New in version 2.4.
The below requirements are needed on the host that executes this module.
Parameter |
Choices/Defaults |
Comments |
|---|---|---|
|
address
|
|
The IP address of the host or network in CIDR notation.
|
|
address_type
|
|
The type of address object definition. Valid types are ip-netmask and ip-range.
|
|
addressgroup
|
|
A static group of address objects or dynamic address group.
|
|
addressobject
|
|
The name of the address object.
|
|
api_key
|
|
API key that can be used instead of username/password credentials.
|
|
color
|
|
- The color of the tag object. Valid values are red, green, blue, yellow, copper, orange, purple, gray, light green, cyan, light gray, blue gray, lime, black, gold, and brown.
|
|
description
|
|
The description of the object.
|
|
destination_port
|
|
The destination port to be used in a service object definition.
|
|
devicegroup
|
|
- The name of the Panorama device group. The group must exist on Panorama. If device group is not defined it is assumed that we are contacting a firewall.
|
|
dynamic_value
|
|
The filter match criteria to be used in a dynamic addressgroup definition.
|
|
ip_address
required |
|
IP address (or hostname) of PAN-OS device or Panorama management console being configured.
|
|
operation
required |
|
The operation to be performed. Supported values are add/delete/find.
|
|
password
required |
|
Password credentials to use for authentication.
|
|
protocol
|
|
The IP protocol to be used in a service object definition. Valid values are tcp or udp.
|
|
servicegroup
|
|
A group of service objects.
|
|
serviceobject
|
|
The name of the service object.
|
|
services
|
|
The group of service objects used in a servicegroup definition.
|
|
source_port
|
|
The source port to be used in a service object definition.
|
|
static_value
|
|
A group of address objects to be used in an addressgroup definition.
|
|
tag_name
|
|
The name of an object or rule tag.
|
|
username
|
Default:
admin
|
Username credentials to use for authentication.
|
- name: search for shared address object
panos_object:
ip_address: '{{ ip_address }}'
username: '{{ username }}'
password: '{{ password }}'
operation: 'find'
address: 'DevNet'
- name: create an address group in devicegroup using API key
panos_object:
ip_address: '{{ ip_address }}'
api_key: '{{ api_key }}'
operation: 'add'
addressgroup: 'Prod_DB_Svrs'
static_value: ['prod-db1', 'prod-db2', 'prod-db3']
description: 'Production DMZ database servers'
tag_name: 'DMZ'
devicegroup: 'DMZ Firewalls'
- name: create a global service for TCP 3306
panos_object:
ip_address: '{{ ip_address }}'
api_key: '{{ api_key }}'
operation: 'add'
serviceobject: 'mysql-3306'
destination_port: '3306'
protocol: 'tcp'
description: 'MySQL on tcp/3306'
- name: create a global tag
panos_object:
ip_address: '{{ ip_address }}'
username: '{{ username }}'
password: '{{ password }}'
operation: 'add'
tag_name: 'ProjectX'
color: 'yellow'
description: 'Associated with Project X'
- name: delete an address object from a devicegroup using API key
panos_object:
ip_address: '{{ ip_address }}'
api_key: '{{ api_key }}'
operation: 'delete'
addressobject: 'Win2K test'
This module is flagged as preview which means that it is not guaranteed to have a backwards compatible interface.
Hint
If you notice any issues in this documentation you can edit this document to improve it.