cisco.meraki.meraki_mx_l7_firewall – Manage MX appliance layer 7 firewalls in the Meraki cloud
Note
This plugin is part of the cisco.meraki collection (version 2.5.0).
You might already have this collection installed if you are using the ansible
package.
It is not included in ansible-core
.
To check whether it is installed, run ansible-galaxy collection list
.
To install it, use: ansible-galaxy collection install cisco.meraki
.
To use it in a playbook, specify: cisco.meraki.meraki_mx_l7_firewall
.
Synopsis
Allows for creation, management, and visibility into layer 7 firewalls implemented on Meraki MX firewalls.
Parameters
Parameter |
Comments |
---|---|
Authentication key provided by the dashboard. Required if environmental variable |
|
When Choices:
|
|
Hostname for Meraki dashboard. Can be used to access regional Meraki environments, such as China. Default: “api.meraki.com” |
|
Number of seconds to retry if server returns an internal server error. Default: 60 |
|
ID of network which MX firewall is in. |
|
Name of network which MX firewall is in. |
|
ID of organization. |
|
Name of organization. |
|
Instructs module whether response keys should be snake case (ex. Choices:
|
|
Set amount of debug output during module execution. Choices:
|
|
Number of seconds to retry if rate limiter is triggered. Default: 165 |
|
List of layer 7 firewall rules. |
|
Application to filter. |
|
URI of application as defined by Meraki. |
|
Name of application to filter as defined by Meraki. |
|
List of countries to whitelist or blacklist. The countries follow the two-letter ISO 3166-1 alpha-2 format. |
|
FQDN of host to filter. |
|
CIDR notation range of IP addresses to apply rule to. Port can be appended to range with a |
|
Policy to apply if rule is hit. Choices:
|
|
TCP or UDP based port to filter. |
|
Type of policy to apply. Choices:
|
|
Query or modify a firewall rule. Choices:
|
|
Time to timeout for HTTP requests. Default: 30 |
|
If Only useful for internal Meraki developers. Choices:
|
|
If Choices:
|
|
Whether to validate HTTP certificates. Choices:
|
Notes
Note
Module assumes a complete list of firewall rules are passed as a parameter.
If there is interest in this module allowing manipulation of a single firewall rule, please submit an issue against this module.
More information about the Meraki API can be found at https://dashboard.meraki.com/api_docs.
Some of the options are likely only used for developers within Meraki.
As of Ansible 2.9, Meraki modules output keys as snake case. To use camel case, set the
ANSIBLE_MERAKI_FORMAT
environment variable tocamelcase
.Ansible’s Meraki modules will stop supporting camel case output in Ansible 2.13. Please update your playbooks.
Check Mode downloads the current configuration from the dashboard, then compares changes against this download. Check Mode will report changed if there are differences in the configurations, but does not submit changes to the API for validation of change.
Examples
- name: Query firewall rules
meraki_mx_l7_firewall:
auth_key: abc123
org_name: YourOrg
net_name: YourNet
state: query
delegate_to: localhost
- name: Query applications and application categories
meraki_mx_l7_firewall:
auth_key: abc123
org_name: YourOrg
net_name: YourNet
categories: yes
state: query
delegate_to: localhost
- name: Set firewall rules
meraki_mx_l7_firewall:
auth_key: abc123
org_name: YourOrg
net_name: YourNet
state: present
rules:
- type: allowed_countries
countries:
- US
- FR
- type: blocked_countries
countries:
- CN
- policy: deny
type: port
port: 8080
- type: port
port: 1234
- type: host
host: asdf.com
- type: application
application:
id: meraki:layer7/application/205
- type: application_category
application:
id: meraki:layer7/category/24
delegate_to: localhost
Return Values
Common return values are documented here, the following are the fields unique to this module:
Key |
Description |
---|---|
Firewall rules associated to network. Returned: success |
|
List of application categories and applications. Returned: success, when querying applications |
|
List of applications within a category. Returned: success |
|
URI of application. Returned: success Sample: “Gmail” |
|
Descriptive name of application. Returned: success Sample: “meraki:layer7/application/4” |
|
URI of application category. Returned: success Sample: “Email” |
|
Descriptive name of application category. Returned: success Sample: “layer7/category/1” |
|
Ordered list of firewall rules. Returned: success, when not querying applications |
|
Countries to be allowed. Returned: success Sample: “CA” |
|
List of application categories within a category. Returned: success |
|
URI of application. Returned: success Sample: “Gmail” |
|
Descriptive name of application. Returned: success Sample: “meraki:layer7/application/4” |
|
List of applications within a category. Returned: success |
|
URI of application. Returned: success Sample: “Gmail” |
|
Descriptive name of application. Returned: success Sample: “meraki:layer7/application/4” |
|
Countries to be blacklisted. Returned: success Sample: “RU” |
|
Range of IP addresses in rule. Returned: success Sample: “1.1.1.0/23” |
|
Action to apply when rule is hit. Returned: success Sample: “deny” |
|
Port number in rule. Returned: success Sample: 23 |
|
Type of rule category. Returned: success Sample: “applications” |
Authors
Kevin Breit (@kbreit)