`_ (version 2.20.6). To install it, use: :code:`ansible-galaxy collection install cisco.meraki`. To use it in a playbook, specify: :code:`cisco.meraki.meraki_mx_l3_firewall`. .. version_added .. contents:: :local: :depth: 1 .. Deprecated DEPRECATED ---------- :Removed in: version 3.0.0 :Why: Updated modules released with increased functionality :Alternative: cisco.meraki.networks\_appliance\_firewall\_l3\_firewall\_rules Synopsis -------- .. Description - Allows for creation, management, and visibility into layer 3 firewalls implemented on Meraki MX firewalls. .. Aliases .. Requirements .. Options Parameters ---------- .. rst-class:: ansible-option-table .. list-table:: :width: 100% :widths: auto :header-rows: 1 * - Parameter - Comments * - .. raw:: html

.. _ansible_collections.cisco.meraki.meraki_mx_l3_firewall_module__parameter-auth_key: .. rst-class:: ansible-option-title **auth_key** .. raw:: html .. rst-class:: ansible-option-type-line :ansible-option-type:`string` / :ansible-option-required:`required` .. raw:: html

- .. raw:: html

Authentication key provided by the dashboard. Required if environmental variable \ :literal:`MERAKI\_KEY`\ is not set. .. raw:: html

* - .. raw:: html

.. _ansible_collections.cisco.meraki.meraki_mx_l3_firewall_module__parameter-host: .. rst-class:: ansible-option-title **host** .. raw:: html .. rst-class:: ansible-option-type-line :ansible-option-type:`string` .. raw:: html

- .. raw:: html

Hostname for Meraki dashboard. Can be used to access regional Meraki environments, such as China. .. rst-class:: ansible-option-line :ansible-option-default-bold:`Default:` :ansible-option-default:`"api.meraki.com"` .. raw:: html

* - .. raw:: html

.. _ansible_collections.cisco.meraki.meraki_mx_l3_firewall_module__parameter-internal_error_retry_time: .. rst-class:: ansible-option-title **internal_error_retry_time** .. raw:: html .. rst-class:: ansible-option-type-line :ansible-option-type:`integer` .. raw:: html

- .. raw:: html

Number of seconds to retry if server returns an internal server error. .. rst-class:: ansible-option-line :ansible-option-default-bold:`Default:` :ansible-option-default:`60` .. raw:: html

* - .. raw:: html

.. _ansible_collections.cisco.meraki.meraki_mx_l3_firewall_module__parameter-net_id: .. rst-class:: ansible-option-title **net_id** .. raw:: html .. rst-class:: ansible-option-type-line :ansible-option-type:`string` .. raw:: html

- .. raw:: html

ID of network which MX firewall is in. .. raw:: html

* - .. raw:: html

.. _ansible_collections.cisco.meraki.meraki_mx_l3_firewall_module__parameter-net_name: .. rst-class:: ansible-option-title **net_name** .. raw:: html .. rst-class:: ansible-option-type-line :ansible-option-type:`string` .. raw:: html

- .. raw:: html

Name of network which MX firewall is in. .. raw:: html

* - .. raw:: html

.. _ansible_collections.cisco.meraki.meraki_mx_l3_firewall_module__parameter-org_id: .. rst-class:: ansible-option-title **org_id** .. raw:: html .. rst-class:: ansible-option-type-line :ansible-option-type:`string` .. raw:: html

- .. raw:: html

ID of organization. .. raw:: html

* - .. raw:: html

.. _ansible_collections.cisco.meraki.meraki_mx_l3_firewall_module__parameter-org_name: .. _ansible_collections.cisco.meraki.meraki_mx_l3_firewall_module__parameter-organization: .. rst-class:: ansible-option-title **org_name** .. raw:: html .. rst-class:: ansible-option-type-line :ansible-option-aliases:`aliases: organization` .. rst-class:: ansible-option-type-line :ansible-option-type:`string` .. raw:: html

- .. raw:: html

Name of organization. .. raw:: html

* - .. raw:: html

.. _ansible_collections.cisco.meraki.meraki_mx_l3_firewall_module__parameter-output_format: .. rst-class:: ansible-option-title **output_format** .. raw:: html .. rst-class:: ansible-option-type-line :ansible-option-type:`string` .. raw:: html

- .. raw:: html

Instructs module whether response keys should be snake case (ex. \ :literal:`net\_id`\ ) or camel case (ex. \ :literal:`netId`\ ). .. rst-class:: ansible-option-line :ansible-option-choices:`Choices:` - :ansible-option-choices-entry-default:`"snakecase"` :ansible-option-choices-default-mark:`← (default)` - :ansible-option-choices-entry:`"camelcase"` .. raw:: html

* - .. raw:: html

.. _ansible_collections.cisco.meraki.meraki_mx_l3_firewall_module__parameter-output_level: .. rst-class:: ansible-option-title **output_level** .. raw:: html .. rst-class:: ansible-option-type-line :ansible-option-type:`string` .. raw:: html

- .. raw:: html

Set amount of debug output during module execution. .. rst-class:: ansible-option-line :ansible-option-choices:`Choices:` - :ansible-option-choices-entry:`"debug"` - :ansible-option-choices-entry-default:`"normal"` :ansible-option-choices-default-mark:`← (default)` .. raw:: html

* - .. raw:: html

.. _ansible_collections.cisco.meraki.meraki_mx_l3_firewall_module__parameter-rate_limit_retry_time: .. rst-class:: ansible-option-title **rate_limit_retry_time** .. raw:: html .. rst-class:: ansible-option-type-line :ansible-option-type:`integer` .. raw:: html

- .. raw:: html

Number of seconds to retry if rate limiter is triggered. .. rst-class:: ansible-option-line :ansible-option-default-bold:`Default:` :ansible-option-default:`165` .. raw:: html

* - .. raw:: html

.. _ansible_collections.cisco.meraki.meraki_mx_l3_firewall_module__parameter-rules: .. rst-class:: ansible-option-title **rules** .. raw:: html .. rst-class:: ansible-option-type-line :ansible-option-type:`list` / :ansible-option-elements:`elements=dictionary` .. raw:: html

- .. raw:: html

List of firewall rules. .. raw:: html

* - .. raw:: html

.. _ansible_collections.cisco.meraki.meraki_mx_l3_firewall_module__parameter-rules/comment: .. rst-class:: ansible-option-title **comment** .. raw:: html .. rst-class:: ansible-option-type-line :ansible-option-type:`string` .. raw:: html

- .. raw:: html

Optional comment to describe the firewall rule. .. raw:: html

* - .. raw:: html

.. _ansible_collections.cisco.meraki.meraki_mx_l3_firewall_module__parameter-rules/dest_cidr: .. rst-class:: ansible-option-title **dest_cidr** .. raw:: html .. rst-class:: ansible-option-type-line :ansible-option-type:`string` .. raw:: html

- .. raw:: html

Comma separated list of CIDR notation destination networks. \ :literal:`Any`\ must be capitalized. .. raw:: html

* - .. raw:: html

.. _ansible_collections.cisco.meraki.meraki_mx_l3_firewall_module__parameter-rules/dest_port: .. rst-class:: ansible-option-title **dest_port** .. raw:: html .. rst-class:: ansible-option-type-line :ansible-option-type:`string` .. raw:: html

- .. raw:: html

Comma separated list of destination port numbers to match against. \ :literal:`Any`\ must be capitalized. .. raw:: html

* - .. raw:: html

.. _ansible_collections.cisco.meraki.meraki_mx_l3_firewall_module__parameter-rules/policy: .. rst-class:: ansible-option-title **policy** .. raw:: html .. rst-class:: ansible-option-type-line :ansible-option-type:`string` .. raw:: html

- .. raw:: html

Policy to apply if rule is hit. .. rst-class:: ansible-option-line :ansible-option-choices:`Choices:` - :ansible-option-choices-entry:`"allow"` - :ansible-option-choices-entry:`"deny"` .. raw:: html

* - .. raw:: html

.. _ansible_collections.cisco.meraki.meraki_mx_l3_firewall_module__parameter-rules/protocol: .. rst-class:: ansible-option-title **protocol** .. raw:: html .. rst-class:: ansible-option-type-line :ansible-option-type:`string` .. raw:: html

- .. raw:: html

Protocol to match against. .. rst-class:: ansible-option-line :ansible-option-choices:`Choices:` - :ansible-option-choices-entry:`"any"` - :ansible-option-choices-entry:`"icmp"` - :ansible-option-choices-entry:`"tcp"` - :ansible-option-choices-entry:`"udp"` .. raw:: html

* - .. raw:: html

.. _ansible_collections.cisco.meraki.meraki_mx_l3_firewall_module__parameter-rules/src_cidr: .. rst-class:: ansible-option-title **src_cidr** .. raw:: html .. rst-class:: ansible-option-type-line :ansible-option-type:`string` .. raw:: html

- .. raw:: html

Comma separated list of CIDR notation source networks. \ :literal:`Any`\ must be capitalized. .. raw:: html

* - .. raw:: html

.. _ansible_collections.cisco.meraki.meraki_mx_l3_firewall_module__parameter-rules/src_port: .. rst-class:: ansible-option-title **src_port** .. raw:: html .. rst-class:: ansible-option-type-line :ansible-option-type:`string` .. raw:: html

- .. raw:: html

Comma separated list of source port numbers to match against. \ :literal:`Any`\ must be capitalized. .. raw:: html

* - .. raw:: html

.. _ansible_collections.cisco.meraki.meraki_mx_l3_firewall_module__parameter-rules/syslog_enabled: .. rst-class:: ansible-option-title **syslog_enabled** .. raw:: html .. rst-class:: ansible-option-type-line :ansible-option-type:`boolean` .. raw:: html

- .. raw:: html

Whether to log hints against the firewall rule. Only applicable if a syslog server is specified against the network. .. rst-class:: ansible-option-line :ansible-option-choices:`Choices:` - :ansible-option-choices-entry-default:`false` :ansible-option-choices-default-mark:`← (default)` - :ansible-option-choices-entry:`true` .. raw:: html

* - .. raw:: html

.. _ansible_collections.cisco.meraki.meraki_mx_l3_firewall_module__parameter-state: .. rst-class:: ansible-option-title **state** .. raw:: html .. rst-class:: ansible-option-type-line :ansible-option-type:`string` .. raw:: html

- .. raw:: html

Create or modify an organization. .. rst-class:: ansible-option-line :ansible-option-choices:`Choices:` - :ansible-option-choices-entry-default:`"present"` :ansible-option-choices-default-mark:`← (default)` - :ansible-option-choices-entry:`"query"` .. raw:: html

* - .. raw:: html

.. _ansible_collections.cisco.meraki.meraki_mx_l3_firewall_module__parameter-syslog_default_rule: .. rst-class:: ansible-option-title **syslog_default_rule** .. raw:: html .. rst-class:: ansible-option-type-line :ansible-option-type:`boolean` .. raw:: html

- .. raw:: html

Whether to log hits against the default firewall rule. Only applicable if a syslog server is specified against the network. This is not shown in response from Meraki. Instead, refer to the \ :literal:`syslog\_enabled`\ value in the default rule. .. rst-class:: ansible-option-line :ansible-option-choices:`Choices:` - :ansible-option-choices-entry:`false` - :ansible-option-choices-entry:`true` .. raw:: html

* - .. raw:: html

.. _ansible_collections.cisco.meraki.meraki_mx_l3_firewall_module__parameter-timeout: .. rst-class:: ansible-option-title **timeout** .. raw:: html .. rst-class:: ansible-option-type-line :ansible-option-type:`integer` .. raw:: html

- .. raw:: html

Time to timeout for HTTP requests. .. rst-class:: ansible-option-line :ansible-option-default-bold:`Default:` :ansible-option-default:`30` .. raw:: html

* - .. raw:: html

.. _ansible_collections.cisco.meraki.meraki_mx_l3_firewall_module__parameter-use_https: .. rst-class:: ansible-option-title **use_https** .. raw:: html .. rst-class:: ansible-option-type-line :ansible-option-type:`boolean` .. raw:: html

- .. raw:: html

If \ :literal:`no`\ , it will use HTTP. Otherwise it will use HTTPS. Only useful for internal Meraki developers. .. rst-class:: ansible-option-line :ansible-option-choices:`Choices:` - :ansible-option-choices-entry:`false` - :ansible-option-choices-entry-default:`true` :ansible-option-choices-default-mark:`← (default)` .. raw:: html

* - .. raw:: html

.. _ansible_collections.cisco.meraki.meraki_mx_l3_firewall_module__parameter-use_proxy: .. rst-class:: ansible-option-title **use_proxy** .. raw:: html .. rst-class:: ansible-option-type-line :ansible-option-type:`boolean` .. raw:: html

- .. raw:: html

If \ :literal:`no`\ , it will not use a proxy, even if one is defined in an environment variable on the target hosts. .. rst-class:: ansible-option-line :ansible-option-choices:`Choices:` - :ansible-option-choices-entry-default:`false` :ansible-option-choices-default-mark:`← (default)` - :ansible-option-choices-entry:`true` .. raw:: html

* - .. raw:: html

.. _ansible_collections.cisco.meraki.meraki_mx_l3_firewall_module__parameter-validate_certs: .. rst-class:: ansible-option-title **validate_certs** .. raw:: html .. rst-class:: ansible-option-type-line :ansible-option-type:`boolean` .. raw:: html

- .. raw:: html

Whether to validate HTTP certificates. .. rst-class:: ansible-option-line :ansible-option-choices:`Choices:` - :ansible-option-choices-entry:`false` - :ansible-option-choices-entry-default:`true` :ansible-option-choices-default-mark:`← (default)` .. raw:: html

.. Attributes .. Notes Notes ----- .. note:: - Module assumes a complete list of firewall rules are passed as a parameter. - If there is interest in this module allowing manipulation of a single firewall rule, please submit an issue against this module. - More information about the Meraki API can be found at \ https://dashboard.meraki.com/api_docs\ . - Some of the options are likely only used for developers within Meraki. - As of Ansible 2.9, Meraki modules output keys as snake case. To use camel case, set the \ :literal:`ANSIBLE\_MERAKI\_FORMAT`\ environment variable to \ :literal:`camelcase`\ . - Ansible's Meraki modules will stop supporting camel case output in Ansible 2.13. Please update your playbooks. - Check Mode downloads the current configuration from the dashboard, then compares changes against this download. Check Mode will report changed if there are differences in the configurations, but does not submit changes to the API for validation of change. .. Seealso .. Examples Examples -------- .. code-block:: yaml+jinja - name: Query firewall rules meraki_mx_l3_firewall: auth_key: abc123 org_name: YourOrg net_name: YourNet state: query delegate_to: localhost - name: Set two firewall rules meraki_mx_l3_firewall: auth_key: abc123 org_name: YourOrg net_name: YourNet state: present rules: - comment: Block traffic to server src_cidr: 192.0.1.0/24 src_port: any dest_cidr: 192.0.2.2/32 dest_port: any protocol: any policy: deny - comment: Allow traffic to group of servers src_cidr: 192.0.1.0/24 src_port: any dest_cidr: 192.0.2.0/24 dest_port: any protocol: any policy: allow delegate_to: localhost - name: Set one firewall rule and enable logging of the default rule meraki_mx_l3_firewall: auth_key: abc123 org_name: YourOrg net_name: YourNet state: present rules: - comment: Block traffic to server src_cidr: 192.0.1.0/24 src_port: any dest_cidr: 192.0.2.2/32 dest_port: any protocol: any policy: deny syslog_default_rule: true delegate_to: localhost .. Facts .. Return values Return Values ------------- Common return values are documented :ref:`here `, the following are the fields unique to this module: .. rst-class:: ansible-option-table .. list-table:: :width: 100% :widths: auto :header-rows: 1 * - Key - Description * - .. raw:: html

.. _ansible_collections.cisco.meraki.meraki_mx_l3_firewall_module__return-data: .. rst-class:: ansible-option-title **data** .. raw:: html .. rst-class:: ansible-option-type-line :ansible-option-type:`complex` .. raw:: html

- .. raw:: html

Firewall rules associated to network. .. rst-class:: ansible-option-line :ansible-option-returned-bold:`Returned:` success .. raw:: html

* - .. raw:: html

.. _ansible_collections.cisco.meraki.meraki_mx_l3_firewall_module__return-data/rules: .. rst-class:: ansible-option-title **rules** .. raw:: html .. rst-class:: ansible-option-type-line :ansible-option-type:`complex` .. raw:: html

- .. raw:: html

List of firewall rules. .. rst-class:: ansible-option-line :ansible-option-returned-bold:`Returned:` success .. raw:: html

* - .. raw:: html

.. _ansible_collections.cisco.meraki.meraki_mx_l3_firewall_module__return-data/rules/comment: .. rst-class:: ansible-option-title **comment** .. raw:: html .. rst-class:: ansible-option-type-line :ansible-option-type:`string` .. raw:: html

- .. raw:: html

Comment to describe the firewall rule. .. rst-class:: ansible-option-line :ansible-option-returned-bold:`Returned:` always .. rst-class:: ansible-option-line .. rst-class:: ansible-option-sample :ansible-option-sample-bold:`Sample:` :ansible-rv-sample-value:`"Block traffic to server"` .. raw:: html

* - .. raw:: html

.. _ansible_collections.cisco.meraki.meraki_mx_l3_firewall_module__return-data/rules/dest_cidr: .. rst-class:: ansible-option-title **dest_cidr** .. raw:: html .. rst-class:: ansible-option-type-line :ansible-option-type:`string` .. raw:: html

- .. raw:: html

Comma separated list of CIDR notation destination networks. .. rst-class:: ansible-option-line :ansible-option-returned-bold:`Returned:` always .. rst-class:: ansible-option-line .. rst-class:: ansible-option-sample :ansible-option-sample-bold:`Sample:` :ansible-rv-sample-value:`"192.0.1.1/32,192.0.1.2/32"` .. raw:: html

* - .. raw:: html

.. _ansible_collections.cisco.meraki.meraki_mx_l3_firewall_module__return-data/rules/dest_port: .. rst-class:: ansible-option-title **dest_port** .. raw:: html .. rst-class:: ansible-option-type-line :ansible-option-type:`string` .. raw:: html

- .. raw:: html

Comma separated list of destination ports. .. rst-class:: ansible-option-line :ansible-option-returned-bold:`Returned:` always .. rst-class:: ansible-option-line .. rst-class:: ansible-option-sample :ansible-option-sample-bold:`Sample:` :ansible-rv-sample-value:`"80,443"` .. raw:: html

* - .. raw:: html

.. _ansible_collections.cisco.meraki.meraki_mx_l3_firewall_module__return-data/rules/policy: .. rst-class:: ansible-option-title **policy** .. raw:: html .. rst-class:: ansible-option-type-line :ansible-option-type:`string` .. raw:: html

- .. raw:: html

Action to take when rule is matched. .. rst-class:: ansible-option-line :ansible-option-returned-bold:`Returned:` always .. raw:: html

* - .. raw:: html

.. _ansible_collections.cisco.meraki.meraki_mx_l3_firewall_module__return-data/rules/protocol: .. rst-class:: ansible-option-title **protocol** .. raw:: html .. rst-class:: ansible-option-type-line :ansible-option-type:`string` .. raw:: html

- .. raw:: html

Network protocol for which to match against. .. rst-class:: ansible-option-line :ansible-option-returned-bold:`Returned:` always .. rst-class:: ansible-option-line .. rst-class:: ansible-option-sample :ansible-option-sample-bold:`Sample:` :ansible-rv-sample-value:`"tcp"` .. raw:: html

* - .. raw:: html

.. _ansible_collections.cisco.meraki.meraki_mx_l3_firewall_module__return-data/rules/src_cidr: .. rst-class:: ansible-option-title **src_cidr** .. raw:: html .. rst-class:: ansible-option-type-line :ansible-option-type:`string` .. raw:: html

- .. raw:: html

Comma separated list of CIDR notation source networks. .. rst-class:: ansible-option-line :ansible-option-returned-bold:`Returned:` always .. rst-class:: ansible-option-line .. rst-class:: ansible-option-sample :ansible-option-sample-bold:`Sample:` :ansible-rv-sample-value:`"192.0.1.1/32,192.0.1.2/32"` .. raw:: html

* - .. raw:: html

.. _ansible_collections.cisco.meraki.meraki_mx_l3_firewall_module__return-data/rules/src_port: .. rst-class:: ansible-option-title **src_port** .. raw:: html .. rst-class:: ansible-option-type-line :ansible-option-type:`string` .. raw:: html

- .. raw:: html

Comma separated list of source ports. .. rst-class:: ansible-option-line :ansible-option-returned-bold:`Returned:` always .. rst-class:: ansible-option-line .. rst-class:: ansible-option-sample :ansible-option-sample-bold:`Sample:` :ansible-rv-sample-value:`"80,443"` .. raw:: html

* - .. raw:: html

.. _ansible_collections.cisco.meraki.meraki_mx_l3_firewall_module__return-data/rules/syslog_enabled: .. rst-class:: ansible-option-title **syslog_enabled** .. raw:: html .. rst-class:: ansible-option-type-line :ansible-option-type:`boolean` .. raw:: html

- .. raw:: html

Whether to log to syslog when rule is matched. .. rst-class:: ansible-option-line :ansible-option-returned-bold:`Returned:` always .. rst-class:: ansible-option-line .. rst-class:: ansible-option-sample :ansible-option-sample-bold:`Sample:` :ansible-rv-sample-value:`true` .. raw:: html

.. Status (Presently only deprecated) Status ------ .. Deprecated note - This module will be removed in version 3.0.0. *[deprecated]* - For more information see `DEPRECATED`_. .. Authors Authors ~~~~~~~ - Kevin Breit (@kbreit) .. Extra links Collection links ~~~~~~~~~~~~~~~~ .. raw:: html

Issue Tracker Repository (Sources)

.. Parsing errors