You are reading an unmaintained version of the Ansible documentation. Unmaintained Ansible versions can contain unfixed security vulnerabilities (CVE). Please upgrade to a maintained version. See the latest Ansible documentation.

panos_nat_rule - create a policy NAT rule¶

New in version 2.4.

Synopsis
Requirements (on host that executes module)
Options
Examples
Notes
- Status

Synopsis ¶

Create a policy nat rule. Keep in mind that we can either end up configuring source NAT, destination NAT, or both. Instead of splitting it into two we will make a fair attempt to determine which one the user wants.

Requirements (on host that executes module)¶

pan-python can be obtained from PyPi https://pypi.python.org/pypi/pan-python

pandevice can be obtained from PyPi https://pypi.python.org/pypi/pandevice

Options ¶

parameter	required	default	choices	comments
api_key	no			API key that can be used instead of username/password credentials.
commit	no	True		Commit configuration if changed.
destination_ip	no	[u'any']		list of destination addresses
destination_zone	yes			destination zone
dnat_address	no	None		dnat translated address
dnat_port	no	None		dnat translated port
ip_address	yes			IP address (or hostname) of PAN-OS device being configured.
operation	no			The action to be taken. Supported values are add/update/find/delete.
password	yes			Password credentials to use for auth unless api_key is set.
rule_name	yes			name of the SNAT rule
service	no	any		service
snat_address_type	no	translated-address		type of source translation. Supported values are translated-address/translated-address.
snat_bidirectional	no	false		bidirectional flag
snat_dynamic_address	no	None		Source NAT translated address. Used with Dynamic-IP and Dynamic-IP-and-Port.
snat_interface	no	None		snat interface
snat_interface_address	no	None		snat interface address
snat_static_address	no	None		Source NAT translated address. Used with Static-IP translation.
snat_type	no	None		type of source translation
source_ip	no	[u'any']		list of source addresses
source_zone	yes			list of source zones
username	no	admin		Username credentials to use for auth unless api_key is set.

Examples ¶

# Create a source and destination nat rule
  - name: Create NAT SSH rule for 10.0.1.101
    panos_nat_rule:
      ip_address: '{{ ip_address }}'
      username: '{{ username }}'
      password: '{{ password }}'
      rule_name: "Web SSH"
      source_zone: ["external"]
      destination_zone: "external"
      source: ["any"]
      destination: ["10.0.0.100"]
      service: "service-tcp-221"
      snat_type: "dynamic-ip-and-port"
      snat_interface: "ethernet1/2"
      dnat_address: "10.0.1.101"
      dnat_port: "22"

Notes ¶

Note

Checkmode is not supported.
Panorama is supported.

Status ¶

This module is flagged as preview which means that it is not guaranteed to have a backwards compatible interface.

For help in developing on modules, should you be so inclined, please read Community Information & Contributing, Testing Ansible and Developing Modules.