sophos.sophos_firewall.sfos_firewall_rulegroup module – Manage Firewall Rules (Protect > Rules & policies)

Note

This module is part of the sophos.sophos_firewall collection (version 2.0.1).

It is not included in ansible-core. To check whether it is installed, run ansible-galaxy collection list.

To install it, use: ansible-galaxy collection install sophos.sophos_firewall. You need further requirements to be able to use this module, see Requirements for details.

To use it in a playbook, specify: sophos.sophos_firewall.sfos_firewall_rulegroup.

New in sophos.sophos_firewall 1.4.0

Synopsis

• Creates, updates or removes firewall rule groups (Protect > Rules & policies) on Sophos Firewall

Requirements

The below requirements are needed on the host that executes this module.

• sophosfirewall-python

• Beginning in version 2.0.0, this module requires use of an httpapi connection plugin. See the HTTPAPI example for details.

Parameters

Parameter	Comments
description string	Rule group description
dest_zone_action string	Indicate whether adding to, removing from, or replacing the list of destination zones. Default is add. Choices: "add" ← (default) "remove" "replace"
dest_zones string	Destination zones for the rule group
name string / required	Name of the firewall rule group to create, update, or delete
policy_list list / elements=string	List of firewall rules to be added to the group
policy_type string	Type of policy Choices: "User/network rule" "Network rule" "User rule" "WAF rule" "Any" ← (default)
source_zone_action string	Indicate whether adding to, removing from, or replacing the list of source zones. Default is add. Choices: "add" ← (default) "remove" "replace"
source_zones list / elements=string	Source zones for the rule group
state string / required	Use query to retrieve, present to create, absent to remove, or updated to modify Choices: "present" "updated" "query"

Examples

- name: Create Firewall Rule Group
  sophos.sophos_firewall.sfos_firewall_rulegroup:
    name: TEST RULEGROUP
    description: Test rule group created by Ansible
    policy_list:
      - TEST RULE 1
      - TEST RULE 2
    policy_type: Any
    source_zones:
      - LAN
    dest_zones:
      - WAN
    state: present
  delegate_to: localhost

Return Values

Common return values are documented here, the following are the fields unique to this module:

Key	Description
api_response dictionary	Serialized object containing the API response. Returned: always

Authors

• Matt Mullen (@mamullen13316)

Collection links

• Issue Tracker
• Repository (Sources)

Warning

If the firewall is a member of a group in Central, the changes made by Ansible will override the settings of the group. The actual configuration on the firewall may then differ from what is displayed for the same setting in the Central group.