community.network.panos_query_rules – PANOS module that allows search for security rules in PANW NGFW devices.

Note

This plugin is part of the community.network collection.

To install it use: ansible-galaxy collection install community.network.

To use it in a playbook, specify: community.network.panos_query_rules.

DEPRECATED

Removed in

version 2.0.0

Why

Consolidating code base.

Alternative

Use https://galaxy.ansible.com/PaloAltoNetworks/paloaltonetworks instead.

Synopsis

    • Security policies allow you to enforce rules and take action, and can be as general or specific as needed. The policy rules are compared against the incoming traffic in sequence, and because the first rule that matches the traffic is applied, the more specific rules must precede the more general ones.

Requirements

The below requirements are needed on the host that executes this module.

Parameters

Parameter Choices/Defaults Comments
api_key
string
API key that can be used instead of username/password credentials.
application
string
Name of the application or application group to be queried.
destination_ip
string
The destination IP address to be queried.
destination_port
string
The destination port to be queried.
destination_zone
string
Name of the destination security zone to be queried.
devicegroup
string
The Panorama device group in which to conduct the query.
ip_address
string / required
IP address (or hostname) of PAN-OS firewall or Panorama management console being queried.
password
string / required
Password credentials to use for authentication.
protocol
string
    Choices:
  • tcp
  • udp
The protocol used to be queried. Must be either tcp or udp.
source_ip
string
The source IP address to be queried.
source_port
string
The source port to be queried.
source_zone
string
Name of the source security zone to be queried.
tag_name
string
Name of the rule tag to be queried.
username
string
Default:
"admin"
Username credentials to use for authentication.

Notes

Note

  • Checkmode is not supported.

  • Panorama is supported.

Examples

- name: Search for rules with tcp/3306
  community.network.panos_query_rules:
    ip_address: '{{ ip_address }}'
    username: '{{ username }}'
    password: '{{ password }}'
    source_zone: 'DevNet'
    destination_zone: 'DevVPC'
    destination_port: '3306'
    protocol: 'tcp'

- name: Search devicegroup for inbound rules to dmz host
  community.network.panos_query_rules:
    ip_address: '{{ ip_address }}'
    api_key: '{{ api_key }}'
    destination_zone: 'DMZ'
    destination_ip: '10.100.42.18'
    address: 'DeviceGroupA'

- name: Search for rules containing a specified rule tag
  community.network.panos_query_rules:
    ip_address: '{{ ip_address }}'
    username: '{{ username }}'
    password: '{{ password }}'
    tag_name: 'ProjectX'

Status

  • This module will be removed in version 2.0.0. [deprecated]

  • For more information see DEPRECATED.

Authors

  • Bob Hagen (@rnh556)