panos_object - create/read/update/delete object in PAN-OS or Panorama

New in version 2.4.

Synopsis

  • Policy objects form the match criteria for policy rules and many other functions in PAN-OS. These may include address object, address groups, service objects, service groups, and tag.

Requirements (on host that executes module)

Options

parameter required default choices comments
address
 no
The IP address of the host or network in CIDR notation.
address_type
 no
The type of address object definition. Valid types are ip-netmask and ip-range.
addressgroup
 no
A static group of address objects or dynamic address group.
addressobject
 no
The name of the address object.
api_key
 no
API key that can be used instead of username/password credentials.
color
 no
- The color of the tag object. Valid values are red, green, blue, yellow, copper, orange, purple, gray, light green, cyan, light gray, blue gray, lime, black, gold, and brown.
description
 no
The description of the object.
destination_port
 no
The destination port to be used in a service object definition.
devicegroup
 no None
- The name of the Panorama device group. The group must exist on Panorama. If device group is not defined it is assumed that we are contacting a firewall.
dynamic_value
 no
The filter match criteria to be used in a dynamic addressgroup definition.
ip_address
 yes
IP address (or hostname) of PAN-OS device or Panorama management console being configured.
operation
 yes
The operation to be performed. Supported values are add/delete/find.
password
 yes
Password credentials to use for authentication.
protocol
 no
The IP protocol to be used in a service object definition. Valid values are tcp or udp.
servicegroup
 no
A group of service objects.
serviceobject
 no
The name of the service object.
services
 no
The group of service objects used in a servicegroup definition.
source_port
 no
The source port to be used in a service object definition.
static_value
 no
A group of address objects to be used in an addressgroup definition.
tag_name
 no
The name of an object or rule tag.
username
 no admin
Username credentials to use for authentication.

Examples

- name: search for shared address object
  panos_object:
    ip_address: '{{ ip_address }}'
    username: '{{ username }}'
    password: '{{ password }}'
    operation: 'find'
    address: 'DevNet'

- name: create an address group in devicegroup using API key
  panos_object:
    ip_address: '{{ ip_address }}'
    api_key: '{{ api_key }}'
    operation: 'add'
    addressgroup: 'Prod_DB_Svrs'
    static_value: ['prod-db1', 'prod-db2', 'prod-db3']
    description: 'Production DMZ database servers'
    tag_name: 'DMZ'
    devicegroup: 'DMZ Firewalls'

- name: create a global service for TCP 3306
  panos_object:
    ip_address: '{{ ip_address }}'
    api_key: '{{ api_key }}'
    operation: 'add'
    serviceobject: 'mysql-3306'
    destination_port: '3306'
    protocol: 'tcp'
    description: 'MySQL on tcp/3306'

- name: create a global tag
  panos_object:
    ip_address: '{{ ip_address }}'
    username: '{{ username }}'
    password: '{{ password }}'
    operation: 'add'
    tag_name: 'ProjectX'
    color: 'yellow'
    description: 'Associated with Project X'

- name: delete an address object from a devicegroup using API key
  panos_object:
    ip_address: '{{ ip_address }}'
    api_key: '{{ api_key }}'
    operation: 'delete'
    addressobject: 'Win2K test'

Notes

Note

  • Checkmode is not supported.
  • Panorama is supported.

Status

This module is flagged as preview which means that it is not guaranteed to have a backwards compatible interface.

For help in developing on modules, should you be so inclined, please read Community Information & Contributing, Testing Ansible and Developing Modules.

© 2012–2018 Michael DeHaan
© 2018–2019 Red Hat, Inc.
Licensed under the GNU General Public License version 3.
https://docs.ansible.com/ansible/2.4/panos_object_module.html