paloaltonetworks.panos.panos_import module – import file on PAN-OS devices

Note

This module is part of the paloaltonetworks.panos collection (version 3.2.0).

It is not included in ansible-core. To check whether it is installed, run ansible-galaxy collection list.

To install it, use: ansible-galaxy collection install paloaltonetworks.panos. You need further requirements to be able to use this module, see Requirements for details.

To use it in a playbook, specify: paloaltonetworks.panos.panos_import.

New in paloaltonetworks.panos 1.0.0

Synopsis

  • Import file on PAN-OS device

Requirements

The below requirements are needed on the host that executes this module.

  • pan-python

  • requests

  • requests_toolbelt

Parameters

Parameter

Comments

api_key

string

Deprecated

Use provider to specify PAN-OS connectivity instead.

The API key to use instead of generating it using username / password.

block_private_key_export

boolean

When category=keypair, controls if the private key is allowed to be exported from PAN-OS in future.

If this parameter is left undefined, the effective value with be no.

Choices:

  • false

  • true

category

string

Category of file to import.

Choices:

  • "anti-virus"

  • "application-block-page"

  • "captive-portal-text"

  • "certificate"

  • "configuration"

  • "content"

  • "credential-block-page"

  • "credential-coach-text"

  • "custom-logo"

  • "data-filter-block-page"

  • "device-state"

  • "file-block-continue-page"

  • "file-block-page"

  • "global-protect-client"

  • "global-protect-clientless-vpn"

  • "global-protect-portal-custom-help-page"

  • "global-protect-portal-custom-home-page"

  • "global-protect-portal-custom-login-page"

  • "global-protect-portal-custom-welcome-page"

  • "high-availability-key"

  • "idp-metadata"

  • "keypair"

  • "license"

  • "logdb"

  • "mfa-login-page"

  • "pandb-url-database"

  • "plugin"

  • "safe-search-block-page"

  • "saml-auth-internal-error-page"

  • "signed-url-database"

  • "software" ← (default)

  • "ssl-cert-status-page"

  • "ssl-optout-text"

  • "url-block-page"

  • "url-coach-text"

  • "url-database"

  • "virus-block-page"

  • "wildfire"

certificate_name

string

When category=certificate, this is the name of the certificate object.

When category=keypair, the key pair will be associated with this certificate object.

custom_logo_location

string

When category=custom-logo, import this logo file here.

Choices:

  • "login-screen"

  • "main-ui"

  • "pdf-report-footer"

  • "pdf-report-header"

filename

aliases: file

string

Location of the file to import into device.

format

string

Format of the imported certifcate.

Choices:

  • "pem"

  • "pkcs12"

ip_address

string

Deprecated

Use provider to specify PAN-OS connectivity instead.

The IP address or hostname of the PAN-OS device being configured.

passphrase

string

Passphrase used to decrypt the certificate and/or private key.

password

string

Deprecated

Use provider to specify PAN-OS connectivity instead.

The password to use for authentication. This is ignored if api_key is specified.

port

integer

Deprecated

Use provider to specify PAN-OS connectivity instead.

The port number to connect to the PAN-OS device on.

Default: 443

profile_name

string

When category=idp-metadata, the name of the SAML profile to create.

provider

dictionary

added in paloaltonetworks.panos 1.0.0

A dict object containing connection details.

api_key

string

The API key to use instead of generating it using username / password.

ip_address

string

The IP address or hostname of the PAN-OS device being configured.

password

string

The password to use for authentication. This is ignored if api_key is specified.

port

integer

The port number to connect to the PAN-OS device on.

Default: 443

serial_number

string

The serial number of a firewall to use for targeted commands. If ip_address is not a Panorama PAN-OS device, then this param is ignored.

username

string

The username to use for authentication. This is ignored if api_key is specified.

Default: "admin"

template

string

(Panorama only) The template this operation should target. Mutually exclusive with template_stack.

template_stack

string

(Panorama only) The template stack this operation should target. Mutually exclusive with template.

url

string

URL of the file that will be imported to device.

username

string

Deprecated

Use provider to specify PAN-OS connectivity instead.

The username to use for authentication. This is ignored if api_key is specified.

Default: "admin"

Notes

Note

  • category=certificate is used for importing a certificate on its own from a file.

  • category=keypair is used for importing a certificate and private key from a single file.

  • PAN-OS connectivity should be specified using provider or the classic PAN-OS connectivity params (ip_address, username, password, api_key, and port). If both are present, then the classic params are ignored.

  • If the PAN-OS to be configured is Panorama, either template or template_stack must be specified.

Examples

- name: Import software image into PAN-OS
  paloaltonetworks.panos.panos_import:
    provider: '{{ provider }}'
    category: software
    file: /tmp/paloaltonetworks.panos.panos_vm-10.0.1

- name: Import certificate
  paloaltonetworks.panos.panos_import:
    provider: '{{ device }}'
    category: 'certificate'
    certificate_name: 'ISRG Root X1'
    format: 'pem'
    filename: '/tmp/isrgrootx1.pem'

- name: Import content
  paloaltonetworks.panos.panos_import:
    provider: '{{ device }}'
    category: 'content'
    filename: '/tmp/panupv2-all-contents-8322-6317'

- name: Import named configuration snapshot
  paloaltonetworks.panos.panos_import:
    provider: '{{ device }}'
    category: 'configuration'
    filename: '/tmp/config.xml'

- name: Import application block page
  paloaltonetworks.panos.panos_import:
    provider: '{{ device }}'
    category: 'application-block-page'
    filename: '/tmp/application-block-page.html'

- name: Import custom logo
  paloaltonetworks.panos.panos_import:
    provider: '{{ device }}'
    category: 'custom-logo'
    custom_logo_location: 'login-screen'
    filename: '/tmp/logo.jpg'

- name: Import SAML metadata profile
  paloaltonetworks.panos.panos_import:
    provider: '{{ device }}'
    category: 'idp-metadata'
    filename: '/tmp/saml_metadata.xml'
    profile_name: 'saml-profile'

- name: Import SAML metadata profile to template
  paloaltonetworks.panos.panos_import:
    provider: '{{ device }}'
    category: 'idp-metadata'
    filename: '/tmp/saml_metadata.xml'
    profile_name: 'saml-profile'
    template: firewall-template

Authors

  • Luigi Mori (@jtschichold)

  • Ivan Bojer (@ivanbojer)

  • Michael Richardson (@mrichardson03)