a10_fw_global
Synopsis
Configure firewall parameters
Parameters
Parameters |
Choices/Defaults |
Comment |
|
---|---|---|---|
state str/required |
[‘noop’, ‘present’, ‘absent’] |
State of the object to be created. |
|
ansible_host str/required |
Host for AXAPI authentication |
||
ansible_username str/required |
Username for AXAPI authentication |
||
ansible_password str/required |
Password for AXAPI authentication |
||
ansible_port int/required |
Port for AXAPI authentication |
||
a10_device_context_id int |
[‘1-8’] |
Device ID for aVCS configuration |
|
a10_partition str |
Destination/target partition for object/command |
||
disable_ip_fw_sessions bool |
disable create sessions for non TCP/UDP/ICMP |
||
disable_undetermined_rule_logs bool |
disable logs with undetermined rules |
||
alg_processing str |
‘honor-rule-set’= Honors firewall rule-sets (Default); ‘override-rule-set’= Override firewall rule-sets; |
||
extended_matching str |
‘disable’= Disable extended matching; |
||
permit_default_action str |
‘forward’= Forward; ‘next-service-mode’= Service to be applied chosen based on configuration; |
||
natip_ddos_protection str |
‘enable’= Enable; ‘disable’= Disable; |
||
listen_on_port_timeout int |
STUN timeout (default= 2 minutes) |
||
inbound_refresh_full_cone str |
‘enable’= enable; ‘disable’= disable; |
||
inbound_refresh str |
‘enable’= enable; ‘disable’= disable; |
||
respond_to_user_mac bool |
Use the user’s source MAC for the next hop rather than the routing table (default= off) |
||
disable_app_list list |
Field disable_app_list |
||
disable_application_protocol str |
Disable specific application protocol |
||
disable_application_category str |
‘aaa’= Protocol/application used for AAA (Authentification, Authorization and Accounting) purposes.; ‘adult-content’= Adult content protocol/application.; ‘advertising’= Advertising networks and applications.; ‘application-enforcing- tls’= Application known to enforce HSTS and thus use of TLS.; ‘analytics-and- statistics’= User analytics and statistics protocol/application.; ‘anonymizers- and-proxies’= Traffic-anonymization protocol/application.; ‘audio-chat’= Protocol/application used for Audio Chat.; ‘basic’= Covers all protocols required for basic classification, including most networking protocols as well as standard protocols like HTTP.; ‘blog’= Blogging platform protocol/application.; ‘cdn’= Protocol/application used for Content-Delivery Networks.; ‘certification-authority’= Certification Authority for SSL/TLS certificate.; ‘chat’= Protocol/application used for Text Chat.; ‘classified- ads’= Protocol/application used for Classified Advertisements.; ‘cloud-based- services’= SaaS and/or PaaS cloud based services.; ‘crowdfunding’= Service for funding a project or venture by raising small amounts of money from a large number of people, typically via the Internet.; ‘cryptocurrency’= Services for mining cryptocurrencies, for example a Crypto Web Browser (an application that mines crypto currency in the background while its user browses the web).; ‘database’= Database-specific protocols.; ‘disposable-email’= Service offering Disposable Email Accounts (DEA). DEA is a technique to share temporary email address between many users.; ‘ebook-reader’= Services for e-book readers, i.e. connected devices that display electronic books (typically using e-ink displays to reduce glare and eye strain).; ‘education’= Protocols offering education services and online courses.; ‘email’= Native email protocol.; ‘enterprise’= Protocol/application used in an enterprise network.; ‘file-management’= Protocol/application designed specifically for file management and exchange. This can include bona fide network protocols (like SMB) as well as web/cloud services (like Dropbox).; ‘file-transfer’= Protocol that offers file transferring as a secondary feature. This typically includes IM, WebMail, and other protocols that allow file transfers in addition to their principal function.; ‘forum’= Online forum protocol/application.; ‘gaming’= Protocol/application used by games.; ‘healthcare’= Protocols offering medical services, i.e protocols used in medical environment.; ‘instant-messaging-and- multimedia-conferencing’= Protocol/application used for Instant Messaging or Multi-Conferencing.; ‘internet-of-things’= Internet Of Things protocol/application.; ‘map-service’= Digital Maps service (web site and their related API).; ‘mobile’= Mobile-specific protocol/application.; ‘multimedia- streaming’= Protocol/application used for multimedia streaming.; ‘networking’= Protocol used for (inter) networking purpose.; ‘news-portal’= Protocol/application used for News Portals.; ‘payment-service’= Application offering online services for accepting electronic payments by a variety of payment methods (credit card, bank-based payments such as direct debit, bank transfer, etc).; ‘peer-to-peer’= Protocol/application used for Peer-to-peer purposes.; ‘remote-access’= Protocol/application used for remote access.; ‘scada’= SCADA (Supervisory control and data acquisition) protocols, all generations.; ‘social-networks’= Social networking application.; ‘software- update’= Auto-update protocol.; ‘speedtest’= Speedtest application allowing to access quality of Internet connection (upload, download, latency, etc).; ‘standards-based’= Protocol issued from standardized bodies such as IETF, ITU, IEEE, ETSI, OIF.; ‘transportation’= Transportation services, for example smartphone applications that allow users to hail a taxi.; ‘video-chat’= Protocol/application used for Video Chat.; ‘voip’= Application used for Voice- Over-IP.; ‘vpn-tunnels’= Protocol/application used for VPN or tunneling purposes.; ‘web’= Application based on HTTP/HTTPS.; ‘web-e-commerce’= Protocol/application used for E-commerce websites.; ‘web-search-engines’= Protocol/application used for Web search portals.; ‘web-websites’= Protocol/application used for Company Websites.; ‘webmails’= Web-based e-mail application.; ‘web-ext-adult’= Web Extension Adult; ‘web-ext-auctions’= Web Extension Auctions; ‘web-ext-blogs’= Web Extension Blogs; ‘web-ext-business- and-economy’= Web Extension Business and Economy; ‘web-ext-cdns’= Web Extension CDNs; ‘web-ext-collaboration’= Web Extension Collaboration; ‘web-ext-computer- and-internet-info’= Web Extension Computer and Internet Info; ‘web-ext- computer-and-internet-security’= Web Extension Computer and Internet Security; ‘web-ext-dating’= Web Extension Dating; ‘web-ext-educational-institutions’= Web Extension Educational Institutions; ‘web-ext-entertainment-and-arts’= Web Extension Entertainment and Arts; ‘web-ext-fashion-and-beauty’= Web Extension Fashion and Beauty; ‘web-ext-file-share’= Web Extension File Share; ‘web-ext- financial-services’= Web Extension Financial Services; ‘web-ext-gambling’= Web Extension Gambling; ‘web-ext-games’= Web Extension Games; ‘web-ext-government’= Web Extension Government; ‘web-ext-health-and-medicine’= Web Extension Health and Medicine; ‘web-ext-individual-stock-advice-and-tools’= Web Extension Individual Stock Advice and Tools; ‘web-ext-internet-portals’= Web Extension Internet Portals; ‘web-ext-job-search’= Web Extension Job Search; ‘web-ext- local-information’= Web Extension Local Information; ‘web-ext-malware’= Web Extension Malware; ‘web-ext-motor-vehicles’= Web Extension Motor Vehicles; ‘web-ext-music’= Web Extension Music; ‘web-ext-news’= Web Extension News; ‘web- ext-p2p’= Web Extension P2P; ‘web-ext-parked-sites’= Web Extension Parked Sites; ‘web-ext-proxy-avoid-and-anonymizers’= Web Extension Proxy Avoid and Anonymizers; ‘web-ext-real-estate’= Web Extension Real Estate; ‘web-ext- reference-and-research’= Web Extension Reference and Research; ‘web-ext-search- engines’= Web Extension Search Engines; ‘web-ext-shopping’= Web Extension Shopping; ‘web-ext-social-network’= Web Extension Social Network; ‘web-ext- society’= Web Extension Society; ‘web-ext-software’= Web Extension Software; ‘web-ext-sports’= Web Extension Sports; ‘web-ext-streaming-media’= Web Extension Streaming Media; ‘web-ext-training-and-tools’= Web Extension Training and Tools; ‘web-ext-translation’= Web Extension Translation; ‘web-ext-travel’= Web Extension Travel; ‘web-ext-web-advertisements’= Web Extension Web Advertisements; ‘web-ext-web-based-email’= Web Extension Web based Email; ‘web- ext-web-hosting’= Web Extension Web Hosting; ‘web-ext-web-service’= Web Extension Web Service; |
||
disable_application_metrics bool |
Disable exporting application protocol/category statistics to Harmony Controller |
||
allow_non_syn_session_create bool |
Allow TCP non-syn packets to trigger session creation |
||
dsr_mode_support str |
‘ipv4’= support dsr for ipv4 traffic; ‘ipv6’= support dsr for ipv6 traffic; ‘all’= support dsr for both ipv4 and ipv6; |
||
uuid str |
uuid of the object |
||
sampling_enable list |
Field sampling_enable |
||
counters1 str |
‘all’= all; ‘tcp_fullcone_created’= TCP Full-cone Created; ‘tcp_fullcone_freed’= TCP Full-cone Freed; ‘udp_fullcone_created’= UDP Full- cone Created; ‘udp_fullcone_freed’= UDP Full-cone Freed; ‘fullcone_creation_failure’= Full-Cone Creation Failure; ‘data_session_created’= Data Session Created; ‘data_session_created_local’= Data Session Created Local; ‘dyn_blist_sess_sp’= Dynamic Blacklist Session (Slowpath); ‘data_session_freed’= Data Session Freed; ‘data_session_freed_local’= Data Session Freed Local; ‘dyn_blist_sess_created’= Dynamic Blacklist Session Created; ‘dyn_blist_sess_freed’= Dynamic Blacklist Freed; ‘dyn_blist_pkt_drop’= Dynamic Blacklist - Packet Drop; ‘dyn_blist_pkt_rate_low’= Dynamic Blacklist - Pkt Rate Low; ‘dyn_blist_pkt_rate_high’= Dynamic Blacklist - Pkt Rate High; ‘dyn_blist_version_mismatch’= Dynamic Blacklist - Version Mismatch; ‘dyn_blist_no_active_policy’= Dynamic Blacklist - No Active Policy; ‘fullcone_in_del_q’= Full-cone session found in delete queue; ‘fullcone_retry_lookup’= Full-cone session retry look-up; ‘fullcone_not_found’= Full-cone session not found; ‘fullcone_overflow_eim’= Full-cone Session EIM Overflow; ‘fullcone_overflow_eif’= Full-cone Session EIF Overflow; ‘udp_fullcone_created_shadow’= Total UDP Full-cone sessions created; ‘tcp_fullcone_created_shadow’= Total TCP Full-cone sessions created; ‘udp_fullcone_freed_shadow’= Total UDP Full-cone sessions freed; ‘tcp_fullcone_freed_shadow’= Total TCP Full-cone sessions freed; ‘fullcone_created’= Total Full-cone sessions created; ‘fullcone_freed’= Total Full-cone sessions freed; ‘fullcone_ext_too_many’= Fullcone Extension Too Many; ‘fullcone_ext_mem_allocated’= Fullcone Extension Memory Allocated; ‘fullcone_ext_mem_alloc_failure’= Fullcone Extension Memory Allocate Failure; ‘fullcone_ext_mem_alloc_init_faulure’= Fullcone Extension Initialization Failure; ‘fullcone_ext_mem_freed’= Fullcone Extension Memory Freed; ‘fullcone_ext_added’= Fullcone Extension Added; ‘ha_fullcone_failure’= HA Full- cone Session Failure; ‘data_session_created_shadow’= Shadow Data Sessions Created; ‘data_session_created_shadow_local’= Shadow Data Sessions Created Local; ‘data_session_freed_shadow’= Shadow Data Sessions Freed; ‘data_session_freed_shadow_local’= Shadow Data Sessions Freed Local; ‘active_fullcone_session’= Total Active Full-cone sessions; ‘limit-entry- failure’= Limit Entry Creation Failure; ‘limit-entry-allocated’= Limit Entry Allocated; ‘limit-entry-mem-freed’= Limit Entry Freed; ‘limit-entry-created’= Limit Entry Created; ‘limit-entry-found’= Limit Entry Found; ‘limit-entry-not- in-bucket’= Limit Entry Not in Bucket; ‘limit-entry-marked-deleted’= Limit Entry Marked Deleted; ‘undetermined-rule-counter’= Undetermined rule detected; ‘non_syn_pkt_fwd_allowed’= Non-SYN pkt forward allowed; ‘invalid-lid-drop’= Invalid Lid Drop; ‘src-session-limit-exceeded’= Concurrent Session Limit Exceeded; ‘uplink-pps-limit-exceeded’= Uplink PPS Limit Exceeded; ‘downlink- pps-limit-exceeded’= Downlink PPS Limit Exceeded; ‘total-pps-limit-exceeded’= Total PPS Limit Exceeded; ‘uplink-throughput-limit-exceeded’= Uplink Throughput Limit Exceeded; ‘downlink-throughput-limit-exceeded’= Downlink Throughput Limit Exceeded; ‘total-throughput-limit-exceeded’= Total Throughput Limit Exceeded; ‘cps-limit-exceeded’= Connections Per Second Limit Exceeded; ‘limit-exceeded’= Per Second Limit Exceeded (Deprecated); ‘limit-entry-per-cpu-mem-allocated’= Limit Entry Memory Allocated (Deprecated); ‘limit-entry-per-cpu-mem-allocation- failed’= Limit Entry Memory Allocation Failed (Deprecated); ‘limit-entry-per- cpu-mem-freed’= Limit Entry Memory Freed (Deprecated); ‘alg_default_port_disable’= alg_default_port_disable; ‘no_fwd_route’= No Forward Route; ‘no_rev_route’= No Reverse Route; ‘no_fwd_l2_dst’= No Forward Mac Entry; ‘no_rev_l2_dst’= No Reverse Mac Entry; ‘l2_dst_in_out_same’= L2 route to same port as received; ‘l2_vlan_changed’= L2 forwarding vlan changed after session create; ‘urpf_pkt_drop’= URPF check packet drop; ‘fwd_ingress_packets_tcp’= Forward Ingress Packets TCP; ‘fwd_egress_packets_tcp’= Forward Egress Packets TCP; ‘rev_ingress_packets_tcp’= Reverse Ingress Packets TCP; ‘rev_egress_packets_tcp’= Reverse Egress Packets TCP; ‘fwd_ingress_bytes_tcp’= Forward Ingress Bytes TCP; ‘fwd_egress_bytes_tcp’= Forward Egress Bytes TCP; ‘rev_ingress_bytes_tcp’= Reverse Ingress Bytes TCP; ‘rev_egress_bytes_tcp’= Reverse Egress Bytes TCP; ‘fwd_ingress_packets_udp’= Forward Ingress Packets UDP; ‘fwd_egress_packets_udp’= Forward Egress Packets UDP; ‘rev_ingress_packets_udp’= Reverse Ingress Packets UDP; ‘rev_egress_packets_udp’= Reverse Egress Packets UDP; ‘fwd_ingress_bytes_udp’= Forward Ingress Bytes UDP; ‘fwd_egress_bytes_udp’= Forward Egress Bytes UDP; ‘rev_ingress_bytes_udp’= Reverse Ingress Bytes UDP; ‘rev_egress_bytes_udp’= Reverse Egress Bytes UDP; ‘fwd_ingress_packets_icmp’= Forward Ingress Packets ICMP; ‘fwd_egress_packets_icmp’= Forward Egress Packets ICMP; ‘rev_ingress_packets_icmp’= Reverse Ingress Packets ICMP; ‘rev_egress_packets_icmp’= Reverse Egress Packets ICMP; ‘fwd_ingress_bytes_icmp’= Forward Ingress Bytes ICMP; ‘fwd_egress_bytes_icmp’= Forward Egress Bytes ICMP; ‘rev_ingress_bytes_icmp’= Reverse Ingress Bytes ICMP; ‘rev_egress_bytes_icmp’= Reverse Egress Bytes ICMP; ‘fwd_ingress_packets_others’= Forward Ingress Packets OTHERS; ‘fwd_egress_packets_others’= Forward Egress Packets OTHERS; ‘rev_ingress_packets_others’= Reverse Ingress Packets OTHERS; ‘rev_egress_packets_others’= Reverse Egress Packets OTHERS; ‘fwd_ingress_bytes_others’= Forward Ingress Bytes OTHERS; ‘fwd_egress_bytes_others’= Forward Egress Bytes OTHERS; ‘rev_ingress_bytes_others’= Reverse Ingress Bytes OTHERS; ‘rev_egress_bytes_others’= Reverse Egress Bytes OTHERS; ‘fwd_ingress_pkt_size_range1’= Forward Ingress Packet size between 0 and 200; ‘fwd_ingress_pkt_size_range2’= Forward Ingress Packet size between 201 and 800; ‘fwd_ingress_pkt_size_range3’= Forward Ingress Packet size between 801 and 1550; ‘fwd_ingress_pkt_size_range4’= Forward Ingress Packet size between 1551 and 9000; ‘fwd_egress_pkt_size_range1’= Forward Egress Packet size between 0 and 200; ‘fwd_egress_pkt_size_range2’= Forward Egress Packet size between 201 and 800; ‘fwd_egress_pkt_size_range3’= Forward Egress Packet size between 801 and 1550; ‘fwd_egress_pkt_size_range4’= Forward Egress Packet size between 1551 and 9000; ‘rev_ingress_pkt_size_range1’= Reverse Ingress Packet size between 0 and 200; ‘rev_ingress_pkt_size_range2’= Reverse Ingress Packet size between 201 and 800; ‘rev_ingress_pkt_size_range3’= Reverse Ingress Packet size between 801 and 1550; ‘rev_ingress_pkt_size_range4’= Reverse Ingress Packet size between 1551 and 9000; ‘rev_egress_pkt_size_range1’= Reverse Egress Packet size between 0 and 200; ‘rev_egress_pkt_size_range2’= Reverse Egress Packet size between 201 and 800; ‘rev_egress_pkt_size_range3’= Reverse Egress Packet size between 801 and 1550; ‘rev_egress_pkt_size_range4’= Reverse Egress Packet size between 1551 and 9000; |
||
stats dict |
Field stats |
||
tcp_fullcone_created str |
TCP Full-cone Created |
||
tcp_fullcone_freed str |
TCP Full-cone Freed |
||
udp_fullcone_created str |
UDP Full-cone Created |
||
udp_fullcone_freed str |
UDP Full-cone Freed |
||
fullcone_creation_failure str |
Full-Cone Creation Failure |
||
data_session_created str |
Data Session Created |
||
data_session_created_local str |
Data Session Created Local |
||
data_session_freed str |
Data Session Freed |
||
data_session_freed_local str |
Data Session Freed Local |
||
dyn_blist_sess_created str |
Dynamic Blacklist Session Created |
||
dyn_blist_sess_freed str |
Dynamic Blacklist Freed |
||
dyn_blist_pkt_drop str |
Dynamic Blacklist - Packet Drop |
||
active_fullcone_session str |
Total Active Full-cone sessions |
||
limit_entry_created str |
Limit Entry Created |
||
limit_entry_marked_deleted str |
Limit Entry Marked Deleted |
||
undetermined_rule_counter str |
Undetermined rule detected |
||
non_syn_pkt_fwd_allowed str |
Non-SYN pkt forward allowed |
||
fwd_ingress_packets_tcp str |
Forward Ingress Packets TCP |
||
fwd_egress_packets_tcp str |
Forward Egress Packets TCP |
||
rev_ingress_packets_tcp str |
Reverse Ingress Packets TCP |
||
rev_egress_packets_tcp str |
Reverse Egress Packets TCP |
||
fwd_ingress_bytes_tcp str |
Forward Ingress Bytes TCP |
||
fwd_egress_bytes_tcp str |
Forward Egress Bytes TCP |
||
rev_ingress_bytes_tcp str |
Reverse Ingress Bytes TCP |
||
rev_egress_bytes_tcp str |
Reverse Egress Bytes TCP |
||
fwd_ingress_packets_udp str |
Forward Ingress Packets UDP |
||
fwd_egress_packets_udp str |
Forward Egress Packets UDP |
||
rev_ingress_packets_udp str |
Reverse Ingress Packets UDP |
||
rev_egress_packets_udp str |
Reverse Egress Packets UDP |
||
fwd_ingress_bytes_udp str |
Forward Ingress Bytes UDP |
||
fwd_egress_bytes_udp str |
Forward Egress Bytes UDP |
||
rev_ingress_bytes_udp str |
Reverse Ingress Bytes UDP |
||
rev_egress_bytes_udp str |
Reverse Egress Bytes UDP |
||
fwd_ingress_packets_icmp str |
Forward Ingress Packets ICMP |
||
fwd_egress_packets_icmp str |
Forward Egress Packets ICMP |
||
rev_ingress_packets_icmp str |
Reverse Ingress Packets ICMP |
||
rev_egress_packets_icmp str |
Reverse Egress Packets ICMP |
||
fwd_ingress_bytes_icmp str |
Forward Ingress Bytes ICMP |
||
fwd_egress_bytes_icmp str |
Forward Egress Bytes ICMP |
||
rev_ingress_bytes_icmp str |
Reverse Ingress Bytes ICMP |
||
rev_egress_bytes_icmp str |
Reverse Egress Bytes ICMP |
||
fwd_ingress_packets_others str |
Forward Ingress Packets OTHERS |
||
fwd_egress_packets_others str |
Forward Egress Packets OTHERS |
||
rev_ingress_packets_others str |
Reverse Ingress Packets OTHERS |
||
rev_egress_packets_others str |
Reverse Egress Packets OTHERS |
||
fwd_ingress_bytes_others str |
Forward Ingress Bytes OTHERS |
||
fwd_egress_bytes_others str |
Forward Egress Bytes OTHERS |
||
rev_ingress_bytes_others str |
Reverse Ingress Bytes OTHERS |
||
rev_egress_bytes_others str |
Reverse Egress Bytes OTHERS |
||
fwd_ingress_pkt_size_range1 str |
Forward Ingress Packet size between 0 and 200 |
||
fwd_ingress_pkt_size_range2 str |
Forward Ingress Packet size between 201 and 800 |
||
fwd_ingress_pkt_size_range3 str |
Forward Ingress Packet size between 801 and 1550 |
||
fwd_ingress_pkt_size_range4 str |
Forward Ingress Packet size between 1551 and 9000 |
||
fwd_egress_pkt_size_range1 str |
Forward Egress Packet size between 0 and 200 |
||
fwd_egress_pkt_size_range2 str |
Forward Egress Packet size between 201 and 800 |
||
fwd_egress_pkt_size_range3 str |
Forward Egress Packet size between 801 and 1550 |
||
fwd_egress_pkt_size_range4 str |
Forward Egress Packet size between 1551 and 9000 |
||
rev_ingress_pkt_size_range1 str |
Reverse Ingress Packet size between 0 and 200 |
||
rev_ingress_pkt_size_range2 str |
Reverse Ingress Packet size between 201 and 800 |
||
rev_ingress_pkt_size_range3 str |
Reverse Ingress Packet size between 801 and 1550 |
||
rev_ingress_pkt_size_range4 str |
Reverse Ingress Packet size between 1551 and 9000 |
||
rev_egress_pkt_size_range1 str |
Reverse Egress Packet size between 0 and 200 |
||
rev_egress_pkt_size_range2 str |
Reverse Egress Packet size between 201 and 800 |
||
rev_egress_pkt_size_range3 str |
Reverse Egress Packet size between 801 and 1550 |
||
rev_egress_pkt_size_range4 str |
Reverse Egress Packet size between 1551 and 9000 |
Examples
Return Values
- modified_values (changed, dict, )
Values modified (or potential changes if using check_mode) as a result of task operation
- axapi_calls (always, list, )
Sequential list of AXAPI calls made by the task
- endpoint (, str, [‘/axapi/v3/slb/virtual_server’, ‘/axapi/v3/file/ssl-cert’])
The AXAPI endpoint being accessed.
- http_method (, str, [‘POST’, ‘GET’])
HTTP method being used by the primary task to interact with the AXAPI endpoint.
- request_body (, complex, )
Params used to query the AXAPI
- response_body (, complex, )
Response from the AXAPI
Status
This module is not guaranteed to have a backwards compatible interface. [preview]
This module is maintained by community.