panos_ike_crypto_profile – Configures IKE Crypto profile on the firewall with subset of settings¶
New in version 2.8.
Synopsis¶
NOTE: The modules in this role are deprecated in favour of the modules in the collection https://paloaltonetworks.github.io/pan-os-ansible
Use the IKE Crypto Profiles page to specify protocols and algorithms for identification, authentication, and
encryption (IKEv1 or IKEv2, Phase 1).
Requirements¶
The below requirements are needed on the host that executes this module.
pan-python can be obtained from PyPI https://pypi.python.org/pypi/pan-python
pandevice can be obtained from PyPI https://pypi.python.org/pypi/pandevice
Parameters¶
Parameter | Choices/Defaults | Comments | |
---|---|---|---|
api_key
string
|
Deprecated
Use provider to specify PAN-OS connectivity instead.
The API key to use instead of generating it using username / password.
|
||
authentication
-
|
|
Authentication hashes used for IKE phase 1 proposal.
|
|
commit
-
|
Default: "yes"
|
Commit configuration if changed.
|
|
dh_group
-
|
|
Specify the priority for Diffie-Hellman (DH) groups.
aliases: d, h, g, r, o, u, p |
|
encryption
-
|
["aes-256-cbc", "3des"]
|
Encryption algorithms used for IKE phase 1 proposal.
|
|
ip_address
string
|
Deprecated
Use provider to specify PAN-OS connectivity instead.
The IP address or hostname of the PAN-OS device being configured.
|
||
lifetime_days
-
|
IKE phase 1 key lifetime in days.
|
||
lifetime_hours
-
|
IKE phase 1 key lifetime in hours. If no key lifetime is specified, default to 8 hours.
|
||
lifetime_minutes
-
|
IKE phase 1 key lifetime in minutes.
|
||
lifetime_seconds
-
|
IKE phase 1 key lifetime in seconds.
aliases: l, i, f, e, t, i, m, e, _, s, e, c |
||
name
-
/ required
|
Name for the profile.
|
||
password
string
|
Deprecated
Use provider to specify PAN-OS connectivity instead.
The password to use for authentication. This is ignored if api_key is specified.
|
||
port
integer
|
Default: 443
|
Deprecated
Use provider to specify PAN-OS connectivity instead.
The port number to connect to the PAN-OS device on.
|
|
provider
-
added in 2.8 |
A dict object containing connection details.
|
||
api_key
string
|
The API key to use instead of generating it using username / password.
|
||
ip_address
string
|
The IP address or hostname of the PAN-OS device being configured.
|
||
password
string
|
The password to use for authentication. This is ignored if api_key is specified.
|
||
port
integer
|
Default: 443
|
The port number to connect to the PAN-OS device on.
|
|
serial_number
string
|
The serial number of a firewall to use for targeted commands. If ip_address is not a Panorama PAN-OS device, then this param is ignored.
|
||
username
string
|
Default: "admin"
|
The username to use for authentication. This is ignored if api_key is specified.
|
|
state
string
|
|
The state.
|
|
template
string
|
(Panorama only) The template this operation should target. Mutually exclusive with template_stack.
|
||
template_stack
string
|
(Panorama only) The template stack this operation should target. Mutually exclusive with template.
|
||
username
string
|
Default: "admin"
|
Deprecated
Use provider to specify PAN-OS connectivity instead.
The username to use for authentication. This is ignored if api_key is specified.
|
Notes¶
Note
Panorama is supported.
Check mode is supported.
PAN-OS connectivity should be specified using provider or the classic PAN-OS connectivity params (ip_address, username, password, api_key, and port). If both are present, then the classic params are ignored.
If the PAN-OS to be configured is Panorama, either template or template_stack must be specified.
Examples¶
- name: Add IKE crypto config to the firewall
panos_ike_crypto_profile:
provider: '{{ provider }}'
state: 'present'
name: 'vpn-0cc61dd8c06f95cfd-0'
dh_group: ['group2']
authentication: ['sha1']
encryption: ['aes-128-cbc']
lifetime_seconds: '28800'
Status¶
This module is not guaranteed to have a backwards compatible interface. [preview]
This module is maintained by the Ansible Community.