cisco / cisco.meraki / 2.9.0 / module / meraki_mx_l3_firewall Manage MX appliance layer 3 firewalls in the Meraki cloud Authors: Kevin Breit (@kbreit) preview | supported by communitycisco.meraki.meraki_mx_l3_firewall (2.9.0) — module
Install with ansible-galaxy collection install cisco.meraki:==2.9.0
collections: - name: cisco.meraki version: 2.9.0
Allows for creation, management, and visibility into layer 3 firewalls implemented on Meraki MX firewalls.
- name: Query firewall rules meraki_mx_l3_firewall: auth_key: abc123 org_name: YourOrg net_name: YourNet state: query delegate_to: localhost
- name: Set two firewall rules meraki_mx_l3_firewall: auth_key: abc123 org_name: YourOrg net_name: YourNet state: present rules: - comment: Block traffic to server src_cidr: 192.0.1.0/24 src_port: any dest_cidr: 192.0.2.2/32 dest_port: any protocol: any policy: deny - comment: Allow traffic to group of servers src_cidr: 192.0.1.0/24 src_port: any dest_cidr: 192.0.2.0/24 dest_port: any protocol: any policy: allow delegate_to: localhost
- name: Set one firewall rule and enable logging of the default rule meraki_mx_l3_firewall: auth_key: abc123 org_name: YourOrg net_name: YourNet state: present rules: - comment: Block traffic to server src_cidr: 192.0.1.0/24 src_port: any dest_cidr: 192.0.2.2/32 dest_port: any protocol: any policy: deny syslog_default_rule: yes delegate_to: localhost
host: default: api.meraki.com description: - Hostname for Meraki dashboard. - Can be used to access regional Meraki environments, such as China. type: str rules: description: - List of firewall rules. elements: dict suboptions: comment: description: - Optional comment to describe the firewall rule. type: str dest_cidr: description: - Comma separated list of CIDR notation destination networks. - C(Any) must be capitalized. type: str dest_port: description: - Comma separated list of destination port numbers to match against. - C(Any) must be capitalized. type: str policy: choices: - allow - deny description: - Policy to apply if rule is hit. type: str protocol: choices: - any - icmp - tcp - udp description: - Protocol to match against. type: str src_cidr: description: - Comma separated list of CIDR notation source networks. - C(Any) must be capitalized. type: str src_port: description: - Comma separated list of source port numbers to match against. - C(Any) must be capitalized. type: str syslog_enabled: default: false description: - Whether to log hints against the firewall rule. - Only applicable if a syslog server is specified against the network. type: bool type: list state: choices: - present - query default: present description: - Create or modify an organization. type: str net_id: description: - ID of network which MX firewall is in. type: str org_id: description: - ID of organization. type: str timeout: default: 30 description: - Time to timeout for HTTP requests. type: int auth_key: description: - Authentication key provided by the dashboard. Required if environmental variable C(MERAKI_KEY) is not set. required: true type: str net_name: description: - Name of network which MX firewall is in. type: str org_name: aliases: - organization description: - Name of organization. type: str use_https: default: true description: - If C(no), it will use HTTP. Otherwise it will use HTTPS. - Only useful for internal Meraki developers. type: bool use_proxy: default: false description: - If C(no), it will not use a proxy, even if one is defined in an environment variable on the target hosts. type: bool output_level: choices: - debug - normal default: normal description: - Set amount of debug output during module execution. type: str output_format: choices: - snakecase - camelcase default: snakecase description: - Instructs module whether response keys should be snake case (ex. C(net_id)) or camel case (ex. C(netId)). type: str validate_certs: default: true description: - Whether to validate HTTP certificates. type: bool syslog_default_rule: description: - Whether to log hits against the default firewall rule. - Only applicable if a syslog server is specified against the network. - This is not shown in response from Meraki. Instead, refer to the C(syslog_enabled) value in the default rule. type: bool rate_limit_retry_time: default: 165 description: - Number of seconds to retry if rate limiter is triggered. type: int internal_error_retry_time: default: 60 description: - Number of seconds to retry if server returns an internal server error. type: int
data: contains: rules: contains: comment: description: Comment to describe the firewall rule. returned: always sample: Block traffic to server type: str dest_cidr: description: Comma separated list of CIDR notation destination networks. returned: always sample: 192.0.1.1/32,192.0.1.2/32 type: str dest_port: description: Comma separated list of destination ports. returned: always sample: 80,443 type: str policy: description: Action to take when rule is matched. returned: always type: str protocol: description: Network protocol for which to match against. returned: always sample: tcp type: str src_cidr: description: Comma separated list of CIDR notation source networks. returned: always sample: 192.0.1.1/32,192.0.1.2/32 type: str src_port: description: Comma separated list of source ports. returned: always sample: 80,443 type: str syslog_enabled: description: Whether to log to syslog when rule is matched. returned: always sample: true type: bool description: List of firewall rules. returned: success type: complex description: Firewall rules associated to network. returned: success type: complex