community.network.panos_object – create/read/update/delete object in PAN-OS or Panorama
community.network.panos_object – create/read/update/delete object in PAN-OS or Panorama
Note
This plugin is part of the community.network collection (version 1.3.0).
To install it use: ansible-galaxy collection install community.network.
To use it in a playbook, specify: community.network.panos_object.
DEPRECATED
- Removed in
- version 2.0.0
- Why
- Consolidating code base.
- Alternative
- Use https://galaxy.ansible.com/PaloAltoNetworks/paloaltonetworks instead.
Synopsis
- Policy objects form the match criteria for policy rules and many other functions in PAN-OS. These may include address object, address groups, service objects, service groups, and tag.
Requirements
The below requirements are needed on the host that executes this module.
- pan-python can be obtained from PyPI https://pypi.org/project/pan-python/
- pandevice can be obtained from PyPI https://pypi.org/project/pandevice/
Parameters
| Parameter | Choices/Defaults | Comments |
|---|---|---|
|
address string |
The IP address of the host or network in CIDR notation. | |
|
address_type string |
|
The type of address object definition. Valid types are ip-netmask and ip-range. |
|
addressgroup string |
A static group of address objects or dynamic address group. | |
|
addressobject string |
The name of the address object. | |
|
api_key string |
API key that can be used instead of username/password credentials. | |
|
color string |
|
- The color of the tag object. Valid values are red, green, blue, yellow, copper, orange, purple, gray, light green, cyan, light gray, blue gray, lime, black, gold, and brown. |
|
description string |
The description of the object. | |
|
destination_port string |
The destination port to be used in a service object definition. | |
|
devicegroup string |
- The name of the Panorama device group. The group must exist on Panorama. If device group is not defined it is assumed that we are contacting a firewall. | |
|
dynamic_value string |
The filter match criteria to be used in a dynamic addressgroup definition. | |
|
ip_address string / required |
IP address (or hostname) of PAN-OS device or Panorama management console being configured. | |
|
operation string / required |
|
The operation to be performed. Supported values are add/delete/find. |
|
password string / required |
Password credentials to use for authentication. | |
|
protocol string |
|
The IP protocol to be used in a service object definition. Valid values are tcp or udp. |
|
servicegroup string |
A group of service objects. | |
|
serviceobject string |
The name of the service object. | |
|
services string |
The group of service objects used in a servicegroup definition. | |
|
source_port string |
The source port to be used in a service object definition. | |
|
static_value string |
A group of address objects to be used in an addressgroup definition. | |
|
tag_name string |
The name of an object or rule tag. | |
|
username string |
Default: "admin" |
Username credentials to use for authentication. |
Notes
Note
- Checkmode is not supported.
- Panorama is supported.
Examples
- name: Search for shared address object
community.network.panos_object:
ip_address: '{{ ip_address }}'
username: '{{ username }}'
password: '{{ password }}'
operation: 'find'
address: 'DevNet'
- name: Create an address group in devicegroup using API key
community.network.panos_object:
ip_address: '{{ ip_address }}'
api_key: '{{ api_key }}'
operation: 'add'
addressgroup: 'Prod_DB_Svrs'
static_value: ['prod-db1', 'prod-db2', 'prod-db3']
description: 'Production DMZ database servers'
tag_name: 'DMZ'
devicegroup: 'DMZ Firewalls'
- name: Create a global service for TCP 3306
community.network.panos_object:
ip_address: '{{ ip_address }}'
api_key: '{{ api_key }}'
operation: 'add'
serviceobject: 'mysql-3306'
destination_port: '3306'
protocol: 'tcp'
description: 'MySQL on tcp/3306'
- name: Create a global tag
community.network.panos_object:
ip_address: '{{ ip_address }}'
username: '{{ username }}'
password: '{{ password }}'
operation: 'add'
tag_name: 'ProjectX'
color: 'yellow'
description: 'Associated with Project X'
- name: Delete an address object from a devicegroup using API key
community.network.panos_object:
ip_address: '{{ ip_address }}'
api_key: '{{ api_key }}'
operation: 'delete'
addressobject: 'Win2K test'Status
- This module will be removed in version 2.0.0. [deprecated]
- For more information see DEPRECATED.
Authors
- Bob Hagen (@rnh556)
© 2012–2018 Michael DeHaan
© 2018–2019 Red Hat, Inc.
Licensed under the GNU General Public License version 3.
https://docs.ansible.com/ansible/2.10/collections/community/network/panos_object_module.html
