check_point / check_point.mgmt / 5.2.1 / module / cp_mgmt_threat_rules Manages THREAT RULES resource module | "added in version" 4.1.0 of check_point.mgmt" Authors: Ansible Team This plugin has a corresponding action plugin.check_point.mgmt.cp_mgmt_threat_rules (5.2.1) — module
Install with ansible-galaxy collection install check_point.mgmt:==5.2.1
collections: - name: check_point.mgmt version: 5.2.1
This resource module allows for addition, deletion, or modification of CP Threat Rules.
This resource module also takes care of gathering Threat Rules config facts
# Using MERGED state # ------------------- - name: To Add Merge Threat-Rules config cp_mgmt_threat_rules: state: merged config: comments: This is the THREAT RULE install_on: Policy Targets layer: IPS name: First threat rule position: 1 protected_scope: All_Internet track: None
# RUN output: # ----------- # mgmt_threat_rules: # after: # action: Optimized # comments: This is the THREAT RULE # destination: # - Any # destination_negate: false # enabled: true # install_on: # - Policy Targets # layer: 90678011-1bcb-4296-8154-fa58c23ecf3b # name: First threat rule # protected_scope: # - All_Internet # protected_scope_negate: false # service: # - Any # service_negate: false # source: # - Any # source_negate: false # track: None # track_settings: # packet_capture: true # before: {} # Using REPLACED state # -------------------- - name: Replace Threat-rule config cp_mgmt_threat_rules: config: comments: This is the REPLACED THREAT RULE install_on: Policy Targets layer: IPS name: First threat rule position: 1 protected_scope: All_Internet track_settings: packet_capture: false state: replaced
# RUN output: # ----------- # mgmt_threat_rules: # after: # action: Optimized # comments: This is the REPLACED THREAT RULE # destination: # - Any # destination_negate: false # enabled: true # install_on: # - Policy Targets # layer: 90678011-1bcb-4296-8154-fa58c23ecf3b # name: First threat rule # protected_scope: # - All_Internet # protected_scope_negate: false # service: # - Any # service_negate: false # source: # - Any # source_negate: false # track: None # track_settings: # packet_capture: false # before: # action: Optimized # comments: This is the THREAT RULE # destination: # - Any # destination_negate: false # enabled: true # install_on: # - Policy Targets # layer: 90678011-1bcb-4296-8154-fa58c23ecf3b # name: First threat rule # protected_scope: # - All_Internet # protected_scope_negate: false # service: # - Any # service_negate: false # source: # - Any # source_negate: false # track: None # track_settings: # packet_capture: true # Using GATHERED state # -------------------- - name: To Gather threat-rule by Name cp_mgmt_threat_rules: config: layer: IPS name: First threat rule state: gathered
# RUN output: # ----------- # gathered: # action: Optimized # comments: This is the THREAT RULE # destination: # - Any # destination_negate: false # domain: SMC User # enabled: true # install_on: # - Policy Targets # layer: 90678011-1bcb-4296-8154-fa58c23ecf3b # name: First threat rule # protected_scope: # - All_Internet # protected_scope_negate: false # service: # - Any # service_negate: false # source: # - Any # source_negate: false # track: None # track_settings: # packet_capture: true # uid: ef832f64-fbe0-4b4e-85b8-8420911c449f # Using DELETED state # ------------------- - name: Delete Threat-rule config by Name and Layer cp_mgmt_threat_rules: config: layer: IPS name: First threat rule state: deleted
state: choices: - merged - replaced - gathered - deleted description: - The state the configuration should be left in - The state I(gathered) will get the module API configuration from the device and transform it into structured data in the format as per the module argspec and the value is returned in the I(gathered) key within the result. type: str config: description: A dictionary of ACCESS RULES options suboptions: action: description: Action-the enforced profile. type: str auto_publish_session: description: - Publish the current session if changes have been performed after task completes. type: bool comments: description: Comments string. type: str destination: description: Collection of Network objects identified by the name or UID. elements: str type: list destination_negate: description: True if negate is set for destination. type: bool details_level: choices: - uid - standard - full description: The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed representation of the object. type: str enabled: description: Enable/Disable the rule. type: bool ignore_errors: description: Apply changes ignoring errors. You won't be able to publish such a changes. If ignore-warnings flag was omitted - warnings will also be ignored. type: bool ignore_warnings: description: Apply changes ignoring warnings. type: bool install_on: description: Which Gateways identified by the name or UID to install the policy on. elements: str type: list layer: description: Layer that the rule belongs to identified by the name or UID. type: str name: description: Rule name. type: str position: description: - Position in the rulebase. - The use of values "top" and "bottom" may not be idempotent. type: str protected_scope: description: Collection of objects defining Protected Scope identified by the name or UID. elements: str type: list protected_scope_negate: description: True if negate is set for Protected Scope. type: bool service: description: Collection of Network objects identified by the name or UID. elements: str type: list service_negate: description: True if negate is set for Service. type: bool source: description: Collection of Network objects identified by the name or UID. elements: str type: list source_negate: description: True if negate is set for source. type: bool track: description: Packet tracking. type: str track_settings: description: Threat rule track settings. suboptions: packet_capture: description: Packet capture. type: bool type: dict version: description: - Version of checkpoint. If not given one, the latest version taken. type: str type: dict
after: description: The resulting configuration after module execution. returned: when changed sample: 'This output will always be in the same format as the module argspec. ' type: dict before: description: The configuration prior to the module execution. returned: when state is I(merged), I(replaced), I(deleted) sample: 'This output will always be in the same format as the module argspec. ' type: dict gathered: description: Facts about the network resource gathered from the remote device as structured data. returned: when state is I(gathered) sample: 'This output will always be in the same format as the module argspec. ' type: dict