fmgr_secprof_dns – Manage DNS security profiles in FortiManager

New in version 2.8.

Synopsis

  • Manage DNS security profiles in FortiManager

Parameters

Parameter Choices/Defaults Comments
adom
-
Default:
"root"
The ADOM the configuration should belong to.
block_action
string
    Choices:
  • block
  • redirect
Action to take for blocked domains.
choice | block | Return NXDOMAIN for blocked domains.
choice | redirect | Redirect blocked domains to SDNS portal.
block_botnet
string
    Choices:
  • disable
  • enable
Enable/disable blocking botnet C&C; DNS lookups.
choice | disable | Disable blocking botnet C&C; DNS lookups.
choice | enable | Enable blocking botnet C&C; DNS lookups.
comment
string
Comment for the security profile to show in the FortiManager GUI.
domain_filter_domain_filter_table
string
DNS domain filter table ID.
external_ip_blocklist
string
One or more external IP block lists.
ftgd_dns_filters_action
string
    Choices:
  • monitor
  • block
Action to take for DNS requests matching the category.
choice | monitor | Allow DNS requests matching the category and log the result.
choice | block | Block DNS requests matching the category.
ftgd_dns_filters_category
string
Category number.
ftgd_dns_filters_log
string
    Choices:
  • disable
  • enable
Enable/disable DNS filter logging for this DNS profile.
choice | disable | Disable DNS filter logging.
choice | enable | Enable DNS filter logging.
ftgd_dns_options
string
    Choices:
  • error-allow
  • ftgd-disable
FortiGuard DNS filter options.
FLAG Based Options. Specify multiple in list form.
flag | error-allow | Allow all domains when FortiGuard DNS servers fail.
flag | ftgd-disable | Disable FortiGuard DNS domain rating.
log_all_domain
string
    Choices:
  • disable
  • enable
Enable/disable logging of all domains visited (detailed DNS logging).
choice | disable | Disable logging of all domains visited.
choice | enable | Enable logging of all domains visited.
mode
-
    Choices:
  • add ←
  • set
  • delete
  • update
Sets one of three modes for managing the object.
Allows use of soft-adds instead of overwriting existing values.
name
string
Profile name.
redirect_portal
string
IP address of the SDNS redirect portal.
safe_search
string
    Choices:
  • disable
  • enable
Enable/disable Google, Bing, and YouTube safe search.
choice | disable | Disable Google, Bing, and YouTube safe search.
choice | enable | Enable Google, Bing, and YouTube safe search.
sdns_domain_log
string
    Choices:
  • disable
  • enable
Enable/disable domain filtering and botnet domain logging.
choice | disable | Disable domain filtering and botnet domain logging.
choice | enable | Enable domain filtering and botnet domain logging.
sdns_ftgd_err_log
string
    Choices:
  • disable
  • enable
Enable/disable FortiGuard SDNS rating error logging.
choice | disable | Disable FortiGuard SDNS rating error logging.
choice | enable | Enable FortiGuard SDNS rating error logging.
youtube_restrict
string
    Choices:
  • strict
  • moderate
Set safe search for YouTube restriction level.
choice | strict | Enable strict safe seach for YouTube.
choice | moderate | Enable moderate safe search for YouTube.

Notes

Examples

- name: DELETE Profile
  fmgr_secprof_dns:
    name: "Ansible_DNS_Profile"
    comment: "Created by Ansible Module TEST"
    mode: "delete"

- name: CREATE Profile
  fmgr_secprof_dns:
    name: "Ansible_DNS_Profile"
    comment: "Created by Ansible Module TEST"
    mode: "set"
    block_action: "block"

Return Values

Common return values are documented here, the following are the fields unique to this module:

Key Returned Description
api_result
string
always
full API response, includes status code and message



Status

Authors

  • Luke Weighall (@lweighall)

  • Andrew Welsh (@Ghilli3)

  • Jim Huber (@p4r4n0y1ng)

Hint

If you notice any issues in this documentation you can edit this document to improve it.