XLAB Steampunk logo Try Spotter
 / home / community / community.general / 0.1.1 / module / panos_query_rules

Deprecated

Removed in 2.12

i

Reason:Consolidating code base. | Alternative:Use U(https://galaxy.ansible.com/PaloAltoNetworks/paloaltonetworks) instead.

community.general.panos_query_rules (0.1.1) — module

PANOS module that allows search for security rules in PANW NGFW devices.

Authors: Bob Hagen (@rnh556)

deprecated | supported by community

Install collection | Add to requirements.yml | Description | Requirements | Usage examples | Inputs

Install collection

Install with ansible-galaxy collection install community.general:==0.1.1


Add to requirements.yml

  collections:
    - name: community.general
      version: 0.1.1

Description

- Security policies allow you to enforce rules and take action, and can be as general or specific as needed. The policy rules are compared against the incoming traffic in sequence, and because the first rule that matches the traffic is applied, the more specific rules must precede the more general ones.


Requirements

Usage examples

Scanned by Steampunk Spotter
  • Success
    Steampunk Spotter scan finished with no errors, warnings or hints.
- name: search for rules with tcp/3306
  panos_query_rules:
    ip_address: '{{ ip_address }}'
    username: '{{ username }}'
    password: '{{ password }}'
    source_zone: 'DevNet'
    destination_zone: 'DevVPC'
    destination_port: '3306'
    protocol: 'tcp'
Scanned by Steampunk Spotter
  • Success
    Steampunk Spotter scan finished with no errors, warnings or hints.
- name: search devicegroup for inbound rules to dmz host
  panos_query_rules:
    ip_address: '{{ ip_address }}'
    api_key: '{{ api_key }}'
    destination_zone: 'DMZ'
    destination_ip: '10.100.42.18'
    address: 'DeviceGroupA'
Scanned by Steampunk Spotter
  • Success
    Steampunk Spotter scan finished with no errors, warnings or hints.
- name: search for rules containing a specified rule tag
  panos_query_rules:
    ip_address: '{{ ip_address }}'
    username: '{{ username }}'
    password: '{{ password }}'
    tag_name: 'ProjectX'

Inputs

    
api_key:
    description:
    - API key that can be used instead of I(username)/I(password) credentials.

password:
    description:
    - Password credentials to use for authentication.
    required: true

protocol:
    choices:
    - tcp
    - udp
    description:
    - The protocol used to be queried.  Must be either I(tcp) or I(udp).

tag_name:
    description:
    - Name of the rule tag to be queried.

username:
    default: admin
    description:
    - Username credentials to use for authentication.

source_ip:
    description:
    - The source IP address to be queried.

ip_address:
    description:
    - IP address (or hostname) of PAN-OS firewall or Panorama management console being
      queried.
    required: true

application:
    description:
    - Name of the application or application group to be queried.

devicegroup:
    description:
    - The Panorama device group in which to conduct the query.

source_port:
    description:
    - The source port to be queried.

source_zone:
    description:
    - Name of the source security zone to be queried.

destination_ip:
    description:
    - The destination IP address to be queried.

destination_port:
    description:
    - The destination port to be queried.

destination_zone:
    description:
    - Name of the destination security zone to be queried.
Got feedback? steampunk@xlab.si | © 2024. All rights reserved.
Cookie policy-Privacy policy-Terms of use-Security policy