external_gateway_facts - Facts about external VPN gateways¶

Synopsis ¶

An external VPN gateway is a VPN gateway that is not managed by the SMC to which you are connected. It defines the remote side networks and settings specific to handling VPNs. Use expand to specify attributes that should be resolved to raw data instead of HREF data.

Requirements (on host that executes module)¶

smc-python

Options ¶

parameter required default choices comments

case_sensitive

no

True

Whether to do a case sensitive match on the filter specified

exact_match

no

Whether to do an exact match on the filter specified

expand

no

vpn_site
gateway_profile

Expand sub elements that only provide HREF data. Specify a list of external VPN gateways by name.

filter

no

*

String value to match against when making query. Matches all if not specified. A filter will attempt to find a match in the name, primary key field or comment field of a given record.

limit

no

10

Limit the number of results. Set to 0 to remove limit.

smc_address

no

FQDN with port of SMC. The default value is the environment variable SMC_ADDRESS

smc_alt_filepath

no

Provide an alternate path location to read the credentials from. File is expected to be stored in ~.smcrc. If provided, address and api_key settings are not required and will be ignored.

smc_api_key

no

API key for api client. The default value is the environment variable SMC_API_KEY Required if the address parameter is defined

smc_api_version

no

Optional SMC API version to connect to. If none is provided, the latest long-term support (LTS) version of the SMC API will be used based on the SMC version. Can be set though the environment variable SMC_API_VERSION

smc_domain

no

Optional administrative domain in the SMC to log on to. If no domain is provided, 'Shared Domain' is used. Can be set through the environment variable SMC_DOMAIN

smc_extra_args

no

Extra arguments to pass to the login constructor. These arguments are generally only used if specifically requested by support personnel.

**Dictionary object smc_extra_args**
parameter	required	default	choices	comments
verify	no	True	yes no	If the connection to the SMC API is HTTPS, you can set this to True, or provide a path to a client certificate to verify the SMC SSL certificate. You can also explicitly set this to False.

smc_logging

no

Optionally enable SMC API logging to a file

**Dictionary object smc_logging**
parameter	required	default	choices	comments
path	yes			Full path to the log file
level	no			Log level as specified by the standard python logging library, in int format. Default setting is logging.DEBUG.

smc_timeout

no

Optional timeout for connections to the SMC API. Can be set through the environment variable SMC_TIMEOUT

Examples ¶

- name: Facts related to external VPN gateways
  hosts: localhost
  gather_facts: no
  tasks:
  - name: Retrieve all external GW's
    external_gateway_facts:

  - name: Get a specific external GW details
    external_gateway_facts:
      filter: myremotevpn

  - name: Get a specific external GW, and expand supported attributes
    external_gateway_facts:
      filter: myremotevpn
      expand:
        - gateway_profile
        - vpn_site

  - name: Get engine details for 'myfw' and save in editable YAML format
    register: results
    engine_facts:
      smc_logging:
        level: 10
        path: ansible-smc.log
      filter: newcluster
      as_yaml: true

  - name: Write the yaml using a jinja template
    template: src=templates/engine_yaml.j2 dest=./l3fw_cluster.yml

Return Values ¶

Return values that are common to all modules are documented in Return Values. The following fields are unique to this module:

name	description	returned	type	sample
external_gateway	Example external gateway data	always	list	[{'external_endpoint"': [{'read_only': False, 'udp_encapsulation': False, 'force_nat_t': True, 'name': 'endpoint2', 'enabled': True, 'balancing_mode': 'active', 'dynamic': False, 'system': False, 'nat_t': True, 'address': '33.33.33.35', 'ipsec_vpn': True, 'ike_phase1_id_type': 3}]}, {'gateway_profile': 'http://1.1.1.1:8082/6.4/elements/gateway_profile/3'}, {'name': 'myremotevpn'}, {'read_only': False}, {'system': False}, {'trust_all_cas': True}, {'trusted_certificate_authorities': []}, {'vpn_site': [{'read_only': False, 'site_element': ['http://1.1.1.1:8082/6.4/elements/network/708'], 'system': False, 'name': 'myremotevpn-site', 'gateway': 'http://1.1.1.1:8082/6.4/elements/external_gateway/47'}]}]

Notes ¶

Note

If a filter is not used in the query, this will return all results for the element type specified. The return data in this case will only contain the metadata for the element which will be name and type. To get detailed information about an element, use a filter. When using filters on network or service elements, the filter value will search the element fields, for example, you could use a filter of ‘1.1.1.1’ when searching for hosts and all hosts with this IP will be returned. The same applies for services. If you are unsure of the service name but know the port you require, your filter can be by port.

Author ¶

Forcepoint

Status ¶

This module is flagged as preview which means that it is not guaranteed to have a backwards compatible interface.