This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew

Configuring GlobalProtect via Ansible

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Configuring GlobalProtect via Ansible

marcin.radko
L0 Member

‎02-06-2026 06:16 AM

Hi,
I'm working on creating an automated Ansible process through which I can configure GlobalProtect in PAN Firewall.

The automaton process I try to create it based on the official Paloalto Repository containing ansible playbooks:
GitHub - PaloAltoNetworks/ansible-playbooks: Sample playbooks for the Palo Alto Networks Ansible mod...
Unfortunately, I cannot find any playbook in the repository that is directly used to configure GlobalProtect.

Do you have any information which playbooks I can use to configure GlobalProtect or do you have any other repository containing Ansible playbooks used to configure GlobalProtect?

Best regards!

0 Likes Likes
1 REPLY 1

erin77brown
L0 Member

‎02-10-2026 01:11 AM

While the official ansible-playbooks repository provides a great foundation for general firewall tasks, it currently lacks a dedicated, "out-of-the-box" playbook for a full GlobalProtect configuration. This is because GlobalProtect involves several disparate components (Certificates, Portals, Gateways, and Authentication Profiles) that often require specific environment details. To automate this, you should use the paloaltonetworks.panos collection, which contains the building blocks you need: use panos_cert_gen_ssh to handle the required SSL certificates, panos_import for GlobalProtect client software, and panos_type_cmd or panos_config_element to push the specific XML structures for the Portal and Gateway settings if a high-level module isn't available for your specific PAN-OS version. For a more comprehensive starting point, many users leverage the pan-os-ansible repository's module documentation to chain these tasks together into a custom "GlobalProtect" role.

Everfi.com
0 Likes Likes
  • 300 Views
  • 1 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!

LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks