About
A collection of Ansible modules to automate configuration and operational tasks on Palo Alto Networks NGFWs
Overview of modules
- panos_admin - add or modify admin user
- panos_admpwd - set admin password via SSH
- panos_awsmonitor - create AWS VM monitor
- panos_cert_gen_ssh - create SSL certificate
- panos_check - check if device is ready
- panos_commit - commit candidate config
- panos_content - upgrade dynamic updates
- panos_cstapphost - create a custom application for a website
- panos_dag - create dynamic address groups
- panos_dhcpif - configure a DP interface in DHCP Client mode
- panos_dnat - create a destination nat rule
- panos_gpp_gateway - configure GP Portal gateway list
- panos_import - import files
- panos_lic - apply an authcode
- panos_loadcfg - load configuration file
- panos_mgtconfig - set management settings
- panos_nat - create a nat rule
- panos_pg - create a security profile group
- panos_restart - restart a device
- panos_search - search AWS Matketplace for PA-VM-AWS images
- panos_service - create a service
- panos_snat - create a source nat rule
- panos_srule - create a security rule
- panos_sshkey - manage public SSH keys
- panos_swapif - swap if on AWS instance
- panos_swinstall - install software images
- panos_tunnelif - create a tunnel if
- panos_vulnprofile - create vulnerability profile
Installation
Clone the github repo or
ansible-galaxy install paloaltonetworks.panos
Documentation
Each module is documented in docs/modules, you can also look at the documentation online at http://ansible-pan.readthedocs.org/
Rebuild documentation
Requires Sphinx
cd docs; make modules
Dependencies
- panos_admpwd requires paramiko
- panos_search depends on ec2 module
- panos_import requires requests and requests_toolbelt modules
- all the other modules requires pan-python
Example Playbook
This is an example playbook for import and load a config on a list of hosts:
---
- name: import config
hosts: gp-portals
connection: local
gather_facts: False
vars:
cfg_file: gp-portal-empty.xml
tasks:
- name: wait for SSH (timeout 10min)
wait_for: port=22 host="{{inventory_hostname}}" search_regex=SSH timeout=600
- name: checking if device ready
panos_check:
ip_address: "{{inventory_hostname}}"
password: "{{password}}"
register: result
until: not result|failed
retries: 10
delay: 10
- name: import configuration
panos_import:
ip_address: "{{inventory_hostname}}"
password: "{{password}}"
file: "{{cfg_file}}"
category: "configuration"
register: result
- name: load configuration
panos_loadcfg:
ip_address: "{{inventory_hostname}}"
password: "{{password}}"
file: "{{result.filename}}"
commit: False
- name: set admin password
panos_admin:
ip_address: "{{inventory_hostname}}"
password: "{{password}}"
admin_username: admin
admin_password: "{{password}}"
commit: False
- name: commit
panos_commit:
ip_address: "{{inventory_hostname}}"
password: "{{password}}"
sync: False
- name: waiting for commit
panos_check:
ip_address: "{{inventory_hostname}}"
password: "{{password}}"
register: result
until: not result|failed
retries: 10
delay: 10
License
ISC
Author Information
Palo Alto Networks