Try SpotterManage IKE Crypto profile on the firewall with subset of settings
| "added in version" 1.0.0 of paloaltonetworks.panos"
Authors: Ivan Bojer (@ivanbojer)
Install with ansible-galaxy collection install paloaltonetworks.panos:==2.19.1
collections:
- name: paloaltonetworks.panos
version: 2.19.1- Use the IKE Crypto Profiles page to specify protocols and algorithms for identification, authentication, and encryption (IKEv1 or IKEv2, Phase 1).
- name: Add IKE crypto config to the firewall
paloaltonetworks.panos.panos_ike_crypto_profile:
provider: '{{ provider }}'
state: 'present'
name: 'vpn-0cc61dd8c06f95cfd-0'
dh_group: ['group2']
authentication: ['sha1']
encryption: ['aes-128-cbc']
lifetime_seconds: '28800'
name:
description:
- Name for the profile.
type: str
port:
default: 443
description:
- B(Deprecated)
- Use I(provider) to specify PAN-OS connectivity instead.
- HORIZONTALLINE
- The port number to connect to the PAN-OS device on.
type: int
state:
choices:
- present
- absent
- replaced
- merged
- deleted
- gathered
default: present
description:
- The state.
type: str
commit:
description:
- B(Deprecated)
- Please use M(paloaltonetworks.panos.panos_commit_firewall), M(paloaltonetworks.panos.panos_commit_panorama),
M(paloaltonetworks.panos.panos_commit_push) instead.
- HORIZONTALLINE
- Commit changes after creating object. If I(ip_address) is a Panorama device, and
I(device_group) or I(template) are also set, perform a commit to Panorama and a
commit-all to the device group/template.
type: bool
api_key:
description:
- B(Deprecated)
- Use I(provider) to specify PAN-OS connectivity instead.
- HORIZONTALLINE
- The API key to use instead of generating it using I(username) / I(password).
type: str
dh_group:
aliases:
- dhgroup
choices:
- group1
- group2
- group5
- group14
- group15
- group16
- group19
- group20
- group21
default:
- group2
description:
- Specify the priority for Diffie-Hellman (DH) groups.
elements: str
type: list
password:
description:
- B(Deprecated)
- Use I(provider) to specify PAN-OS connectivity instead.
- HORIZONTALLINE
- The password to use for authentication. This is ignored if I(api_key) is specified.
type: str
provider:
description:
- A dict object containing connection details.
suboptions:
api_key:
description:
- The API key to use instead of generating it using I(username) / I(password).
type: str
ip_address:
description:
- The IP address or hostname of the PAN-OS device being configured.
type: str
password:
description:
- The password to use for authentication. This is ignored if I(api_key) is specified.
type: str
port:
default: 443
description:
- The port number to connect to the PAN-OS device on.
type: int
serial_number:
description:
- The serial number of a firewall to use for targeted commands. If I(ip_address)
is not a Panorama PAN-OS device, then this param is ignored.
type: str
username:
default: admin
description:
- The username to use for authentication. This is ignored if I(api_key) is specified.
type: str
type: dict
version_added: 1.0.0
version_added_collection: paloaltonetworks.panos
template:
description:
- (Panorama only) The template this operation should target. Mutually exclusive with
I(template_stack).
type: str
username:
default: admin
description:
- B(Deprecated)
- Use I(provider) to specify PAN-OS connectivity instead.
- HORIZONTALLINE
- The username to use for authentication. This is ignored if I(api_key) is specified.
type: str
encryption:
choices:
- des
- 3des
- aes128
- aes-128-cbc
- aes192
- aes-192-cbc
- aes256
- aes-256-cbc
- aes-128-gcm
- aes-256-gcm
default:
- aes-256-cbc
- 3des
description:
- Encryption algorithms used for IKE phase 1 proposal.
elements: str
type: list
ip_address:
description:
- B(Deprecated)
- Use I(provider) to specify PAN-OS connectivity instead.
- HORIZONTALLINE
- The IP address or hostname of the PAN-OS device being configured.
type: str
lifetime_days:
description:
- IKE phase 1 key lifetime in days.
type: int
authentication:
choices:
- non-auth
- md5
- sha1
- sha256
- sha384
- sha512
default:
- sha1
description:
- Authentication hashes used for IKE phase 1 proposal.
elements: str
type: list
lifetime_hours:
description:
- IKE phase 1 key lifetime in hours.
- If I(state=present) or I(state=replaced) and no other lifetime is specified, this
will default to 8.
type: int
template_stack:
description:
- (Panorama only) The template stack this operation should target. Mutually exclusive
with I(template).
type: str
gathered_filter:
description:
- When I(state=gathered).
- An advanced filtering option to filter results returned from PAN-OS.
- Refer to the guide discussing I(gathered_filter) for more information.
type: str
lifetime_minutes:
description:
- IKE phase 1 key lifetime in minutes.
type: int
lifetime_seconds:
aliases:
- lifetime_sec
description:
- IKE phase 1 key lifetime in seconds.
type: int
authentication_multiple:
description: "- PAN-OS 7.0 and above. - IKEv2 SA reauthentication interval equals\
\ I(authentication_multiple)\n times lifetime; 0 means reauthentication is disabled.\n"
type: int