Skip to content

D09 Automation Docs

update_baseline_rules

D09 Automation Docs

update_baseline_rules

Go to Automation

View in GitLab

Description

Gather all security rules from the active firewall, filter rules by tag (RB_Type_multizone_src / RB_Type_multizone_dst) and merge an additional zone into the rules' source_zone or destination_zone lists (using set union to avoid duplicates). Changes are applied with the panos_security_rule module; commits are optional.

Credentials

panos_username / panos_password (PA credentials)

Input

Variable	Description
`target`	List or comma-separated PA device(s) used to generate the active `provider`
`_zone`	Zone name to add to matching rules' `source_zone` or `destination_zone`
`provider`	PANOS connection provider created by `get_active_paloalto.yml`
`myrules_srczone_2_update`, `myrules_dstzone_2_update`	Optional explicit rule name lists to limit which rules are considered
`_commit`	Set to `Ja` to commit the firewall after changes (handler currently commented)

Output

Security rules updated (merged) to include the requested zone in their source or destination zone lists.
Debug output variables: filtered_src_rules, filtered_dst_rules and the panos_security_rule responses.
Optional: a firewall commit if enabled.

Dependencies