Closed PVD619 closed 1 year ago
Hi @PVD619 ,
Thank you for raising this issue, this is related ansible FMG, but I can still reproduce this issue on my side, and have reported it to the development team. I will let you know once there is a fix update.
Thanks, Maxx
Hi @PVD619 ,
This issue caused by API schema change, we suggest to set bypass_validation: True
as a temporary solution, following code is for your reference, please let me know if you still have questions.
- hosts: fortimanagers
collections:
- fortinet.fortimanager
connection: httpapi
vars:
ansible_httpapi_use_ssl: True
ansible_httpapi_validate_certs: False
ansible_httpapi_port: 443
tasks:
- name: Configure IPv4 policies.
fmgr_pkg_firewall_policy:
bypass_validation: True
adom: root
pkg: default # package name
state: present
pkg_firewall_policy:
action: accept
comments: ansible-comment
dstaddr: all
dstintf: any
name: ansible-test-policy
nat: disable
policyid: 9
schedule: always
service:
- "ALL_ICMP"
- "ALL_TCP"
srcaddr:
- "gmail.com"
- "SSLVPN_TUNNEL_ADDR1"
srcintf: any
status: disable
Thanks, Maxx
Hi @PVD619,
FYI, I just moved the issue under the fortimanager project. You can raise and reply to any questions there.
Hello everyone: Is it possible to add two or more object networks as a src or service in fmgr_pkg_firewall_policy.yml
If you import the python library from the galaxy, and do some changes, you can use multiple objects. You should change the 'type' from 'str' to 'list'. For example, in the above code snippet, I did the same for service and it is working fine.:
'service': {
'required': False,
'revision': {
'6.0.0': True,
'6.2.1': True,
'6.2.3': True,
'6.2.5': True,
'6.4.0': True,
'6.4.2': True,
'6.4.5': True,
'7.0.0': True
},
'type': 'list' <-----------------
Same can be done for srcaddr, dstaddr, etc.
I have raised another issue and waiting to be resolved: https://github.com/fortinet-ansible-dev/ansible-galaxy-fortimanager-collection/issues/49
HTH
Hello everyone: Is it possible to add two or more object networks as a src or service in fmgr_pkg_firewall_policy.yml