/ home / paloaltonetworks / paloaltonetworks.panos / 2.19.1 / module / panos_zone_facts

paloaltonetworks.panos.panos_zone_facts (2.19.1) — module

Manage security zone

| "added in version" 1.0.0 of paloaltonetworks.panos"

Authors: Robert Hagen (@stealthllama), Garfield Lee Freeman (@shinmog)

Install collection

Install with ansible-galaxy collection install paloaltonetworks.panos:==2.19.1

Add to requirements.yml

  collections:
    - name: paloaltonetworks.panos
      version: 2.19.1

Description

Manage security zones on PAN-OS firewall or in Panorama template.

Requirements

pan-python can be obtained from PyPI U(https://pypi.python.org/pypi/pan-python)
pandevice can be obtained from PyPI U(https://pypi.python.org/pypi/pandevice)
pandevice >= 0.8.0

Usage examples

Scanned by Steampunk Spotter

# Create an L3 zone.
- name: create DMZ zone on a firewall
  paloaltonetworks.panos.panos_zone:
    provider: '{{ provider }}'
    zone: 'dmz'
    mode: 'layer3'
    zone_profile: 'strict'

Scanned by Steampunk Spotter

# Add an interface to the zone.
- name: add ethernet1/2 to zone dmz
  paloaltonetworks.panos.panos_interface:
    provider: '{{ provider }}'
    zone: 'dmz'
    mode: 'layer3'
    interface: ['ethernet1/2']
    zone_profile: 'strict'

Scanned by Steampunk Spotter

# Delete the zone.
- name: delete the DMZ zone
  paloaltonetworks.panos.panos_interface:
    provider: '{{ provider }}'
    zone: 'dmz'
    state: 'absent'

Scanned by Steampunk Spotter

# Add a zone to a multi-VSYS Panorama template
- name: add Cloud zone to template
  paloaltonetworks.panos.panos_interface:
    provider: '{{ provider }}'
    template: 'Datacenter Template'
    vsys: 'vsys4'
    zone: 'datacenter'
    mode: 'layer3'
    enable_userid: true
    exclude_acl: ['10.0.200.0/24']

Inputs

    
mode:
    choices:
    - tap
    - virtual-wire
    - layer2
    - layer3
    - external
    default: layer3
    description:
    - The mode of the security zone. Must match the mode of the interface.
    type: str

port:
    default: 443
    description:
    - B(Deprecated)
    - Use I(provider) to specify PAN-OS connectivity instead.
    - HORIZONTALLINE
    - The port number to connect to the PAN-OS device on.
    type: int

vsys:
    default: vsys1
    description:
    - The vsys this object belongs to.
    type: str

zone:
    description:
    - Name of the security zone to configure.
    type: str

state:
    choices:
    - present
    - absent
    - replaced
    - merged
    - deleted
    - gathered
    default: present
    description:
    - The state.
    type: str

api_key:
    description:
    - B(Deprecated)
    - Use I(provider) to specify PAN-OS connectivity instead.
    - HORIZONTALLINE
    - The API key to use instead of generating it using I(username) / I(password).
    type: str

password:
    description:
    - B(Deprecated)
    - Use I(provider) to specify PAN-OS connectivity instead.
    - HORIZONTALLINE
    - The password to use for authentication.  This is ignored if I(api_key) is specified.
    type: str

provider:
    description:
    - A dict object containing connection details.
    suboptions:
      api_key:
        description:
        - The API key to use instead of generating it using I(username) / I(password).
        type: str
      ip_address:
        description:
        - The IP address or hostname of the PAN-OS device being configured.
        type: str
      password:
        description:
        - The password to use for authentication.  This is ignored if I(api_key) is specified.
        type: str
      port:
        default: 443
        description:
        - The port number to connect to the PAN-OS device on.
        type: int
      serial_number:
        description:
        - The serial number of a firewall to use for targeted commands. If I(ip_address)
          is not a Panorama PAN-OS device, then this param is ignored.
        type: str
      username:
        default: admin
        description:
        - The username to use for authentication.  This is ignored if I(api_key) is specified.
        type: str
    type: dict
    version_added: 1.0.0
    version_added_collection: paloaltonetworks.panos

template:
    description:
    - (Panorama only) The template this operation should target. Mutually exclusive with
      I(template_stack).
    type: str

username:
    default: admin
    description:
    - B(Deprecated)
    - Use I(provider) to specify PAN-OS connectivity instead.
    - HORIZONTALLINE
    - The username to use for authentication.  This is ignored if I(api_key) is specified.
    type: str

interface:
    description:
    - List of member interfaces.
    elements: str
    type: list

ip_address:
    description:
    - B(Deprecated)
    - Use I(provider) to specify PAN-OS connectivity instead.
    - HORIZONTALLINE
    - The IP address or hostname of the PAN-OS device being configured.
    type: str

exclude_acl:
    description:
    - User identification ACL exclude list.
    elements: str
    type: list

include_acl:
    description:
    - User identification ACL include list.
    elements: str
    type: list

log_setting:
    description:
    - Log forwarding setting.
    type: str

zone_profile:
    description:
    - Zone protection profile.
    type: str

enable_userid:
    default: false
    description:
    - Enable user identification.
    type: bool

template_stack:
    description:
    - (Panorama only) The template stack this operation should target. Mutually exclusive
      with I(template).
    type: str

gathered_filter:
    description:
    - When I(state=gathered).
    - An advanced filtering option to filter results returned from PAN-OS.
    - Refer to the guide discussing I(gathered_filter) for more information.
    type: str