external_gateway - Represents a VPN gateway that is not managed by this Management Server

Synopsis

  • An external VPN gateway is a VPN gateway that is not managed by the Management Server to which you are connected. An external VPN gateway can be used in either policy-based or route-based VPNs.

Requirements (on host that executes module)

  • smc-python

Options

parameter required default choices comments
external_endpoint
 no
An endpoint represents an external VPN gateway and its remote site settings, such as IP address and remote site networks, etc.
Dictionary object external_endpoint
parameter required default choices comments
connection_type
 no
(Optional, SMC 6.5.1 and higher) The connection_type setting to identify the type of external endpoint. Defaults to Active.
force_nat_t
 no
Whether to force NAT traversal for the endpoint
name
 yes
Name for the endpoint, unique identifier
dynamic
 no
  • yes
  • no
If the endpoint IP address is dynamic (dhcp) then set this value. This is mutually exclusive with the endpoint_ip parameter.
address
 no
The endpoint IP address of the VPN gateway. This is mutually exclusive with the endpoint_dynamic parameter
enabled
 no True
Whether to enable the VPN endpoint
ike_phase1_id_value
 no
Value of ike_phase1_id_type. This should conform to the type selected. For example, if email address is used, format should be a@a.com. Required if dynamic=yes.
nat_t
 no True
Whether to enable NAT traversal for the endpoint.
balancing_mode
 no active
  • active
  • standby
  • aggregate
The role for this endpoint.
ike_phase1_id_type
 no
  • 0 (DNS)
  • 1 (Email address)
  • 2 (Distinguished name)
  • 3 (IP address)
An IKE phase1 id is required if dynamic=yes. This specifies the type of selector to use to identify the dynamic endpoint.
name
 yes

The name of the external gateway
smc_address
 no

FQDN with port of SMC. The default value is the environment variable SMC_ADDRESS
smc_alt_filepath
 no

Provide an alternate path location to read the credentials from. File is expected to be stored in ~.smcrc. If provided, url and api_key settings are not required and will be ignored.
smc_api_key
 no

API key for api client. The default value is the environment variable SMC_API_KEY Required if url
smc_api_version
 no

Optional API version to connect to. If none is provided, the latests LTS SMC API version will be used based on the Management Center version. Can be set though the environment variable SMC_API_VERSION
smc_domain
 no

Optional domain to log in to. If no domain is provided, 'Shared Domain' is used. Can be set throuh the environment variable SMC_DOMAIN
smc_extra_args
 no
Extra arguments to pass to login constructor. These are generally only used if specifically requested by support personnel.
Dictionary object smc_extra_args
parameter required default choices comments
verify
 no True
  • yes
  • no
Is the connection to SMC is HTTPS, you can set this to True, or provide a path to a client certificate to verify the SMC SSL certificate. You can also explicitly set this to False.
smc_logging
 no
Optionally enable SMC API logging to a file
Dictionary object smc_logging
parameter required default choices comments
path
 yes
Full path to the log file
level
 no
Log level as specified by the standard python logging library, in int format. Default setting is logging.DEBUG.
smc_timeout
 no

Optional timeout for connections to the SMC. Can be set through environment SMC_TIMEOUT
state
 no present
  • present
  • absent

Create or delete flag
tags
 no

Any tags for this gateway
vpn_site
 no
VPN sites define the networks that are reachable through this VPN. A site entry should be a network CIDR address. If the network does not exist, the element will be created.
Dictionary object vpn_site
parameter required default choices comments
element type
 yes
This is the type of element that is referenced in the SMC. For example, network, host, group, etc. This should be a dict of lists, where the dict key is the element type and the list value is the name of each element.

Examples

- name: Create a static IP based external gateway
  register: result
  external_gateway:
    smc_logging:
      level: 10
      path: ansible-smc.log
    external_endpoint:
    -   address: 33.33.33.41
        enabled: true
        name: extgw3 (33.33.33.41)
        connection_type: 'Active'
    -   address: 34.34.34.34
        enabled: true
        name: endpoint2 (34.34.34.34)
        connection_type: 'Active 1'
    -   address: 44.44.44.44
        enabled: true
        name: extgw4 (44.44.44.44)
        connection_type: 'Passive'
    -   address: 33.33.33.50
        enabled: true
        name: endpoint1 (33.33.33.50)
        connection_type: 'Aggregate'
    name: extgw3555
    vpn_site:
        group:
        - hostgroup
        host:
        - hosta
        name: site12a
        network:
        - network-172.18.1.0/24
        - network-172.18.2.0/24


- name: Delete an external gateway
  external_vpn_gw:
    name: myextgw
    state: absent

Return Values

Common return values are documented Return Values, the following are the fields unique to this module:

name description returned type sample
state
Output of operations performed on gateway
 always list


Author

  • Forcepoint

Status

This module is flagged as preview which means that it is not guaranteed to have a backwards compatible interface.