Here's a simple play that sets our org wide settings for all new fortigates.
(virt1) [opc@ansible-cloud ~]$ cat fgtsetup.yml
---
- hosts: fgt
collections:
- fortinet.fortios
gather_facts: false
connection: httpapi
vars:
vdom: "root"
ansible_httpapi_use_ssl: yes
ansible_httpapi_validate_certs: no
ansible_httpapi_port: 443
ansible_python_interpreter: virt1/bin/python
tasks:
- name: Setup_Console
fortios_system_console:
vdom: "{{ vdom }}"
system_console:
output: "more"
baudrate: 19200
- name: Setup_Global
fortios_system_global:
vdom: "{{ vdom }}"
system_global:
hostname: "BROOKLYNCNTAL"
admin_login_max: "6"
login_timestamp: "enable"
cfg_save: "automatic"
timezone: "08"
admin_ssh_port: "2022"
admin_scp: "enable"
gui_certificates: "enable"
- name: Setup_NTP
fortios_system_ntp:
vdom: "{{ vdom }}"
system_ntp:
interface:
- interface_name: wan2
syncinterval: "15"
type: "fortiguard"
ntpsync: "enable"
- name: Setup_AlertEmail
fortios_alertemail_setting:
vdom: "{{ vdom }}"
alertemail_setting:
mailto1: "soc@socpuppets.com"
username: "noc@socpuppets.com"
In our inventory file we define the fortigate address and these various variables
[fgt]
192.0.2.1 ansible_user=ansible ansible_password=test1234
192.0.2.2 ansible_user=ansible ansible_password=setup
192.0.2.3 ansible_user=ansible ansible_password=password123
192.0.2.4 ansible_user=ansible ansible_password=password0987654321
[fgt:vars]
ansible_network_os=fortinet.fortios.fortios
# ansible_httpapi_password=hhhjh05tyx5h3r15d64Gm6Nh15tjpm
To call our setup we just run the command and let the play execute the tasks.
example;
And lastly, we install our standard admin accounts;
(virt1) [opc@ansible-cloud ~]$ cat fgtaddadmin.yml
---
- hosts: fgt
collections:
- fortinet.fortios
gather_facts: false
connection: httpapi
vars:
vdom: "root"
ansible_httpapi_use_ssl: yes
ansible_httpapi_validate_certs: no
ansible_httpapi_port: 443
ansible_python_interpreter: virt1/bin/python
tasks:
- name: Configure primary admin
fortios_system_admin:
vdom: "{{ vdom }}"
state: "present"
system_admin:
accprofile: "super_admin"
vdom:
- name: "root"
comments: "socpuppet admin account do not delete"
name: "socadmin2"
password: "testing1234"
- name: Configure primary admin
fortios_system_admin:
vdom: "{{ vdom }}"
state: "present"
system_admin:
accprofile: "auditor"
vdom:
- name: "root"
comments: "socpuppet PCI account do not delete"
name: "auditor"
password: "pciblahbl"
Ken Felix
No comments:
Post a Comment