About cheetoz23

  I have tried something similar to update the existing security rule by removing ip address: 111.1.1.1 if it is present in source ip address .  anything else we need to change in this below script?  --- - name: Disable existing security rules on the firewall hosts: localhost connection: local gather_facts: False vars: rmadr:"111.1.1.1" tasks: - name: Grab the credentials from ansible-vault include_vars: 'firewall-secrets.yml' no_log: 'yes' - name: Get all rules in vsys1 and their config panos_security_rule_facts: provider: '{{ provider }}' all_details: 'yes' register: all_rules - name: remove address from all security rules panos_security_rule: provider: '{{ provider }}' rule_name: '{{ item.rule_name }}' action: '{{ item.action }}' application: '{{ item.application | default(omit, true)}}' description: '{{ item.description | default(omit, true) }}' destination_ip: '{{ item.destination_ip | default(omit, true)}}' destination_zone: '{{ item.destination_zone| default(omit, true) }}' service: '{{ item.service | default(omit, true)}}' source_ip: '{{ item.source_ip | difference([rmadr]}}' source_user: '{{ item.source_user | default(omit, true) }}' source_zone: '{{ item.source_zone | default(omit, true)}}' loop: '{{ all_rules.rulenames}}' loop_control: label: '{{ item.rule_name }}' when:   - item.source_ip - rmadr in source_ip   ... View more

thanks ... View more