paloaltonetworks.panos.panos_bgp_policy_rule module – Manage a BGP Policy Import/Export Rule

Note

This module is part of the paloaltonetworks.panos collection (version 2.21.2).

To install it, use: ansible-galaxy collection install paloaltonetworks.panos. You need further requirements to be able to use this module, see Requirements for details.

To use it in a playbook, specify: paloaltonetworks.panos.panos_bgp_policy_rule.

New in paloaltonetworks.panos 1.0.0

Synopsis

• Use BGP to publish and consume routes from disparate networks.

Requirements

The below requirements are needed on the host that executes this module.

• pan-python can be obtained from PyPI https://pypi.python.org/pypi/pan-python

• pandevice can be obtained from PyPI https://pypi.python.org/pypi/pandevice

Parameters

Parameter	Comments
action string	Rule action. Choices: :ansible-option-choices-entry:`"allow"` :ansible-option-choices-entry:`"deny"`
action_as_path_limit integer	Add AS path limit attribute if it does not exist.
action_as_path_prepend_times integer	Prepend local AS for specified number of times.
action_as_path_type string	AS path update options. Choices: :ansible-option-choices-entry:`"none"` :ansible-option-choices-entry:`"remove"` :ansible-option-choices-entry:`"prepend"` :ansible-option-choices-entry:`"remove-and-prepend"`
action_community_argument string	Argument to the action community value if needed.
action_community_modifier string	Modifier for the community action. Required if ‘action_community_type’ is set to ‘append’ or ‘overwrite’.
action_community_type string	Community update options. Choices: :ansible-option-choices-entry:`"none"` :ansible-option-choices-entry:`"remove-all"` :ansible-option-choices-entry:`"remove-regex"` :ansible-option-choices-entry:`"append"` :ansible-option-choices-entry:`"overwrite"`
action_dampening string	Route flap dampening profile; only with “import” type.
action_extended_community_argument string	Argument to the action extended community value if needed.
action_extended_community_type string	Extended community update options.
action_local_preference integer	New local preference value.
action_med integer	New MED value.
action_nexthop string	Nexthop address.
action_origin string	New route origin. Choices: :ansible-option-choices-entry:`"igp"` :ansible-option-choices-entry:`"egp"` :ansible-option-choices-entry:`"incomplete"`
action_weight integer	New weight value; only with “import” type.
address_prefix list / elements=dictionary	List of address prefix dicts with “name”/”exact” keys.
api_key string	Deprecated Use provider to specify PAN-OS connectivity instead. The API key to use instead of generating it using username / password.
commit boolean	Deprecated Please use paloaltonetworks.panos.panos_commit_firewall, paloaltonetworks.panos.panos_commit_panorama, paloaltonetworks.panos.panos_commit_push instead. Commit changes after creating object. If ip_address is a Panorama device, and device_group or template are also set, perform a commit to Panorama and a commit-all to the device group/template. Choices: :ansible-option-choices-entry:`false` :ansible-option-choices-entry:`true`
enable boolean	Enable rule. Choices: :ansible-option-choices-entry:`false` :ansible-option-choices-entry-default:`true` ← (default)
ip_address string	Deprecated Use provider to specify PAN-OS connectivity instead. The IP address or hostname of the PAN-OS device being configured.
match_afi string	Address Family Identifier. Choices: :ansible-option-choices-entry:`"ip"` :ansible-option-choices-entry:`"ipv6"`
match_as_path_regex string	AS-path regular expression.
match_community_regex string	Community AS-path regular expression.
match_extended_community_regex string	Extended Community AS-path regular expression.
match_from_peer list / elements=string	Filter by peer that sent this route.
match_med integer	Multi-Exit Discriminator.
match_nexthop list / elements=string	Next-hop attributes.
match_route_table string	Route table to match rule. Choices: :ansible-option-choices-entry:`"unicast"` :ansible-option-choices-entry:`"multicast"` :ansible-option-choices-entry:`"both"`
match_safi string	Subsequent Address Family Identifier. Choices: :ansible-option-choices-entry:`"ip"` :ansible-option-choices-entry:`"ipv6"`
name string / required	Name of filter.
password string	Deprecated Use provider to specify PAN-OS connectivity instead. The password to use for authentication. This is ignored if api_key is specified.
port integer	Deprecated Use provider to specify PAN-OS connectivity instead. The port number to connect to the PAN-OS device on. Default: :ansible-option-default:`443`
provider dictionary added in paloaltonetworks.panos 1.0.0	A dict object containing connection details.
api_key string	The API key to use instead of generating it using username / password.
ip_address string	The IP address or hostname of the PAN-OS device being configured.
password string	The password to use for authentication. This is ignored if api_key is specified.
port integer	The port number to connect to the PAN-OS device on. Default: :ansible-option-default:`443`
serial_number string	The serial number of a firewall to use for targeted commands. If ip_address is not a Panorama PAN-OS device, then this param is ignored.
username string	The username to use for authentication. This is ignored if api_key is specified. Default: :ansible-option-default:`"admin"`
state string	The state. Choices: :ansible-option-choices-entry-default:`"present"` ← (default) :ansible-option-choices-entry:`"absent"`
template string	(Panorama only) The template this operation should target. Mutually exclusive with template_stack.
template_stack string	(Panorama only) The template stack this operation should target. Mutually exclusive with template.
type string / required	The type of rule. Choices: :ansible-option-choices-entry:`"import"` :ansible-option-choices-entry:`"export"`
used_by list / elements=string	Peer-groups that use this rule.
username string	Deprecated Use provider to specify PAN-OS connectivity instead. The username to use for authentication. This is ignored if api_key is specified. Default: :ansible-option-default:`"admin"`
vr_name string	Name of the virtual router; it must already exist; see paloaltonetworks.panos.panos_virtual_router. Default: :ansible-option-default:`"default"`

Notes

Note

• Checkmode is supported.

• Panorama is supported.

• PAN-OS connectivity should be specified using provider or the classic PAN-OS connectivity params (ip_address, username, password, api_key, and port). If both are present, then the classic params are ignored.

• If the PAN-OS to be configured is Panorama, either template or template_stack must be specified.

Examples

# Add a BGP Policy
- name: Create Policy Import Rule
  paloaltonetworks.panos.panos_bgp_policy_rule:
    provider: '{{ provider }}'
    vr_name: 'default'
    name: 'import-rule-001'
    type: 'import'
    enable: true
    action: 'allow'
    address_prefix:
      - name: '10.1.1.0/24'
      - name: '10.1.2.0/24'
        exact: false
      - name: '10.1.3.0/24'
        exact: true
    action_dampening: 'dampening-profile'

- name: Create Policy Export Rule
  paloaltonetworks.panos.panos_bgp_policy_rule:
    provider: '{{ provider }}'
    vr_name: 'default'
    name: 'export-rule-001'
    type: 'export'
    enable: true
    action: 'allow'

- name: Remove Export Rule
  paloaltonetworks.panos.panos_bgp_policy_rule:
    provider: '{{ provider }}'
    state: 'absent'
    vr_name: 'default'
    name: 'export-rule-001'
    type: 'export'

Authors

• Joshua Colson (@freakinhippie)

• Garfield Lee Freeman (@shinmog)

Collection links

Issue Tracker Homepage Repository (Sources)