panos_nat_rule_facts – Get information about a NAT rule¶
New in version 2.9.
Synopsis¶
NOTE: The modules in this role are deprecated in favour of the modules in the collection https://paloaltonetworks.github.io/pan-os-ansible
Get information about one or more NAT rules.
Requirements¶
The below requirements are needed on the host that executes this module.
pan-python
pandevice
Parameters¶
| Parameter | Choices/Defaults | Comments | |
|---|---|---|---|
|
api_key
string
|
Deprecated
Use provider to specify PAN-OS connectivity instead.
The API key to use instead of generating it using username / password.
|
||
|
device_group
string
|
Default: "shared"
|
(Panorama only) The device group the operation should target.
|
|
|
ip_address
string
|
Deprecated
Use provider to specify PAN-OS connectivity instead.
The IP address or hostname of the PAN-OS device being configured.
|
||
|
listing
boolean
|
|
Return all rules.
Mutually exclusive with rule_name, rule_regex, and uuid.
|
|
|
password
string
|
Deprecated
Use provider to specify PAN-OS connectivity instead.
The password to use for authentication. This is ignored if api_key is specified.
|
||
|
port
integer
|
Default: 443
|
Deprecated
Use provider to specify PAN-OS connectivity instead.
The port number to connect to the PAN-OS device on.
|
|
|
provider
-
added in 2.8 |
A dict object containing connection details.
|
||
|
api_key
string
|
The API key to use instead of generating it using username / password.
|
||
|
ip_address
string
|
The IP address or hostname of the PAN-OS device being configured.
|
||
|
password
string
|
The password to use for authentication. This is ignored if api_key is specified.
|
||
|
port
integer
|
Default: 443
|
The port number to connect to the PAN-OS device on.
|
|
|
serial_number
string
|
The serial number of a firewall to use for targeted commands. If ip_address is not a Panorama PAN-OS device, then this param is ignored.
|
||
|
username
string
|
Default: "admin"
|
The username to use for authentication. This is ignored if api_key is specified.
|
|
|
rule_name
-
|
Name of the rule.
Mutually exclusive with rule_regex, listing, and uuid.
|
||
|
rule_regex
-
|
A regex to match against the rule name.
Mutually exclusive with rule_name, listing, and uuid.
|
||
|
rulebase
string
|
|
The rulebase in which the rule is to exist. If left unspecified, this defaults to rulebase=pre-rulebase for Panorama. For NGFW, this is always set to be rulebase=rulebase.
|
|
|
username
string
|
Default: "admin"
|
Deprecated
Use provider to specify PAN-OS connectivity instead.
The username to use for authentication. This is ignored if api_key is specified.
|
|
|
uuid
-
|
Match the given rule UUID (PAN-OS 9.0+).
Mutually exclusive with rule_name, listing, and rule_regex.
|
||
|
vsys
string
|
Default: "vsys1"
|
The vsys this object belongs to.
|
|
Notes¶
Note
Checkmode is not supported.
Panorama is supported.
PAN-OS connectivity should be specified using provider or the classic PAN-OS connectivity params (ip_address, username, password, api_key, and port). If both are present, then the classic params are ignored.
Examples¶
- name: Get a list of all NAT rules
panos_nat_rule_facts:
provider: '{{ provider }}'
listing: true
register: res1
- debug:
msg: '{{ res1.listing }}'
- name: Get the NAT rule foo
panos_nat_rule_facts:
provider: '{{ provider }}'
rule_name: 'foo'
register: res2
- debug:
msg: '{{ res2.object }}'
Return Values¶
Common return values are documented here, the following are the fields unique to this module:
| Key | Returned | Description | |
|---|---|---|---|
|
listing
list
|
When listing or rule_regex is set |
List of rules
|
|
|
object
complex
|
When rule_name or uuid is specified |
Single rule definition
|
|
|
description
string
|
Description
|
||
|
destination_ip
list
|
Destination addresses
|
||
|
destination_zone
list
|
To zones
|
||
|
dnat_address
string
|
Destination NAT translated address
|
||
|
dnat_port
integer
|
Destination NAT translated port
|
||
|
nat_type
string
|
The NAT type
|
||
|
rule_name
string
|
Rule name
|
||
|
service
string
|
The service
|
||
|
snat_address_type
string
|
Type of source translation
|
||
|
snat_bidirectional
boolean
|
Bidirectional flag
|
||
|
snat_dynamic_address
list
|
Source NAT translated address
|
||
|
snat_interface
string
|
Source NAT interface
|
||
|
snat_interface_address
string
|
SNAT interface address
|
||
|
snat_static_address
string
|
Static IP SNAT translated address
|
||
|
snat_type
string
|
Type of source translation
|
||
|
source_ip
list
|
Source addresses
|
||
|
source_zone
list
|
Source zone
|
||
|
tag_val
list
|
Administrative tags for this rule
|
||
|
to_interface
string
|
Egress interface from route lookup
|
||
|
uuid
string
|
The UUID of the rule (PAN-OS 9.0+)
|
||
Status¶
This module is not guaranteed to have a backwards compatible interface. [preview]
This module is maintained by the Ansible Community.