Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
- LIVEcommunity
- ›
- About RobertNunez
About RobertNunez
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
07-12-2019
9Posts
0Likes
1Solution
Jul 12, 2019Last Visited
User
Activity
User
Profile
Latest posts by RobertNunez
| Subject | Views | Posted |
|---|---|---|
| 5227 | 05-29-2019 06:07 AM | |
| 1976 | 05-28-2019 09:56 AM | |
| 5238 | 05-28-2019 09:37 AM | |
| 5248 | 05-23-2019 09:17 AM | |
| 2004 | 05-22-2019 11:32 AM |
Posts I Liked
| Subject | Likes | Author | Latest Post |
|---|---|---|---|
| 2 |
User Badges
Public Statistics
| Date Registered | 09-24-2018 10:06 AM |
| Date Last Visited | 07-12-2019 11:08 AM |
| Total Messages Posted | 9 |
05-29-2019
06:07 AM
I will rather prefer a module that can help executing the following: "cmd": "set device-group MYCLOUD address-group MYCLOUD-GRP-1 static SMTP-10.10.20.30", or "cmd": "delete device-group MYCLOUD address-group MYCLOUD-GRP-1 static SMTP-<IP Address>" This will look easy to understand and cleaner than a playbook that get it all (our production config have twenty+ groups with an average of 2K IP addresses each), remove it and re-add it. Do you have a way or module to execute this? Thanks, Roberto
... View more
05-28-2019
09:56 AM
Hi Bob, I did install and reinstall PANOS galaxy many times before; however the error still happening. Here is my playbook: --- - name: Adding IP address to an address group connection: local hosts: sfopanorama gather_facts: yes vars: description: 'Task_Number_1234567' firewall_host: '10.10.10.10' server_address: '10.10.1.3' address_group: 'MYTTP-GW-2' dev_group: 'MLG' address_mask: 'ip-netmask' roles: - role: PaloAltoNetworks.paloaltonetworks tasks: - name: Add IP Address to Address Group {{ dev_group }} panos_op: ip_address: '{{ firewall_host }}' username: '{{ pan_username }}' password: '{{ pan_password }}' cmd: 'configure' cmd: 'set device-group {{ dev_group }} address-group {{ address_group }} static SMTP-{{ server_address }}' register: result_output2 I tried with and without the "configure" option, and changing the way the "set device-group" options; However, none of them works. This is the only solution that can solve the "Panos_address_group" problem that I mentioned earlier. If only I can make it work. Thanks, Roberto
... View more
05-28-2019
09:37 AM
Thanks Bob. I understand the issue; however, reading all the members of a giving address group and adding IPs all again just to add an IP address or more or eliminate it will not be an easy task and could cause many other issues. Especially when you have to delete an IP address across three or four address groups, and the need to recreate all groups again if/when the IP address is found in all groups. Would you confirm if Panos_address_group (update or delete options) will not be available at all either via this module or any new Panos module? Thanks, Roberto
... View more
05-23-2019
09:17 AM
I've forgot to mention that "Panos_address_group" module deleted all existing host records when using an existing group name. Is this the way that should work? This become a big issue when you have more than 1K hosts associated to a group and all of the sudden all get removed. Thanks, Robert
... View more
05-22-2019
11:32 AM
Hi All, This is another issue I am encounting with PANOS Ansible's module. This time when using "PANOS_OP" into Panorama to add a static address into a group. This is the error I am getting when executing "cmd: set device-group MYCLOUD address-group MYCLOUD-GRP-1 static SMTP-10.10.20.30" in playbook: fatal: [10.10.10.10]: FAILED! => { "changed": false, "invocation": { "module_args": { "api_key": null, "cmd": "set device-group MYCLOUD address-group MYCLOUD-GRP-1 static SMTP-10.10.20.30", "cmd_is_xml": false, "ip_address": "10.10.10.10", "password": "VALUE_SPECIFIED_IN_NO_LOG_PARAMETER", "username": "pan_ansible" } } } MSG: Failed to run command : set device-group MYCLOUD address-group MYCLOUD-GRP-1 static "CLOUD-10.10.20.30" : set -> device-group is unexpected Let me know what is the solution to add more IP addresses to an Address group. Thanks, Roberto My playbook is pretty simple; however, I am unable to find the error. Thanks, Roberto
... View more
05-21-2019
12:21 PM
Hi Folks, I see that "Panos_address_group" can help you to create groups with a list of "static_values"; however, how do you "add/modify" a new IP addresses to an existing group or how do you delete values from the static list? I did try using "panos_address_object" module; but this works in the same way that "panos_object" when adding a new address to a group. What is your recommendation to solve this issue? Thanks, Roberto
... View more
04-25-2019
12:19 PM
Thanks for the information and your help here; however, this isn't working either. When running "panos_match_rule" module I got the following error: ======================== fatal: [mypanorama]: FAILED! => { "changed": false, "invocation": { "module_args": { "api_key": null, "application": "ntp", "category": null, "destination_ip": "any", "destination_port": 123, "destination_zone": null, "ip_address": "1.2.3.4", "password": "VALUE_SPECIFIED_IN_NO_LOG_PARAMETER", "protocol": null, "rule_type": "security", "source_ip": "any", "source_port": null, "source_user": null, "source_zone": null, "to_interface": null, "username": "ansiblepan", "vsys_id": "vsys3456" } } } MSG: Panorama is not supported. ======================== However!, what I did find out was that "panos_query_rules" works when using the following playbook: tasks: - name: Find a specific security rule panos_query_rules: ip_address: '{{ firewall_host }}' username: '{{ pan_username }}' password: '{{ pan_password }}' tag_name: 'NTP_permit' devicegroup: 'LABGroup' register: result I really appreciate you guys helped me here. My concern is that the official PAN and Ansible documentation isn't accurate, as you can see in the last example described at https://docs.ansible.com/ansible/latest/modules/panos_security_rule_module.html. Thanks!
... View more
04-24-2019
11:03 AM
Hi There!, Thanks for your reply. I understand the "state" variable is not supported by panos_security_rule module; thus adding or removing this option will not make any difference. Per some unknown reason this playbook still reporting the same error and I don't know how to escalate it. Best regards, Roberto
... View more
04-08-2019
11:23 AM
Hi All, I am testing all PaloAlto's Ansible modules here and I'm keep getting the following error when using "operation: find" Here is my playbook: --- - name: Testing Palo Alto Panorama Panos_Security_rule module connection: local hosts: panorama vars: pan_username: palo_ansible pan_password: somepasswd tasks: - name: Find a specific security rule panos_security_rule: ip_address: '1.2.3.4' username: '{{ pan_username }}' password: '{{ pan_password }}' operation: 'find' rule_name: 'NTP_permit' register: result - debug: msg='{{result.stdout_lines}}' And here is the error: Rule 'NTP_permit' not found. Is the name correct? I already register this new rule and commit all changes. I can delete the same policy without any issues; however, the operation "find" isn't working as recommended here: http://paloaltonetworks.github.io/ansible-pan/modules/panos_security_rule_module.html or https://docs.ansible.com/ansible/2.4/panos_security_rule_module.html I am running Ansible core v2.7.8 with Python 2.7.5 and Panorama v8.1.3. Any idea if this option works? Thanks, Roberto
... View more
Latest Blogs
Latest Posts
Copyright 2007 - 2021 - Palo Alto Networks
