I am trying to configure my Fortigate 60E using the Ansible FortiOS Galaxy plugins. Currently I am working on the vip configuration. For most of the vips it is working fine but I can't get the ssl vip to work.
I would like to set up a ssl vip of type server-load-balancer like this:
- name: "Configure {{ vdom }} vdom virtual IP for IPv4"
fortios_firewall_vip:
vdom: "{{ vdom }}"
state: "{{ state }}"
access_token: "{{ token }}"
firewall_vip:
name: "vip_ssl_placeholder"
extintf: "management"
extip: "10.10.10.1"
extport: "6363"
type: "server-load-balance"
server_type: "ssl"
monitor:
- name: "tcp-6363-link-monitor"
ldb_method: "least-rtt"
persistence: "ssl-session-id"
realservers:
- id: "1"
ip: "10.16.10.1"
port: "6363"
- id: "2"
ip: "10.16.10.2"
port: "6363"
ssl_mode: "full"
ssl_certificate: "Fortinet_Factory"
However, when applying the script I get an error -56 from the Fortigate, telling me there there should be at least 1 server certificate. The certificate is yet installed. Here is the Ansible output showing the error:
meta:
build: 2571
cli_error: |-
current vf=root:0
There must be at least 1 server certificate configured.
attribute set operator error, -56, discard the setting
Command fail. Return code -56
error: -56
http_method: POST
http_status: 500
name: vip
path: firewall
revision: 18eaa14db7184d138cc857f49e1819a3
revision_changed: false
serial: FGT60Exxxxxxxxx
status: error
vdom: root
version: v7.4.2
msg: Error in repo
I am using Ansible [core 2.14.12], Ansible-Galaxy plugin fortinet.fortios 2.3.4 and a Fortigate 60E with FortiOS7.4.2
I have tried to setup the vip manually using the Fortigate GUI, this works and I can also select the certificate mentioned above.
I have also checked the commandes used by the manual setup on the Fortigate CLI itself with
diag deb en
diag deb cli 8
and the commands issued by the system are the same.
What is it that I am missing? What does the Fortigate error mean?