Try SpotterManage a BGP Policy Import/Export Rule
| "added in version" 1.0.0 of paloaltonetworks.panos"
Authors: Joshua Colson (@freakinhippie), Garfield Lee Freeman (@shinmog)
Install with ansible-galaxy collection install paloaltonetworks.panos:==2.19.1
collections:
- name: paloaltonetworks.panos
version: 2.19.1Use BGP to publish and consume routes from disparate networks.
# Add a BGP Policy
- name: Create Policy Import Rule
paloaltonetworks.panos.panos_bgp_policy_rule:
provider: '{{ provider }}'
vr_name: 'default'
name: 'import-rule-001'
type: 'import'
enable: true
action: 'allow'
address_prefix:
- name: '10.1.1.0/24'
- name: '10.1.2.0/24'
exact: false
- name: '10.1.3.0/24'
exact: true
action_dampening: 'dampening-profile'
- name: Create Policy Export Rule
paloaltonetworks.panos.panos_bgp_policy_rule:
provider: '{{ provider }}'
vr_name: 'default'
name: 'export-rule-001'
type: 'export'
enable: true
action: 'allow'
- name: Remove Export Rule
paloaltonetworks.panos.panos_bgp_policy_rule:
provider: '{{ provider }}'
state: 'absent'
vr_name: 'default'
name: 'export-rule-001'
type: 'export'
name:
description:
- Name of filter.
required: true
type: str
port:
default: 443
description:
- B(Deprecated)
- Use I(provider) to specify PAN-OS connectivity instead.
- HORIZONTALLINE
- The port number to connect to the PAN-OS device on.
type: int
type:
choices:
- import
- export
description:
- The type of rule.
required: true
type: str
state:
choices:
- present
- absent
default: present
description:
- The state.
type: str
action:
choices:
- allow
- deny
description:
- Rule action.
type: str
commit:
description:
- B(Deprecated)
- Please use M(paloaltonetworks.panos.panos_commit_firewall), M(paloaltonetworks.panos.panos_commit_panorama),
M(paloaltonetworks.panos.panos_commit_push) instead.
- HORIZONTALLINE
- Commit changes after creating object. If I(ip_address) is a Panorama device, and
I(device_group) or I(template) are also set, perform a commit to Panorama and a
commit-all to the device group/template.
type: bool
enable:
default: true
description:
- Enable rule.
type: bool
api_key:
description:
- B(Deprecated)
- Use I(provider) to specify PAN-OS connectivity instead.
- HORIZONTALLINE
- The API key to use instead of generating it using I(username) / I(password).
type: str
used_by:
description:
- Peer-groups that use this rule.
elements: str
type: list
vr_name:
default: default
description:
- Name of the virtual router; it must already exist; see M(paloaltonetworks.panos.panos_virtual_router).
type: str
password:
description:
- B(Deprecated)
- Use I(provider) to specify PAN-OS connectivity instead.
- HORIZONTALLINE
- The password to use for authentication. This is ignored if I(api_key) is specified.
type: str
provider:
description:
- A dict object containing connection details.
suboptions:
api_key:
description:
- The API key to use instead of generating it using I(username) / I(password).
type: str
ip_address:
description:
- The IP address or hostname of the PAN-OS device being configured.
type: str
password:
description:
- The password to use for authentication. This is ignored if I(api_key) is specified.
type: str
port:
default: 443
description:
- The port number to connect to the PAN-OS device on.
type: int
serial_number:
description:
- The serial number of a firewall to use for targeted commands. If I(ip_address)
is not a Panorama PAN-OS device, then this param is ignored.
type: str
username:
default: admin
description:
- The username to use for authentication. This is ignored if I(api_key) is specified.
type: str
type: dict
version_added: 1.0.0
version_added_collection: paloaltonetworks.panos
template:
description:
- (Panorama only) The template this operation should target. Mutually exclusive with
I(template_stack).
type: str
username:
default: admin
description:
- B(Deprecated)
- Use I(provider) to specify PAN-OS connectivity instead.
- HORIZONTALLINE
- The username to use for authentication. This is ignored if I(api_key) is specified.
type: str
match_afi:
choices:
- ip
- ipv6
description:
- Address Family Identifier.
type: str
match_med:
description:
- Multi-Exit Discriminator.
type: int
action_med:
description:
- New MED value.
type: int
ip_address:
description:
- B(Deprecated)
- Use I(provider) to specify PAN-OS connectivity instead.
- HORIZONTALLINE
- The IP address or hostname of the PAN-OS device being configured.
type: str
match_safi:
choices:
- ip
- ipv6
description:
- Subsequent Address Family Identifier.
type: str
action_origin:
choices:
- igp
- egp
- incomplete
description:
- New route origin.
type: str
action_weight:
description:
- New weight value; only with "import" type.
type: int
match_nexthop:
description:
- Next-hop attributes.
elements: str
type: list
action_nexthop:
description:
- Nexthop address.
type: str
address_prefix:
description:
- List of address prefix dicts with "name"/"exact" keys.
elements: dict
type: list
template_stack:
description:
- (Panorama only) The template stack this operation should target. Mutually exclusive
with I(template).
type: str
match_from_peer:
description:
- Filter by peer that sent this route.
elements: str
type: list
action_dampening:
description:
- Route flap dampening profile; only with "import" type.
type: str
match_route_table:
choices:
- unicast
- multicast
- both
description:
- Route table to match rule.
type: str
action_as_path_type:
choices:
- none
- remove
- prepend
- remove-and-prepend
description:
- AS path update options.
type: str
match_as_path_regex:
description:
- AS-path regular expression.
type: str
action_as_path_limit:
description:
- Add AS path limit attribute if it does not exist.
type: int
action_community_type:
choices:
- none
- remove-all
- remove-regex
- append
- overwrite
description:
- Community update options.
type: str
match_community_regex:
description:
- Community AS-path regular expression.
type: str
action_local_preference:
description:
- New local preference value.
type: int
action_community_argument:
description:
- Argument to the action community value if needed.
type: str
action_as_path_prepend_times:
description:
- Prepend local AS for specified number of times.
type: int
action_extended_community_type:
description:
- Extended community update options.
type: str
match_extended_community_regex:
description:
- Extended Community AS-path regular expression.
type: str
action_extended_community_argument:
description:
- Argument to the action extended community value if needed.
type: str