New in version 2.5.
Removed in Ansible: | |
---|---|
version: 2.12 | |
Why: | Consolidating code base. |
Alternative: | Use https://galaxy.ansible.com/PaloAltoNetworks/paloaltonetworks instead. |
The below requirements are needed on the host that executes this module.
Parameter | Choices/Defaults | Comments |
---|---|---|
api_key
-
|
API key that can be used instead of username/password credentials.
|
|
application
-
|
The application.
|
|
category
-
|
URL category
|
|
destination_ip
-
|
The destination IP address.
|
|
destination_port
-
|
The destination port.
|
|
destination_zone
-
|
The destination zone.
|
|
ip_address
-
/ required
|
IP address (or hostname) of PAN-OS device being configured.
|
|
password
-
/ required
|
Password credentials to use for auth unless api_key is set.
|
|
protocol
-
|
The IP protocol number from 1 to 255.
|
|
rule_type
-
/ required
|
|
Type of rule. Valid types are security or nat.
|
source_ip
-
/ required
|
The source IP address.
|
|
source_port
-
|
The source port.
|
|
source_user
-
|
The source user or group.
|
|
source_zone
-
|
The source zone.
|
|
to_interface
-
|
The inbound interface in a NAT rule.
|
|
username
-
|
Default: "admin"
|
Username credentials to use for auth unless api_key is set.
|
vsys_id
-
/ required
|
Default: "vsys1"
|
ID of the VSYS object.
|
- name: check security rules for Google DNS
panos_match_rule:
ip_address: '{{ ip_address }}'
username: '{{ username }}'
password: '{{ password }}'
rule_type: 'security'
source_ip: '10.0.0.0'
destination_ip: '8.8.8.8'
application: 'dns'
destination_port: '53'
protocol: '17'
register: result
- debug: msg='{{result.stdout_lines}}'
- name: check security rules inbound SSH with user match
panos_match_rule:
ip_address: '{{ ip_address }}'
username: '{{ username }}'
password: '{{ password }}'
rule_type: 'security'
source_ip: '0.0.0.0'
source_user: 'mydomain\jsmith'
destination_ip: '192.168.100.115'
destination_port: '22'
protocol: '6'
register: result
- debug: msg='{{result.stdout_lines}}'
- name: check NAT rules for source NAT
panos_match_rule:
ip_address: '{{ ip_address }}'
username: '{{ username }}'
password: '{{ password }}'
rule_type: 'nat'
source_zone: 'Prod-DMZ'
source_ip: '10.10.118.50'
to_interface: 'ethernet1/2'
destination_zone: 'Internet'
destination_ip: '0.0.0.0'
protocol: '6'
register: result
- debug: msg='{{result.stdout_lines}}'
- name: check NAT rules for inbound web
panos_match_rule:
ip_address: '{{ ip_address }}'
username: '{{ username }}'
password: '{{ password }}'
rule_type: 'nat'
source_zone: 'Internet'
source_ip: '0.0.0.0'
to_interface: 'ethernet1/1'
destination_zone: 'Prod DMZ'
destination_ip: '192.168.118.50'
destination_port: '80'
protocol: '6'
register: result
- debug: msg='{{result.stdout_lines}}'
- name: check security rules for outbound POP3 in vsys4
panos_match_rule:
ip_address: '{{ ip_address }}'
username: '{{ username }}'
password: '{{ password }}'
vsys_id: 'vsys4'
rule_type: 'security'
source_ip: '10.0.0.0'
destination_ip: '4.3.2.1'
application: 'pop3'
destination_port: '110'
protocol: '6'
register: result
- debug: msg='{{result.stdout_lines}}'
Hint
If you notice any issues in this documentation you can edit this document to improve it.