New in version 2.4.
| Removed in Ansible: | |
|---|---|
| version: 2.12 | |
| Why: | Consolidating code base. |
| Alternative: | Use https://galaxy.ansible.com/PaloAltoNetworks/paloaltonetworks instead. |
The below requirements are needed on the host that executes this module.
| Parameter | Choices/Defaults | Comments |
|---|---|---|
| address - | The IP address of the host or network in CIDR notation. | |
| address_type - |
| The type of address object definition. Valid types are ip-netmask and ip-range. |
| addressgroup - | A static group of address objects or dynamic address group. | |
| addressobject - | The name of the address object. | |
| api_key - | API key that can be used instead of username/password credentials. | |
| color - |
| - The color of the tag object. Valid values are red, green, blue, yellow, copper, orange, purple, gray, light green, cyan, light gray, blue gray, lime, black, gold, and brown. |
| description - | The description of the object. | |
| destination_port - | The destination port to be used in a service object definition. | |
| devicegroup - | - The name of the Panorama device group. The group must exist on Panorama. If device group is not defined it is assumed that we are contacting a firewall. | |
| dynamic_value - | The filter match criteria to be used in a dynamic addressgroup definition. | |
| ip_address - / required | IP address (or hostname) of PAN-OS device or Panorama management console being configured. | |
| operation - / required |
| The operation to be performed. Supported values are add/delete/find. |
| password - / required | Password credentials to use for authentication. | |
| protocol - |
| The IP protocol to be used in a service object definition. Valid values are tcp or udp. |
| servicegroup - | A group of service objects. | |
| serviceobject - | The name of the service object. | |
| services - | The group of service objects used in a servicegroup definition. | |
| source_port - | The source port to be used in a service object definition. | |
| static_value - | A group of address objects to be used in an addressgroup definition. | |
| tag_name - | The name of an object or rule tag. | |
| username - | Default: "admin" | Username credentials to use for authentication. |
Note
- name: search for shared address object
panos_object:
ip_address: '{{ ip_address }}'
username: '{{ username }}'
password: '{{ password }}'
operation: 'find'
address: 'DevNet'
- name: create an address group in devicegroup using API key
panos_object:
ip_address: '{{ ip_address }}'
api_key: '{{ api_key }}'
operation: 'add'
addressgroup: 'Prod_DB_Svrs'
static_value: ['prod-db1', 'prod-db2', 'prod-db3']
description: 'Production DMZ database servers'
tag_name: 'DMZ'
devicegroup: 'DMZ Firewalls'
- name: create a global service for TCP 3306
panos_object:
ip_address: '{{ ip_address }}'
api_key: '{{ api_key }}'
operation: 'add'
serviceobject: 'mysql-3306'
destination_port: '3306'
protocol: 'tcp'
description: 'MySQL on tcp/3306'
- name: create a global tag
panos_object:
ip_address: '{{ ip_address }}'
username: '{{ username }}'
password: '{{ password }}'
operation: 'add'
tag_name: 'ProjectX'
color: 'yellow'
description: 'Associated with Project X'
- name: delete an address object from a devicegroup using API key
panos_object:
ip_address: '{{ ip_address }}'
api_key: '{{ api_key }}'
operation: 'delete'
addressobject: 'Win2K test'
Hint
If you notice any issues in this documentation, you can edit this document to improve it.
© 2012–2018 Michael DeHaan
© 2018–2019 Red Hat, Inc.
Licensed under the GNU General Public License version 3.
https://docs.ansible.com/ansible/2.9/modules/panos_object_module.html