community.fortios.fmgr_secprof_dns – Manage DNS security profiles in FortiManager

Note

This plugin is part of the community.fortios collection (version 1.0.0).

You might already have this collection installed if you are using the ansible package. It is not included in ansible-core. To check whether it is installed, run ansible-galaxy collection list.

To install it, use: ansible-galaxy collection install community.fortios.

To use it in a playbook, specify: community.fortios.fmgr_secprof_dns.

Synopsis

  • Manage DNS security profiles in FortiManager

Parameters

Parameter Choices/Defaults Comments
adom
string
Default:
"root"
The ADOM the configuration should belong to.
block_action
string
    Choices:
  • block
  • redirect
Action to take for blocked domains.
choice | block | Return NXDOMAIN for blocked domains.
choice | redirect | Redirect blocked domains to SDNS portal.
block_botnet
string
    Choices:
  • disable
  • enable
Enable/disable blocking botnet C&C; DNS lookups.
choice | disable | Disable blocking botnet C&C; DNS lookups.
choice | enable | Enable blocking botnet C&C; DNS lookups.
comment
string
Comment for the security profile to show in the FortiManager GUI.
domain_filter_domain_filter_table
string
DNS domain filter table ID.
external_ip_blocklist
string
One or more external IP block lists.
ftgd_dns_filters_action
string
    Choices:
  • monitor
  • block
Action to take for DNS requests matching the category.
choice | monitor | Allow DNS requests matching the category and log the result.
choice | block | Block DNS requests matching the category.
ftgd_dns_filters_category
string
Category number.
ftgd_dns_filters_log
string
    Choices:
  • disable
  • enable
Enable/disable DNS filter logging for this DNS profile.
choice | disable | Disable DNS filter logging.
choice | enable | Enable DNS filter logging.
ftgd_dns_options
string
    Choices:
  • error-allow
  • ftgd-disable
FortiGuard DNS filter options.
FLAG Based Options. Specify multiple in list form.
flag | error-allow | Allow all domains when FortiGuard DNS servers fail.
flag | ftgd-disable | Disable FortiGuard DNS domain rating.
log_all_domain
string
    Choices:
  • disable
  • enable
Enable/disable logging of all domains visited (detailed DNS logging).
choice | disable | Disable logging of all domains visited.
choice | enable | Enable logging of all domains visited.
mode
string
    Choices:
  • add ←
  • set
  • delete
  • update
Sets one of three modes for managing the object.
Allows use of soft-adds instead of overwriting existing values.
name
string
Profile name.
redirect_portal
string
IP address of the SDNS redirect portal.
safe_search
string
    Choices:
  • disable
  • enable
Enable/disable Google, Bing, and YouTube safe search.
choice | disable | Disable Google, Bing, and YouTube safe search.
choice | enable | Enable Google, Bing, and YouTube safe search.
sdns_domain_log
string
    Choices:
  • disable
  • enable
Enable/disable domain filtering and botnet domain logging.
choice | disable | Disable domain filtering and botnet domain logging.
choice | enable | Enable domain filtering and botnet domain logging.
sdns_ftgd_err_log
string
    Choices:
  • disable
  • enable
Enable/disable FortiGuard SDNS rating error logging.
choice | disable | Disable FortiGuard SDNS rating error logging.
choice | enable | Enable FortiGuard SDNS rating error logging.
youtube_restrict
string
    Choices:
  • strict
  • moderate
Set safe search for YouTube restriction level.
choice | strict | Enable strict safe seach for YouTube.
choice | moderate | Enable moderate safe search for YouTube.

Examples

- name: DELETE Profile
  community.fortios.fmgr_secprof_dns:
    name: "Ansible_DNS_Profile"
    comment: "Created by Ansible Module TEST"
    mode: "delete"

- name: CREATE Profile
  community.fortios.fmgr_secprof_dns:
    name: "Ansible_DNS_Profile"
    comment: "Created by Ansible Module TEST"
    mode: "set"
    block_action: "block"

Return Values

Common return values are documented here, the following are the fields unique to this module:

Key Returned Description
api_result
string
always
full API response, includes status code and message



Authors

  • Luke Weighall (@lweighall)

  • Andrew Welsh (@Ghilli3)

  • Jim Huber (@p4r4n0y1ng)