panos_bgp_policy_rule – Configures a BGP Policy Import/Export Rule

New in version 2.8.

Synopsis

  • Use BGP to publish and consume routes from disparate networks.

Requirements

The below requirements are needed on the host that executes this module.

Parameters

Parameter Choices/Defaults Comments
action
-
    Choices:
  • allow
  • deny
Rule action.
action_as_path_limit
integer
Add AS path limit attribute if it does not exist.
action_as_path_prepend_times
integer
Prepend local AS for specified number of times.
action_as_path_type
-
    Choices:
  • none
  • remove
  • prepend
  • remove-and-prepend
AS path update options.
action_community_argument
-
Argument to the action community value if needed.
action_community_type
-
    Choices:
  • none
  • remove-all
  • remove-regex
  • append
  • overwrite
Community update options.
action_dampening
-
Route flap dampening profile; only with "import" type.
action_extended_community_argument
-
Argument to the action extended community value if needed.
action_extended_community_type
-
Extended community update options.
action_local_preference
integer
New local preference value.
action_med
integer
New MED value.
action_nexthop
-
Nexthop address.
action_origin
-
    Choices:
  • igp
  • egp
  • incomplete
New route origin.
action_weight
integer
New weight value; only with "import" type.
address_prefix
-
List of address prefix strings or dicts with "name"/"exact" keys.
If a list entry is a string, then exact=False for that name.
api_key
string
Deprecated
Use provider to specify PAN-OS connectivity instead.

The API key to use instead of generating it using username / password.
commit
boolean
    Choices:
  • no
  • yes ←
Commit configuration if changed.
enable
boolean
    Choices:
  • no
  • yes ←
Enable rule.
ip_address
string
Deprecated
Use provider to specify PAN-OS connectivity instead.

The IP address or hostname of the PAN-OS device being configured.
match_afi
-
    Choices:
  • ip
  • ipv6
Address Family Identifier.
match_as_path_regex
-
AS-path regular expression.
match_community_regex
-
Community AS-path regular expression.
match_extended_community_regex
-
Extended Community AS-path regular expression.
match_from_peer
list
Filter by peer that sent this route.
match_med
integer
Multi-Exit Discriminator.
match_nexthop
list
Next-hop attributes.
match_route_table
-
    Choices:
  • unicast
  • multicast
  • both
Route table to match rule.
match_safi
-
    Choices:
  • ip
  • ipv6
Subsequent Address Family Identifier.
name
- / required
Name of filter.
password
string
Deprecated
Use provider to specify PAN-OS connectivity instead.

The password to use for authentication. This is ignored if api_key is specified.
port
integer
Default:
443
Deprecated
Use provider to specify PAN-OS connectivity instead.

The port number to connect to the PAN-OS device on.
provider
-
added in 2.8
A dict object containing connection details.
api_key
string
The API key to use instead of generating it using username / password.
ip_address
string
The IP address or hostname of the PAN-OS device being configured.
password
string
The password to use for authentication. This is ignored if api_key is specified.
port
integer
Default:
443
The port number to connect to the PAN-OS device on.
serial_number
string
The serial number of a firewall to use for targeted commands. If ip_address is not a Panorama PAN-OS device, then this param is ignored.
username
string
Default:
"admin"
The username to use for authentication. This is ignored if api_key is specified.
state
string
    Choices:
  • present ←
  • absent
The state.
template
string
(Panorama only) The template this operation should target. Mutually exclusive with template_stack.
template_stack
string
(Panorama only) The template stack this operation should target. Mutually exclusive with template.
type
- / required
    Choices:
  • import
  • export
The type of rule.
used_by
list
Peer-groups that use this rule.
username
string
Default:
"admin"
Deprecated
Use provider to specify PAN-OS connectivity instead.

The username to use for authentication. This is ignored if api_key is specified.
vr_name
-
Default:
"default"
Name of the virtual router; it must already exist; see panos_virtual_router.

Notes

Note

  • Checkmode is supported.

  • Panorama is supported.

  • PAN-OS connectivity should be specified using provider or the classic PAN-OS connectivity params (ip_address, username, password, api_key, and port). If both are present, then the classic params are ignored.

  • If the PAN-OS to be configured is Panorama, either template or template_stack must be specified.

Examples

# Add a BGP Policy
  - name: Create Policy Import Rule
    panos_bgp_policy_rule:
      provider: '{{ provider }}'
      vr_name: 'default'
      name: 'import-rule-001'
      type: 'import'
      enable: true
      action: 'allow'
      address_prefix:
        - '10.1.1.0/24'
        - name: '10.1.2.0/24'
          exact: false
        - name: '10.1.3.0/24'
          exact: true
      action_dampening: 'dampening-profile'

  - name: Create Policy Export Rule
    panos_bgp_policy_rule:
      provider: '{{ provider }}'
      vr_name: 'default'
      name: 'export-rule-001'
      type: 'export'
      enable: true
      action: 'allow'

  - name: Remove Export Rule
    panos_bgp_policy_rule:
      provider: '{{ provider }}'
      state: 'absent'
      vr_name: 'default'
      name: 'export-rule-001'
      type: 'export'

Status

Authors

  • Joshua Colson (@freakinhippie)

  • Garfield Lee Freeman (@shinmog)