Try SpotterManages access-rule objects on Check Point over Web Services API
| "added in version" 2.9 of ansible.builtin"
Authors: Or Soffer (@chkp-orso)
preview | supported by community
pipInstall with pip install ansible==2.9.17
Manages access-rule objects on Check Point devices including creating, updating and removing objects.
All operations are performed over Web Services API.
- name: add-access-rule
cp_mgmt_access_rule:
layer: Network
name: Rule 1
position: 1
service:
- SMTP
- AOL
state: present
- name: set-access-rule
cp_mgmt_access_rule:
action: Ask
action_settings:
enable_identity_captive_portal: true
limit: Upload_1Gbps
layer: Network
name: Rule 1
state: present
- name: delete-access-rule
cp_mgmt_access_rule:
layer: Network
name: Rule 2
state: absent
vpn:
description:
- Communities or Directional.
suboptions:
community:
description:
- List of community name or UID.
type: list
directional:
description:
- Communities directional match condition.
suboptions:
from:
description:
- From community name or UID.
type: str
to:
description:
- To community name or UID.
type: str
type: list
type: list
name:
description:
- Object name.
required: true
type: str
time:
description:
- List of time objects. For example, "Weekend", "Off-Work", "Every-Day".
type: list
layer:
description:
- Layer that the rule belongs to identified by the name or UID.
type: str
state:
choices:
- present
- absent
default: present
description:
- State of the access rule (present or absent).
type: str
track:
description:
- Track Settings.
suboptions:
accounting:
description:
- Turns accounting for track on and off.
type: bool
alert:
choices:
- none
- alert
- snmp
- mail
- user alert 1
- user alert 2
- user alert 3
description:
- Type of alert for the track.
type: str
enable_firewall_session:
description:
- Determine whether to generate session log to firewall only connections.
type: bool
per_connection:
description:
- Determines whether to perform the log per connection.
type: bool
per_session:
description:
- Determines whether to perform the log per session.
type: bool
type:
description:
- a "Log", "Extended Log", "Detailed Log", "None".
type: str
type: dict
action:
description:
- a "Accept", "Drop", "Ask", "Inform", "Reject", "User Auth", "Client Auth", "Apply
Layer".
type: str
source:
description:
- Collection of Network objects identified by the name or UID.
type: list
content:
description:
- List of processed file types that this rule applies on.
type: list
enabled:
description:
- Enable/Disable the rule.
type: bool
service:
description:
- Collection of Network objects identified by the name or UID.
type: list
version:
description:
- Version of checkpoint. If not given one, the latest version taken.
type: str
comments:
description:
- Comments string.
type: str
position:
description:
- Position in the rulebase.
type: str
install_on:
description:
- Which Gateways identified by the name or UID to install the policy on.
type: list
user_check:
description:
- User check settings.
suboptions:
confirm:
choices:
- per rule
- per category
- per application/site
- per data type
description:
- N/A
type: str
custom_frequency:
description:
- N/A
suboptions:
every:
description:
- N/A
type: int
unit:
choices:
- hours
- days
- weeks
- months
description:
- N/A
type: str
type: dict
frequency:
choices:
- once a day
- once a week
- once a month
- custom frequency...
description:
- N/A
type: str
interaction:
description:
- N/A
type: str
type: dict
destination:
description:
- Collection of Network objects identified by the name or UID.
type: list
inline_layer:
description:
- Inline Layer identified by the name or UID. Relevant only if "Action" was set to
"Apply Layer".
type: str
custom_fields:
description:
- Custom fields.
suboptions:
field_1:
description:
- First custom field.
type: str
field_2:
description:
- Second custom field.
type: str
field_3:
description:
- Third custom field.
type: str
type: dict
details_level:
choices:
- uid
- standard
- full
description:
- The level of detail for some of the fields in the response can vary from showing
only the UID value of the object to a fully detailed representation of the object.
type: str
ignore_errors:
description:
- Apply changes ignoring errors. You won't be able to publish such a changes. If ignore-warnings
flag was omitted - warnings will also be ignored.
type: bool
source_negate:
description:
- True if negate is set for source.
type: bool
wait_for_task:
default: true
description:
- Wait for the task to end. Such as publish task.
type: bool
content_negate:
description:
- True if negate is set for data.
type: bool
service_negate:
description:
- True if negate is set for service.
type: bool
action_settings:
description:
- Action settings.
suboptions:
enable_identity_captive_portal:
description:
- N/A
type: bool
limit:
description:
- N/A
type: str
type: dict
ignore_warnings:
description:
- Apply changes ignoring warnings.
type: bool
content_direction:
choices:
- any
- up
- down
description:
- On which direction the file types processing is applied.
type: str
destination_negate:
description:
- True if negate is set for destination.
type: bool
auto_publish_session:
default: false
description:
- Publish the current session if changes have been performed after task completes.
type: bool
wait_for_task_timeout:
default: 30
description:
- How many minutes to wait until throwing a timeout error.
type: int
cp_mgmt_access_rule: description: The checkpoint object created or updated. returned: always, except when deleting the object. type: dict