XLAB Steampunk logo Try Spotter
 / home / f5networks / f5networks.f5_modules / 1.28.0 / module / bigip_firewall_global_rules

f5networks.f5_modules.bigip_firewall_global_rules (1.28.0) — module

Manage AFM global rule settings on BIG-IP

| "added in version" 1.0.0 of f5networks.f5_modules"

Authors: Tim Rupp (@caphrim007)

Install collection | Add to requirements.yml | Description | Usage examples | Inputs | Outputs

Install collection

Install with ansible-galaxy collection install f5networks.f5_modules:==1.28.0


Add to requirements.yml

  collections:
    - name: f5networks.f5_modules
      version: 1.28.0

Description

Configures the global network firewall rules on AFM (Advanced Firewall Manager). These firewall rules are applied to all packets except those going through the management interface. They are applied first, before any firewall rules for the packet's virtual server, route domain, and/or self IP address.

Usage examples

Scanned by Steampunk Spotter
  • Success
    Steampunk Spotter scan finished with no errors, warnings or hints.
- name: Change enforced policy in AFM global rules
  bigip_firewall_global_rules:
    enforced_policy: enforcing1
    provider:
      password: secret
      server: lb.mydomain.com
      user: admin
  delegate_to: localhost

Inputs

    
provider:
    description:
    - A dict object containing connection details.
    suboptions:
      auth_provider:
        description:
        - Configures the auth provider for to obtain authentication tokens from the remote
          device.
        - This option is really used when working with BIG-IQ devices.
        type: str
      no_f5_teem:
        default: false
        description:
        - If C(yes), TEEM telemetry data is not sent to F5.
        - You may omit this option by setting the environment variable C(F5_TELEMETRY_OFF).
        - Previously used variable C(F5_TEEM) is deprecated as its name was confusing.
        type: bool
      password:
        aliases:
        - pass
        - pwd
        description:
        - The password for the user account used to connect to the BIG-IP or the BIG-IQ.
        - You may omit this option by setting the environment variable C(F5_PASSWORD).
        required: true
        type: str
      server:
        description:
        - The BIG-IP host or the BIG-IQ host.
        - You may omit this option by setting the environment variable C(F5_SERVER).
        required: true
        type: str
      server_port:
        default: 443
        description:
        - The BIG-IP server port.
        - You may omit this option by setting the environment variable C(F5_SERVER_PORT).
        type: int
      timeout:
        description:
        - Specifies the timeout in seconds for communicating with the network device for
          either connecting or sending commands.  If the timeout is exceeded before the
          operation is completed, the module will error.
        type: int
      transport:
        choices:
        - rest
        default: rest
        description:
        - Configures the transport connection to use when connecting to the remote device.
        type: str
      user:
        description:
        - The username to connect to the BIG-IP or the BIG-IQ. This user must have administrative
          privileges on the device.
        - You may omit this option by setting the environment variable C(F5_USER).
        required: true
        type: str
      validate_certs:
        default: true
        description:
        - If C(no), SSL certificates are not validated. Use this only on personally controlled
          sites using self-signed certificates.
        - You may omit this option by setting the environment variable C(F5_VALIDATE_CERTS).
        type: bool
    type: dict
    version_added: 1.0.0
    version_added_collection: f5networks.f5_modules

description:
    description:
    - Description for the global list of firewall rules.
    type: str

staged_policy:
    description:
    - Specifies a staged firewall policy.
    - C(staged_policy) rules are not enforced while all the visibility aspects (statistics,
      reporting, and logging) function as if the staged-policy rules were enforced globally.
    type: str

service_policy:
    description:
    - Specifies a service policy that would apply to traffic globally.
    - The service policy is applied to all flows, provided there are no other context
      specific service policy configurations that override the global service policy.
      For example, when a service policy is configured both at a global level and on a
      firewall rule, and a flow matches the rule, the more specific service policy configuration
      in the rule will override the service policy setting at the global level.
    - The service policy associated here can be created using the C(bigip_service_policy)
      module.
    type: str

enforced_policy:
    description:
    - Specifies an enforced firewall policy.
    - C(enforced_policy) rules are enforced globally.
    type: str

Outputs

description:
  description: The new description.
  returned: changed
  sample: My description
  type: str
enforced_policy:
  description: The new global Enforced Policy.
  returned: changed
  sample: /Common/enforced1
  type: str
service_policy:
  description: The new global Service Policy.
  returned: changed
  sample: /Common/service1
  type: str
staged_policy:
  description: The new global Staged Policy.
  returned: changed
  sample: /Common/staged1
  type: str
Got feedback? steampunk@xlab.si | © 2024. All rights reserved.
Cookie policy-Privacy policy-Terms of use-Security policy