topic Re: Get a full list of security rules with IPS Profiles in Automation/API Discussions

Get a full list of security rules with IPS Profiles

ryan.slater — Tue, 18 Jan 2022 19:51:20 GMT

I am trying to create a playbook that will go through a devices active policy and for any Allow rule list out the IPS profile defined for that rule. Currently I have not been able to get my playbook to provide the output of the rules so I can filter, so I know I must be doing something wrong.

Here is the playbook that I am currently using:

tasks:

- name: Get a list of all security rules

paloaltonetworks.panos.panos_security_rule_facts:

provider: '{{ device }}'

details: true

rulebase: rulebase

environment: '{{ proxy_env }}'

- debug:

msg: '{{ sec_rules.rule_details }}'

And here is the output that I am currently getting when I run this playbook against a firewall:

ok: [FW-LAB] => {
"msg": []
}

What am I missing to be able to see the full list of rules so I can start to create my filter?

Re: Get a full list of security rules with IPS Profiles

JimmyHolland — Tue, 25 Jan 2022 20:15:26 GMT

Hi @ryan.slater, are you targeting NGFWs with the Ansible playbook? An do the NGFWs only have rules pushed from Panorama? If so, I see the same behaviour. I -do not- see an empty list if I target NGFWs with locally configured rules.

Re: Get a full list of security rules with IPS Profiles

ryan.slater — Thu, 10 Feb 2022 01:42:37 GMT

Sorry for the late reply. Yes I am targeting the NGFW directly with the playbook, and the NGFW's are managed via a Panorama appliance.