New in version 2.4.
- pan-python can be obtained from PyPi https://pypi.python.org/pypi/pan-python
- pandevice can be obtained from PyPi https://pypi.python.org/pypi/pandevice
| parameter | required | default | choices | comments |
|---|---|---|---|---|
| address |
no |
The IP address of the host or network in CIDR notation.
|
||
| address_type |
no |
The type of address object definition. Valid types are ip-netmask and ip-range.
|
||
| addressgroup |
no |
A static group of address objects or dynamic address group.
|
||
| addressobject |
no |
The name of the address object.
|
||
| api_key |
no |
API key that can be used instead of username/password credentials.
|
||
| color |
no |
- The color of the tag object. Valid values are red, green, blue, yellow, copper, orange, purple, gray, light green, cyan, light gray, blue gray, lime, black, gold, and brown.
|
||
| description |
no |
The description of the object.
|
||
| destination_port |
no |
The destination port to be used in a service object definition.
|
||
| devicegroup |
no | None |
- The name of the Panorama device group. The group must exist on Panorama. If device group is not defined it is assumed that we are contacting a firewall.
|
|
| dynamic_value |
no |
The filter match criteria to be used in a dynamic addressgroup definition.
|
||
| ip_address |
yes |
IP address (or hostname) of PAN-OS device or Panorama management console being configured.
|
||
| operation |
yes |
The operation to be performed. Supported values are add/delete/find.
|
||
| password |
yes |
Password credentials to use for authentication.
|
||
| protocol |
no |
The IP protocol to be used in a service object definition. Valid values are tcp or udp.
|
||
| servicegroup |
no |
A group of service objects.
|
||
| serviceobject |
no |
The name of the service object.
|
||
| services |
no |
The group of service objects used in a servicegroup definition.
|
||
| source_port |
no |
The source port to be used in a service object definition.
|
||
| static_value |
no |
A group of address objects to be used in an addressgroup definition.
|
||
| tag_name |
no |
The name of an object or rule tag.
|
||
| username |
no | admin |
Username credentials to use for authentication.
|
- name: search for shared address object panos_object: ip_address: '{{ ip_address }}' username: '{{ username }}' password: '{{ password }}' operation: 'find' address: 'DevNet' - name: create an address group in devicegroup using API key panos_object: ip_address: '{{ ip_address }}' api_key: '{{ api_key }}' operation: 'add' addressgroup: 'Prod_DB_Svrs' static_value: ['prod-db1', 'prod-db2', 'prod-db3'] description: 'Production DMZ database servers' tag_name: 'DMZ' devicegroup: 'DMZ Firewalls' - name: create a global service for TCP 3306 panos_object: ip_address: '{{ ip_address }}' api_key: '{{ api_key }}' operation: 'add' serviceobject: 'mysql-3306' destination_port: '3306' protocol: 'tcp' description: 'MySQL on tcp/3306' - name: create a global tag panos_object: ip_address: '{{ ip_address }}' username: '{{ username }}' password: '{{ password }}' operation: 'add' tag_name: 'ProjectX' color: 'yellow' description: 'Associated with Project X' - name: delete an address object from a devicegroup using API key panos_object: ip_address: '{{ ip_address }}' api_key: '{{ api_key }}' operation: 'delete' addressobject: 'Win2K test'
Note
This module is flagged as preview which means that it is not guaranteed to have a backwards compatible interface.
For help in developing on modules, should you be so inclined, please read Community Information & Contributing, Testing Ansible and Developing Modules.