cisco.meraki.meraki_mx_l3_firewall module – Manage MX appliance layer 3 firewalls in the Meraki cloud
Note
This module is part of the cisco.meraki collection (version 2.17.0).
You might already have this collection installed if you are using the ansible
package.
It is not included in ansible-core
.
To check whether it is installed, run ansible-galaxy collection list
.
To install it, use: ansible-galaxy collection install cisco.meraki
.
To use it in a playbook, specify: cisco.meraki.meraki_mx_l3_firewall
.
DEPRECATED
- Removed in:
version 3.0.0
- Why:
Updated modules released with increased functionality
- Alternative:
cisco.meraki.networks_appliance_firewall_l3_firewall_rules
Synopsis
Allows for creation, management, and visibility into layer 3 firewalls implemented on Meraki MX firewalls.
Parameters
Parameter |
Comments |
---|---|
Authentication key provided by the dashboard. Required if environmental variable |
|
Hostname for Meraki dashboard. Can be used to access regional Meraki environments, such as China. Default: |
|
Number of seconds to retry if server returns an internal server error. Default: |
|
ID of network which MX firewall is in. |
|
Name of network which MX firewall is in. |
|
ID of organization. |
|
Name of organization. |
|
Instructs module whether response keys should be snake case (ex. Choices:
|
|
Set amount of debug output during module execution. Choices:
|
|
Number of seconds to retry if rate limiter is triggered. Default: |
|
List of firewall rules. |
|
Optional comment to describe the firewall rule. |
|
Comma separated list of CIDR notation destination networks.
|
|
Comma separated list of destination port numbers to match against.
|
|
Policy to apply if rule is hit. Choices:
|
|
Protocol to match against. Choices:
|
|
Comma separated list of CIDR notation source networks.
|
|
Comma separated list of source port numbers to match against.
|
|
Whether to log hints against the firewall rule. Only applicable if a syslog server is specified against the network. Choices:
|
|
Create or modify an organization. Choices:
|
|
Whether to log hits against the default firewall rule. Only applicable if a syslog server is specified against the network. This is not shown in response from Meraki. Instead, refer to the Choices:
|
|
Time to timeout for HTTP requests. Default: |
|
If Only useful for internal Meraki developers. Choices:
|
|
If Choices:
|
|
Whether to validate HTTP certificates. Choices:
|
Notes
Note
Module assumes a complete list of firewall rules are passed as a parameter.
If there is interest in this module allowing manipulation of a single firewall rule, please submit an issue against this module.
More information about the Meraki API can be found at https://dashboard.meraki.com/api_docs.
Some of the options are likely only used for developers within Meraki.
As of Ansible 2.9, Meraki modules output keys as snake case. To use camel case, set the
ANSIBLE_MERAKI_FORMAT
environment variable tocamelcase
.Ansible’s Meraki modules will stop supporting camel case output in Ansible 2.13. Please update your playbooks.
Check Mode downloads the current configuration from the dashboard, then compares changes against this download. Check Mode will report changed if there are differences in the configurations, but does not submit changes to the API for validation of change.
Examples
- name: Query firewall rules
meraki_mx_l3_firewall:
auth_key: abc123
org_name: YourOrg
net_name: YourNet
state: query
delegate_to: localhost
- name: Set two firewall rules
meraki_mx_l3_firewall:
auth_key: abc123
org_name: YourOrg
net_name: YourNet
state: present
rules:
- comment: Block traffic to server
src_cidr: 192.0.1.0/24
src_port: any
dest_cidr: 192.0.2.2/32
dest_port: any
protocol: any
policy: deny
- comment: Allow traffic to group of servers
src_cidr: 192.0.1.0/24
src_port: any
dest_cidr: 192.0.2.0/24
dest_port: any
protocol: any
policy: allow
delegate_to: localhost
- name: Set one firewall rule and enable logging of the default rule
meraki_mx_l3_firewall:
auth_key: abc123
org_name: YourOrg
net_name: YourNet
state: present
rules:
- comment: Block traffic to server
src_cidr: 192.0.1.0/24
src_port: any
dest_cidr: 192.0.2.2/32
dest_port: any
protocol: any
policy: deny
syslog_default_rule: yes
delegate_to: localhost
Return Values
Common return values are documented here, the following are the fields unique to this module:
Key |
Description |
---|---|
Firewall rules associated to network. Returned: success |
|
List of firewall rules. Returned: success |
|
Comment to describe the firewall rule. Returned: always Sample: |
|
Comma separated list of CIDR notation destination networks. Returned: always Sample: |
|
Comma separated list of destination ports. Returned: always Sample: |
|
Action to take when rule is matched. Returned: always |
|
Network protocol for which to match against. Returned: always Sample: |
|
Comma separated list of CIDR notation source networks. Returned: always Sample: |
|
Comma separated list of source ports. Returned: always Sample: |
|
Whether to log to syslog when rule is matched. Returned: always Sample: |
Status
This module will be removed in version 3.0.0. [deprecated]
For more information see DEPRECATED.