paloaltonetworks.panos.panos_query_rules module – PANOS module that allows search for security rules in PANW NGFW devices.

Note

This module is part of the paloaltonetworks.panos collection (version 2.13.2).

To install it, use: ansible-galaxy collection install paloaltonetworks.panos. You need further requirements to be able to use this module, see Requirements for details.

To use it in a playbook, specify: paloaltonetworks.panos.panos_query_rules.

New in paloaltonetworks.panos 1.0.0

DEPRECATED

Removed in:

version 3.0.0

Why:

Querying rules is handled better by paloaltonetworks.panos.panos_match_rule.

Alternative:

Use paloaltonetworks.panos.panos_match_rule

Synopsis

  • Security policies allow you to enforce rules and take action, and can be as general or specific as needed.

  • The policy rules are compared against the incoming traffic in sequence, and because the first rule that matches

  • the traffic is applied, the more specific rules must precede the more general ones.

Requirements

The below requirements are needed on the host that executes this module.

Parameters

Parameter

Comments

api_key

string

API key that can be used instead of username/password credentials.

application

string

Name of the application or application group to be queried.

destination_ip

string

The destination IP address to be queried.

destination_port

string

The destination port to be queried.

destination_zone

string

Name of the destination security zone to be queried.

devicegroup

string

The Panorama device group in which to conduct the query.

ip_address

string / required

IP address (or hostname) of PAN-OS firewall or Panorama management console being queried.

password

string

Password credentials to use for authentication.

protocol

string

source_ip

string

The source IP address to be queried.

source_port

string

The source port to be queried.

source_zone

string

Name of the source security zone to be queried.

tag_name

string

Name of the rule tag to be queried.

username

string

Username credentials to use for authentication.

Default: :ansible-option-default:`"admin"`

Notes

Note

  • Checkmode is not supported.

  • Panorama is supported.

Examples

- name: search for rules with tcp/3306
  panos_query_rules:
    ip_address: '{{ ip_address }}'
    username: '{{ username }}'
    password: '{{ password }}'
    source_zone: 'DevNet'
    destination_zone: 'DevVPC'
    destination_port: '3306'
    protocol: 'tcp'

- name: search devicegroup for inbound rules to dmz host
  panos_query_rules:
    ip_address: '{{ ip_address }}'
    api_key: '{{ api_key }}'
    destination_zone: 'DMZ'
    destination_ip: '10.100.42.18'
    address: 'DeviceGroupA'

- name: search for rules containing a specified rule tag
  panos_query_rules:
    ip_address: '{{ ip_address }}'
    username: '{{ username }}'
    password: '{{ password }}'
    tag_name: 'ProjectX'

Status

  • This module will be removed in version 3.0.0. [deprecated]

  • For more information see DEPRECATED.

Authors

  • Bob Hagen (@stealthllama)