Palo Alto Networks Ansible Collection

Version: 3.0.1

The Palo Alto Networks Ansible collection is a collection of modules that automate configuration and operational tasks on Palo Alto Networks Next Generation Firewalls (both physical and virtualized) and Panorama. The underlying protocol uses API calls that are wrapped within the Ansible framework.

This is the module reference documentation. Other documentation including getting started tutorials, how-to guides and other background reading, can be found at https://pan.dev/ansible/docs/panos/

Installation

This collection has the following environment requirements:

• Python 3.10 or higher

• ansible-core 2.16 or higher

Install the collection using ansible-galaxy:

ansible-galaxy collection install paloaltonetworks.panos

Then in your playbooks you can specify that you want to use the panos collection like so:

collections:
    - paloaltonetworks.panos

• Ansible Galaxy: https://galaxy.ansible.com/ui/repo/published/paloaltonetworks/panos

• Red Hat Catalog: https://catalog.redhat.com/software/collection/paloaltonetworks/panos

• GitHub repo: https://github.com/PaloAltoNetworks/pan-os-ansible

Contents:

• Gathered Filter
  • The gathered_filter Option
  • Fields
  • Operators
  • Return Values
  • Examples
• Examples
  • Add security policy to Firewall or Panorama
  • Add NAT policy to Firewall or Panorama
  • Change firewall admin password using SSH
  • Generates self-signed certificate
  • Check if FW is ready
  • Import configuration
  • DHCP on data port
  • Load configuration
  • Event-Driven Ansible (EDA)
• Module reference
  • paloaltonetworks.panos.panos_active_in_ha module
  • paloaltonetworks.panos.panos_address_group module
  • paloaltonetworks.panos.panos_address_object module
  • paloaltonetworks.panos.panos_admin module
  • paloaltonetworks.panos.panos_administrator module
  • paloaltonetworks.panos.panos_admpwd module
  • paloaltonetworks.panos.panos_aggregate_interface module
  • paloaltonetworks.panos.panos_api_key module
  • paloaltonetworks.panos.panos_application_filter module
  • paloaltonetworks.panos.panos_application_group module
  • paloaltonetworks.panos.panos_application_object module
  • paloaltonetworks.panos.panos_bgp_aggregate module
  • paloaltonetworks.panos.panos_bgp_auth module
  • paloaltonetworks.panos.panos_bgp_conditional_advertisement module
  • paloaltonetworks.panos.panos_bgp_dampening module
  • paloaltonetworks.panos.panos_bgp module
  • paloaltonetworks.panos.panos_bgp_peer_group module
  • paloaltonetworks.panos.panos_bgp_peer module
  • paloaltonetworks.panos.panos_bgp_policy_filter module
  • paloaltonetworks.panos.panos_bgp_policy_rule module
  • paloaltonetworks.panos.panos_bgp_redistribute module
  • paloaltonetworks.panos.panos_cert_gen_ssh module
  • paloaltonetworks.panos.panos_check module
  • paloaltonetworks.panos.panos_commit_firewall module
  • paloaltonetworks.panos.panos_commit module
  • paloaltonetworks.panos.panos_commit_panorama module
  • paloaltonetworks.panos.panos_commit_push module
  • paloaltonetworks.panos.panos_config_element module
  • paloaltonetworks.panos.panos_custom_url_category module
  • paloaltonetworks.panos.panos_dag module
  • paloaltonetworks.panos.panos_dag_tags module
  • paloaltonetworks.panos.panos_decryption_rule module
  • paloaltonetworks.panos.panos_device_group module
  • paloaltonetworks.panos.panos_dhcp module
  • paloaltonetworks.panos.panos_dhcp_relay_ipv6_address module
  • paloaltonetworks.panos.panos_dhcp_relay module
  • paloaltonetworks.panos.panos_dynamic_updates module
  • paloaltonetworks.panos.panos_dynamic_user_group module
  • paloaltonetworks.panos.panos_edl module
  • paloaltonetworks.panos.panos_email_profile module
  • paloaltonetworks.panos.panos_email_server module
  • paloaltonetworks.panos.panos_export module
  • paloaltonetworks.panos.panos_facts module
  • paloaltonetworks.panos.panos_gre_tunnel module
  • paloaltonetworks.panos.panos_ha module
  • paloaltonetworks.panos.panos_http_profile_header module
  • paloaltonetworks.panos.panos_http_profile module
  • paloaltonetworks.panos.panos_http_profile_param module
  • paloaltonetworks.panos.panos_http_server module
  • paloaltonetworks.panos.panos httpapi
  • paloaltonetworks.panos.panos_ike_crypto_profile module
  • paloaltonetworks.panos.panos_ike_gateway module
  • paloaltonetworks.panos.panos_import module
  • paloaltonetworks.panos.panos_interface module
  • paloaltonetworks.panos.panos_ipsec_ipv4_proxyid module
  • paloaltonetworks.panos.panos_ipsec_profile module
  • paloaltonetworks.panos.panos_ipsec_tunnel module
  • paloaltonetworks.panos.panos_ipv6_address module
  • paloaltonetworks.panos.panos_l2_subinterface module
  • paloaltonetworks.panos.panos_l3_subinterface module
  • paloaltonetworks.panos.panos_lic module
  • paloaltonetworks.panos.panos_loadcfg module
  • paloaltonetworks.panos.panos_log_forwarding_profile_match_list_action module
  • paloaltonetworks.panos.panos_log_forwarding_profile_match_list module
  • paloaltonetworks.panos.panos_log_forwarding_profile module
  • paloaltonetworks.panos.panos_loopback_interface module
  • paloaltonetworks.panos.panos_management_profile module
  • paloaltonetworks.panos.panos_match_rule module
  • paloaltonetworks.panos.panos_mgtconfig module
  • paloaltonetworks.panos.panos_nat_rule2 module
  • paloaltonetworks.panos.panos_nat_rule_facts module
  • paloaltonetworks.panos.panos_nat_rule module
  • paloaltonetworks.panos.panos_object_facts module
  • paloaltonetworks.panos.panos_object module
  • paloaltonetworks.panos.panos_op module
  • paloaltonetworks.panos.panos_pbf_rule module
  • paloaltonetworks.panos.panos_pg module
  • paloaltonetworks.panos.panos_query_rules module
  • paloaltonetworks.panos.panos_readiness_checks module
  • paloaltonetworks.panos.panos_redistribution module
  • paloaltonetworks.panos.panos_region module
  • paloaltonetworks.panos.panos_registered_ip_facts module
  • paloaltonetworks.panos.panos_registered_ip module
  • paloaltonetworks.panos.panos_restart module
  • paloaltonetworks.panos.panos_sag module
  • paloaltonetworks.panos.panos_schedule_object module
  • paloaltonetworks.panos.panos_security_rule_facts module
  • paloaltonetworks.panos.panos_security_rule module
  • paloaltonetworks.panos.panos_service_group module
  • paloaltonetworks.panos.panos_service_object module
  • paloaltonetworks.panos.panos_snapshot_report module
  • paloaltonetworks.panos.panos_snmp_profile module
  • paloaltonetworks.panos.panos_snmp_v2c_server module
  • paloaltonetworks.panos.panos_snmp_v3_server module
  • paloaltonetworks.panos.panos_software module
  • paloaltonetworks.panos.panos_state_snapshot module
  • paloaltonetworks.panos.panos_static_route module
  • paloaltonetworks.panos.panos_syslog_profile module
  • paloaltonetworks.panos.panos_syslog_server module
  • paloaltonetworks.panos.panos_tag_object module
  • paloaltonetworks.panos.panos_template module
  • paloaltonetworks.panos.panos_template_stack module
  • paloaltonetworks.panos.panos_template_variable module
  • paloaltonetworks.panos.panos_tunnel module
  • paloaltonetworks.panos.panos_type_cmd module
  • paloaltonetworks.panos.panos_userid module
  • paloaltonetworks.panos.panos_virtual_router_facts module
  • paloaltonetworks.panos.panos_virtual_router module
  • paloaltonetworks.panos.panos_virtual_wire module
  • paloaltonetworks.panos.panos_vlan_interface module
  • paloaltonetworks.panos.panos_vlan module
  • paloaltonetworks.panos.panos_vm_auth_key module
  • paloaltonetworks.panos.panos_zone_facts module
  • paloaltonetworks.panos.panos_zone module
• Release History
• Authors
  • Development Leads
  • Contributors
  • Credits
• License

Collection Dependencies

• pan-python

• pan-os-python

• xmltodict (certain modules only)

If you believe you have installed these dependencies but Ansible is not finding them, it is likely a problem with where your local shell is searching for installed dependencies and where Ansible is searching for them. Try running a simple panos_op playbook to run the command ‘show system info”, and if that errors out, compare the sys.path in the output against where you think Ansible looking for dependencies at.

Configuring ANSIBLE_PYTHON_INTERPRETER is probably the solution to this issue:

https://docs.ansible.com/ansible/latest/reference_appendices/python_3_support.html#using-python-3-on-the-managed-machines-with-commands-and-playbooks

Support

As of version 2.12.2, this Collection of Ansible Modules for PAN-OS is [certified on Ansible Automation Hub](https://console.redhat.com/ansible/automation-hub/repo/published/paloaltonetworks/panos) and officially supported for Ansible subscribers. Ansible subscribers can engage for support through their usual route towards Red Hat.

For those who are not Ansible subscribers, this Collection of Ansible Modules is also [published on Ansible Galaxy](https://galaxy.ansible.com/ui/repo/published/paloaltonetworks/panos) to be freely used under an as-is, best effort, support policy. These scripts should be seen as community supported and Palo Alto Networks will contribute our expertise as and when possible. We do not provide technical support or help in using or troubleshooting the components of the project through our normal support options such as Palo Alto Networks support teams, or ASC (Authorized Support Centers) partners and backline support options. The underlying product used (the VM-Series firewall) by the scripts or templates are still supported, but the support is only for the product functionality and not for help in deploying or using the template or script itself.

Unless explicitly tagged, all projects or work posted in our GitHub repository (at <https://github.com/PaloAltoNetworks>) or sites other than our official Downloads page on <https://support.paloaltonetworks.com> are provided under the best effort policy.

Indices and tables

• Index

• Module Index

• Search Page