panos_object – create/read/update/delete object in PAN-OS or Panorama

New in version 2.4.

DEPRECATED

Removed in Ansible

version: 2.12

Why

Consolidating code base.

Alternative

Use https://galaxy.ansible.com/PaloAltoNetworks/paloaltonetworks instead.

Synopsis

  • Policy objects form the match criteria for policy rules and many other functions in PAN-OS. These may include address object, address groups, service objects, service groups, and tag.

Requirements

The below requirements are needed on the host that executes this module.

Parameters

Parameter Choices/Defaults Comments
address
-
The IP address of the host or network in CIDR notation.
address_type
-
    Choices:
  • ip-netmask ←
  • ip-range
  • fqdn
The type of address object definition. Valid types are ip-netmask and ip-range.
addressgroup
-
A static group of address objects or dynamic address group.
addressobject
-
The name of the address object.
api_key
-
API key that can be used instead of username/password credentials.
color
-
    Choices:
  • red
  • green
  • blue
  • yellow
  • copper
  • orange
  • purple
  • gray
  • light green
  • cyan
  • light gray
  • blue gray
  • lime
  • black
  • gold
  • brown
- The color of the tag object. Valid values are red, green, blue, yellow, copper, orange, purple, gray, light green, cyan, light gray, blue gray, lime, black, gold, and brown.
description
-
The description of the object.
destination_port
-
The destination port to be used in a service object definition.
devicegroup
-
- The name of the Panorama device group. The group must exist on Panorama. If device group is not defined it is assumed that we are contacting a firewall.
dynamic_value
-
The filter match criteria to be used in a dynamic addressgroup definition.
ip_address
- / required
IP address (or hostname) of PAN-OS device or Panorama management console being configured.
operation
- / required
    Choices:
  • add
  • update
  • delete
  • find
The operation to be performed. Supported values are add/delete/find.
password
- / required
Password credentials to use for authentication.
protocol
-
    Choices:
  • tcp
  • udp
The IP protocol to be used in a service object definition. Valid values are tcp or udp.
servicegroup
-
A group of service objects.
serviceobject
-
The name of the service object.
services
-
The group of service objects used in a servicegroup definition.
source_port
-
The source port to be used in a service object definition.
static_value
-
A group of address objects to be used in an addressgroup definition.
tag_name
-
The name of an object or rule tag.
username
-
Default:
"admin"
Username credentials to use for authentication.

Notes

Note

  • Checkmode is not supported.

  • Panorama is supported.

Examples

- name: search for shared address object
  panos_object:
    ip_address: '{{ ip_address }}'
    username: '{{ username }}'
    password: '{{ password }}'
    operation: 'find'
    address: 'DevNet'

- name: create an address group in devicegroup using API key
  panos_object:
    ip_address: '{{ ip_address }}'
    api_key: '{{ api_key }}'
    operation: 'add'
    addressgroup: 'Prod_DB_Svrs'
    static_value: ['prod-db1', 'prod-db2', 'prod-db3']
    description: 'Production DMZ database servers'
    tag_name: 'DMZ'
    devicegroup: 'DMZ Firewalls'

- name: create a global service for TCP 3306
  panos_object:
    ip_address: '{{ ip_address }}'
    api_key: '{{ api_key }}'
    operation: 'add'
    serviceobject: 'mysql-3306'
    destination_port: '3306'
    protocol: 'tcp'
    description: 'MySQL on tcp/3306'

- name: create a global tag
  panos_object:
    ip_address: '{{ ip_address }}'
    username: '{{ username }}'
    password: '{{ password }}'
    operation: 'add'
    tag_name: 'ProjectX'
    color: 'yellow'
    description: 'Associated with Project X'

- name: delete an address object from a devicegroup using API key
  panos_object:
    ip_address: '{{ ip_address }}'
    api_key: '{{ api_key }}'
    operation: 'delete'
    addressobject: 'Win2K test'

Status

  • This module will be removed in version 2.12. [deprecated]

  • For more information see DEPRECATED.

Authors

  • Bob Hagen (@rnh556)

Hint

If you notice any issues in this documentation you can edit this document to improve it.