cisco.meraki.meraki_mx_site_to_site_firewall – Manage MX appliance firewall rules for site-to-site VPNs¶
Note
This plugin is part of the cisco.meraki collection (version 2.2.1).
To install it use: ansible-galaxy collection install cisco.meraki
.
To use it in a playbook, specify: cisco.meraki.meraki_mx_site_to_site_firewall
.
New in version 1.0.0: of cisco.meraki
Synopsis¶
Allows for creation, management, and visibility into firewall rules for site-to-site VPNs implemented on Meraki MX firewalls.
Parameters¶
Notes¶
Note
Module assumes a complete list of firewall rules are passed as a parameter.
More information about the Meraki API can be found at https://dashboard.meraki.com/api_docs.
Some of the options are likely only used for developers within Meraki.
As of Ansible 2.9, Meraki modules output keys as snake case. To use camel case, set the
ANSIBLE_MERAKI_FORMAT
environment variable tocamelcase
.Ansible’s Meraki modules will stop supporting camel case output in Ansible 2.13. Please update your playbooks.
Check Mode downloads the current configuration from the dashboard, then compares changes against this download. Check Mode will report changed if there are differences in the configurations, but does not submit changes to the API for validation of change.
Examples¶
- name: Query firewall rules
meraki_mx_site_to_site_firewall:
auth_key: abc123
org_name: YourOrg
state: query
delegate_to: localhost
- name: Set two firewall rules
meraki_mx_site_to_site_firewall:
auth_key: abc123
org_name: YourOrg
state: present
rules:
- comment: Block traffic to server
src_cidr: 192.0.1.0/24
src_port: any
dest_cidr: 192.0.2.2/32
dest_port: any
protocol: any
policy: deny
- comment: Allow traffic to group of servers
src_cidr: 192.0.1.0/24
src_port: any
dest_cidr: 192.0.2.0/24
dest_port: any
protocol: any
policy: permit
delegate_to: localhost
- name: Set one firewall rule and enable logging of the default rule
meraki_mx_site_to_site_firewall:
auth_key: abc123
org_name: YourOrg
state: present
rules:
- comment: Block traffic to server
src_cidr: 192.0.1.0/24
src_port: any
dest_cidr: 192.0.2.2/32
dest_port: any
protocol: any
policy: deny
syslog_default_rule: yes
delegate_to: localhost
Return Values¶
Common return values are documented here, the following are the fields unique to this module:
Authors¶
Kevin Breit (@kbreit)