/ home / community / community.general / 0.1.1 / module / panos_nat_rule

Deprecated

Removed in 2.12

community.general.panos_nat_rule (0.1.1) — module

create a policy NAT rule

Authors: Luigi Mori (@jtschichold), Ivan Bojer (@ivanbojer), Robert Hagen (@rnh556)

deprecated | supported by community

Install collection

Install with ansible-galaxy collection install community.general:==0.1.1

Add to requirements.yml

  collections:
    - name: community.general
      version: 0.1.1

Description

- Create a policy nat rule. Keep in mind that we can either end up configuring source NAT, destination NAT, or both. Instead of splitting it into two we will make a fair attempt to determine which one the user wants.

Requirements

pan-python can be obtained from PyPI U(https://pypi.org/project/pan-python/)
pandevice can be obtained from PyPI U(https://pypi.org/project/pandevice/)

Usage examples

Scanned by Steampunk Spotter

# Create a source and destination nat rule
  - name: Create NAT SSH rule for 10.0.1.101
    panos_nat_rule:
      ip_address: '{{ ip_address }}'
      username: '{{ username }}'
      password: '{{ password }}'
      rule_name: "Web SSH"
      source_zone: ["external"]
      destination_zone: "external"
      source: ["any"]
      destination: ["10.0.0.100"]
      service: "service-tcp-221"
      snat_type: "dynamic-ip-and-port"
      snat_interface: "ethernet1/2"
      dnat_address: "10.0.1.101"
      dnat_port: "22"

Inputs

    
commit:
    default: 'yes'
    description:
    - Commit configuration if changed.
    type: bool

api_key:
    description:
    - API key that can be used instead of I(username)/I(password) credentials.

service:
    default: any
    description:
    - service

password:
    description:
    - Password credentials to use for auth unless I(api_key) is set.
    required: true

tag_name:
    description:
    - Tag for the NAT rule.

username:
    default: admin
    description:
    - Username credentials to use for auth unless I(api_key) is set.

dnat_port:
    description:
    - dnat translated port

operation:
    choices:
    - add
    - update
    - delete
    - find
    description:
    - The action to be taken.  Supported values are I(add)/I(update)/I(find)/I(delete).
    required: true

rule_name:
    description:
    - name of the SNAT rule
    required: true

snat_type:
    choices:
    - static-ip
    - dynamic-ip-and-port
    - dynamic-ip
    description:
    - type of source translation

source_ip:
    default:
    - any
    description:
    - list of source addresses

ip_address:
    description:
    - IP address (or hostname) of PAN-OS device being configured.
    required: true

description:
    description:
    - The description

devicegroup:
    description:
    - If Panorama, the device group to put this rule in.

source_zone:
    description:
    - list of source zones
    required: true

dnat_address:
    description:
    - dnat translated address

to_interface:
    default: any
    description:
    - Destination interface.

destination_ip:
    default:
    - any
    description:
    - list of destination addresses

snat_interface:
    description:
    - snat interface

destination_zone:
    description:
    - destination zone
    required: true

snat_address_type:
    choices:
    - interface-address
    - translated-address
    default: interface-address
    description:
    - type of source translation. Supported values are I(translated-address)/I(translated-address).

snat_bidirectional:
    default: 'no'
    description:
    - bidirectional flag
    type: bool

snat_static_address:
    description:
    - Source NAT translated address. Used with Static-IP translation.

snat_dynamic_address:
    description:
    - Source NAT translated address. Used with Dynamic-IP and Dynamic-IP-and-Port.

snat_interface_address:
    description:
    - snat interface address