community.network.fmgr_secprof_dns – Manage DNS security profiles in FortiManager
Note
This plugin is part of the community.network collection (version 1.3.0).
To install it use: ansible-galaxy collection install community.network.
To use it in a playbook, specify: community.network.fmgr_secprof_dns.
Synopsis
- Manage DNS security profiles in FortiManager
Parameters
| Parameter | Choices/Defaults | Comments |
|---|---|---|
| adom string | Default: "root" | The ADOM the configuration should belong to. |
| block_action string |
| Action to take for blocked domains. choice | block | Return NXDOMAIN for blocked domains. choice | redirect | Redirect blocked domains to SDNS portal. |
| block_botnet string |
| Enable/disable blocking botnet C&C; DNS lookups. choice | disable | Disable blocking botnet C&C; DNS lookups. choice | enable | Enable blocking botnet C&C; DNS lookups. |
| comment string | Comment for the security profile to show in the FortiManager GUI. | |
| domain_filter_domain_filter_table string | DNS domain filter table ID. | |
| external_ip_blocklist string | One or more external IP block lists. | |
| ftgd_dns_filters_action string |
| Action to take for DNS requests matching the category. choice | monitor | Allow DNS requests matching the category and log the result. choice | block | Block DNS requests matching the category. |
| ftgd_dns_filters_category string | Category number. | |
| ftgd_dns_filters_log string |
| Enable/disable DNS filter logging for this DNS profile. choice | disable | Disable DNS filter logging. choice | enable | Enable DNS filter logging. |
| ftgd_dns_options string |
| FortiGuard DNS filter options. FLAG Based Options. Specify multiple in list form. flag | error-allow | Allow all domains when FortiGuard DNS servers fail. flag | ftgd-disable | Disable FortiGuard DNS domain rating. |
| log_all_domain string |
| Enable/disable logging of all domains visited (detailed DNS logging). choice | disable | Disable logging of all domains visited. choice | enable | Enable logging of all domains visited. |
| mode string |
| Sets one of three modes for managing the object. Allows use of soft-adds instead of overwriting existing values. |
| name string | Profile name. | |
| redirect_portal string | IP address of the SDNS redirect portal. | |
| safe_search string |
| Enable/disable Google, Bing, and YouTube safe search. choice | disable | Disable Google, Bing, and YouTube safe search. choice | enable | Enable Google, Bing, and YouTube safe search. |
| sdns_domain_log string |
| Enable/disable domain filtering and botnet domain logging. choice | disable | Disable domain filtering and botnet domain logging. choice | enable | Enable domain filtering and botnet domain logging. |
| sdns_ftgd_err_log string |
| Enable/disable FortiGuard SDNS rating error logging. choice | disable | Disable FortiGuard SDNS rating error logging. choice | enable | Enable FortiGuard SDNS rating error logging. |
| youtube_restrict string |
| Set safe search for YouTube restriction level. choice | strict | Enable strict safe seach for YouTube. choice | moderate | Enable moderate safe search for YouTube. |
Notes
Note
- Full Documentation at https://ftnt-ansible-docs.readthedocs.io/en/latest/.
Examples
- name: DELETE Profile
community.network.fmgr_secprof_dns:
name: "Ansible_DNS_Profile"
comment: "Created by Ansible Module TEST"
mode: "delete"
- name: CREATE Profile
community.network.fmgr_secprof_dns:
name: "Ansible_DNS_Profile"
comment: "Created by Ansible Module TEST"
mode: "set"
block_action: "block"
Return Values
Common return values are documented here, the following are the fields unique to this module:
| Key | Returned | Description |
|---|---|---|
| api_result string | always | full API response, includes status code and message |
Authors
- Luke Weighall (@lweighall)
- Andrew Welsh (@Ghilli3)
- Jim Huber (@p4r4n0y1ng)
© 2012–2018 Michael DeHaan
© 2018–2019 Red Hat, Inc.
Licensed under the GNU General Public License version 3.
https://docs.ansible.com/ansible/2.10/collections/community/network/fmgr_secprof_dns_module.html