security_ssl_ssh_profile - SSL Inspection Profile Resource
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
.. versionadded:: 1.0.0
.. contents::
:local:
:depth: 1
Synopsis
--------
SSL Inspection Profile Resource.
Use API "/resource-api/v2/security/ssl-ssh-profile/{direction}/{primaryKey}".
Requirements
------------
The below requirements are needed on the host that executes this module.
- ansible>=2.17.0
Parameters
----------
.. raw:: html
- state The state of the module. "present" means update the resource. This resource can't be deleted, and does not support "absent" state.type: strchoices: ['present', 'absent']default: present
- force_behavior Specify this option to force the method to use to interact with the resource.type: strchoices: ['none', 'read', 'create', 'update', 'delete']default: none
- bypass_validation Bypass validation of the module.type: booldefault: False
- params The parameters of the module.[Required]type: dict
- direction [Required]type: str
- primary_key [Required]type: str
- inspection_mode type: strchoices: ['certificate-inspection', 'deep-inspection', 'no-inspection']
- profile_protocol_options type: dict
- unknown_content_encoding type: strchoices: ['block', 'bypass', 'inspect']
- oversized_action type: strchoices: ['allow', 'block']
- compressed_limit type: int
- uncompressed_limit type: int
- ca_certificate type: dict
- primary_key type: str
- datasource type: str
- expired_certificate_action type: strchoices: ['allow', 'block']
- revoked_certificate_action type: strchoices: ['allow', 'block']
- timed_out_validation_certificate_action type: strchoices: ['allow', 'block']
- validation_failed_certificate_action type: strchoices: ['allow', 'block']
- cert_probe_failure type: strchoices: ['allow', 'block']
- quic type: strchoices: ['block', 'bypass', 'inspect']
- host_exemptions type: listelements: dict
- primary_key type: str
- datasource type: str
- url_category_exemptions type: listelements: dict
- primary_key type: str
- datasource type: strchoices: ['security/fortiguard-categories', 'security/fortiguard-local-categories']
Examples
-------------
.. code-block:: yaml
- name: Update security ssl ssh profile
hosts: fortisase
gather_facts: false
vars:
direction: "outbound-profiles" # outbound-profiles or internal-profiles
profile_group: "profile_ansible"
tasks:
- name: Ensure security group exists, otherwise create it
fortinet.fortisase.security_profile_group:
params:
direction: "{{ direction }}"
primary_key: "{{ profile_group }}"
- name: Update security ssl ssh profile
fortinet.fortisase.security_ssl_ssh_profile:
params:
direction: "{{ direction }}"
primary_key: "{{ profile_group }}"
ca_certificate:
datasource: "system/certificate/ca-certificates"
primary_key: "Fortinet_CA_SSL"
cert_probe_failure: "allow"
expired_certificate_action: "block"
inspection_mode: "certificate-inspection"
revoked_certificate_action: "block"
timed_out_validation_certificate_action: "allow"
validation_failed_certificate_action: "block"
Return Values
-------------
.. raw:: html
- http_code type: intreturned: always
- response type: rawreturned: always
Authors
-------
- Xinwei Du (@dux-fortinet)