panos_query_rules – PANOS module that allows search for security rules in PANW NGFW devices¶
New in version 2.5.
DEPRECATED¶
- Removed in Ansible
version: 2.12
- Why
Consolidating code base.
- Alternative
Use https://galaxy.ansible.com/PaloAltoNetworks/paloaltonetworks instead.
Synopsis¶
Security policies allow you to enforce rules and take action, and can be as general or specific as needed. The policy rules are compared against the incoming traffic in sequence, and because the first rule that matches the traffic is applied, the more specific rules must precede the more general ones.
Requirements¶
The below requirements are needed on the host that executes this module.
pan-python can be obtained from PyPI https://pypi.org/project/pan-python/
pandevice can be obtained from PyPI https://pypi.org/project/pandevice/
xmltodict can be obtains from PyPI https://pypi.org/project/xmltodict/
Parameters¶
Examples¶
- name: search for rules with tcp/3306
panos_query_rules:
ip_address: '{{ ip_address }}'
username: '{{ username }}'
password: '{{ password }}'
source_zone: 'DevNet'
destination_zone: 'DevVPC'
destination_port: '3306'
protocol: 'tcp'
- name: search devicegroup for inbound rules to dmz host
panos_query_rules:
ip_address: '{{ ip_address }}'
api_key: '{{ api_key }}'
destination_zone: 'DMZ'
destination_ip: '10.100.42.18'
address: 'DeviceGroupA'
- name: search for rules containing a specified rule tag
panos_query_rules:
ip_address: '{{ ip_address }}'
username: '{{ username }}'
password: '{{ password }}'
tag_name: 'ProjectX'
Status¶
This module will be removed in version 2.12. [deprecated]
For more information see DEPRECATED.
Authors¶
Bob Hagen (@rnh556)
Hint
If you notice any issues in this documentation, you can edit this document to improve it.