community.network.panos_object – create/read/update/delete object in PAN-OS or Panorama

Note

This plugin is part of the community.network collection.

To install it use: ansible-galaxy collection install community.network.

To use it in a playbook, specify: community.network.panos_object.

DEPRECATED

Removed in

version 2.0.0

Why

Consolidating code base.

Alternative

Use https://galaxy.ansible.com/PaloAltoNetworks/paloaltonetworks instead.

Synopsis

  • Policy objects form the match criteria for policy rules and many other functions in PAN-OS. These may include address object, address groups, service objects, service groups, and tag.

Requirements

The below requirements are needed on the host that executes this module.

Parameters

Parameter Choices/Defaults Comments
address
string
The IP address of the host or network in CIDR notation.
address_type
string
    Choices:
  • ip-netmask ←
  • ip-range
  • fqdn
The type of address object definition. Valid types are ip-netmask and ip-range.
addressgroup
string
A static group of address objects or dynamic address group.
addressobject
string
The name of the address object.
api_key
string
API key that can be used instead of username/password credentials.
color
string
    Choices:
  • red
  • green
  • blue
  • yellow
  • copper
  • orange
  • purple
  • gray
  • light green
  • cyan
  • light gray
  • blue gray
  • lime
  • black
  • gold
  • brown
- The color of the tag object. Valid values are red, green, blue, yellow, copper, orange, purple, gray, light green, cyan, light gray, blue gray, lime, black, gold, and brown.
description
string
The description of the object.
destination_port
string
The destination port to be used in a service object definition.
devicegroup
string
- The name of the Panorama device group. The group must exist on Panorama. If device group is not defined it is assumed that we are contacting a firewall.
dynamic_value
string
The filter match criteria to be used in a dynamic addressgroup definition.
ip_address
string / required
IP address (or hostname) of PAN-OS device or Panorama management console being configured.
operation
string / required
    Choices:
  • add
  • update
  • delete
  • find
The operation to be performed. Supported values are add/delete/find.
password
string / required
Password credentials to use for authentication.
protocol
string
    Choices:
  • tcp
  • udp
The IP protocol to be used in a service object definition. Valid values are tcp or udp.
servicegroup
string
A group of service objects.
serviceobject
string
The name of the service object.
services
string
The group of service objects used in a servicegroup definition.
source_port
string
The source port to be used in a service object definition.
static_value
string
A group of address objects to be used in an addressgroup definition.
tag_name
string
The name of an object or rule tag.
username
string
Default:
"admin"
Username credentials to use for authentication.

Notes

Note

  • Checkmode is not supported.

  • Panorama is supported.

Examples

- name: Search for shared address object
  community.network.panos_object:
    ip_address: '{{ ip_address }}'
    username: '{{ username }}'
    password: '{{ password }}'
    operation: 'find'
    address: 'DevNet'

- name: Create an address group in devicegroup using API key
  community.network.panos_object:
    ip_address: '{{ ip_address }}'
    api_key: '{{ api_key }}'
    operation: 'add'
    addressgroup: 'Prod_DB_Svrs'
    static_value: ['prod-db1', 'prod-db2', 'prod-db3']
    description: 'Production DMZ database servers'
    tag_name: 'DMZ'
    devicegroup: 'DMZ Firewalls'

- name: Create a global service for TCP 3306
  community.network.panos_object:
    ip_address: '{{ ip_address }}'
    api_key: '{{ api_key }}'
    operation: 'add'
    serviceobject: 'mysql-3306'
    destination_port: '3306'
    protocol: 'tcp'
    description: 'MySQL on tcp/3306'

- name: Create a global tag
  community.network.panos_object:
    ip_address: '{{ ip_address }}'
    username: '{{ username }}'
    password: '{{ password }}'
    operation: 'add'
    tag_name: 'ProjectX'
    color: 'yellow'
    description: 'Associated with Project X'

- name: Delete an address object from a devicegroup using API key
  community.network.panos_object:
    ip_address: '{{ ip_address }}'
    api_key: '{{ api_key }}'
    operation: 'delete'
    addressobject: 'Win2K test'

Status

  • This module will be removed in version 2.0.0. [deprecated]

  • For more information see DEPRECATED.

Authors

  • Bob Hagen (@rnh556)