a10_rule_set
Synopsis
Configure Security policy Rule Set
Parameters
Parameters |
Choices/Defaults |
Comment |
|
---|---|---|---|
state str/required |
[‘noop’, ‘present’, ‘absent’] |
State of the object to be created. |
|
ansible_host str/required |
Host for AXAPI authentication |
||
ansible_username str/required |
Username for AXAPI authentication |
||
ansible_password str/required |
Password for AXAPI authentication |
||
ansible_port int/required |
Port for AXAPI authentication |
||
a10_device_context_id int |
[‘1-8’] |
Device ID for aVCS configuration |
|
a10_partition str |
Destination/target partition for object/command |
||
name str/required |
Rule set name |
||
session_statistic str |
‘enable’= Enable session based statistic (Default); ‘disable’= Disable session based statistic; |
||
remark str |
Rule set entry comment (Notes for this rule set) |
||
uuid str |
uuid of the object |
||
user_tag str |
Customized tag |
||
sampling_enable list |
Field sampling_enable |
||
counters1 str |
‘all’= all; ‘unmatched-drops’= Unmatched drops counter; ‘permit’= Permitted counter; ‘deny’= Denied counter; ‘reset’= Reset counter; |
||
packet_capture_template str |
Name of the packet capture template to be bind with this object |
||
rule_list list |
Field rule_list |
||
name str |
Rule name |
||
remark str |
Rule entry comment (Notes for this rule) |
||
status str |
‘enable’= Enable rule; ‘disable’= Disable rule; |
||
ip_version str |
‘v4’= IPv4 rule; ‘v6’= IPv6 rule; |
||
action str |
‘permit’= permit; ‘deny’= deny; ‘reset’= reset; |
||
log bool |
Enable logging |
||
reset_lid int |
Apply a Template LID |
||
listen_on_port bool |
Listen on port |
||
policy str |
‘cgnv6’= Apply CGNv6 policy; ‘forward’= Forward packet; ‘ipsec’= Apply IPsec encapsulation; ‘ipsec-group’= Apply IPsec encapsulation from a group; |
||
vpn_ipsec_name str |
VPN IPsec name |
||
vpn_ipsec_group_name str |
VPN IPsec Group name |
||
forward_listen_on_port bool |
Listen on port |
||
lid int |
Apply a Template LID |
||
listen_on_port_lid int |
Apply a Template LID |
||
fw_log bool |
Enable logging |
||
fwlog bool |
Enable logging |
||
cgnv6_log bool |
Enable logging |
||
forward_log bool |
Enable logging |
||
lidlog bool |
Enable logging |
||
reset_lidlog bool |
Enable logging |
||
listen_on_port_lidlog bool |
Enable logging |
||
cgnv6_policy str |
‘lsn-lid’= Apply specified CGNv6 LSN LID; ‘fixed-nat’= Apply CGNv6 Fixed NAT; ‘ds-lite’= Apply CGNv6 DS-Lite; |
||
cgnv6_fixed_nat_log bool |
Enable logging |
||
cgnv6_lsn_lid int |
LSN LID |
||
cgnv6_ds_lite str |
‘lsn-lid’= Apply specified CGNv6 LSN LID; |
||
cgnv6_ds_lite_lsn_lid int |
LSN LID |
||
inspect_payload bool |
Enable DS-Lite tunnel inspection |
||
cgnv6_ds_lite_log bool |
Enable logging |
||
cgnv6_lsn_log bool |
Enable logging |
||
gtp_template str |
Configure GTP Policy Template (GTP Template Policy Name) |
||
src_geoloc_name str |
Single geolocation name |
||
src_geoloc_list str |
Geolocation name list |
||
src_geoloc_list_shared bool |
Use Geolocation list from shared partition |
||
src_ipv4_any str |
‘any’= Any IPv4 address; |
||
src_ipv6_any str |
‘any’= Any IPv6 address; |
||
src_class_list str |
Match source IP against class-list |
||
source_list list |
Field source_list |
||
src_zone str |
Zone name |
||
src_zone_any str |
‘any’= any; |
||
src_threat_list str |
Bind threat-list for source IP based filtering |
||
dst_geoloc_name str |
Single geolocation name |
||
dst_geoloc_list str |
Geolocation name list |
||
dst_geoloc_list_shared bool |
Use Geolocation list from shared partition |
||
dst_ipv4_any str |
‘any’= Any IPv4 address; |
||
dst_ipv6_any str |
‘any’= Any IPv6 address; |
||
dst_class_list str |
Match destination IP against class-list |
||
dest_list list |
Field dest_list |
||
dst_domain_list str |
Match destination IP against domain-list |
||
dst_zone str |
Zone name |
||
dst_zone_any str |
‘any’= any; |
||
dst_threat_list str |
Bind threat-list for destination IP based filtering |
||
service_any str |
‘any’= any; |
||
service_list list |
Field service_list |
||
idle_timeout int |
TCP/UDP idle-timeout |
||
dscp_list list |
Field dscp_list |
||
application_any str |
‘any’= any; |
||
app_list list |
Field app_list |
||
track_application bool |
Enable application statistic (functional only in action permit) |
||
uuid str |
uuid of the object |
||
user_tag str |
Customized tag |
||
sampling_enable list |
Field sampling_enable |
||
action_group dict |
Field action_group |
||
move_rule dict |
Field move_rule |
||
rules_by_zone dict |
Field rules_by_zone |
||
uuid str |
uuid of the object |
||
sampling_enable list |
Field sampling_enable |
||
application dict |
Field application |
||
uuid str |
uuid of the object |
||
track_app_rule_list dict |
Field track_app_rule_list |
||
uuid str |
uuid of the object |
||
app dict |
Field app |
||
uuid str |
uuid of the object |
||
tag dict |
Field tag |
||
uuid str |
uuid of the object |
||
oper dict |
Field oper |
||
policy_status str |
Field policy_status |
||
policy_unmatched_drop int |
Field policy_unmatched_drop |
||
policy_permit int |
Field policy_permit |
||
policy_deny int |
Field policy_deny |
||
policy_reset int |
Field policy_reset |
||
policy_rule_count int |
Field policy_rule_count |
||
rule_stats list |
Field rule_stats |
||
total_hit int |
Field total_hit |
||
total_permit_bytes int |
Field total_permit_bytes |
||
total_deny_bytes int |
Field total_deny_bytes |
||
total_reset_bytes int |
Field total_reset_bytes |
||
total_bytes int |
Field total_bytes |
||
total_permit_packets int |
Field total_permit_packets |
||
total_deny_packets int |
Field total_deny_packets |
||
total_reset_packets int |
Field total_reset_packets |
||
total_packets int |
Field total_packets |
||
total_active_tcp int |
Field total_active_tcp |
||
total_active_udp int |
Field total_active_udp |
||
total_active_icmp int |
Field total_active_icmp |
||
total_active_others int |
Field total_active_others |
||
show_total_stats str |
Field show_total_stats |
||
topn_rules str |
Field topn_rules |
||
name str |
Rule set name |
||
rule_list list |
Field rule_list |
||
rules_by_zone dict |
Field rules_by_zone |
||
application dict |
Field application |
||
track_app_rule_list dict |
Field track_app_rule_list |
||
stats dict |
Field stats |
||
unmatched_drops str |
Unmatched drops counter |
||
permit str |
Permitted counter |
||
deny str |
Denied counter |
||
reset str |
Reset counter |
||
name str |
Rule set name |
||
rule_list list |
Field rule_list |
||
rules_by_zone dict |
Field rules_by_zone |
||
track_app_rule_list dict |
Field track_app_rule_list |
||
app dict |
Field app |
||
tag dict |
Field tag |
Examples
Return Values
- modified_values (changed, dict, )
Values modified (or potential changes if using check_mode) as a result of task operation
- axapi_calls (always, list, )
Sequential list of AXAPI calls made by the task
- endpoint (, str, [‘/axapi/v3/slb/virtual_server’, ‘/axapi/v3/file/ssl-cert’])
The AXAPI endpoint being accessed.
- http_method (, str, [‘POST’, ‘GET’])
HTTP method being used by the primary task to interact with the AXAPI endpoint.
- request_body (, complex, )
Params used to query the AXAPI
- response_body (, complex, )
Response from the AXAPI
Status
This module is not guaranteed to have a backwards compatible interface. [preview]
This module is maintained by community.