Try SpotterRemoved in 3.0.0
Reason:Updated modules released with increased functionality | Alternative:cisco.meraki.networks_appliance_firewall_l3_firewall_rules
Manage MX appliance layer 3 firewalls in the Meraki cloud
Authors: Kevin Breit (@kbreit)
deprecated | supported by community
Install with ansible-galaxy collection install cisco.meraki:==2.18.0
collections:
- name: cisco.meraki
version: 2.18.0Allows for creation, management, and visibility into layer 3 firewalls implemented on Meraki MX firewalls.
- name: Query firewall rules
meraki_mx_l3_firewall:
auth_key: abc123
org_name: YourOrg
net_name: YourNet
state: query
delegate_to: localhost
- name: Set two firewall rules
meraki_mx_l3_firewall:
auth_key: abc123
org_name: YourOrg
net_name: YourNet
state: present
rules:
- comment: Block traffic to server
src_cidr: 192.0.1.0/24
src_port: any
dest_cidr: 192.0.2.2/32
dest_port: any
protocol: any
policy: deny
- comment: Allow traffic to group of servers
src_cidr: 192.0.1.0/24
src_port: any
dest_cidr: 192.0.2.0/24
dest_port: any
protocol: any
policy: allow
delegate_to: localhost
- name: Set one firewall rule and enable logging of the default rule
meraki_mx_l3_firewall:
auth_key: abc123
org_name: YourOrg
net_name: YourNet
state: present
rules:
- comment: Block traffic to server
src_cidr: 192.0.1.0/24
src_port: any
dest_cidr: 192.0.2.2/32
dest_port: any
protocol: any
policy: deny
syslog_default_rule: yes
delegate_to: localhost
host:
default: api.meraki.com
description:
- Hostname for Meraki dashboard.
- Can be used to access regional Meraki environments, such as China.
type: str
rules:
description:
- List of firewall rules.
elements: dict
suboptions:
comment:
description:
- Optional comment to describe the firewall rule.
type: str
dest_cidr:
description:
- Comma separated list of CIDR notation destination networks.
- C(Any) must be capitalized.
type: str
dest_port:
description:
- Comma separated list of destination port numbers to match against.
- C(Any) must be capitalized.
type: str
policy:
choices:
- allow
- deny
description:
- Policy to apply if rule is hit.
type: str
protocol:
choices:
- any
- icmp
- tcp
- udp
description:
- Protocol to match against.
type: str
src_cidr:
description:
- Comma separated list of CIDR notation source networks.
- C(Any) must be capitalized.
type: str
src_port:
description:
- Comma separated list of source port numbers to match against.
- C(Any) must be capitalized.
type: str
syslog_enabled:
default: false
description:
- Whether to log hints against the firewall rule.
- Only applicable if a syslog server is specified against the network.
type: bool
type: list
state:
choices:
- present
- query
default: present
description:
- Create or modify an organization.
type: str
net_id:
description:
- ID of network which MX firewall is in.
type: str
org_id:
description:
- ID of organization.
type: str
timeout:
default: 30
description:
- Time to timeout for HTTP requests.
type: int
auth_key:
description:
- Authentication key provided by the dashboard. Required if environmental variable
C(MERAKI_KEY) is not set.
required: true
type: str
net_name:
description:
- Name of network which MX firewall is in.
type: str
org_name:
aliases:
- organization
description:
- Name of organization.
type: str
use_https:
default: true
description:
- If C(no), it will use HTTP. Otherwise it will use HTTPS.
- Only useful for internal Meraki developers.
type: bool
use_proxy:
default: false
description:
- If C(no), it will not use a proxy, even if one is defined in an environment variable
on the target hosts.
type: bool
output_level:
choices:
- debug
- normal
default: normal
description:
- Set amount of debug output during module execution.
type: str
output_format:
choices:
- snakecase
- camelcase
default: snakecase
description:
- Instructs module whether response keys should be snake case (ex. C(net_id)) or camel
case (ex. C(netId)).
type: str
validate_certs:
default: true
description:
- Whether to validate HTTP certificates.
type: bool
syslog_default_rule:
description:
- Whether to log hits against the default firewall rule.
- Only applicable if a syslog server is specified against the network.
- This is not shown in response from Meraki. Instead, refer to the C(syslog_enabled)
value in the default rule.
type: bool
rate_limit_retry_time:
default: 165
description:
- Number of seconds to retry if rate limiter is triggered.
type: int
internal_error_retry_time:
default: 60
description:
- Number of seconds to retry if server returns an internal server error.
type: int
data:
contains:
rules:
contains:
comment:
description: Comment to describe the firewall rule.
returned: always
sample: Block traffic to server
type: str
dest_cidr:
description: Comma separated list of CIDR notation destination networks.
returned: always
sample: 192.0.1.1/32,192.0.1.2/32
type: str
dest_port:
description: Comma separated list of destination ports.
returned: always
sample: 80,443
type: str
policy:
description: Action to take when rule is matched.
returned: always
type: str
protocol:
description: Network protocol for which to match against.
returned: always
sample: tcp
type: str
src_cidr:
description: Comma separated list of CIDR notation source networks.
returned: always
sample: 192.0.1.1/32,192.0.1.2/32
type: str
src_port:
description: Comma separated list of source ports.
returned: always
sample: 80,443
type: str
syslog_enabled:
description: Whether to log to syslog when rule is matched.
returned: always
sample: true
type: bool
description: List of firewall rules.
returned: success
type: complex
description: Firewall rules associated to network.
returned: success
type: complex