Try SpotterManages interface objects on Checkpoint over Web Services API
| "added in version" 6.0.0 of check_point.mgmt"
Authors: Eden Brillant (@chkp-edenbr)
preview | supported by community
Install with ansible-galaxy collection install check_point.mgmt:==5.2.2
collections:
- name: check_point.mgmt
version: 5.2.2Manages interface objects on Checkpoint devices including creating, updating and removing objects.
All operations are performed over Web Services API.
- name: add-interface
cp_mgmt_interface:
name: eth0
gateway_uid: 20ec49e8-8cd8-4ad4-b204-0de8ae4e0e17
anti_spoofing: true
anti_spoofing_settings:
action: detect
exclude_packets: false
spoof_tracking: log
cluster_members:
- ipv4_address: 2.2.2.1
ipv4_mask_length: 24
ipv4_network_mask: 255.255.255.0
member_name: member1
member_uid: 5cba00d6-fb5f-42f6-b53e-ad0ce0391398
name: eth4
- ipv4_address: 2.2.2.2
ipv4_mask_length: 24
ipv4_network_mask: 255.255.255.0
member_name: member2
member_uid: a02c65d7-a224-4dd5-8f5b-873ee7660aef
name: eth4
cluster_network_type: cluster
ignore_warnings: false
ipv4_address: 1.1.1.111
ipv4_mask_length: 24
security_zone_settings:
auto_calculated: false
auto_calculated_zone: InternalZone
specific_security_zone_enabled: true
specific_zone: InternalZone
state: present
topology: internal
topology_settings:
interface_leads_to_dmz: false
ip_address_behind_this_interface: network defined by routing
- name: set-interface
cp_mgmt_interface:
name: eth0
gateway_uid: 20ec49e8-8cd8-4ad4-b204-0de8ae4e0e17
cluster_members:
- ipv4_address: 4.4.4.1
ipv4_mask_length: 22
member_name: memberReal1
member_uid: b24e85e2-4b96-48f1-9f3c-06d8b6eb79e1
uid: db4f8a63-5a94-46d8-b9e0-a63870bded3d
- ipv4_address: 4.4.4.2
ipv4_mask_length: 22
member_name: memberReal2
member_uid: 44431d9c-bbbc-42ca-a988-df8497b0ce27
uid: baca571e-8ada-4be9-8966-145388f8e238
cluster_network_type: cluster + sync
ipv4_address: 4.4.4.111
ipv4_mask_length: 22
state: present
topology: internal
topology_settings:
ip_address_behind_this_interface: network defined by routing
- name: delete-interface
cp_mgmt_interface:
state: absent
name: eth0
gateway_uid: 20ec49e8-8cd8-4ad4-b204-0de8ae4e0e17
name:
description:
- Network interface name.
required: true
type: str
tags:
description:
- Collection of tag identifiers.
elements: str
type: list
color:
choices:
- aquamarine
- black
- blue
- crete blue
- burlywood
- cyan
- dark green
- khaki
- orchid
- dark orange
- dark sea green
- pink
- turquoise
- dark blue
- firebrick
- brown
- forest green
- gold
- dark gold
- gray
- dark gray
- light green
- lemon chiffon
- coral
- sea green
- sky blue
- magenta
- purple
- slate blue
- violet red
- navy blue
- olive
- orange
- red
- sienna
- yellow
description:
- Color of the object. Should be one of existing colors.
type: str
state:
choices:
- present
- absent
default: present
description:
- State of the access rule (present or absent).
type: str
version:
description:
- Version of checkpoint. If not given one, the latest version taken.
type: str
comments:
description:
- Comments string.
type: str
topology:
choices:
- automatic
- external
- internal
description:
- Topology configuration.
type: str
dynamic_ip:
description:
- Enable dynamic interface.
type: bool
gateway_uid:
description:
- Gateway or cluster object uid that the interface belongs to. <font color="red">Required
only if</font> name was specified.
type: str
ipv4_address:
description:
- IPv4 network address.
type: str
ipv6_address:
description:
- IPv6 address.
type: str
anti_spoofing:
description:
- Enable anti-spoofing.
type: bool
details_level:
choices:
- uid
- standard
- full
description:
- The level of detail for some of the fields in the response can vary from showing
only the UID value of the object to a fully detailed representation of the object.
type: str
ignore_errors:
description:
- Apply changes ignoring errors. You won't be able to publish such a changes. If ignore-warnings
flag was omitted - warnings will also be ignored.
type: bool
wait_for_task:
default: true
description:
- Wait for the task to end. Such as publish task.
type: bool
cluster_members:
description:
- Network interface settings for cluster members.
elements: dict
suboptions:
color:
choices:
- aquamarine
- black
- blue
- crete blue
- burlywood
- cyan
- dark green
- khaki
- orchid
- dark orange
- dark sea green
- pink
- turquoise
- dark blue
- firebrick
- brown
- forest green
- gold
- dark gold
- gray
- dark gray
- light green
- lemon chiffon
- coral
- sea green
- sky blue
- magenta
- purple
- slate blue
- violet red
- navy blue
- olive
- orange
- red
- sienna
- yellow
description:
- Color of the object. Should be one of existing colors.
type: str
comments:
description:
- Comments string.
type: str
details_level:
choices:
- uid
- standard
- full
description:
- The level of detail for some of the fields in the response can vary from showing
only the UID value of the object to a fully detailed representation of the object.
type: str
ignore_errors:
description:
- Apply changes ignoring errors. You won't be able to publish such a changes.
If ignore-warnings flag was omitted - warnings will also be ignored.
type: bool
ignore_warnings:
description:
- Apply changes ignoring warnings.
type: bool
ip_address:
description:
- IPv4 or IPv6 address. If both addresses are required use ipv4-address and ipv6-address
fields explicitly.
type: str
ipv4_address:
description:
- IPv4 address.
type: str
ipv4_mask_length:
description:
- IPv4 network mask length.
type: str
ipv4_network_mask:
description:
- IPv4 network address.
type: str
ipv6_address:
description:
- IPv6 address.
type: str
ipv6_mask_length:
description:
- IPv6 network mask length.
type: str
ipv6_network_mask:
description:
- IPv6 network address.
type: str
mask_length:
description:
- IPv4 or IPv6 network mask length.
type: str
member_name:
description:
- Cluster member object name.
type: str
member_uid:
description:
- Cluster member object uid.
type: str
name:
description:
- Cluster member network interface name.
type: str
network_mask:
description:
- IPv4 or IPv6 network mask. If both masks are required use ipv4-network-mask
and ipv6-network-mask fields explicitly. Instead of providing mask itself it
is possible to specify IPv4 or IPv6 mask length in mask-length field. If both
masks length are required use ipv4-mask-length and ipv6-mask-length fields
explicitly.
type: str
tags:
description:
- Collection of tag identifiers.
elements: str
type: list
type: list
ignore_warnings:
description:
- Apply changes ignoring warnings.
type: bool
ipv4_mask_length:
description:
- IPv4 mask length.
type: int
ipv6_mask_length:
description:
- IPv6 mask length.
type: int
ipv4_network_mask:
description:
- IPv4 network mask.
type: str
ipv6_network_mask:
description:
- IPv6 network mask.
type: str
topology_settings:
description:
- Topology Settings.
suboptions:
interface_leads_to_dmz:
description:
- Whether this interface leads to demilitarized zone (perimeter network).
type: bool
ip_address_behind_this_interface:
choices:
- not defined
- network defined by the interface ip and net mask
- network defined by routing
- specific
description:
- Network settings behind this interface.
type: str
specific_network:
description:
- Network behind this interface.
type: str
specific_network_uid:
description:
- N/A
type: str
type: dict
domains_to_process:
description:
- Indicates which domains to process the commands on. It cannot be used with the details-level
full, must be run from the System Domain only and with ignore-warnings true. Valid
values are, CURRENT_DOMAIN, ALL_DOMAINS_ON_THIS_SERVER.
elements: str
type: list
auto_publish_session:
default: false
description:
- Publish the current session if changes have been performed after task completes.
type: bool
cluster_network_type:
choices:
- cluster
- sync
- cluster + sync
- private
description:
- Cluster interface type.
type: str
monitored_by_cluster:
description:
- When Private is selected as the Cluster interface type, cluster can monitor or not
monitor the interface.
type: bool
wait_for_task_timeout:
default: 30
description:
- How many minutes to wait until throwing a timeout error.
type: int
anti_spoofing_settings:
description:
- Anti Spoofing Settings.
suboptions:
action:
choices:
- prevent
- detect
description:
- If packets will be rejected (the Prevent option) or whether the packets will
be monitored (the Detect option).
type: str
exclude_packets:
description:
- Don't check packets from excluded network.
type: bool
excluded_network_name:
description:
- Excluded network name.
type: str
excluded_network_uid:
description:
- Excluded network UID.
type: str
spoof_tracking:
choices:
- none
- log
- alert
description:
- Spoof tracking.
type: str
type: dict
network_interface_type:
choices:
- alias
- bond
- bridge
- bridge member
- ethernet
- loopback
- 6 in 4 tunnel
- pppoe
- vpn tunnel
- vlan
description:
- Network Interface Type.
type: str
security_zone_settings:
description:
- Security Zone Settings.
suboptions:
auto_calculated:
description:
- Security Zone is calculated according to where the interface leads to.
type: bool
auto_calculated_zone:
description:
- N/A
type: str
auto_calculated_zone_uid:
description:
- N/A
type: str
specific_security_zone_enabled:
description:
- N/A
type: bool
specific_zone:
description:
- Security Zone specified manually.
type: str
type: dict
cp_mgmt_interface: description: The checkpoint object created or updated. returned: always, except when deleting the object. type: dict