paloaltonetworks.panos.panos_state_snapshot module – Takes a snapshot of a state of a Firewall device.

Note

This module is part of the paloaltonetworks.panos collection (version 3.1.1).

It is not included in ansible-core. To check whether it is installed, run ansible-galaxy collection list.

To install it, use: ansible-galaxy collection install paloaltonetworks.panos. You need further requirements to be able to use this module, see Requirements for details.

To use it in a playbook, specify: paloaltonetworks.panos.panos_state_snapshot.

New in paloaltonetworks.panos 2.18.0

Synopsis

  • A wrapper around the PAN-OS Upgrade Assurance package.

  • The module takes a snapshot of a state of specified areas. It runs the package’s CheckFirewall.run_snapshots() method. Since it’s just a wrapper, the way you would configure snapshot area is exactly the same as if you would run the class directly. Please refer to package’s documentation for syntax and configuration dialect.

Requirements

The below requirements are needed on the host that executes this module.

Parameters

Parameter

Comments

api_key

string

Deprecated

Use provider to specify PAN-OS connectivity instead.


The API key to use instead of generating it using username / password.

ip_address

string

Deprecated

Use provider to specify PAN-OS connectivity instead.


The IP address or hostname of the PAN-OS device being configured.

password

string

Deprecated

Use provider to specify PAN-OS connectivity instead.


The password to use for authentication. This is ignored if api_key is specified.

port

integer

Deprecated

Use provider to specify PAN-OS connectivity instead.


The port number to connect to the PAN-OS device on.

Default: 443

provider

dictionary

added in paloaltonetworks.panos 1.0.0

A dict object containing connection details.

api_key

string

The API key to use instead of generating it using username / password.

ip_address

string

The IP address or hostname of the PAN-OS device being configured.

password

string

The password to use for authentication. This is ignored if api_key is specified.

port

integer

The port number to connect to the PAN-OS device on.

Default: 443

serial_number

string

The serial number of a firewall to use for targeted commands. If ip_address is not a Panorama PAN-OS device, then this param is ignored.

username

string

The username to use for authentication. This is ignored if api_key is specified.

Default: "admin"

state_areas

list / elements=any

A list of Firewall state areas that we should take a snapshot of. For the details on currently supported list please refer to package documentation.

In most of the cases it is enough to specify a snapshot name to run it with default settings. In this case the list element is of type str. If additional configuration is required the element is a single element dict, where key is the state snapshot name and value contains the snapshot’s configuration. For information which snapshot requires additional configuration please refer to package documentation.

To capture the actual snapshot data use a register.

Default: ["all"]

username

string

Deprecated

Use provider to specify PAN-OS connectivity instead.


The username to use for authentication. This is ignored if api_key is specified.

Default: "admin"

vsys

string

The vsys this object belongs to.

Default: "vsys1"

Notes

Note

  • Panorama is not supported.

  • Check mode is not supported.

  • PAN-OS connectivity should be specified using provider or the classic PAN-OS connectivity params (ip_address, username, password, api_key, and port). If both are present, then the classic params are ignored.

Examples

- name: Run snapshot of all areas except for session statistics
  panos_state_snapshot:
    provider: '{{ device }}'
    state_areas:
      - '!session_stats'
    register: snapshot

Return Values

Common return values are documented here, the following are the fields unique to this module:

Key

Description

response

dictionary

This is a dict where keys are state areas names just as you specify them in the state_areas property.

Values contain the snapshot data. Type and structure differs per state area. Please refer to package documentation for details.

Returned: always

Sample: {"arp_table": {}, "content_version": {"version": "8635-7675"}, "ip_sec_tunnels": {}, "license": {"DNS Security": {"authcode": null, "base-license-name": "PA-VM", "description": "Palo Alto Networks DNS Security License", "expired": false, "expires": "December 31, 2023", "feature": "DNS Security", "issued": "April 13, 2023", "serial": "xxxxxxxxxxxxxxxxx"}, "PA-VM": {"authcode": null, "description": "Standard VM-300", "expired": false, "expires": "December 31, 2023", "feature": "PA-VM", "issued": "April 13, 2023", "serial": "xxxxxxxxxxxxxxxxx"}}, "routes": {}, "session_stats": {"age-accel-thresh": "80", "age-accel-tsf": "2", "age-scan-ssf": "8", "age-scan-thresh": "80", "age-scan-tmo": "10", "cps": "0", "dis-def": "60", "dis-sctp": "30", "dis-tcp": "90", "dis-udp": "60", "icmp-unreachable-rate": "200", "kbps": "0", "max-pending-mcast": "0", "num-active": "0"}}

Authors

  • Łukasz Pawlęga (@fosix)