panos_bgp_policy_rule – Configures a BGP Policy Import/Export Rule¶
New in version 2.8.
Synopsis¶
NOTE: The modules in this role are deprecated in favour of the modules in the collection https://paloaltonetworks.github.io/pan-os-ansible
Use BGP to publish and consume routes from disparate networks.
Requirements¶
The below requirements are needed on the host that executes this module.
pan-python can be obtained from PyPI https://pypi.python.org/pypi/pan-python
pandevice can be obtained from PyPI https://pypi.python.org/pypi/pandevice
Parameters¶
| Parameter | Choices/Defaults | Comments | |
|---|---|---|---|
|
action
-
|
|
Rule action.
|
|
|
action_as_path_limit
integer
|
Add AS path limit attribute if it does not exist.
|
||
|
action_as_path_prepend_times
integer
|
Prepend local AS for specified number of times.
|
||
|
action_as_path_type
-
|
|
AS path update options.
|
|
|
action_community_argument
-
|
Argument to the action community value if needed.
|
||
|
action_community_type
-
|
|
Community update options.
|
|
|
action_dampening
-
|
Route flap dampening profile; only with "import" type.
|
||
|
action_extended_community_argument
-
|
Argument to the action extended community value if needed.
|
||
|
action_extended_community_type
-
|
Extended community update options.
|
||
|
action_local_preference
integer
|
New local preference value.
|
||
|
action_med
integer
|
New MED value.
|
||
|
action_nexthop
-
|
Nexthop address.
|
||
|
action_origin
-
|
|
New route origin.
|
|
|
action_weight
integer
|
New weight value; only with "import" type.
|
||
|
address_prefix
-
|
List of address prefix strings or dicts with "name"/"exact" keys.
If a list entry is a string, then exact=False for that name.
|
||
|
api_key
string
|
Deprecated
Use provider to specify PAN-OS connectivity instead.
The API key to use instead of generating it using username / password.
|
||
|
commit
boolean
|
|
Commit configuration if changed.
|
|
|
enable
boolean
|
|
Enable rule.
|
|
|
ip_address
string
|
Deprecated
Use provider to specify PAN-OS connectivity instead.
The IP address or hostname of the PAN-OS device being configured.
|
||
|
match_afi
-
|
|
Address Family Identifier.
|
|
|
match_as_path_regex
-
|
AS-path regular expression.
|
||
|
match_community_regex
-
|
Community AS-path regular expression.
|
||
|
match_extended_community_regex
-
|
Extended Community AS-path regular expression.
|
||
|
match_from_peer
list
|
Filter by peer that sent this route.
|
||
|
match_med
integer
|
Multi-Exit Discriminator.
|
||
|
match_nexthop
list
|
Next-hop attributes.
|
||
|
match_route_table
-
|
|
Route table to match rule.
|
|
|
match_safi
-
|
|
Subsequent Address Family Identifier.
|
|
|
name
-
/ required
|
Name of filter.
|
||
|
password
string
|
Deprecated
Use provider to specify PAN-OS connectivity instead.
The password to use for authentication. This is ignored if api_key is specified.
|
||
|
port
integer
|
Default: 443
|
Deprecated
Use provider to specify PAN-OS connectivity instead.
The port number to connect to the PAN-OS device on.
|
|
|
provider
-
added in 2.8 |
A dict object containing connection details.
|
||
|
api_key
string
|
The API key to use instead of generating it using username / password.
|
||
|
ip_address
string
|
The IP address or hostname of the PAN-OS device being configured.
|
||
|
password
string
|
The password to use for authentication. This is ignored if api_key is specified.
|
||
|
port
integer
|
Default: 443
|
The port number to connect to the PAN-OS device on.
|
|
|
serial_number
string
|
The serial number of a firewall to use for targeted commands. If ip_address is not a Panorama PAN-OS device, then this param is ignored.
|
||
|
username
string
|
Default: "admin"
|
The username to use for authentication. This is ignored if api_key is specified.
|
|
|
state
string
|
|
The state.
|
|
|
template
string
|
(Panorama only) The template this operation should target. Mutually exclusive with template_stack.
|
||
|
template_stack
string
|
(Panorama only) The template stack this operation should target. Mutually exclusive with template.
|
||
|
type
-
/ required
|
|
The type of rule.
|
|
|
used_by
list
|
Peer-groups that use this rule.
|
||
|
username
string
|
Default: "admin"
|
Deprecated
Use provider to specify PAN-OS connectivity instead.
The username to use for authentication. This is ignored if api_key is specified.
|
|
|
vr_name
-
|
Default: "default"
|
Name of the virtual router; it must already exist; see panos_virtual_router.
|
|
Notes¶
Note
Checkmode is supported.
Panorama is supported.
PAN-OS connectivity should be specified using provider or the classic PAN-OS connectivity params (ip_address, username, password, api_key, and port). If both are present, then the classic params are ignored.
If the PAN-OS to be configured is Panorama, either template or template_stack must be specified.
Examples¶
# Add a BGP Policy
- name: Create Policy Import Rule
panos_bgp_policy_rule:
provider: '{{ provider }}'
vr_name: 'default'
name: 'import-rule-001'
type: 'import'
enable: true
action: 'allow'
address_prefix:
- '10.1.1.0/24'
- name: '10.1.2.0/24'
exact: false
- name: '10.1.3.0/24'
exact: true
action_dampening: 'dampening-profile'
- name: Create Policy Export Rule
panos_bgp_policy_rule:
provider: '{{ provider }}'
vr_name: 'default'
name: 'export-rule-001'
type: 'export'
enable: true
action: 'allow'
- name: Remove Export Rule
panos_bgp_policy_rule:
provider: '{{ provider }}'
state: 'absent'
vr_name: 'default'
name: 'export-rule-001'
type: 'export'
Status¶
This module is not guaranteed to have a backwards compatible interface. [preview]
This module is maintained by the Ansible Community.