New in version 2.3.
In 2.4 use panos_nat_rule instead.
| parameter | required | default | choices | comments |
|---|---|---|---|---|
| commit | no | True | commit if changed | |
| destination | no | [u'any'] | list of destination addresses | |
| dnat_address | no | None | dnat translated address | |
| dnat_port | no | None | dnat translated port | |
| from_zone | yes | list of source zones | ||
| ip_address | yes | IP address (or hostname) of PAN-OS device | ||
| override | no | false | attempt to override rule if one with the same name already exists | |
| password | yes | password for authentication | ||
| rule_name | yes | name of the SNAT rule | ||
| service | no | any | service | |
| snat_address | no | None | snat translated address | |
| snat_bidirectional | no | false | bidirectional flag | |
| snat_interface | no | None | snat interface | |
| snat_interface_address | no | None | snat interface address | |
| snat_type | no | None | type of source translation | |
| source | no | [u'any'] | list of source addresses | |
| to_zone | yes | destination zone | ||
| username | no | admin | username for authentication |
# Create a source and destination nat rule
- name: create nat SSH221 rule for 10.0.1.101
panos_nat:
ip_address: "192.168.1.1"
password: "admin"
rule_name: "Web SSH"
from_zone: ["external"]
to_zone: "external"
source: ["any"]
destination: ["10.0.0.100"]
service: "service-tcp-221"
snat_type: "dynamic-ip-and-port"
snat_interface: "ethernet1/2"
dnat_address: "10.0.1.101"
dnat_port: "22"
commit: False
For help in developing on modules, should you be so inclined, please read Community Information & Contributing, Testing Ansible and Developing Modules.
© 2012–2017 Michael DeHaan
© 2017 Red Hat, Inc.
Licensed under the GNU General Public License version 3.
https://docs.ansible.com/ansible/latest/panos_nat_policy_module.html