terraform-provider-fortios
terraform-provider-fortios copied to clipboard
fortinetdev
fortios_webfilter_profile ftgd_wf not enabled unless an option is set
I am unable to create a fortios_webfilter_profile that leverages the categories unless an option parameter is passed within ftgd_wf. In the GUI this is the FortiGuard category based filter toggle.
resource "fortios_webfilter_profile" "baseline" {
name = "baseline"
feature_set = "flow-based"
ftgd_wf {
filters {
action = "block"
category = 1
id = 1
}
filters {
action = "block"
category = 2
id = 2
}
filters {
action = "block"
category = 3
id = 3
}
....<SNIP>
filters {
action = "warning"
category = 0
id = 255
}
}
results in:
config webfilter profile
edit "baseline"
config ftgd-wf
config filters
edit 1
set category 1
set action block
next
edit 2
set category 2
set action block
the above applies but results in the web filter being created but FortiGuard category based filter toggle is off.
The reason appears to be because the ftgd_wf options variable needs to be unset or set to an option. I do not believe this is possible to set options = unset via terraform.
This is all on version 6.4.6
Hi @MilesTails ,
Thank you for raising this issue. Team is working on this issue. We will reply to you ASAP.
Thanks, Xing
Hi @MilesTails ,
We are cooperating with API team to fix this issue. Before this issue been fixed, you could use resource fortios_system_autoscript as alternatives:
https://registry.terraform.io/providers/fortinetdev/fortios/latest/docs/resources/fortios_system_autoscript
For example:
resource "fortios_system_autoscript" "auto2" {
interval = 1
name = "myscript12"
output_size = 10
repeat = 1
script = <<EOF
config webfilter profile
edit "baseline"
config ftgd-wf
unset options
config filters
edit 1
set category 1
set action block
next
end
end
next
end
EOF
start = "auto"
}
Please let me know if you have any questions.
Thanks, Xing