meraki_mx_l3_firewall – Manage MX appliance layer 3 firewalls in the Meraki cloud

From Get docs
Ansible/docs/2.7/modules/meraki mx l3 firewall module


meraki_mx_l3_firewall – Manage MX appliance layer 3 firewalls in the Meraki cloud

New in version 2.7.


Synopsis

  • Allows for creation, management, and visibility into layer 3 firewalls implemented on Meraki MX firewalls.

Parameters

Parameter Choices/Defaults Comments

auth_key

-

Authentication key provided by the dashboard. Required if environmental variable MERAKI_KEY is not set.

host

string

Default:

"api.meraki.com"

Hostname for Meraki dashboard

Only useful for internal Meraki developers

net_id

-

ID of network which MX firewall is in.

net_name

-

Name of network which MX firewall is in.

org_id

-

ID of organization.

org_name

-

Name of organization.

If clone is specified, org_name is the name of the new organization.


aliases: organization

output_level

-

  • normal

  • debug

Set amount of debug output during module execution

rules

-

List of firewall rules.

comment

-

Optional comment to describe the firewall rule.

dest_cidr

-

Comma separated list of CIDR notation destination networks.

dest_port

-

Comma separated list of destination port numbers to match against.

policy

-

  • allow
  • deny

Policy to apply if rule is hit.

protocol

-

  • any
  • icmp
  • tcp
  • udp

Protocol to match against.

src_cidr

-

Comma separated list of CIDR notation source networks.

src_port

-

Comma separated list of source port numbers to match against.

syslog_enabled

-

Whether to log hints against the firewall rule.

Only applicable if a syslog server is specified against the network.

state

-

  • present

  • query

Create or modify an organization.

syslog_default_rule

boolean

  • no

  • yes

Whether to log hits against the default firewall rule.

Only applicable if a syslog server is specified against the network.

This is not shown in response from Meraki. Instead, refer to the syslog_enabled value in the default rule.

timeout

integer

Default:

30

Time to timeout for HTTP requests.

use_https

boolean

  • no
  • yes

If no, it will use HTTP. Otherwise it will use HTTPS.

Only useful for internal Meraki developers

use_proxy

boolean

  • no
  • yes

If no, it will not use a proxy, even if one is defined in an environment variable on the target hosts.

validate_certs

boolean

  • no
  • yes

Whether to validate HTTP certificates.



Notes

Note

  • Module assumes a complete list of firewall rules are passed as a parameter.
  • If there is interest in this module allowing manipulation of a single firewall rule, please submit an issue against this module.
  • More information about the Meraki API can be found at https://dashboard.meraki.com/api_docs.
  • Some of the options are likely only used for developers within Meraki


Examples

- name: Query firewall rules
  meraki_mx_l3_firewall:
    auth_key: abc123
    org_name: YourOrg
    net_name: YourNet
    state: query
  delegate_to: localhost

- name: Set two firewall rules
  meraki_mx_l3_firewall:
    auth_key: abc123
    org_name: YourOrg
    net_name: YourNet
    state: present
    rules:
      - comment: Block traffic to server
        src_cidr: 192.0.1.0/24
        src_port: any
        dest_cidr: 192.0.2.2/32
        dest_port: any
        protocol: any
        policy: deny
      - comment: Allow traffic to group of servers
        src_cidr: 192.0.1.0/24
        src_port: any
        dest_cidr: 192.0.2.0/24
        dest_port: any
        protocol: any
        policy: permit
  delegate_to: localhost

- name: Set one firewall rule and enable logging of the default rule
  meraki_mx_l3_firewall:
    auth_key: abc123
    org_name: YourOrg
    net_name: YourNet
    state: present
    rules:
      - comment: Block traffic to server
        src_cidr: 192.0.1.0/24
        src_port: any
        dest_cidr: 192.0.2.2/32
        dest_port: any
        protocol: any
        policy: deny
    syslog_default_rule: yes
  delegate_to: localhost

Return Values

Common return values are documented here, the following are the fields unique to this module:

Key Returned Description

data

complex

success

Firewall rules associated to network.


comment

string

always

Comment to describe the firewall rule.


Sample:

Block traffic to server

dest_cidr

string

always

Comma separated list of CIDR notation destination networks.


Sample:

192.0.1.1/32,192.0.1.2/32

dest_port

string

always

Comma separated list of destination ports.


Sample:

80,443

policy

string

always

Action to take when rule is matched.


protocol

string

always

Network protocol for which to match against.


Sample:

tcp

src_cidr

string

always

Comma separated list of CIDR notation source networks.


Sample:

192.0.1.1/32,192.0.1.2/32

src_port

string

always

Comma separated list of source ports.


Sample:

80,443

syslog_enabled

boolean

always

Whether to log to syslog when rule is matched.


Sample:

True




Status

Authors

  • Kevin Breit (@kbreit)

Hint

If you notice any issues in this documentation you can edit this document to improve it.


© 2012–2018 Michael DeHaan
© 2018–2019 Red Hat, Inc.
Licensed under the GNU General Public License version 3.
https://docs.ansible.com/ansible/2.7/modules/meraki_mx_l3_firewall_module.html