This website uses cookies essential to its operation, for analytics, and for personalized content. By continuing to browse this site, you acknowledge the use of cookies.
For details on cookie usage on our site, read our Privacy Policy
For details on cookie usage on our site, read our Privacy Policy
About zol123
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
- LIVEcommunity
- About zol123
09-25-2023
7Posts
0Likes
0Solutions
Sep 25, 2023Last Visited
User
Activity
User
Profile
Latest posts by zol123
| Subject | Views | Posted |
|---|---|---|
| 315 | 07-28-2023 12:15 PM | |
| 899 | 02-07-2023 05:58 AM | |
| 932 | 01-12-2023 10:40 AM | |
| 739 | 12-15-2022 03:01 AM | |
| 1094 | 10-24-2022 03:23 AM | |
| 1834 | 10-24-2022 03:19 AM | |
| 2086 | 10-04-2022 04:15 AM |
Posts I Liked
| Subject | Likes | Author | Latest Post |
|---|---|---|---|
| 2 Likes | |||
| 1 Like | |||
| 1 Like |
User Badges
Community Statistics
| Member Since | 10-04-2022 03:29 AM |
| Date Last Visited | 09-25-2023 11:29 AM |
| Posts | 7 |
07-28-2023
12:15 PM
I have a ansible playbook that search after a specific ip and removes it from all addressgroups. However i would also like to remove it from all security rules aswell. The problem is that I would need to build some logic to disable/remove rules if the object is the only one in src/dst, otherwise it would become "any" . Has anyone done this kind of cleanup script?
... View more
02-07-2023
05:58 AM
In the examples i have seen - name: Create address objects
paloaltonetworks.panos.panos_address_object:
ip_address: "{{inventory_hostname}}"
username: " {{ username }} "
password: " {{ password }}"
name: '{{ item.name }}'
value: '{{ item.value }}'
description: '{{ item.description }}'
tag: '{{ item.tag | default([]) }}'
commit: false This seems to work, but when i try to create object with a loop with objects i have saved i get this error. failed: [] (item={'value': 192.168.0.1/32', 'description': None, 'tag': None, 'name': 192.168.0.1_SOLARWINDS', 'address_type': 'ip-netmask'}) => {"ansible_loop_var": "item", "changed": false, "item": {"address_type": "ip-netmask", "description": null, "name": "192.168.0.1_SOLARWINDS", "tag": null, "value": "192.168.0.1/32"}, "msg": "Failed create: 192.168.0.1_SOLARWINDS -> tag is invalid"} This is how the variable look that i try to use with a loop "gathered": [ { "address_type": "ip-netmask", "description": null, "name": "192.168.0.1_SOLARWINDS", "tag": null, "value": "192.168.0.1/32" }, Do i miss anything?
... View more
01-12-2023
10:40 AM
At previus work i build a ugly excel sheet where you entered some info basic info (ip/hostname/serialnumber) then it generated both panorama conf and some basic conf for the devices (we did alot with templates also) that we could paste into the cli. Worked ok. Would have done alot of stuff different today (more ansible and j2 for example)
... View more
12-15-2022
03:01 AM
How would you achive this? So we have alot of vlans on alot of firewalls, vsys and vr. Our ipam is decent documented but it would be nice to make a api call to the firewalls to get the info insted. I would like to find the Firewall and Zone where a specific ip is routed. Is the way to loop through all the firewalls build a list of all the vrs on all the firewalls, and then do a route lookup (test fib lookup...) on each vr on the ip and find where is "connected"? And then parse the output and print it? Or do you have a other alternative?
... View more
- Tags:
- api
10-24-2022
03:19 AM
Thanks
... View more
10-04-2022
04:15 AM
Hi I dont fully understand how to use the panos_security_rule module to find rule panos_security_rule to find rules since https://github.com/PaloAltoNetworks/pan-os-ansible/blob/develop/plugins/modules/panos_security_rule_facts.py seems to be deprecated. What i do want is to get all the defined rules in the firewall. My supersimple playbook looks like this: -- - name: Network Playbook hosts: all connection: local gather_facts: false vars: sec_rules: ip_address: 1.1.1.1 vars_prompt: - name: password prompt: password - name: username prompt: username private: no collections: - paloaltonetworks.panos tasks: - name: Get all rules panos_security_rule: ip_address: " {{ ip_address }} " username: " {{ username }} " password: " {{ password }} " rulebase: rulebase state: 'gathered' register: sec_rules - debug: msg: '{{ sec_rules }}' I get this output. ansible-playbook [core 2.12.3] config file = None configured module search path = ['/home/labb/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules'] ansible python module location = /home/labb/.local/lib/python3.9/site-packages/ansible ansible collection location = /home/labb/.ansible/collections:/usr/share/ansible/collections executable location = /home/labb/.local/bin/ansible-playbook python version = 3.9.10 (main, Mar 16 2022, 15:24:55) [GCC 4.8.5 20150623 (Red Hat 4.8.5-44)] jinja version = 3.0.3 libyaml = True No config file found; using defaults host_list declined parsing /ansible/ansible/fwtest as it did not pass its verify_file() method script declined parsing /ansible/ansible/fwtest as it did not pass its verify_file() method auto declined parsing /ansible/ansible/fwtest as it did not pass its verify_file() method [WARNING]: While constructing a mapping from /ansible/ansible/fwtest, line 4, column 5, found a duplicate dict key (ansible_connection). Using last defined value only. Parsed /ansible/ansible/fwtest inventory source with yaml plugin Skipping callback 'default', as we already have a stdout callback. Skipping callback 'minimal', as we already have a stdout callback. Skipping callback 'oneline', as we already have a stdout callback. PLAYBOOK: palo.yaml ****************************************************************************************************************************************************** 1 plays in palo.yaml password: username: alo PLAY [Network Playbook] ************************************************************************************************************************************************** META: ran handlers TASK [Get all rules] ***************************************************************************************************************************************************** task path: /ansibles/FW/palo.yaml:23 <1.1.1.1> ESTABLISH LOCAL CONNECTION FOR USER: labb <1.1.1.1> EXEC /bin/sh -c '( umask 77 && mkdir -p "` echo /home/labb/.ansible/tmp/ansible-local-9234529bmja22 `"&& mkdir "` echo /home/labb/.ansible/tmp/ansible-local-9234529bmja22/ansible-tmp-1664879620.1387732-92355-183172280362340 `" && echo ansible-tmp-1664879620.1387732-92355-183172280362340="` echo /home/labb/.ansible/tmp/ansible-local-9234529bmja22/ansible-tmp-1664879620.1387732-92355-183172280362340 `" ) && sleep 0' Using module file /home/labb/.ansible/collections/ansible_collections/paloaltonetworks/panos/plugins/modules/panos_security_rule.py <1.1.1.1> PUT /home/labb/.ansible/tmp/ansible-local-9234529bmja22/tmp80mh80tb TO /home/labb/.ansible/tmp/ansible-local-9234529bmja22/ansible-tmp-1664879620.1387732-92355-183172280362340/AnsiballZ_panos_security_rule.py <1.1.1.1> EXEC /bin/sh -c 'chmod u+x /home/labb/.ansible/tmp/ansible-local-9234529bmja22/ansible-tmp-1664879620.1387732-92355-183172280362340/ /home/labb/.ansible/tmp/ansible-local-9234529bmja22/ansible-tmp-1664879620.1387732-92355-183172280362340/AnsiballZ_panos_security_rule.py && sleep 0' <1.1.1.1> EXEC /bin/sh -c '/usr/local/bin/python3.9 /home/labb/.ansible/tmp/ansible-local-9234529bmja22/ansible-tmp-1664879620.1387732-92355-183172280362340/AnsiballZ_panos_security_rule.py && sleep 0' <1.1.1.1> EXEC /bin/sh -c 'rm -f -r /home/labb/.ansible/tmp/ansible-local-9234529bmja22/ansible-tmp-1664879620.1387732-92355-183172280362340/ > /dev/null 2>&1 && sleep 0' fatal: [1.1.1.1]: FAILED! => { "changed": false, "invocation": { "module_args": { "action": "allow", "antivirus": null, "api_key": null, "application": [ "any" ], "audit_comment": null, "category": [ "any" ], "commit": null, "data_filtering": null, "description": null, "destination_ip": [ "any" ], "destination_zone": [ "any" ], "device_group": "shared", "devicegroup": null, "disable_server_response_inspection": false, "disabled": false, "existing_rule": null, "file_blocking": null, "group_profile": null, "group_tag": null, "hip_profiles": null, "icmp_unreachable": null, "ip_address": " 1.1.1.1 ", "location": null, "log_end": true, "log_setting": null, "log_start": false, "negate_destination": false, "negate_source": false, "negate_target": null, "password": "VALUE_SPECIFIED_IN_NO_LOG_PARAMETER", "port": 443, "provider": null, "rule_name": null, "rule_type": "universal", "rulebase": "rulebase", "schedule": null, "service": [ "application-default" ], "source_ip": [ "any" ], "source_user": [ "any" ], "source_zone": [ "any" ], "spyware": null, "state": "gathered", "tag_name": null, "target": null, "url_filtering": null, "username": " ansible ", "uuid": null, "vsys": "vsys1", "vulnerability": null, "wildfire_analysis": null } }, "msg": "missing required arguments: rule_name" } PLAY RECAP *************************************************************************************************************************************************************** 1.1.1.1 : ok=0 changed=0 unreachable=0 failed=1 skipped=0 rescued=0 ignored=0 Im runing against a single device not panorama, if that matter?
... View more
Contact Me
| Online Status |
Offline
|
| Date Last Visited |
09-25-2023
11:29 AM
|
LEGAL NOTICES
Copyright 2007 - 2023 - Palo Alto Networks