l3fw_policy - Create or delete Firewall policies

Synopsis

  • Top-level module for creating and deleting firewall policies. You can also add and remove tags

Requirements (on host that executes module)

  • smc-python

Options

parameter required default choices comments
name
 no

Name of the policy, required if action=create or action=delete
policy_template
 no

An optional policy template to use when action=create. If no template is specified, a default policy template is assigned.
smc_address
 no

FQDN with port of SMC. The default value is the environment variable SMC_ADDRESS
smc_alt_filepath
 no

Provide an alternate path location to read the credentials from. File is expected to be stored in ~.smcrc. If provided, url and api_key settings are not required and will be ignored.
smc_api_key
 no

API key for api client. The default value is the environment variable SMC_API_KEY Required if url
smc_api_version
 no

Optional API version to connect to. If none is provided, the latests LTS SMC API version will be used based on the Management Center version. Can be set though the environment variable SMC_API_VERSION
smc_domain
 no

Optional domain to log in to. If no domain is provided, 'Shared Domain' is used. Can be set throuh the environment variable SMC_DOMAIN
smc_extra_args
 no
Extra arguments to pass to login constructor. These are generally only used if specifically requested by support personnel.
Dictionary object smc_extra_args
parameter required default choices comments
verify
 no True
  • yes
  • no
Is the connection to SMC is HTTPS, you can set this to True, or provide a path to a client certificate to verify the SMC SSL certificate. You can also explicitly set this to False.
smc_logging
 no
Optionally enable SMC API logging to a file
Dictionary object smc_logging
parameter required default choices comments
path
 yes
Full path to the log file
level
 no
Log level as specified by the standard python logging library, in int format. Default setting is logging.DEBUG.
smc_timeout
 no

Optional timeout for connections to the SMC. Can be set through environment SMC_TIMEOUT
tags
 no

Optional tags to add to the policy

Examples

# Create a new policy using the default Firewall Inspection Template
- name: create policy
  tasks:
  - name: add a firewall policy
    l3_policy:
      name: somepolicy
      tags:
        - footag

# Delete a policy
- name: Delete policy
  tasks:
  - name: Delete my policy
    l3_policy:
      name: somepolicy
      state: absent

Return Values

Common return values are documented Return Values, the following are the fields unique to this module:

name description returned type sample
changed
Whether or not the change succeeded
 always bool


Author

  • Forcepoint

Status

This module is flagged as preview which means that it is not guaranteed to have a backwards compatible interface.