paloaltonetworks / paloaltonetworks.panos / 2.19.1 / module / panos_nat_rule Manage a NAT rule | "added in version" 2.10.0 of paloaltonetworks.panos" Authors: Garfield Lee Freeman (@shinmog)paloaltonetworks.panos.panos_nat_rule (2.19.1) — module
Install with ansible-galaxy collection install paloaltonetworks.panos:==2.19.1
collections: - name: paloaltonetworks.panos version: 2.19.1
- Manage a policy NAT rule. - NOTE: Even though this module supports I(state=merged), due to the complexity of the XML schema for NAT rules, changing a NAT rule's types using I(state=merged) will likely result in an error. Using I(state=merged) will work as normal for simple operations, such as adding additional IP addresses to any of the listings or changing simple variable types.
- name: add a nat rule paloaltonetworks.panos.panos_nat_rule2: provider: '{{ provider }}' name: 'myRule' description: 'Made by Ansible' nat_type: 'ipv4' from_zones: ['Trust-L3'] to_zones: ['Untrusted-L3'] to_interface: 'ethernet1/1' service: 'any' source_addresses: ['any'] destination_addresses: ['any'] source_translation_type: 'dynamic-ip-and-port' source_translation_address_type: 'interface-address' source_translation_interface: 'ethernet1/1'
name: description: - Name of the rule. type: str port: default: 443 description: - B(Deprecated) - Use I(provider) to specify PAN-OS connectivity instead. - HORIZONTALLINE - The port number to connect to the PAN-OS device on. type: int tags: description: - Administrative tags. elements: str type: list uuid: description: - The rule UUID. - Note that this is currently more of a read-only field. - Usage of the UUID cannot currently take the place of using the rule name as the primary identifier. type: str vsys: default: vsys1 description: - The vsys this object belongs to. type: str state: choices: - present - absent - replaced - merged - deleted - gathered default: present description: - The state. type: str target: description: - Applicable for Panorama only. - Apply this rule exclusively to the listed firewall serial numbers. elements: str type: list api_key: description: - B(Deprecated) - Use I(provider) to specify PAN-OS connectivity instead. - HORIZONTALLINE - The API key to use instead of generating it using I(username) / I(password). type: str service: description: - The service. type: str disabled: description: - Rule is disabled or not. type: bool location: choices: - top - bottom - before - after description: - Position to place the rule in. type: str nat_type: choices: - ipv4 - nat64 - nptv6 default: ipv4 description: - Type of NAT. type: str password: description: - B(Deprecated) - Use I(provider) to specify PAN-OS connectivity instead. - HORIZONTALLINE - The password to use for authentication. This is ignored if I(api_key) is specified. type: str provider: description: - A dict object containing connection details. suboptions: api_key: description: - The API key to use instead of generating it using I(username) / I(password). type: str ip_address: description: - The IP address or hostname of the PAN-OS device being configured. type: str password: description: - The password to use for authentication. This is ignored if I(api_key) is specified. type: str port: default: 443 description: - The port number to connect to the PAN-OS device on. type: int serial_number: description: - The serial number of a firewall to use for targeted commands. If I(ip_address) is not a Panorama PAN-OS device, then this param is ignored. type: str username: default: admin description: - The username to use for authentication. This is ignored if I(api_key) is specified. type: str type: dict version_added: 1.0.0 version_added_collection: paloaltonetworks.panos rulebase: choices: - pre-rulebase - rulebase - post-rulebase description: - The rulebase in which the rule is to exist. If left unspecified, this defaults to I(rulebase=pre-rulebase) for Panorama. For NGFW, this is always set to be I(rulebase=rulebase). type: str to_zones: description: - To zones. - Note that there should only be one element in this list. elements: str type: list username: default: admin description: - B(Deprecated) - Use I(provider) to specify PAN-OS connectivity instead. - HORIZONTALLINE - The username to use for authentication. This is ignored if I(api_key) is specified. type: str group_tag: description: - For PAN-OS 9.0 and above. - The group tag. type: str from_zones: description: - From zones. elements: str type: list ha_binding: choices: - primary - both - '0' - '1' description: - Device binding configuration in HA Active-Active mode. type: str ip_address: description: - B(Deprecated) - Use I(provider) to specify PAN-OS connectivity instead. - HORIZONTALLINE - The IP address or hostname of the PAN-OS device being configured. type: str description: description: - The description. type: str device_group: default: shared description: - (Panorama only) The device group the operation should target. type: str to_interface: description: - Egress interface from route lookup. type: str audit_comment: description: - Add an audit comment to the rule being defined. - This is only applied if there was a change to the rule. type: str existing_rule: description: "- If I(location=before) or I(location=after), this option specifies\n\ \ an existing rule name. The rule being managed by this module will\n be positioned\ \ relative to the value of this parameter.\n- Required if I(location=before) or\ \ I(location=after).\n" type: str negate_target: description: - Applicable for Panorama only. - Negate the value for I(target). type: bool gathered_filter: description: - When I(state=gathered). - An advanced filtering option to filter results returned from PAN-OS. - Refer to the guide discussing I(gathered_filter) for more information. type: str source_addresses: description: - Source addresses. - When referencing predefined EDLs, use config names of the EDLS not their full names. The config names can be found with the CLI... request system external-list show type predefined-ip name <tab> panw-bulletproof-ip-list panw-bulletproof-ip-list panw-highrisk-ip-list panw-highrisk-ip-list panw-known-ip-list panw-known-ip-list panw-torexit-ip-list panw-torexit-ip-list elements: str type: list destination_addresses: description: - Destination addresses. - When referencing predefined EDLs, use config names of the EDLS not their full names. The config names can be found with the CLI... request system external-list show type predefined-ip name <tab> panw-bulletproof-ip-list panw-bulletproof-ip-list panw-highrisk-ip-list panw-highrisk-ip-list panw-known-ip-list panw-known-ip-list panw-torexit-ip-list panw-torexit-ip-list elements: str type: list source_translation_type: choices: - dynamic-ip-and-port - dynamic-ip - static-ip description: - Type of source address translation. type: str destination_translated_port: description: - Static translated destination port number. type: int source_translation_interface: description: - For I(source_translation_address_type=interface-address). - Interface of the source address. type: str source_translation_ip_address: description: - For I(source_translation_address_type=interface-address). - IP address of the source address translation. type: str destination_translated_address: description: - Static translated destination IP address. type: str source_translation_address_type: choices: - interface-address - translated-address description: - For I(source_translation_type=dynamic-ip-and-port) or or I(source_translation_type=dynamic-ip). - Address type. type: str source_translation_fallback_type: choices: - translated-address - interface-address description: - For I(source_translation_type=dynamic-ip). - Type of fallback for dynamic IP source translation. type: str destination_dynamic_translated_port: description: - For PAN-OS 8.1 and above. - Dynamic destination translated port. type: int source_translation_fallback_ip_type: choices: - ip - floating-ip description: - For I(source_translation_fallback_type=interface-address). - The type of the IP address for the fallback source translation IP address. type: str source_translation_fallback_interface: description: - For I(source_translation_fallback_type=interface-address). - The interface for the fallback source translation. type: str destination_dynamic_translated_address: description: - For PAN-OS 8.1 and above. - Dynamic destination translated address. type: str source_translation_fallback_ip_address: description: - For I(source_translation_fallback_type=interface-address). - The IP address of the fallback source translation. type: str source_translation_translated_addresses: description: - For I(source_translation_address_type=translated-address). - Translated addresses of the source address translation. elements: str type: list source_translation_static_bi_directional: description: - For I(source_translation_type=static-ip). - Allow reverse translation from translated address to original address. type: bool destination_dynamic_translated_distribution: description: - For PAN-OS 8.1 and above. - Dynamic destination translated distribution. type: str source_translation_static_translated_address: description: - For I(source_translation_type=static-ip). - The IP address for the static source translation. type: str source_translation_fallback_translated_addresses: description: - For I(source_translation_fallback_type=translated-address). - Addresses for translated address types of fallback source translation. elements: str type: list