asa_og – Manage object groups on a Cisco ASA

New in version 2.8.

Synopsis

• This module allows you to create and update object-group network/service on Cisco ASA device.

Parameters

Parameter	Choices/Defaults	Comments
description -		The description for the object-group.
group_object list		The group-object for network object-group.
group_type - / required	Choices: network-object service-object port-object	The object group type.
host_ip list		The host IP address for object-group network.
ip_mask list		The IP address and mask for network object-group.
name - / required		Name of the object group.
port_eq -		The single port for port-object.
port_range -		The port range for port-object.
protocol -	Choices: udp tcp tcp-udp	The protocol for object-group service with port-object.
service_cfg -		The service-object configuration protocol, direction, range or port.
state -	Choices: present ← absent replace	Manage the state of the resource.

Examples

---
- name: configure network object-group
  asa_og:
    name: ansible_test_0
    group_type: network-object
    state: present
    description: ansible_test object-group description
    host_ip:
      - 8.8.8.8
      - 8.8.4.4
    ip_mask:
      - 10.0.0.0 255.255.255.0
      - 192.168.0.0 255.255.0.0
    group_object:
      - awx_lon
      - awx_ams

- name: configure port-object object-group
  asa_og:
    name: ansible_test_1
    group_type: port-object
    state: replace
    description: ansible_test object-group description
    protocol: tcp-udp
    port_eq:
      - 1025
      - kerberos
    port_range:
      - 1025 5201
      - 0 1024

- name: configure service-object object-group
  asa_og:
    name: ansible_test_2
    group_type: service-object
    state: absent
    description: ansible_test object-group description
    service_cfg:
      - tcp destination eq 8080
      - tcp destination eq www

Return Values

Common return values are documented here, the following are the fields unique to this module:

Key	Returned	Description
commands list	always	command sent to the device Sample: ['object-group network ansible_test_0', 'description ansible_test object-group description', 'network-object host 8.8.8.8', 'network-object host 8.8.4.4', 'network-object 10.0.0.0 255.255.255.0', 'network-object 192.168.0.0 255.255.0.0', 'network-object 192.168.0.0 255.255.0.0', 'group-object awx_lon', 'group-object awx_ams']

Status

• This module is not guaranteed to have a backwards compatible interface. [preview]

• This module is maintained by the Ansible Community. [community]

Authors

• Federico Olivieri (@Federico87)

Hint

If you notice any issues in this documentation you can edit this document to improve it.