.. Document meta :orphan: .. |antsibull-internal-nbsp| unicode:: 0xA0 :trim: .. role:: ansible-attribute-support-label .. role:: ansible-attribute-support-property .. role:: ansible-attribute-support-full .. role:: ansible-attribute-support-partial .. role:: ansible-attribute-support-none .. role:: ansible-attribute-support-na .. role:: ansible-option-type .. role:: ansible-option-elements .. role:: ansible-option-required .. role:: ansible-option-versionadded .. role:: ansible-option-aliases .. role:: ansible-option-choices .. role:: ansible-option-choices-default-mark .. role:: ansible-option-default-bold .. role:: ansible-option-configuration .. role:: ansible-option-returned-bold .. role:: ansible-option-sample-bold .. Anchors .. _ansible_collections.cisco.meraki.networks_appliance_firewall_l7_firewall_rules_module: .. Anchors: short name for ansible.builtin .. Anchors: aliases .. Title cisco.meraki.networks_appliance_firewall_l7_firewall_rules module -- Resource module for networks \_appliance \_firewall l7 \_firewall \_rules ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ .. Collection note .. note:: This module is part of the `cisco.meraki collection `_ (version 2.20.7). To install it, use: :code:`ansible-galaxy collection install cisco.meraki`. You need further requirements to be able to use this module, see :ref:`Requirements ` for details. To use it in a playbook, specify: :code:`cisco.meraki.networks_appliance_firewall_l7_firewall_rules`. .. version_added .. rst-class:: ansible-version-added New in cisco.meraki 2.16.0 .. contents:: :local: :depth: 1 .. Deprecated Synopsis -------- .. Description - Manage operation update of the resource networks \_appliance \_firewall l7 \_firewall \_rules. - Update the MX L7 firewall rules for an MX network. .. note:: This module has a corresponding :ref:`action plugin `. .. Aliases .. Requirements .. _ansible_collections.cisco.meraki.networks_appliance_firewall_l7_firewall_rules_module_requirements: Requirements ------------ The below requirements are needed on the host that executes this module. - meraki \>= 2.4.9 - python \>= 3.5 .. Options Parameters ---------- .. rst-class:: ansible-option-table .. list-table:: :width: 100% :widths: auto :header-rows: 1 * - Parameter - Comments * - .. raw:: html
.. _ansible_collections.cisco.meraki.networks_appliance_firewall_l7_firewall_rules_module__parameter-meraki_action_batch_retry_wait_time: .. rst-class:: ansible-option-title **meraki_action_batch_retry_wait_time** .. raw:: html .. rst-class:: ansible-option-type-line :ansible-option-type:`integer` .. raw:: html
- .. raw:: html
meraki\_action\_batch\_retry\_wait\_time (integer), action batch concurrency error retry wait time .. rst-class:: ansible-option-line :ansible-option-default-bold:`Default:` :ansible-option-default:`60` .. raw:: html
* - .. raw:: html
.. _ansible_collections.cisco.meraki.networks_appliance_firewall_l7_firewall_rules_module__parameter-meraki_api_key: .. rst-class:: ansible-option-title **meraki_api_key** .. raw:: html .. rst-class:: ansible-option-type-line :ansible-option-type:`string` / :ansible-option-required:`required` .. raw:: html
- .. raw:: html
meraki\_api\_key (string), API key generated in dashboard; can also be set as an environment variable MERAKI\_DASHBOARD\_API\_KEY .. raw:: html
* - .. raw:: html
.. _ansible_collections.cisco.meraki.networks_appliance_firewall_l7_firewall_rules_module__parameter-meraki_base_url: .. rst-class:: ansible-option-title **meraki_base_url** .. raw:: html .. rst-class:: ansible-option-type-line :ansible-option-type:`string` .. raw:: html
- .. raw:: html
meraki\_base\_url (string), preceding all endpoint resources .. rst-class:: ansible-option-line :ansible-option-default-bold:`Default:` :ansible-option-default:`"https://api.meraki.com/api/v1"` .. raw:: html
* - .. raw:: html
.. _ansible_collections.cisco.meraki.networks_appliance_firewall_l7_firewall_rules_module__parameter-meraki_be_geo_id: .. rst-class:: ansible-option-title **meraki_be_geo_id** .. raw:: html .. rst-class:: ansible-option-type-line :ansible-option-type:`string` .. raw:: html
- .. raw:: html
meraki\_be\_geo\_id (string), optional partner identifier for API usage tracking; can also be set as an environment variable BE\_GEO\_ID .. rst-class:: ansible-option-line :ansible-option-default-bold:`Default:` :ansible-option-default:`""` .. raw:: html
* - .. raw:: html
.. _ansible_collections.cisco.meraki.networks_appliance_firewall_l7_firewall_rules_module__parameter-meraki_certificate_path: .. rst-class:: ansible-option-title **meraki_certificate_path** .. raw:: html .. rst-class:: ansible-option-type-line :ansible-option-type:`string` .. raw:: html
- .. raw:: html
meraki\_certificate\_path (string), path for TLS/SSL certificate verification if behind local proxy .. rst-class:: ansible-option-line :ansible-option-default-bold:`Default:` :ansible-option-default:`""` .. raw:: html
* - .. raw:: html
.. _ansible_collections.cisco.meraki.networks_appliance_firewall_l7_firewall_rules_module__parameter-meraki_inherit_logging_config: .. rst-class:: ansible-option-title **meraki_inherit_logging_config** .. raw:: html .. rst-class:: ansible-option-type-line :ansible-option-type:`boolean` .. raw:: html
- .. raw:: html
meraki\_inherit\_logging\_config (boolean), Inherits your own logger instance .. rst-class:: ansible-option-line :ansible-option-choices:`Choices:` - :ansible-option-choices-entry-default:`false` :ansible-option-choices-default-mark:`← (default)` - :ansible-option-choices-entry:`true` .. raw:: html
* - .. raw:: html
.. _ansible_collections.cisco.meraki.networks_appliance_firewall_l7_firewall_rules_module__parameter-meraki_log_file_prefix: .. rst-class:: ansible-option-title **meraki_log_file_prefix** .. raw:: html .. rst-class:: ansible-option-type-line :ansible-option-type:`string` .. raw:: html
- .. raw:: html
meraki\_log\_file\_prefix (string), log file name appended with date and timestamp .. rst-class:: ansible-option-line :ansible-option-default-bold:`Default:` :ansible-option-default:`"meraki\_api\_"` .. raw:: html
* - .. raw:: html
.. _ansible_collections.cisco.meraki.networks_appliance_firewall_l7_firewall_rules_module__parameter-meraki_log_path: .. rst-class:: ansible-option-title **meraki_log_path** .. raw:: html .. rst-class:: ansible-option-type-line :ansible-option-type:`string` .. raw:: html
- .. raw:: html
log\_path (string), path to output log; by default, working directory of script if not specified .. rst-class:: ansible-option-line :ansible-option-default-bold:`Default:` :ansible-option-default:`""` .. raw:: html
* - .. raw:: html
.. _ansible_collections.cisco.meraki.networks_appliance_firewall_l7_firewall_rules_module__parameter-meraki_maximum_retries: .. rst-class:: ansible-option-title **meraki_maximum_retries** .. raw:: html .. rst-class:: ansible-option-type-line :ansible-option-type:`integer` .. raw:: html
- .. raw:: html
meraki\_maximum\_retries (integer), retry up to this many times when encountering 429s or other server-side errors .. rst-class:: ansible-option-line :ansible-option-default-bold:`Default:` :ansible-option-default:`2` .. raw:: html
* - .. raw:: html
.. _ansible_collections.cisco.meraki.networks_appliance_firewall_l7_firewall_rules_module__parameter-meraki_nginx_429_retry_wait_time: .. rst-class:: ansible-option-title **meraki_nginx_429_retry_wait_time** .. raw:: html .. rst-class:: ansible-option-type-line :ansible-option-type:`integer` .. raw:: html
- .. raw:: html
meraki\_nginx\_429\_retry\_wait\_time (integer), Nginx 429 retry wait time .. rst-class:: ansible-option-line :ansible-option-default-bold:`Default:` :ansible-option-default:`60` .. raw:: html
* - .. raw:: html
.. _ansible_collections.cisco.meraki.networks_appliance_firewall_l7_firewall_rules_module__parameter-meraki_output_log: .. rst-class:: ansible-option-title **meraki_output_log** .. raw:: html .. rst-class:: ansible-option-type-line :ansible-option-type:`boolean` .. raw:: html
- .. raw:: html
meraki\_output\_log (boolean), create an output log file? .. rst-class:: ansible-option-line :ansible-option-choices:`Choices:` - :ansible-option-choices-entry:`false` - :ansible-option-choices-entry-default:`true` :ansible-option-choices-default-mark:`← (default)` .. raw:: html
* - .. raw:: html
.. _ansible_collections.cisco.meraki.networks_appliance_firewall_l7_firewall_rules_module__parameter-meraki_print_console: .. rst-class:: ansible-option-title **meraki_print_console** .. raw:: html .. rst-class:: ansible-option-type-line :ansible-option-type:`boolean` .. raw:: html
- .. raw:: html
meraki\_print\_console (boolean), print logging output to console? .. rst-class:: ansible-option-line :ansible-option-choices:`Choices:` - :ansible-option-choices-entry:`false` - :ansible-option-choices-entry-default:`true` :ansible-option-choices-default-mark:`← (default)` .. raw:: html
* - .. raw:: html
.. _ansible_collections.cisco.meraki.networks_appliance_firewall_l7_firewall_rules_module__parameter-meraki_requests_proxy: .. rst-class:: ansible-option-title **meraki_requests_proxy** .. raw:: html .. rst-class:: ansible-option-type-line :ansible-option-type:`string` .. raw:: html
- .. raw:: html
meraki\_requests\_proxy (string), proxy server and port, if needed, for HTTPS .. rst-class:: ansible-option-line :ansible-option-default-bold:`Default:` :ansible-option-default:`""` .. raw:: html
* - .. raw:: html
.. _ansible_collections.cisco.meraki.networks_appliance_firewall_l7_firewall_rules_module__parameter-meraki_retry_4xx_error: .. rst-class:: ansible-option-title **meraki_retry_4xx_error** .. raw:: html .. rst-class:: ansible-option-type-line :ansible-option-type:`boolean` .. raw:: html
- .. raw:: html
meraki\_retry\_4xx\_error (boolean), retry if encountering other 4XX error (besides 429)? .. rst-class:: ansible-option-line :ansible-option-choices:`Choices:` - :ansible-option-choices-entry-default:`false` :ansible-option-choices-default-mark:`← (default)` - :ansible-option-choices-entry:`true` .. raw:: html
* - .. raw:: html
.. _ansible_collections.cisco.meraki.networks_appliance_firewall_l7_firewall_rules_module__parameter-meraki_retry_4xx_error_wait_time: .. rst-class:: ansible-option-title **meraki_retry_4xx_error_wait_time** .. raw:: html .. rst-class:: ansible-option-type-line :ansible-option-type:`integer` .. raw:: html
- .. raw:: html
meraki\_retry\_4xx\_error\_wait\_time (integer), other 4XX error retry wait time .. rst-class:: ansible-option-line :ansible-option-default-bold:`Default:` :ansible-option-default:`60` .. raw:: html
* - .. raw:: html
.. _ansible_collections.cisco.meraki.networks_appliance_firewall_l7_firewall_rules_module__parameter-meraki_simulate: .. rst-class:: ansible-option-title **meraki_simulate** .. raw:: html .. rst-class:: ansible-option-type-line :ansible-option-type:`boolean` .. raw:: html
- .. raw:: html
meraki\_simulate (boolean), simulate POST/PUT/DELETE calls to prevent changes? .. rst-class:: ansible-option-line :ansible-option-choices:`Choices:` - :ansible-option-choices-entry-default:`false` :ansible-option-choices-default-mark:`← (default)` - :ansible-option-choices-entry:`true` .. raw:: html
* - .. raw:: html
.. _ansible_collections.cisco.meraki.networks_appliance_firewall_l7_firewall_rules_module__parameter-meraki_single_request_timeout: .. rst-class:: ansible-option-title **meraki_single_request_timeout** .. raw:: html .. rst-class:: ansible-option-type-line :ansible-option-type:`integer` .. raw:: html
- .. raw:: html
meraki\_single\_request\_timeout (integer), maximum number of seconds for each API call .. rst-class:: ansible-option-line :ansible-option-default-bold:`Default:` :ansible-option-default:`60` .. raw:: html
* - .. raw:: html
.. _ansible_collections.cisco.meraki.networks_appliance_firewall_l7_firewall_rules_module__parameter-meraki_suppress_logging: .. rst-class:: ansible-option-title **meraki_suppress_logging** .. raw:: html .. rst-class:: ansible-option-type-line :ansible-option-type:`boolean` .. raw:: html
- .. raw:: html
meraki\_suppress\_logging (boolean), disable all logging? you're on your own then! .. rst-class:: ansible-option-line :ansible-option-choices:`Choices:` - :ansible-option-choices-entry-default:`false` :ansible-option-choices-default-mark:`← (default)` - :ansible-option-choices-entry:`true` .. raw:: html
* - .. raw:: html
.. _ansible_collections.cisco.meraki.networks_appliance_firewall_l7_firewall_rules_module__parameter-meraki_use_iterator_for_get_pages: .. rst-class:: ansible-option-title **meraki_use_iterator_for_get_pages** .. raw:: html .. rst-class:: ansible-option-type-line :ansible-option-type:`boolean` .. raw:: html
- .. raw:: html
meraki\_use\_iterator\_for\_get\_pages (boolean), list\* methods will return an iterator with each object instead of a complete list with all items .. rst-class:: ansible-option-line :ansible-option-choices:`Choices:` - :ansible-option-choices-entry-default:`false` :ansible-option-choices-default-mark:`← (default)` - :ansible-option-choices-entry:`true` .. raw:: html
* - .. raw:: html
.. _ansible_collections.cisco.meraki.networks_appliance_firewall_l7_firewall_rules_module__parameter-meraki_wait_on_rate_limit: .. rst-class:: ansible-option-title **meraki_wait_on_rate_limit** .. raw:: html .. rst-class:: ansible-option-type-line :ansible-option-type:`boolean` .. raw:: html
- .. raw:: html
meraki\_wait\_on\_rate\_limit (boolean), retry if 429 rate limit error encountered? .. rst-class:: ansible-option-line :ansible-option-choices:`Choices:` - :ansible-option-choices-entry:`false` - :ansible-option-choices-entry-default:`true` :ansible-option-choices-default-mark:`← (default)` .. raw:: html
* - .. raw:: html
.. _ansible_collections.cisco.meraki.networks_appliance_firewall_l7_firewall_rules_module__parameter-networkid: .. rst-class:: ansible-option-title **networkId** .. raw:: html .. rst-class:: ansible-option-type-line :ansible-option-type:`string` .. raw:: html
- .. raw:: html
NetworkId path parameter. Network ID. .. raw:: html
* - .. raw:: html
.. _ansible_collections.cisco.meraki.networks_appliance_firewall_l7_firewall_rules_module__parameter-rules: .. rst-class:: ansible-option-title **rules** .. raw:: html .. rst-class:: ansible-option-type-line :ansible-option-type:`list` / :ansible-option-elements:`elements=dictionary` .. raw:: html
- .. raw:: html
An ordered array of the MX L7 firewall rules. .. raw:: html
* - .. raw:: html
.. _ansible_collections.cisco.meraki.networks_appliance_firewall_l7_firewall_rules_module__parameter-rules/policy: .. rst-class:: ansible-option-title **policy** .. raw:: html .. rst-class:: ansible-option-type-line :ansible-option-type:`string` .. raw:: html
- .. raw:: html
'Deny' traffic specified by this rule. .. raw:: html
* - .. raw:: html
.. _ansible_collections.cisco.meraki.networks_appliance_firewall_l7_firewall_rules_module__parameter-rules/type: .. rst-class:: ansible-option-title **type** .. raw:: html .. rst-class:: ansible-option-type-line :ansible-option-type:`string` .. raw:: html
- .. raw:: html
Type of the L7 rule. One of 'application', 'applicationCategory', 'host', 'port', 'ipRange'. .. raw:: html
* - .. raw:: html
.. _ansible_collections.cisco.meraki.networks_appliance_firewall_l7_firewall_rules_module__parameter-rules/value: .. rst-class:: ansible-option-title **value** .. raw:: html .. rst-class:: ansible-option-type-line :ansible-option-type:`string` .. raw:: html
- .. raw:: html
The 'value' of what you want to block. Format of 'value' varies depending on type of the rule. The application categories and application ids can be retrieved from the the 'MX L7 application categories' endpoint. The countries follow the two-letter ISO 3166-1 alpha-2 format. .. raw:: html
.. Attributes .. Notes Notes ----- .. note:: - SDK Method used are appliance.Appliance.update\_network\_appliance\_firewall\_l7\_firewall\_rules, - Paths used are put /networks/{networkId}/appliance/firewall/l7FirewallRules, - Does not support \ :literal:`check\_mode`\ - The plugin runs on the control node and does not use any ansible connection plugins, but instead the embedded connection manager - from Cisco Dashboard API Python(SDK) - The parameters starting with dnac\_ are used by the Cisco DNAC Python SDK to establish the connection .. Seealso See Also -------- .. seealso:: `Cisco Meraki documentation for appliance updateNetworkApplianceFirewallL7FirewallRules `_ Complete reference of the updateNetworkApplianceFirewallL7FirewallRules API. .. Examples Examples -------- .. code-block:: yaml+jinja - name: Update all cisco.meraki.networks_appliance_firewall_l7_firewall_rules: meraki_api_key: '{{ meraki_api_key }}' meraki_base_url: '{{ meraki_base_url }}' meraki_single_request_timeout: '{{ meraki_single_request_timeout }}' meraki_certificate_path: '{{ meraki_certificate_path }}' meraki_requests_proxy: '{{ meraki_requests_proxy }}' meraki_wait_on_rate_limit: '{{ meraki_wait_on_rate_limit }}' meraki_nginx_429_retry_wait_time: '{{ meraki_nginx_429_retry_wait_time }}' meraki_action_batch_retry_wait_time: '{{ meraki_action_batch_retry_wait_time }}' meraki_retry_4xx_error: '{{ meraki_retry_4xx_error }}' meraki_retry_4xx_error_wait_time: '{{ meraki_retry_4xx_error_wait_time }}' meraki_maximum_retries: '{{ meraki_maximum_retries }}' meraki_output_log: '{{ meraki_output_log }}' meraki_log_file_prefix: '{{ meraki_log_file_prefix }}' meraki_log_path: '{{ meraki_log_path }}' meraki_print_console: '{{ meraki_print_console }}' meraki_suppress_logging: '{{ meraki_suppress_logging }}' meraki_simulate: '{{ meraki_simulate }}' meraki_be_geo_id: '{{ meraki_be_geo_id }}' meraki_use_iterator_for_get_pages: '{{ meraki_use_iterator_for_get_pages }}' meraki_inherit_logging_config: '{{ meraki_inherit_logging_config }}' state: present networkId: string rules: - policy: deny type: host value: google.com - policy: deny type: port value: '23' - policy: deny type: ipRange value: 10.11.12.00/24 - policy: deny type: ipRange value: 10.11.12.00/24:5555 .. Facts .. Return values Return Values ------------- Common return values are documented :ref:`here `, the following are the fields unique to this module: .. rst-class:: ansible-option-table .. list-table:: :width: 100% :widths: auto :header-rows: 1 * - Key - Description * - .. raw:: html
.. _ansible_collections.cisco.meraki.networks_appliance_firewall_l7_firewall_rules_module__return-meraki_response: .. rst-class:: ansible-option-title **meraki_response** .. raw:: html .. rst-class:: ansible-option-type-line :ansible-option-type:`dictionary` .. raw:: html
- .. raw:: html
A dictionary or list with the response returned by the Cisco Meraki Python SDK .. rst-class:: ansible-option-line :ansible-option-returned-bold:`Returned:` always .. rst-class:: ansible-option-line .. rst-class:: ansible-option-sample :ansible-option-sample-bold:`Sample:` :ansible-rv-sample-value:`{}` .. raw:: html
.. Status (Presently only deprecated) .. Authors Authors ~~~~~~~ - Francisco Munoz (@fmunoz) .. Extra links Collection links ~~~~~~~~~~~~~~~~ .. raw:: html

Issue Tracker Repository (Sources)

.. Parsing errors