Documentation

panos_nat_policy - create a policy NAT rule

New in version 2.3.

Synopsis

  • Create a policy nat rule. Keep in mind that we can either end up configuring source NAT, destination NAT, or both. Instead of splitting it into two we will make a fair attempt to determine which one the user wants.

Options

parameter required default choices comments
commit
no True
commit if changed
destination
no [u'any']
list of destination addresses
dnat_address
no None
dnat translated address
dnat_port
no None
dnat translated port
from_zone
yes
list of source zones
ip_address
yes
IP address (or hostname) of PAN-OS device
override
no false
attempt to override rule if one with the same name already exists
password
yes
password for authentication
rule_name
yes
name of the SNAT rule
service
no any
service
snat_address
no None
snat translated address
snat_bidirectional
no false
bidirectional flag
snat_interface
no None
snat interface
snat_interface_address
no None
snat interface address
snat_type
no None
type of source translation
source
no [u'any']
list of source addresses
to_zone
yes
destination zone
username
no admin
username for authentication

Examples

# Create a source and destination nat rule
  - name: create nat SSH221 rule for 10.0.1.101
    panos_nat:
      ip_address: "192.168.1.1"
      password: "admin"
      rule_name: "Web SSH"
      from_zone: ["external"]
      to_zone: "external"
      source: ["any"]
      destination: ["10.0.0.100"]
      service: "service-tcp-221"
      snat_type: "dynamic-ip-and-port"
      snat_interface: "ethernet1/2"
      dnat_address: "10.0.1.101"
      dnat_port: "22"
      commit: False

Status

This module is flagged as preview which means that it is not guaranteed to have a backwards compatible interface.

Support

This module is community maintained without core committer oversight.

For more information on what this means please read Module Support

For help in developing on modules, should you be so inclined, please read Community Information & Contributing, Helping Testing PRs and Developing Modules.