panos_l3_subinterface – configure layer3 subinterface

New in version 2.8.

Synopsis

  • NOTE: The modules in this role are deprecated in favour of the modules in the collection https://paloaltonetworks.github.io/pan-os-ansible

  • Configure a layer3 subinterface.

Requirements

The below requirements are needed on the host that executes this module.

  • pan-python

  • pandevice >= 0.8.0

Parameters

Parameter Choices/Defaults Comments
adjust_tcp_mss
boolean
    Choices:
  • no
  • yes
Adjust TCP MSS for layer3 interface.
api_key
string
Deprecated
Use provider to specify PAN-OS connectivity instead.
The API key to use instead of generating it using username / password.
comment
-
Interface comment.
create_default_route
boolean
    Choices:
  • no
  • yes
Whether or not to add default route with router learned via DHCP.
dhcp_default_route_metric
integer
Metric for the DHCP default route.
enable_dhcp
boolean
    Choices:
  • no
  • yes ←
Enable DHCP on this interface.
ip
list
List of static IP addresses.
ip_address
string
Deprecated
Use provider to specify PAN-OS connectivity instead.
The IP address or hostname of the PAN-OS device being configured.
ipv4_mss_adjust
integer
(7.1+) TCP MSS adjustment for IPv4.
ipv6_enabled
boolean
    Choices:
  • no
  • yes
Enable IPv6.
ipv6_mss_adjust
integer
(7.1+) TCP MSS adjustment for IPv6.
management_profile
-
Interface management profile name.
mtu
integer
MTU for layer3 interface.
name
- / required
Name of the interface to configure.
netflow_profile
-
Netflow profile for layer3 interface.
password
string
Deprecated
Use provider to specify PAN-OS connectivity instead.
The password to use for authentication. This is ignored if api_key is specified.
port
integer
Default:
443
Deprecated
Use provider to specify PAN-OS connectivity instead.
The port number to connect to the PAN-OS device on.
provider
-
added in 2.8
A dict object containing connection details.
api_key
string
The API key to use instead of generating it using username / password.
ip_address
string
The IP address or hostname of the PAN-OS device being configured.
password
string
The password to use for authentication. This is ignored if api_key is specified.
port
integer
Default:
443
The port number to connect to the PAN-OS device on.
serial_number
string
The serial number of a firewall to use for targeted commands. If ip_address is not a Panorama PAN-OS device, then this param is ignored.
username
string
Default:
"admin"
The username to use for authentication. This is ignored if api_key is specified.
state
string
    Choices:
  • present ←
  • absent
The state.
tag
integer / required
Tag (vlan id) for the interface
template
string
(Panorama only) The template this operation should target. This param is required if the PAN-OS device is Panorama.
username
string
Default:
"admin"
Deprecated
Use provider to specify PAN-OS connectivity instead.
The username to use for authentication. This is ignored if api_key is specified.
vr_name
-
Virtual router to add this interface to.
vsys
string
The vsys this object should be imported into. Objects that are imported include interfaces, virtual routers, virtual wires, and VLANs. Interfaces are typically imported into vsys1 if no vsys is specified.
zone_name
-
Name of the zone for the interface.
If the zone does not exist it is created.

Notes

Note

  • Panorama is supported.

  • Checkmode is supported.

  • If the PAN-OS device is a firewall and vsys is not specified, then the vsys will default to vsys=vsys1.

  • PAN-OS connectivity should be specified using provider or the classic PAN-OS connectivity params (ip_address, username, password, api_key, and port). If both are present, then the classic params are ignored.

Examples

# Create ethernet1/1.5 as DHCP.
- name: enable DHCP client on ethernet1/1.5 in zone public
  panos_l3_subinterface:
    provider: '{{ provider }}'
    name: "ethernet1/1.5"
    tag: 1
    create_default_route: True
    zone_name: "public"
    create_default_route: "yes"

# Update ethernet1/2.7 with a static IP address in zone dmz.
- name: ethernet1/2.7 as static in zone dmz
  panos_l3_subinterface:
    provider: '{{ provider }}'
    name: "ethernet1/2.7"
    tag: 7
    enable_dhcp: false
    ip: ["10.1.1.1/24"]
    zone_name: "dmz"

Status

Authors

  • Garfield Lee Freeman (@shinmog)