Comments (10)
@MilesTails sorry that current collection doesn't support policy ordering.
however we can still reorder the entries via automatic helper shell scripts(and python script) to analyze and apply reordering config. Below is an example:
#ssh [email protected] show firewall policy > firewall_policy.raw
Then apply a shell script or python(sorry I don't have a handy one, but it's supposed to be easy to do that with a script) to produce the following output:
Given a sequence[3 1 10 5 2], we are going to reorder it to [1 2 3 5 10], we can use shell or python to generate the cli config.
Having limited iterations, we have cli commands:
move 5 before 10: (3 1 5 10 2)
move 3 before 5: (1 3 5 10 2)
move 2 before 3: (1 2 3 5 10)
then the cli config will be(name it reordering.cli
):
config firewall policy
move 5 before 10
move 3 before 5
move 2 before 3
end
Here we move entries in their descending order, apply the reordering cli via : ssh [email protected] < reordering.cli
this is not the first time to have policy ordering mentioned, but current mechanism doesn't support such functionality, we will try to have one in later release.
thanks,
Link
from ansible-galaxy-fortios-collection.
Hello,
For info we are using fortiosconfig module and it works like a charm.
Example below where you want to move a certain policy before policy id 100.
- name: Move policy on firewall
fortiosconfig:
config: "firewall policy"
action: "move"
host: "{{ host }}"
username: "{{ username }}"
password: "{{ password }}"
vdom: "{{ vdom }}"
config_parameters:
key: "{{ policy_id_number }}"
where: "before"
reference-key: 100
Hope it helps,
Adrien
from ansible-galaxy-fortios-collection.
leaving fix in #70.
from ansible-galaxy-fortios-collection.
in latest release, moving policy is supported.
from ansible-galaxy-fortios-collection.
I see the example of how to move policies around, however, whenever I try to use it, it errors out. I have made sure I am running 1.1.8 (latest).
This is my config:
- name: move firewall policy - 2 before 1
fortios_firewall_policy:
vdom: "{{ vdom }}"
action: "move"
self: "1"
after: "2"
And this is the error:
fatal: [10.99.250.250]: FAILED! => {
"changed": false,
"invocation": {
"module_args": {
"action": "move",
"after": "2",
"self": "1",
"vdom": "FG-traffic"
}
},
"msg": "Unsupported parameters for (fortios_firewall_policy) module: action, after, self Supported parameters include: firewall_policy, host, https, password, ssl_verify, state, username, vdom"
}
from ansible-galaxy-fortios-collection.
@taylorjt2 could you help provide your full inventory and playbook?
from ansible-galaxy-fortios-collection.
Sure, it's really basic as I'm just experimenting and learning at this point. I experimented with having the move code separate as well as in the policy definition. Seems like it's just not recognizing action, after, self under fortios_firewall_policy as valid.
Directory Structure:
fortinet
group_vars
all.yml
roles
policies
tasks
main.yml
site.yml
hosts.yml
Files:
group_vars/all.yml
---
# Variables for all
ansible_user: admin
ansible_password: password
ansible_network_os: fortinet.fortios.fortios
ansible_httpapi_use_ssl: yes
ansible_httpapi_validate_certs: no
ansible_httpapi_port: 8443
roles/policies/tasks/main.yml
---
- name: Configure IPv4 policy - hosting-to-engage
fortios_firewall_policy:
vdom: "FG_traffic"
state: "present"
firewall_policy:
name: "hosting-to-engage_allowall"
policyid: "1"
status: "enable"
srcintf:
- name: "port1"
srcaddr:
- name: "1.1.1.1_32"
- name: "2.2.2.2_32"
dstintf:
- name: "port2"
dstaddr:
- name: "3.3.3.3_32"
service:
- name: "TEST"
- name: "PING"
action: "accept"
schedule: "always"
logtraffic: "all"
logtraffic_start: "enable"
- name: Configure IPv4 policy - engage-to-hosting
fortios_firewall_policy:
vdom: "{{ vdom }}"
state: "present"
# action: move
# self: 2
# before: 1
firewall_policy:
name: "engage-to-hosting_allowall"
policyid: "2"
status: "enable"
srcintf:
- name: "port2"
srcaddr:
- name: "4.4.4.4_32"
dstintf:
- name: "port1"
dstaddr:
- name: "5.5.5.5_32"
service:
- name: "TEST"
action: "accept"
schedule: "always"
logtraffic: "all"
logtraffic_start: "enable"
- name: move firewall policy - 2 before 1
fortios_firewall_policy:
vdom: "FG_traffic"
action: "move"
self: "1"
after: "2"
# before: "1"
site.yml
---
- hosts: hosting
connection: httpapi
collections:
- fortinet.fortios
roles:
- interfaces
hosts.yml
fortigates:
children:
virtual_fortigates:
children:
hosting:
children:
test1:
hosts:
172.16.1.50:
from ansible-galaxy-fortios-collection.
Roles don't support the 'collections' keyword. Try using the full FQDN, e.g.:
fortinet.fortios.fortios_firewall_policy
from ansible-galaxy-fortios-collection.
Thank you so much, that did it! Pointed me in the right direction to finding that I can also add the meta folder to each role with a file that adds the fortinet.fortios collection. I'm just learning Ansible, so trying to understand the correct structure and syntax. Appreciate the help!
from ansible-galaxy-fortios-collection.
Issue should be reopened, reordering support was only added for firewall rules in profile-based mode.
In NGFW policy-based mode we have to use fortios_firewall_security_policy
(https://ansible-galaxy-fortios-docs.readthedocs.io/en/latest/gen/fortios_firewall_security_policy.html) and it still doesn't support moving policies.
Or should I create a new issue?
from ansible-galaxy-fortios-collection.
Related Issues (20)
- Changing admin user password results in 403 PUT error. HOT 1
- network os fortinet.fortios.fortios is not supported HOT 1
- Is global scope security profile supported? HOT 1
- fortinet.fortios.fortios_monitor_fact filter questions HOT 4
- fortinet.fortios.fortios_monitor -selector upgrade.system.firmware possible issue? HOT 3
- Need help w/playbook to list all managed fortiap's per firewall. HOT 4
- updating policy based routing of fortigate is not working always has seq-num error HOT 2
- There must be at least 1 server certificate configured HOT 2
- Getting 404 error while trying to add IPv6 address group using fortios_firewall_addrgrp6 HOT 2
- Error in comparison/serialize HOT 4
- Question on usage - setting dhcp (v4) reservations HOT 3
- federated-upgrade 7.2.7>7.2.8 problem HOT 2
- fortios_system_global timezone not working with FortiOS 7.4.2 and higher HOT 3
- fortinet.fortios.fortios_firewall_addrgrp module question HOT 8
- fortigate firewall firmware upgrade using fortios_monitor module HOT 2
- check mode error since 2.3.5 HOT 2
- IPv4 Virtual Wire Pair Policy HOT 4
- List of check_mode supported modules HOT 2
- DLP profile rule "type" property value "fos_message" isn't obeyed HOT 4
- Wrong handling of Exceptions / TypeError: exceptions must derive from BaseException HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from ansible-galaxy-fortios-collection.