fortiosapi address+group creation

 Some one raised  a email from the FTNT forum community  asking how to build address and add them to a group. 

Here's a sample way of accomplishing this action in one playbook that I will demonstrated.

I'm creating two address types and then adding them as a member to a group named maingroup;

---

- hosts: control_node

  collections:

  - fortinet.fortios

  

  vars:

    host: "12.12.12.12"

    username: ansible

    password: test1234

    vdom: "root"

    ssl_verify: false

  tasks:

  - name:  mkAddress-subnet

    fortios_firewall_address:

       host: "{{ host }}"

       vdom: "{{ vdom }}"

       username: "{{ username }}"

       password: "{{ password }}"

       state: "present"

       https: "true"

       ssl_verify: "{{ ssl_verify }}"

       firewall_address:

          comment: "subnet type"

          name: "name1"

          type: ipmask

          subnet: "192.0.2.0/30"

   

  - name:  mkAddress-fqdn

    fortios_firewall_address:

       host: "{{ host }}"

       vdom: "{{ vdom }}"

       username: "{{ username }}"

       password: "{{ password }}"

       state: "present"

       https: "true"

       ssl_verify: "{{ ssl_verify }}"

       firewall_address:

          comment: "fqdn type"

          name: "name2"

          type: fqdn

          fqdn: "soc.example.com"

   

  - name:  mkAddressGroup

    fortios_firewall_addrgrp:

       host: "{{ host }}"

       vdom: "{{ vdom }}"

       username: "{{ username }}"

       password: "{{ password }}"

       state: "present"

       https: "true"

       ssl_verify: "{{ ssl_verify }}"

       firewall_addrgrp:

          comment: "blog example https://socpuppet.blogspot.com/"

          member:

            - name: "name1"

            - name: "name2"

          name: maingroup   

Within fotiosapi if you provide item that is not recognize , the module will kick a error and tell you wants allowed. 

For example, I type fqdns when I should have typed fqdn

And now the module kicks a error telling me to use one of the following;

So always read the error, it will give you direction on what the module is expecting. To learn more about the fotiosAPI and example on what can be done read some of my earlier posts on this subject.

https://socpuppet.blogspot.com/2020/07/howto-user-ansible-with-fortios.html

https://socpuppet.blogspot.com/2019/09/howto-use-fortios-apiuser.html

https://socpuppet.blogspot.com/2018/07/howto-use-fortios-api-to-add-delete.html

Make sure you run your plays on a non-product device or  create a vdom for testing before applying changes to production fortigate. If your working with a dev-ops group, use the "ANSIBLE_DEBUG=1" to debug any playbooks if your having issues executing config changes. If you setup a dev-ops test vdom you can do all testing in the test vdom b4 rolling it out

e.g

So jump into the API and give it a spin. You can do a lot of creative configs and changes in your fortigate environment with the easy of the CM tool. 

You can find me on forum.fortinet.com posting under emnoc. I've been a member in the open community for over 12 years.

Ken Felix 

NSE ( network security expert) and Route/Switching Engineer

kfelix  -----a----t---- socpuppets ---dot---com

     ^      ^

=(  @  @ )=

         o

        /  \