLS-DHE-RSA-WITH-ARIA-128-CBC-SHA256 TLS-DHE-RSA-WITH-ARIA-256-CBC-SHA384 TLS-ECDHE-RSA-WITH-RC4-128-SHA TLS-ECDHE-RSA-WITH-3DES-EDE-CBC-SHA TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA TLS-ECDHE-RSA-WITH-CHACHA20-POLY1305-SHA256 TLS-ECDHE-ECDSA-WITH-CHACHA20-POLY1305-SHA256 TLS-DHE-RSA-WITH-CHACHA20-POLY1305-SHA256 TLS-DHE-RSA-WITH-AES-128-GCM-SHA256 TLS-DHE-RSA-WITH-AES-256-GCM-SHA384 TLS-DHE-DSS-WITH-AES-128-CBC-SHA TLS-DHE-DSS-WITH-AES-256-CBC-SHA TLS-DHE-DSS-WITH-AES-128-CBC-SHA256 TLS-DHE-DSS-WITH-AES-128-GCM-SHA256 TLS-DHE-DSS-WITH-AES-256-CBC-SHA256 TLS-DHE-DSS-WITH-AES-256-GCM-SHA384 TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA256 TLS-ECDHE-RSA-WITH-AES-128-GCM-SHA256 TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA384 TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384 TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA256 TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256 TLS-ECDHE-ECDSA-WITH-AES-256-CBC-SHA384 TLS-ECDHE-ECDSA-WITH-AES-256-GCM-SHA384 TLS-RSA-WITH-AES-128-GCM-SHA256 TLS-RSA-WITH-AES-256-GCM-SHA384 TLS-DHE-DSS-WITH-CAMELLIA-128-CBC-SHA TLS-DHE-DSS-WITH-CAMELLIA-256-CBC-SHA TLS-DHE-DSS-WITH-CAMELLIA-128-CBC-SHA256 TLS-DHE-DSS-WITH-CAMELLIA-256-CBC-SHA256 TLS-DHE-DSS-WITH-SEED-CBC-SHA TLS-DHE-DSS-WITH-ARIA-128-CBC-SHA256 TLS-DHE-DSS-WITH-ARIA-256-CBC-SHA384 TLS-ECDHE-RSA-WITH-ARIA-128-CBC-SHA256 TLS-ECDHE-RSA-WITH-ARIA-256-CBC-SHA384 TLS-ECDHE-ECDSA-WITH-ARIA-128-CBC-SHA256 TLS-ECDHE-ECDSA-WITH-ARIA-256-CBC-SHA384 TLS-DHE-DSS-WITH-3DES-EDE-CBC-SHA TLS-DHE-DSS-WITH-DES-CBC-SHA	Cipher suite name. choice \| TLS-RSA-WITH-RC4-128-MD5 \| Cipher suite TLS-RSA-WITH-RC4-128-MD5. choice \| TLS-RSA-WITH-RC4-128-SHA \| Cipher suite TLS-RSA-WITH-RC4-128-SHA. choice \| TLS-RSA-WITH-DES-CBC-SHA \| Cipher suite TLS-RSA-WITH-DES-CBC-SHA. choice \| TLS-RSA-WITH-3DES-EDE-CBC-SHA \| Cipher suite TLS-RSA-WITH-3DES-EDE-CBC-SHA. choice \| TLS-RSA-WITH-AES-128-CBC-SHA \| Cipher suite TLS-RSA-WITH-AES-128-CBC-SHA. choice \| TLS-RSA-WITH-AES-256-CBC-SHA \| Cipher suite TLS-RSA-WITH-AES-256-CBC-SHA. choice \| TLS-RSA-WITH-AES-128-CBC-SHA256 \| Cipher suite TLS-RSA-WITH-AES-128-CBC-SHA256. choice \| TLS-RSA-WITH-AES-256-CBC-SHA256 \| Cipher suite TLS-RSA-WITH-AES-256-CBC-SHA256. choice \| TLS-RSA-WITH-CAMELLIA-128-CBC-SHA \| Cipher suite TLS-RSA-WITH-CAMELLIA-128-CBC-SHA. choice \| TLS-RSA-WITH-CAMELLIA-256-CBC-SHA \| Cipher suite TLS-RSA-WITH-CAMELLIA-256-CBC-SHA. choice \| TLS-RSA-WITH-CAMELLIA-128-CBC-SHA256 \| Cipher suite TLS-RSA-WITH-CAMELLIA-128-CBC-SHA256. choice \| TLS-RSA-WITH-CAMELLIA-256-CBC-SHA256 \| Cipher suite TLS-RSA-WITH-CAMELLIA-256-CBC-SHA256. choice \| TLS-RSA-WITH-SEED-CBC-SHA \| Cipher suite TLS-RSA-WITH-SEED-CBC-SHA. choice \| TLS-RSA-WITH-ARIA-128-CBC-SHA256 \| Cipher suite TLS-RSA-WITH-ARIA-128-CBC-SHA256. choice \| TLS-RSA-WITH-ARIA-256-CBC-SHA384 \| Cipher suite TLS-RSA-WITH-ARIA-256-CBC-SHA384. choice \| TLS-DHE-RSA-WITH-DES-CBC-SHA \| Cipher suite TLS-DHE-RSA-WITH-DES-CBC-SHA. choice \| TLS-DHE-RSA-WITH-3DES-EDE-CBC-SHA \| Cipher suite TLS-DHE-RSA-WITH-3DES-EDE-CBC-SHA. choice \| TLS-DHE-RSA-WITH-AES-128-CBC-SHA \| Cipher suite TLS-DHE-RSA-WITH-AES-128-CBC-SHA. choice \| TLS-DHE-RSA-WITH-AES-256-CBC-SHA \| Cipher suite TLS-DHE-RSA-WITH-AES-256-CBC-SHA. choice \| TLS-DHE-RSA-WITH-AES-128-CBC-SHA256 \| Cipher suite TLS-DHE-RSA-WITH-AES-128-CBC-SHA256. choice \| TLS-DHE-RSA-WITH-AES-256-CBC-SHA256 \| Cipher suite TLS-DHE-RSA-WITH-AES-256-CBC-SHA256. choice \| TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA \| Cipher suite TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA. choice \| TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA \| Cipher suite TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA. choice \| TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA256 \| Cipher suite TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA256. choice \| TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA256 \| Cipher suite TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA256. choice \| TLS-DHE-RSA-WITH-SEED-CBC-SHA \| Cipher suite TLS-DHE-RSA-WITH-SEED-CBC-SHA. choice \| TLS-DHE-RSA-WITH-ARIA-128-CBC-SHA256 \| Cipher suite TLS-DHE-RSA-WITH-ARIA-128-CBC-SHA256. choice \| TLS-DHE-RSA-WITH-ARIA-256-CBC-SHA384 \| Cipher suite TLS-DHE-RSA-WITH-ARIA-256-CBC-SHA384. choice \| TLS-ECDHE-RSA-WITH-RC4-128-SHA \| Cipher suite TLS-ECDHE-RSA-WITH-RC4-128-SHA. choice \| TLS-ECDHE-RSA-WITH-3DES-EDE-CBC-SHA \| Cipher suite TLS-ECDHE-RSA-WITH-3DES-EDE-CBC-SHA. choice \| TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA \| Cipher suite TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA. choice \| TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA \| Cipher suite TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA. choice \| TLS-ECDHE-RSA-WITH-CHACHA20-POLY1305-SHA256 \| Cipher suite TLS-ECDHE-RSA-WITH-CHACHA20-POLY1305-SHA256. choice \| TLS-ECDHE-ECDSA-WITH-CHACHA20-POLY1305-SHA256 \| Cipher suite TLS-ECDHE-ECDSA-WITH-CHACHA20-POLY1305-SHA256. choice \| TLS-DHE-RSA-WITH-CHACHA20-POLY1305-SHA256 \| Cipher suite TLS-DHE-RSA-WITH-CHACHA20-POLY1305-SHA256. choice \| TLS-DHE-RSA-WITH-AES-128-GCM-SHA256 \| Cipher suite TLS-DHE-RSA-WITH-AES-128-GCM-SHA256. choice \| TLS-DHE-RSA-WITH-AES-256-GCM-SHA384 \| Cipher suite TLS-DHE-RSA-WITH-AES-256-GCM-SHA384. choice \| TLS-DHE-DSS-WITH-AES-128-CBC-SHA \| Cipher suite TLS-DHE-DSS-WITH-AES-128-CBC-SHA. choice \| TLS-DHE-DSS-WITH-AES-256-CBC-SHA \| Cipher suite TLS-DHE-DSS-WITH-AES-256-CBC-SHA. choice \| TLS-DHE-DSS-WITH-AES-128-CBC-SHA256 \| Cipher suite TLS-DHE-DSS-WITH-AES-128-CBC-SHA256. choice \| TLS-DHE-DSS-WITH-AES-128-GCM-SHA256 \| Cipher suite TLS-DHE-DSS-WITH-AES-128-GCM-SHA256. choice \| TLS-DHE-DSS-WITH-AES-256-CBC-SHA256 \| Cipher suite TLS-DHE-DSS-WITH-AES-256-CBC-SHA256. choice \| TLS-DHE-DSS-WITH-AES-256-GCM-SHA384 \| Cipher suite TLS-DHE-DSS-WITH-AES-256-GCM-SHA384. choice \| TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA256 \| Cipher suite TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA256. choice \| TLS-ECDHE-RSA-WITH-AES-128-GCM-SHA256 \| Cipher suite TLS-ECDHE-RSA-WITH-AES-128-GCM-SHA256. choice \| TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA384 \| Cipher suite TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA384. choice \| TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384 \| Cipher suite TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384. choice \| TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA \| Cipher suite TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA. choice \| TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA256 \| Cipher suite TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA256. choice \| TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256 \| Cipher suite TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256. choice \| TLS-ECDHE-ECDSA-WITH-AES-256-CBC-SHA384 \| Cipher suite TLS-ECDHE-ECDSA-WITH-AES-256-CBC-SHA384. choice \| TLS-ECDHE-ECDSA-WITH-AES-256-GCM-SHA384 \| Cipher suite TLS-ECDHE-ECDSA-WITH-AES-256-GCM-SHA384. choice \| TLS-RSA-WITH-AES-128-GCM-SHA256 \| Cipher suite TLS-RSA-WITH-AES-128-GCM-SHA256. choice \| TLS-RSA-WITH-AES-256-GCM-SHA384 \| Cipher suite TLS-RSA-WITH-AES-256-GCM-SHA384. choice \| TLS-DHE-DSS-WITH-CAMELLIA-128-CBC-SHA \| Cipher suite TLS-DSS-RSA-WITH-CAMELLIA-128-CBC-SHA. choice \| TLS-DHE-DSS-WITH-CAMELLIA-256-CBC-SHA \| Cipher suite TLS-DHE-DSS-WITH-CAMELLIA-256-CBC-SHA. choice \| TLS-DHE-DSS-WITH-CAMELLIA-128-CBC-SHA256 \| Cipher suite TLS-DHE-DSS-WITH-CAMELLIA-128-CBC-SHA256. choice \| TLS-DHE-DSS-WITH-CAMELLIA-256-CBC-SHA256 \| Cipher suite TLS-DHE-DSS-WITH-CAMELLIA-256-CBC-SHA256. choice \| TLS-DHE-DSS-WITH-SEED-CBC-SHA \| Cipher suite TLS-DHE-DSS-WITH-SEED-CBC-SHA. choice \| TLS-DHE-DSS-WITH-ARIA-128-CBC-SHA256 \| Cipher suite TLS-DHE-DSS-WITH-ARIA-128-CBC-SHA256. choice \| TLS-DHE-DSS-WITH-ARIA-256-CBC-SHA384 \| Cipher suite TLS-DHE-DSS-WITH-ARIA-256-CBC-SHA384. choice \| TLS-ECDHE-RSA-WITH-ARIA-128-CBC-SHA256 \| Cipher suite TLS-ECDHE-RSA-WITH-ARIA-128-CBC-SHA256. choice \| TLS-ECDHE-RSA-WITH-ARIA-256-CBC-SHA384 \| Cipher suite TLS-ECDHE-RSA-WITH-ARIA-256-CBC-SHA384. choice \| TLS-ECDHE-ECDSA-WITH-ARIA-128-CBC-SHA256 \| Cipher suite TLS-ECDHE-ECDSA-WITH-ARIA-128-CBC_SHA256. choice \| TLS-ECDHE-ECDSA-WITH-ARIA-256-CBC-SHA384 \| Cipher suite TLS-ECDHE-ECDSA-WITH-ARIA-256-CBC_SHA384. choice \| TLS-DHE-DSS-WITH-3DES-EDE-CBC-SHA \| Cipher suite TLS-DHE-DSS-WITH-3DES-EDE-CBC-SHA. choice \| TLS-DHE-DSS-WITH-DES-CBC-SHA \| Cipher suite TLS-DHE-DSS-WITH-DES-CBC-SHA.
ssl_cipher_suites_versions -	Choices: ssl-3.0 tls-1.0 tls-1.1 tls-1.2	SSL/TLS versions that the cipher suite can be used with. FLAG Based Options. Specify multiple in list form. flag \| ssl-3.0 \| SSL 3.0. flag \| tls-1.0 \| TLS 1.0. flag \| tls-1.1 \| TLS 1.1. flag \| tls-1.2 \| TLS 1.2.
ssl_client_fallback -	Choices: disable enable	Enable/disable support for preventing Downgrade Attacks on client connections (RFC 7507). choice \| disable \| Disable. choice \| enable \| Enable.
ssl_client_renegotiation -	Choices: deny allow secure	Allow, deny, or require secure renegotiation of client sessions to comply with RFC 5746. choice \| deny \| Abort any client initiated SSL re-negotiation attempt. choice \| allow \| Allow a SSL client to renegotiate. choice \| secure \| Abort any client initiated SSL re-negotiation attempt that does not use RFC 5746.
ssl_client_session_state_max -		Maximum number of client to FortiGate SSL session states to keep.
ssl_client_session_state_timeout -		Number of minutes to keep client to FortiGate SSL session state.
ssl_client_session_state_type -	Choices: disable time count both	How to expire SSL sessions for the segment of the SSL connection between the client and the FortiGate. choice \| disable \| Do not keep session states. choice \| time \| Expire session states after this many minutes. choice \| count \| Expire session states when this maximum is reached. choice \| both \| Expire session states based on time or count, whichever occurs first.
ssl_dh_bits -	Choices: 768 1024 1536 2048 3072 4096	Number of bits to use in the Diffie-Hellman exchange for RSA encryption of SSL sessions. choice \| 768 \| 768-bit Diffie-Hellman prime. choice \| 1024 \| 1024-bit Diffie-Hellman prime. choice \| 1536 \| 1536-bit Diffie-Hellman prime. choice \| 2048 \| 2048-bit Diffie-Hellman prime. choice \| 3072 \| 3072-bit Diffie-Hellman prime. choice \| 4096 \| 4096-bit Diffie-Hellman prime.
ssl_hpkp -	Choices: disable enable report-only	Enable/disable including HPKP header in response. choice \| disable \| Do not add a HPKP header to each HTTP response. choice \| enable \| Add a HPKP header to each a HTTP response. choice \| report-only \| Add a HPKP Report-Only header to each HTTP response.
ssl_hpkp_age -		Number of seconds the client should honour the HPKP setting.
ssl_hpkp_backup -		Certificate to generate backup HPKP pin from.
ssl_hpkp_include_subdomains -	Choices: disable enable	Indicate that HPKP header applies to all subdomains. choice \| disable \| HPKP header does not apply to subdomains. choice \| enable \| HPKP header applies to subdomains.
ssl_hpkp_primary -		Certificate to generate primary HPKP pin from.
ssl_hpkp_report_uri -		URL to report HPKP violations to.
ssl_hsts -	Choices: disable enable	Enable/disable including HSTS header in response. choice \| disable \| Do not add a HSTS header to each a HTTP response. choice \| enable \| Add a HSTS header to each HTTP response.
ssl_hsts_age -		Number of seconds the client should honour the HSTS setting.
ssl_hsts_include_subdomains -	Choices: disable enable	Indicate that HSTS header applies to all subdomains. choice \| disable \| HSTS header does not apply to subdomains. choice \| enable \| HSTS header applies to subdomains.
ssl_http_location_conversion -	Choices: disable enable	Enable to replace HTTP with HTTPS in the reply's Location HTTP header field. choice \| disable \| Disable HTTP location conversion. choice \| enable \| Enable HTTP location conversion.
ssl_http_match_host -	Choices: disable enable	Enable/disable HTTP host matching for location conversion. choice \| disable \| Do not match HTTP host. choice \| enable \| Match HTTP host in response header.
ssl_max_version -	Choices: ssl-3.0 tls-1.0 tls-1.1 tls-1.2	Highest SSL/TLS version acceptable from a client. choice \| ssl-3.0 \| SSL 3.0. choice \| tls-1.0 \| TLS 1.0. choice \| tls-1.1 \| TLS 1.1. choice \| tls-1.2 \| TLS 1.2.
ssl_min_version -	Choices: ssl-3.0 tls-1.0 tls-1.1 tls-1.2	Lowest SSL/TLS version acceptable from a client. choice \| ssl-3.0 \| SSL 3.0. choice \| tls-1.0 \| TLS 1.0. choice \| tls-1.1 \| TLS 1.1. choice \| tls-1.2 \| TLS 1.2.
ssl_mode -	Choices: half full	Apply SSL offloading mode choice \| half \| Client to FortiGate SSL. choice \| full \| Client to FortiGate and FortiGate to Server SSL.
ssl_pfs -	Choices: require deny allow	Select the cipher suites that can be used for SSL perfect forward secrecy (PFS). choice \| require \| Allow only Diffie-Hellman cipher-suites, so PFS is applied. choice \| deny \| Allow only non-Diffie-Hellman cipher-suites, so PFS is not applied. choice \| allow \| Allow use of any cipher suite so PFS may or may not be used depending on the cipher suite
ssl_send_empty_frags -	Choices: disable enable	Enable/disable sending empty fragments to avoid CBC IV attacks (SSL 3.0 & TLS 1.0 only). choice \| disable \| Do not send empty fragments. choice \| enable \| Send empty fragments.
ssl_server_algorithm -	Choices: high low medium custom client	Permitted encryption algorithms for the server side of SSL full mode sessions according to encryption strength choice \| high \| High encryption. Allow only AES and ChaCha. choice \| low \| Low encryption. Allow AES, ChaCha, 3DES, RC4, and DES. choice \| medium \| Medium encryption. Allow AES, ChaCha, 3DES, and RC4. choice \| custom \| Custom encryption. Use ssl-server-cipher-suites to select the cipher suites that are allowed. choice \| client \| Use the same encryption algorithms for both client and server sessions.
ssl_server_cipher_suites -		EXPERTS ONLY! KNOWLEDGE OF FMGR JSON API IS REQUIRED! List of multiple child objects to be added. Expects a list of dictionaries. Dictionaries must use FortiManager API parameters, not the ansible ones listed below. If submitted, all other prefixed sub-parameters ARE IGNORED. This object is MUTUALLY EXCLUSIVE with its options. We expect that you know what you are doing with these list parameters, and are leveraging the JSON API Guide. WHEN IN DOUBT, USE THE SUB OPTIONS BELOW INSTEAD TO CREATE OBJECTS WITH MULTIPLE TASKS
ssl_server_cipher_suites_cipher -	Choices: TLS-RSA-WITH-RC4-128-MD5 TLS-RSA-WITH-RC4-128-SHA TLS-RSA-WITH-DES-CBC-SHA TLS-RSA-WITH-3DES-EDE-CBC-SHA TLS-RSA-WITH-AES-128-CBC-SHA TLS-RSA-WITH-AES-256-CBC-SHA TLS-RSA-WITH-AES-128-CBC-SHA256 TLS-RSA-WITH-AES-256-CBC-SHA256 TLS-RSA-WITH-CAMELLIA-128-CBC-SHA TLS-RSA-WITH-CAMELLIA-256-CBC-SHA TLS-RSA-WITH-CAMELLIA-128-CBC-SHA256 TLS-RSA-WITH-CAMELLIA-256-CBC-SHA256 TLS-RSA-WITH-SEED-CBC-SHA TLS-RSA-WITH-ARIA-128-CBC-SHA256 TLS-RSA-WITH-ARIA-256-CBC-SHA384 TLS-DHE-RSA-WITH-DES-CBC-SHA TLS-DHE-RSA-WITH-3DES-EDE-CBC-SHA TLS-DHE-RSA-WITH-AES-128-CBC-SHA TLS-DHE-RSA-WITH-AES-256-CBC-SHA TLS-DHE-RSA-WITH-AES-128-CBC-SHA256 TLS-DHE-RSA-WITH-AES-256-CBC-SHA256 TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA256 TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA256 TLS-DHE-RSA-WITH-SEED-CBC-SHA TLS-DHE-RSA-WITH-ARIA-128-CBC-SHA256 TLS-DHE-RSA-WITH-ARIA-256-CBC-SHA384 TLS-ECDHE-RSA-WITH-RC4-128-SHA TLS-ECDHE-RSA-WITH-3DES-EDE-CBC-SHA TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA TLS-ECDHE-RSA-WITH-CHACHA20-POLY1305-SHA256 TLS-ECDHE-ECDSA-WITH-CHACHA20-POLY1305-SHA256 TLS-DHE-RSA-WITH-CHACHA20-POLY1305-SHA256 TLS-DHE-RSA-WITH-AES-128-GCM-SHA256 TLS-DHE-RSA-WITH-AES-256-GCM-SHA384 TLS-DHE-DSS-WITH-AES-128-CBC-SHA TLS-DHE-DSS-WITH-AES-256-CBC-SHA TLS-DHE-DSS-WITH-AES-128-CBC-SHA256 TLS-DHE-DSS-WITH-AES-128-GCM-SHA256 TLS-DHE-DSS-WITH-AES-256-CBC-SHA256 TLS-DHE-DSS-WITH-AES-256-GCM-SHA384 TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA256 TLS-ECDHE-RSA-WITH-AES-128-GCM-SHA256 TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA384 TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384 TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA256 TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256 TLS-ECDHE-ECDSA-WITH-AES-256-CBC-SHA384 TLS-ECDHE-ECDSA-WITH-AES-256-GCM-SHA384 TLS-RSA-WITH-AES-128-GCM-SHA256 TLS-RSA-WITH-AES-256-GCM-SHA384 TLS-DHE-DSS-WITH-CAMELLIA-128-CBC-SHA TLS-DHE-DSS-WITH-CAMELLIA-256-CBC-SHA TLS-DHE-DSS-WITH-CAMELLIA-128-CBC-SHA256 TLS-DHE-DSS-WITH-CAMELLIA-256-CBC-SHA256 TLS-DHE-DSS-WITH-SEED-CBC-SHA TLS-DHE-DSS-WITH-ARIA-128-CBC-SHA256 TLS-DHE-DSS-WITH-ARIA-256-CBC-SHA384 TLS-ECDHE-RSA-WITH-ARIA-128-CBC-SHA256 TLS-ECDHE-RSA-WITH-ARIA-256-CBC-SHA384 TLS-ECDHE-ECDSA-WITH-ARIA-128-CBC-SHA256 TLS-ECDHE-ECDSA-WITH-ARIA-256-CBC-SHA384 TLS-DHE-DSS-WITH-3DES-EDE-CBC-SHA TLS-DHE-DSS-WITH-DES-CBC-SHA	Cipher suite name. choice \| TLS-RSA-WITH-RC4-128-MD5 \| Cipher suite TLS-RSA-WITH-RC4-128-MD5. choice \| TLS-RSA-WITH-RC4-128-SHA \| Cipher suite TLS-RSA-WITH-RC4-128-SHA. choice \| TLS-RSA-WITH-DES-CBC-SHA \| Cipher suite TLS-RSA-WITH-DES-CBC-SHA. choice \| TLS-RSA-WITH-3DES-EDE-CBC-SHA \| Cipher suite TLS-RSA-WITH-3DES-EDE-CBC-SHA. choice \| TLS-RSA-WITH-AES-128-CBC-SHA \| Cipher suite TLS-RSA-WITH-AES-128-CBC-SHA. choice \| TLS-RSA-WITH-AES-256-CBC-SHA \| Cipher suite TLS-RSA-WITH-AES-256-CBC-SHA. choice \| TLS-RSA-WITH-AES-128-CBC-SHA256 \| Cipher suite TLS-RSA-WITH-AES-128-CBC-SHA256. choice \| TLS-RSA-WITH-AES-256-CBC-SHA256 \| Cipher suite TLS-RSA-WITH-AES-256-CBC-SHA256. choice \| TLS-RSA-WITH-CAMELLIA-128-CBC-SHA \| Cipher suite TLS-RSA-WITH-CAMELLIA-128-CBC-SHA. choice \| TLS-RSA-WITH-CAMELLIA-256-CBC-SHA \| Cipher suite TLS-RSA-WITH-CAMELLIA-256-CBC-SHA. choice \| TLS-RSA-WITH-CAMELLIA-128-CBC-SHA256 \| Cipher suite TLS-RSA-WITH-CAMELLIA-128-CBC-SHA256. choice \| TLS-RSA-WITH-CAMELLIA-256-CBC-SHA256 \| Cipher suite TLS-RSA-WITH-CAMELLIA-256-CBC-SHA256. choice \| TLS-RSA-WITH-SEED-CBC-SHA \| Cipher suite TLS-RSA-WITH-SEED-CBC-SHA. choice \| TLS-RSA-WITH-ARIA-128-CBC-SHA256 \| Cipher suite TLS-RSA-WITH-ARIA-128-CBC-SHA256. choice \| TLS-RSA-WITH-ARIA-256-CBC-SHA384 \| Cipher suite TLS-RSA-WITH-ARIA-256-CBC-SHA384. choice \| TLS-DHE-RSA-WITH-DES-CBC-SHA \| Cipher suite TLS-DHE-RSA-WITH-DES-CBC-SHA. choice \| TLS-DHE-RSA-WITH-3DES-EDE-CBC-SHA \| Cipher suite TLS-DHE-RSA-WITH-3DES-EDE-CBC-SHA. choice \| TLS-DHE-RSA-WITH-AES-128-CBC-SHA \| Cipher suite TLS-DHE-RSA-WITH-AES-128-CBC-SHA. choice \| TLS-DHE-RSA-WITH-AES-256-CBC-SHA \| Cipher suite TLS-DHE-RSA-WITH-AES-256-CBC-SHA. choice \| TLS-DHE-RSA-WITH-AES-128-CBC-SHA256 \| Cipher suite TLS-DHE-RSA-WITH-AES-128-CBC-SHA256. choice \| TLS-DHE-RSA-WITH-AES-256-CBC-SHA256 \| Cipher suite TLS-DHE-RSA-WITH-AES-256-CBC-SHA256. choice \| TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA \| Cipher suite TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA. choice \| TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA \| Cipher suite TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA. choice \| TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA256 \| Cipher suite TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA256. choice \| TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA256 \| Cipher suite TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA256. choice \| TLS-DHE-RSA-WITH-SEED-CBC-SHA \| Cipher suite TLS-DHE-RSA-WITH-SEED-CBC-SHA. choice \| TLS-DHE-RSA-WITH-ARIA-128-CBC-SHA256 \| Cipher suite TLS-DHE-RSA-WITH-ARIA-128-CBC-SHA256. choice \| TLS-DHE-RSA-WITH-ARIA-256-CBC-SHA384 \| Cipher suite TLS-DHE-RSA-WITH-ARIA-256-CBC-SHA384. choice \| TLS-ECDHE-RSA-WITH-RC4-128-SHA \| Cipher suite TLS-ECDHE-RSA-WITH-RC4-128-SHA. choice \| TLS-ECDHE-RSA-WITH-3DES-EDE-CBC-SHA \| Cipher suite TLS-ECDHE-RSA-WITH-3DES-EDE-CBC-SHA. choice \| TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA \| Cipher suite TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA. choice \| TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA \| Cipher suite TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA. choice \| TLS-ECDHE-RSA-WITH-CHACHA20-POLY1305-SHA256 \| Cipher suite TLS-ECDHE-RSA-WITH-CHACHA20-POLY1305-SHA256. choice \| TLS-ECDHE-ECDSA-WITH-CHACHA20-POLY1305-SHA256 \| Suite TLS-ECDHE-ECDSA-WITH-CHACHA20-POLY1305-SHA256. choice \| TLS-DHE-RSA-WITH-CHACHA20-POLY1305-SHA256 \| Cipher suite TLS-DHE-RSA-WITH-CHACHA20-POLY1305-SHA256. choice \| TLS-DHE-RSA-WITH-AES-128-GCM-SHA256 \| Cipher suite TLS-DHE-RSA-WITH-AES-128-GCM-SHA256. choice \| TLS-DHE-RSA-WITH-AES-256-GCM-SHA384 \| Cipher suite TLS-DHE-RSA-WITH-AES-256-GCM-SHA384. choice \| TLS-DHE-DSS-WITH-AES-128-CBC-SHA \| Cipher suite TLS-DHE-DSS-WITH-AES-128-CBC-SHA. choice \| TLS-DHE-DSS-WITH-AES-256-CBC-SHA \| Cipher suite TLS-DHE-DSS-WITH-AES-256-CBC-SHA. choice \| TLS-DHE-DSS-WITH-AES-128-CBC-SHA256 \| Cipher suite TLS-DHE-DSS-WITH-AES-128-CBC-SHA256. choice \| TLS-DHE-DSS-WITH-AES-128-GCM-SHA256 \| Cipher suite TLS-DHE-DSS-WITH-AES-128-GCM-SHA256. choice \| TLS-DHE-DSS-WITH-AES-256-CBC-SHA256 \| Cipher suite TLS-DHE-DSS-WITH-AES-256-CBC-SHA256. choice \| TLS-DHE-DSS-WITH-AES-256-GCM-SHA384 \| Cipher suite TLS-DHE-DSS-WITH-AES-256-GCM-SHA384. choice \| TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA256 \| Cipher suite TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA256. choice \| TLS-ECDHE-RSA-WITH-AES-128-GCM-SHA256 \| Cipher suite TLS-ECDHE-RSA-WITH-AES-128-GCM-SHA256. choice \| TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA384 \| Cipher suite TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA384. choice \| TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384 \| Cipher suite TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384. choice \| TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA \| Cipher suite TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA. choice \| TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA256 \| Cipher suite TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA256. choice \| TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256 \| Cipher suite TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256. choice \| TLS-ECDHE-ECDSA-WITH-AES-256-CBC-SHA384 \| Cipher suite TLS-ECDHE-ECDSA-WITH-AES-256-CBC-SHA384. choice \| TLS-ECDHE-ECDSA-WITH-AES-256-GCM-SHA384 \| Cipher suite TLS-ECDHE-ECDSA-WITH-AES-256-GCM-SHA384. choice \| TLS-RSA-WITH-AES-128-GCM-SHA256 \| Cipher suite TLS-RSA-WITH-AES-128-GCM-SHA256. choice \| TLS-RSA-WITH-AES-256-GCM-SHA384 \| Cipher suite TLS-RSA-WITH-AES-256-GCM-SHA384. choice \| TLS-DHE-DSS-WITH-CAMELLIA-128-CBC-SHA \| Cipher suite TLS-DSS-RSA-WITH-CAMELLIA-128-CBC-SHA. choice \| TLS-DHE-DSS-WITH-CAMELLIA-256-CBC-SHA \| Cipher suite TLS-DHE-DSS-WITH-CAMELLIA-256-CBC-SHA. choice \| TLS-DHE-DSS-WITH-CAMELLIA-128-CBC-SHA256 \| Cipher suite TLS-DHE-DSS-WITH-CAMELLIA-128-CBC-SHA256. choice \| TLS-DHE-DSS-WITH-CAMELLIA-256-CBC-SHA256 \| Cipher suite TLS-DHE-DSS-WITH-CAMELLIA-256-CBC-SHA256. choice \| TLS-DHE-DSS-WITH-SEED-CBC-SHA \| Cipher suite TLS-DHE-DSS-WITH-SEED-CBC-SHA. choice \| TLS-DHE-DSS-WITH-ARIA-128-CBC-SHA256 \| Cipher suite TLS-DHE-DSS-WITH-ARIA-128-CBC-SHA256. choice \| TLS-DHE-DSS-WITH-ARIA-256-CBC-SHA384 \| Cipher suite TLS-DHE-DSS-WITH-ARIA-256-CBC-SHA384. choice \| TLS-ECDHE-RSA-WITH-ARIA-128-CBC-SHA256 \| Cipher suite TLS-ECDHE-RSA-WITH-ARIA-128-CBC-SHA256. choice \| TLS-ECDHE-RSA-WITH-ARIA-256-CBC-SHA384 \| Cipher suite TLS-ECDHE-RSA-WITH-ARIA-256-CBC-SHA384. choice \| TLS-ECDHE-ECDSA-WITH-ARIA-128-CBC-SHA256 \| Cipher suite TLS-ECDHE-ECDSA-WITH-ARIA-128-CBC_SHA256. choice \| TLS-ECDHE-ECDSA-WITH-ARIA-256-CBC-SHA384 \| Cipher suite TLS-ECDHE-ECDSA-WITH-ARIA-256-CBC_SHA384. choice \| TLS-DHE-DSS-WITH-3DES-EDE-CBC-SHA \| Cipher suite TLS-DHE-DSS-WITH-3DES-EDE-CBC-SHA. choice \| TLS-DHE-DSS-WITH-DES-CBC-SHA \| Cipher suite TLS-DHE-DSS-WITH-DES-CBC-SHA.
ssl_server_cipher_suites_priority -		SSL/TLS cipher suites priority.
ssl_server_cipher_suites_versions -	Choices: ssl-3.0 tls-1.0 tls-1.1 tls-1.2	SSL/TLS versions that the cipher suite can be used with. FLAG Based Options. Specify multiple in list form. flag \| ssl-3.0 \| SSL 3.0. flag \| tls-1.0 \| TLS 1.0. flag \| tls-1.1 \| TLS 1.1. flag \| tls-1.2 \| TLS 1.2.
ssl_server_max_version -	Choices: ssl-3.0 tls-1.0 tls-1.1 tls-1.2 client	Highest SSL/TLS version acceptable from a server. Use the client setting by default. choice \| ssl-3.0 \| SSL 3.0. choice \| tls-1.0 \| TLS 1.0. choice \| tls-1.1 \| TLS 1.1. choice \| tls-1.2 \| TLS 1.2. choice \| client \| Use same value as client configuration.
ssl_server_min_version -	Choices: ssl-3.0 tls-1.0 tls-1.1 tls-1.2 client	Lowest SSL/TLS version acceptable from a server. Use the client setting by default. choice \| ssl-3.0 \| SSL 3.0. choice \| tls-1.0 \| TLS 1.0. choice \| tls-1.1 \| TLS 1.1. choice \| tls-1.2 \| TLS 1.2. choice \| client \| Use same value as client configuration.
ssl_server_session_state_max -		Maximum number of FortiGate to Server SSL session states to keep.
ssl_server_session_state_timeout -		Number of minutes to keep FortiGate to Server SSL session state.
ssl_server_session_state_type -	Choices: disable time count both	How to expire SSL sessions for the segment of the SSL connection between the server and the FortiGate. choice \| disable \| Do not keep session states. choice \| time \| Expire session states after this many minutes. choice \| count \| Expire session states when this maximum is reached. choice \| both \| Expire session states based on time or count, whichever occurs first.
type -	Choices: static-nat load-balance server-load-balance dns-translation fqdn	Configure a static NAT, load balance, server load balance, DNS translation, or FQDN VIP. choice \| static-nat \| Static NAT. choice \| load-balance \| Load balance. choice \| server-load-balance \| Server load balance. choice \| dns-translation \| DNS translation. choice \| fqdn \| FQDN Translation
weblogic_server -	Choices: disable enable	Enable to add an HTTP header to indicate SSL offloading for a WebLogic server. choice \| disable \| Do not add HTTP header indicating SSL offload for WebLogic server. choice \| enable \| Add HTTP header indicating SSL offload for WebLogic server.
websphere_server -	Choices: disable enable	Enable to add an HTTP header to indicate SSL offloading for a WebSphere server. choice \| disable \| Do not add HTTP header indicating SSL offload for WebSphere server. choice \| enable \| Add HTTP header indicating SSL offload for WebSphere server.

Notes ¶

Note

Full Documentation at https://ftnt-ansible-docs.readthedocs.io/en/latest/.

Examples ¶

# BASIC FULL STATIC NAT MAPPING
- name: EDIT FMGR_FIREWALL_VIP SNAT
  fmgr_fwobj_vip:
    name: "Basic StaticNAT Map"
    mode: "set"
    adom: "ansible"
    type: "static-nat"
    extip: "82.72.192.185"
    extintf: "any"
    mappedip: "10.7.220.25"
    comment: "Created by Ansible"
    color: "17"

# BASIC PORT PNAT MAPPING
- name: EDIT FMGR_FIREWALL_VIP PNAT
  fmgr_fwobj_vip:
    name: "Basic PNAT Map Port 10443"
    mode: "set"
    adom: "ansible"
    type: "static-nat"
    extip: "82.72.192.185"
    extport: "10443"
    extintf: "any"
    portforward: "enable"
    protocol: "tcp"
    mappedip: "10.7.220.25"
    mappedport: "443"
    comment: "Created by Ansible"
    color: "17"

# BASIC DNS TRANSLATION NAT
- name: EDIT FMGR_FIREWALL_DNST
  fmgr_fwobj_vip:
    name: "Basic DNS Translation"
    mode: "set"
    adom: "ansible"
    type: "dns-translation"
    extip: "192.168.0.1-192.168.0.100"
    extintf: "dmz"
    mappedip: "3.3.3.0/24, 4.0.0.0/24"
    comment: "Created by Ansible"
    color: "12"

# BASIC FQDN NAT
- name: EDIT FMGR_FIREWALL_FQDN
  fmgr_fwobj_vip:
    name: "Basic FQDN Translation"
    mode: "set"
    adom: "ansible"
    type: "fqdn"
    mapped_addr: "google-play"
    comment: "Created by Ansible"
    color: "5"

# DELETE AN ENTRY
- name: DELETE FMGR_FIREWALL_VIP PNAT
  fmgr_fwobj_vip:
    name: "Basic PNAT Map Port 10443"
    mode: "delete"
    adom: "ansible"

Return Values ¶

Common return values are documented here, the following are the fields unique to this module:

Key	Returned	Description
api_result string	always	full API response, includes status code and message

Status ¶

This module is not guaranteed to have a backwards compatible interface. [preview]
This module is maintained by the Ansible Community. [community]

Authors¶

Luke Weighall (@lweighall)
Andrew Welsh (@Ghilli3)
Jim Huber (@p4r4n0y1ng)

Hint

If you notice any issues in this documentation, you can edit this document to improve it.

fmgr_fwobj_vip – Manages Virtual IPs objects in FortiManager¶

Synopsis¶

Parameters¶

Notes¶

Examples¶

Return Values¶

Status¶