sophos.sophos_firewall.sfos_device_access_profile module – Manage Device Access Profiles (System > Profiles > Device Access)

Note

This module is part of the sophos.sophos_firewall collection (version 2.0.1).

It is not included in ansible-core. To check whether it is installed, run ansible-galaxy collection list.

To install it, use: ansible-galaxy collection install sophos.sophos_firewall. You need further requirements to be able to use this module, see Requirements for details.

To use it in a playbook, specify: sophos.sophos_firewall.sfos_device_access_profile.

New in sophos.sophos_firewall 1.0.0

Synopsis

• Manage Device Access Profiles (System > Profiles > Device Access) on Sophos Firewall

Requirements

The below requirements are needed on the host that executes this module.

• sophosfirewall-python

• Beginning in version 2.0.0, this module requires use of an httpapi connection plugin. See the HTTPAPI example for details.

Parameters

Parameter	Comments
application_filter string	Application Filter permissions. Choices: "Read-Write" "Read-Only" "None"
cloud_application_dashboard string	Cloud Application Dashboard permissions. Choices: "Read-Write" "Read-Only" "None"
dashboard string	Dashboard permissions. Choices: "Read-Write" "Read-Only" "None"
default_permission string	Default permission to use for unspecified arguments when creating profile. Choices: "Read-Write" "Read-Only" "None"
email_protection string	Email Protection permissions. Choices: "Read-Write" "Read-Only" "None"
firewall string	Firewall permissions. Choices: "Read-Write" "Read-Only" "None"
identity dictionary	Identity permissions group.
authentication string	Authentication permissions. Choices: "Read-Write" "Read-Only" "None"
disconnect_live_user string	Disconnect live user permissions. Choices: "Read-Write" "Read-Only" "None"
groups string	Groups permissions. Choices: "Read-Write" "Read-Only" "None"
guest_user_management string	Guest user management permissions. Choices: "Read-Write" "Read-Only" "None"
policy string	Policy permissions. Choices: "Read-Write" "Read-Only" "None"
test_external_server_connectivity string	Test external server connectivity permissions. Choices: "Read-Write" "Read-Only" "None"
ips string	IPS permissions. Choices: "Read-Write" "Read-Only" "None"
logs_reports dictionary	Logs/Reports permissions group
configuration string	Configuration permissions. Choices: "Read-Write" "Read-Only" "None"
de_anonymization string	De-anonymization permissions. Choices: "Read-Write" "Read-Only" "None"
four_eye_authentication_settings string	Four Eye authentication settings permissions. Choices: "Read-Write" "Read-Only" "None"
log_viewer string	Log viewer permissions. Choices: "Read-Write" "Read-Only" "None"
reports_access string	Reports access permissions. Choices: "Read-Write" "Read-Only" "None"
name string / required	Name of the profile.
network string	Network permissions. Choices: "Read-Write" "Read-Only" "None"
objects string	Objects permissions. Choices: "Read-Write" "Read-Only" "None"
qos string	QoS permissions. Choices: "Read-Write" "Read-Only" "None"
state string / required	Use query to retrieve or updated to modify Choices: "present" "absent" "updated" "query"
system dictionary	System permissions group.
backup string	Backup permissions. Choices: "Read-Write" "Read-Only" "None"
central_management string	Central Management permissions. Choices: "Read-Write" "Read-Only" "None"
download_certificates string	Restore permissions. Choices: "Read-Write" "Read-Only" "None"
firmware string	Firmware permissions. Choices: "Read-Write" "Read-Only" "None"
ha string	HA permissions. Choices: "Read-Write" "Read-Only" "None"
licensing string	Licensing permissions. Choices: "Read-Write" "Read-Only" "None"
other_certificate_configuration string	Other certificate configuration permissions. Choices: "Read-Write" "Read-Only" "None"
profile string	Profile permissions. Choices: "Read-Write" "Read-Only" "None"
reboot_shutdown string	Reboot/Shutdown permissions. Choices: "Read-Write" "Read-Only" "None"
restore string	Restore permissions. Choices: "Read-Write" "Read-Only" "None"
services string	Services permissions. Choices: "Read-Write" "Read-Only" "None"
system_password string	Manage system password Choices: "Read-Write" "Read-Only" "None"
updates string	Updates permissions. Choices: "Read-Write" "Read-Only" "None"
traffic_discovery string	Traffic Discovery permissions. Choices: "Read-Write" "Read-Only" "None"
vpn dictionary	VPN permissions group
connect_tunnel string	Connect tunnel permissions. Choices: "Read-Write" "Read-Only" "None"
other_vpn_configurations string	Other VPN configurations permissions. Choices: "Read-Write" "Read-Only" "None"
waf dictionary	WAF permissions group
alerts string	Alerts permissions. Choices: "Read-Write" "Read-Only" "None"
other_waf_configuration string	Other WAF configuration permissions. Choices: "Read-Write" "Read-Only" "None"
web_filter string	Web Filter permissions. Choices: "Read-Write" "Read-Only" "None"
wireless_protection dictionary	Wireless protection permissions group
wireless_protection_access_point string	Wireless protection access point permissions. Choices: "Read-Write" "Read-Only" "None"
wireless_protection_mesh string	Wireless protection mesh permissions. Choices: "Read-Write" "Read-Only" "None"
wireless_protection_network string	Wireless protection network permissions. Choices: "Read-Write" "Read-Only" "None"
wireless_protection_overview string	Wireless protection overview permissions. Choices: "Read-Write" "Read-Only" "None"
wireless_protection_settings string	Wireless protection permissions. Choices: "Read-Write" "Read-Only" "None"
wizard string	Wizard permissions. Choices: "Read-Write" "Read-Only" "None"
zero_day_protection string	Zero day protection permissions. Choices: "Read-Write" "Read-Only" "None"

Examples

- name: CREATE A READ-ONLY PROFILE
  sophos.sophos_firewall.sfos_device_access_profile:
    name: ReadOnlyAll
    default_permission: Read-Only
    state: present

- name: CREATE A WIRELESS ADMIN PROFILE
  sophos.sophos_firewall.sfos_device_access_profile:
    name: WirelessAdmin
    default_permission: Read-Only
    wireless_protection:
        wireless_protection_overview: Read-Write
        wireless_protection_settings: Read-Write
        wireless_protection_network: Read-Write
        wireless_protection_access_point: Read-Write
        wireless_protection_mesh: Read-Write
    state: present

- name: UPDATE PROFILE PERMISSIONS
  sophos.sophos_firewall.sfos_device_access_profile:
    name: ExampleProfile
    system:
        central_management: Read-Only
    logs_reports:
        log_viewer: Read-Write
        reports_access: Read-Write
    state: updated

- name: RETRIEVE PROFILE
  sophos.sophos_firewall.sfos_device_access_profile:
    name: ExampleProfile
    state: query

- name: DELETE PROFILE
  sophos.sophos_firewall.sfos_device_access_profile:
    name: ExampleProfile
    state: absent

Return Values

Common return values are documented here, the following are the fields unique to this module:

Key	Description
api_response dictionary	Serialized object containing the API response. Returned: always

Authors

• Matt Mullen (@mamullen13316)

Collection links

• Issue Tracker
• Repository (Sources)

Warning

If the firewall is a member of a group in Central, the changes made by Ansible will override the settings of the group. The actual configuration on the firewall may then differ from what is displayed for the same setting in the Central group.