Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
rwpatterson
Valued Contributor III

Has anyone successfully used Ansible with their Fortigates?

I have just finished an Ansible class for my job (switches and such) and was trying to connect with my Fortigate. No Bueno! Anyone have any luck using Ansible to connect to their Fortigate?

 

Thanks in advance.

Bob - self proclaimed posting junkie!
See my Fortigate related scripts at: http://fortigate.camerabob.com

Bob - self proclaimed posting junkie!See my Fortigate related scripts at: http://fortigate.camerabob.com
12 REPLIES 12
rwpatterson
Valued Contributor III

I believe my firmware version is too old (because my firewall is too old). Versions less than 6 don't support this. Oh well. A few days wasted aside from the fact I did learn a bunch.

Bob - self proclaimed posting junkie!
See my Fortigate related scripts at: http://fortigate.camerabob.com

Bob - self proclaimed posting junkie!See my Fortigate related scripts at: http://fortigate.camerabob.com
emnoc
Esteemed Contributor III

IDNK about that, but  here's a blog I wrote with samples using fortiosapi a while back. 

 

https://socpuppet.blogspot.com/2020/07/howto-user-ansible-with-fortios.html

 

You should be able to write that as a test and then go deeper as you get past the 1st few hurdles. Github should have samples that you can pull in and modified to fit your env. I would not do a major change like policy add|delete  but would start with low hanging fruits likes add/addrgrp/admin/global settings etc.....

 

FWIW: Operational practice you don't put the  password in the playbook but for testing and to ensure it's working I do, but that's just me. 

 

Just ensure you run ANSIBLE_DEBUG and -vvv for more verbose details and work thru your issues. It always boils down to either;

 

[ul]
  • 1: wrong credentials
  • 2: trusthost
  • 3: bad directives in the playbook
  • 4: or the host can NOT reach the fortigate[/ul]

    But the samples show in the yml files is what I used for testing an verification with fortios. This works for  6.2.x and 6.4.x versions btw.

     

    YMMV but the above links in the blog-post will get you in the right direction and handing into the right port. Also call out a simple test with "curl" if you want to test the api-user. Again samples in the blog post.

     

    Ken Felix

     

  • PCNSE 

    NSE 

    StrongSwan  

    PCNSE NSE StrongSwan
    brookz
    New Contributor

    Look at Ansible Galaxy... there is a collection of FortiOS and Fortimanager modules available for download. If you're already figured that out, great. The documentation isn't the greatest. Struggling through some things with it myself. 

    Labels
    Top Kudoed Authors