Resource Type: panos_ipv6_static_route

Defined in:
lib/puppet/type/panos_ipv6_static_route.rb

Overview

This type provides Puppet with the capabilities to manage IPv6 Static Routes on Palo Alto devices.

Properties

  • admin_distance

    Specify the administrative distance for the static route (10-240; default is 10).

  • bfd_profile (defaults to: None)

    To enable Bidirectional Forwarding Detection (BFD) for a static route on a PA-3000 Series, PA-3200 Series, PA-5000 Series, PA-5200 Series, PA-7000 Series, or VM-Series firewall, specify one of the following:

    * `default`: a BFD profile that you have created on the firewall
* `None`: to disable BFD for the static route.

    To use BFD on a static route:

    * Both the firewall and the peer at the opposite end of the static route must support BFD sessions.
* The static route nexthop_type must be `ip-address` and you must enter a valid IP address in `nexthop`.
* The `interface` attribute cannot be `none`; you must specify an interface (even if you are using a DHCP address).
  • destination

    Enter an IP address and network mask in Classless Inter-domain Routing (CIDR) notation: ip_address/mask (for example, 192.168.2.0/24 for IPv4 or 2001:db8::/32 for IPv6).

  • enable

    Specify true to enable path monitoring of this specific destination for the static route; the firewall sends ICMP pings to this destination.

    Note: can only be set on PAN-OS version 8.1.0.

  • ensure (defaults to: present)

    Whether this resource should be present or absent on the target system.

  • failure_condition

    Specify the condition under which the firewall considers the monitored path down and thus the static route down:

    * `any`: If any one of the monitored destinations for the static route is unreachable by ICMP, the firewall removes the static route from the RIB and FIB and adds the dynamic or static route that has the next lowest metric going to the same destination to the FIB.
* `all`: If all of the monitored destinations for the static route are unreachable by ICMP, the firewall removes the static route from the RIB and FIB and adds the dynamic or static route that has the next lowest metric going to the same destination to the FIB.

    Specify ‘all` to avoid the possibility of a single monitored destination signaling a static route failure when that monitored destination is simply offline for maintenance, for example.

    Note: can only be set on PAN-OS version 8.1.0.

  • hold_time

    Specify the number of minutes a downed path monitor must remain in Up stat:the path monitor evaluates all of its member monitored destinations and must remain Up before the firewall reinstalls the static route into the RIB. If the timer expires without the link going down or flapping, the link is deemed stable, path monitor can remain Up, and the firewall can add the static route back into the RIB.

    If the link goes down or flaps during the hold time, path monitor fails and the timer restarts when the downed monitor returns to Up state. A Preemptive Hold Time of zero causes the firewall to reinstall the static route into the RIB immediately upon the path monitor coming up. Range is 0-1,440; default is 2.

    Note: can only be set on PAN-OS version 8.1.0.

  • interface

    The interface used by the route, interfaces pulled from the virtual router this belongs to.

  • metric (defaults to: 10)

    Specify a valid metric for the static route (1 - 65535).

  • nexthop

    The address of the next hop location for the route

  • nexthop_type

    The type of address used for the next hop.

    * ipv6-address: Select to enter the IP address of the next hop router.
* next-vr: Select to select a virtual router in the firewall as the next hop. This allows you to route internally between virtual routers within a single firewall.
* discard: Select if you want to drop traffic that is addressed to this destination.
* none: Select if there is no next hop for the route.
  • no_install

    Select if you do not want to install the route in the forwarding table. The route is retained in the configuration for future reference. Note: can only be set on PAN-OS version 7.1.0.

  • path_monitoring

    Specify true to enable path monitoring for the static route.

    Note: can only be set on PAN-OS version 8.1.0. Note: must be enabled if using ‘panos_ipv6_monitor_destinations` for the static route.

  • route_type

    Specify the route table into which the firewall installs the static route:

    * `unicast`: Installs the route into the unicast route table.
* `multicast`: Installs the route into the multicast route table.
* `both`: Installs the route into the unicast and multicast route tables.
* `no-install`: Does not install the route in the route table (RIB); the firewall retains the static route for future reference until you delete the route.

    Note: can only be set on PAN-OS version 8.1.0.

Parameters

  • route (namevar)

    A name to identify a static route.

  • vr_name (namevar)

    The name of the virtual router the static route is associate with.