paloaltonetworks.panos.panos_query_rules module – PANOS module that allows search for security rules in PANW NGFW devices.
Note
This module is part of the paloaltonetworks.panos collection (version 2.13.2).
To install it, use: ansible-galaxy collection install paloaltonetworks.panos
.
You need further requirements to be able to use this module,
see Requirements for details.
To use it in a playbook, specify: paloaltonetworks.panos.panos_query_rules
.
New in paloaltonetworks.panos 1.0.0
DEPRECATED
- Removed in:
version 3.0.0
- Why:
Querying rules is handled better by paloaltonetworks.panos.panos_match_rule.
- Alternative:
Synopsis
Security policies allow you to enforce rules and take action, and can be as general or specific as needed.
The policy rules are compared against the incoming traffic in sequence, and because the first rule that matches
the traffic is applied, the more specific rules must precede the more general ones.
Requirements
The below requirements are needed on the host that executes this module.
pan-python can be obtained from PyPI https://pypi.python.org/pypi/pan-python
pandevice can be obtained from PyPI https://pypi.python.org/pypi/pandevice
xmltodict can be obtains from PyPI https://pypi.python.org/pypi/xmltodict
Parameters
Parameter |
Comments |
---|---|
API key that can be used instead of username/password credentials. |
|
Name of the application or application group to be queried. |
|
The destination IP address to be queried. |
|
The destination port to be queried. |
|
Name of the destination security zone to be queried. |
|
The Panorama device group in which to conduct the query. |
|
IP address (or hostname) of PAN-OS firewall or Panorama management console being queried. |
|
Password credentials to use for authentication. |
|
The protocol used to be queried. Choices: |
|
The source IP address to be queried. |
|
The source port to be queried. |
|
Name of the source security zone to be queried. |
|
Name of the rule tag to be queried. |
|
Username credentials to use for authentication. Default: :ansible-option-default:`"admin"` |
Notes
Note
Checkmode is not supported.
Panorama is supported.
Examples
- name: search for rules with tcp/3306
panos_query_rules:
ip_address: '{{ ip_address }}'
username: '{{ username }}'
password: '{{ password }}'
source_zone: 'DevNet'
destination_zone: 'DevVPC'
destination_port: '3306'
protocol: 'tcp'
- name: search devicegroup for inbound rules to dmz host
panos_query_rules:
ip_address: '{{ ip_address }}'
api_key: '{{ api_key }}'
destination_zone: 'DMZ'
destination_ip: '10.100.42.18'
address: 'DeviceGroupA'
- name: search for rules containing a specified rule tag
panos_query_rules:
ip_address: '{{ ip_address }}'
username: '{{ username }}'
password: '{{ password }}'
tag_name: 'ProjectX'
Status
This module will be removed in version 3.0.0. [deprecated]
For more information see DEPRECATED.