Skip to content

D09 Automation Docs

Block_IP_on_Palo_Alto

D09 Automation Docs

Block_IP_on_Palo_Alto

Go to Automation

View in GitLab

Description

Create an IP address object on the active Palo Alto device and add that object to a specified address group (commonly used to implement a block list). Playbook supports creating per-device objects and updating the target address-group; an optional commit applies the changes.

Credentials

panos_username / panos_password

Input

Variable	Description
`target`	Comma-separated list of target hostnames/FQDNs (used to derive object names)
`ip_adres`	Comma-separated list of IP addresses corresponding to `target`
`_description`	Description text to add to the created address object
`pa_group` / `panos_addressgroup` / `panos_vlangroup`	Address group name to add the new object to (prefers `panos_addressgroup` when defined)
`provider`	PANOS connection provider (generated by `get_active_paloalto.yml`)
`_commit`	Set to `Ja` to perform a commit on the firewall after changes

Output

Created address object(s) (type ip-netmask) named HST_<shortname> with the supplied description.
Updated static members of the target address group to include the new host object(s).
Optional: a configuration commit when _commit is Ja.

Dependencies