New in version 2.8.
The below requirements are needed on the host that executes this module.
Parameter | Choices/Defaults | Comments | |||
---|---|---|---|---|---|
dnsfilter_profile
-
|
Default: null
|
Configure DNS domain filter profiles.
|
|||
block-action
-
|
|
Action to take for blocked domains.
|
|||
block-botnet
-
|
|
Enable/disable blocking botnet C&C DNS lookups.
|
|||
comment
-
|
Comment.
|
||||
domain-filter
-
|
Domain filter settings.
|
||||
domain-filter-table
-
|
DNS domain filter table ID. Source dnsfilter.domain-filter.id.
|
||||
external-ip-blocklist
-
|
One or more external IP block lists.
|
||||
name
-
/ required
|
External domain block list name. Source system.external-resource.name.
|
||||
ftgd-dns
-
|
FortiGuard DNS Filter settings.
|
||||
filters
-
|
FortiGuard DNS domain filters.
|
||||
action
-
|
|
Action to take for DNS requests matching the category.
|
|||
category
-
|
Category number.
|
||||
id
-
/ required
|
ID number.
|
||||
log
-
|
|
Enable/disable DNS filter logging for this DNS profile.
|
|||
options
-
|
|
FortiGuard DNS filter options.
|
|||
log-all-domain
-
|
|
Enable/disable logging of all domains visited (detailed DNS logging).
|
|||
name
-
/ required
|
Profile name.
|
||||
redirect-portal
-
|
IP address of the SDNS redirect portal.
|
||||
safe-search
-
|
|
Enable/disable Google, Bing, and YouTube safe search.
|
|||
sdns-domain-log
-
|
|
Enable/disable domain filtering and botnet domain logging.
|
|||
sdns-ftgd-err-log
-
|
|
Enable/disable FortiGuard SDNS rating error logging.
|
|||
state
-
|
|
Indicates whether to create or remove the object
|
|||
youtube-restrict
-
|
|
Set safe search for YouTube restriction level.
|
|||
host
-
/ required
|
FortiOS or FortiGate ip address.
|
||||
https
boolean
|
|
Indicates if the requests towards FortiGate must use HTTPS protocol
|
|||
password
-
|
Default: ""
|
FortiOS or FortiGate password.
|
|||
username
-
/ required
|
FortiOS or FortiGate username.
|
||||
vdom
-
|
Default: "root"
|
Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit.
|
Note
- hosts: localhost
vars:
host: "192.168.122.40"
username: "admin"
password: ""
vdom: "root"
tasks:
- name: Configure DNS domain filter profiles.
fortios_dnsfilter_profile:
host: "{{ host }}"
username: "{{ username }}"
password: "{{ password }}"
vdom: "{{ vdom }}"
dnsfilter_profile:
state: "present"
block-action: "block"
block-botnet: "disable"
comment: "Comment."
domain-filter:
domain-filter-table: "7 (source dnsfilter.domain-filter.id)"
external-ip-blocklist:
-
name: "default_name_9 (source system.external-resource.name)"
ftgd-dns:
filters:
-
action: "block"
category: "13"
id: "14"
log: "enable"
options: "error-allow"
log-all-domain: "enable"
name: "default_name_18"
redirect-portal: "<your_own_value>"
safe-search: "disable"
sdns-domain-log: "enable"
sdns-ftgd-err-log: "enable"
youtube-restrict: "strict"
Common return values are documented here, the following are the fields unique to this module:
Key | Returned | Description |
---|---|---|
build
string
|
always |
Build number of the fortigate image
Sample:
1547
|
http_method
string
|
always |
Last method used to provision the content into FortiGate
Sample:
PUT
|
http_status
string
|
always |
Last result given by FortiGate on last operation applied
Sample:
200
|
mkey
string
|
success |
Master key (id) used in the last call to FortiGate
Sample:
id
|
name
string
|
always |
Name of the table used to fulfill the request
Sample:
urlfilter
|
path
string
|
always |
Path of the table used to fulfill the request
Sample:
webfilter
|
revision
string
|
always |
Internal revision number
Sample:
17.0.2.10658
|
serial
string
|
always |
Serial number of the unit
Sample:
FGVMEVYYQT3AB5352
|
status
string
|
always |
Indication of the operation's result
Sample:
success
|
vdom
string
|
always |
Virtual domain used
Sample:
root
|
version
string
|
always |
Version of the FortiGate
Sample:
v5.6.3
|
Hint
If you notice any issues in this documentation you can edit this document to improve it.