security_ssl_ssh_profile - SSL Inspection Profile Resource

Added in version 1.0.0.

Synopsis

SSL Inspection Profile Resource.

Use API “/resource-api/v2/security/ssl-ssh-profile/{direction}/{primaryKey}”.

Requirements

The below requirements are needed on the host that executes this module.

  • ansible>=2.17.0

Parameters

  • state The state of the module. "present" means update the resource. This resource can't be deleted, and does not support "absent" state.type: strchoices: ['present', 'absent']default: present
  • force_behavior Specify this option to force the method to use to interact with the resource.type: strchoices: ['none', 'read', 'create', 'update', 'delete']default: none
  • bypass_validation Bypass validation of the module.type: booldefault: False
  • params The parameters of the module.[Required]type: dict
    • direction [Required]type: str
    • primary_key [Required]type: str
    • inspection_mode type: strchoices: ['certificate-inspection', 'deep-inspection', 'no-inspection']
    • profile_protocol_options type: dict
      • unknown_content_encoding type: strchoices: ['block', 'bypass', 'inspect']
      • oversized_action type: strchoices: ['allow', 'block']
      • compressed_limit type: int
      • uncompressed_limit type: int
    • ca_certificate type: dict
      • primary_key type: str
      • datasource type: str
    • expired_certificate_action type: strchoices: ['allow', 'block']
    • revoked_certificate_action type: strchoices: ['allow', 'block']
    • timed_out_validation_certificate_action type: strchoices: ['allow', 'block']
    • validation_failed_certificate_action type: strchoices: ['allow', 'block']
    • cert_probe_failure type: strchoices: ['allow', 'block']
    • quic type: strchoices: ['block', 'bypass', 'inspect']
    • host_exemptions type: listelements: dict
      • primary_key type: str
      • datasource type: str
    • url_category_exemptions type: listelements: dict
      • primary_key type: str
      • datasource type: strchoices: ['security/fortiguard-categories', 'security/fortiguard-local-categories']

Examples

- name: Update security ssl ssh profile
  hosts: fortisase
  gather_facts: false
  vars:
    direction: "outbound-profiles" # outbound-profiles or internal-profiles
    profile_group: "profile_ansible"
  tasks:
    - name: Ensure security group exists, otherwise create it
      fortinet.fortisase.security_profile_group:
        params:
          direction: "{{ direction }}"
          primary_key: "{{ profile_group }}"
    - name: Update security ssl ssh profile
      fortinet.fortisase.security_ssl_ssh_profile:
        params:
          direction: "{{ direction }}"
          primary_key: "{{ profile_group }}"
          ca_certificate:
            datasource: "system/certificate/ca-certificates"
            primary_key: "Fortinet_CA_SSL"
          cert_probe_failure: "allow"
          expired_certificate_action: "block"
          inspection_mode: "certificate-inspection"
          revoked_certificate_action: "block"
          timed_out_validation_certificate_action: "allow"
          validation_failed_certificate_action: "block"

Return Values

  • http_code type: intreturned: always
  • response type: rawreturned: always

Authors

  • Xinwei Du (@dux-fortinet)