community.network.panos_match_rule – Test for match against a security rule on PAN-OS devices or Panorama management console.

From Get docs
Ansible/docs/2.10/collections/community/network/panos match rule module


community.network.panos_match_rule – Test for match against a security rule on PAN-OS devices or Panorama management console.

Note

This plugin is part of the community.network collection (version 1.3.0).

To install it use: ansible-galaxy collection install community.network.

To use it in a playbook, specify: community.network.panos_match_rule.


DEPRECATED

Removed in
version 2.0.0
Why
Consolidating code base.
Alternative
Use https://galaxy.ansible.com/PaloAltoNetworks/paloaltonetworks instead.

Synopsis

  • Security policies allow you to enforce rules and take action, and can be as general or specific as needed.

Requirements

The below requirements are needed on the host that executes this module.

Parameters

Parameter Choices/Defaults Comments

api_key

string

API key that can be used instead of username/password credentials.

application

string

The application.

category

string

URL category

destination_ip

string

The destination IP address.

destination_port

string

The destination port.

destination_zone

string

The destination zone.

ip_address

string / required

IP address (or hostname) of PAN-OS device being configured.

password

string / required

Password credentials to use for auth unless api_key is set.

protocol

string

The IP protocol number from 1 to 255.

rule_type

string / required

  • security
  • nat

Type of rule. Valid types are security or nat.

source_ip

string / required

The source IP address.

source_port

string

The source port.

source_user

string

The source user or group.

source_zone

string

The source zone.

to_interface

string

The inbound interface in a NAT rule.

username

string

Default:

"admin"

Username credentials to use for auth unless api_key is set.

vsys_id

string / required

Default:

"vsys1"

ID of the VSYS object.



Notes

Note

  • Checkmode is not supported.
  • Panorama NOT is supported.


Examples

- name: Check security rules for Google DNS
  community.network.panos_match_rule:
    ip_address: '{{ ip_address }}'
    username: '{{ username }}'
    password: '{{ password }}'
    rule_type: 'security'
    source_ip: '10.0.0.0'
    destination_ip: '8.8.8.8'
    application: 'dns'
    destination_port: '53'
    protocol: '17'
  register: result
- ansible.builtin.debug: msg='{{result.stdout_lines}}'

- name: Check security rules inbound SSH with user match
  community.network.panos_match_rule:
    ip_address: '{{ ip_address }}'
    username: '{{ username }}'
    password: '{{ password }}'
    rule_type: 'security'
    source_ip: '0.0.0.0'
    source_user: 'mydomain\jsmith'
    destination_ip: '192.168.100.115'
    destination_port: '22'
    protocol: '6'
  register: result
- ansible.builtin.debug: msg='{{result.stdout_lines}}'

- name: Check NAT rules for source NAT
  community.network.panos_match_rule:
    ip_address: '{{ ip_address }}'
    username: '{{ username }}'
    password: '{{ password }}'
    rule_type: 'nat'
    source_zone: 'Prod-DMZ'
    source_ip: '10.10.118.50'
    to_interface: 'ethernet1/2'
    destination_zone: 'Internet'
    destination_ip: '0.0.0.0'
    protocol: '6'
  register: result
- ansible.builtin.debug: msg='{{result.stdout_lines}}'

- name: Check NAT rules for inbound web
  community.network.panos_match_rule:
    ip_address: '{{ ip_address }}'
    username: '{{ username }}'
    password: '{{ password }}'
    rule_type: 'nat'
    source_zone: 'Internet'
    source_ip: '0.0.0.0'
    to_interface: 'ethernet1/1'
    destination_zone: 'Prod DMZ'
    destination_ip: '192.168.118.50'
    destination_port: '80'
    protocol: '6'
  register: result
- ansible.builtin.debug: msg='{{result.stdout_lines}}'

- name: Check security rules for outbound POP3 in vsys4
  community.network.panos_match_rule:
    ip_address: '{{ ip_address }}'
    username: '{{ username }}'
    password: '{{ password }}'
    vsys_id: 'vsys4'
    rule_type: 'security'
    source_ip: '10.0.0.0'
    destination_ip: '4.3.2.1'
    application: 'pop3'
    destination_port: '110'
    protocol: '6'
  register: result
- ansible.builtin.debug: msg='{{result.stdout_lines}}'

Status

  • This module will be removed in version 2.0.0. [deprecated]
  • For more information see DEPRECATED.

Authors

  • Robert Hagen (@rnh556)

© 2012–2018 Michael DeHaan
© 2018–2019 Red Hat, Inc.
Licensed under the GNU General Public License version 3.
https://docs.ansible.com/ansible/2.10/collections/community/network/panos_match_rule_module.html


Retrieved from "https://getdocs.org/index.php?title=Ansible/docs/2.10/collections/community/network/panos_match_rule_module&oldid=57793"
Powered by MediaWiki