W3cubDocs

/Ansible 2.9

meraki_mr_l3_firewall – Manage MR access point layer 3 firewalls in the Meraki cloud

New in version 2.7.

Synopsis

  • Allows for creation, management, and visibility into layer 3 firewalls implemented on Meraki MR access points.
  • Module is not idempotent as of current release.

Parameters

Parameter Choices/Defaults Comments
allow_lan_access
boolean
    Choices:
  • no
  • yes
Sets whether devices can talk to other devices on the same LAN.
auth_key
string / required
Authentication key provided by the dashboard. Required if environmental variable MERAKI_KEY is not set.
host
string
Default:
"api.meraki.com"
Hostname for Meraki dashboard.
Can be used to access regional Meraki environments, such as China.
internal_error_retry_time
integer
Default:
60
Number of seconds to retry if server returns an internal server error.
net_id
string
ID of network containing access points.
net_name
string
Name of network containing access points.
number
integer
Number of SSID to apply firewall rule to.

aliases: ssid_number
org_id
string
ID of organization.
org_name
string
Name of organization.

aliases: organization
output_format
string
    Choices:
  • snakecase
  • camelcase
Instructs module whether response keys should be snake case (ex. net_id) or camel case (ex. netId).
output_level
string
    Choices:
  • debug
  • normal
Set amount of debug output during module execution.
rate_limit_retry_time
integer
Default:
165
Number of seconds to retry if rate limiter is triggered.
rules
list
List of firewall rules.
comment
string
Optional comment describing the firewall rule.
dest_cidr
string
Comma-separated list of CIDR notation networks to match.
dest_port
string
Comma-seperated list of destination ports to match.
policy
string
    Choices:
  • allow
  • deny
Specifies the action that should be taken when rule is hit.
protocol
string
    Choices:
  • any
  • icmp
  • tcp
  • udp
Specifies protocol to match against.
ssid_name
string
Name of SSID to apply firewall rule to.

aliases: ssid
state
string
    Choices:
  • present
  • query
Create or modify an organization.
timeout
integer
Default:
30
Time to timeout for HTTP requests.
use_https
boolean
    Choices:
  • no
  • yes
If no, it will use HTTP. Otherwise it will use HTTPS.
Only useful for internal Meraki developers.
use_proxy
boolean
    Choices:
  • no
  • yes
If no, it will not use a proxy, even if one is defined in an environment variable on the target hosts.
validate_certs
boolean
    Choices:
  • no
  • yes
Whether to validate HTTP certificates.

Notes

Note

  • More information about the Meraki API can be found at https://dashboard.meraki.com/api_docs.
  • Some of the options are likely only used for developers within Meraki.
  • As of Ansible 2.9, Meraki modules output keys as snake case. To use camel case, set the ANSIBLE_MERAKI_FORMAT environment variable to camelcase.
  • Ansible’s Meraki modules will stop supporting camel case output in Ansible 2.13. Please update your playbooks.

Examples

- name: Create single firewall rule
  meraki_mr_l3_firewall:
    auth_key: abc123
    state: present
    org_name: YourOrg
    net_id: 12345
    number: 1
    rules:
      - comment: Integration test rule
        policy: allow
        protocol: tcp
        dest_port: 80
        dest_cidr: 192.0.2.0/24
    allow_lan_access: no
  delegate_to: localhost

- name: Enable local LAN access
  meraki_mr_l3_firewall:
    auth_key: abc123
    state: present
    org_name: YourOrg
    net_id: 123
    number: 1
    rules:
    allow_lan_access: yes
  delegate_to: localhost

- name: Query firewall rules
  meraki_mr_l3_firewall:
    auth_key: abc123
    state: query
    org_name: YourOrg
    net_name: YourNet
    number: 1
  delegate_to: localhost

Status

Authors

  • Kevin Breit (@kbreit)

Hint

If you notice any issues in this documentation, you can edit this document to improve it.

© 2012–2018 Michael DeHaan
© 2018–2019 Red Hat, Inc.
Licensed under the GNU General Public License version 3.
https://docs.ansible.com/ansible/2.9/modules/meraki_mr_l3_firewall_module.html