* [Blog](https://www2.paloaltonetworks.com/blog)
* [Network Security](https://www2.paloaltonetworks.com/blog/network-security/)
* [Next-Generation Firewalls](https://www2.paloaltonetworks.com/blog/network-security/category/next-generation-firewalls/)
* Palo Alto Networks and Re...

# Palo Alto Networks and Red Hat Automate NGFW Config and Management

[](https://www.facebook.com/sharer/sharer.php?u=https%3A%2F%2Fwww2.paloaltonetworks.com%2Fblog%2Fnetwork-security%2Fngfw-ansible-content-collection-red-hat%2F)  
[](https://twitter.com/share?text=Palo+Alto+Networks+and+Red+Hat+Automate+NGFW+Config+and+Management&url=https%3A%2F%2Fwww2.paloaltonetworks.com%2Fblog%2Fnetwork-security%2Fngfw-ansible-content-collection-red-hat%2F)  
[](https://www.linkedin.com/shareArticle?mini=true&url=https%3A%2F%2Fwww2.paloaltonetworks.com%2Fblog%2Fnetwork-security%2Fngfw-ansible-content-collection-red-hat%2F&title=Palo+Alto+Networks+and+Red+Hat+Automate+NGFW+Config+and+Management&summary=&source=)  
[](https://www.paloaltonetworks.com//www.reddit.com/submit?url=https://www2.paloaltonetworks.com/blog/network-security/ngfw-ansible-content-collection-red-hat/&ts=markdown)  
\[\](mailto:?subject=Palo Alto Networks and Red Hat Automate NGFW Config and Management)  
Link copied  
By [Lee Space](https://www.paloaltonetworks.com/blog/author/lee-space/?ts=markdown "Posts by Lee Space")  
Jun 27, 2023  
5 minutes  
[Next-Generation Firewalls](https://www.paloaltonetworks.com/blog/network-security/category/next-generation-firewalls/?ts=markdown)  
[Ansible](https://www.paloaltonetworks.com/blog/tag/ansible/?ts=markdown)  
[NGFW](https://www.paloaltonetworks.com/blog/tag/ngfw/?ts=markdown)  
[red hat](https://www.paloaltonetworks.com/blog/tag/red-hat/?ts=markdown)

The varied tasks it takes to keep complex IT environments secure have moved far beyond the scope of customized, siloed processes and manual tasks. SecOps, network and DevOps teams are straining to do more than ever with fewer team members. In today's hyperautomation world, it makes sense to standardize and automate whatever you can to reduce workloads and remove bottlenecks. This is especially important when enforcing security policies across complex environments (on-prem, cloud, OT/IoT), pushing out config changes or new rules across hundreds of Next-Gen Firewalls (NGFW) or provisioning a new firewall.

With these challenges in mind, we're proud to announce the new Palo Alto Networks Ansible Content Collection, a certified integrated solution for Palo Alto Networks ML-Powered Next-Gen Firewalls(NGFW), which works with the physical PA-Series, the virtual VM-Series, the container CN-Series, and also the Panorama central management platform. Built by Palo Alto Networks and certified by Red Hat, this collection helps teams leverage their Ansible expertise to configure, deploy and manage all aspects of enterprise network security.

While community collections have their strengths and have helped many Palo Alto Networks customers with Ansible integrations in the past, a certified collection is a step up that many have been seeking. As a certified collection, it has undergone rigorous testing by both Palo Alto Networks and Red Hat. Its software chain of custody is certified and signed with a Red Hat key. And should you need help with the integration, you can raise a ticket to benefit from our support team's expertise instead of being on your own to solve the issue.

## How it works

With the certified Palo Alto Networks NGFW Ansible Content Collection, network and security teams can join forces to work from one familiar automation platform, defining and managing NGFW-related components, configurations and policies while creating highly automated, predictable and repeatable processes. This collection works across all form factors, including physical, virtual, container and cloud.

With the Ansible Content Collection, network security policies and configurations become easy-to-use code modules that speed up work, enforce consistency and minimize human error. This unified framework helps create more efficient operations and stronger security across all environments.

## What can be automated?

A whole lot. You can standardize and automate the configuration of everything from security policies (a.k.a., firewall rules) and Network Address Translation (NAT) rules to decryption policies and all the objects used within those rules and policies. Additionally, you can standardize and automate the change control workflows that put these policies into place in the right NGFW groups.

The Content Collection can also help you automate [security services](https://www.paloaltonetworks.com/network-security/security-subscriptions) (Advanced Threat Prevention, antivirus, WildFire, Advanced URL filtering/web filtering, etc.) and device administration, like admin users and certificate management. Additionally, operational tasks like firmware updates, signature updates, configuration backup/restore and more can all be automated and scheduled using Ansible operations.

The Content Collection also allows you to take actionable tasks from firewalls to update other infrastructure and enterprise applications.

## What other benefits come with the Ansible Content Collection?

Additional benefits of this partnership and the Content Collection include:

* **A system of record:** By implementing NGFW management operations and security policies into our Panorama management system with Ansible modules, you'll always have a system of record to inspect configs for change management and audit purposes.
* **Minimizing variability and loss of knowledge:** Manual configurations can cause great variability --- and potential security gaps --- across teams. Standardized configs replicated in an automated "as code" fashion minimizes variance and improves continuity, even as staffing levels and priorities shift.
* **Self-service provisioning:** Repeatable, easy-to-use NGFW provisioning processes empower teams outside of network and security ops, reducing bottlenecks and empowering DevOps, fusion teams and lines of business working on digital products to move quickly, securely and with proper governance and oversight.
* **Scalability without worry:** For companies already using the Ansible Automation Platform, the Certified Content Collection enables Palo Alto Networks NGFWs to be integrated into larger, multi-domain workflows. This allows cross-functional use cases of higher value while maintaining the separation of duties and the appropriate level of governance. Companies can use this collection across all form factors.
* \*\*Collaborative, automated changes:\*\*Playbooks can be checked into a source code repository, enabling teams to audit and approve changes, such as security policy additions, deletions or modifications. Once approved, they can trigger a CI/CD pipeline job that commits the changes to the appropriate NGFWs.

## The use cases for NGFW management with Ansible Automation Platform

Let's look at a few use cases for automating NGFW management:

* \*\*Reduce complexity by automating common configurations to improve efficiency, lower IT costs and ensure consistency of applied security across your organization.\*\*Even small organizations may have firewalls across hundreds of form factors, from on-premise machines and user devices to VMs and container environments. This complexity multiplies for enterprises with thousands of employees.
* \*\*Simplify tasks, review and approve policy updates and then automate changes across the network and to the NGFW.\*\*This allows the engineer to focus on the outcome --- the new security policy and where it should be applied --- rather than the API mechanics.
* \*\*Automation and the ability to provide repeatable provisioning for applications and services can remove bottlenecks and create smoother processes for all.\*\*Many security teams aren't just short-staffed; they're far outnumbered by their ops and dev teams. The Ansible-Palo Alto Networks Content Collection enables SecOps to build security natively into their daily workflows.

## How to get started

The Palo Alto Networks Ansible Content Collection is available to Palo Alto Networks customers who are also Ansible subscribers. You can find the collection in the [Red Hat Automation Hub](https://console.redhat.com/ansible/automation-hub/repo/published/paloaltonetworks/panos) and view [how-tos and tutorials](https://pan.dev/ansible). If you are new to Ansible or not a subscriber, you can try it out with [a 30-day free trial](https://www.redhat.com/en/technologies/management/ansible/trial).

Additionally stay tuned for more information on our upcoming Event-Driven Ansible plugin for PAN-OS, elevating the security operations of Palo Alto Networks products.

*** ** * ** ***

## Related Blogs

### [Announcement](https://www.paloaltonetworks.com/blog/category/announcement/?ts=markdown), [Next-Generation Firewalls](https://www.paloaltonetworks.com/blog/network-security/category/next-generation-firewalls/?ts=markdown), [Products and Services](https://www.paloaltonetworks.com/blog/category/products-and-services/?ts=markdown)

[#### Enterprise \& Branch Security with Palo Alto Networks New NGFWs](https://www2.paloaltonetworks.com/blog/network-security/enterprise-branch-security-with-palo-alto-networks-new-ngfws/)

### [Announcement](https://www.paloaltonetworks.com/blog/category/announcement/?ts=markdown), [Firewall](https://www.paloaltonetworks.com/blog/category/firewall/?ts=markdown), [Next-Generation Firewalls](https://www.paloaltonetworks.com/blog/network-security/category/next-generation-firewalls/?ts=markdown)

[#### PA-7500 Redefines Network Defense: A Paradigm Shift in Cybersecurity](https://www2.paloaltonetworks.com/blog/network-security/pa-7500-redefines-network-defense-a-paradigm-shift-in-cybersecurity/)

### [Next-Generation Firewalls](https://www.paloaltonetworks.com/blog/network-security/category/next-generation-firewalls/?ts=markdown)

[#### See How VM-Series Virtual Firewalls Pay for Themselves](https://www2.paloaltonetworks.com/blog/network-security/forrester-spotlight-ngfw/)

### [Next-Generation Firewalls](https://www.paloaltonetworks.com/blog/network-security/category/next-generation-firewalls/?ts=markdown)

[#### Palo Alto Networks helping customers in their Quantum Secure journey](https://www2.paloaltonetworks.com/blog/network-security/netsec-quantumsecurity/)

### [Announcement](https://www.paloaltonetworks.com/blog/category/announcement/?ts=markdown), [Next-Generation Firewalls](https://www.paloaltonetworks.com/blog/network-security/category/next-generation-firewalls/?ts=markdown), [Products and Services](https://www.paloaltonetworks.com/blog/category/products-and-services/?ts=markdown)

[#### Just Released and Ready for Download --- Software Firewalls for Dummies](https://www2.paloaltonetworks.com/blog/2023/09/software-firewalls-for-dummies/)

### [Next-Generation Firewalls](https://www.paloaltonetworks.com/blog/network-security/category/next-generation-firewalls/?ts=markdown)

[#### Always Innovating: User Experience, Threat Coverage and Management](https://www2.paloaltonetworks.com/blog/network-security/always-innovating-july-2023/)

### Subscribe to Network Security Blogs!

Sign up to receive must-read articles, Playbooks of the Week, new feature announcements, and more.
![spinner](https://www2.paloaltonetworks.com/blog/wp-content/themes/panwblog2023/dist/images/ajax-loader.gif) Sign up  
Please enter a valid email.  
By submitting this form, you agree to our [Terms of Use](https://www.paloaltonetworks.com/legal-notices/terms-of-use?ts=markdown) and acknowledge our [Privacy Statement](https://www.paloaltonetworks.com/legal-notices/privacy?ts=markdown). Please look for a confirmation email from us. If you don't receive it in the next 10 minutes, please check your spam folder.  
This site is protected by reCAPTCHA and the Google [Privacy Policy](https://policies.google.com/privacy) and [Terms of Service](https://policies.google.com/terms) apply.  
{#footer} {#footer}

## Products and Services

* [AI-Powered Network Security Platform](https://www.paloaltonetworks.com/network-security?ts=markdown)

* [Secure AI by Design](https://www.paloaltonetworks.com/precision-ai-security/secure-ai-by-design?ts=markdown)

* [Prisma AIRS](https://www.paloaltonetworks.com/prisma/prisma-ai-runtime-security?ts=markdown)

* [AI Access Security](https://www.paloaltonetworks.com/sase/ai-access-security?ts=markdown)

* [Cloud Delivered Security Services](https://www.paloaltonetworks.com/network-security/security-subscriptions?ts=markdown)

* [Advanced Threat Prevention](https://www.paloaltonetworks.com/network-security/advanced-threat-prevention?ts=markdown)

* [Advanced URL Filtering](https://www.paloaltonetworks.com/network-security/advanced-url-filtering?ts=markdown)

* [Advanced WildFire](https://www.paloaltonetworks.com/network-security/advanced-wildfire?ts=markdown)

* [Advanced DNS Security](https://www.paloaltonetworks.com/network-security/advanced-dns-security?ts=markdown)

* [Enterprise Data Loss Prevention](https://www.paloaltonetworks.com/sase/enterprise-data-loss-prevention?ts=markdown)

* [Enterprise IoT Security](https://www.paloaltonetworks.com/network-security/enterprise-device-security?ts=markdown)

* [Medical IoT Security](https://www.paloaltonetworks.com/network-security/medical-device-security?ts=markdown)

* [Industrial OT Security](https://www.paloaltonetworks.com/network-security/medical-device-security?ts=markdown)

* [SaaS Security](https://www.paloaltonetworks.com/sase/saas-security?ts=markdown)

* [Next-Generation Firewalls](https://www.paloaltonetworks.com/network-security/next-generation-firewall?ts=markdown)

* [Hardware Firewalls](https://www.paloaltonetworks.com/network-security/hardware-firewall-innovations?ts=markdown)

* [Software Firewalls](https://www.paloaltonetworks.com/network-security/software-firewalls?ts=markdown)

* [Strata Cloud Manager](https://www.paloaltonetworks.com/network-security/strata-cloud-manager?ts=markdown)

* [SD-WAN for NGFW](https://www.paloaltonetworks.com/network-security/sd-wan-subscription?ts=markdown)

* [PAN-OS](https://www.paloaltonetworks.com/network-security/pan-os?ts=markdown)

* [Panorama](https://www.paloaltonetworks.com/network-security/panorama?ts=markdown)

* [Secure Access Service Edge](https://www.paloaltonetworks.com/sase?ts=markdown)

* [Prisma SASE](https://www.paloaltonetworks.com/sase?ts=markdown)

* [Application Acceleration](https://www.paloaltonetworks.com/sase/app-acceleration?ts=markdown)

* [Autonomous Digital Experience Management](https://www.paloaltonetworks.com/sase/adem?ts=markdown)

* [Enterprise DLP](https://www.paloaltonetworks.com/sase/enterprise-data-loss-prevention?ts=markdown)

* [Prisma Access](https://www.paloaltonetworks.com/sase/access?ts=markdown)

* [Prisma Browser](https://www.paloaltonetworks.com/sase/prisma-browser?ts=markdown)

* [Prisma SD-WAN](https://www.paloaltonetworks.com/sase/sd-wan?ts=markdown)

* [Remote Browser Isolation](https://www.paloaltonetworks.com/sase/remote-browser-isolation?ts=markdown)

* [SaaS Security](https://www.paloaltonetworks.com/sase/saas-security?ts=markdown)

* [AI-Driven Security Operations Platform](https://www.paloaltonetworks.com/cortex?ts=markdown)

* [Cloud Security](https://www.paloaltonetworks.com/cortex/cloud?ts=markdown)

* [Cortex Cloud](https://www.paloaltonetworks.com/cortex/cloud?ts=markdown)

* [Application Security](https://www.paloaltonetworks.com/cortex/cloud/application-security?ts=markdown)

* [Cloud Posture Security](https://www.paloaltonetworks.com/cortex/cloud/cloud-posture-security?ts=markdown)

* [Cloud Runtime Security](https://www.paloaltonetworks.com/cortex/cloud/runtime-security?ts=markdown)

* [Prisma Cloud](https://www.paloaltonetworks.com/prisma/cloud?ts=markdown)

* [AI-Driven SOC](https://www.paloaltonetworks.com/cortex?ts=markdown)

* [Cortex XSIAM](https://www.paloaltonetworks.com/cortex/cortex-xsiam?ts=markdown)

* [Cortex XDR](https://www.paloaltonetworks.com/cortex/cortex-xdr?ts=markdown)

* [Cortex XSOAR](https://www.paloaltonetworks.com/cortex/cortex-xsoar?ts=markdown)

* [Cortex Xpanse](https://www.paloaltonetworks.com/cortex/cortex-xpanse?ts=markdown)

* [Unit 42 Managed Detection \& Response](https://www.paloaltonetworks.com/cortex/managed-detection-and-response?ts=markdown)

* [Managed XSIAM](https://www.paloaltonetworks.com/cortex/managed-xsiam?ts=markdown)

* [Threat Intel and Incident Response Services](https://www.paloaltonetworks.com/unit42?ts=markdown)

* [Proactive Assessments](https://www.paloaltonetworks.com/unit42/assess?ts=markdown)

* [Incident Response](https://www.paloaltonetworks.com/unit42/respond?ts=markdown)

* [Transform Your Security Strategy](https://www.paloaltonetworks.com/unit42/transform?ts=markdown)

* [Discover Threat Intelligence](https://www.paloaltonetworks.com/unit42/threat-intelligence-partners?ts=markdown)

## Company

* [About Us](https://www.paloaltonetworks.com/about-us?ts=markdown)
* [Careers](https://jobs.paloaltonetworks.com/en/)
* [Contact Us](https://www.paloaltonetworks.com/company/contact-sales?ts=markdown)
* [Corporate Responsibility](https://www.paloaltonetworks.com/about-us/corporate-responsibility?ts=markdown)
* [Customers](https://www.paloaltonetworks.com/customers?ts=markdown)
* [Investor Relations](https://investors.paloaltonetworks.com/)
* [Location](https://www.paloaltonetworks.com/about-us/locations?ts=markdown)
* [Newsroom](https://www.paloaltonetworks.com/company/newsroom?ts=markdown)

## Popular Links

* [Blog](https://www.paloaltonetworks.com/blog/?ts=markdown)
* [Communities](https://www.paloaltonetworks.com/communities?ts=markdown)
* [Content Library](https://www.paloaltonetworks.com/resources?ts=markdown)
* [Cyberpedia](https://www.paloaltonetworks.com/cyberpedia?ts=markdown)
* [Event Center](https://events.paloaltonetworks.com/)
* [Manage Email Preferences](https://start.paloaltonetworks.com/preference-center)
* [Products A-Z](https://www.paloaltonetworks.com/products/products-a-z?ts=markdown)
* [Product Certifications](https://www.paloaltonetworks.com/legal-notices/trust-center/compliance?ts=markdown)
* [Report a Vulnerability](https://www.paloaltonetworks.com/security-disclosure?ts=markdown)
* [Sitemap](https://www.paloaltonetworks.com/sitemap?ts=markdown)
* [Tech Docs](https://docs.paloaltonetworks.com/)
* [Unit 42](https://unit42.paloaltonetworks.com/)
* [Do Not Sell or Share My Personal Information](https://panwedd.exterro.net/portal/dsar.htm?target=panwedd)
  ![PAN logo](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/pan-logo-dark.svg)
* [Privacy](https://www.paloaltonetworks.com/legal-notices/privacy?ts=markdown)
* [Trust Center](https://www.paloaltonetworks.com/legal-notices/trust-center?ts=markdown)
* [Terms of Use](https://www.paloaltonetworks.com/legal-notices/terms-of-use?ts=markdown)
* [Documents](https://www.paloaltonetworks.com/legal?ts=markdown)

Copyright © 2026 Palo Alto Networks. All Rights Reserved

* [![Youtube](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/youtube-black.svg)](https://www.youtube.com/user/paloaltonetworks)
* [![Podcast](https://www.paloaltonetworks.com/content/dam/pan/en_US/images/icons/podcast.svg)](https://www.paloaltonetworks.com/podcasts/threat-vector?ts=markdown)
* [![Facebook](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/facebook-black.svg)](https://www.facebook.com/PaloAltoNetworks/)
* [![LinkedIn](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/linkedin-black.svg)](https://www.linkedin.com/company/palo-alto-networks)
* [![Twitter](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/twitter-x-black.svg)](https://twitter.com/PaloAltoNtwks)
* EN  
  Select your language