fortios_facts only exposes system facts

[sbraz]

Hello, I would like to add policies and VIPs to my firewall but for that I need to be able to gather facts about the network configuration.

However fortios_facts only exposes system facts. Is that expected?

[JieX19]

Hi @sbraz,

Yes, fortios_facts currently supports system facts only. We will expand the range of facts gathering in the future. If possible, can you please paste your playbook so that we can help you solve the problem?

Thanks, Jie

[sbraz]

Hi Jie, I don't know exactly what my colleague tries to achieve but I think it has to do with adding a firewall rule only if other similar rules do not exist. Therefore, we need to list existing firewall policies.

[mbdraks]

Link,

If we implement a 'get' option (similar to what we have for FortiManager modules) we could solve all the 'check config before doing something' cases (at least considering the CMDB API) and focus the get_facts modules to collect info only available with the 'monitor' API.

What do you think?

[chillancezen]

@mbdraks @sbraz

hi Michel, Louis, FortiOS now has limited support to gather facts: https://ansible-galaxy-fortios-docs.readthedocs.io/en/latest/gen/fortios_facts.html

In our next major FortiOS release, we are going to enhance this module to include more. and will consider full monitor APIs as well.

thanks, Link

[sbraz]

Hi Jie, Thanks for the answer. I have a few questions.

In our next major FortiOS release, we are going to enhance this module to include more. and will consider full monitor APIs as well.

Does that mean this is a server-side (API) limitation and that we will need to wait until FortiOS 6.6 is released?

How do you guys use Ansible to add firewall rules if you can't list existing policies? I'm still surprised that there is no way to do this and I don't really understand how the Ansible module could be used in production at the moment if it lacks this feature.

[chillancezen]

Does that mean this is a server-side (API) limitation and that we will need to wait until FortiOS 6.6 is released? No, I mean next FortiOS Ansible Collection release, sorry for confusion.

this is also not api limitation, the module is manually written by Don, only limited cases are covered.

How do you guys use Ansible to add firewall rules if you can't list existing policies? I'm still surprised that there is no way to do this and I don't really understand how the Ansible module could be used in production at the moment if it lacks this feature.

sorry for the inconvenience, we have generic module to mitigate any discovered functions. https://github.com/fortinet/ansible-fortios-generic

Thanks, Link

[chillancezen]

hi @sbraz @mbdraks , we have all configuration API GET methods supported in latest releases. https://ansible-galaxy-fortios-docs.readthedocs.io/en/latest/fact.html

and we are going to support GET methods for all monitor APIs in next major release.

now I mark this issue closed, please feel free to reopen it in case further support is needed. thanks, Link