2. Ansible L200

This content is still being developed.

2.1. Firewall configuration tasks

Our next playbook is focused on configuration tasks, and this playbook configures all the required items for a basic firewall setup.

Towards the start of the playbook in the variables section, a number of values are defined for the required interfaces, zones, objects and more:

.
.
.
interfaces:
  - if_name: 'ethernet1/1'
    mode: 'layer3'
    ip: ['192.168.55.20/24']
    enable_dhcp: false
  - if_name: 'ethernet1/2'
    mode: 'layer3'
    ip: ['192.168.45.20/24']
    enable_dhcp: false
.
.
.
zones:
  - zone: 'untrust'
    mode: 'layer3'
    interfaces: ['ethernet1/1']
  - zone: 'web'
    mode: 'layer3'
    interfaces: ['ethernet1/2']
.
.
.
etc

Then, in the tasks section, there is a task for each configuration type (interfaces, zones, objects, etc) which configures the items using all the values in the variables section by using the with_items statement:

.
.
.
tasks:
  - name: Configure interfaces
    paloaltonetworks.panos.panos_interface:
      provider: '{{ device }}'
      template: '{{ template | default(omit) }}'
      if_name: '{{ item.if_name }}'
      mode: '{{ item.mode }}'
      ip: '{{ item.ip }}'
      enable_dhcp: '{{ item.enable_dhcp }}'
      commit: false
    with_items: '{{ interfaces }}'
  - name: Configure zones
    paloaltonetworks.panos.panos_zone:
      provider: '{{ device }}'
      template: '{{ template | default(omit) }}'
      zone: '{{ item.zone }}'
      mode: '{{ item.mode }}'
      interface: '{{ item.interfaces }}'
    with_items: '{{ zones }}'
.
.
.

$ ansible-playbook -i inventory config.yml --extra-vars "username=$panos_username password=$panos_password"