paloaltonetworks / paloaltonetworks.panos / 2.19.1 / module / panos_ike_crypto_profile Manage IKE Crypto profile on the firewall with subset of settings | "added in version" 1.0.0 of paloaltonetworks.panos" Authors: Ivan Bojer (@ivanbojer)paloaltonetworks.panos.panos_ike_crypto_profile (2.19.1) — module
Install with ansible-galaxy collection install paloaltonetworks.panos:==2.19.1
collections: - name: paloaltonetworks.panos version: 2.19.1
- Use the IKE Crypto Profiles page to specify protocols and algorithms for identification, authentication, and encryption (IKEv1 or IKEv2, Phase 1).
- name: Add IKE crypto config to the firewall paloaltonetworks.panos.panos_ike_crypto_profile: provider: '{{ provider }}' state: 'present' name: 'vpn-0cc61dd8c06f95cfd-0' dh_group: ['group2'] authentication: ['sha1'] encryption: ['aes-128-cbc'] lifetime_seconds: '28800'
name: description: - Name for the profile. type: str port: default: 443 description: - B(Deprecated) - Use I(provider) to specify PAN-OS connectivity instead. - HORIZONTALLINE - The port number to connect to the PAN-OS device on. type: int state: choices: - present - absent - replaced - merged - deleted - gathered default: present description: - The state. type: str commit: description: - B(Deprecated) - Please use M(paloaltonetworks.panos.panos_commit_firewall), M(paloaltonetworks.panos.panos_commit_panorama), M(paloaltonetworks.panos.panos_commit_push) instead. - HORIZONTALLINE - Commit changes after creating object. If I(ip_address) is a Panorama device, and I(device_group) or I(template) are also set, perform a commit to Panorama and a commit-all to the device group/template. type: bool api_key: description: - B(Deprecated) - Use I(provider) to specify PAN-OS connectivity instead. - HORIZONTALLINE - The API key to use instead of generating it using I(username) / I(password). type: str dh_group: aliases: - dhgroup choices: - group1 - group2 - group5 - group14 - group15 - group16 - group19 - group20 - group21 default: - group2 description: - Specify the priority for Diffie-Hellman (DH) groups. elements: str type: list password: description: - B(Deprecated) - Use I(provider) to specify PAN-OS connectivity instead. - HORIZONTALLINE - The password to use for authentication. This is ignored if I(api_key) is specified. type: str provider: description: - A dict object containing connection details. suboptions: api_key: description: - The API key to use instead of generating it using I(username) / I(password). type: str ip_address: description: - The IP address or hostname of the PAN-OS device being configured. type: str password: description: - The password to use for authentication. This is ignored if I(api_key) is specified. type: str port: default: 443 description: - The port number to connect to the PAN-OS device on. type: int serial_number: description: - The serial number of a firewall to use for targeted commands. If I(ip_address) is not a Panorama PAN-OS device, then this param is ignored. type: str username: default: admin description: - The username to use for authentication. This is ignored if I(api_key) is specified. type: str type: dict version_added: 1.0.0 version_added_collection: paloaltonetworks.panos template: description: - (Panorama only) The template this operation should target. Mutually exclusive with I(template_stack). type: str username: default: admin description: - B(Deprecated) - Use I(provider) to specify PAN-OS connectivity instead. - HORIZONTALLINE - The username to use for authentication. This is ignored if I(api_key) is specified. type: str encryption: choices: - des - 3des - aes128 - aes-128-cbc - aes192 - aes-192-cbc - aes256 - aes-256-cbc - aes-128-gcm - aes-256-gcm default: - aes-256-cbc - 3des description: - Encryption algorithms used for IKE phase 1 proposal. elements: str type: list ip_address: description: - B(Deprecated) - Use I(provider) to specify PAN-OS connectivity instead. - HORIZONTALLINE - The IP address or hostname of the PAN-OS device being configured. type: str lifetime_days: description: - IKE phase 1 key lifetime in days. type: int authentication: choices: - non-auth - md5 - sha1 - sha256 - sha384 - sha512 default: - sha1 description: - Authentication hashes used for IKE phase 1 proposal. elements: str type: list lifetime_hours: description: - IKE phase 1 key lifetime in hours. - If I(state=present) or I(state=replaced) and no other lifetime is specified, this will default to 8. type: int template_stack: description: - (Panorama only) The template stack this operation should target. Mutually exclusive with I(template). type: str gathered_filter: description: - When I(state=gathered). - An advanced filtering option to filter results returned from PAN-OS. - Refer to the guide discussing I(gathered_filter) for more information. type: str lifetime_minutes: description: - IKE phase 1 key lifetime in minutes. type: int lifetime_seconds: aliases: - lifetime_sec description: - IKE phase 1 key lifetime in seconds. type: int authentication_multiple: description: "- PAN-OS 7.0 and above. - IKEv2 SA reauthentication interval equals\ \ I(authentication_multiple)\n times lifetime; 0 means reauthentication is disabled.\n" type: int