search

fortinet-ansible-dev / ansible-galaxy-fortios-collection

GNU General Public License v3.0
84 stars 48 forks source link

Need help with fortios_ips_sensor #326

Closed chr00ted closed 2 months ago

chr00ted commented 2 months ago

Hello all, our team has been setting up firewalls by using backups from other firewalls and restoring them to new firewalls. I'd really prefer to script it instead. We have some Server Side and client side custom IPS sensors we use and I'm having issues getting the script to apply correctly. For example in an existing Firewall config we have the following IPS sensor filter:

edit "Custom - Server" set comment "Protect against HTTP server-side vulnerabilities." set block-malicious-url enable set scan-botnet-connections block config entries edit 1 set location server set protocol Other UDP HTTP HTTPS set os Windows set application Other next

I've tried the following to script it, but its not coming over correctly:

The play completes successfully, and I when I logon to the new firewall I can see the entry with comments, but the OS and Protocols are all blank.

This is what I see in the JSON output: "mismatches": [ "option filter Supported version ranges are v6.0.0 -> v6.2.7, v6.4.1", "option filter.location(server) Supported version ranges are v6.0.0 -> v6.2.7, v6.4.1", "option filter.protocol(HTTP HTTPS) Supported version ranges are v6.0.0 -> v6.2.7, v6.4.1", "option filter.os(Windows) Supported version ranges are v6.0.0 -> v6.2.7, v6.4.1", "option filter.application(other) Supported version ranges are v6.0.0 -> v6.2.7, v6.4.1", "option filter.action(default) Supported version ranges are v6.0.0 -> v6.2.7, v6.4.1", "option filter.name(Custom - Server) Supported version ranges are v6.0.0 -> v6.2.7, v6.4.1"

If any of you have any suggestions as to what I may be doing wrong it would be appreciated.

chr00ted commented 2 months ago

Got it working with: