Configuration of PA Firewall from Asnible - need assitance

Showing results for 
Show  only  | Search instead for 
Did you mean: 

Configuration of PA Firewall from Asnible - need assitance

L0 Member

Hello Friends,


I am new in terms of automation things, I belong to Cisco Network and Secuirty world, however I am learning and implementing Ansible taking help from documents but still no sucess - I still unable to Push Playbook config to directly my Palato Firewall -


I have installed asnible - below is version,

$ ansible --version


I created an new playbook configuration (Config pasted in last), while I executed playbook "palo_2.yml" find below output, I am pretty sure I am missing critical part which prevents connecting my playbook with to my Firewall - I also red but did not underatand the concept.


I would appreciate if anyone can share configuration of from scratch Step to Step - how to connect Anible to Palo Alto Firewall - what and how to install patches - 


$ ansible-playbook palo_2.yml

PLAY [palo] ************************************************************************************************************

TASK [PaloAltoNetworks.paloaltonetworks : pip] *************************************************************************
changed: []

TASK [PaloAltoNetworks.paloaltonetworks : pip] *************************************************************************
changed: []

TASK [PaloAltoNetworks.paloaltonetworks : pip] *************************************************************************
changed: []

TASK [include variables (free-form)] ***********************************************************************************
ok: []

TASK [create an address group in devicegroup using API key] ************************************************************
fatal: []: FAILED! => {"msg": "The task includes an option with an undefined variable. The error was: 'LUFRPT1QVWxBZ2tZWkVCMlpmSW1IVnFhY1I4eVdsdjQ9WXpwZC9GY3NlYUIwN2ZaNm9Ca2J0QT09' is undefined\n\nThe error appears to have been in '/home/kaijaz/Development/ansible-personal-servers/palo_2.yml': line 15, column 7, but may\nbe elsewhere in the file depending on the exact syntax problem.\n\nThe offending line appears to be:\n\n\n    - name: create an address group in devicegroup using API key\n      ^ here\n\nexception type: <class 'ansible.errors.AnsibleUndefinedVariable'>\nexception: 'LUFRPT1QVWxBZ2tZWkVCMlpmSW1IVnFhY1I4eVdsdjQ9WXpwZC9GY3NlYUIwN2ZaNm9Ca2J0QT09' is undefined"}
        to retry, use: --limit @/home/kaijaz/Development/ansible-personal-servers/palo_2.retry

PLAY RECAP *************************************************************************************************************                : ok=4    changed=3    unreachable=0    failed=1





Playbook Configuration



- hosts: palo
  gather_facts: no
  connection: local

    - role: PaloAltoNetworks.paloaltonetworks

    - name: include variables (free-form)
      include_vars: vars1.yml
      no_log: 'yes'

    - name: create an address group in devicegroup using API key
        ip_address: '{{ }}'
        api_key: '{{ LUFRPT1QVWxBZ2tZWkVCMlpmSW1IVnFhY1I4eVdsdjQ9WXpwZC9GY3NlYUIwN2ZaNm9Ca2J0QT09 }}'
        operation: 'add'
        addressgroup: 'ANSIBLE'
        static_value: ['prod-db1', 'prod-db2', 'prod-db3']
        description: 'ASIBLE TESTING'
        tag_name: 'ANS'
        devicegroup: 'ANSIBLE Firewalls'

~                                                                                                                       ~                                                                                                                       ~                                                                                                                       ~                                                                                                                       "palo_2.yml" 25L, 665C




Thank You


  • 0 replies
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!