meraki_mx_l7_firewall – Manage MX appliance layer 7 firewalls in the Meraki cloud
meraki_mx_l7_firewall – Manage MX appliance layer 7 firewalls in the Meraki cloud
New in version 2.9.
Synopsis
- Allows for creation, management, and visibility into layer 7 firewalls implemented on Meraki MX firewalls.
Parameters
Parameter | Choices/Defaults | Comments | ||
---|---|---|---|---|
auth_key string / required |
Authentication key provided by the dashboard. Required if environmental variable | |||
categories boolean |
|
When | ||
host string |
Default: "api.meraki.com" |
Hostname for Meraki dashboard. Can be used to access regional Meraki environments, such as China. | ||
internal_error_retry_time integer |
Default: 60 |
Number of seconds to retry if server returns an internal server error. | ||
net_id string |
ID of network which MX firewall is in. | |||
net_name string |
Name of network which MX firewall is in. | |||
org_id string |
ID of organization. | |||
org_name string |
Name of organization.
| |||
output_format string |
|
Instructs module whether response keys should be snake case (ex. | ||
output_level string |
|
Set amount of debug output during module execution. | ||
rate_limit_retry_time integer |
Default: 165 |
Number of seconds to retry if rate limiter is triggered. | ||
rules list |
List of layer 7 firewall rules. | |||
application - |
Application to filter. | |||
id string |
URI of application as defined by Meraki. | |||
name string |
Name of application to filter as defined by Meraki. | |||
application_category - |
Category of applications to filter. | |||
id string |
URI of application category as defined by Meraki. | |||
name string |
Name of application category to filter as defined by Meraki. | |||
countries list |
List of countries to whitelist or blacklist. The countries follow the two-letter ISO 3166-1 alpha-2 format. | |||
host string |
FQDN of host to filter. | |||
ip_range string |
CIDR notation range of IP addresses to apply rule to. Port can be appended to range with a | |||
policy string |
|
Policy to apply if rule is hit. | ||
port string |
TCP or UDP based port to filter. | |||
type string |
|
Type of policy to apply. | ||
state string |
|
Query or modify a firewall rule. | ||
timeout integer |
Default: 30 |
Time to timeout for HTTP requests. | ||
use_https boolean |
|
If Only useful for internal Meraki developers. | ||
use_proxy boolean |
|
If | ||
validate_certs boolean |
|
Whether to validate HTTP certificates. |
Notes
Note
- Module assumes a complete list of firewall rules are passed as a parameter.
- If there is interest in this module allowing manipulation of a single firewall rule, please submit an issue against this module.
- More information about the Meraki API can be found at https://dashboard.meraki.com/api_docs.
- Some of the options are likely only used for developers within Meraki.
- As of Ansible 2.9, Meraki modules output keys as snake case. To use camel case, set the
ANSIBLE_MERAKI_FORMAT
environment variable tocamelcase
. - Ansible’s Meraki modules will stop supporting camel case output in Ansible 2.13. Please update your playbooks.
Examples
- name: Query firewall rules
meraki_mx_l7_firewall:
auth_key: abc123
org_name: YourOrg
net_name: YourNet
state: query
delegate_to: localhost
- name: Query applications and application categories
meraki_mx_l7_firewall:
auth_key: abc123
org_name: YourOrg
net_name: YourNet
categories: yes
state: query
delegate_to: localhost
- name: Set firewall rules
meraki_mx_l7_firewall:
auth_key: abc123
org_name: YourOrg
net_name: YourNet
state: present
rules:
- type: whitelisted_countries
countries:
- US
- FR
- type: blacklisted_countries
countries:
- CN
- policy: deny
type: port
port: 8080
- type: port
port: 1234
- type: host
host: asdf.com
- type: application
application:
id: meraki:layer7/application/205
- type: application_category
application:
id: meraki:layer7/category/24
delegate_to: localhost
Return Values
Common return values are documented here, the following are the fields unique to this module:
Key | Returned | Description | |||
---|---|---|---|---|---|
data complex |
success |
Firewall rules associated to network.
| |||
application_categories list |
success, when querying applications |
List of application categories and applications.
| |||
applications list |
List of applications within a category.
| ||||
id string |
success |
URI of application.
Sample: Gmail | |||
name string |
success |
Descriptive name of application.
Sample: meraki:layer7/application/4 | |||
id string |
success |
URI of application category.
Sample: | |||
name string |
success |
Descriptive name of application category.
Sample: layer7/category/1 | |||
rules list |
success, when not querying applications |
Ordered list of firewall rules.
| |||
applicationCategory list |
List of application categories within a category.
| ||||
id string |
success |
URI of application.
Sample: Gmail | |||
name string |
success |
Descriptive name of application.
Sample: meraki:layer7/application/4 | |||
applications list |
List of applications within a category.
| ||||
id string |
success |
URI of application.
Sample: Gmail | |||
name string |
success |
Descriptive name of application.
Sample: meraki:layer7/application/4 | |||
blacklistedCountries string |
success |
Countries to be blacklisted.
Sample: RU | |||
ipRange string |
success |
Range of IP addresses in rule.
Sample: 1.1.1.0/23 | |||
policy string |
success |
Action to apply when rule is hit.
Sample: deny | |||
port string |
success |
Port number in rule.
Sample: 23 | |||
type string |
success |
Type of rule category.
Sample: applications | |||
whitelistedCountries string |
success |
Countries to be whitelisted.
Sample: CA |
Status
- This module is not guaranteed to have a backwards compatible interface. [preview]
- This module is maintained by the Ansible Community. [community]
Authors
- Kevin Breit (@kbreit)
© 2012–2018 Michael DeHaan
© 2018–2019 Red Hat, Inc.
Licensed under the GNU General Public License version 3.
https://docs.ansible.com/ansible/2.9/modules/meraki_mx_l7_firewall_module.html