Ansible at Palo Alto Networks

The PAN-OS Collection - Certified and Supported

The collection of Ansible modules for PAN-OS has been officially certified by the Red Hat Ansible team (list of Ansible certified content) since version 2.12.2.

If you are an Ansible Automation Platform subscriber, you will be able to see the collection in Automation Hub, and the collection will be supported as part of your ongoing support agreement/offering. Red Had and Palo Alto Networks have collaborated extensively in order to bring the collection into Automation Hub, and to provide you with a supported solution for automating your PAN-OS operations and configuration tasks, with Ansible.

If you are a user of the free and open-source Ansible offerings, you will still be able to use the collection of Ansible modules for PAN-OS as you always have done previously; the PAN-OS collection will continue to be published to Ansible Galaxy, as well as to Automation Hub.

All users of the PAN-OS collection will also benefit from the revised and updated set of getting started tutorials, how-to guides, and background information, which is now published here on pan.dev.

The PAN-OS Collection - Use Cases

Looking for inspiration, or just not sure where to start? Here are some common use cases where organizations have used Ansible to configure and maintain their security stack:

• Configuration - adds, removals or edits

  • Address objects
  • Security/firewall rules
  • Address translation (NAT) rules
  • Security services (Antivirus, IPS, URL Filtering, WildFire)
  • Decryption rules
  • Network interfaces
  • Static and dynamic routing
  • IPSEC VPNs
  • And many more...

• Operations

  • Validating new configuration
  • Pulling information about device state
  • Performing software upgrades
  • Certificate management
  • Backing up configurations
  • Reporting on statistics, metrics, rule hit counts
  • License management
  • And many more...