panos_nat_rule_facts – Get information about a NAT rule

New in version 2.9.

Synopsis

  • Get information about one or more NAT rules.

Requirements

The below requirements are needed on the host that executes this module.

  • pan-python

  • pandevice

Parameters

Parameter Choices/Defaults Comments
api_key
string
Deprecated
Use provider to specify PAN-OS connectivity instead.

The API key to use instead of generating it using username / password.
device_group
string
Default:
"shared"
(Panorama only) The device group the operation should target.
ip_address
string
Deprecated
Use provider to specify PAN-OS connectivity instead.

The IP address or hostname of the PAN-OS device being configured.
listing
boolean
    Choices:
  • no
  • yes
Return all rules.
Mutually exclusive with rule_name, rule_regex, and uuid.
password
string
Deprecated
Use provider to specify PAN-OS connectivity instead.

The password to use for authentication. This is ignored if api_key is specified.
port
integer
Default:
443
Deprecated
Use provider to specify PAN-OS connectivity instead.

The port number to connect to the PAN-OS device on.
provider
-
added in 2.8
A dict object containing connection details.
api_key
string
The API key to use instead of generating it using username / password.
ip_address
string
The IP address or hostname of the PAN-OS device being configured.
password
string
The password to use for authentication. This is ignored if api_key is specified.
port
integer
Default:
443
The port number to connect to the PAN-OS device on.
serial_number
string
The serial number of a firewall to use for targeted commands. If ip_address is not a Panorama PAN-OS device, then this param is ignored.
username
string
Default:
"admin"
The username to use for authentication. This is ignored if api_key is specified.
rule_name
-
Name of the rule.
Mutually exclusive with rule_regex, listing, and uuid.
rule_regex
-
A regex to match against the rule name.
Mutually exclusive with rule_name, listing, and uuid.
rulebase
string
    Choices:
  • pre-rulebase
  • rulebase
  • post-rulebase
The rulebase in which the rule is to exist. If left unspecified, this defaults to rulebase=pre-rulebase for Panorama. For NGFW, this is always set to be rulebase=rulebase.
username
string
Default:
"admin"
Deprecated
Use provider to specify PAN-OS connectivity instead.

The username to use for authentication. This is ignored if api_key is specified.
uuid
-
Match the given rule UUID (PAN-OS 9.0+).
Mutually exclusive with rule_name, listing, and rule_regex.
vsys
string
Default:
"vsys1"
The vsys this object belongs to.

Notes

Note

  • Checkmode is not supported.

  • Panorama is supported.

  • PAN-OS connectivity should be specified using provider or the classic PAN-OS connectivity params (ip_address, username, password, api_key, and port). If both are present, then the classic params are ignored.

Examples

- name: Get a list of all NAT rules
  panos_nat_rule_facts:
    provider: '{{ provider }}'
    listing: true
  register: res1

- debug:
    msg: '{{ res1.listing }}'

- name: Get the NAT rule foo
  panos_nat_rule_facts:
    provider: '{{ provider }}'
    rule_name: 'foo'
  register: res2

- debug:
    msg: '{{ res2.object }}'

Return Values

Common return values are documented here, the following are the fields unique to this module:

Key Returned Description
listing
list
When listing or rule_regex is set
List of rules

object
complex
When rule_name or uuid is specified
Single rule definition

  description
string
Description

  destination_ip
list
Destination addresses

  destination_zone
list
To zones

  dnat_address
string
Destination NAT translated address

  dnat_port
integer
Destination NAT translated port

  nat_type
string
The NAT type

  rule_name
string
Rule name

  service
string
The service

  snat_address_type
string
Type of source translation

  snat_bidirectional
boolean
Bidirectional flag

  snat_dynamic_address
list
Source NAT translated address

  snat_interface
string
Source NAT interface

  snat_interface_address
string
SNAT interface address

  snat_static_address
string
Static IP SNAT translated address

  snat_type
string
Type of source translation

  source_ip
list
Source addresses

  source_zone
list
Source zone

  tag_val
list
Administrative tags for this rule

  to_interface
string
Egress interface from route lookup

  uuid
string
The UUID of the rule (PAN-OS 9.0+)



Status

Authors

  • Garfield Lee Freeman (@shinmog)