panos_ike_crypto_profile – Configures IKE Crypto profile on the firewall with subset of settings

New in version 2.8.

Synopsis

  • Use the IKE Crypto Profiles page to specify protocols and algorithms for identification, authentication, and

  • encryption (IKEv1 or IKEv2, Phase 1).

Requirements

The below requirements are needed on the host that executes this module.

Parameters

Parameter Choices/Defaults Comments
api_key
string
Deprecated
Use provider to specify PAN-OS connectivity instead.

The API key to use instead of generating it using username / password.
authentication
-
    Choices:
  • md5
  • sha1 ←
  • sha256
  • sha384
  • sha512
Authentication hashes used for IKE phase 1 proposal.
commit
-
Default:
"yes"
Commit configuration if changed.
dh_group
-
    Choices:
  • group1
  • group2 ←
  • group5
  • group14
  • group19
  • group20
Specify the priority for Diffie-Hellman (DH) groups.

aliases: d, h, g, r, o, u, p
encryption
-
    Choices:
  • des
  • 3des ←
  • aes-128-cbc
  • aes-192-cbc
  • aes-256-cbc ←
Default:
["aes-256-cbc", "3des"]
Encryption algorithms used for IKE phase 1 proposal.
ip_address
string
Deprecated
Use provider to specify PAN-OS connectivity instead.

The IP address or hostname of the PAN-OS device being configured.
lifetime_days
-
IKE phase 1 key lifetime in days.
lifetime_hours
-
IKE phase 1 key lifetime in hours. If no key lifetime is specified, default to 8 hours.
lifetime_minutes
-
IKE phase 1 key lifetime in minutes.
lifetime_seconds
-
IKE phase 1 key lifetime in seconds.

aliases: l, i, f, e, t, i, m, e, _, s, e, c
name
- / required
Name for the profile.
password
string
Deprecated
Use provider to specify PAN-OS connectivity instead.

The password to use for authentication. This is ignored if api_key is specified.
port
integer
Default:
443
Deprecated
Use provider to specify PAN-OS connectivity instead.

The port number to connect to the PAN-OS device on.
provider
-
added in 2.8
A dict object containing connection details.
api_key
string
The API key to use instead of generating it using username / password.
ip_address
string
The IP address or hostname of the PAN-OS device being configured.
password
string
The password to use for authentication. This is ignored if api_key is specified.
port
integer
Default:
443
The port number to connect to the PAN-OS device on.
serial_number
string
The serial number of a firewall to use for targeted commands. If ip_address is not a Panorama PAN-OS device, then this param is ignored.
username
string
Default:
"admin"
The username to use for authentication. This is ignored if api_key is specified.
state
string
    Choices:
  • present ←
  • absent
The state.
template
string
(Panorama only) The template this operation should target. Mutually exclusive with template_stack.
template_stack
string
(Panorama only) The template stack this operation should target. Mutually exclusive with template.
username
string
Default:
"admin"
Deprecated
Use provider to specify PAN-OS connectivity instead.

The username to use for authentication. This is ignored if api_key is specified.

Notes

Note

  • Panorama is supported.

  • Check mode is supported.

  • PAN-OS connectivity should be specified using provider or the classic PAN-OS connectivity params (ip_address, username, password, api_key, and port). If both are present, then the classic params are ignored.

  • If the PAN-OS to be configured is Panorama, either template or template_stack must be specified.

Examples

- name: Add IKE crypto config to the firewall
    panos_ike_crypto_profile:
      provider: '{{ provider }}'
      state: 'present'
      name: 'vpn-0cc61dd8c06f95cfd-0'
      dh_group: ['group2']
      authentication: ['sha1']
      encryption: ['aes-128-cbc']
      lifetime_seconds: '28800'

Status

Authors

  • Ivan Bojer (@ivanbojer)