netscaler.adc.vpnparameter module – Configuration for VPN parameter resource.
Note
This module is part of the netscaler.adc collection (version 2.6.2).
It is not included in ansible-core
.
To check whether it is installed, run ansible-galaxy collection list
.
To install it, use: ansible-galaxy collection install netscaler.adc
.
To use it in a playbook, specify: netscaler.adc.vpnparameter
.
New in netscaler.adc 2.0.0
Synopsis
Configuration for VPN parameter resource.
Parameters
Parameter |
Comments |
---|---|
By default, an access restricted page hosted on secure private access Choices:
|
|
Option to enable/disable Advanced ClientlessVpnMode. Additionaly, it can be set to Choices:
|
|
Specify groups that have permission to log on to Citrix Gateway. Users who do not belong to this group or groups are denied access even if they have valid credentials. |
|
IP address of the proxy server to use for all protocols supported by Citrix Gateway. |
|
Name of the AlwaysON profile. The builtin profile named none can be used to explicitly disable AlwaysON. |
|
Base NITRO API path. Define only in case of an ADM service proxy call Default: |
|
The timeout value in seconds for tokens to access XenMobile applications |
|
Comma-separated list of groups in which the user is placed when none of the groups that the user is a part of is configured on Citrix Gateway. The authorization policy can be bound to these groups to control access to the resources. |
|
URL to auto proxy config file |
|
enables backend server certificate validation Choices:
|
|
enables sni extension for backend server handshakes Choices:
|
|
Web address for the Citrix Receiver home page. Configure Citrix Gateway so that when users log on to the appliance, the Citrix Gateway Plug-in opens a web browser that allows single sign-on to the Citrix Receiver home page. |
|
Provide users with multiple logon options. With client choices, users have the option of logging on by using the Citrix Gateway Plug-in for Windows, Citrix Gateway Plug-in for Java, the Web Interface, or clientless access from one location. Depending on how Citrix Gateway is configured, users are presented with up to three icons for logon choices. The most common are the Citrix Gateway Plug-in for Windows, Web Interface, and clientless access. Choices:
|
|
Prompt for client-side cache clean-up when a client-initiated session closes. Choices:
|
|
Allow users to change client Debug logging level in Configuration tab of the Citrix Gateway Plug-in for Windows. Choices:
|
|
Set the trace level on Citrix Gateway. Technical support technicians use these * DEBUG - Detailed * STATS - Application audit level error messages and * EVENTS - Application audit-level error messages are written into the specified file. * Choices:
|
|
Time, in minutes, after which to time out the user session if Citrix Gateway does not detect mouse or keyboard activity. |
|
When clientless access is enabled, you can choose to encode the addresses of internal web applications or to leave the address as clear text. Available settings function as follows: * * * Choices:
|
|
State of persistent cookies in clientless access mode. Persistent cookies are required for accessing certain features of SharePoint, such as opening and editing Microsoft Word, Excel, and PowerPoint documents hosted on the SharePoint server. A persistent cookie remains on the user device and is sent with each HTTP request. Citrix Gateway encrypts the persistent cookie before sending it to the plug-in on the user device, and refreshes the cookie periodically as long as the session exists. The cookie becomes stale if the session ends. Available settings function as follows: * * * Choices:
|
|
Enable clientless access for web, XenApp or XenDesktop, and FileShare resources without installing the Citrix Gateway Plug-in. Available settings function as follows: * * * Choices:
|
|
Display only the configured menu options when you select the “Configure Citrix Gateway” option in the Citrix Gateway Plug-in’s system tray icon for Windows. Choices:
|
|
Specify the client security check for the user device to permit a Citrix Gateway session. The web address or IP address is not included in the expression for the client security check. |
|
The client security group that will be assigned on failure of the client security check. Users can in general be organized into Groups. In this case, the Client Security Group may have a more restrictive security policy. |
|
Specifies whether or not to display all failed Client Security scans to the end user Choices:
|
|
The client security message that will be displayed on failure of the client security check. |
|
checkversion api |
|
Specify the network resources that users have access to when they log on to the internal network. The default setting for authorization is to deny access to all network resources. Citrix recommends using the default global setting and then creating authorization policies to define the network resources users can access. If you set the default authorization policy to Choices:
|
|
Name of the DNS virtual server for the user session. |
|
Web address for the web-based email, such as Outlook Web Access. |
|
Enable encryption of client security expressions. Choices:
|
|
Choose between two types of End point Windows Client
Choices:
|
|
Force Choices:
|
|
Force a disconnection from the Citrix Gateway Plug-in with Citrix Gateway after a specified number of minutes. If the session closes, the user must log on again. |
|
Number of minutes to warn a user before the user session is disconnected. |
|
Spoofed IP address range that can be used by client for FQDN based split tunneling |
|
IP address of the proxy server to be used for FTP access for all subsequent connections to the internal network. |
|
IP address of the proxy server to be used for GOPHER access for all subsequent connections to the internal network. |
|
Web address of the home page that appears when users log on. Otherwise, users receive the default home page for Citrix Gateway, which is the Access Interface. |
|
Destination port numbers other than port 80, added as a comma-separated list. Traffic to these ports is processed as HTTP traffic, which allows functionality, such as HTTP authorization and single sign-on to a web application to work. |
|
IP address of the proxy server to be used for HTTP access for all subsequent connections to the internal network. |
|
Enable or disable HTTP tracking for packets proxied via vpn vserver using GSLB connection proxy feature. Choices:
|
|
Enable ICA proxy to configure secure Internet access to servers running Citrix XenApp or XenDesktop by using Citrix Receiver instead of the Citrix Gateway Plug-in. Choices:
|
|
Enable or disable ica session timeout. If enabled and in case AAA session gets terminated, ICA connections associated with that will also get terminated Choices:
|
|
The name of the radiusPolicy to use for RADIUS user accounting info on the session. |
|
Option to decide whether to show plugin icon along with receiver icon Choices:
|
|
An intranet IP DNS suffix. When a user logs on to Citrix Gateway and is assigned an IP address, a DNS record for the user name and IP address combination is added to the Citrix Gateway DNS cache. You can configure a DNS suffix to append to the user name when the DNS record is added to the cache. You can reach to the host from where the user is logged on by using the user’s name, which can be easier to remember than an IP address. When the user logs off from Citrix Gateway, the record is removed from the DNS cache. |
|
The KCD account details to be used in SSO |
|
Specify whether the Citrix Gateway Plug-in should disconnect all preexisting connections, such as the connections existing before the user logged on to Citrix Gateway, and prevent new incoming connections on the Citrix Gateway Plug-in for Windows and MAC when the user is connected to Citrix Gateway and split tunneling is disabled. Choices:
|
|
Option to set plugin upgrade behaviour for Linux Choices:
|
|
Set local LAN access. If split tunneling is Choices:
|
|
Path to the logon script that is run when a session is established. Separate multiple scripts by using comma. A “$” in the path signifies that the word following the “$” is an environment variable. |
|
Path to the logout script. Separate multiple scripts by using comma. A “$” in the path signifies that the word following the “$” is an environment variable. |
|
Option to set plugin upgrade behaviour for Mac Choices:
|
|
The ID of the managed NetScaler instance to which NetScaler Console has to configure as a proxy server. Define only in case of an ADM service proxy call |
|
The IP of the managed NetScaler instance to which NetScaler Console has to configure as a proxy server. Define only in case of an ADM service proxy call |
|
The name of the managed NetScaler instance to which NetScaler Console has to configure as a proxy server. Define only in case of an ADM service proxy call |
|
The password of the managed NetScaler instance. Define only in case of an ADM service proxy call In Settings > Administration > System Configurations > Basic Settings, if you select Prompt Credentials for Instance Login, ensure to configure username and password of a managed instance. |
|
The username of the managed NetScaler instance. Define only in case of an ADM service proxy call In Settings > Administration > System Configurations > Basic Settings, if you select Prompt Credentials for Instance Login, ensure to configure username and password of a managed instance. |
|
Maximum number of Intranet IP that can be assigned to a user from AAA group, VPN vserver or VPN global pool. This setting is not applicable for AAA user level Intranet IP configuration |
|
Validity of MDX Token in minutes. This token is used for mdx services to access backend and valid HEAD and GET request. |
|
The netmask for the spoofed ip address |
|
The IP address of the NetScaler ADC appliance acting as a proxy server. Define only in case of an ADM service proxy call Choices:
|
|
The authentication token provided by a login operation. |
|
The password with which to authenticate to the NetScaler ADC node. |
|
Which protocol to use when accessing the nitro API objects. Choices:
|
|
The username with which to authenticate to the NetScaler ADC node. |
|
The ip address of the NetScaler ADC appliance where the nitro API calls will be made. The port can be specified with the colon (:). E.g. 192.168.1.1:555. |
|
Single sign-on domain to use for single sign-on to applications in the internal network. This setting can be overwritten by the domain that users specify at the time of logon or by the domain that the authentication server returns. |
|
Name of the PCOIP profile. |
|
Set options to apply proxy for accessing the internal resources. Available settings function as follows: * * * Choices:
|
|
Proxy exception string that will be configured in the browser for bypassing the previously configured proxies. Allowed only if proxy type is Browser. |
|
Bypass proxy server for local addresses option in Internet Explorer and Firefox proxy server settings. Choices:
|
|
Name of the RDP profile associated with the vserver. |
|
As defined in the local area network, allow only the following local area network addresses to bypass the VPN tunnel when the local LAN access feature is enabled: * 10.*.*.*, * 172.16.*.*, * 192.168.*.* Choices:
|
|
SameSite attribute value for Cookies generated in VPN context. This attribute value will be appended only for the cookies which are specified in the builtin patset ns_cookies_samesite Choices:
|
|
If The module will not save the configuration on the NetScaler ADC node if it made no changes. Choices:
|
|
Allow users to connect through Citrix Gateway to network resources from iOS and Android mobile devices with Citrix Receiver. Users do not need to establish a full VPN tunnel to access resources in the secure network. Choices:
|
|
Enables or disables the secure private access configuration. Choices:
|
|
Number of minutes after which the session times out. |
|
This is the default group that is chosen when the authentication succeeds in addition to extracted groups. |
|
IP address of the proxy server to be used for SOCKS access for all subsequent connections to the internal network. |
|
Route the DNS requests to the local DNS server configured on the user device, or Citrix Gateway (remote), or both. Choices:
|
|
Send, through the tunnel, traffic only for intranet applications that are defined in Citrix Gateway. Route all other traffic directly to the Internet. The Choices:
|
|
Indicate whether or not the application requires IP spoofing, which routes the connection to the intranet application through the virtual adapter. Choices:
|
|
IP address of the proxy server to be used for SSL access for all subsequent connections to the internal network. |
|
Set single sign-on (SSO) for the session. When the user accesses a server, the user’s logon credentials are passed to the server for authentication. NOTE : This configuration does not honor the following authentication types for security reason. BASIC, DIGEST, and NTLM (without Negotiate NTLM2 Key or Negotiate Sign Flag). Use VPN TrafficAction to configure SSO for these authentication types. Choices:
|
|
Specify whether to use the primary or secondary authentication credentials for single sign-on to the server. Choices:
|
|
The state of the resource being configured by the module on the NetScaler ADC node. When When Choices:
|
|
Web address for StoreFront to be used in this session for enumeration of resources from XenApp or XenDesktop. |
|
Allow access to network resources by using a single IP address and subnet mask or a range of IP addresses. The Choices:
|
|
Set VPN UI Theme to Green-Bubble, Caxton or Custom; default is Caxton. Choices:
|
|
Define IP address pool options. Available settings function as follows: * * * Choices:
|
|
Enable or disable the use of a unique IP address alias, or a mapped IP address, as the client IP address for each client session. Allow Citrix Gateway to use the mapped IP address as an intranet IP address when all other IP addresses are not available. When IP pooling is configured and the mapped IP is used as an intranet IP address, the mapped IP address is used when an intranet IP address cannot be assigned. Choices:
|
|
List of user domains specified as comma seperated value |
|
If Choices:
|
|
Web address of the Web Interface server, such as http://<ipAddress>/Citrix/XenApp, or Receiver for Web, which enumerates the virtualized resources, such as XenApp, XenDesktop, and cloud applications. This web address is used as the home page in ICA proxy mode. If Client Choices is ON, you must configure this setting. Because the user can choose between FullClient and ICAProxy, the user may see a different home page. An Internet web site may appear if the user gets the FullClient option, or a Web Interface site if the user gets the ICAProxy option. If the setting is not configured, the XenApp option does not appear as a client choice. |
|
Type of the wihome address( Choices:
|
|
Enable or disable the Windows Auto Logon for the session. If a VPN session is established after this setting is enabled, the user is automatically logged on by using Windows credentials after the system is restarted. Choices:
|
|
The Windows client type. Choose between two types of Windows Client
Choices:
|
|
Option to set plugin upgrade behaviour for Win Choices:
|
|
WINS server IP address to add to Citrix Gateway for name resolution. |
|
Layout on the Access Interface. The Choices:
|
Notes
Note
For more information on using Ansible to manage NetScaler ADC Network devices see https://www.ansible.com/integrations/networks/citrixadc.
Examples
---
- name: Sample vpnparameter playbook
hosts: demo_netscalers
gather_facts: false
tasks:
- name: Configure vpnparameter
delegate_to: localhost
netscaler.adc.vpnparameter:
state: present
forcecleanup:
- none
clientconfiguration:
- all
Return Values
Common return values are documented here, the following are the fields unique to this module:
Key |
Description |
---|---|
Indicates if any change is made by the module Returned: always Sample: |
|
Dictionary of before and after changes Returned: always Sample: |
|
List of differences between the actual configured object and the configuration specified in the module Returned: when changed Sample: |
|
Indicates if the module failed or not Returned: always Sample: |
|
list of logged messages by the module Returned: always Sample: |