New in version 2.5.
The below requirements are needed on the host that executes this module.
Parameter | Choices/Defaults | Comments |
---|---|---|
api_key | API key that can be used instead of username/password credentials. | |
application | The application. | |
category | URL category | |
destination_ip | The destination IP address. | |
destination_port | The destination port. | |
destination_zone | The destination zone. | |
ip_address required | IP address (or hostname) of PAN-OS device being configured. | |
password required | Password credentials to use for auth unless api_key is set. | |
protocol | The IP protocol number from 1 to 255. | |
rule_type | Default: security | Type of rule. Valid types are security or nat. |
source_ip required | The source IP address. | |
source_port | The source port. | |
source_user | The source user or group. | |
source_zone | The source zone. | |
to_interface | The inbound interface in a NAT rule. | |
username | Default: admin | Username credentials to use for auth unless api_key is set. |
vsys_id required | Default: vsys1 | ID of the VSYS object. |
Note
- name: check security rules for Google DNS panos_match_rule: ip_address: '{{ ip_address }}' username: '{{ username }}' password: '{{ password }}' rule_type: 'security' source_ip: '10.0.0.0' destination_ip: '8.8.8.8' application: 'dns' destination_port: '53' protocol: '17' register: result - debug: msg='{{result.stdout_lines}}' - name: check security rules inbound SSH with user match panos_match_rule: ip_address: '{{ ip_address }}' username: '{{ username }}' password: '{{ password }}' rule_type: 'security' source_ip: '0.0.0.0' source_user: 'mydomain\jsmith' destination_ip: '192.168.100.115' destination_port: '22' protocol: '6' register: result - debug: msg='{{result.stdout_lines}}' - name: check NAT rules for source NAT panos_match_rule: ip_address: '{{ ip_address }}' username: '{{ username }}' password: '{{ password }}' rule_type: 'nat' source_zone: 'Prod-DMZ' source_ip: '10.10.118.50' to_interface: 'ethernet1/2' destination_zone: 'Internet' destination_ip: '0.0.0.0' protocol: '6' register: result - debug: msg='{{result.stdout_lines}}' - name: check NAT rules for inbound web panos_match_rule: ip_address: '{{ ip_address }}' username: '{{ username }}' password: '{{ password }}' rule_type: 'nat' source_zone: 'Internet' source_ip: '0.0.0.0' to_interface: 'ethernet1/1' destination_zone: 'Prod DMZ' destination_ip: '192.168.118.50' destination_port: '80' protocol: '6' register: result - debug: msg='{{result.stdout_lines}}' - name: check security rules for outbound POP3 in vsys4 panos_match_rule: ip_address: '{{ ip_address }}' username: '{{ username }}' password: '{{ password }}' vsys_id: 'vsys4' rule_type: 'security' source_ip: '10.0.0.0' destination_ip: '4.3.2.1' application: 'pop3' destination_port: '110' protocol: '6' register: result - debug: msg='{{result.stdout_lines}}'
This module is flagged as preview which means that it is not guaranteed to have a backwards compatible interface.
This module is flagged as community which means that it is maintained by the Ansible Community. See Module Maintenance & Support for more info.
For a list of other modules that are also maintained by the Ansible Community, see here.
Hint
If you notice any issues in this documentation you can edit this document to improve it.
© 2012–2018 Michael DeHaan
© 2018 Red Hat, Inc.
Licensed under the GNU General Public License version 3.
https://docs.ansible.com/ansible/2.7/modules/panos_match_rule_module.html