panos_interface – configure data-port network interfaces¶
New in version 2.3.
Synopsis¶
NOTE: The modules in this role are deprecated in favour of the modules in the collection https://paloaltonetworks.github.io/pan-os-ansible
Configure data-port (DP) network interface. By default DP interfaces are static.
Requirements¶
The below requirements are needed on the host that executes this module.
pan-python can be obtained from PyPI https://pypi.python.org/pypi/pan-python
pandevice can be obtained from PyPI https://pypi.python.org/pypi/pandevice
pandevice >= 0.8.0
Parameters¶
Parameter | Choices/Defaults | Comments | |
---|---|---|---|
adjust_tcp_mss
boolean
|
|
Adjust TCP MSS for layer3 interface.
|
|
aggregate_group
-
|
Aggregate interface name.
|
||
api_key
string
|
Deprecated
Use provider to specify PAN-OS connectivity instead.
The API key to use instead of generating it using username / password.
|
||
comment
-
|
Interface comment.
|
||
commit
boolean
|
|
Commit if changed
|
|
create_default_route
boolean
|
|
Whether or not to add default route with router learned via DHCP.
|
|
dhcp_default_route_metric
integer
|
Metric for the DHCP default route.
|
||
enable_dhcp
boolean
|
|
Enable DHCP on this interface.
|
|
if_name
-
/ required
|
Name of the interface to configure.
|
||
ip
list
|
List of static IP addresses.
|
||
ip_address
string
|
Deprecated
Use provider to specify PAN-OS connectivity instead.
The IP address or hostname of the PAN-OS device being configured.
|
||
ipv4_mss_adjust
integer
|
(7.1+) TCP MSS adjustment for IPv4.
|
||
ipv6_enabled
boolean
|
|
Enable IPv6.
|
|
ipv6_mss_adjust
integer
|
(7.1+) TCP MSS adjustment for IPv6.
|
||
link_duplex
-
|
|
Link duplex.
|
|
link_speed
-
|
|
Link speed.
|
|
link_state
-
|
|
Link state.
|
|
lldp_enabled
-
|
Enable LLDP for layer2 interface.
|
||
lldp_profile
-
|
LLDP profile name for layer2 interface.
|
||
management_profile
-
|
Interface management profile name.
|
||
mode
-
|
|
The interface mode.
|
|
mtu
integer
|
MTU for layer3 interface.
|
||
netflow_profile
-
|
Netflow profile for layer3 interface.
|
||
netflow_profile_l2
-
|
Netflow profile name for layer2 interface.
|
||
operation
-
|
Removed
Use state instead.
|
||
password
string
|
Deprecated
Use provider to specify PAN-OS connectivity instead.
The password to use for authentication. This is ignored if api_key is specified.
|
||
port
integer
|
Default: 443
|
Deprecated
Use provider to specify PAN-OS connectivity instead.
The port number to connect to the PAN-OS device on.
|
|
provider
-
added in 2.8 |
A dict object containing connection details.
|
||
api_key
string
|
The API key to use instead of generating it using username / password.
|
||
ip_address
string
|
The IP address or hostname of the PAN-OS device being configured.
|
||
password
string
|
The password to use for authentication. This is ignored if api_key is specified.
|
||
port
integer
|
Default: 443
|
The port number to connect to the PAN-OS device on.
|
|
serial_number
string
|
The serial number of a firewall to use for targeted commands. If ip_address is not a Panorama PAN-OS device, then this param is ignored.
|
||
username
string
|
Default: "admin"
|
The username to use for authentication. This is ignored if api_key is specified.
|
|
state
string
|
|
The state.
|
|
template
string
|
(Panorama only) The template this operation should target. This param is required if the PAN-OS device is Panorama.
|
||
username
string
|
Default: "admin"
|
Deprecated
Use provider to specify PAN-OS connectivity instead.
The username to use for authentication. This is ignored if api_key is specified.
|
|
vlan_name
-
|
The VLAN to put this interface in.
If the VLAN does not exist it is created.
Only specify this if mode=layer2.
|
||
vr_name
-
|
Default: "default"
|
Name of the virtual router; it must already exist.
|
|
vsys
string
|
The vsys this object should be imported into. Objects that are imported include interfaces, virtual routers, virtual wires, and VLANs. Interfaces are typically imported into vsys1 if no vsys is specified.
|
||
vsys_dg
-
|
Deprecated
Use vsys to specify the vsys instead.
Name of the vsys (if firewall) or device group (if panorama) to put this object.
|
||
zone_name
-
|
Name of the zone for the interface.
If the zone does not exist it is created.
If the zone already exists its mode should match mode.
|
Notes¶
Note
Checkmode is supported.
If the PAN-OS device is a firewall and vsys is not specified, then the vsys will default to vsys=vsys1.
PAN-OS connectivity should be specified using provider or the classic PAN-OS connectivity params (ip_address, username, password, api_key, and port). If both are present, then the classic params are ignored.
Examples¶
# Create ethernet1/1 as DHCP.
- name: enable DHCP client on ethernet1/1 in zone public
panos_interface:
provider: '{{ provider }}'
if_name: "ethernet1/1"
zone_name: "public"
create_default_route: "yes"
# Update ethernet1/2 with a static IP address in zone dmz.
- name: ethernet1/2 as static in zone dmz
panos_interface:
provider: '{{ provider }}'
if_name: "ethernet1/2"
mode: "layer3"
ip: ["10.1.1.1/24"]
enable_dhcp: false
zone_name: "dmz"
Status¶
This module is not guaranteed to have a backwards compatible interface. [preview]
This module is maintained by the Ansible Community.