search

fortinet-ansible-dev / ansible-galaxy-fortios-collection

GNU General Public License v3.0
85 stars 49 forks source link

Error creating fortios_firewall_policy - "msg": "Error in repo" #272

Closed KingJim1984 closed 10 months ago

KingJim1984 commented 1 year ago

Hello I try to add an simple firewall policy to my fortigate. But the deployment failed

---
- name: Configure IPSec VPN on Fortigate
  hosts: fortigate
  gather_facts: no
  connection: httpapi
  collections:
  - fortinet.fortios
  vars:
   vdom: "root"
   ansible_httpapi_use_ssl: yes
   ansible_httpapi_validate_certs: no
   ansible_httpapi_port: 7443
  tasks:
    - name: Configure IPv4/IPv6 policies for Azure.
      fortios_firewall_policy:
        access_token: "{{ fortigate_api_token }}"
        vdom: root #"{{ fortigate_vdom }}"
        state: present #"{{ create_delete }}"
        firewall_policy:
          policyid: 0
          name: "Test"          
          status: "enable"
          srcintf:
           - name: WLAN
          dstintf:
           - name: SD-WAN
          srcaddr: 
           - name: all
          dstaddr:
           - name: all
          service: 
          - name: HTTP
          - name: HTTPS
          action: "accept"
          schedule: "always"

Error message in Ansible:

TASK [Configure IPv4/IPv6 policies for Azure.] *********************************
fatal: [fortigate]: FAILED! => {"changed": false, "meta": {"build": 1575, "http_method": "PUT", "http_status": 405, "name": "policy", "path": "firewall", "serial": "FGT60F***************", "status": "error", "vdom": "root", "version": "v7.2.6"}, "msg": "Error in repo"}

diagnose debug application httpsd -1

[httpsd 30476 - 1696585394     info] handle_cli_req_v2[3200] -- no method found for requested action: (null)
[httpsd 30476 - 1696585394     info] handle_cli_req_v2[3318] -- returning to original vdom "root"
[httpsd 30476 - 1696585394  warning] api_return_http_result[1275] -- API error 405 raised
[httpsd 30476 - 1696585394     info] fweb_debug_final[318] -- Completed PUT request for "/api/v2/cmdb/firewall/policy" (HTTP 405)
alagoutte commented 1 year ago

Your firewall don't require name of policy ?

KingJim1984 commented 1 year ago

Your firewall don't require name of policy ?

Sorry, I edit my original post :) Yes my firewall need a name for the policy, I use a lot of different version of my ansible script and copy one without the name for the policy. But it is the same error with the name.

JieX19 commented 1 year ago

Hi @KingJim1984,

The mkey of this module is policyid, so name is optional here. The error is caused by the policyid == 0, you must provide the exact policyid instead of '0' to make sure the target object can be found.

The reason can be found here https://ansible-galaxy-fortios-docs.readthedocs.io/en/latest/gen/fortios_firewall_policy.html#notes and https://ansible-galaxy-fortios-docs.readthedocs.io/en/latest/faq.html#avoid-using-the-special-placeholder-0-as-the-mkey-in-some-modules

Thanks, Jie

JieX19 commented 10 months ago

Hi all,

I will close this issue as it's been a while and no further updates or responses have been received, indicating that the matter has likely been resolved or is no longer active.

If you have any further questions or concerns, please feel free to reopen the ticket or create a new one.

obscur95 commented 10 months ago

Hello all,

I'm taking the liberty of writing here instead of opening a new subject.

How can I add a new policy to an existing configuration if I can't use ID 0?

Knowing that the policy is modified manually as we go along (add, delete, modify) via the GUI. We therefore have no control over newly created policy IDs.

Regards.