cisco.meraki.networks_appliance_security_intrusion module -- Resource module for networks _appliance _security _intrusion

Note

This module is part of the cisco.meraki collection (version 2.20.5).

To install it, use: ansible-galaxy collection install cisco.meraki. You need further requirements to be able to use this module, see Requirements for details.

To use it in a playbook, specify: cisco.meraki.networks_appliance_security_intrusion.

New in cisco.meraki 2.16.0

Synopsis

  • Manage operation update of the resource networks _appliance _security _intrusion.

  • Set the supported intrusion settings for an MX network.

Note

This module has a corresponding action plugin.

Requirements

The below requirements are needed on the host that executes this module.

  • meraki >= 2.4.9

  • python >= 3.5

Parameters

Parameter

Comments

idsRulesets

string

Set the detection ruleset 'connectivity'/'balanced'/'security' (optional - omitting will leave current config unchanged). Default value is 'balanced' if none currently saved.

meraki_action_batch_retry_wait_time

integer

meraki_action_batch_retry_wait_time (integer), action batch concurrency error retry wait time

Default: :ansible-option-default:`60`

meraki_api_key

string / required

meraki_api_key (string), API key generated in dashboard; can also be set as an environment variable MERAKI_DASHBOARD_API_KEY

meraki_base_url

string

meraki_base_url (string), preceding all endpoint resources

Default: :ansible-option-default:`"https://api.meraki.com/api/v1"`

meraki_be_geo_id

string

meraki_be_geo_id (string), optional partner identifier for API usage tracking; can also be set as an environment variable BE_GEO_ID

Default: :ansible-option-default:`""`

meraki_certificate_path

string

meraki_certificate_path (string), path for TLS/SSL certificate verification if behind local proxy

Default: :ansible-option-default:`""`

meraki_inherit_logging_config

boolean

meraki_inherit_logging_config (boolean), Inherits your own logger instance

Choices:

meraki_log_file_prefix

string

meraki_log_file_prefix (string), log file name appended with date and timestamp

Default: :ansible-option-default:`"meraki\_api\_"`

meraki_log_path

string

log_path (string), path to output log; by default, working directory of script if not specified

Default: :ansible-option-default:`""`

meraki_maximum_retries

integer

meraki_maximum_retries (integer), retry up to this many times when encountering 429s or other server-side errors

Default: :ansible-option-default:`2`

meraki_nginx_429_retry_wait_time

integer

meraki_nginx_429_retry_wait_time (integer), Nginx 429 retry wait time

Default: :ansible-option-default:`60`

meraki_output_log

boolean

meraki_output_log (boolean), create an output log file?

Choices:

meraki_print_console

boolean

meraki_print_console (boolean), print logging output to console?

Choices:

meraki_requests_proxy

string

meraki_requests_proxy (string), proxy server and port, if needed, for HTTPS

Default: :ansible-option-default:`""`

meraki_retry_4xx_error

boolean

meraki_retry_4xx_error (boolean), retry if encountering other 4XX error (besides 429)?

Choices:

meraki_retry_4xx_error_wait_time

integer

meraki_retry_4xx_error_wait_time (integer), other 4XX error retry wait time

Default: :ansible-option-default:`60`

meraki_simulate

boolean

meraki_simulate (boolean), simulate POST/PUT/DELETE calls to prevent changes?

Choices:

meraki_single_request_timeout

integer

meraki_single_request_timeout (integer), maximum number of seconds for each API call

Default: :ansible-option-default:`60`

meraki_suppress_logging

boolean

meraki_suppress_logging (boolean), disable all logging? you're on your own then!

Choices:

meraki_use_iterator_for_get_pages

boolean

meraki_use_iterator_for_get_pages (boolean), list* methods will return an iterator with each object instead of a complete list with all items

Choices:

meraki_wait_on_rate_limit

boolean

meraki_wait_on_rate_limit (boolean), retry if 429 rate limit error encountered?

Choices:

mode

string

Set mode to 'disabled'/'detection'/'prevention' (optional - omitting will leave current config unchanged).

networkId

string

NetworkId path parameter. Network ID.

protectedNetworks

dictionary

Set the included/excluded networks from the intrusion engine (optional - omitting will leave current config unchanged). This is available only in 'passthrough' mode.

excludedCidr

list / elements=string

List of IP addresses or subnets being excluded from protection (required if 'useDefault' is false).

includedCidr

list / elements=string

List of IP addresses or subnets being protected (required if 'useDefault' is false).

useDefault

boolean

true/false whether to use special IPv4 addresses https //tools.ietf.org/html/rfc5735 (required). Default value is true if none currently saved.

Choices:

Notes

Note

  • SDK Method used are appliance.Appliance.update_network_appliance_security_intrusion,

  • Paths used are put /networks/{networkId}/appliance/security/intrusion,

  • Does not support check_mode

  • The plugin runs on the control node and does not use any ansible connection plugins, but instead the embedded connection manager

  • from Cisco Dashboard API Python(SDK)

  • The parameters starting with dnac_ are used by the Cisco DNAC Python SDK to establish the connection

See Also

See also

Cisco Meraki documentation for appliance updateNetworkApplianceSecurityIntrusion

Complete reference of the updateNetworkApplianceSecurityIntrusion API.

Examples

- name: Update all
  cisco.meraki.networks_appliance_security_intrusion:
    meraki_api_key: '{{ meraki_api_key }}'
    meraki_base_url: '{{ meraki_base_url }}'
    meraki_single_request_timeout: '{{ meraki_single_request_timeout }}'
    meraki_certificate_path: '{{ meraki_certificate_path }}'
    meraki_requests_proxy: '{{ meraki_requests_proxy }}'
    meraki_wait_on_rate_limit: '{{ meraki_wait_on_rate_limit }}'
    meraki_nginx_429_retry_wait_time: '{{ meraki_nginx_429_retry_wait_time }}'
    meraki_action_batch_retry_wait_time: '{{ meraki_action_batch_retry_wait_time }}'
    meraki_retry_4xx_error: '{{ meraki_retry_4xx_error }}'
    meraki_retry_4xx_error_wait_time: '{{ meraki_retry_4xx_error_wait_time }}'
    meraki_maximum_retries: '{{ meraki_maximum_retries }}'
    meraki_output_log: '{{ meraki_output_log }}'
    meraki_log_file_prefix: '{{ meraki_log_file_prefix }}'
    meraki_log_path: '{{ meraki_log_path }}'
    meraki_print_console: '{{ meraki_print_console }}'
    meraki_suppress_logging: '{{ meraki_suppress_logging }}'
    meraki_simulate: '{{ meraki_simulate }}'
    meraki_be_geo_id: '{{ meraki_be_geo_id }}'
    meraki_use_iterator_for_get_pages: '{{ meraki_use_iterator_for_get_pages }}'
    meraki_inherit_logging_config: '{{ meraki_inherit_logging_config }}'
    state: present
    idsRulesets: balanced
    mode: prevention
    networkId: string
    protectedNetworks:
      excludedCidr:
        - 10.0.0.0/8
        - 127.0.0.0/8
      includedCidr:
        - 10.0.0.0/8
        - 127.0.0.0/8
        - 169.254.0.0/16
        - 172.16.0.0/12
      useDefault: false

Return Values

Common return values are documented here, the following are the fields unique to this module:

Key

Description

meraki_response

dictionary

A dictionary or list with the response returned by the Cisco Meraki Python SDK

Returned: always

Sample: :ansible-rv-sample-value:`{"idsRulesets": "string", "mode": "string", "protectedNetworks": {"excludedCidr": ["string"], "includedCidr": ["string"], "useDefault": true}}`

Authors

  • Francisco Munoz (@fmunoz)