paloaltonetworks.panos.panos_object module – create/read/update/delete object in PAN-OS or Panorama

Note

This module is part of the paloaltonetworks.panos collection (version 2.13.2).

To install it, use: ansible-galaxy collection install paloaltonetworks.panos. You need further requirements to be able to use this module, see Requirements for details.

To use it in a playbook, specify: paloaltonetworks.panos.panos_object.

New in paloaltonetworks.panos 1.0.0

DEPRECATED

Removed in:

version 3.0.0

Why:

Updated to idempotent modules

Alternative:

Use paloaltonetworks.panos.panos_address_object, paloaltonetworks.panos.panos_address_group, paloaltonetworks.panos.panos_service_object, paloaltonetworks.panos.panos_service_group, or paloaltonetworks.panos.panos_tag_object as appropriate.

Synopsis

  • Policy objects form the match criteria for policy rules and many other functions in PAN-OS. These may include

  • address object, address groups, service objects, service groups, and tag.

Requirements

The below requirements are needed on the host that executes this module.

Parameters

Parameter

Comments

address

string

The IP address of the host or network in CIDR notation.

address_type

string

The type of address object definition. Valid types are ip-netmask and ip-range.

Choices:

addressgroup

string

A static group of address objects or dynamic address group.

addressobject

string

The name of the address object.

api_key

string

API key that can be used instead of username/password credentials.

color

string

  • The color of the tag object. Valid values are red, green, blue, yellow, copper, orange, purple, gray, light green, cyan, light gray, blue gray, lime, black, gold, brown, olive, maroon, red-orange, yellow-orange, forest green, turquoise blue, azure blue, cerulean blue, midnight blue, medium blue, cobalt blue, violet blue, blue violet, medium violet, medium rose, lavender, orchid, thistle, peach, salmon, magenta, reggd violet, mahogany, burnt sienna and chestnut.

Choices:

commit

boolean

Deprecated

Please use paloaltonetworks.panos.panos_commit_firewall, paloaltonetworks.panos.panos_commit_panorama, paloaltonetworks.panos.panos_commit_push instead.

Commit changes after creating object. If ip_address is a Panorama device, and device_group or template are also set, perform a commit to Panorama and a commit-all to the device group/template.

Choices:

description

string

The description of the object.

destination_port

string

The destination port to be used in a service object definition.

devicegroup

string

The name of the (preexisting) Panorama device group.

If undefined and ip_address is Panorama, this defaults to shared.

dynamic_value

string

The filter match criteria to be used in a dynamic addressgroup definition.

ip_address

string / required

IP address (or hostname) of PAN-OS device or Panorama management console being configured.

operation

string / required

The operation to be performed.

Choices:

password

string

Password credentials to use for authentication.

protocol

string

The IP protocol to be used in a service object definition.

Choices:

servicegroup

string

A group of service objects.

serviceobject

string

The name of the service object.

services

list / elements=string

The group of service objects used in a servicegroup definition.

source_port

string

The source port to be used in a service object definition.

static_value

list / elements=string

A group of address objects to be used in an addressgroup definition.

tag_name

string

The name of an object or rule tag.

username

string

Username credentials to use for authentication.

Default: :ansible-option-default:`"admin"`

vsys

string

The vsys to put the object into.

Firewall only.

Default: :ansible-option-default:`"vsys1"`

Notes

Note

  • Checkmode is not supported.

  • Panorama is supported.

Examples

- name: search for shared address object
  panos_object:
    ip_address: '{{ ip_address }}'
    username: '{{ username }}'
    password: '{{ password }}'
    operation: 'find'
    address: 'DevNet'

- name: create an address group in devicegroup using API key
  panos_object:
    ip_address: '{{ ip_address }}'
    api_key: '{{ api_key }}'
    operation: 'add'
    addressgroup: 'Prod_DB_Svrs'
    static_value: ['prod-db1', 'prod-db2', 'prod-db3']
    description: 'Production DMZ database servers'
    tag_name: 'DMZ'
    devicegroup: 'DMZ Firewalls'

- name: create a global service for TCP 3306
  panos_object:
    ip_address: '{{ ip_address }}'
    api_key: '{{ api_key }}'
    operation: 'add'
    serviceobject: 'mysql-3306'
    destination_port: '3306'
    protocol: 'tcp'
    description: 'MySQL on tcp/3306'

- name: create a global tag
  panos_object:
    ip_address: '{{ ip_address }}'
    username: '{{ username }}'
    password: '{{ password }}'
    operation: 'add'
    tag_name: 'ProjectX'
    color: 'yellow'
    description: 'Associated with Project X'

- name: delete an address object from a devicegroup using API key
  panos_object:
    ip_address: '{{ ip_address }}'
    api_key: '{{ api_key }}'
    operation: 'delete'
    addressobject: 'Win2K test'

Status

  • This module will be removed in version 3.0.0. [deprecated]

  • For more information see DEPRECATED.

Authors

  • Bob Hagen (@stealthllama)