a10_rule_set

Synopsis

Configure Security policy Rule Set

Parameters

Parameters

Choices/Defaults

Comment

state

str/required

[‘noop’, ‘present’, ‘absent’]

State of the object to be created.

ansible_host

str/required

Host for AXAPI authentication

ansible_username

str/required

Username for AXAPI authentication

ansible_password

str/required

Password for AXAPI authentication

ansible_port

int/required

Port for AXAPI authentication

a10_device_context_id

int

[‘1-8’]

Device ID for aVCS configuration

a10_partition

str

Destination/target partition for object/command

name

str/required

Rule set name

session_statistic

str

‘enable’= Enable session based statistic (Default); ‘disable’= Disable session based statistic;

remark

str

Rule set entry comment (Notes for this rule set)

uuid

str

uuid of the object

user_tag

str

Customized tag

sampling_enable

list

Field sampling_enable

counters1

str

‘all’= all; ‘unmatched-drops’= Unmatched drops counter; ‘permit’= Permitted counter; ‘deny’= Denied counter; ‘reset’= Reset counter;

packet_capture_template

str

Name of the packet capture template to be bind with this object

rule_list

list

Field rule_list

name

str

Rule name

remark

str

Rule entry comment (Notes for this rule)

status

str

‘enable’= Enable rule; ‘disable’= Disable rule;

ip_version

str

‘v4’= IPv4 rule; ‘v6’= IPv6 rule;

action

str

‘permit’= permit; ‘deny’= deny; ‘reset’= reset;

log

bool

Enable logging

reset_lid

int

Apply a Template LID

listen_on_port

bool

Listen on port

policy

str

‘cgnv6’= Apply CGNv6 policy; ‘forward’= Forward packet; ‘ipsec’= Apply IPsec encapsulation; ‘ipsec-group’= Apply IPsec encapsulation from a group;

vpn_ipsec_name

str

VPN IPsec name

vpn_ipsec_group_name

str

VPN IPsec Group name

forward_listen_on_port

bool

Listen on port

lid

int

Apply a Template LID

listen_on_port_lid

int

Apply a Template LID

fw_log

bool

Enable logging

fwlog

bool

Enable logging

cgnv6_log

bool

Enable logging

forward_log

bool

Enable logging

lidlog

bool

Enable logging

reset_lidlog

bool

Enable logging

listen_on_port_lidlog

bool

Enable logging

cgnv6_policy

str

‘lsn-lid’= Apply specified CGNv6 LSN LID; ‘fixed-nat’= Apply CGNv6 Fixed NAT; ‘ds-lite’= Apply CGNv6 DS-Lite;

cgnv6_fixed_nat_log

bool

Enable logging

cgnv6_lsn_lid

int

LSN LID

cgnv6_ds_lite

str

‘lsn-lid’= Apply specified CGNv6 LSN LID;

cgnv6_ds_lite_lsn_lid

int

LSN LID

inspect_payload

bool

Enable DS-Lite tunnel inspection

cgnv6_ds_lite_log

bool

Enable logging

cgnv6_lsn_log

bool

Enable logging

gtp_template

str

Configure GTP Policy Template (GTP Template Policy Name)

src_geoloc_name

str

Single geolocation name

src_geoloc_list

str

Geolocation name list

src_geoloc_list_shared

bool

Use Geolocation list from shared partition

src_ipv4_any

str

‘any’= Any IPv4 address;

src_ipv6_any

str

‘any’= Any IPv6 address;

src_class_list

str

Match source IP against class-list

source_list

list

Field source_list

src_zone

str

Zone name

src_zone_any

str

‘any’= any;

src_threat_list

str

Bind threat-list for source IP based filtering

dst_geoloc_name

str

Single geolocation name

dst_geoloc_list

str

Geolocation name list

dst_geoloc_list_shared

bool

Use Geolocation list from shared partition

dst_ipv4_any

str

‘any’= Any IPv4 address;

dst_ipv6_any

str

‘any’= Any IPv6 address;

dst_class_list

str

Match destination IP against class-list

dest_list

list

Field dest_list

dst_domain_list

str

Match destination IP against domain-list

dst_zone

str

Zone name

dst_zone_any

str

‘any’= any;

dst_threat_list

str

Bind threat-list for destination IP based filtering

service_any

str

‘any’= any;

service_list

list

Field service_list

idle_timeout

int

TCP/UDP idle-timeout

dscp_list

list

Field dscp_list

application_any

str

‘any’= any;

app_list

list

Field app_list

track_application

bool

Enable application statistic (functional only in action permit)

uuid

str

uuid of the object

user_tag

str

Customized tag

sampling_enable

list

Field sampling_enable

action_group

dict

Field action_group

move_rule

dict

Field move_rule

rules_by_zone

dict

Field rules_by_zone

uuid

str

uuid of the object

sampling_enable

list

Field sampling_enable

application

dict

Field application

uuid

str

uuid of the object

track_app_rule_list

dict

Field track_app_rule_list

uuid

str

uuid of the object

app

dict

Field app

uuid

str

uuid of the object

tag

dict

Field tag

uuid

str

uuid of the object

oper

dict

Field oper

policy_status

str

Field policy_status

policy_unmatched_drop

int

Field policy_unmatched_drop

policy_permit

int

Field policy_permit

policy_deny

int

Field policy_deny

policy_reset

int

Field policy_reset

policy_rule_count

int

Field policy_rule_count

rule_stats

list

Field rule_stats

total_hit

int

Field total_hit

total_permit_bytes

int

Field total_permit_bytes

total_deny_bytes

int

Field total_deny_bytes

total_reset_bytes

int

Field total_reset_bytes

total_bytes

int

Field total_bytes

total_permit_packets

int

Field total_permit_packets

total_deny_packets

int

Field total_deny_packets

total_reset_packets

int

Field total_reset_packets

total_packets

int

Field total_packets

total_active_tcp

int

Field total_active_tcp

total_active_udp

int

Field total_active_udp

total_active_icmp

int

Field total_active_icmp

total_active_others

int

Field total_active_others

show_total_stats

str

Field show_total_stats

topn_rules

str

Field topn_rules

name

str

Rule set name

rule_list

list

Field rule_list

rules_by_zone

dict

Field rules_by_zone

application

dict

Field application

track_app_rule_list

dict

Field track_app_rule_list

stats

dict

Field stats

unmatched_drops

str

Unmatched drops counter

permit

str

Permitted counter

deny

str

Denied counter

reset

str

Reset counter

name

str

Rule set name

rule_list

list

Field rule_list

rules_by_zone

dict

Field rules_by_zone

track_app_rule_list

dict

Field track_app_rule_list

app

dict

Field app

tag

dict

Field tag

Examples


Return Values

modified_values (changed, dict, )

Values modified (or potential changes if using check_mode) as a result of task operation

axapi_calls (always, list, )

Sequential list of AXAPI calls made by the task

endpoint (, str, [‘/axapi/v3/slb/virtual_server’, ‘/axapi/v3/file/ssl-cert’])

The AXAPI endpoint being accessed.

http_method (, str, [‘POST’, ‘GET’])

HTTP method being used by the primary task to interact with the AXAPI endpoint.

request_body (, complex, )

Params used to query the AXAPI

response_body (, complex, )

Response from the AXAPI

Status

  • This module is not guaranteed to have a backwards compatible interface. [preview]

  • This module is maintained by community.

Authors

  • A10 Networks