Palo Alto Networks Ansible Galaxy Role Documentation¶
The Palo Alto Networks Ansible Galaxy role is a collection of modules that automate configuration and operational tasks on Palo Alto Networks Next Generation Firewalls (both physical and virtualized) and Panorama. The underlying protocol uses API calls that are wrapped within the Ansible framework.
This is a community supported project. You can find the community supported live page at https://live.paloaltonetworks.com/ansible.
Installation¶
The most recent release of the role is available on Ansible Galaxy: https://galaxy.ansible.com/PaloAltoNetworks/paloaltonetworks. To install this, you can use the ansible-galaxy command like so:
ansible-galaxy install PaloAltoNetworks.paloaltonetworks
Once the role is installed, update your playbooks to tell Ansible to use the role you’ve installed:
roles:
- role: PaloAltoNetworks.paloaltonetworks
The role is built from the Palo Alto Networks github repo: https://github.com/PaloAltoNetworks/ansible-pan.
- Module Reference
- panos_address_group – Create address group objects on PAN-OS devices
- panos_address_object – Create address objects on PAN-OS devices
- panos_admin – Add or modify PAN-OS user accounts password
- panos_administrator – Manage PAN-OS administrator user accounts
- panos_admpwd – change admin password of PAN-OS device using SSH with SSH key
- panos_api_key – retrieve api_key for username/password combination
- panos_bgp_aggregate – Configures a BGP Aggregation Prefix Policy
- panos_bgp_auth – Configures a BGP Authentication Profile
- panos_bgp_conditional_advertisement – Configures a BGP conditional advertisement
- panos_bgp_dampening – Configures a BGP Dampening Profile
- panos_bgp – Configures Border Gateway Protocol (BGP)
- panos_bgp_peer_group – Configures a BGP Peer Group
- panos_bgp_peer – Configures a BGP Peer
- panos_bgp_policy_filter – Configures a BGP Policy Import/Export Rule
- panos_bgp_policy_rule – Configures a BGP Policy Import/Export Rule
- panos_bgp_redistribute – Configures a BGP Redistribution Rule
- panos_cert_gen_ssh – generates a self-signed certificate using SSH protocol with SSH key
- panos_check – check if PAN-OS device is ready for configuration
- panos_commit – Commit a PAN-OS device’s candidate configuration
- panos_dag – create a dynamic address group
- panos_dag_tags – Create tags for DAG’s on PAN-OS devices
- panos_facts – Collects facts from Palo Alto Networks device
- panos_ike_crypto_profile – Configures IKE Crypto profile on the firewall with subset of settings
- panos_ike_gateway – Configures IKE gateway on the firewall with subset of settings
- panos_import – import file on PAN-OS devices
- panos_interface – configure data-port network interfaces
- panos_ipsec_profile – Configures IPSec Crypto profile on the firewall with subset of settings
- panos_ipsec_tunnel – Configures IPSec Tunnels on the firewall with subset of settings
- panos_lic – apply authcode to a device/instance
- panos_loadcfg – load configuration on PAN-OS device
- panos_loopback_interface – configure network loopback interfaces
- panos_management_profile – Manage interface management profiles
- panos_match_rule – Test for match against a security rule on PAN-OS devices or Panorama management console
- panos_mgtconfig – Module used to configure some of the device management
- panos_nat_rule – create a policy NAT rule
- panos_object_facts – Retrieve facts about objects on PAN-OS devices
- panos_object – create/read/update/delete object in PAN-OS or Panorama
- panos_op – execute arbitrary OP commands on PANW devices (e.g. show interface all)
- panos_pg – create a security profiles group
- panos_query_rules – PANOS module that allows search for security rules in PANW NGFW devices
- panos_redistribution – Configures a Redistribution Profile on a virtual router
- panos_registered_ip_facts – Retrieve facts about registered IPs on PAN-OS devices
- panos_registered_ip – Register IP addresses for use with dynamic address groups on PAN-OS devices
- panos_restart – Restart a device
- panos_sag – Create a static address group
- panos_security_rule_facts – Get information about a security rule
- panos_security_rule – Create security rule policy on PAN-OS devices or Panorama management console
- panos_service_group – Create service group objects on PAN-OS devices
- panos_service_object – Create service objects on PAN-OS devices
- panos_software – Install specific release of PAN-OS
- panos_static_route – Create static routes on PAN-OS devices
- panos_tag_object – Create tag objects on PAN-OS devices
- panos_tunnel – configure tunnel interfaces
- panos_userid – Allow for registration and de-registration of userid
- panos_virtual_router – Configures a Virtual Router
- panos_vlan_interface – configure VLAN interfaces
- panos_vlan – Configures VLANs
- panos_zone – configure security zone
- Release History
- Examples
- Contributing to PANW Ansible modules
- Developing Palo Alto Networks Ansible Modules
- Authors
- License