sophos.sophos_firewall.sfos_zone module – Manage Zones (Configure > Network > Zones)

Note

This module is part of the sophos.sophos_firewall collection (version 2.0.1).

It is not included in ansible-core. To check whether it is installed, run ansible-galaxy collection list.

To install it, use: ansible-galaxy collection install sophos.sophos_firewall. You need further requirements to be able to use this module, see Requirements for details.

To use it in a playbook, specify: sophos.sophos_firewall.sfos_zone.

New in sophos.sophos_firewall 1.0.0

Synopsis

• Creates, updates or removes firewall zones on Sophos Firewall

Requirements

The below requirements are needed on the host that executes this module.

• sophosfirewall-python

• Beginning in version 2.0.0, this module requires use of an httpapi connection plugin. See the HTTPAPI example for details.

Parameters

Parameter	Comments
ad_sso string	Enable/Disable SSO with Active Directory Choices: "Enable" "Disable"
captive_portal string	Enable/Disable captive portal Choices: "Enable" "Disable"
chromebook_sso string	Enable/Disable Chromebook SSO Choices: "Enable" "Disable"
client_authen string	Enable/Disable client authentication service Choices: "Enable" "Disable"
description string	Description for the zone
dns string	Enable/Disable DNS network service Choices: "Enable" "Disable"
dynamic_routing string	Enable/Disable Dynamic Routing Choices: "Enable" "Disable"
https string	Enable/Disable HTTPS administrative service Choices: "Enable" "Disable"
ipsec string	Enable/Disable IPSec VPN service Choices: "Enable" "Disable"
name string / required	Name of the zone to create, update, or delete
ping string	Enable/Disable Ping network service Choices: "Enable" "Disable"
radius_sso string	Enable/Disable SSO with Radius Choices: "Enable" "Disable"
red string	Enable/Disable RED service Choices: "Enable" "Disable"
smtp_relay string	Enable/Disable SMTP Relay Choices: "Enable" "Disable"
snmp string	Enable/Disable SNMP Choices: "Enable" "Disable"
ssh string	Enable/Disable SSH administrative service Choices: "Enable" "Disable"
sslvpn string	Enable/Disable SSLVPN service Choices: "Enable" "Disable"
state string / required	Use query to retrieve, present to create, absent to remove, or updated to modify Choices: "present" "absent" "updated" "query"
user_portal string	Enable/Disable user portal Choices: "Enable" "Disable"
vpn_portal string	Enable/Disable VPN Portal Choices: "Enable" "Disable"
web_proxy string	Enable/Disable Web Proxy Choices: "Enable" "Disable"
wireless_protection string	Enable/Disable Wireless Protection Choices: "Enable" "Disable"
zone_type string	Type of zone to create (LAN/DMZ) Choices: "LAN" "DMZ"

Examples

- name: Create Zone
  sophos.sophos_firewall.sfos_zone:
    name: TESTZONE
    description: Zone created by Ansible
    zone_type: LAN
    state: present

- name: Display Existing Zone
  sophos.sophos_firewall.sfos_zone:
    name: TESTZONE
    state: query

- name: Update Zone Admin Services
  sophos.sophos_firewall.sfos_zone:
    name: TESTZONE
    https: Enable
    ssh: Enable
    state: updated

- name: Remove Zone
  sophos.sophos_firewall.sfos_zone:
    name: TESTZONE
    state: absent
  delegate_to: localhost

Return Values

Common return values are documented here, the following are the fields unique to this module:

Key	Description
api_response dictionary	Serialized object containing the API response. Returned: always

Authors

• Matt Mullen (@mamullen13316)

Collection links

• Issue Tracker
• Repository (Sources)

Warning

If the firewall is a member of a group in Central, the changes made by Ansible will override the settings of the group. The actual configuration on the firewall may then differ from what is displayed for the same setting in the Central group.