ansible / ansible.builtin / v2.8.13 / module / _panos_match_rule
Removed in 2.12
Reason:Consolidating code base. | Alternative:Use U(https://galaxy.ansible.com/PaloAltoNetworks/paloaltonetworks) instead.
Test for match against a security rule on PAN-OS devices or Panorama management console.
| "added in version" 2.5 of ansible.builtin"
Authors: Robert Hagen (@rnh556)
deprecated | supported by community
pip
Install with pip install ansible==2.8.13
Security policies allow you to enforce rules and take action, and can be as general or specific as needed.
- name: check security rules for Google DNS panos_match_rule: ip_address: '{{ ip_address }}' username: '{{ username }}' password: '{{ password }}' rule_type: 'security' source_ip: '10.0.0.0' destination_ip: '8.8.8.8' application: 'dns' destination_port: '53' protocol: '17' register: result
- debug: msg='{{result.stdout_lines}}'
- name: check security rules inbound SSH with user match panos_match_rule: ip_address: '{{ ip_address }}' username: '{{ username }}' password: '{{ password }}' rule_type: 'security' source_ip: '0.0.0.0' source_user: 'mydomain\jsmith' destination_ip: '192.168.100.115' destination_port: '22' protocol: '6' register: result
- debug: msg='{{result.stdout_lines}}'
- name: check NAT rules for source NAT panos_match_rule: ip_address: '{{ ip_address }}' username: '{{ username }}' password: '{{ password }}' rule_type: 'nat' source_zone: 'Prod-DMZ' source_ip: '10.10.118.50' to_interface: 'ethernet1/2' destination_zone: 'Internet' destination_ip: '0.0.0.0' protocol: '6' register: result
- debug: msg='{{result.stdout_lines}}'
- name: check NAT rules for inbound web panos_match_rule: ip_address: '{{ ip_address }}' username: '{{ username }}' password: '{{ password }}' rule_type: 'nat' source_zone: 'Internet' source_ip: '0.0.0.0' to_interface: 'ethernet1/1' destination_zone: 'Prod DMZ' destination_ip: '192.168.118.50' destination_port: '80' protocol: '6' register: result
- debug: msg='{{result.stdout_lines}}'
- name: check security rules for outbound POP3 in vsys4 panos_match_rule: ip_address: '{{ ip_address }}' username: '{{ username }}' password: '{{ password }}' vsys_id: 'vsys4' rule_type: 'security' source_ip: '10.0.0.0' destination_ip: '4.3.2.1' application: 'pop3' destination_port: '110' protocol: '6' register: result
- debug: msg='{{result.stdout_lines}}'
api_key: description: - API key that can be used instead of I(username)/I(password) credentials. vsys_id: default: vsys1 description: - ID of the VSYS object. required: true category: description: - URL category password: description: - Password credentials to use for auth unless I(api_key) is set. required: true protocol: description: - The IP protocol number from 1 to 255. username: default: admin description: - Username credentials to use for auth unless I(api_key) is set. rule_type: choices: - security - nat description: - Type of rule. Valid types are I(security) or I(nat). required: true source_ip: description: - The source IP address. required: true ip_address: description: - IP address (or hostname) of PAN-OS device being configured. required: true application: description: - The application. source_port: description: - The source port. source_user: description: - The source user or group. source_zone: description: - The source zone. to_interface: description: - The inbound interface in a NAT rule. destination_ip: description: - The destination IP address. destination_port: description: - The destination port. destination_zone: description: - The destination zone.