fmgr_secprof_dns – Manage DNS security profiles in FortiManager¶
New in version 2.8.
Synopsis¶
Manage DNS security profiles in FortiManager
Parameters¶
| Parameter | Choices/Defaults | Comments |
|---|---|---|
|
adom
-
|
Default: "root"
|
The ADOM the configuration should belong to.
|
|
block_action
string
|
|
Action to take for blocked domains.
choice | block | Return NXDOMAIN for blocked domains.
choice | redirect | Redirect blocked domains to SDNS portal.
|
|
block_botnet
string
|
|
Enable/disable blocking botnet C&C; DNS lookups.
choice | disable | Disable blocking botnet C&C; DNS lookups.
choice | enable | Enable blocking botnet C&C; DNS lookups.
|
|
comment
string
|
Comment for the security profile to show in the FortiManager GUI.
|
|
|
domain_filter_domain_filter_table
string
|
DNS domain filter table ID.
|
|
|
external_ip_blocklist
string
|
One or more external IP block lists.
|
|
|
ftgd_dns_filters_action
string
|
|
Action to take for DNS requests matching the category.
choice | monitor | Allow DNS requests matching the category and log the result.
choice | block | Block DNS requests matching the category.
|
|
ftgd_dns_filters_category
string
|
Category number.
|
|
|
ftgd_dns_filters_log
string
|
|
Enable/disable DNS filter logging for this DNS profile.
choice | disable | Disable DNS filter logging.
choice | enable | Enable DNS filter logging.
|
|
ftgd_dns_options
string
|
|
FortiGuard DNS filter options.
FLAG Based Options. Specify multiple in list form.
flag | error-allow | Allow all domains when FortiGuard DNS servers fail.
flag | ftgd-disable | Disable FortiGuard DNS domain rating.
|
|
log_all_domain
string
|
|
Enable/disable logging of all domains visited (detailed DNS logging).
choice | disable | Disable logging of all domains visited.
choice | enable | Enable logging of all domains visited.
|
|
mode
-
|
|
Sets one of three modes for managing the object.
Allows use of soft-adds instead of overwriting existing values.
|
|
name
string
|
Profile name.
|
|
|
redirect_portal
string
|
IP address of the SDNS redirect portal.
|
|
|
safe_search
string
|
|
Enable/disable Google, Bing, and YouTube safe search.
choice | disable | Disable Google, Bing, and YouTube safe search.
choice | enable | Enable Google, Bing, and YouTube safe search.
|
|
sdns_domain_log
string
|
|
Enable/disable domain filtering and botnet domain logging.
choice | disable | Disable domain filtering and botnet domain logging.
choice | enable | Enable domain filtering and botnet domain logging.
|
|
sdns_ftgd_err_log
string
|
|
Enable/disable FortiGuard SDNS rating error logging.
choice | disable | Disable FortiGuard SDNS rating error logging.
choice | enable | Enable FortiGuard SDNS rating error logging.
|
|
youtube_restrict
string
|
|
Set safe search for YouTube restriction level.
choice | strict | Enable strict safe seach for YouTube.
choice | moderate | Enable moderate safe search for YouTube.
|
Notes¶
Note
Full Documentation at https://ftnt-ansible-docs.readthedocs.io/en/latest/.
Examples¶
- name: DELETE Profile
fmgr_secprof_dns:
name: "Ansible_DNS_Profile"
comment: "Created by Ansible Module TEST"
mode: "delete"
- name: CREATE Profile
fmgr_secprof_dns:
name: "Ansible_DNS_Profile"
comment: "Created by Ansible Module TEST"
mode: "set"
block_action: "block"
Return Values¶
Common return values are documented here, the following are the fields unique to this module:
| Key | Returned | Description |
|---|---|---|
|
api_result
string
|
always |
full API response, includes status code and message
|
Status¶
This module is not guaranteed to have a backwards compatible interface. [preview]
This module is maintained by the Ansible Community. [community]