meraki_mx_l3_firewall - Manage MX appliance layer 3 firewalls in the Meraki cloud¶

New in version 2.7.

Synopsis
Parameters
Notes
Examples
Return Values
Status
Maintenance
- Author

Synopsis ¶

Allows for creation, management, and visibility into layer 3 firewalls implemented on Meraki MX firewalls.

Parameters ¶

Parameter		Choices/Defaults	Comments
auth_key			Authentication key provided by the dashboard. Required if environmental variable MERAKI_KEY is not set.
host string		Default: api.meraki.com	Hostname for Meraki dashboard Only useful for internal Meraki developers
net_id			ID of network which MX firewall is in.
net_name			Name of network which MX firewall is in.
org_id			ID of organization.
org_name			Name of organization. If `clone` is specified, `org_name` is the name of the new organization. aliases: organization
output_level		Choices: normal ← debug	Set amount of debug output during module execution
rules			List of firewall rules.
	comment		Optional comment to describe the firewall rule.
	src_port		Comma separated list of source port numbers to match against.
	dest_cidr		Comma separated list of CIDR notation destination networks.
	syslog_enabled		Whether to log hints against the firewall rule. Only applicable if a syslog server is specified against the network.
	policy	Choices: allow deny	Policy to apply if rule is hit.
	protocol	Choices: any icmp tcp udp	Protocol to match against.
	src_cidr		Comma separated list of CIDR notation source networks.
	dest_port		Comma separated list of destination port numbers to match against.
state		Choices: present ← query	Create or modify an organization.
syslog_default_rule bool		Choices: no ← yes	Whether to log hits against the default firewall rule. Only applicable if a syslog server is specified against the network. This is not shown in response from Meraki. Instead, refer to the `syslog_enabled` value in the default rule.
timeout int		Default: 30	Time to timeout for HTTP requests.
use_https bool		Choices: no yes ←	If `no`, it will use HTTP. Otherwise it will use HTTPS. Only useful for internal Meraki developers
use_proxy bool		Choices: no yes	If `no`, it will not use a proxy, even if one is defined in an environment variable on the target hosts.
validate_certs bool		Choices: no yes ←	Whether to validate HTTP certificates.

Notes ¶

Note

Module assumes a complete list of firewall rules are passed as a parameter.
If there is interest in this module allowing manipulation of a single firewall rule, please submit an issue against this module.
More information about the Meraki API can be found at https://dashboard.meraki.com/api_docs.
Some of the options are likely only used for developers within Meraki

Examples ¶

- name: Query firewall rules
  meraki_mx_l3_firewall:
    auth_key: abc123
    org_name: YourOrg
    net_name: YourNet
    state: query
  delegate_to: localhost

- name: Set two firewall rules
  meraki_mx_l3_firewall:
    auth_key: abc123
    org_name: YourOrg
    net_name: YourNet
    state: present
    rules:
      - comment: Block traffic to server
        src_cidr: 192.0.1.0/24
        src_port: any
        dest_cidr: 192.0.2.2/32
        dest_port: any
        protocol: any
        policy: deny
      - comment: Allow traffic to group of servers
        src_cidr: 192.0.1.0/24
        src_port: any
        dest_cidr: 192.0.2.0/24
        dest_port: any
        protocol: any
        policy: permit
  delegate_to: localhost

- name: Set one firewall rule and enable logging of the default rule
  meraki_mx_l3_firewall:
    auth_key: abc123
    org_name: YourOrg
    net_name: YourNet
    state: present
    rules:
      - comment: Block traffic to server
        src_cidr: 192.0.1.0/24
        src_port: any
        dest_cidr: 192.0.2.2/32
        dest_port: any
        protocol: any
        policy: deny
    syslog_default_rule: yes
  delegate_to: localhost

Return Values ¶

Common return values are documented here, the following are the fields unique to this module:

Key		Returned	Description
data complex		success	Firewall rules associated to network.
	comment string	always	Comment to describe the firewall rule. Sample: Block traffic to server
	src_port string	always	Comma separated list of source ports. Sample: 80,443
	dest_cidr string	always	Comma separated list of CIDR notation destination networks. Sample: 192.0.1.1/32,192.0.1.2/32
	syslog_enabled bool	always	Whether to log to syslog when rule is matched. Sample: True
	policy string	always	Action to take when rule is matched.
	protocol string	always	Network protocol for which to match against. Sample: tcp
	dest_port string	always	Comma separated list of destination ports. Sample: 80,443
	src_cidr string	always	Comma separated list of CIDR notation source networks. Sample: 192.0.1.1/32,192.0.1.2/32

Status ¶

This module is flagged as preview which means that it is not guaranteed to have a backwards compatible interface.

Maintenance ¶

This module is flagged as community which means that it is maintained by the Ansible Community. See Module Maintenance & Support for more info.

For a list of other modules that are also maintained by the Ansible Community, see here.

Author ¶

Kevin Breit (@kbreit)

Hint

If you notice any issues in this documentation you can edit this document to improve it.