Try SpotterManages threat-exception objects on Check Point over Web Services API
| "added in version" 2.9 of ansible.builtin"
Authors: Or Soffer (@chkp-orso)
preview | supported by community
pipInstall with pip install ansible==2.9.17
Manages threat-exception objects on Check Point devices including creating, updating and removing objects.
All operations are performed over Web Services API.
- name: add-threat-exception
cp_mgmt_threat_exception:
layer: New Layer 1
name: Exception Rule
position: 1
protected_scope: All_Internet
rule_name: Threat Rule 1
state: present
track: Log
- name: set-threat-exception
cp_mgmt_threat_exception:
layer: New Layer 1
name: Exception Rule
rule_name: Threat Rule 1
state: present
- name: delete-threat-exception
cp_mgmt_threat_exception:
name: Exception Rule
layer: New Layer 1
rule_name: Threat Rule 1
state: absent
name:
description:
- The name of the exception.
required: true
type: str
layer:
description:
- Layer that the rule belongs to identified by the name or UID.
type: str
state:
choices:
- present
- absent
default: present
description:
- State of the access rule (present or absent).
type: str
track:
description:
- Packet tracking.
type: str
action:
description:
- Action-the enforced profile.
type: str
source:
description:
- Collection of Network objects identified by the name or UID.
type: list
enabled:
description:
- Enable/Disable the rule.
type: bool
service:
description:
- Collection of Network objects identified by the name or UID.
type: list
version:
description:
- Version of checkpoint. If not given one, the latest version taken.
type: str
comments:
description:
- Comments string.
type: str
position:
description:
- Position in the rulebase.
type: str
rule_name:
description:
- The name of the parent rule.
type: str
install_on:
description:
- Which Gateways identified by the name or UID to install the policy on.
type: list
destination:
description:
- Collection of Network objects identified by the name or UID.
type: list
details_level:
choices:
- uid
- standard
- full
description:
- The level of detail for some of the fields in the response can vary from showing
only the UID value of the object to a fully detailed representation of the object.
type: str
ignore_errors:
description:
- Apply changes ignoring errors. You won't be able to publish such a changes. If ignore-warnings
flag was omitted - warnings will also be ignored.
type: bool
source_negate:
description:
- True if negate is set for source.
type: bool
wait_for_task:
default: true
description:
- Wait for the task to end. Such as publish task.
type: bool
service_negate:
description:
- True if negate is set for Service.
type: bool
ignore_warnings:
description:
- Apply changes ignoring warnings.
type: bool
protected_scope:
description:
- Collection of objects defining Protected Scope identified by the name or UID.
type: list
destination_negate:
description:
- True if negate is set for destination.
type: bool
protection_or_site:
description:
- Name of the protection or site.
type: list
exception_group_uid:
description:
- The UID of the exception-group.
type: str
auto_publish_session:
default: false
description:
- Publish the current session if changes have been performed after task completes.
type: bool
exception_group_name:
description:
- The name of the exception-group.
type: str
wait_for_task_timeout:
default: 30
description:
- How many minutes to wait until throwing a timeout error.
type: int
protected_scope_negate:
description:
- True if negate is set for Protected Scope.
type: bool
cp_mgmt_threat_exception: description: The checkpoint object created or updated. returned: always, except when deleting the object. type: dict