fmgr_secprof_dns – Manage DNS security profiles in FortiManager

New in version 2.8.

Synopsis

• Manage DNS security profiles in FortiManager

Parameters

Parameter	Choices/Defaults	Comments
adom -	Default: "root"	The ADOM the configuration should belong to.
block_action string	Choices: block redirect	Action to take for blocked domains. choice | block | Return NXDOMAIN for blocked domains. choice | redirect | Redirect blocked domains to SDNS portal.
block_botnet string	Choices: disable enable	Enable/disable blocking botnet C&C; DNS lookups. choice | disable | Disable blocking botnet C&C; DNS lookups. choice | enable | Enable blocking botnet C&C; DNS lookups.
comment string		Comment for the security profile to show in the FortiManager GUI.
domain_filter_domain_filter_table string		DNS domain filter table ID.
external_ip_blocklist string		One or more external IP block lists.
ftgd_dns_filters_action string	Choices: monitor block	Action to take for DNS requests matching the category. choice | monitor | Allow DNS requests matching the category and log the result. choice | block | Block DNS requests matching the category.
ftgd_dns_filters_category string		Category number.
ftgd_dns_filters_log string	Choices: disable enable	Enable/disable DNS filter logging for this DNS profile. choice | disable | Disable DNS filter logging. choice | enable | Enable DNS filter logging.
ftgd_dns_options string	Choices: error-allow ftgd-disable	FortiGuard DNS filter options. FLAG Based Options. Specify multiple in list form. flag | error-allow | Allow all domains when FortiGuard DNS servers fail. flag | ftgd-disable | Disable FortiGuard DNS domain rating.
log_all_domain string	Choices: disable enable	Enable/disable logging of all domains visited (detailed DNS logging). choice | disable | Disable logging of all domains visited. choice | enable | Enable logging of all domains visited.
mode -	Choices: add ← set delete update	Sets one of three modes for managing the object. Allows use of soft-adds instead of overwriting existing values.
name string		Profile name.
redirect_portal string		IP address of the SDNS redirect portal.
safe_search string	Choices: disable enable	Enable/disable Google, Bing, and YouTube safe search. choice | disable | Disable Google, Bing, and YouTube safe search. choice | enable | Enable Google, Bing, and YouTube safe search.
sdns_domain_log string	Choices: disable enable	Enable/disable domain filtering and botnet domain logging. choice | disable | Disable domain filtering and botnet domain logging. choice | enable | Enable domain filtering and botnet domain logging.
sdns_ftgd_err_log string	Choices: disable enable	Enable/disable FortiGuard SDNS rating error logging. choice | disable | Disable FortiGuard SDNS rating error logging. choice | enable | Enable FortiGuard SDNS rating error logging.
youtube_restrict string	Choices: strict moderate	Set safe search for YouTube restriction level. choice | strict | Enable strict safe seach for YouTube. choice | moderate | Enable moderate safe search for YouTube.

Notes

Note

• Full Documentation at https://ftnt-ansible-docs.readthedocs.io/en/latest/.

Examples

- name: DELETE Profile
  fmgr_secprof_dns:
    name: "Ansible_DNS_Profile"
    comment: "Created by Ansible Module TEST"
    mode: "delete"

- name: CREATE Profile
  fmgr_secprof_dns:
    name: "Ansible_DNS_Profile"
    comment: "Created by Ansible Module TEST"
    mode: "set"
    block_action: "block"

Return Values

Common return values are documented here, the following are the fields unique to this module:

Key	Returned	Description
api_result string	always	full API response, includes status code and message

Status

• This module is not guaranteed to have a backwards compatible interface. [preview]
• This module is maintained by the Ansible Community. [community]

Authors

• Luke Weighall (@lweighall)
• Andrew Welsh (@Ghilli3)
• Jim Huber (@p4r4n0y1ng)

Hint

If you notice any issues in this documentation, you can edit this document to improve it.