paloaltonetworks.panos.panos_interface module – Manage data-port network interfaces

Note

This module is part of the paloaltonetworks.panos collection (version 2.21.2).

To install it, use: ansible-galaxy collection install paloaltonetworks.panos. You need further requirements to be able to use this module, see Requirements for details.

To use it in a playbook, specify: paloaltonetworks.panos.panos_interface.

New in paloaltonetworks.panos 1.0.0

Synopsis

  • Manage data-port (DP) network interface. By default DP interfaces are static.

Requirements

The below requirements are needed on the host that executes this module.

Parameters

Parameter

Comments

adjust_tcp_mss

boolean

Adjust TCP MSS for layer3 interface.

Choices:

aggregate_group

string

Aggregate interface name.

api_key

string

Deprecated

Use provider to specify PAN-OS connectivity instead.

The API key to use instead of generating it using username / password.

comment

string

Interface comment.

commit

boolean

Deprecated

Please use paloaltonetworks.panos.panos_commit_firewall, paloaltonetworks.panos.panos_commit_panorama, paloaltonetworks.panos.panos_commit_push instead.

Commit changes after creating object. If ip_address is a Panorama device, and device_group or template are also set, perform a commit to Panorama and a commit-all to the device group/template.

Choices:

create_default_route

boolean

Whether or not to add default route with router learned via DHCP.

Choices:

dhcp_default_route_metric

integer

Metric for the DHCP default route.

enable_dhcp

boolean

Enable DHCP on this interface.

Choices:

gathered_filter

string

When state=gathered.

An advanced filtering option to filter results returned from PAN-OS.

Refer to the guide discussing gathered_filter for more information.

if_name

string

Name of the interface to configure.

ip

list / elements=string

List of static IP addresses.

ip_address

string

Deprecated

Use provider to specify PAN-OS connectivity instead.

The IP address or hostname of the PAN-OS device being configured.

ipv4_mss_adjust

integer

(7.1+) TCP MSS adjustment for IPv4.

ipv6_enabled

boolean

Enable IPv6.

Choices:

ipv6_mss_adjust

integer

(7.1+) TCP MSS adjustment for IPv6.

string

Link duplex.

Choices:

string

Link speed.

Choices:

string

Link state.

Choices:

lldp_enabled

string

Enable LLDP for layer2 interface.

lldp_profile

string

LLDP profile name for layer2 interface.

management_profile

string

Interface management profile name.

mode

string

The interface mode.

Choices:

mtu

integer

MTU for layer3 interface.

netflow_profile

string

Netflow profile for layer3 interface.

netflow_profile_l2

string

Netflow profile name for layer2 interface.

password

string

Deprecated

Use provider to specify PAN-OS connectivity instead.

The password to use for authentication. This is ignored if api_key is specified.

port

integer

Deprecated

Use provider to specify PAN-OS connectivity instead.

The port number to connect to the PAN-OS device on.

Default: :ansible-option-default:`443`

provider

dictionary

added in paloaltonetworks.panos 1.0.0

A dict object containing connection details.

api_key

string

The API key to use instead of generating it using username / password.

ip_address

string

The IP address or hostname of the PAN-OS device being configured.

password

string

The password to use for authentication. This is ignored if api_key is specified.

port

integer

The port number to connect to the PAN-OS device on.

Default: :ansible-option-default:`443`

serial_number

string

The serial number of a firewall to use for targeted commands. If ip_address is not a Panorama PAN-OS device, then this param is ignored.

username

string

The username to use for authentication. This is ignored if api_key is specified.

Default: :ansible-option-default:`"admin"`

state

string

The state.

Choices:

template

string

(Panorama only) The template this operation should target. This param is required if the PAN-OS device is Panorama.

username

string

Deprecated

Use provider to specify PAN-OS connectivity instead.

The username to use for authentication. This is ignored if api_key is specified.

Default: :ansible-option-default:`"admin"`

vlan_name

string

The VLAN to put this interface in.

If the VLAN does not exist it is created.

Only specify this if mode=layer2.

vr_name

string

Name of the virtual router; it must already exist.

Default: :ansible-option-default:`"default"`

vsys

string

The vsys this object should be imported into. Objects that are imported include interfaces, virtual routers, virtual wires, and VLANs. Interfaces are typically imported into vsys1 if no vsys is specified.

vsys_dg

string

Deprecated

Use vsys to specify the vsys instead.

Name of the vsys (if firewall) or device group (if panorama) to put this object.

zone_name

string

Name of the zone for the interface.

If the zone does not exist it is created.

If the zone already exists its mode should match mode.

Notes

Note

  • Checkmode is supported.

  • If the PAN-OS device is a firewall and vsys is not specified, then the vsys will default to vsys=vsys1.

  • PAN-OS connectivity should be specified using provider or the classic PAN-OS connectivity params (ip_address, username, password, api_key, and port). If both are present, then the classic params are ignored.

Examples

# Create ethernet1/1 as DHCP.
- name: enable DHCP client on ethernet1/1 in zone public
  paloaltonetworks.panos.panos_interface:
    provider: '{{ provider }}'
    if_name: "ethernet1/1"
    zone_name: "public"
    create_default_route: "yes"

# Update ethernet1/2 with a static IP address in zone dmz.
- name: ethernet1/2 as static in zone dmz
  paloaltonetworks.panos.panos_interface:
    provider: '{{ provider }}'
    if_name: "ethernet1/2"
    mode: "layer3"
    ip: ["10.1.1.1/24"]
    enable_dhcp: false
    zone_name: "dmz"

Authors

  • Luigi Mori (@jtschichold)

  • Ivan Bojer (@ivanbojer)

  • Garfield Lee Freeman (@shinmog)