Description
This article describes applications of Ansible on FortiGate.
Scope
FortiGate, Ansible.
Solution
Ansible can be applied in multiple FortiGates to automate the provisioning, configuration and management processes.
Follow each of the steps below to install and apply Ansible on FortiGate for multiple applications:
1) Install Ansible on Linux.
Execute Ansible installation with the following terminal commands:
apt-get update
apt-get -y install ansible
Note:
Ensure the current user is the root user when executing the command. Otherwise, add the Linux user as a sudoer.
2) Download FortiGate modules with Ansible by using the command below:
ansible-galaxy collection install fortinet.fortios
3. Create a variable text file to provide Ansible with FortiGate device information.
nano <file name> or vim <file name> --- > Linux command to create a file
After the file is created, fill in the information below:
### FortiGate Host###
[fortigate]
fgt ansible_host=<FGT IP> ansible_user="<FGT admin username>" ansible_password="<FGT username password>"
### FortiGate OS Modules ###
[fortigates:vars]
ansible_network_os=fortinet.fortios.fortios
### Specify API connection with HTTP (default SSH)###
[all:vars]
ansible_connection=httpapi
ansible_httpapi_validate_certs=no
ansible_httpapi_use_ssl=yes
Note:
If using Linux nano, press Ctrl + X to save. Upon doing so, nano will show a directory path. Press Enter to save the file in the directory path.
If using Linux vim, press the Esc key, type :w and hit the Enter key to save the file.
4) Create a YAML file and prepare the script with the following format:
hosts: <object created in steps 3>
tasks:
- name: <tasks name>
<Ansible Module>
<Configuration on FortiGate>
<Objects in the Configuration>
The example below demonstrates a Basic Configuration on FortiGate with YAML:
hosts: fortigates
tasks:
- name: Change hostname
fortinet.fortios.fortios_system_global:
system_global:
hostname: “FortiGate_Lab”
- name: Create Address
fortinet.fortios.fortios_firewall_address:
state: “present”
firewall_address:
name: test_123
subnet: 10.1.1.1 255.255.255.0
Note:
- YAML is space sensitive. Each layer is differentiated and separated with spaces. DO NOT use Tab on the keyboard to create the space, as this will cause syntax errors.
- See the Ansible command for FortiOS here:
- The Ansible command for FortiOS MUST be included in the YAML configuration with 'required' highlighted. For example:
5) After the YAML file is created, use the Ansible command below to run the file:
ansible-playbook -i <variable text file name> < YAML file name>
The results should look similar to the following example:
Related Ansible document:
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.