fmgr_secprof_dns – Manage DNS security profiles in FortiManager
New in version 2.8.
Synopsis
- Manage DNS security profiles in FortiManager
Parameters
| Parameter | Choices/Defaults | Comments |
|---|---|---|
| adom
-
|
Default:
"root"
|
The ADOM the configuration should belong to.
|
| block_action
string
|
|
Action to take for blocked domains.
choice | block | Return NXDOMAIN for blocked domains.
choice | redirect | Redirect blocked domains to SDNS portal.
|
| block_botnet
string
|
|
Enable/disable blocking botnet C&C; DNS lookups.
choice | disable | Disable blocking botnet C&C; DNS lookups.
choice | enable | Enable blocking botnet C&C; DNS lookups.
|
| comment
string
|
Comment for the security profile to show in the FortiManager GUI.
|
|
| domain_filter_domain_filter_table
string
|
DNS domain filter table ID.
|
|
| external_ip_blocklist
string
|
One or more external IP block lists.
|
|
| ftgd_dns_filters_action
string
|
|
Action to take for DNS requests matching the category.
choice | monitor | Allow DNS requests matching the category and log the result.
choice | block | Block DNS requests matching the category.
|
| ftgd_dns_filters_category
string
|
Category number.
|
|
| ftgd_dns_filters_log
string
|
|
Enable/disable DNS filter logging for this DNS profile.
choice | disable | Disable DNS filter logging.
choice | enable | Enable DNS filter logging.
|
| ftgd_dns_options
string
|
|
FortiGuard DNS filter options.
FLAG Based Options. Specify multiple in list form.
flag | error-allow | Allow all domains when FortiGuard DNS servers fail.
flag | ftgd-disable | Disable FortiGuard DNS domain rating.
|
| log_all_domain
string
|
|
Enable/disable logging of all domains visited (detailed DNS logging).
choice | disable | Disable logging of all domains visited.
choice | enable | Enable logging of all domains visited.
|
| mode
-
|
|
Sets one of three modes for managing the object.
Allows use of soft-adds instead of overwriting existing values.
|
| name
string
|
Profile name.
|
|
| redirect_portal
string
|
IP address of the SDNS redirect portal.
|
|
| safe_search
string
|
|
Enable/disable Google, Bing, and YouTube safe search.
choice | disable | Disable Google, Bing, and YouTube safe search.
choice | enable | Enable Google, Bing, and YouTube safe search.
|
| sdns_domain_log
string
|
|
Enable/disable domain filtering and botnet domain logging.
choice | disable | Disable domain filtering and botnet domain logging.
choice | enable | Enable domain filtering and botnet domain logging.
|
| sdns_ftgd_err_log
string
|
|
Enable/disable FortiGuard SDNS rating error logging.
choice | disable | Disable FortiGuard SDNS rating error logging.
choice | enable | Enable FortiGuard SDNS rating error logging.
|
| youtube_restrict
string
|
|
Set safe search for YouTube restriction level.
choice | strict | Enable strict safe seach for YouTube.
choice | moderate | Enable moderate safe search for YouTube.
|
Notes
Note
- Full Documentation at https://ftnt-ansible-docs.readthedocs.io/en/latest/.
Examples
- name: DELETE Profile
fmgr_secprof_dns:
name: "Ansible_DNS_Profile"
comment: "Created by Ansible Module TEST"
mode: "delete"
- name: CREATE Profile
fmgr_secprof_dns:
name: "Ansible_DNS_Profile"
comment: "Created by Ansible Module TEST"
mode: "set"
block_action: "block"
Return Values
Common return values are documented here, the following are the fields unique to this module:
| Key | Returned | Description |
|---|---|---|
| api_result
string
|
always |
full API response, includes status code and message
|
Status
- This module is not guaranteed to have a backwards compatible interface. [preview]
- This module is maintained by the Ansible Community. [community]
Authors
- Luke Weighall (@lweighall)
- Andrew Welsh (@Ghilli3)
- Jim Huber (@p4r4n0y1ng)
Hint
If you notice any issues in this documentation you can edit this document to improve it.
© 2012–2018 Michael DeHaan
© 2018–2019 Red Hat, Inc.
Licensed under the GNU General Public License version 3.
https://docs.ansible.com/ansible/2.8/modules/fmgr_secprof_dns_module.html