Palo Alto Networks Ansible Galaxy Role Documentation¶
PLEASE NOTE: This role is deprecated, the modules are no longer being updated. Please transition to using the modules in the collection instead: https://paloaltonetworks.github.io/pan-os-ansible
The Palo Alto Networks Ansible Galaxy role is a collection of modules that automate configuration and operational tasks on Palo Alto Networks Next Generation Firewalls (both physical and virtualized) and Panorama. The underlying protocol uses API calls that are wrapped within the Ansible framework.
This is a community supported project. You can find the community supported live page at https://live.paloaltonetworks.com/ansible.
Role / Collection Compatibility¶
The Palo Alto Networks PAN-OS Ansible modules were previously distributed as an Ansible Galaxy role (https://galaxy.ansible.com/paloaltonetworks/paloaltonetworks). Since Ansible 2.9, RedHat has urged developers to migrate to collections to organize and distribute their integrations. The new collection can be found here: https://galaxy.ansible.com/paloaltonetworks/panos
The 1.0 version of this collection is a straight port of the Ansible Galaxy role v2.4.0. If you are using Ansible 2.9 or later and you are using the role, then you can safely use this instead with no change in functionality. Just specify the collections spec (as mentioned above in the Usage section), remove PaloAltoNetworks.paloaltonetworks from the roles spec, and you’re done!
Now that the collection is live, no new features will be added to the role. All active development will take place on the collection moving forwared. Users are encouraged to upgrade to Ansible 2.9 and start using the new collection to stay up-to-date with features and bug fixes.
Installation - Collection (Recommended)¶
(For Ansible >= v2.9)
Install the collection using ansible-galaxy:
ansible-galaxy collection install paloaltonetworks.panos
Then in your playbooks you can specify that you want to use the panos collection like so:
collections:
- paloaltonetworks.panos
Ansible Galaxy: https://galaxy.ansible.com/PaloAltoNetworks/panos
GitHub repo: https://github.com/PaloAltoNetworks/pan-os-ansible
Installation - Role¶
(For Ansible < v2.9)
Install the collection using ansible-galaxy:
ansible-galaxy install PaloAltoNetworks.paloaltonetworks
To upgrade your existing role, add in the additional -f parameter to the above command.
Then in your playbooks you can specify that you want to use the paloaltonetworks role like so:
roles:
- role: PaloAltoNetworks.paloaltonetworks
Ansible Galaxy: https://galaxy.ansible.com/PaloAltoNetworks/paloaltonetworks
GitHub repo: https://github.com/PaloAltoNetworks/ansible-pan
- Examples
- Module Reference
- panos_address_group – Create address group objects on PAN-OS devices
- panos_address_object – Create address objects on PAN-OS devices
- panos_admin – Add or modify PAN-OS user accounts password
- panos_administrator – Manage PAN-OS administrator user accounts
- panos_admpwd – change admin password of PAN-OS device using SSH with SSH key
- panos_aggregate_interface – configure aggregate network interfaces
- panos_api_key – retrieve api_key for username/password combination
- panos_bgp_aggregate – Configures a BGP Aggregation Prefix Policy
- panos_bgp_auth – Configures a BGP Authentication Profile
- panos_bgp_conditional_advertisement – Configures a BGP conditional advertisement
- panos_bgp_dampening – Configures a BGP Dampening Profile
- panos_bgp – Configures Border Gateway Protocol (BGP)
- panos_bgp_peer_group – Configures a BGP Peer Group
- panos_bgp_peer – Configures a BGP Peer
- panos_bgp_policy_filter – Configures a BGP Policy Import/Export Rule
- panos_bgp_policy_rule – Configures a BGP Policy Import/Export Rule
- panos_bgp_redistribute – Configures a BGP Redistribution Rule
- panos_cert_gen_ssh – generates a self-signed certificate using SSH protocol with SSH key
- panos_check – check if PAN-OS device is ready for configuration
- panos_commit – Commit a PAN-OS device’s candidate configuration
- panos_dag – create a dynamic address group
- panos_dag_tags – Create tags for DAG’s on PAN-OS devices
- panos_email_profile – Manage email server profiles
- panos_email_server – Manage email servers in an email profile
- panos_facts – Collects facts from Palo Alto Networks device
- panos_gre_tunnel – Create GRE tunnels on PAN-OS devices
- panos_ha – Configures High Availability on PAN-OS
- panos_http_profile_header – Manage HTTP headers for a HTTP profile
- panos_http_profile – Manage http server profiles
- panos_http_profile_param – Manage HTTP params for a HTTP profile
- panos_http_server – Manage HTTP servers in a HTTP server profile
- panos_ike_crypto_profile – Configures IKE Crypto profile on the firewall with subset of settings
- panos_ike_gateway – Configures IKE gateway on the firewall with subset of settings
- panos_import – import file on PAN-OS devices
- panos_interface – configure data-port network interfaces
- panos_ipsec_ipv4_proxyid – Configures IPv4 Proxy Id on an IPSec Tunnel
- panos_ipsec_profile – Configures IPSec Crypto profile on the firewall with subset of settings
- panos_ipsec_tunnel – Configures IPSec Tunnels on the firewall with subset of settings
- panos_l2_subinterface – configure layer2 subinterface
- panos_l3_subinterface – configure layer3 subinterface
- panos_lic – apply authcode to a device/instance
- panos_loadcfg – load configuration on PAN-OS device
- panos_log_forwarding_profile_match_list_action – Manage log forwarding profile match list actions
- panos_log_forwarding_profile_match_list – Manage log forwarding profile match lists
- panos_log_forwarding_profile – Manage log forwarding profiles
- panos_loopback_interface – configure network loopback interfaces
- panos_management_profile – Manage interface management profiles
- panos_match_rule – Test for match against a security rule on PAN-OS devices or Panorama management console
- panos_mgtconfig – Module used to configure some of the device management
- panos_nat_rule_facts – Get information about a NAT rule
- panos_nat_rule – create a policy NAT rule
- panos_object_facts – Retrieve facts about objects on PAN-OS devices
- panos_object – create/read/update/delete object in PAN-OS or Panorama
- panos_op – execute arbitrary OP commands on PANW devices (e.g. show interface all)
- panos_pbf_rule – Manage Policy Based Forwarding rules on PAN-OS
- panos_pg – create a security profiles group
- panos_query_rules – PANOS module that allows search for security rules in PANW NGFW devices
- panos_redistribution – Configures a Redistribution Profile on a virtual router
- panos_registered_ip_facts – Retrieve facts about registered IPs on PAN-OS devices
- panos_registered_ip – Register IP addresses for use with dynamic address groups on PAN-OS devices
- panos_restart – Restart a device
- panos_sag – Create a static address group
- panos_security_rule_facts – Get information about a security rule
- panos_security_rule – Create security rule policy on PAN-OS devices or Panorama management console
- panos_service_group – Create service group objects on PAN-OS devices
- panos_service_object – Create service objects on PAN-OS devices
- panos_snmp_profile – Manage SNMP server profiles
- panos_snmp_v2c_server – Manage SNMP v2c servers
- panos_snmp_v3_server – Manage SNMP v3 servers
- panos_software – Manage PAN-OS software versions
- panos_static_route – Create static routes on PAN-OS devices
- panos_syslog_profile – Manage syslog server profiles
- panos_syslog_server – Manage syslog server profile syslog servers
- panos_tag_object – Create tag objects on PAN-OS devices
- panos_tunnel – configure tunnel interfaces
- panos_type_cmd – Execute arbitrary TYPE commands on PAN-OS
- panos_userid – Allow for registration and de-registration of userid
- panos_virtual_router_facts – Retrieves virtual router information
- panos_virtual_router – Configures a Virtual Router
- panos_virtual_wire – Configures Virtual Wires (vwire)
- panos_vlan_interface – configure VLAN interfaces
- panos_vlan – Configures VLANs
- panos_zone_facts – Retrieves zone information
- panos_zone – configure security zone
- Release History
- Contributing to PANW Ansible modules
- Developing Palo Alto Networks Ansible Modules
- Authors
- License