Closed natebeck72 closed 2 years ago
We have this issue as well, support ticket 02154262
Hey guys,
we fixed it with a work arround by deleting in the panos libary the hip_profiles. On OracleOS you will find it here:
/usr/local/lib/python3.6/site-packages/panos/policies.py
In that file search for:
("hip_profiles", "hip-profiles"),
and change it to:
#("hip_profiles", "hip-profiles"),
In the Collection file you also need to remove the hip-profile settings:
cat .ansible/collections/ansible_collections/paloaltonetworks/panos/plugins/modules/panos_security_rule.py |grep hip
"hip_profiles": module.params["hip_profiles"],
and replace with:
#"hip_profiles": module.params["hip_profiles"],
We have the same problem starting with Panorama 10.0.9 as well. Can be worked around using the fix mentioned by baldy2811.
This has been resolved with the latest merge to pan-os-python (ISSUE-441). You can
pip install git+https://github.com/paloaltonetworks/pan-os-python
to give it a spin.
A bunch of handling for hip_profiles
is going in to the next release. As long as your play doesn't specify hip_profiles
explicitly, it will be ignored for all PAN-OS >= 10.0.0.
Describe the bug
I am using code that I have utilized for a year to help configure FW's created for a use case. I normally create a security rule to allow traffic through to the device behind this. It has functioned up until the 10.2 version of the NGFW's.
CODE :
Expected behavior
This should create a security rule successfully.
Current behavior
I get the following message currently when using this code in AWX against a 10.2 FW
"msg": "Failed create: security -> rules -> Inbound_Panorama_NAT -> hip-profiles unexpected here\n security -> rules is invalid",
When I disect the module I see that the variable that is there is "hip-profiles" but when I look at the XML of the 10.2 FW I see "source-hip" and "destination-hip" as the objects in the tree.
Possible solution
Steps to reproduce
Screenshots
![Uploading Screen Shot 2022-03-31 at 10.34.49 AM.png…]()