external_gateway - Represents a 3rd party gateway used for a VPN configuration

New in version 2.5.

Synopsis

  • An external gateway is a non-SMC managed VPN endpoint used in either policy or route based VPN.

Options

parameter required default choices comments
external_endpoint
 no
An endpoint represents an external VPN gateway and it's remote site settings such as IP address, remote site networks, etc.
Dictionary object external_endpoint
parameter required default choices comments
force_nat_t
 no
Whether to force NAT_T on the VPN
name
 yes
Name for the endpoint, unique identifier
dynamic
 no
  • yes
  • no
If the VPN gateway is dynamic (dhcp) then set this value. This is mutually exclusive with endpoint_ip.
address
 no
The endpoint IP of the VPN gateway. This is mutually exclusive with endpoint_dynamic
enabled
 no True
Whether to enable the VPN endpoint
ike_phase1_id_value
 no
Value of ika_phase1_id_type. This should conform to the type selected. For example, if email address is used, format should be a@a.com. Required if dynamic=yes
nat_t
 no True
Whether to enable nat-t on this VPN.
balancing_mode
 no active
  • active
  • standby
  • aggregate
The role for this VPN gateway.
ike_phase1_id_type
 no
  • 0 (DNS)
  • 1 (Email address)
  • 2 (Distinguished name)
  • 3 (IP address)
An IKE phase1 id is required if dynamic=yes. This specifies the type of selector to use to identify the dynamic endpoint
name
 yes

The name of the external gateway
smc_address
 no

FQDN with port of SMC. The default value is the environment variable SMC_ADDRESS
smc_alt_filepath
 no

Provide an alternate path location to read the credentials from. File is expected to be stored in ~.smcrc. If provided, url and api_key settings are not required and will be ignored.
smc_api_key
 no

API key for api client. The default value is the environment variable SMC_API_KEY Required if url
smc_api_version
 no

Optional API version to connect to. If none is provided, the latest SMC version API will be used based on the Management Center version. Can be set though the environment variable SMC_API_VERSION
smc_domain
 no

Optional domain to log in to. If no domain is provided, 'Shared Domain' is used. Can be set throuh the environment variable SMC_DOMAIN
smc_extra_args
 no
Extra arguments to pass to login constructor. These are generally only used if specifically requested by support personnel.
Dictionary object smc_extra_args
parameter required default choices comments
verify
 no True
  • yes
  • no
Is the connection to SMC is HTTPS, you can set this to True, or provide a path to a client certificate to verify the SMC SSL certificate. You can also explicitly set this to False.
smc_logging
 no
Optionally enable SMC API logging to a file
Dictionary object smc_logging
parameter required default choices comments
path
 yes
Full path to the log file
level
 no
Log level as specified by the standard python logging library, in int format. Default setting is logging.DEBUG.
smc_timeout
 no

Optional timeout for connections to the SMC. Can be set through environment SMC_TIMEOUT
state
 no present
  • present
  • absent

Create or delete flag
tags
 no

Any tags for this gateway
vpn_site
 no
VPN sites defined the networks for this VPN. A site entry should be a network CIDR address. If the network does not exist, the element will be created.
Dictionary object vpn_site
parameter required default choices comments
element type
 yes
This is the type of element that is referenced in the SMC. For example, network, host, group, etc. This should be a dict of lists, where the dict key is the element type and the list value is the name of each element.

Examples

- name: Create a static IP based external gateway
  register: result
  external_gateway:
    smc_logging:
      level: 10
      path: ansible-smc.log
    external_endpoint:
    -   address: 33.33.33.41
        enabled: true
        name: extgw3 (33.33.33.41)
    -   address: 34.34.34.34
        enabled: true
        name: endpoint2 (34.34.34.34)
    -   address: 44.44.44.44
        enabled: true
        name: extgw4 (44.44.44.44)
    -   address: 33.33.33.50
        enabled: true
        name: endpoint1 (33.33.33.50)
    name: extgw3555
    vpn_site:
        group:
        - hostgroup
        host:
        - hosta
        name: site12a
        network:
        - network-172.18.1.0/24
        - network-172.18.2.0/24


- name: Delete an external gateway
  external_vpn_gw:
    name: myextgw
    state: absent

Return Values

Common return values are documented Return Values, the following are the fields unique to this module:

name description returned type sample
state
Output of operations performed on gateway
 always list


Author

  • David LePage (@gabstopper)

Status

This module is flagged as preview which means that it is not guaranteed to have a backwards compatible interface.