fmgr_secprof_dns – Manage DNS security profiles in FortiManager

From Get docs
Ansible/docs/2.8/modules/fmgr secprof dns module


fmgr_secprof_dns – Manage DNS security profiles in FortiManager

New in version 2.8.


Synopsis

  • Manage DNS security profiles in FortiManager

Parameters

Parameter Choices/Defaults Comments

adom

-

Default:

"root"

The ADOM the configuration should belong to.

block_action

string

  • block
  • redirect

Action to take for blocked domains.

choice | block | Return NXDOMAIN for blocked domains.

choice | redirect | Redirect blocked domains to SDNS portal.

block_botnet

string

  • disable
  • enable

Enable/disable blocking botnet C&C; DNS lookups.

choice | disable | Disable blocking botnet C&C; DNS lookups.

choice | enable | Enable blocking botnet C&C; DNS lookups.

comment

string

Comment for the security profile to show in the FortiManager GUI.

domain_filter_domain_filter_table

string

DNS domain filter table ID.

external_ip_blocklist

string

One or more external IP block lists.

ftgd_dns_filters_action

string

  • monitor
  • block

Action to take for DNS requests matching the category.

choice | monitor | Allow DNS requests matching the category and log the result.

choice | block | Block DNS requests matching the category.

ftgd_dns_filters_category

string

Category number.

ftgd_dns_filters_log

string

  • disable
  • enable

Enable/disable DNS filter logging for this DNS profile.

choice | disable | Disable DNS filter logging.

choice | enable | Enable DNS filter logging.

ftgd_dns_options

string

  • error-allow
  • ftgd-disable

FortiGuard DNS filter options.

FLAG Based Options. Specify multiple in list form.

flag | error-allow | Allow all domains when FortiGuard DNS servers fail.

flag | ftgd-disable | Disable FortiGuard DNS domain rating.

log_all_domain

string

  • disable
  • enable

Enable/disable logging of all domains visited (detailed DNS logging).

choice | disable | Disable logging of all domains visited.

choice | enable | Enable logging of all domains visited.

mode

-

  • add

  • set
  • delete
  • update

Sets one of three modes for managing the object.

Allows use of soft-adds instead of overwriting existing values.

name

string

Profile name.

redirect_portal

string

IP address of the SDNS redirect portal.

safe_search

string

  • disable
  • enable

Enable/disable Google, Bing, and YouTube safe search.

choice | disable | Disable Google, Bing, and YouTube safe search.

choice | enable | Enable Google, Bing, and YouTube safe search.

sdns_domain_log

string

  • disable
  • enable

Enable/disable domain filtering and botnet domain logging.

choice | disable | Disable domain filtering and botnet domain logging.

choice | enable | Enable domain filtering and botnet domain logging.

sdns_ftgd_err_log

string

  • disable
  • enable

Enable/disable FortiGuard SDNS rating error logging.

choice | disable | Disable FortiGuard SDNS rating error logging.

choice | enable | Enable FortiGuard SDNS rating error logging.

youtube_restrict

string

  • strict
  • moderate

Set safe search for YouTube restriction level.

choice | strict | Enable strict safe seach for YouTube.

choice | moderate | Enable moderate safe search for YouTube.



Notes

Examples

- name: DELETE Profile
  fmgr_secprof_dns:
    name: "Ansible_DNS_Profile"
    comment: "Created by Ansible Module TEST"
    mode: "delete"

- name: CREATE Profile
  fmgr_secprof_dns:
    name: "Ansible_DNS_Profile"
    comment: "Created by Ansible Module TEST"
    mode: "set"
    block_action: "block"

Return Values

Common return values are documented here, the following are the fields unique to this module:

Key Returned Description

api_result

string

always

full API response, includes status code and message





Status

Authors

  • Luke Weighall (@lweighall)
  • Andrew Welsh (@Ghilli3)
  • Jim Huber (@p4r4n0y1ng)

Hint

If you notice any issues in this documentation you can edit this document to improve it.


© 2012–2018 Michael DeHaan
© 2018–2019 Red Hat, Inc.
Licensed under the GNU General Public License version 3.
https://docs.ansible.com/ansible/2.8/modules/fmgr_secprof_dns_module.html