Try SpotterManage MR access point layer 3 firewalls in the Meraki cloud
| "added in version" 2.7 of ansible.builtin"
Authors: Kevin Breit (@kbreit)
preview | supported by community
pipInstall with pip install ansible==2.9.24
Allows for creation, management, and visibility into layer 3 firewalls implemented on Meraki MR access points.
Module is not idempotent as of current release.
- name: Create single firewall rule
meraki_mr_l3_firewall:
auth_key: abc123
state: present
org_name: YourOrg
net_id: 12345
number: 1
rules:
- comment: Integration test rule
policy: allow
protocol: tcp
dest_port: 80
dest_cidr: 192.0.2.0/24
allow_lan_access: no
delegate_to: localhost
- name: Enable local LAN access
meraki_mr_l3_firewall:
auth_key: abc123
state: present
org_name: YourOrg
net_id: 123
number: 1
rules:
allow_lan_access: yes
delegate_to: localhost
- name: Query firewall rules
meraki_mr_l3_firewall:
auth_key: abc123
state: query
org_name: YourOrg
net_name: YourNet
number: 1
delegate_to: localhost
host:
default: api.meraki.com
description:
- Hostname for Meraki dashboard.
- Can be used to access regional Meraki environments, such as China.
type: str
rules:
description:
- List of firewall rules.
suboptions:
comment:
description:
- Optional comment describing the firewall rule.
type: str
dest_cidr:
description:
- Comma-separated list of CIDR notation networks to match.
type: str
dest_port:
description:
- Comma-seperated list of destination ports to match.
type: str
policy:
choices:
- allow
- deny
description:
- Specifies the action that should be taken when rule is hit.
type: str
protocol:
choices:
- any
- icmp
- tcp
- udp
description:
- Specifies protocol to match against.
type: str
type: list
state:
choices:
- present
- query
default: present
description:
- Create or modify an organization.
type: str
net_id:
description:
- ID of network containing access points.
type: str
number:
aliases:
- ssid_number
description:
- Number of SSID to apply firewall rule to.
type: int
org_id:
description:
- ID of organization.
type: str
timeout:
default: 30
description:
- Time to timeout for HTTP requests.
type: int
auth_key:
description:
- Authentication key provided by the dashboard. Required if environmental variable
C(MERAKI_KEY) is not set.
required: true
type: str
net_name:
description:
- Name of network containing access points.
type: str
org_name:
aliases:
- organization
description:
- Name of organization.
type: str
ssid_name:
aliases:
- ssid
description:
- Name of SSID to apply firewall rule to.
type: str
use_https:
default: true
description:
- If C(no), it will use HTTP. Otherwise it will use HTTPS.
- Only useful for internal Meraki developers.
type: bool
use_proxy:
default: false
description:
- If C(no), it will not use a proxy, even if one is defined in an environment variable
on the target hosts.
type: bool
output_level:
choices:
- debug
- normal
default: normal
description:
- Set amount of debug output during module execution.
type: str
output_format:
choices:
- snakecase
- camelcase
default: snakecase
description:
- Instructs module whether response keys should be snake case (ex. C(net_id)) or camel
case (ex. C(netId)).
type: str
validate_certs:
default: true
description:
- Whether to validate HTTP certificates.
type: bool
allow_lan_access:
default: true
description:
- Sets whether devices can talk to other devices on the same LAN.
type: bool
rate_limit_retry_time:
default: 165
description:
- Number of seconds to retry if rate limiter is triggered.
type: int
internal_error_retry_time:
default: 60
description:
- Number of seconds to retry if server returns an internal server error.
type: int