Skip to content

PaloAltoNetworks/terraform-panos-ngfw-modules

Repository files navigation

GitHub release (latest by date) GitHub GitHub Workflow Status GitHub issues GitHub pull requests Terraform registry downloads total Terraform registry download month

Terraform Modules for Palo Alto Networks PAN-OS Based Platforms

Overview

A set of Terraform modules that can be leveraged to configure and manage Palo Alto Networks PAN-OS-based platforms (Firewalls and Panorama) using code.

This solution enables you to manage various configuration aspects, including Tags, Address Objects/Groups, Security/NAT policies, Security Profiles, and more.

Structure

This repository has the following directory structure:

  • modules: This directory contains several standalone, reusable, production-grade Terraform modules. Each module is individually documented.
  • examples: This directory shows examples of different ways to combine the modules contained in the modules directory.

Compatibility

These modules are meant for use with PAN-OS >= 10.x.x and Terraform >= 1.4

Setup

Important

Modes

The modules are designed to seamlessly integrate with either a PAN-OS firewall or a Panorama instance, providing flexibility in their usage. The user is required to implicitly pass the mode variable to these modules, which dictates the operational context of the modules. This variable is mandatory, with accepted values being panorama or ngfw.

The underlying panos provider can be configured using the following methods.

For all the supported arguments, please refer to provider documentation

  1. Directly in the provider block
provider "panos" {
  hostname = "1.1.1.1"
  username = "username"
  password= "password" 
}
  1. Environment variable setting (where applicable)
export PANOS_HOSTNAME=
export PANOS_USERNAME=
export PANOS_API_KEY=
  1. From a JSON config file
> cat ./panos-config.json
{
  "hostname": "1.1.1.1",
  "username": "user",
  "password": "password"
}
provider "panos" {
  json_config_file = "panos-config.json"
}

Testing

To execute tests, create the folder tests/creds/ with below two files:

  • panorama.json
  • firewall.json

which will contain credentials to access Panorama and firewall instances, e.g.:

{
  "hostname": "1.1.1.1",
  "username": "user",
  "password": "password"
}

When credentials files are ready, use the below commands to run tests:

cd tests
go mod init github.com/PaloAltoNetworks/terraform-panos-modules/tests
go mod tidy
go test -v -timeout 30m -count=1

Versioning

These modules follow the principles of Semantic Versioning. You can find each new release, along with the changelog on the GitHub Releases page.

Getting Help

If you have found a bug, please report it. The preferred way is to create a new issue on the GitHub issue page.