fmgr_secprof_dns – Manage DNS security profiles in FortiManager
New in version 2.8.
Synopsis
- Manage DNS security profiles in FortiManager
Parameters
Parameter | Choices/Defaults | Comments |
---|---|---|
adom - | Default: "root" | The ADOM the configuration should belong to. |
block_action string |
| Action to take for blocked domains. choice | block | Return NXDOMAIN for blocked domains. choice | redirect | Redirect blocked domains to SDNS portal. |
block_botnet string |
| Enable/disable blocking botnet C&C; DNS lookups. choice | disable | Disable blocking botnet C&C; DNS lookups. choice | enable | Enable blocking botnet C&C; DNS lookups. |
comment string | Comment for the security profile to show in the FortiManager GUI. | |
domain_filter_domain_filter_table string | DNS domain filter table ID. | |
external_ip_blocklist string | One or more external IP block lists. | |
ftgd_dns_filters_action string |
| Action to take for DNS requests matching the category. choice | monitor | Allow DNS requests matching the category and log the result. choice | block | Block DNS requests matching the category. |
ftgd_dns_filters_category string | Category number. | |
ftgd_dns_filters_log string |
| Enable/disable DNS filter logging for this DNS profile. choice | disable | Disable DNS filter logging. choice | enable | Enable DNS filter logging. |
ftgd_dns_options string |
| FortiGuard DNS filter options. FLAG Based Options. Specify multiple in list form. flag | error-allow | Allow all domains when FortiGuard DNS servers fail. flag | ftgd-disable | Disable FortiGuard DNS domain rating. |
log_all_domain string |
| Enable/disable logging of all domains visited (detailed DNS logging). choice | disable | Disable logging of all domains visited. choice | enable | Enable logging of all domains visited. |
mode - |
| Sets one of three modes for managing the object. Allows use of soft-adds instead of overwriting existing values. |
name string | Profile name. | |
redirect_portal string | IP address of the SDNS redirect portal. | |
safe_search string |
| Enable/disable Google, Bing, and YouTube safe search. choice | disable | Disable Google, Bing, and YouTube safe search. choice | enable | Enable Google, Bing, and YouTube safe search. |
sdns_domain_log string |
| Enable/disable domain filtering and botnet domain logging. choice | disable | Disable domain filtering and botnet domain logging. choice | enable | Enable domain filtering and botnet domain logging. |
sdns_ftgd_err_log string |
| Enable/disable FortiGuard SDNS rating error logging. choice | disable | Disable FortiGuard SDNS rating error logging. choice | enable | Enable FortiGuard SDNS rating error logging. |
youtube_restrict string |
| Set safe search for YouTube restriction level. choice | strict | Enable strict safe seach for YouTube. choice | moderate | Enable moderate safe search for YouTube. |
Notes
Note
- Full Documentation at https://ftnt-ansible-docs.readthedocs.io/en/latest/.
Examples
- name: DELETE Profile fmgr_secprof_dns: name: "Ansible_DNS_Profile" comment: "Created by Ansible Module TEST" mode: "delete" - name: CREATE Profile fmgr_secprof_dns: name: "Ansible_DNS_Profile" comment: "Created by Ansible Module TEST" mode: "set" block_action: "block"
Return Values
Common return values are documented here, the following are the fields unique to this module:
Key | Returned | Description |
---|---|---|
api_result string | always | full API response, includes status code and message |
Status
- This module is not guaranteed to have a backwards compatible interface. [preview]
- This module is maintained by the Ansible Community. [community]
Authors
- Luke Weighall (@lweighall)
- Andrew Welsh (@Ghilli3)
- Jim Huber (@p4r4n0y1ng)
Hint
If you notice any issues in this documentation you can edit this document to improve it.
© 2012–2018 Michael DeHaan
© 2018–2019 Red Hat, Inc.
Licensed under the GNU General Public License version 3.
https://docs.ansible.com/ansible/2.8/modules/fmgr_secprof_dns_module.html