check_point / check_point.mgmt / 5.2.2 / module / cp_mgmt_access_rule Manages access-rule objects on Check Point over Web Services API | "added in version" 1.0.0 of check_point.mgmt" Authors: Or Soffer (@chkp-orso) preview | supported by communitycheck_point.mgmt.cp_mgmt_access_rule (5.2.2) — module
Install with ansible-galaxy collection install check_point.mgmt:==5.2.2
collections: - name: check_point.mgmt version: 5.2.2
Manages access-rule objects on Check Point devices including creating, updating and removing objects.
All operations are performed over Web Services API.
- name: add-access-rule cp_mgmt_access_rule: layer: Network name: Rule 1 position: 1 service: - SMTP - AOL vpn: All_GwToGw state: present
- name: set-access-rule cp_mgmt_access_rule: action: Ask action_settings: enable_identity_captive_portal: true limit: Upload_1Gbps layer: Network name: Rule 1 state: present
- name: delete-access-rule cp_mgmt_access_rule: layer: Network name: Rule 2 state: absent
vpn: choices: - Any - All_GwToGw description: - Any or All_GwToGw. type: str name: description: - Object name. required: true type: str time: description: - List of time objects. For example, "Weekend", "Off-Work", "Every-Day". elements: str type: list layer: description: - Layer that the rule belongs to identified by the name or UID. type: str state: choices: - present - absent default: present description: - State of the access rule (present or absent). type: str track: description: - Track Settings. suboptions: accounting: description: - Turns accounting for track on and off. type: bool alert: choices: - none - alert - snmp - mail - user alert 1 - user alert 2 - user alert 3 description: - Type of alert for the track. type: str enable_firewall_session: description: - Determine whether to generate session log to firewall only connections. type: bool per_connection: description: - Determines whether to perform the log per connection. type: bool per_session: description: - Determines whether to perform the log per session. type: bool type: description: - a "Log", "Extended Log", "Detailed Log", "None". type: str type: dict action: description: - a "Accept", "Drop", "Ask", "Inform", "Reject", "User Auth", "Client Auth", "Apply Layer". type: str source: description: - Collection of Network objects identified by the name or UID. elements: str type: list content: description: - List of processed file types that this rule applies on. elements: dict type: list enabled: description: - Enable/Disable the rule. type: bool service: description: - Collection of Network objects identified by the name or UID. elements: str type: list version: description: - Version of checkpoint. If not given one, the latest version taken. type: str comments: description: - Comments string. type: str position: description: - Position in the rulebase. The use of values "top" and "bottom" may not be idempotent. type: str vpn_list: description: - Communities or Directional. elements: dict suboptions: community: description: - List of community name or UID. elements: str type: list directional: description: - Communities directional match condition. elements: dict suboptions: from: description: - From community name or UID. type: str to: description: - To community name or UID. type: str type: list type: list install_on: description: - Which Gateways identified by the name or UID to install the policy on. elements: str type: list user_check: description: - User check settings. suboptions: confirm: choices: - per rule - per category - per application/site - per data type description: - N/A type: str custom_frequency: description: - N/A suboptions: every: description: - N/A type: int unit: choices: - hours - days - weeks - months description: - N/A type: str type: dict frequency: choices: - once a day - once a week - once a month - custom frequency... description: - N/A type: str interaction: description: - N/A type: str type: dict destination: description: - Collection of Network objects identified by the name or UID. elements: str type: list inline_layer: description: - Inline Layer identified by the name or UID. Relevant only if "Action" was set to "Apply Layer". type: str custom_fields: description: - Custom fields. suboptions: field_1: description: - First custom field. type: str field_2: description: - Second custom field. type: str field_3: description: - Third custom field. type: str type: dict details_level: choices: - uid - standard - full description: - The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed representation of the object. type: str ignore_errors: description: - Apply changes ignoring errors. You won't be able to publish such a changes. If ignore-warnings flag was omitted - warnings will also be ignored. type: bool source_negate: description: - True if negate is set for source. type: bool wait_for_task: default: true description: - Wait for the task to end. Such as publish task. type: bool content_negate: description: - True if negate is set for data. type: bool service_negate: description: - True if negate is set for service. type: bool action_settings: description: - Action settings. suboptions: enable_identity_captive_portal: description: - N/A type: bool limit: description: - N/A type: str type: dict ignore_warnings: description: - Apply changes ignoring warnings. type: bool content_direction: choices: - any - up - down description: - On which direction the file types processing is applied. type: str relative_position: description: - Position in the rulebase. - Use of this field may not be idempotent. suboptions: above: description: - Add rule above specific rule/section identified by name (limited to 50 rules if search_entire_rulebase is False). type: str below: description: - Add rule below specific rule/section identified by name (limited to 50 rules if search_entire_rulebase is False). type: str bottom: description: - Add rule to the bottom of a specific section identified by name (limited to 50 rules if search_entire_rulebase is False). type: str top: description: - Add rule to the top of a specific section identified by name (limited to 50 rules if search_entire_rulebase is False). type: str type: dict destination_negate: description: - True if negate is set for destination. type: bool auto_publish_session: default: false description: - Publish the current session if changes have been performed after task completes. type: bool wait_for_task_timeout: default: 30 description: - How many minutes to wait until throwing a timeout error. type: int search_entire_rulebase: default: false description: - Whether to search the entire rulebase for a rule that's been edited in its relative_position field to make sure there indeed has been a change in its position or the section it might be in. type: bool
cp_mgmt_access_rule: description: The checkpoint object created or updated. returned: always, except when deleting the object. type: dict