meraki_mx_l3_firewall – Manage MX appliance layer 3 firewalls in the Meraki cloud¶
New in version 2.7.
Synopsis¶
- Allows for creation, management, and visibility into layer 3 firewalls implemented on Meraki MX firewalls.
Parameters¶
Parameter | Choices/Defaults | Comments | |
---|---|---|---|
auth_key
-
|
Authentication key provided by the dashboard. Required if environmental variable MERAKI_KEY is not set.
|
||
host
string
|
Default: "api.meraki.com"
|
Hostname for Meraki dashboard
Only useful for internal Meraki developers
|
|
net_id
-
|
ID of network which MX firewall is in.
|
||
net_name
-
|
Name of network which MX firewall is in.
|
||
org_id
-
|
ID of organization.
|
||
org_name
-
|
Name of organization.
If
clone is specified, org_name is the name of the new organization.aliases: organization |
||
output_level
-
|
|
Set amount of debug output during module execution
|
|
rules
-
|
List of firewall rules.
|
||
comment
-
|
Optional comment to describe the firewall rule.
|
||
dest_cidr
-
|
Comma separated list of CIDR notation destination networks.
|
||
dest_port
-
|
Comma separated list of destination port numbers to match against.
|
||
policy
-
|
|
Policy to apply if rule is hit.
|
|
protocol
-
|
|
Protocol to match against.
|
|
src_cidr
-
|
Comma separated list of CIDR notation source networks.
|
||
src_port
-
|
Comma separated list of source port numbers to match against.
|
||
syslog_enabled
-
|
Whether to log hints against the firewall rule.
Only applicable if a syslog server is specified against the network.
|
||
state
-
|
|
Create or modify an organization.
|
|
syslog_default_rule
boolean
|
|
Whether to log hits against the default firewall rule.
Only applicable if a syslog server is specified against the network.
This is not shown in response from Meraki. Instead, refer to the
syslog_enabled value in the default rule. |
|
timeout
integer
|
Default: 30
|
Time to timeout for HTTP requests.
|
|
use_https
boolean
|
|
If
no , it will use HTTP. Otherwise it will use HTTPS.Only useful for internal Meraki developers
|
|
use_proxy
boolean
|
|
If
no , it will not use a proxy, even if one is defined in an environment variable on the target hosts. |
|
validate_certs
boolean
|
|
Whether to validate HTTP certificates.
|
Notes¶
Note
- Module assumes a complete list of firewall rules are passed as a parameter.
- If there is interest in this module allowing manipulation of a single firewall rule, please submit an issue against this module.
- More information about the Meraki API can be found at https://dashboard.meraki.com/api_docs.
- Some of the options are likely only used for developers within Meraki
Examples¶
- name: Query firewall rules
meraki_mx_l3_firewall:
auth_key: abc123
org_name: YourOrg
net_name: YourNet
state: query
delegate_to: localhost
- name: Set two firewall rules
meraki_mx_l3_firewall:
auth_key: abc123
org_name: YourOrg
net_name: YourNet
state: present
rules:
- comment: Block traffic to server
src_cidr: 192.0.1.0/24
src_port: any
dest_cidr: 192.0.2.2/32
dest_port: any
protocol: any
policy: deny
- comment: Allow traffic to group of servers
src_cidr: 192.0.1.0/24
src_port: any
dest_cidr: 192.0.2.0/24
dest_port: any
protocol: any
policy: permit
delegate_to: localhost
- name: Set one firewall rule and enable logging of the default rule
meraki_mx_l3_firewall:
auth_key: abc123
org_name: YourOrg
net_name: YourNet
state: present
rules:
- comment: Block traffic to server
src_cidr: 192.0.1.0/24
src_port: any
dest_cidr: 192.0.2.2/32
dest_port: any
protocol: any
policy: deny
syslog_default_rule: yes
delegate_to: localhost
Return Values¶
Common return values are documented here, the following are the fields unique to this module:
Key | Returned | Description | |
---|---|---|---|
data
complex
|
success |
Firewall rules associated to network.
|
|
comment
string
|
always |
Comment to describe the firewall rule.
Sample:
Block traffic to server
|
|
dest_cidr
string
|
always |
Comma separated list of CIDR notation destination networks.
Sample:
192.0.1.1/32,192.0.1.2/32
|
|
dest_port
string
|
always |
Comma separated list of destination ports.
Sample:
80,443
|
|
policy
string
|
always |
Action to take when rule is matched.
|
|
protocol
string
|
always |
Network protocol for which to match against.
Sample:
tcp
|
|
src_cidr
string
|
always |
Comma separated list of CIDR notation source networks.
Sample:
192.0.1.1/32,192.0.1.2/32
|
|
src_port
string
|
always |
Comma separated list of source ports.
Sample:
80,443
|
|
syslog_enabled
boolean
|
always |
Whether to log to syslog when rule is matched.
Sample:
True
|
Status¶
- This module is not guaranteed to have a backwards compatible interface. [preview]
- This module is maintained by the Ansible Community. [community]
Authors¶
- Kevin Breit (@kbreit)
Hint
If you notice any issues in this documentation you can edit this document to improve it.