Playbook Runs successfully, but dont see addition in GUI after, cli shows its there

chr00ted commented 1 month ago

This is an odd one. My playbook runs successfully with no issues. but when I check the firewall GUI it doesnt show up, but when I check firewall cli its there. I even rebooted to see if that helps. I ran this against a 120G & a 60F if that matters

Sorry to be a pain, but the way new firewalls are currently configured is by restoring a config from another firewall and I'm going through the configs and pulling out everything to script new firewalls in the future.

First here is the code in an existing firewall: config webfilter urlfilter edit 1 set name "PlantBlock" config entries edit 1 set url "*.microsoft.com" set type wildcard set action monitor next edit 2 set url "*.apptrix.com" set type wildcard set action monitor next edit 3 set url "*.adobe.com" set type wildcard set action monitor next edit 4 set url "*.ultimatesoftware.mpeasylink.com" set type wildcard set action monitor next edit 5 set url "*.ultimatesoftware.com" set type wildcard set action monitor next edit 7 set url "*.spn.com" set type wildcard set action monitor next edit 17 set url "*.windowsupdate.com" set type wildcard set action monitor next edit 18 set url "*.windowsupdate.microsoft.com" set type wildcard set action monitor next edit 20 set url "*.app.smartsheet.com" set type wildcard set action monitor next edit 22 set url "*.smartsheet.com" set type wildcard set action monitor next edit 28 set url "*.Office.365" set type wildcard set action monitor next edit 29 set url "*.office.com" set type wildcard set action monitor next edit 30 set url "*.outlook.com" set type wildcard set action monitor next edit 31 set url "*.live.net" set type wildcard set action monitor next edit 32 set url "*.office.net" set type wildcard set action monitor next edit 33 set url "*.live.com" set type wildcard set action monitor next edit 34 set url "*.office365.com" set type wildcard set action monitor next edit 35 set url "*.microsoftonline.com" set type wildcard set action monitor next edit 36 set url "*.windows.com" set type wildcard set action monitor next edit 38 set url "*.archgp.com" set type wildcard set action monitor next edit 43 set url "*.adobelogin.com" set type wildcard set action monitor next edit 44 set url "*.digicert.com" set type wildcard set action monitor next edit 45 set url "*.godaddy.com" set type wildcard set action monitor next edit 50 set url "*.adobe.io" set type wildcard set action monitor next edit 51 set url "*.adobe.web" set type wildcard set action monitor next edit 52 set url "*.sucuri.net" set type wildcard set action monitor next edit 54 set url "*.msedge.net" set type wildcard set action monitor next edit 55 set url "*.webex.com" set type wildcard set action monitor next edit 56 set url "*.teamviewer.com" set type wildcard set action monitor next edit 42 set url "*.ultipro.com" set type wildcard set action monitor next edit 47 set url "*.fortinet.com" set type wildcard set action monitor next edit 48 set url "*.support.fortinet.com" set type wildcard set action monitor next edit 49 set url "*.update.microsoft.com" set type wildcard set action monitor next edit 57 set url "*.portal.buysupplyconnect.com" set type wildcard set action monitor next edit 58 set url "*.ocsp.digicert.com" set type wildcard set action monitor next edit 59 set url "*.ocsp.msocsp.com" set type wildcard set action monitor next edit 62 set url "*.force.com" set type wildcard set action monitor next edit 25 set url "*" set type wildcard set action block next end

`--- tasks:

name: Config Custom URLFilter- PlantBlock fortinet.fortios.fortios_webfilter_urlfilter: vdom: "{{ vdom }}" state: "present" webfilter_urlfilter: name: "PlantBlock" comment: "Blocks Plant computers from internet" id: 1 entries:
- id: 1 action: "monitor" type: "wildcard" url: "*.microsoft.com"
- id: 3 action: "monitor" type: "wildcard" url: "*.adobe.com"
- id: 4 action: "monitor" type: "wildcard" url: "*.ultimatesoftware.mpeasylink.com"
- id: 5 action: "monitor" type: "wildcard" url: "*.ultimatesoftware.com"
- id: 7 action: "monitor" type: "wildcard" url: "*.spn.com"
- id: 17 action: "monitor" type: "wildcard" url: "*.windowsupdate.com"
- id: 18 action: "monitor" type: "wildcard" url: "*.windowsupdate.microsoft.com"
- id: 28 action: "monitor" type: "wildcard" url: "*.Office.365"
- id: 29 action: "monitor" type: "wildcard" url: "*.office.com"
- id: 30 action: "monitor" type: "wildcard" url: "*.outlook.com"
- id: 31 action: "monitor" type: "wildcard" url: "*.live.net"
- id: 32 action: "monitor" type: "wildcard" url: "*.office.net"
- id: 33 action: "monitor" type: "wildcard" url: "*.live.com"
- id: 34 action: "monitor" type: "wildcard" url: "*.office365.com"
- id: 35 action: "monitor" type: "wildcard" url: "*.microsoftonline.com"
- id: 36 action: "monitor" type: "wildcard" url: "*.windows.com"
- id: 43 action: "monitor" type: "wildcard" url: "*.adobelogin.com"
- id: 44 action: "monitor" type: "wildcard" url: "*.digicert.com"
- id: 45 action: "monitor" type: "wildcard" url: "*.godaddy.com"
- id: 50 action: "monitor" type: "wildcard" url: "*.adobe.io"
- id: 51 action: "monitor" type: "wildcard" url: "*.adobe.web"
- id: 52 action: "monitor" type: "wildcard" url: "*.sucuri.net"
  - id: 54 action: "monitor" type: "wildcard" url: "*.msedge.net"
- id: 55 action: "monitor" type: "wildcard" url: "*.webex.com"
- id: 56 action: "monitor" type: "wildcard" url: "*.teamviewer.com"
- id: 42 action: "monitor" type: "wildcard" url: "*.ultipro.com"
- id: 47 action: "monitor" type: "wildcard" url: "*.fortinet.com"
- id: 48 action: "monitor" type: "wildcard" url: "*.support.fortinet.com"
- id: 49 action: "monitor" type: "wildcard" url: "*.update.microsoft.com"
- id: 57 action: "monitor" type: "wildcard" url: "*.portal.buysupplyconnect.com"
- id: 58 action: "monitor" type: "wildcard" url: "*.ocsp.digicert.com"
- id: 59 action: "monitor" type: "wildcard" url: "*.ocsp.msocsp.com"
- id: 62 action: "monitor" type: "wildcard" url: "*.force.com"
- id: 25 action: "monitor" type: "wildcard" url: "*"

So it takes the play and says its successful, but never shows in the GUI. What am I doing wrong or missing?

`

MaxxLiu22 commented 1 month ago

Hi @chr00ted ,

Thank you for bringing this issue to our attention. Based on my experience, it seems that your webfilter profile may be referring to a different webfilter urlfilter table, which could be causing the GUI to not display your configuration. According to your Ansible script, the webfilter urlfilter table ID is 1. Could you please access the webfilter profile where you wish to apply this table via CLI? Ensure that the urlfilter-table is set to the desired webfilter urlfilter table ID. Please note that this reassignment operation can only be performed through the CLI or Ansible(API) fortios_webfilter_profile as the GUI automatically creates and assigns an empty urlfilter table by default. Let me know if I misunderstand your question.

FGT-VM-103 (root) # config webfilter profile 

FGT-VM-103 (profile) # edit test 

FGT-VM-103 (test) # config web 

FGT-VM-103 (web) # show
config web
    set urlfilter-table 1    <------------ your ansible fortios_webfilter_urlfilter id
end

Thanks, Maxx

chr00ted commented 1 month ago

Thanks, I will test that now

chr00ted commented 1 month ago

OK, that makes sense and I know where to I need to edit the correct webfilter. Thanks yet again @MaxxLiu22!!

fortinet-ansible-dev / ansible-galaxy-fortios-collection

Playbook Runs successfully, but dont see addition in GUI after, cli shows its there #331