salt.modules.panos#
Module to provide Palo Alto compatibility to Salt
- codeauthor:
Spencer Ervin <spencer_ervin@hotmail.com>- maturity:
new
- depends:
none
- platform:
unix
New in version 2018.3.0.
Configuration#
This module accepts connection configuration details either as parameters, or as configuration settings in pillar as a Salt proxy. Options passed into opts will be ignored if options are passed into pillar.
See also
About#
This execution module was designed to handle connections to a Palo Alto based firewall. This module adds support to send connections directly to the device through the XML API or through a brokered connection to Panorama.
- salt.modules.panos.add_config_lock()#
Prevent other users from changing configuration until the lock is released.
CLI Example:
salt '*' panos.add_config_lock
- salt.modules.panos.check_antivirus()#
Get anti-virus information from PaloAlto Networks server
CLI Example:
salt '*' panos.check_antivirus
- salt.modules.panos.check_software()#
Get software information from PaloAlto Networks server.
CLI Example:
salt '*' panos.check_software
- salt.modules.panos.clear_commit_tasks()#
Clear all commit tasks.
CLI Example:
salt '*' panos.clear_commit_tasks
- salt.modules.panos.commit()#
Commits the candidate configuration to the running configuration.
CLI Example:
salt '*' panos.commit
- salt.modules.panos.deactivate_license(key_name=None)#
Deactivates an installed license. Required version 7.0.0 or greater.
key_name(str): The file name of the license key installed.
CLI Example:
salt '*' panos.deactivate_license key_name=License_File_Name.key
- salt.modules.panos.delete_license(key_name=None)#
Remove license keys on disk.
key_name(str): The file name of the license key to be deleted.
CLI Example:
salt '*' panos.delete_license key_name=License_File_Name.key
- salt.modules.panos.download_antivirus()#
Download the most recent anti-virus package.
CLI Example:
salt '*' panos.download_antivirus
- salt.modules.panos.download_software_file(filename=None, synch=False)#
Download software packages by filename.
- Parameters:
CLI Example:
salt '*' panos.download_software_file PanOS_5000-8.0.0 salt '*' panos.download_software_file PanOS_5000-8.0.0 True
- salt.modules.panos.download_software_version(version=None, synch=False)#
Download software packages by version number.
- Parameters:
CLI Example:
salt '*' panos.download_software_version 8.0.0 salt '*' panos.download_software_version 8.0.0 True
- salt.modules.panos.fetch_license(auth_code=None)#
Get new license(s) using from the Palo Alto Network Server.
- auth_code
The license authorization code.
CLI Example:
salt '*' panos.fetch_license salt '*' panos.fetch_license auth_code=foobar
- salt.modules.panos.get_address(address=None, vsys='1')#
Get the candidate configuration for the specified get_address object. This will not return address objects that are marked as pre-defined objects.
address(str): The name of the address object.
vsys(str): The string representation of the VSYS ID.
CLI Example:
salt '*' panos.get_address myhost salt '*' panos.get_address myhost 3
- salt.modules.panos.get_address_group(addressgroup=None, vsys='1')#
Get the candidate configuration for the specified address group. This will not return address groups that are marked as pre-defined objects.
addressgroup(str): The name of the address group.
vsys(str): The string representation of the VSYS ID.
CLI Example:
salt '*' panos.get_address_group foobar salt '*' panos.get_address_group foobar 3
- salt.modules.panos.get_admins_active()#
Show active administrators.
CLI Example:
salt '*' panos.get_admins_active
- salt.modules.panos.get_admins_all()#
Show all administrators.
CLI Example:
salt '*' panos.get_admins_all
- salt.modules.panos.get_antivirus_info()#
Show information about available anti-virus packages.
CLI Example:
salt '*' panos.get_antivirus_info
- salt.modules.panos.get_arp()#
Show ARP information.
CLI Example:
salt '*' panos.get_arp
- salt.modules.panos.get_cli_idle_timeout()#
Show timeout information for this administrative session.
CLI Example:
salt '*' panos.get_cli_idle_timeout
- salt.modules.panos.get_cli_permissions()#
Show cli administrative permissions.
CLI Example:
salt '*' panos.get_cli_permissions
- salt.modules.panos.get_disk_usage()#
Report filesystem disk space usage.
CLI Example:
salt '*' panos.get_disk_usage
- salt.modules.panos.get_dns_server_config()#
Get the DNS server configuration from the candidate configuration.
CLI Example:
salt '*' panos.get_dns_server_config
- salt.modules.panos.get_domain_config()#
Get the domain name configuration from the candidate configuration.
CLI Example:
salt '*' panos.get_domain_config
- salt.modules.panos.get_dos_blocks()#
Show the DoS block-ip table.
CLI Example:
salt '*' panos.get_dos_blocks
- salt.modules.panos.get_fqdn_cache()#
Print FQDNs used in rules and their IPs.
CLI Example:
salt '*' panos.get_fqdn_cache
- salt.modules.panos.get_ha_config()#
Get the high availability configuration.
CLI Example:
salt '*' panos.get_ha_config
- salt.modules.panos.get_ha_link()#
Show high-availability link-monitoring state.
CLI Example:
salt '*' panos.get_ha_link
- salt.modules.panos.get_ha_path()#
Show high-availability path-monitoring state.
CLI Example:
salt '*' panos.get_ha_path
- salt.modules.panos.get_ha_state()#
Show high-availability state information.
CLI Example:
salt '*' panos.get_ha_state
- salt.modules.panos.get_ha_transitions()#
Show high-availability transition statistic information.
CLI Example:
salt '*' panos.get_ha_transitions
- salt.modules.panos.get_hostname()#
Get the hostname of the device.
CLI Example:
salt '*' panos.get_hostname
- salt.modules.panos.get_interface_counters(name='all')#
Get the counter statistics for interfaces.
- Parameters:
name (str) -- The name of the interface to view. By default, all interface statistics are viewed.
CLI Example:
salt '*' panos.get_interface_counters salt '*' panos.get_interface_counters ethernet1/1
- salt.modules.panos.get_interfaces(name='all')#
Show interface information.
- Parameters:
name (str) -- The name of the interface to view. By default, all interface statistics are viewed.
CLI Example:
salt '*' panos.get_interfaces salt '*' panos.get_interfaces ethernet1/1
- salt.modules.panos.get_job(jid=None)#
List all a single job by ID.
- jid
The ID of the job to retrieve.
CLI Example:
salt '*' panos.get_job jid=15
- salt.modules.panos.get_jobs(state='all')#
List all jobs on the device.
- state
The state of the jobs to display. Valid options are all, pending, or processed. Pending jobs are jobs that are currently in a running or waiting state. Processed jobs are jobs that have completed execution.
CLI Example:
salt '*' panos.get_jobs salt '*' panos.get_jobs state=pending
- salt.modules.panos.get_lacp()#
Show LACP state.
CLI Example:
salt '*' panos.get_lacp
- salt.modules.panos.get_license_info()#
Show information about owned license(s).
CLI Example:
salt '*' panos.get_license_info
- salt.modules.panos.get_license_tokens()#
Show license token files for manual license deactivation.
CLI Example:
salt '*' panos.get_license_tokens
- salt.modules.panos.get_lldp_config()#
Show lldp config for interfaces.
CLI Example:
salt '*' panos.get_lldp_config
- salt.modules.panos.get_lldp_counters()#
Show lldp counters for interfaces.
CLI Example:
salt '*' panos.get_lldp_counters
- salt.modules.panos.get_lldp_local()#
Show lldp local info for interfaces.
CLI Example:
salt '*' panos.get_lldp_local
- salt.modules.panos.get_lldp_neighbors()#
Show lldp neighbors info for interfaces.
CLI Example:
salt '*' panos.get_lldp_neighbors
- salt.modules.panos.get_local_admins()#
Show all local administrator accounts.
CLI Example:
salt '*' panos.get_local_admins
- salt.modules.panos.get_logdb_quota()#
Report the logdb quotas.
CLI Example:
salt '*' panos.get_logdb_quota
- salt.modules.panos.get_master_key()#
Get the master key properties.
CLI Example:
salt '*' panos.get_master_key
- salt.modules.panos.get_ntp_config()#
Get the NTP configuration from the candidate configuration.
CLI Example:
salt '*' panos.get_ntp_config
- salt.modules.panos.get_ntp_servers()#
Get list of configured NTP servers.
CLI Example:
salt '*' panos.get_ntp_servers
- salt.modules.panos.get_operational_mode()#
Show device operational mode setting.
CLI Example:
salt '*' panos.get_operational_mode
- salt.modules.panos.get_panorama_status()#
Show panorama connection status.
CLI Example:
salt '*' panos.get_panorama_status
- salt.modules.panos.get_permitted_ips()#
Get the IP addresses that are permitted to establish management connections to the device.
CLI Example:
salt '*' panos.get_permitted_ips
- salt.modules.panos.get_platform()#
Get the platform model information and limitations.
CLI Example:
salt '*' panos.get_platform
- salt.modules.panos.get_predefined_application(application=None)#
Get the configuration for the specified pre-defined application object. This will only return pre-defined application objects.
application(str): The name of the pre-defined application object.
CLI Example:
salt '*' panos.get_predefined_application saltstack
- salt.modules.panos.get_security_rule(rulename=None, vsys='1')#
Get the candidate configuration for the specified security rule.
rulename(str): The name of the security rule.
vsys(str): The string representation of the VSYS ID.
CLI Example:
salt '*' panos.get_security_rule rule01 salt '*' panos.get_security_rule rule01 3
- salt.modules.panos.get_service(service=None, vsys='1')#
Get the candidate configuration for the specified service object. This will not return services that are marked as pre-defined objects.
service(str): The name of the service object.
vsys(str): The string representation of the VSYS ID.
CLI Example:
salt '*' panos.get_service tcp-443 salt '*' panos.get_service tcp-443 3
- salt.modules.panos.get_service_group(servicegroup=None, vsys='1')#
Get the candidate configuration for the specified service group. This will not return service groups that are marked as pre-defined objects.
servicegroup(str): The name of the service group.
vsys(str): The string representation of the VSYS ID.
CLI Example:
salt '*' panos.get_service_group foobar salt '*' panos.get_service_group foobar 3
- salt.modules.panos.get_session_info()#
Show device session statistics.
CLI Example:
salt '*' panos.get_session_info
- salt.modules.panos.get_snmp_config()#
Get the SNMP configuration from the device.
CLI Example:
salt '*' panos.get_snmp_config
- salt.modules.panos.get_software_info()#
Show information about available software packages.
CLI Example:
salt '*' panos.get_software_info
- salt.modules.panos.get_system_date_time()#
Get the system date/time.
CLI Example:
salt '*' panos.get_system_date_time
- salt.modules.panos.get_system_files()#
List important files in the system.
CLI Example:
salt '*' panos.get_system_files
- salt.modules.panos.get_system_info()#
Get the system information.
CLI Example:
salt '*' panos.get_system_info
- salt.modules.panos.get_system_services()#
Show system services.
CLI Example:
salt '*' panos.get_system_services
- salt.modules.panos.get_system_state(mask=None)#
Show the system state variables.
- mask
Filters by a subtree or a wildcard.
CLI Example:
salt '*' panos.get_system_state salt '*' panos.get_system_state mask=cfg.ha.config.enabled salt '*' panos.get_system_state mask=cfg.ha.*
- salt.modules.panos.get_uncommitted_changes()#
Retrieve a list of all uncommitted changes on the device. Requires PANOS version 8.0.0 or greater.
CLI Example:
salt '*' panos.get_uncommitted_changes
- salt.modules.panos.get_users_config()#
Get the local administrative user account configuration.
CLI Example:
salt '*' panos.get_users_config
- salt.modules.panos.get_vlans()#
Show all VLAN information.
CLI Example:
salt '*' panos.get_vlans
- salt.modules.panos.get_xpath(xpath='')#
Retrieve a specified xpath from the candidate configuration.
xpath(str): The specified xpath in the candidate configuration.
CLI Example:
salt '*' panos.get_xpath /config/shared/service
- salt.modules.panos.get_zone(zone='', vsys='1')#
Get the candidate configuration for the specified zone.
zone(str): The name of the zone.
vsys(str): The string representation of the VSYS ID.
CLI Example:
salt '*' panos.get_zone trust salt '*' panos.get_zone trust 2
- salt.modules.panos.get_zones(vsys='1')#
Get all the zones in the candidate configuration.
vsys(str): The string representation of the VSYS ID.
CLI Example:
salt '*' panos.get_zones salt '*' panos.get_zones 2
- salt.modules.panos.install_antivirus(version=None, latest=False, synch=False, skip_commit=False)#
Install anti-virus packages.
- Parameters:
version (str) -- The version of the PANOS file to install.
latest (bool) -- If true, the latest anti-virus file will be installed. The specified version option will be ignored.
synch (bool) -- If true, the anti-virus will synch to the peer unit.
skip_commit (bool) -- If true, the install will skip committing to the device.
CLI Example:
salt '*' panos.install_antivirus 8.0.0
- salt.modules.panos.install_license()#
Install the license key(s).
CLI Example:
salt '*' panos.install_license
- salt.modules.panos.install_software(version=None)#
Upgrade to a software package by version.
- Parameters:
version (str) -- The version of the PANOS file to install.
CLI Example:
salt '*' panos.install_license 8.0.0
- salt.modules.panos.reboot()#
Reboot a running system.
CLI Example:
salt '*' panos.reboot
- salt.modules.panos.refresh_fqdn_cache(force=False)#
Force refreshes all FQDNs used in rules.
- force
Forces all fqdn refresh
CLI Example:
salt '*' panos.refresh_fqdn_cache salt '*' panos.refresh_fqdn_cache force=True
- salt.modules.panos.remove_config_lock()#
Release config lock previously held.
CLI Example:
salt '*' panos.remove_config_lock
- salt.modules.panos.resolve_address(address=None, vsys=None)#
Resolve address to ip address. Required version 7.0.0 or greater.
- address
Address name you want to resolve.
- vsys
The vsys name.
CLI Example:
salt '*' panos.resolve_address foo.bar.com salt '*' panos.resolve_address foo.bar.com vsys=2
- salt.modules.panos.save_device_config(filename=None)#
Save device configuration to a named file.
- filename
The filename to save the configuration to.
CLI Example:
salt '*' panos.save_device_config foo.xml
- salt.modules.panos.save_device_state()#
Save files needed to restore device to local disk.
CLI Example:
salt '*' panos.save_device_state
- salt.modules.panos.set_authentication_profile(profile=None, deploy=False)#
Set the authentication profile of the Palo Alto proxy minion. A commit will be required before this is processed.
CLI Example:
- Parameters:
salt '*' panos.set_authentication_profile foo salt '*' panos.set_authentication_profile foo deploy=True
- salt.modules.panos.set_hostname(hostname=None, deploy=False)#
Set the hostname of the Palo Alto proxy minion. A commit will be required before this is processed.
CLI Example:
- Parameters:
salt '*' panos.set_hostname newhostname salt '*' panos.set_hostname newhostname deploy=True
- salt.modules.panos.set_management_http(enabled=True, deploy=False)#
Enables or disables the HTTP management service on the device.
CLI Example:
- Parameters:
salt '*' panos.set_management_http salt '*' panos.set_management_http enabled=False deploy=True
- salt.modules.panos.set_management_https(enabled=True, deploy=False)#
Enables or disables the HTTPS management service on the device.
CLI Example:
- Parameters:
salt '*' panos.set_management_https salt '*' panos.set_management_https enabled=False deploy=True
- salt.modules.panos.set_management_icmp(enabled=True, deploy=False)#
Enables or disables the ICMP management service on the device.
CLI Example:
- Parameters:
salt '*' panos.set_management_icmp salt '*' panos.set_management_icmp enabled=False deploy=True
- salt.modules.panos.set_management_ocsp(enabled=True, deploy=False)#
Enables or disables the HTTP OCSP management service on the device.
CLI Example:
- Parameters:
salt '*' panos.set_management_ocsp salt '*' panos.set_management_ocsp enabled=False deploy=True
- salt.modules.panos.set_management_snmp(enabled=True, deploy=False)#
Enables or disables the SNMP management service on the device.
CLI Example:
- Parameters:
salt '*' panos.set_management_snmp salt '*' panos.set_management_snmp enabled=False deploy=True
- salt.modules.panos.set_management_ssh(enabled=True, deploy=False)#
Enables or disables the SSH management service on the device.
CLI Example:
- Parameters:
salt '*' panos.set_management_ssh salt '*' panos.set_management_ssh enabled=False deploy=True
- salt.modules.panos.set_management_telnet(enabled=True, deploy=False)#
Enables or disables the Telnet management service on the device.
CLI Example:
- Parameters:
salt '*' panos.set_management_telnet salt '*' panos.set_management_telnet enabled=False deploy=True
- salt.modules.panos.set_ntp_authentication(target=None, authentication_type=None, key_id=None, authentication_key=None, algorithm=None, deploy=False)#
Set the NTP authentication of the Palo Alto proxy minion. A commit will be required before this is processed.
CLI Example:
- Parameters:
target (str) -- Determines the target of the authentication. Valid options are primary, secondary, or both.
authentication_type (str) -- The authentication type to be used. Valid options are symmetric, autokey, and none.
key_id (int) -- The NTP authentication key ID.
authentication_key (str) -- The authentication key.
algorithm (str) -- The algorithm type to be used for a symmetric key. Valid options are md5 and sha1.
deploy (bool) -- If true then commit the full candidate configuration, if false only set pending change.
salt '*' ntp.set_authentication target=both authentication_type=autokey salt '*' ntp.set_authentication target=primary authentication_type=none salt '*' ntp.set_authentication target=both authentication_type=symmetric key_id=15 authentication_key=mykey algorithm=md5 salt '*' ntp.set_authentication target=both authentication_type=symmetric key_id=15 authentication_key=mykey algorithm=md5 deploy=True
- salt.modules.panos.set_ntp_servers(primary_server=None, secondary_server=None, deploy=False)#
Set the NTP servers of the Palo Alto proxy minion. A commit will be required before this is processed.
CLI Example:
- Parameters:
salt '*' ntp.set_servers 0.pool.ntp.org 1.pool.ntp.org salt '*' ntp.set_servers primary_server=0.pool.ntp.org secondary_server=1.pool.ntp.org salt '*' ntp.ser_servers 0.pool.ntp.org 1.pool.ntp.org deploy=True
- salt.modules.panos.set_permitted_ip(address=None, deploy=False)#
Add an IPv4 address or network to the permitted IP list.
CLI Example:
- Parameters:
salt '*' panos.set_permitted_ip 10.0.0.1 salt '*' panos.set_permitted_ip 10.0.0.0/24 salt '*' panos.set_permitted_ip 10.0.0.1 deploy=True
- salt.modules.panos.set_timezone(tz=None, deploy=False)#
Set the timezone of the Palo Alto proxy minion. A commit will be required before this is processed.
CLI Example:
- Parameters:
salt '*' panos.set_timezone UTC salt '*' panos.set_timezone UTC deploy=True
- salt.modules.panos.shutdown()#
Shutdown a running system.
CLI Example:
salt '*' panos.shutdown
- salt.modules.panos.test_fib_route(ip=None, vr='vr1')#
Perform a route lookup within active route table (fib).
ip (str): The destination IP address to test.
vr (str): The name of the virtual router to test.
CLI Example:
salt '*' panos.test_fib_route 4.2.2.2 salt '*' panos.test_fib_route 4.2.2.2 my-vr
- salt.modules.panos.test_security_policy(sourcezone=None, destinationzone=None, source=None, destination=None, protocol=None, port=None, application=None, category=None, vsys='1', allrules=False)#
Checks which security policy as connection will match on the device.
sourcezone (str): The source zone matched against the connection.
destinationzone (str): The destination zone matched against the connection.
source (str): The source address. This must be a single IP address.
destination (str): The destination address. This must be a single IP address.
protocol (int): The protocol number for the connection. This is the numerical representation of the protocol.
port (int): The port number for the connection.
application (str): The application that should be matched.
category (str): The category that should be matched.
vsys (int): The numerical representation of the VSYS ID.
allrules (bool): Show all potential match rules until first allow rule.
CLI Example:
salt '*' panos.test_security_policy sourcezone=trust destinationzone=untrust protocol=6 port=22 salt '*' panos.test_security_policy sourcezone=trust destinationzone=untrust protocol=6 port=22 vsys=2
- salt.modules.panos.unlock_admin(username=None)#
Unlocks a locked administrator account.
- username
Username of the administrator.
CLI Example:
salt '*' panos.unlock_admin username=bob