bigip_sslo_service_layer3 – Manage an SSL Orchestrator Layer 3 security device¶
New in version 1.6.0.
Parameters¶
Parameter | Choices/Defaults | Configuration | Comments | |
---|---|---|---|---|
auto_manage
boolean
|
|
Specifies whether to provide a set of unique, non-overlapping, non-routable IP addresses to be used by the security service.
|
||
devices
list
/ elements=dictionary
|
Defines a list of service IP addresses and ports.
|
|||
ip
string
|
The nominal IP address for this service.
|
|||
port
integer
|
The port for this service.
|
|||
devices_from
dictionary
|
Specifies the set of network settings for traffic going to the BIG-IP from the service.
|
|||
interface
string
|
Defines the interface on the from-service side.
Mutually exclusive with
vlan . |
|||
netmask
string
|
Defines the from-service self IP netmask.
|
|||
self_ip
string
|
Defines the from-service self IP.
|
|||
tag
integer
|
Defines the VLAN tag on the from-service side.
Mutually exclusive with
vlan . |
|||
vlan
string
|
Defines an existing VLAN to attach on the from-service side.
Mutually exclusive with
tag or interface parameter. |
|||
devices_to
dictionary
|
Specifies the set of network settings for traffic going to the service from the BIG-IP.
|
|||
interface
string
|
Defines the interface on the to-service side.
Mutually exclusive with
vlan . |
|||
netmask
string
|
Defines the to-service self IP netmask.
|
|||
self_ip
string
|
Defines the to-service self IP.
|
|||
tag
integer
|
Defines the VLAN tag on the to-service side.
Mutually exclusive with
vlan . |
|||
vlan
string
|
Defines an existing VLAN to attach on the to-service side.
Mutually exclusive with the
tag or interface parameters. |
|||
dump_json
boolean
|
|
Sets the module to output a JSON blob for further consumption.
When
true , does not make any changes on the device and always returns changed=False .The output provided is idempotent in nature, meaning if there are no changes to be made during
MODIFY on an existing service, no JSON output is generated. |
||
ip_family
string
|
|
Specifies the IP family used for attached L3 inline security devices.
|
||
monitor
string
|
Specifies the monitor attached to the L3 Inline security device pool.
The monitor must already exist on the BIG-IP.
When creating L3 Inline service if the parameter is not provided a default of
/Common/gateway_icmp is assumed. |
|||
name
string
/ required
|
Specifies the name of the Layer 3 security service.
The configuration auto-prepends
ssloS_ to the service.The service name should be less than 14 characters and not contain dashes
- . |
|||
port_remap
integer
|
Defines the port to remap decrypted traffic to.
|
|||
rules
list
/ elements=string
|
Defines a list of iRules to attach to the service.
|
|||
service_down_action
string
|
|
Specifies the action to take on monitor failure.
Setting to
ignore bypasses the security device in the service chain.Setting to
reset or drop resets or drops the connection, respectively, if the service monitor fails.When creating a L3 Inline service, if the parameter is not provided a default value of
ignore is assumed. |
||
snat
string
|
|
Defines if and how a SNAT configuration is deployed.
When
none , no SNAT configuration is performed. This is the default choice when creating a L3 inline service if the parameter is not provided.When
automap , SNAT automap is configured.When
snatpool , the SNAT configuration points to existing SNAT Pool defined by the snatpool parameter.When
snatlist , a new SNAT Pool is created from the provided snatlist . |
||
snat_list
list
/ elements=string
|
Defines a list of IP addresses to use in a SNAT pool configuration.
This parameter is required when
snat set to snatlist . |
|||
snat_pool
string
|
Defines an existing SNAT pool.
This parameter is required when
snat is set to snatpool . |
|||
state
string
|
|
Specifies the present/absent state required.
|
||
timeout
integer
|
Default: 300
|
The amount of time to wait for the
CREATE or MODIFY task to complete, in seconds.The accepted value range is between
10 and 1800 seconds. |
||
use_exist_selfip
boolean
|
|
Specifies whether to use existing self-IPs.
|
||
vendor_info
string
|
Specifies the vendor-specific L3 service used. The default is
Generic Inline Layer 3 . |
Examples¶
- name: SSLO LAYER 3 service using exist vlan
bigip_sslo_service_layer3:
name: "layer3_test2"
devices_to:
vlan: "/Common/testvlan_in"
self_ip: "198.19.64.7"
netmask: "255.255.255.128"
devices_from:
vlan: "/Common/testvlan_out"
self_ip: "198.19.64.245"
netmask: "255.255.255.128"
devices:
- ip: "198.19.64.30"
- ip: "198.19.64.31"
- name: SSLO LAYER 3 service using interface and to create Vlan and service
bigip_sslo_service_layer3:
name: "layer3a"
devices_to:
interface: "1.1"
tag: 40
self_ip: "198.19.64.7"
netmask: "255.255.255.128"
devices_from:
interface: "1.1"
tag: 50
self_ip: "198.19.64.245"
netmask: "255.255.255.128"
devices:
- ip: "198.19.64.30"
- ip: "198.19.64.31"
- name: SSLO LAYER 3 service
bigip_sslo_service_layer3:
provider: "{{ provider }}"
name: "layer3a"
devices_to:
vlan: "/Common/layer3-in-vlan"
selfip: "198.19.64.7"
netmask: "255.255.255.128"
devices_from:
interface: "1.3"
tag: 50
selfip: "198.19.64.245"
netmask: "255.255.255.128"
devices:
- ip: "198.19.64.30"
- ip: "198.19.64.31"
snat: automap
Return Values¶
The following are the fields unique to this module:
Key | Returned | Description | |
---|---|---|---|
devices
complex
|
changed |
The list of service IP addresses and ports.
|
|
ip
string
|
The nominal IP address for this service.
Sample:
192.168.1.1
|
||
port
string
|
The port for this service.
Sample:
8455
|
||
devices_from
complex
|
changed |
Network settings for for-service configuration.
|
|
interface
string
|
Defines a from-service interface.
Sample:
1.3
|
||
netmask
string
|
Defines the from-service VLAN self IP netmask.
Sample:
255.255.255.128
|
||
self_ip
string
|
Defines the from-service VLAN self IP.
Sample:
198.19.64.245
|
||
tag
integer
|
Defines a from-service VLAN tag.
Sample:
50
|
||
vlan
string
|
Defines an existing for-service VLAN.
Sample:
/Common/layer3service-to-vlan
|
||
devices_to
complex
|
changed |
Network settings for to-service configuration.
|
|
interface
string
|
Defines a to-service interface.
Sample:
1.3
|
||
netmask
string
|
Defines the to-service VLAN self IP netmask.
Sample:
255.255.255.128
|
||
self_ip
string
|
Defines the to-service VLAN self IP.
Sample:
198.19.64.7
|
||
tag
integer
|
Defines a to-service VLAN tag.
Sample:
40
|
||
vlan
string
|
Defines an existing to-service VLAN.
Sample:
/Common/layer3service-to-vlan
|
||
ip_family
string
|
changed |
The IP family used for attached HTTP security devices.
Sample:
ipv4
|
|
monitor
string
|
changed |
The monitor attached to the HTTP security device pool.
Sample:
/Common/gateway_icmp
|
|
port_remap
integer
|
changed |
Port remap settings.
Sample:
8080
|
|
rules
list
|
changed |
List of iRules attached to the service.
Sample:
['/Common/test-rule-1', '/Common/test-rule-2']
|
|
service_down_action
string
|
changed |
The action to take on monitor failure.
Sample:
ignore
|
|
snat
string
|
changed |
SNAT configuration type.
Sample:
none
|
|
snat_pool
string
|
changed |
The name of the existing SNAT pool.
Sample:
/Common/test-snat-pool
|
|
snatlist
list
|
changed |
The list of SNAT pool members.
Sample:
['198.19.64.10', '198.19.64.11']
|