Skip to content

D09 Automation Docs

create_server_segmentation_items

D09 Automation Docs

create_server_segmentation_items

Go to Automation

View in GitLab

Description

Create tags, address objects, address groups and public NAT entries required to segment a server subnet on a Palo Alto device. The playbook sets zone and VR metadata depending on the environment (PR/QA), creates tags, address objects/groups, and associated NAT rules, then optionally commits the changes.

Credentials

panos_username / panos_password

Input

Variable	Description
`_segmentnaam`	Logical name for the server segment used to build zone and object names
`_environment`	`PR` or `QA` — controls VR, public NAT IP and metadata used for created objects
`_subnet`	CIDR for the server subnet that will be represented as a network object
`_applicatie`, `_contact`	Optional metadata used for application tags and object comments
`provider`	PANOS connection provider (from `get_active_paloalto.yml`)
`_commit`	Set to `Ja` to commit firewall changes after creation

Output

Created zone and application tags on the firewall.
Created network address object(s) and corresponding address group(s) for the segment.
Created public NAT rule(s) (internet NAT) for the segment.
Optional: a firewall commit when _commit == Ja.

Dependencies