Release History¶
V2.1.0¶
Released: In development
Status: In development
New modules:
panos_security_rule_facts
panos_vlan
panos_vlan_interface
The following shorthand applies to this version’s updates:
provider
- Any module below that lists a change ofprovider
means that it supports a new provider dict for PAN-OS authentication credentials in addition to the oldip_address
/username
/password
/api_key
. Additionally these modules now support Panorama to firewall connections, performed by specifying Panorama IP address, username, and password, then specifying a firewall’s serial number using theserial_number
param in theprovider
dict.removed operation
- This module has had the oldoperation
param removed in favor ofstate
. Please update your playbooks to usestate
instead.template support
- This module now supports Panorama templates.full template support
- This module now supports both Panorama templates and template stacks.vsys support
- This module now includes support for specifying the firewall vsys.checkmode
- This module now supports Ansible’s check mode.
Given the above shorthand, the following modules have been updated as follows:
panos_address_group
: provider; checkmodepanos_address_object
: provider; checkmodepanos_administrator
: provider; full template support; checkmode; Now supports supplying the password hash directlypanos_api_key
: providerpanos_bgp
: provider; full template support; checkmodepanos_bgp_aggregate
: provider; full template support; checkmodepanos_bgp_auth
: provider; full template support; checkmode;replace
is deprecated as this is now the default behavior forstate=apply
panos_bgp_conditional_advertisement
: provider; full template support; checkmode;advertise_filter
andnon_exist_filter
have been deprecated, add filters usingpanos_bgp_policy_filter
insteadpanos_bgp_dampening
: provider; full template support; checkmodepanos_bgp_peer
: provider; full template support; checkmodepanos_bgp_peer_group
: provider; full template support; checkmodepanos_bgp_policy_filter
: provider; full template support; checkmode; “state=return-object” has been deprecated, just use states of absent/present like other modules as normal;address_prefix
can now be a dict with “name”/”exact” keys or a stringpanos_bgp_policy_rule
: provider; full template support; checkmode;address_prefix
can now be a dict with “name”/”exact” keys or a stringpanos_bgp_redistribute
: provider; full template support; checkmodepanos_check
: provider; fixed #183; fixed #311panos_commit
: provider; addedinclude_template
param;devicegroup
is deprecated, usedevice_group
insteadpanos_facts
: provider; fixed bug when running against VM NGFW;host
has been removed, useprovider
insteadpanos_ike_crypto_profile
: provider; full template support; checkmodepanos_ike_gateway
: provider; full template support; checkmode; many params have been aliased to new param names to better match thepandevice
namingpanos_interface
: provider; template support; checkmode; removed operation; fixed #193; fixed #266; fixed #267;vsys_dg
is deprecated, usevsys
insteadpanos_ipsec_profile
: provider; full template support; checkmodepanos_ipsec_tunnel
: provider; full template support; checkmode; many new params added to support missing functionality added in, please refer to the module documentation for the complete list of params now supportedpanos_lic
: provider; added new outputlicenses
panos_loopback_interface
: provider; template support; checkmode;vsys_dg
is deprecated; usevsys
insteadpanos_management_profile
: provider; full template support; checkmode;panorama_template
is deprecated, usetemplate
insteadpanos_match_rule
: provider;vsys_id
is deprecated, usevsys
; fixed #248; outputstdout_lines
is deprecated, userule
instead (note: this has a different format, so please update your playbooks)panos_mgtconfig
: provider; checkmode;devicegroup
is removed as this param was not doing anything; addedverify_update_server
panos_nat_rule
: provider; removed operation; checkmode;devicegroup
is deprecated, usedevice_group
;tag_name
(string type) is deprecated, usetag
(list type); addedenable
anddisable
types for thestate
parampanos_object_facts
: provider; added support for name regexes and a newobjects
outputpanos_op
: providerpanos_pg
: provider; added Panorama support; addedstate
panos_redistribution
: provider; full template support; checkmodepanos_registered_ip
: provider; vsys support; checkmodepanos_registered_ip_facts
: provider; vsys supportpanos_restart
: providerpanos_security_rule
: provider; removed operation; checkmode;devicegroup
is deprecated, usedevice_group
insteadpanos_service_group
: provider; checkmodepanos_service_object
: provider; checkmodepanos_software
: provider; checkmodepanos_static_route
: provider; full template support; added nexthop type of “next-vr”panos_tag_object
: provider; checkmodepanos_tunnel
: provider; template support; checkmode;vsys_dg
is deprecated, usevsys
insteadpanos_userid
: provider; removed operation;state
added as a parampanos_virtual_router
: provider; full template support; checkmodepanos_zone
: provider; full template support; checkmode
Generic updates across all modules mentioned above:
The minimum version of
pandevice
to run all “provider” modules is 0.9.1Cleaned up module documentation
The following modules have been deprecated:
panos_admin
panos_dag
panos_query_rules
panos_sag
The following modules have not been modified:
panos_admpwd
panos_cert_gen_ssh
panos_dag_tags
panos_import
panos_loadcfg
panos_object
V2.0.4¶
Released: 2019-03-11
Status: Released (minor)
Fixes the DHCP param handling of panos_interface
V2.0.3¶
Released: 2019-03-04
Status: Released
New modules
panos_api_key: retrieve api_key for username/password combination
panos_bgp: Manages basic BGP configuration settings
panos_bgp_aggregate: Manages BGP Aggregation Policy Rules
panos_bgp_auth: Manages BGP Authentication Profiles
panos_bgp_conditional_advertisement: Manages BGP Conditional Advertisement Policy Rules
panos_bgp_dampening: Manages BGP Dampening Profiles
panos_bgp_peer: Manages BGP Peers
panos_bgp_peer_group: Manages BGP Peer Groups
panos_bgp_policy_filter: Manages BGP Policy Filters, children of Aggregate and Conditional Advertisement
panos_bgp_policy_rule: Manage BGP Import/Export Rules
panos_bgp_redistribute: Manages BGP Redistribution Rules
panos_loopback_interface: manage loopback interfaces
panos_redistribution: Manages virtual router Redistribution Profiles
Refactored modules
panos_ike_gateway: fixed misspelling of passive_mode and added additional module arguments to support more advanced configurations
V2.0.1¶
Released: 2018-10-08
Status: Released (minor)
This is minor release to address issue https://github.com/PaloAltoNetworks/ansible-pan/issues/163
V2.0.0¶
Released: 2018-09-27
Status: Released
New modules
panos_administrator: Manages Panorama / NGFW administrators
panos_registered_ip: Use this instead of panos_dag_tags
panos_registered_ip_facts: Use this instead of panos_dag_tags
panos_address_object: Use this instead of panos_object
panos_address_group: Use this instead of panos_object
panos_service_object: Use this instead of panos_object
panos_service_group: Use this instead of panos_object
panos_tag_object: Use this instead of panos_object
panos_object_facts: Get facts about objects
Removed modules
Refactored modules
Now supporting state / idempotency
panos_interface
panos_nat_rule
panos_security_rule
Miscellanies / Fixes
merged Ansible role repo together with this one
https://github.com/PaloAltoNetworks/ansible-pan/issues/44
adding beta support for connections lib
https://github.com/PaloAltoNetworks/ansible-pan/issues/150
V1.0.8¶
Released: 2018-09-13
Status: Released
New modules
panos_management_profile: Manages interface management profiles
panos_ike_crypto_profile: Use the IKE Crypto Profiles page to specify protocols and algorithms for identification, authentication, and encryption (IKEv1 or IKEv2, Phase 1).
panos_ipsec_profile: Configures IPSec Crypto profile on the firewall with subset of settings.
panos_ike_gateway: Configures IKE gateway on the firewall with subset of settings.
panos_ipsec_tunnel: Configure data-port (DP) network interface for DHCP. By default DP interfaces are static.
Removed modules
Refactored modules
Miscellanies
panos_security_rule - New [log_setting]{.title-ref} param added to specify the log forwarding profile to be used
re-wrote documentation
V1.0.7¶
Released: 2018-05-03
Status: Released
New modules
panos_userid: added ability to (un)register userid with ip address
panos_software: Upgrade and downgrade PAN-OS on firewalls and Panorama.
panos_userid: added ability to (un)register userid with ip address
panos_static_route: ability to manipulate static routing tables
Removed modules
N/A
Refactored modules
panos\_interface: Added full support for static configuration of ethernet interfaces
: - <https://github.com/PaloAltoNetworks/ansible-pan/pull/61>
Add functionality to list static address groups
: - <https://github.com/PaloAltoNetworks/ansible-pan/pull/64>
Pass api\_key to pandevice
: - <https://github.com/PaloAltoNetworks/ansible-pan/pull/63>
panos\_security\_rule: Security Policy position/order
: - <https://github.com/PaloAltoNetworks/ansible-pan/issues/14>
panos\_security\_rule: unable to add security policies in Post rule
: - <https://github.com/PaloAltoNetworks/ansible-pan/issues/38>
Miscellanies - https://github.com/PaloAltoNetworks/ansible-pan/pull/78 - https://github.com/PaloAltoNetworks/ansible-pan/issues/22
V1.0.6¶
Released: 2018-2-6
Status: Released
New modules
N/A
Removed modules
N/A
Miscellanies
Synchronized repository with RedHat Ansible official repo. Added missing modules:
: - panos\_op.py
- panos\_dag\_tags.py
- panos\_query\_rules.py
- panos\_match\_rule.py
Closed issues
V1.0.5¶
Released: 2017-12-20
Status: Released
New modules
panos_op: OP commands module that allows execution of the arbitrary op commands on the PANOS devices
Refactored modules
N/A
Removed modules
N/A
Miscellanies
N/A
Closed issues
#36 https://github.com/PaloAltoNetworks/ansible-pan/issues/36
V1.0.4¶
Released: 2017-08-31
Status: Released
New modules
panos_sag: Added the ability to add / delete static address groups.
panos\_dag\_tags: A new module to create registered IP to tag associations
: Implemented the ability to create / delete / list IP to tag
associations
panos_security_rule
panos_nat_rule
Refactored modules
panos_restart refactored to use PanDevice internally; supports Panorama
panos_mgtconfig refactored to use PanDevice internally; added support for NTP servers config
panos\_dag: Converted the module to use pandevice
: Also added the ability to perform create / delete / list
Removed modules
panos_nat_policy (Use panos_nat_rule)
panos_nat_security_policy (use panos_security_rule)
panos_service (use panos_object)
Miscellanies
removed deprecated_libraries folder
consolidated all samples from samples/ into examples/
synchronized repo with core Ansible distribution
V1.0.3¶
Minor release with documentation updates and few BUG fixes.
V1.0.2¶
Released: 2017-04-13
Another major refactor in order to streamline the code.
Refactored modules
panos_address --> panos_object
panos_match_rule
panos_nat_policy --> panos_nat_rule
panos_query_rules
panos_security_policy --> panos_security_rule
panos_service --> panos_object
V1.0.1¶
Released: 2017-02-15
Status: Release
All modules have been touched and refactored to adhere to Ansible module development practices. Documentatio has been added as well as sample playbooks for each module.
Refactored modules (now part of core Ansible)
panos_admin
panos_admpwd
panos_commit
panos_restart
panos_cert_gen_ssh
panos_check
panos_dag
panos_service
panos_mgtconfig
panos_import
panos_loadcfg
panos_pg
panos_lic
panos_interface
New modules
panos_address
panos_security_policy
Deprecated modules
panos_srule
panos_content
panos_swinstall
panos_tunnelif
panos_cstapphost
panos_gpp_gateway
panos_vulnprofile
panos_swapif
panos_vulnprofile
V1.0.0¶
Released: 2016-11-27
Status: Release
First release that adheres to the Ansible development practices, now part of the Ansible core development. The modules have been completely refactored. Some retired and some new modules created.