panos_object – create/read/update/delete object in PAN-OS or Panorama

From Get docs
Ansible/docs/2.8/modules/panos object module


panos_object – create/read/update/delete object in PAN-OS or Panorama

New in version 2.4.


DEPRECATED

Removed in Ansible:
version: 2.12
Why: Consolidating code base.
Alternative: Use https://galaxy.ansible.com/PaloAltoNetworks/paloaltonetworks instead.

Synopsis

  • Policy objects form the match criteria for policy rules and many other functions in PAN-OS. These may include address object, address groups, service objects, service groups, and tag.

Requirements

The below requirements are needed on the host that executes this module.

Parameters

Parameter Choices/Defaults Comments

address

-

The IP address of the host or network in CIDR notation.

address_type

-

  • ip-netmask

  • ip-range
  • fqdn

The type of address object definition. Valid types are ip-netmask and ip-range.

addressgroup

-

A static group of address objects or dynamic address group.

addressobject

-

The name of the address object.

api_key

-

API key that can be used instead of username/password credentials.

color

-

  • red
  • green
  • blue
  • yellow
  • copper
  • orange
  • purple
  • gray
  • light green
  • cyan
  • light gray
  • blue gray
  • lime
  • black
  • gold
  • brown

- The color of the tag object. Valid values are red, green, blue, yellow, copper, orange, purple, gray, light green, cyan, light gray, blue gray, lime, black, gold, and brown.

description

-

The description of the object.

destination_port

-

The destination port to be used in a service object definition.

devicegroup

-

- The name of the Panorama device group. The group must exist on Panorama. If device group is not defined it is assumed that we are contacting a firewall.

dynamic_value

-

The filter match criteria to be used in a dynamic addressgroup definition.

ip_address

- / required

IP address (or hostname) of PAN-OS device or Panorama management console being configured.

operation

- / required

  • add
  • update
  • delete
  • find

The operation to be performed. Supported values are add/delete/find.

password

- / required

Password credentials to use for authentication.

protocol

-

  • tcp
  • udp

The IP protocol to be used in a service object definition. Valid values are tcp or udp.

servicegroup

-

A group of service objects.

serviceobject

-

The name of the service object.

services

-

The group of service objects used in a servicegroup definition.

source_port

-

The source port to be used in a service object definition.

static_value

-

A group of address objects to be used in an addressgroup definition.

tag_name

-

The name of an object or rule tag.

username

-

Default:

"admin"

Username credentials to use for authentication.



Notes

Note

  • Checkmode is not supported.
  • Panorama is supported.


Examples

- name: search for shared address object
  panos_object:
    ip_address: '{{ ip_address }}'
    username: '{{ username }}'
    password: '{{ password }}'
    operation: 'find'
    address: 'DevNet'

- name: create an address group in devicegroup using API key
  panos_object:
    ip_address: '{{ ip_address }}'
    api_key: '{{ api_key }}'
    operation: 'add'
    addressgroup: 'Prod_DB_Svrs'
    static_value: ['prod-db1', 'prod-db2', 'prod-db3']
    description: 'Production DMZ database servers'
    tag_name: 'DMZ'
    devicegroup: 'DMZ Firewalls'

- name: create a global service for TCP 3306
  panos_object:
    ip_address: '{{ ip_address }}'
    api_key: '{{ api_key }}'
    operation: 'add'
    serviceobject: 'mysql-3306'
    destination_port: '3306'
    protocol: 'tcp'
    description: 'MySQL on tcp/3306'

- name: create a global tag
  panos_object:
    ip_address: '{{ ip_address }}'
    username: '{{ username }}'
    password: '{{ password }}'
    operation: 'add'
    tag_name: 'ProjectX'
    color: 'yellow'
    description: 'Associated with Project X'

- name: delete an address object from a devicegroup using API key
  panos_object:
    ip_address: '{{ ip_address }}'
    api_key: '{{ api_key }}'
    operation: 'delete'
    addressobject: 'Win2K test'

Status

  • This module will be removed in version 2.12. [deprecated]
  • For more information see DEPRECATED.

Authors

  • Bob Hagen (@rnh556)

Hint

If you notice any issues in this documentation you can edit this document to improve it.


© 2012–2018 Michael DeHaan
© 2018–2019 Red Hat, Inc.
Licensed under the GNU General Public License version 3.
https://docs.ansible.com/ansible/2.8/modules/panos_object_module.html