community.network.panos_object – create/read/update/delete object in PAN-OS or Panorama

Note

This plugin is part of the community.network collection (version 1.3.0).

To install it use: ansible-galaxy collection install community.network.

To use it in a playbook, specify: community.network.panos_object.

DEPRECATED
Synopsis
Requirements
Parameters
Notes
Examples
Status

DEPRECATED

Removed in: version 2.0.0
Why: Consolidating code base.
Alternative: Use https://galaxy.ansible.com/PaloAltoNetworks/paloaltonetworks instead.

Synopsis

Policy objects form the match criteria for policy rules and many other functions in PAN-OS. These may include address object, address groups, service objects, service groups, and tag.

Requirements

The below requirements are needed on the host that executes this module.

pan-python can be obtained from PyPI https://pypi.org/project/pan-python/
pandevice can be obtained from PyPI https://pypi.org/project/pandevice/

Parameters

Parameter	Choices/Defaults	Comments
address string		The IP address of the host or network in CIDR notation.
address_type string	Choices: ip-netmask ← ip-range fqdn	The type of address object definition. Valid types are ip-netmask and ip-range.
addressgroup string		A static group of address objects or dynamic address group.
addressobject string		The name of the address object.
api_key string		API key that can be used instead of username/password credentials.
color string	Choices: red green blue yellow copper orange purple gray light green cyan light gray blue gray lime black gold brown	- The color of the tag object. Valid values are red, green, blue, yellow, copper, orange, purple, gray, light green, cyan, light gray, blue gray, lime, black, gold, and brown.
description string		The description of the object.
destination_port string		The destination port to be used in a service object definition.
devicegroup string		- The name of the Panorama device group. The group must exist on Panorama. If device group is not defined it is assumed that we are contacting a firewall.
dynamic_value string		The filter match criteria to be used in a dynamic addressgroup definition.
ip_address string / required		IP address (or hostname) of PAN-OS device or Panorama management console being configured.
operation string / required	Choices: add update delete find	The operation to be performed. Supported values are add/delete/find.
password string / required		Password credentials to use for authentication.
protocol string	Choices: tcp udp	The IP protocol to be used in a service object definition. Valid values are tcp or udp.
servicegroup string		A group of service objects.
serviceobject string		The name of the service object.
services string		The group of service objects used in a servicegroup definition.
source_port string		The source port to be used in a service object definition.
static_value string		A group of address objects to be used in an addressgroup definition.
tag_name string		The name of an object or rule tag.
username string	Default: "admin"	Username credentials to use for authentication.

Notes

Note

Checkmode is not supported.
Panorama is supported.

Examples

- name: Search for shared address object
  community.network.panos_object:
    ip_address: '{{ ip_address }}'
    username: '{{ username }}'
    password: '{{ password }}'
    operation: 'find'
    address: 'DevNet'

- name: Create an address group in devicegroup using API key
  community.network.panos_object:
    ip_address: '{{ ip_address }}'
    api_key: '{{ api_key }}'
    operation: 'add'
    addressgroup: 'Prod_DB_Svrs'
    static_value: ['prod-db1', 'prod-db2', 'prod-db3']
    description: 'Production DMZ database servers'
    tag_name: 'DMZ'
    devicegroup: 'DMZ Firewalls'

- name: Create a global service for TCP 3306
  community.network.panos_object:
    ip_address: '{{ ip_address }}'
    api_key: '{{ api_key }}'
    operation: 'add'
    serviceobject: 'mysql-3306'
    destination_port: '3306'
    protocol: 'tcp'
    description: 'MySQL on tcp/3306'

- name: Create a global tag
  community.network.panos_object:
    ip_address: '{{ ip_address }}'
    username: '{{ username }}'
    password: '{{ password }}'
    operation: 'add'
    tag_name: 'ProjectX'
    color: 'yellow'
    description: 'Associated with Project X'

- name: Delete an address object from a devicegroup using API key
  community.network.panos_object:
    ip_address: '{{ ip_address }}'
    api_key: '{{ api_key }}'
    operation: 'delete'
    addressobject: 'Win2K test'

Status

This module will be removed in version 2.0.0. [deprecated]
For more information see DEPRECATED.

Authors

Bob Hagen (@rnh556)

© 2012–2018 Michael DeHaan
© 2018–2019 Red Hat, Inc.
Licensed under the GNU General Public License version 3.
https://docs.ansible.com/ansible/2.10/collections/community/network/panos_object_module.html