panos_facts – Collects facts from Palo Alto Networks device

New in version 2.8.

Synopsis

  • Collects fact information from Palo Alto Networks firewall running PanOS.

Requirements

The below requirements are needed on the host that executes this module.

  • pan-python

Parameters

Parameter Choices/Defaults Comments
api_key
string
Deprecated
Use provider to specify PAN-OS connectivity instead.
The API key to use instead of generating it using username / password.
gather_subset
-
Default:
['!config']
Scopes what information is gathered from the device. Possible values for this argument include all, system, session, interfaces, ha, vr, vsys and config. You can specify a list of values to include a larger subset. Values can also be used with an initial ! to specify that a specific subset should not be collected. Certain subsets might be supported by Panorama.
host
-
Removed
Use provider instead.
ip_address
string
Deprecated
Use provider to specify PAN-OS connectivity instead.
The IP address or hostname of the PAN-OS device being configured.
password
string
Deprecated
Use provider to specify PAN-OS connectivity instead.
The password to use for authentication. This is ignored if api_key is specified.
port
integer
Default:
443
Deprecated
Use provider to specify PAN-OS connectivity instead.
The port number to connect to the PAN-OS device on.
provider
-
added in 2.8
A dict object containing connection details.
api_key
string
The API key to use instead of generating it using username / password.
ip_address
string
The IP address or hostname of the PAN-OS device being configured.
password
string
The password to use for authentication. This is ignored if api_key is specified.
port
integer
Default:
443
The port number to connect to the PAN-OS device on.
serial_number
string
The serial number of a firewall to use for targeted commands. If ip_address is not a Panorama PAN-OS device, then this param is ignored.
username
string
Default:
admin
The username to use for authentication. This is ignored if api_key is specified.
username
string
Default:
admin
Deprecated
Use provider to specify PAN-OS connectivity instead.
The username to use for authentication. This is ignored if api_key is specified.

Notes

Note

  • Tested on PanOS 8.0.5

  • Checkmode is not supported.

  • Panorama is not supported.

  • PAN-OS connectivity should be specified using provider or the classic PAN-OS connectivity params (ip_address, username, password, api_key, and port). If both are present, then the classic params are ignored.

Examples

# Gather facts
- name: Get facts
  panos_facts:
    provider: '{{ provider }}'
    gather_subset: ['config']

Return Values

Common return values are documented here, the following are the fields unique to this module:

Key Returned Description
ansible_net_config
string
 When config is specified in gather_subset.
Device confiration in XML format.
ansible_net_full_commit_required
boolean
 When system is specified in gather_subset.
Specifies whether full commit is required to apply changes.
ansible_net_ha_enabled
boolean
 When ha is specified in gather_subset.
Specifies whether HA is enabled or not.
ansible_net_ha_localmode
string
 When ha is specified in gather_subset.
Specifies the HA mode on local node.

Sample:
Active-Passive
ansible_net_ha_localstate
string
 When ha is specified in gather_subset.
Specifies the HA state on local node.

Sample:
active
ansible_net_hostname
string
 When system is specified in gather_subset.
Hostname of the local node.
ansible_net_interfaces
complex
 When interface is specified in gather_subset.
Network interface information.
  comment
string
Interface description/comment.
  ip
list
List of interface IP addresses in CIDR format.

Sample:
192.0.2.1/24
  ipv6
list
List of interface IPv6 addresses in CIDR format.

Sample:
2001:db8::0000:1/64
  name
string
Interface name.

Sample:
ae1.23
  tag
integer
VLAN tag for the subinterface.

Sample:
23
ansible_net_kbps
integer
 When session is specified in gather_subset.
Current kb/s throughput.
ansible_net_model
string
 When system is specified in gather_subset.
Device model of the local node.
ansible_net_multivsys
string
 When system is specified in gather_subset.
Specifies whether multivsys mode is enabled on local node.

Sample:
True
ansible_net_pps
integer
 When session is specified in gather_subset.
Current packets/s throughput.
ansible_net_serial
string
 When system is specified in gather_subset.
Serial number of the local node.
ansible_net_session_max
integer
 When session is specified in gather_subset.
Maximum number of sessions on local node.
ansible_net_session_usage
integer
 When session is specified in gather_subset.
Current number of active sessions on local node
ansible_net_uncommitted_changes
boolean
 When system is specified in gather_subset.
Specifies if commit is required to apply changes.
ansible_net_uptime
string
 When system is specified in gather_subset.
Uptime of the local node.

Sample:
469 days, 19:30:16
ansible_net_version
string
 When system is specified in gather_subset.
PanOS version of the local node.
ansible_net_virtual_routers
complex
 When vr is specified in gather_subset.
Virtual Router information.
  vr_asn
integer
BGP autonomous system number.

Sample:
65001
  vr_iflist
list
List interfaces in the VR.

Sample:
['ae2.12', 'ae2.14']
  vr_name
string
Name of the virtual router.
  vr_routerid
string
BGP router ID.

Sample:
192.0.2.1
ansible_net_virtual_systems
complex
 When vsys is specified in gather_subset.
Virtual System information.
  vsys_currentsessions
integer
Number of active sessions on VSYS.
  vsys_description
string
VSYS description/name.
  vsys_id
integer
VSYS ID.
  vsys_iflist
list
List of interfaces attached to the VSYS.
  vsys_name
integer
VSYS name.

Sample:
vsys1
  vsys_vrlist
list
List of virtual routers attached to the VSYS.
  vsys_vsys_maxsessions
integer
Number of configured maximum sessions on VSYS. 0 for unlimited.
  vsys_zonelist
list
List of security zones attached to the VSYS.


Status

Authors

  • Tomi Raittinen (@traittinen)