-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathpalo-configure-HA.yaml
61 lines (57 loc) · 1.51 KB
/
palo-configure-HA.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
# FILENAME
# playbook to configure HA on Palo FW
## DESCRIPTION
# Example playbook that will connect to the firewall using credentials provided saved in either host.yaml or vars.yaml files
## REQUIREMENTS
# pip install ansible
# ansible-galaxy install PaloAltoNetworks.paloaltonetworks
## EXECUTE
# ansible-playbook palo-configure-HA.yaml
---
- hosts: PA-FW-01
connection: local
collections:
- paloaltonetworks.panos
tasks:
- name: set ports to HA mode
panos_interface:
provider: '{{ provider }}'
if_name: "{{ item }}"
mode: "ha"
enable_dhcp: false
with_items:
- ethernet1/1
- ethernet1/2
- ethernet1/3
- ethernet1/4
- ethernet1/5
- name: Configure Active/Standby HA
panos_ha:
provider: '{{ provider }}'
state: present
ha_peer_ip: "192.168.50.1"
ha1_ip_address: "192.168.50.2"
ha1_netmask: "255.255.255.252"
ha1_port: "ethernet1/1"
ha2_port: "ethernet1/3"
- name: Configure Active/Active HA
panos_ha:
provider: "{{ provider }}"
state: present
ha_mode: "active-active"
ha_device_id: 0
ha_session_owner_selection: "first-packet"
ha_session_setup: "first-packet"
ha_peer_ip: "192.168.50.1"
ha_peer_ip_backup: "192.168.50.5"
ha1_port: "ethernet1/1"
ha1_ip_address: "192.168.50.2"
ha1_netmask: "255.255.255.252"
ha1b_port: "ethernet1/2"
ha1b_ip_address: "192.168.50.6"
ha1b_netmask: "255.255.255.252"
ha2_port: "ethernet1/3"
ha2b_port: "ethernet1/4"
ha3_port: "ethernet1/5"
commit: true
...