Configuring Fortigate Firewall Interfaces with Ansible
Muhammad Awais Butt
Senior Network and Security Engineer at Emaratech CISM || CISSP || CCIE DC#51557
In this article we are going to configure Fortigate firewall Interfaces through Ansible. In the demo below, we have a fortigate firewall v6.2.3 with trial license in GNS3 VM and it’s connected with Ubuntu running in Oracle VirtualBox through GNS3 cloud. Also, I will be using VS code IDE in Ubuntu to write Ansible YAML code which makes it easy to handle and execute code simultaneously.
????????????Below is the ansible host file with my firewall IP address and its credentials and OS type. Please note that Fortigate firewall uses specialized HTTP API that is part of fortinet.fortios collection which extend its interface to Ansible for configuration.
?????????????Moving forward to configuring firewall interfaces through ansible; below is the YAML file to achieve it. Here we are having list of tasks to configure two sub-interfaces under Port10 of firewall while using fortios_system_interface module which is part of fortinet.fortios collection.
?????????????You can see that I have added another snippet from fortigate firewall cookbook v6.2.3 for side-by-side comparison of our ansible code versus the manual CLI configuration to perform the same task and you can see there is no difference between them. Now its time to run this code and see the results.
After running the playbook, a list of tasks were executed and two changes were done on the firewall to configure Interface 100 and 200 under port10 which you can see in below snapshot as well.
Principal Solution Architect |Technical Community and Client Engineering, IBM Technology
1 年Hi , could you please share the code ?