community.fortios.fmgr_secprof_dns – Manage DNS security profiles in FortiManager
Note
This plugin is part of the community.fortios collection (version 1.0.0).
You might already have this collection installed if you are using the ansible
package.
It is not included in ansible-core
.
To check whether it is installed, run ansible-galaxy collection list
.
To install it, use: ansible-galaxy collection install community.fortios
.
To use it in a playbook, specify: community.fortios.fmgr_secprof_dns
.
Parameters
Parameter |
Comments |
---|---|
The ADOM the configuration should belong to. Default: “root” |
|
Action to take for blocked domains. choice | block | Return NXDOMAIN for blocked domains. choice | redirect | Redirect blocked domains to SDNS portal. Choices:
|
|
Enable/disable blocking botnet C&C; DNS lookups. choice | disable | Disable blocking botnet C&C; DNS lookups. choice | enable | Enable blocking botnet C&C; DNS lookups. Choices:
|
|
Comment for the security profile to show in the FortiManager GUI. |
|
DNS domain filter table ID. |
|
One or more external IP block lists. |
|
Action to take for DNS requests matching the category. choice | monitor | Allow DNS requests matching the category and log the result. choice | block | Block DNS requests matching the category. Choices:
|
|
Category number. |
|
Enable/disable DNS filter logging for this DNS profile. choice | disable | Disable DNS filter logging. choice | enable | Enable DNS filter logging. Choices:
|
|
FortiGuard DNS filter options. FLAG Based Options. Specify multiple in list form. flag | error-allow | Allow all domains when FortiGuard DNS servers fail. flag | ftgd-disable | Disable FortiGuard DNS domain rating. Choices:
|
|
Enable/disable logging of all domains visited (detailed DNS logging). choice | disable | Disable logging of all domains visited. choice | enable | Enable logging of all domains visited. Choices:
|
|
Sets one of three modes for managing the object. Allows use of soft-adds instead of overwriting existing values. Choices:
|
|
Profile name. |
|
IP address of the SDNS redirect portal. |
|
Enable/disable Google, Bing, and YouTube safe search. choice | disable | Disable Google, Bing, and YouTube safe search. choice | enable | Enable Google, Bing, and YouTube safe search. Choices:
|
|
Enable/disable domain filtering and botnet domain logging. choice | disable | Disable domain filtering and botnet domain logging. choice | enable | Enable domain filtering and botnet domain logging. Choices:
|
|
Enable/disable FortiGuard SDNS rating error logging. choice | disable | Disable FortiGuard SDNS rating error logging. choice | enable | Enable FortiGuard SDNS rating error logging. Choices:
|
|
Set safe search for YouTube restriction level. choice | strict | Enable strict safe seach for YouTube. choice | moderate | Enable moderate safe search for YouTube. Choices:
|
Notes
Note
Full Documentation at https://ftnt-ansible-docs.readthedocs.io/en/latest/.
Examples
- name: DELETE Profile
community.fortios.fmgr_secprof_dns:
name: "Ansible_DNS_Profile"
comment: "Created by Ansible Module TEST"
mode: "delete"
- name: CREATE Profile
community.fortios.fmgr_secprof_dns:
name: "Ansible_DNS_Profile"
comment: "Created by Ansible Module TEST"
mode: "set"
block_action: "block"
Return Values
Common return values are documented here, the following are the fields unique to this module:
Key |
Description |
---|---|
full API response, includes status code and message Returned: always |
Authors
Luke Weighall (@lweighall)
Andrew Welsh (@Ghilli3)
Jim Huber (@p4r4n0y1ng)