cisco.meraki.organizations_policies_global_firewall_rulesets_rules module -- Resource module for organizations _policies _global _firewall _rulesets _rules
Note
This module is part of the cisco.meraki collection (version 2.24.0).
To install it, use: ansible-galaxy collection install cisco.meraki.
You need further requirements to be able to use this module,
see Requirements for details.
To use it in a playbook, specify: cisco.meraki.organizations_policies_global_firewall_rulesets_rules.
New in cisco.meraki 1.0.0
Synopsis
Manage operations create, update and delete of the resource organizations _policies _global _firewall _rulesets _rules.
Create an Organization-Wide Policy Firewall Rule.
Delete an Organization-Wide Policy Firewall Rule.
Update an Organization-Wide Policy Firewall Rule.
Note
This module has a corresponding action plugin.
Requirements
The below requirements are needed on the host that executes this module.
meraki >= 2.4.9
python >= 3.5
Parameters
Parameter |
Comments |
|---|---|
Description of the firewall rule. |
|
Destination traffic criteria. Each source or destination bloc is capped separately per rule at 100 total segment values. The count is segments_values_count the sum of all values across every segment type in that bloc. Ports use a separate cap of 100. |
|
Destination criteria values (not present if 'any' is in matchCriteria). |
|
Address ranges or addresses. |
|
Appliance VLANs. |
|
Interface ID. |
|
Application categories. |
|
Applications in this category. |
|
Application ID. |
|
Application name. |
|
Category ID. |
|
Category name. |
|
Applications. |
|
Application ID. |
|
Application name. |
|
Policy object groups. |
|
Policy object group ID. |
|
Policy objects. |
|
Policy object ID. |
|
Port numbers or ranges. |
|
Protocol and port services. |
|
Port numbers or ranges. |
|
Protocol (tcp, udp, etc). |
|
Destination match criteria types. |
|
Whether the rule is enabled. Choices: |
|
meraki_action_batch_retry_wait_time (integer), action batch concurrency error retry wait time Default: :ansible-option-default:`60` |
|
meraki_api_key (string), API key generated in dashboard; can also be set as an environment variable MERAKI_DASHBOARD_API_KEY |
|
meraki_base_url (string), preceding all endpoint resources Default: :ansible-option-default:`"https://api.meraki.com/api/v1"` |
|
meraki_be_geo_id (string), optional partner identifier for API usage tracking; can also be set as an environment variable BE_GEO_ID Default: :ansible-option-default:`""` |
|
meraki_certificate_path (string), path for TLS/SSL certificate verification if behind local proxy Default: :ansible-option-default:`""` |
|
meraki_inherit_logging_config (boolean), Inherits your own logger instance Choices: |
|
meraki_log_file_prefix (string), log file name appended with date and timestamp |
|
log_path (string), path to output log; by default, working directory of script if not specified Default: :ansible-option-default:`""` |
|
meraki_maximum_retries (integer), retry up to this many times when encountering 429s or other server-side errors Default: :ansible-option-default:`2` |
|
meraki_nginx_429_retry_wait_time (integer), Nginx 429 retry wait time Default: :ansible-option-default:`60` |
|
meraki_output_log (boolean), create an output log file? Choices: |
|
meraki_print_console (boolean), print logging output to console? Choices: |
|
meraki_requests_proxy (string), proxy server and port, if needed, for HTTPS Default: :ansible-option-default:`""` |
|
meraki_retry_4xx_error (boolean), retry if encountering other 4XX error (besides 429)? Choices: |
|
meraki_retry_4xx_error_wait_time (integer), other 4XX error retry wait time Default: :ansible-option-default:`60` |
|
meraki_simulate (boolean), simulate POST/PUT/DELETE calls to prevent changes? Choices: |
|
meraki_single_request_timeout (integer), maximum number of seconds for each API call Default: :ansible-option-default:`60` |
|
meraki_suppress_logging (boolean), disable all logging? you're on your own then! Choices: |
|
meraki_use_iterator_for_get_pages (boolean), list* methods will return an iterator with each object instead of a complete list with all items Choices: |
|
meraki_wait_on_rate_limit (boolean), retry if 429 rate limit error encountered? Choices: |
|
Name of the firewall rule. |
|
OrganizationId path parameter. Organization ID. |
|
Rule policy - allow or deny traffic. |
|
Rule priority (lower numbers = higher priority). |
|
RuleId path parameter. Rule ID. |
|
Firewall ruleset ID to associate the rule with. |
|
Source traffic criteria. Each source or destination bloc is capped separately per rule at 100 total segment values. The count is segments_values_count the sum of all values across every segment type in that bloc. Ports use a separate cap of 100. |
|
Source criteria values (not present if 'any' is in matchCriteria). |
|
Address ranges or addresses. |
|
Appliance VLANs. |
|
Interface ID. |
|
Policy object groups. |
|
Policy object group ID. |
|
Policy objects. |
|
Policy object ID. |
|
Port numbers or ranges. |
|
Source match criteria types. |
Notes
Note
SDK Method used are organizations.Organizations.create_organization_policies_global_firewall_rulesets_rule, organizations.Organizations.delete_organization_policies_global_firewall_rulesets_rule, organizations.Organizations.update_organization_policies_global_firewall_rulesets_rule,
Paths used are post /organizations/{organizationId}/policies/global/firewall/rulesets/rules, delete /organizations/{organizationId}/policies/global/firewall/rulesets/rules/{ruleId}, put /organizations/{organizationId}/policies/global/firewall/rulesets/rules/{ruleId},
Does not support
check_modeThe plugin runs on the control node and does not use any ansible connection plugins, but instead the embedded connection manager
from Cisco Dashboard API Python(SDK)
The parameters starting with dnac_ are used by the Cisco DNAC Python SDK to establish the connection
See Also
See also
- Cisco Meraki documentation for organizations createOrganizationPoliciesGlobalFirewallRulesetsRule
Complete reference of the createOrganizationPoliciesGlobalFirewallRulesetsRule API.
- Cisco Meraki documentation for organizations deleteOrganizationPoliciesGlobalFirewallRulesetsRule
Complete reference of the deleteOrganizationPoliciesGlobalFirewallRulesetsRule API.
- Cisco Meraki documentation for organizations updateOrganizationPoliciesGlobalFirewallRulesetsRule
Complete reference of the updateOrganizationPoliciesGlobalFirewallRulesetsRule API.
Examples
- name: Create
cisco.meraki.organizations_policies_global_firewall_rulesets_rules:
meraki_api_key: "{{ meraki_api_key }}"
meraki_base_url: "{{ meraki_base_url }}"
meraki_single_request_timeout: "{{ meraki_single_request_timeout }}"
meraki_certificate_path: "{{ meraki_certificate_path }}"
meraki_requests_proxy: "{{ meraki_requests_proxy }}"
meraki_wait_on_rate_limit: "{{ meraki_wait_on_rate_limit }}"
meraki_nginx_429_retry_wait_time: "{{ meraki_nginx_429_retry_wait_time }}"
meraki_action_batch_retry_wait_time: "{{ meraki_action_batch_retry_wait_time }}"
meraki_retry_4xx_error: "{{ meraki_retry_4xx_error }}"
meraki_retry_4xx_error_wait_time: "{{ meraki_retry_4xx_error_wait_time }}"
meraki_maximum_retries: "{{ meraki_maximum_retries }}"
meraki_output_log: "{{ meraki_output_log }}"
meraki_log_file_prefix: "{{ meraki_log_file_prefix }}"
meraki_log_path: "{{ meraki_log_path }}"
meraki_print_console: "{{ meraki_print_console }}"
meraki_suppress_logging: "{{ meraki_suppress_logging }}"
meraki_simulate: "{{ meraki_simulate }}"
meraki_be_geo_id: "{{ meraki_be_geo_id }}"
meraki_caller: "{{ meraki_caller }}"
meraki_use_iterator_for_get_pages: "{{ meraki_use_iterator_for_get_pages }}"
meraki_inherit_logging_config: "{{ meraki_inherit_logging_config }}"
state: present
description: This is rule 1
destinations:
criteria:
addressRanges:
- 1.1.1.1
- 2.2.2.2
applianceVlans:
- interfaceId: L_123456789012345678_vlan_200
applicationCategories:
- applications:
- id: meraki:layer7/application/5
name: Advertising.com
id: meraki:layer7/category/24
name: Advertising
applications:
- id: meraki:layer7/application/5
name: Advertising.com
policyObjectGroups:
- id: '45'
policyObjects:
- id: '23'
ports:
- '22'
- 42-46
services:
- ports:
- '80'
- '443'
protocol: tcp
matchCriteria:
- addressRanges
- services
- applicationCategories
- applications
- policyObjects
- policyObjectGroups
- applianceVlans
enabled: true
name: Allow developers
organizationId: string
policy: deny
priority: 100
rulesetId: '32'
sources:
criteria:
addressRanges:
- 1.1.1.1
- 2.2.2.2
applianceVlans:
- interfaceId: L_123456789012345678_vlan_200
policyObjectGroups:
- id: '45'
policyObjects:
- id: '23'
ports:
- '22'
- 42-46
matchCriteria:
- addressRanges
- ports
- policyObjects
- policyObjectGroups
- applianceVlans
- name: Delete by id
cisco.meraki.organizations_policies_global_firewall_rulesets_rules:
meraki_api_key: "{{ meraki_api_key }}"
meraki_base_url: "{{ meraki_base_url }}"
meraki_single_request_timeout: "{{ meraki_single_request_timeout }}"
meraki_certificate_path: "{{ meraki_certificate_path }}"
meraki_requests_proxy: "{{ meraki_requests_proxy }}"
meraki_wait_on_rate_limit: "{{ meraki_wait_on_rate_limit }}"
meraki_nginx_429_retry_wait_time: "{{ meraki_nginx_429_retry_wait_time }}"
meraki_action_batch_retry_wait_time: "{{ meraki_action_batch_retry_wait_time }}"
meraki_retry_4xx_error: "{{ meraki_retry_4xx_error }}"
meraki_retry_4xx_error_wait_time: "{{ meraki_retry_4xx_error_wait_time }}"
meraki_maximum_retries: "{{ meraki_maximum_retries }}"
meraki_output_log: "{{ meraki_output_log }}"
meraki_log_file_prefix: "{{ meraki_log_file_prefix }}"
meraki_log_path: "{{ meraki_log_path }}"
meraki_print_console: "{{ meraki_print_console }}"
meraki_suppress_logging: "{{ meraki_suppress_logging }}"
meraki_simulate: "{{ meraki_simulate }}"
meraki_be_geo_id: "{{ meraki_be_geo_id }}"
meraki_caller: "{{ meraki_caller }}"
meraki_use_iterator_for_get_pages: "{{ meraki_use_iterator_for_get_pages }}"
meraki_inherit_logging_config: "{{ meraki_inherit_logging_config }}"
state: absent
organizationId: string
ruleId: string
- name: Update by id
cisco.meraki.organizations_policies_global_firewall_rulesets_rules:
meraki_api_key: "{{ meraki_api_key }}"
meraki_base_url: "{{ meraki_base_url }}"
meraki_single_request_timeout: "{{ meraki_single_request_timeout }}"
meraki_certificate_path: "{{ meraki_certificate_path }}"
meraki_requests_proxy: "{{ meraki_requests_proxy }}"
meraki_wait_on_rate_limit: "{{ meraki_wait_on_rate_limit }}"
meraki_nginx_429_retry_wait_time: "{{ meraki_nginx_429_retry_wait_time }}"
meraki_action_batch_retry_wait_time: "{{ meraki_action_batch_retry_wait_time }}"
meraki_retry_4xx_error: "{{ meraki_retry_4xx_error }}"
meraki_retry_4xx_error_wait_time: "{{ meraki_retry_4xx_error_wait_time }}"
meraki_maximum_retries: "{{ meraki_maximum_retries }}"
meraki_output_log: "{{ meraki_output_log }}"
meraki_log_file_prefix: "{{ meraki_log_file_prefix }}"
meraki_log_path: "{{ meraki_log_path }}"
meraki_print_console: "{{ meraki_print_console }}"
meraki_suppress_logging: "{{ meraki_suppress_logging }}"
meraki_simulate: "{{ meraki_simulate }}"
meraki_be_geo_id: "{{ meraki_be_geo_id }}"
meraki_caller: "{{ meraki_caller }}"
meraki_use_iterator_for_get_pages: "{{ meraki_use_iterator_for_get_pages }}"
meraki_inherit_logging_config: "{{ meraki_inherit_logging_config }}"
state: present
description: This is rule 1
destinations:
criteria:
addressRanges:
- 1.1.1.1
- 2.2.2.2
applianceVlans:
- interfaceId: L_123456789012345678_vlan_200
applicationCategories:
- applications:
- id: meraki:layer7/application/5
name: Advertising.com
id: meraki:layer7/category/24
name: Advertising
applications:
- id: meraki:layer7/application/5
name: Advertising.com
policyObjectGroups:
- id: '45'
policyObjects:
- id: '23'
ports:
- '22'
- 42-46
services:
- ports:
- '80'
- '443'
protocol: tcp
matchCriteria:
- addressRanges
- services
- applicationCategories
- applications
- policyObjects
- policyObjectGroups
- applianceVlans
enabled: true
name: Allow developers
organizationId: string
policy: deny
priority: 100
ruleId: string
rulesetId: '32'
sources:
criteria:
addressRanges:
- 1.1.1.1
- 2.2.2.2
applianceVlans:
- interfaceId: L_123456789012345678_vlan_200
policyObjectGroups:
- id: '45'
policyObjects:
- id: '23'
ports:
- '22'
- 42-46
matchCriteria:
- addressRanges
- ports
- policyObjects
- policyObjectGroups
- applianceVlans
Return Values
Common return values are documented here, the following are the fields unique to this module:
Key |
Description |
|---|---|