Open milad-24 opened 1 month ago
@milad-24 What release ? beccause there is some change/fix with last release ? (for --check)
Why do you have duplicate entries on source/destination (i think there is some same issue with interface...)
@alagoutte I used fortinet.fortios version 2.3.7.
One of my tasks in the Ansible playbook aggregates different addresses for various environments and teams to be used in a policy, making it challenging to identify the root cause of this issue. I discovered that my Fortigate repository contained a duplicate entry for an address. After removing the duplicate entry, the problem was solved. However, I believe the module should at least throw an error instead of indicating state changes every time.
For all firewall policies that include multiple addresses (for both source and destination), the --check option indicates changes. I encountered a similar issue with IP pools.
Do you have look to use | unique
on your play book ?
https://docs.ansible.com/ansible/latest/collections/ansible/builtin/unique_filter.html
It's the latest version (2.3.7).
yes, I used unique
to make sure that the address is unique but what about the IP pool? I have only one IP:
ippool:
- name: POOL_TEST
startip: 172.16.1.100
endip: 172.16.1.100
when I run it without --check there are no changes and everything is green. I ran it without using variable too:
- name: Configure IPv4 IP pools.
fortinet.fortios.fortios_firewall_ippool:
state: "present"
access_token: "{{ fortios_access_token }}"
firewall_ippool:
name: "POOL_TEST"
add_nat64_route: "disable"
arp_reply: "enable"
endip: "172.16.1.100"
startip: "172.16.1.100"
nat64: "disable"
type: "overload"
Hi @milad-24 ,
Thank you for raising these two issues. I can reproduce them. The reason for this issue is that Ansible treats them as a list and strictly compares it with the data returned by the API. I have reported this to the development team for fixing. Thank you for your valuable suggestion.
Thanks, Maxx
I am using the firewall policy module to configure my Fortigate device and have encountered two issues with this module.
When there are duplicate entries in the policy addresses, the module always indicates changes, even though no actual changes are made on the Fortigate device. I am unsure if this behavior is a bug, but it consistently shows changes in the presence of duplicate entries.