panos_object – create/read/update/delete object in PAN-OS or Panorama

New in version 2.4.

DEPRECATED

Removed in Ansible

version: 2.9

Why

Updated to idempotent modules

Alternative

Use panos_address_object, panos_address_group, panos_service_object, panos_service_group, or panos_tag_object as appropriate.

Synopsis

  • NOTE: The modules in this role are deprecated in favour of the modules in the collection https://paloaltonetworks.github.io/pan-os-ansible

  • Policy objects form the match criteria for policy rules and many other functions in PAN-OS. These may include

  • address object, address groups, service objects, service groups, and tag.

Requirements

The below requirements are needed on the host that executes this module.

Parameters

Parameter Choices/Defaults Comments
address
-
The IP address of the host or network in CIDR notation.
address_type
-
The type of address object definition. Valid types are ip-netmask and ip-range.
addressgroup
-
A static group of address objects or dynamic address group.
addressobject
-
The name of the address object.
api_key
-
API key that can be used instead of username/password credentials.
color
-
- The color of the tag object. Valid values are red, green, blue, yellow, copper, orange, purple, gray, light green, cyan, light gray, blue gray, lime, black, gold, and brown.
commit
-
Default:
"no"
Commit the config change.
description
-
The description of the object.
destination_port
-
The destination port to be used in a service object definition.
devicegroup
-
Default:
"None"
The name of the (preexisting) Panorama device group.
If undefined and ip_address is Panorama, this defaults to shared.
dynamic_value
-
The filter match criteria to be used in a dynamic addressgroup definition.
ip_address
- / required
IP address (or hostname) of PAN-OS device or Panorama management console being configured.
operation
- / required
The operation to be performed. Supported values are add/delete/find.
password
- / required
Password credentials to use for authentication.
protocol
-
The IP protocol to be used in a service object definition. Valid values are tcp or udp.
servicegroup
-
A group of service objects.
serviceobject
-
The name of the service object.
services
-
The group of service objects used in a servicegroup definition.
source_port
-
The source port to be used in a service object definition.
static_value
-
A group of address objects to be used in an addressgroup definition.
tag_name
-
The name of an object or rule tag.
username
-
Default:
"admin"
Username credentials to use for authentication.
vsys
-
Default:
"vsys1"
The vsys to put the object into.
Firewall only.

Notes

Note

  • Checkmode is not supported.

  • Panorama is supported.

Examples

- name: search for shared address object
  panos_object:
    ip_address: '{{ ip_address }}'
    username: '{{ username }}'
    password: '{{ password }}'
    operation: 'find'
    address: 'DevNet'

- name: create an address group in devicegroup using API key
  panos_object:
    ip_address: '{{ ip_address }}'
    api_key: '{{ api_key }}'
    operation: 'add'
    addressgroup: 'Prod_DB_Svrs'
    static_value: ['prod-db1', 'prod-db2', 'prod-db3']
    description: 'Production DMZ database servers'
    tag_name: 'DMZ'
    devicegroup: 'DMZ Firewalls'

- name: create a global service for TCP 3306
  panos_object:
    ip_address: '{{ ip_address }}'
    api_key: '{{ api_key }}'
    operation: 'add'
    serviceobject: 'mysql-3306'
    destination_port: '3306'
    protocol: 'tcp'
    description: 'MySQL on tcp/3306'

- name: create a global tag
  panos_object:
    ip_address: '{{ ip_address }}'
    username: '{{ username }}'
    password: '{{ password }}'
    operation: 'add'
    tag_name: 'ProjectX'
    color: 'yellow'
    description: 'Associated with Project X'

- name: delete an address object from a devicegroup using API key
  panos_object:
    ip_address: '{{ ip_address }}'
    api_key: '{{ api_key }}'
    operation: 'delete'
    addressobject: 'Win2K test'

Status

  • This module will be removed in version 2.9. [deprecated]

  • For more information see DEPRECATED.

Authors

  • Bob Hagen (@rnh556)