Help
FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
lpizziniaco
Staff
Staff

Created on ‎10-28-2025 02:23 AM Edited on ‎10-28-2025 02:24 AM By Community Manager

Article Id 414379

Technical Tip: Configuring FortiGate Web Filter Profiles with Ansible (Including Unset Workaround)

Description This article describes how to configure Web Filter profiles on FortiGate using Ansible. It provides a step-by-step guide and a workaround for issues encountered when creating Web Filters and FortiGuard Category-Based Filters, specifically when parameters cannot be unset using the fortioswebfilterprofile module.
Scope FortiGate.
Solution

The Ansible module fortioswebfilterprofile currently does not support unsetting parameters within the ftgd-wf (FortiGuard Web Filter) configuration section.

 

To workaround this limitation, fortinet.fortios.fortiosjsongeneric module can be used instead of fortioswebfilterprofile.

The fortiosjsongeneric module allows full JSON-based configuration control, including the ability to unset specific fields corresponding to setting a JSON field to null.


To configure web filter profiles on FortiGate using Ansible, it could be handy to follow these steps:

  • Install the fortinet.fortios collection for the installed Ansible controller.
  • Create a new Ansible playbook with content like the following:

 

----
- hosts: fortigate01
  connection: httpapi
  collections:
    - fortinet.fortios
  vars:
    ansible_python_interpreter: /usr/bin/python3
    ansible_httpapi_use_ssl: yes
    ansible_httpapi_validate_certs: no
    ansible_httpapi_port: 443
    vdom: "{{ vdom }}" # Ensure this is set to the correct VDOM
  tasks:
    - name: WebFilterCreation
      fortinet.fortios.fortios_json_generic:
        vdom: "root"
        json_generic:
          method: "POST"
          path: "/api/v2/cmdb/webfilter/profile"
          jsonbody: |
            {
              "name": "AnAstonishingName",
              "feature-set": "proxy",
              "ftgd-wf": {
                "options": null,     // corresponfing to CLI unset options 
                "filters": [
                  {
                    // Filter JSON Body,
                  }
                ]
              }
            }
        register: info

 

  • Run the Ansible playbook to configure the web filter profile on the FortiGate.

To create the filter body, it is suggested to follow the official documentation from FNDN.


Related document:

https://fndn.fortinet.net/index.php?/fortiapi/1-fortios/5445/1/webfilter/

 

181
Suggest New Article
Article Feedback
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.