search

fortinet-ansible-dev / ansible-galaxy-fortios-sphinxdoc

https://ansible-galaxy-fortios-docs.readthedocs.io/en/latest/
2 stars 7 forks source link

dnsfilter_profile not working with firewall_policy #12

Closed Smoetzak closed 2 years ago

Smoetzak commented 2 years ago

Hello

I've already configured a lot of policies with ansible on fortigates, but it seems that I can't add a dnsfilter profile to a policy. No matter what I enter next to "dnsfilter_profile:" this gets ignored, even for non-existing names. I don't receive an error, it just gets ignorded.

My (test)task looks like this:

- name: Create Policy 2
  fortios_firewall_policy:
    vdom:  "{{ vdom }}"
    state: "present"
    firewall_policy:
      policyid: 2
      srcintf: 
        - name: "lan"
      dstintf: 
        - name: "wan"    
      srcaddr:
        - name: "all"  
      dstaddr:
        - name: "all"
      schedule: "always"
      service:
        - name: "DNS"
      dnsfilter_profile: "test-dns"        
      ssl_ssh_profile: "certificate-inspection"
      nat: enable
      action: accept
      logtraffic: all

This is the output on the fortigate with "diag debug cli 8":

0: config firewall policy
0: edit 2
0: set srcintf "lan" 
0: set dstintf "wan" 
0: set srcaddr "all" 
0: set dstaddr "all" 
0: unset srcaddr6
0: unset dstaddr6
0: unset src-vendor-mac
0: set action accept
0: set schedule "always"
0: set service "DNS" 
0: set ssl-ssh-profile "certificate-inspection"
0: set logtraffic all
0: unset groups
0: unset users
0: unset fsso-groups
0: unset custom-log-fields
0: set nat enable
0: end

So as you can see, it isn't trying to push it to the fortigate.

I am using Ansible 2.12.3 and FortiOS Galaxy version 2.1.3 (latest)

Can you please look into this? Thanks in advance!

Smoetzak commented 2 years ago

I've posted this problem on https://github.com/fortinet-ansible-dev/ansible-galaxy-fortios-collection/issues