meraki_mx_l3_firewall – Manage MX appliance layer 3 firewalls in the Meraki cloud
meraki_mx_l3_firewall – Manage MX appliance layer 3 firewalls in the Meraki cloud
New in version 2.7.
Synopsis
- Allows for creation, management, and visibility into layer 3 firewalls implemented on Meraki MX firewalls.
Parameters
Parameter | Choices/Defaults | Comments | |
---|---|---|---|
auth_key string / required |
Authentication key provided by the dashboard. Required if environmental variable | ||
host string |
Default: "api.meraki.com" |
Hostname for Meraki dashboard. Can be used to access regional Meraki environments, such as China. | |
internal_error_retry_time integer |
Default: 60 |
Number of seconds to retry if server returns an internal server error. | |
net_id - |
ID of network which MX firewall is in. | ||
net_name - |
Name of network which MX firewall is in. | ||
org_id string |
ID of organization. | ||
org_name string |
Name of organization.
| ||
output_format string |
|
Instructs module whether response keys should be snake case (ex. | |
output_level string |
|
Set amount of debug output during module execution. | |
rate_limit_retry_time integer |
Default: 165 |
Number of seconds to retry if rate limiter is triggered. | |
rules - |
List of firewall rules. | ||
comment - |
Optional comment to describe the firewall rule. | ||
dest_cidr - |
Comma separated list of CIDR notation destination networks. | ||
dest_port - |
Comma separated list of destination port numbers to match against. | ||
policy - |
|
Policy to apply if rule is hit. | |
protocol - |
|
Protocol to match against. | |
src_cidr - |
Comma separated list of CIDR notation source networks. | ||
src_port - |
Comma separated list of source port numbers to match against. | ||
syslog_enabled - |
Whether to log hints against the firewall rule. Only applicable if a syslog server is specified against the network. | ||
state - |
|
Create or modify an organization. | |
syslog_default_rule boolean |
|
Whether to log hits against the default firewall rule. Only applicable if a syslog server is specified against the network. This is not shown in response from Meraki. Instead, refer to the | |
timeout integer |
Default: 30 |
Time to timeout for HTTP requests. | |
use_https boolean |
|
If Only useful for internal Meraki developers. | |
use_proxy boolean |
|
If | |
validate_certs boolean |
|
Whether to validate HTTP certificates. |
Notes
Note
- Module assumes a complete list of firewall rules are passed as a parameter.
- If there is interest in this module allowing manipulation of a single firewall rule, please submit an issue against this module.
- More information about the Meraki API can be found at https://dashboard.meraki.com/api_docs.
- Some of the options are likely only used for developers within Meraki.
- As of Ansible 2.9, Meraki modules output keys as snake case. To use camel case, set the
ANSIBLE_MERAKI_FORMAT
environment variable tocamelcase
. - Ansible’s Meraki modules will stop supporting camel case output in Ansible 2.13. Please update your playbooks.
Examples
- name: Query firewall rules
meraki_mx_l3_firewall:
auth_key: abc123
org_name: YourOrg
net_name: YourNet
state: query
delegate_to: localhost
- name: Set two firewall rules
meraki_mx_l3_firewall:
auth_key: abc123
org_name: YourOrg
net_name: YourNet
state: present
rules:
- comment: Block traffic to server
src_cidr: 192.0.1.0/24
src_port: any
dest_cidr: 192.0.2.2/32
dest_port: any
protocol: any
policy: deny
- comment: Allow traffic to group of servers
src_cidr: 192.0.1.0/24
src_port: any
dest_cidr: 192.0.2.0/24
dest_port: any
protocol: any
policy: permit
delegate_to: localhost
- name: Set one firewall rule and enable logging of the default rule
meraki_mx_l3_firewall:
auth_key: abc123
org_name: YourOrg
net_name: YourNet
state: present
rules:
- comment: Block traffic to server
src_cidr: 192.0.1.0/24
src_port: any
dest_cidr: 192.0.2.2/32
dest_port: any
protocol: any
policy: deny
syslog_default_rule: yes
delegate_to: localhost
Return Values
Common return values are documented here, the following are the fields unique to this module:
Key | Returned | Description | |
---|---|---|---|
data complex |
success |
Firewall rules associated to network.
| |
comment string |
always |
Comment to describe the firewall rule.
Sample: Block traffic to server | |
dest_cidr string |
always |
Comma separated list of CIDR notation destination networks.
Sample: 192.0.1.1/32,192.0.1.2/32 | |
dest_port string |
always |
Comma separated list of destination ports.
Sample: 80,443 | |
policy string |
always |
Action to take when rule is matched.
| |
protocol string |
always |
Network protocol for which to match against.
Sample: tcp | |
src_cidr string |
always |
Comma separated list of CIDR notation source networks.
Sample: 192.0.1.1/32,192.0.1.2/32 | |
src_port string |
always |
Comma separated list of source ports.
Sample: 80,443 | |
syslog_enabled boolean |
always |
Whether to log to syslog when rule is matched.
Sample: True |
Status
- This module is not guaranteed to have a backwards compatible interface. [preview]
- This module is maintained by the Ansible Community. [community]
Authors
- Kevin Breit (@kbreit)
© 2012–2018 Michael DeHaan
© 2018–2019 Red Hat, Inc.
Licensed under the GNU General Public License version 3.
https://docs.ansible.com/ansible/2.9/modules/meraki_mx_l3_firewall_module.html