Try SpotterManages simple-gateway objects on Check Point over Web Services API
| "added in version" 2.9 of ansible.builtin"
Authors: Or Soffer (@chkp-orso)
preview | supported by community
pipInstall with pip install ansible==2.9.17
Manages simple-gateway objects on Check Point devices including creating, updating and removing objects.
All operations are performed over Web Services API.
- name: add-simple-gateway
cp_mgmt_simple_gateway:
ip_address: 192.0.2.1
name: gw1
state: present
- name: set-simple-gateway
cp_mgmt_simple_gateway:
anti_bot: true
anti_virus: true
application_control: true
ips: true
name: test_gateway
state: present
threat_emulation: true
url_filtering: true
- name: delete-simple-gateway
cp_mgmt_simple_gateway:
name: gw1
state: absent
ips:
description:
- Intrusion Prevention System blade enabled.
type: bool
vpn:
description:
- VPN blade enabled.
type: bool
name:
description:
- Object name.
required: true
type: str
tags:
description:
- Collection of tag identifiers.
type: list
color:
choices:
- aquamarine
- black
- blue
- crete blue
- burlywood
- cyan
- dark green
- khaki
- orchid
- dark orange
- dark sea green
- pink
- turquoise
- dark blue
- firebrick
- brown
- forest green
- gold
- dark gold
- gray
- dark gray
- light green
- lemon chiffon
- coral
- sea green
- sky blue
- magenta
- purple
- slate blue
- violet red
- navy blue
- olive
- orange
- red
- sienna
- yellow
description:
- Color of the object. Should be one of existing colors.
type: str
state:
choices:
- present
- absent
default: present
description:
- State of the access rule (present or absent).
type: str
groups:
description:
- Collection of group identifiers.
type: list
os_name:
description:
- Gateway platform operating system.
type: str
version:
description:
- Gateway platform version.
type: str
anti_bot:
description:
- Anti-Bot blade enabled.
type: bool
comments:
description:
- Comments string.
type: str
firewall:
description:
- Firewall blade enabled.
type: bool
anti_virus:
description:
- Anti-Virus blade enabled.
type: bool
interfaces:
description:
- Network interfaces. When a gateway is updated with a new interfaces, the existing
interfaces are removed.
suboptions:
anti_spoofing:
description:
- N/A
type: bool
anti_spoofing_settings:
description:
- N/A
suboptions:
action:
choices:
- prevent
- detect
description:
- If packets will be rejected (the Prevent option) or whether the packets
will be monitored (the Detect option).
type: str
type: dict
color:
choices:
- aquamarine
- black
- blue
- crete blue
- burlywood
- cyan
- dark green
- khaki
- orchid
- dark orange
- dark sea green
- pink
- turquoise
- dark blue
- firebrick
- brown
- forest green
- gold
- dark gold
- gray
- dark gray
- light green
- lemon chiffon
- coral
- sea green
- sky blue
- magenta
- purple
- slate blue
- violet red
- navy blue
- olive
- orange
- red
- sienna
- yellow
description:
- Color of the object. Should be one of existing colors.
type: str
comments:
description:
- Comments string.
type: str
details_level:
choices:
- uid
- standard
- full
description:
- The level of detail for some of the fields in the response can vary from showing
only the UID value of the object to a fully detailed representation of the object.
type: str
ignore_errors:
description:
- Apply changes ignoring errors. You won't be able to publish such a changes.
If ignore-warnings flag was omitted - warnings will also be ignored.
type: bool
ignore_warnings:
description:
- Apply changes ignoring warnings.
type: bool
ip_address:
description:
- IPv4 or IPv6 address. If both addresses are required use ipv4-address and ipv6-address
fields explicitly.
type: str
ipv4_address:
description:
- IPv4 address.
type: str
ipv4_mask_length:
description:
- IPv4 network mask length.
type: str
ipv4_network_mask:
description:
- IPv4 network address.
type: str
ipv6_address:
description:
- IPv6 address.
type: str
ipv6_mask_length:
description:
- IPv6 network mask length.
type: str
ipv6_network_mask:
description:
- IPv6 network address.
type: str
mask_length:
description:
- IPv4 or IPv6 network mask length.
type: str
name:
description:
- Object name.
type: str
network_mask:
description:
- IPv4 or IPv6 network mask. If both masks are required use ipv4-network-mask
and ipv6-network-mask fields explicitly. Instead of providing mask itself it
is possible to specify IPv4 or IPv6 mask length in mask-length field. If both
masks length are required use ipv4-mask-length and ipv6-mask-length fields
explicitly.
type: str
security_zone:
description:
- N/A
type: bool
security_zone_settings:
description:
- N/A
suboptions:
auto_calculated:
description:
- Security Zone is calculated according to where the interface leads to.
type: bool
specific_zone:
description:
- Security Zone specified manually.
type: str
type: dict
tags:
description:
- Collection of tag identifiers.
type: list
topology:
choices:
- automatic
- external
- internal
description:
- N/A
type: str
topology_settings:
description:
- N/A
suboptions:
interface_leads_to_dmz:
description:
- Whether this interface leads to demilitarized zone (perimeter network).
type: bool
ip_address_behind_this_interface:
choices:
- not defined
- network defined by the interface ip and net mask
- network defined by routing
- specific
description:
- N/A
type: str
specific_network:
description:
- Network behind this interface.
type: str
type: dict
type: list
ip_address:
description:
- IPv4 or IPv6 address. If both addresses are required use ipv4-address and ipv6-address
fields explicitly.
type: str
ipv4_address:
description:
- IPv4 address.
type: str
ipv6_address:
description:
- IPv6 address.
type: str
vpn_settings:
description:
- Gateway VPN settings.
suboptions:
maximum_concurrent_ike_negotiations:
description:
- N/A
type: int
maximum_concurrent_tunnels:
description:
- N/A
type: int
type: dict
details_level:
choices:
- uid
- standard
- full
description:
- The level of detail for some of the fields in the response can vary from showing
only the UID value of the object to a fully detailed representation of the object.
type: str
ignore_errors:
description:
- Apply changes ignoring errors. You won't be able to publish such a changes. If ignore-warnings
flag was omitted - warnings will also be ignored.
type: bool
logs_settings:
description:
- N/A
suboptions:
alert_when_free_disk_space_below:
description:
- N/A
type: bool
alert_when_free_disk_space_below_threshold:
description:
- N/A
type: int
alert_when_free_disk_space_below_type:
choices:
- none
- log
- popup alert
- mail alert
- snmp trap alert
- user defined alert no.1
- user defined alert no.2
- user defined alert no.3
description:
- N/A
type: str
before_delete_keep_logs_from_the_last_days:
description:
- N/A
type: bool
before_delete_keep_logs_from_the_last_days_threshold:
description:
- N/A
type: int
before_delete_run_script:
description:
- N/A
type: bool
before_delete_run_script_command:
description:
- N/A
type: str
delete_index_files_older_than_days:
description:
- N/A
type: bool
delete_index_files_older_than_days_threshold:
description:
- N/A
type: int
delete_index_files_when_index_size_above:
description:
- N/A
type: bool
delete_index_files_when_index_size_above_threshold:
description:
- N/A
type: int
delete_when_free_disk_space_below:
description:
- N/A
type: bool
delete_when_free_disk_space_below_threshold:
description:
- N/A
type: int
detect_new_citrix_ica_application_names:
description:
- N/A
type: bool
forward_logs_to_log_server:
description:
- N/A
type: bool
forward_logs_to_log_server_name:
description:
- N/A
type: str
forward_logs_to_log_server_schedule_name:
description:
- N/A
type: str
free_disk_space_metrics:
choices:
- mbytes
- percent
description:
- N/A
type: str
perform_log_rotate_before_log_forwarding:
description:
- N/A
type: bool
reject_connections_when_free_disk_space_below_threshold:
description:
- N/A
type: bool
reserve_for_packet_capture_metrics:
choices:
- percent
- mbytes
description:
- N/A
type: str
reserve_for_packet_capture_threshold:
description:
- N/A
type: int
rotate_log_by_file_size:
description:
- N/A
type: bool
rotate_log_file_size_threshold:
description:
- N/A
type: int
rotate_log_on_schedule:
description:
- N/A
type: bool
rotate_log_schedule_name:
description:
- N/A
type: str
stop_logging_when_free_disk_space_below:
description:
- N/A
type: bool
stop_logging_when_free_disk_space_below_threshold:
description:
- N/A
type: int
turn_on_qos_logging:
description:
- N/A
type: bool
update_account_log_every:
description:
- N/A
type: int
type: dict
url_filtering:
description:
- URL Filtering blade enabled.
type: bool
wait_for_task:
default: true
description:
- Wait for the task to end. Such as publish task.
type: bool
ignore_warnings:
description:
- Apply changes ignoring warnings.
type: bool
threat_emulation:
description:
- Threat Emulation blade enabled.
type: bool
content_awareness:
description:
- Content Awareness blade enabled.
type: bool
firewall_settings:
description:
- N/A
suboptions:
auto_calculate_connections_hash_table_size_and_memory_pool:
description:
- N/A
type: bool
auto_maximum_limit_for_concurrent_connections:
description:
- N/A
type: bool
connections_hash_size:
description:
- N/A
type: int
maximum_limit_for_concurrent_connections:
description:
- N/A
type: int
maximum_memory_pool_size:
description:
- N/A
type: int
memory_pool_size:
description:
- N/A
type: int
type: dict
one_time_password:
description:
- N/A
type: str
save_logs_locally:
description:
- Save logs locally on the gateway.
type: bool
threat_extraction:
description:
- Threat Extraction blade enabled.
type: bool
application_control:
description:
- Application Control blade enabled.
type: bool
send_logs_to_server:
description:
- Server(s) to send logs to.
type: list
auto_publish_session:
default: false
description:
- Publish the current session if changes have been performed after task completes.
type: bool
send_alerts_to_server:
description:
- Server(s) to send alerts to.
type: list
wait_for_task_timeout:
default: 30
description:
- How many minutes to wait until throwing a timeout error.
type: int
send_logs_to_backup_server:
description:
- Backup server(s) to send logs to.
type: list
cp_mgmt_simple_gateway: description: The checkpoint object created or updated. returned: always, except when deleting the object. type: dict