l3fw - Create or delete a single firewall

DEPRECATED

In:

version:

Why:

Replaced with single module

Alternative:

engine

Synopsis

• Create or delete a Firewall on the SMC.

Requirements (on host that executes module)

• smc-python

Options

parameter	required	default	choices	comments
default_nat	no		yes no	Whether to enable default NAT on the firewall. Default NAT will identify internal networks and use the external interface IP for outgoing traffic
domain_server_address	no			A list of IP addresses to use as DNS resolvers for the firewall.
enable_antivirus	no		yes no	Enable Anti-Virus engine on the firewall
enable_gti	no		yes no	Enable file reputation
enable_ospf	no		yes no	Enable OSPF
enable_sidewinder_proxy	no		yes no	Enable Sidewinder proxy capability on the firewall
interfaces	yes			List of interface definitions for this firewall
	Dictionary object interfaces parameter required default choices comments enable_vpn no yes no Enable VPN on this interface zone_ref no Optional zone for this interface, by name. If zone doesn't exist, it will be created network_value yes Network CIDR for the address specified address yes IP address for this interface type no physical_interface physical_interface tunnel_interface Type of interface. Default type is physical_interface. If this is designated as an interface type other than physical, you must specify the type. interface_id yes Interface ID for this interface.
location	no			Location for this firewall. Used for firewalls that are behind NAT
log_server	no			Specify a Log Server to use. This is useful if multiple Log Servers are available.
mgmt_interface	yes			The management interface ID. If the intent is to create a firewall, interfaces must also be specified with a matching interface_id.
name	yes			The name of the firewall to add or delete
smc_address	no			FQDN with port of SMC. The default value is the environment variable SMC_ADDRESS
smc_alt_filepath	no			Provide an alternate path location to read the credentials from. File is expected to be stored in ~.smcrc. If provided, url and api_key settings are not required and will be ignored.
smc_api_key	no			API key for api client. The default value is the environment variable SMC_API_KEY Required if url
smc_api_version	no			Optional API version to connect to. If none is provided, the latests LTS SMC API version will be used based on the Management Center version. Can be set though the environment variable SMC_API_VERSION
smc_domain	no			Optional domain to log in to. If no domain is provided, 'Shared Domain' is used. Can be set throuh the environment variable SMC_DOMAIN
smc_extra_args	no			Extra arguments to pass to login constructor. These are generally only used if specifically requested by support personnel.
	Dictionary object smc_extra_args parameter required default choices comments verify no True yes no Is the connection to SMC is HTTPS, you can set this to True, or provide a path to a client certificate to verify the SMC SSL certificate. You can also explicitly set this to False.
smc_logging	no			Optionally enable SMC API logging to a file
	Dictionary object smc_logging parameter required default choices comments path yes Full path to the log file level no Log level as specified by the standard python logging library, in int format. Default setting is logging.DEBUG.
smc_timeout	no			Optional timeout for connections to the SMC. Can be set through environment SMC_TIMEOUT
state	no	present	present absent	Create or delete Firewall
tags	no			Provide an optional category tag to the engine. If the category does not exist, it will be created

Examples

- name: Create a single firewall
  register: result
  l3fw:
    smc_logging:
      level: 10
      path: ansible-smc.log
    name: myfw
    mgmt_interface: 10
    interfaces:
      - interface_id: 0
        address: 1.1.1.2
        network_value: 1.1.1.0/16
        zone_ref: management
      - interface_id: 10
        address: 10.10.10.1
        network_value: 10.10.10.0/24
        zone_ref: external
        enable_vpn: yes
      - interface_id: 11
      - interface_id: 1000
        address: 11.11.11.1
        network_value: 11.11.11.0/24
        zone_ref: awsvpn
        type: tunnel_interface
    domain_server_address:
      - 10.0.0.1
      - 10.0.0.2
    default_nat: yes
    enable_antivirus: yes
    enable_gti: yes
    enable_sidewinder_proxy: yes
    tags:
      - footag

# Delete a firewall, using environment variables for credentials
- name: delete firewall by name
  l3fw:
    name: myfirewall
    state: 'absent'

Return Values

Common return values are documented Return Values, the following are the fields unique to this module:

name	description	returned	type	sample
state	The current state of the element		dict
changed	Whether or not the change succeeded	always	bool

Notes

Note

• Login credential information is either obtained by providing them directly to the task/play, specifying an alt_filepath to read the credentials from to the play, or from environment variables (in that order). See http://smc-python.readthedocs.io/en/latest/pages/session.html for more information.

Author

• Forcepoint