ansible / ansible.builtin / v2.5.6 / module / panos_query_rules PANOS module that allows search for security rules in PANW NGFW devices. | "added in version" 2.5 of ansible.builtin" Authors: Bob Hagen (@rnh556) preview | supported by communityansible.builtin.panos_query_rules (v2.5.6) — module
pip
Install with pip install ansible==2.5.6
- Security policies allow you to enforce rules and take action, and can be as general or specific as needed. The policy rules are compared against the incoming traffic in sequence, and because the first rule that matches the traffic is applied, the more specific rules must precede the more general ones.
- name: search for rules with tcp/3306 panos_query_rules: ip_address: '{{ ip_address }}' username: '{{ username }}' password: '{{ password }}' source_zone: 'DevNet' destination_zone: 'DevVPC' destination_port: '3306' protocol: 'tcp'
- name: search devicegroup for inbound rules to dmz host panos_query_rules: ip_address: '{{ ip_address }}' api_key: '{{ api_key }}' destination_zone: 'DMZ' destination_ip: '10.100.42.18' address: 'DeviceGroupA'
- name: search for rules containing a specified rule tag panos_query_rules: ip_address: '{{ ip_address }}' username: '{{ username }}' password: '{{ password }}' tag_name: 'ProjectX'
api_key: description: - API key that can be used instead of I(username)/I(password) credentials. password: description: - Password credentials to use for authentication. required: true protocol: default: None description: - The protocol used to be queried. Must be either I(tcp) or I(udp). required: false tag_name: default: None description: - Name of the rule tag to be queried. required: false username: default: admin description: - Username credentials to use for authentication. required: false source_ip: default: None description: - The source IP address to be queried. required: false ip_address: description: - IP address (or hostname) of PAN-OS firewall or Panorama management console being queried. required: true application: default: None description: - Name of the application or application group to be queried. required: false devicegroup: default: None description: - The Panorama device group in which to conduct the query. required: false source_port: default: None description: - The source port to be queried. required: false source_zone: default: None description: - Name of the source security zone to be queried. required: false destination_ip: default: None description: - The destination IP address to be queried. required: false destination_port: default: None description: - The destination port to be queried. required: false destination_zone: default: None description: - Name of the destination security zone to be queried. required: false