check_point / check_point.mgmt / 5.2.2 / module / cp_mgmt_simple_cluster Manages simple-cluster objects on Checkpoint over Web Services API | "added in version" 3.0.0 of check_point.mgmt" Authors: Eden Brillant (@chkp-edenbr) preview | supported by communitycheck_point.mgmt.cp_mgmt_simple_cluster (5.2.2) — module
Install with ansible-galaxy collection install check_point.mgmt:==5.2.2
collections: - name: check_point.mgmt version: 5.2.2
Manages simple-cluster objects on Checkpoint devices including creating, updating and removing objects.
All operations are performed over Web Services API.
- name: add-simple-cluster cp_mgmt_simple_cluster: cluster_mode: cluster-xl-ha color: yellow firewall: true interfaces: - anti_spoofing: true interface_type: cluster ip_address: 17.23.5.1 name: eth0 network_mask: 255.255.255.0 topology: EXTERNAL - interface_type: sync name: eth1 topology: INTERNAL topology_settings: interface_leads_to_dmz: false ip_address_behind_this_interface: network defined by the interface ip and net mask - anti_spoofing: true interface_type: cluster ip_address: 192.168.1.1 name: eth2 network_mask: 255.255.255.0 topology: INTERNAL topology_settings: interface_leads_to_dmz: false ip_address_behind_this_interface: network defined by the interface ip and net mask ip_address: 17.23.5.1 members: - interfaces: - ip_address: 17.23.5.2 name: eth0 network_mask: 255.255.255.0 - ip_address: 1.1.2.4 name: eth1 network_mask: 255.255.255.0 - ip_address: 192.168.1.2 name: eth2 network_mask: 255.255.255.0 ip_address: 17.23.5.2 name: member1 one_time_password: abcd - interfaces: - ip_address: 17.23.5.3 name: eth0 network_mask: 255.255.255.0 - ip_address: 1.1.2.5 name: eth1 network_mask: 255.255.255.0 - ip_address: 192.168.1.3 name: eth2 network_mask: 255.255.255.0 ip_address: 17.23.5.3 name: member2 one_time_password: abcd name: cluster1 os_name: Gaia state: present cluster_version: R80.30
- name: set-simple-cluster cp_mgmt_simple_cluster: name: cluster1 state: present
- name: delete-simple-cluster cp_mgmt_simple_cluster: name: cluster1 state: absent
ips: description: - Intrusion Prevention System blade enabled. type: bool vpn: description: - VPN blade enabled. type: bool name: description: - Object name. required: true type: str tags: description: - Collection of tag identifiers. elements: str type: list color: choices: - aquamarine - black - blue - crete blue - burlywood - cyan - dark green - khaki - orchid - dark orange - dark sea green - pink - turquoise - dark blue - firebrick - brown - forest green - gold - dark gold - gray - dark gray - light green - lemon chiffon - coral - sea green - sky blue - magenta - purple - slate blue - violet red - navy blue - olive - orange - red - sienna - yellow description: - Color of the object. Should be one of existing colors. type: str state: choices: - present - absent default: present description: - State of the access rule (present or absent). type: str groups: description: - Collection of group identifiers. elements: str type: list members: description: - Cluster members list. Only new cluster member can be added. Adding existing gateway is not supported. elements: dict suboptions: color: choices: - aquamarine - black - blue - crete blue - burlywood - cyan - dark green - khaki - orchid - dark orange - dark sea green - pink - turquoise - dark blue - firebrick - brown - forest green - gold - dark gold - gray - dark gray - light green - lemon chiffon - coral - sea green - sky blue - magenta - purple - slate blue - violet red - navy blue - olive - orange - red - sienna - yellow description: - Color of the object. Should be one of existing colors. type: str comments: description: - Comments string. type: str details_level: choices: - uid - standard - full description: - The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed representation of the object. type: str ignore_errors: description: - Apply changes ignoring errors. You won't be able to publish such a changes. If ignore-warnings flag was omitted - warnings will also be ignored. type: bool ignore_warnings: description: - Apply changes ignoring warnings. type: bool interfaces: description: - Cluster Member network interfaces. elements: dict suboptions: anti_spoofing: description: - N/A type: bool anti_spoofing_settings: description: - N/A suboptions: action: choices: - prevent - detect description: - If packets will be rejected (the Prevent option) or whether the packets will be monitored (the Detect option). type: str exclude_packets: description: - Don't check packets from excluded network. type: bool excluded_network_name: description: - Excluded network name. type: str excluded_network_uid: description: - Excluded network UID. type: str spoof_tracking: choices: - none - log - alert description: - Spoof tracking. type: str type: dict color: choices: - aquamarine - black - blue - crete blue - burlywood - cyan - dark green - khaki - orchid - dark orange - dark sea green - pink - turquoise - dark blue - firebrick - brown - forest green - gold - dark gold - gray - dark gray - light green - lemon chiffon - coral - sea green - sky blue - magenta - purple - slate blue - violet red - navy blue - olive - orange - red - sienna - yellow description: - Color of the object. Should be one of existing colors. type: str comments: description: - Comments string. type: str details_level: choices: - uid - standard - full description: - The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed representation of the object. type: str ignore_errors: description: - Apply changes ignoring errors. You won't be able to publish such a changes. If ignore-warnings flag was omitted - warnings will also be ignored. type: bool ignore_warnings: description: - Apply changes ignoring warnings. type: bool ip_address: description: - IPv4 or IPv6 address. If both addresses are required use ipv4-address and ipv6-address fields explicitly. type: str ipv4_address: description: - IPv4 address. type: str ipv4_mask_length: description: - IPv4 network mask length. type: str ipv4_network_mask: description: - IPv4 network address. type: str ipv6_address: description: - IPv6 address. type: str ipv6_mask_length: description: - IPv6 network mask length. type: str ipv6_network_mask: description: - IPv6 network address. type: str mask_length: description: - IPv4 or IPv6 network mask length. type: str name: description: - Object name. type: str network_mask: description: - IPv4 or IPv6 network mask. If both masks are required use ipv4-network-mask and ipv6-network-mask fields explicitly. Instead of providing mask itself it is possible to specify IPv4 or IPv6 mask length in mask-length field. If both masks length are required use ipv4-mask-length and ipv6-mask-length fields explicitly. type: str security_zone: description: - N/A type: bool security_zone_settings: description: - N/A suboptions: auto_calculated: description: - Security Zone is calculated according to where the interface leads to. type: bool specific_zone: description: - Security Zone specified manually. type: str type: dict tags: description: - Collection of tag identifiers. elements: str type: list topology: choices: - automatic - external - internal description: - N/A type: str topology_settings: description: - N/A suboptions: interface_leads_to_dmz: description: - Whether this interface leads to demilitarized zone (perimeter network). type: bool ip_address_behind_this_interface: choices: - not defined - network defined by the interface ip and net mask - network defined by routing - specific description: - Network settings behind this interface. type: str specific_network: description: - Network behind this interface. type: str type: dict type: list ip_address: description: - IPv4 or IPv6 address. If both addresses are required use ipv4-address and ipv6-address fields explicitly. type: str ipv4_address: description: - IPv4 address. type: str ipv6_address: description: - IPv6 address. type: str name: description: - Object name. type: str one_time_password: description: - N/A type: str tags: description: - Collection of tag identifiers. elements: str type: list type: list os_name: description: - Cluster platform operating system. type: str version: description: - Version of checkpoint. If not given one, the latest version taken. type: str anti_bot: description: - Anti-Bot blade enabled. type: bool comments: description: - Comments string. type: str firewall: description: - Firewall blade enabled. type: bool hardware: description: - Cluster platform hardware. type: str anti_virus: description: - Anti-Virus blade enabled. type: bool interfaces: description: - N/A elements: dict suboptions: anti_spoofing: description: - N/A type: bool anti_spoofing_settings: description: - N/A suboptions: action: choices: - prevent - detect description: - If packets will be rejected (the Prevent option) or whether the packets will be monitored (the Detect option). type: str exclude_packets: description: - Don't check packets from excluded network. type: bool excluded_network_name: description: - Excluded network name. type: str excluded_network_uid: description: - Excluded network UID. type: str spoof_tracking: choices: - none - log - alert description: - Spoof tracking. type: str type: dict color: choices: - aquamarine - black - blue - crete blue - burlywood - cyan - dark green - khaki - orchid - dark orange - dark sea green - pink - turquoise - dark blue - firebrick - brown - forest green - gold - dark gold - gray - dark gray - light green - lemon chiffon - coral - sea green - sky blue - magenta - purple - slate blue - violet red - navy blue - olive - orange - red - sienna - yellow description: - Color of the object. Should be one of existing colors. type: str comments: description: - Comments string. type: str details_level: choices: - uid - standard - full description: - The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed representation of the object. type: str ignore_errors: description: - Apply changes ignoring errors. You won't be able to publish such a changes. If ignore-warnings flag was omitted - warnings will also be ignored. type: bool ignore_warnings: description: - Apply changes ignoring warnings. type: bool interface_type: choices: - cluster - sync - cluster + sync - private description: - Cluster interface type. type: str ip_address: description: - IPv4 or IPv6 address. If both addresses are required use ipv4-address and ipv6-address fields explicitly. type: str ipv4_address: description: - IPv4 address. type: str ipv4_mask_length: description: - IPv4 network mask length. type: str ipv4_network_mask: description: - IPv4 network address. type: str ipv6_address: description: - IPv6 address. type: str ipv6_mask_length: description: - IPv6 network mask length. type: str ipv6_network_mask: description: - IPv6 network address. type: str mask_length: description: - IPv4 or IPv6 network mask length. type: str multicast_address: description: - Multicast IP Address. type: str multicast_address_type: choices: - manual - default description: - Multicast Address Type. type: str name: description: - Object name. type: str network_mask: description: - IPv4 or IPv6 network mask. If both masks are required use ipv4-network-mask and ipv6-network-mask fields explicitly. Instead of providing mask itself it is possible to specify IPv4 or IPv6 mask length in mask-length field. If both masks length are required use ipv4-mask-length and ipv6-mask-length fields explicitly. type: str security_zone: description: - N/A type: bool security_zone_settings: description: - N/A suboptions: auto_calculated: description: - Security Zone is calculated according to where the interface leads to. type: bool specific_zone: description: - Security Zone specified manually. type: str type: dict tags: description: - Collection of tag identifiers. elements: str type: list topology: choices: - automatic - external - internal description: - N/A type: str topology_settings: description: - N/A suboptions: interface_leads_to_dmz: description: - Whether this interface leads to demilitarized zone (perimeter network). type: bool ip_address_behind_this_interface: choices: - not defined - network defined by the interface ip and net mask - network defined by routing - specific description: - Network settings behind this interface. type: str specific_network: description: - Network behind this interface. type: str type: dict type: list ip_address: description: - IPv4 or IPv6 address. If both addresses are required use ipv4-address and ipv6-address fields explicitly. type: str cluster_mode: choices: - cluster-xl-ha - cluster-ls-multicast - cluster-ls-unicast - opsec-ha - opsec-ls description: - Cluster mode. type: str ipv4_address: description: - IPv4 address. type: str ipv6_address: description: - IPv6 address. type: str vpn_settings: description: - Gateway VPN settings. suboptions: authentication: description: - Authentication. suboptions: authentication_clients: description: - Collection of VPN Authentication clients identified by the name or UID. elements: str type: list type: dict link_selection: description: - Link Selection. suboptions: dns_resolving_hostname: description: - DNS Resolving Hostname. Must be set when "ip-selection" was selected to be "dns-resolving-from-hostname". type: str ip_address: description: - IP Address. Must be set when "ip-selection" was selected to be "use-selected-address-from-topology" or "use-statically-nated-ip". type: str ip_selection: choices: - use-main-address - use-selected-address-from-topology - use-statically-nated-ip - calculated-ip-based-on-topology - dns-resolving-from-hostname - dns-resolving-from-gateway-and-domain-name - use-probing-with-high-availability - use-probing-with-load-sharing - use-one-time-probing description: - N/A type: str type: dict maximum_concurrent_ike_negotiations: description: - N/A type: int maximum_concurrent_tunnels: description: - N/A type: int office_mode: description: - Office Mode. Notation Wide Impact - Office Mode apply IPSec VPN Software Blade clients and to the Mobile Access Software Blade clients. suboptions: allocate_ip_address_from: description: - Allocate IP address Method. Allocate IP address by sequentially trying the given methods until success. suboptions: allocate_method: choices: - manual - automatic description: - Using either Manual (IP Pool) or Automatic (DHCP). Must be set when "use-allocate-method" is true. type: str dhcp_mac_address: choices: - per-machine - per-user description: - Calculated MAC address for DHCP allocation. Must be set when "allocate-method" was selected to be "automatic". type: str dhcp_server: description: - DHCP Server. Identified by name or UID. Must be set when "allocate-method" was selected to be "automatic". type: str manual_network: description: - Manual Network. Identified by name or UID. Must be set when "allocate-method" was selected to be "manual". type: str optional_parameters: description: - This configuration applies to all Office Mode methods except Automatic (using DHCP) and ipassignment.conf entries which contain this data. suboptions: dns_suffixes: description: - DNS Suffixes. type: str first_backup_dns_server: description: - First Backup DNS Server. Identified by name or UID. Must be set when "use-first-backup-dns-server" is true and can not be set when "use-first-backup-dns-server" is false. type: str first_backup_wins_server: description: - First Backup WINS Server. Identified by name or UID. Must be set when "use-first-backup-wins-server" is true and can not be set when "use-first-backup-wins-server" is false. type: str ip_lease_duration: description: - IP Lease Duration in Minutes. The value must be in the range 2-32767. type: int primary_dns_server: description: - Primary DNS Server. Identified by name or UID. Must be set when "use-primary-dns-server" is true and can not be set when "use-primary-dns-server" is false. type: str primary_wins_server: description: - Primary WINS Server. Identified by name or UID. Must be set when "use-primary-wins-server" is true and can not be set when "use-primary-wins-server" is false. type: str second_backup_dns_server: description: - Second Backup DNS Server. Identified by name or UID. Must be set when "use-second-backup-dns-server" is true and can not be set when "use-second-backup-dns-server" is false. type: str second_backup_wins_server: description: - Second Backup WINS Server. Identified by name or UID. Must be set when "use-second-backup-wins-server" is true and can not be set when "use-second-backup-wins-server" is false. type: str use_first_backup_dns_server: description: - Use First Backup DNS Server. type: bool use_first_backup_wins_server: description: - Use First Backup WINS Server. type: bool use_primary_dns_server: description: - Use Primary DNS Server. type: bool use_primary_wins_server: description: - Use Primary WINS Server. type: bool use_second_backup_dns_server: description: - Use Second Backup DNS Server. type: bool use_second_backup_wins_server: description: - Use Second Backup WINS Server. type: bool type: dict radius_server: description: - Radius server used to authenticate the user. type: bool use_allocate_method: description: - Use Allocate Method. type: bool virtual_ip_address: description: - Virtual IPV4 address for DHCP server replies. Must be set when "allocate-method" was selected to be "automatic". type: str type: dict anti_spoofing_additional_addresses: description: - Additional IP Addresses for Anti-Spoofing. Identified by name or UID. Must be set when "perform-anti-spoofings" is true. type: str group: description: - Group. Identified by name or UID. Must be set when "office-mode-permissions" was selected to be "group". type: str mode: choices: - 'off' - specific-group - all-users description: - Office Mode Permissions.When selected to be "off", all the other definitions are irrelevant. type: str perform_anti_spoofing: description: - Perform Anti-Spoofing on Office Mode addresses. type: bool support_multiple_interfaces: description: - Support connectivity enhancement for gateways with multiple external interfaces. type: bool type: dict remote_access: description: - Remote Access. suboptions: allow_vpn_clients_to_route_traffic: description: - Allow VPN clients to route traffic. type: bool l2tp_auth_method: choices: - certificate - md5 description: - L2TP Authentication Method. Must be set when "support-l2tp" is true. type: str l2tp_certificate: description: - L2TP Certificate. Must be set when "l2tp-auth-method" was selected to be "certificate". Insert "defaultCert" when you want to use the default certificate. type: str nat_traversal_service: description: - Allocated NAT traversal UDP service. Identified by name or UID. Must be set when "support-nat-traversal-mechanism" is true. type: str support_l2tp: description: - Support L2TP (relevant only when office mode is active). type: bool support_nat_traversal_mechanism: description: - Support NAT traversal mechanism (UDP encapsulation). type: bool support_visitor_mode: description: - Support Visitor Mode. type: bool visitor_mode_interface: description: - Interface for Visitor Mode. Must be set when "support-visitor-mode" is true. Insert IPV4 Address of existing interface or "All IPs" when you want all interfaces. type: str visitor_mode_service: description: - TCP Service for Visitor Mode. Identified by name or UID. Must be set when "support-visitor-mode" is true. type: str type: dict vpn_domain: description: - Gateway VPN domain identified by the name or UID. type: str vpn_domain_type: choices: - manual - addresses_behind_gw description: - Gateway VPN domain type. type: str type: dict details_level: choices: - uid - standard - full description: - The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed representation of the object. type: str ignore_errors: description: - Apply changes ignoring errors. You won't be able to publish such a changes. If ignore-warnings flag was omitted - warnings will also be ignored. type: bool url_filtering: description: - URL Filtering blade enabled. type: bool wait_for_task: default: true description: - Wait for the task to end. Such as publish task. type: bool cluster_version: description: - Cluster platform version. type: str ignore_warnings: description: - Apply changes ignoring warnings. type: bool threat_emulation: description: - Threat Emulation blade enabled. type: bool content_awareness: description: - Content Awareness blade enabled. type: bool firewall_settings: description: - N/A suboptions: auto_calculate_connections_hash_table_size_and_memory_pool: description: - N/A type: bool auto_maximum_limit_for_concurrent_connections: description: - N/A type: bool connections_hash_size: description: - N/A type: int maximum_limit_for_concurrent_connections: description: - N/A type: int maximum_memory_pool_size: description: - N/A type: int memory_pool_size: description: - N/A type: int type: dict threat_extraction: description: - Threat Extraction blade enabled. type: bool application_control: description: - Application Control blade enabled. type: bool send_logs_to_server: description: - Server(s) to send logs to. elements: str type: list auto_publish_session: default: false description: - Publish the current session if changes have been performed after task completes. type: bool send_alerts_to_server: description: - Server(s) to send alerts to. elements: str type: list wait_for_task_timeout: default: 30 description: - How many minutes to wait until throwing a timeout error. type: int threat_prevention_mode: choices: - autonomous - custom description: - The mode of Threat Prevention to use. When using Autonomous Threat Prevention, disabling the Threat Prevention blades is not allowed. type: str platform_portal_settings: description: - Platform portal settings. suboptions: accessibility: description: - Configuration of the portal access settings. suboptions: allow_access_from: choices: - rule_base - internal_interfaces - all_interfaces description: - Allowed access to the web portal (based on interfaces, or security policy). type: str internal_access_settings: description: - Configuration of the additional portal access settings for internal interfaces only. suboptions: dmz: description: - Controls portal access settings for internal interfaces, whose topology is set to 'DMZ'. type: bool undefined: description: - Controls portal access settings for internal interfaces, whose topology is set to 'Undefined'. type: bool vpn: description: - Controls portal access settings for interfaces that are part of a VPN Encryption Domain. type: bool type: dict type: dict certificate_settings: description: - Configuration of the portal certificate settings. suboptions: base64_certificate: description: - The certificate file encoded in Base64 with padding. This file must be in the *.p12 format. type: str base64_password: description: - Password (encoded in Base64 with padding) for the certificate file. type: str type: dict portal_web_settings: description: - Configuration of the portal web settings. suboptions: aliases: description: - List of URL aliases that are redirected to the main portal URL. elements: str type: list ip_address: description: - Optional, IP address for the web portal to use, if your DNS server fails to resolve the main portal URL. Note, If your DNS server resolves the main portal URL, this IP address is ignored. type: str main_url: description: - The main URL for the web portal. type: str type: dict type: dict show_portals_certificate: description: - Indicates whether to show the portals certificate value in the reply. type: bool usercheck_portal_settings: description: - UserCheck portal settings. suboptions: accessibility: description: - Configuration of the portal access settings. suboptions: allow_access_from: choices: - rule_base - internal_interfaces - all_interfaces description: - Allowed access to the web portal (based on interfaces, or security policy). type: str internal_access_settings: description: - Configuration of the additional portal access settings for internal interfaces only. suboptions: dmz: description: - Controls portal access settings for internal interfaces, whose topology is set to 'DMZ'. type: bool undefined: description: - Controls portal access settings for internal interfaces, whose topology is set to 'Undefined'. type: bool vpn: description: - Controls portal access settings for interfaces that are part of a VPN Encryption Domain. type: bool type: dict type: dict certificate_settings: description: - Configuration of the portal certificate settings. suboptions: base64_certificate: description: - The certificate file encoded in Base64 with padding. This file must be in the *.p12 format. type: str base64_password: description: - Password (encoded in Base64 with padding) for the certificate file. type: str type: dict enabled: description: - State of the web portal (enabled or disabled). The supported blades are, {'Application Control', 'URL Filtering', 'Data Loss Prevention', 'Anti Virus', 'Anti Bot', 'Threat Emulation', 'Threat Extraction', 'Data Awareness'}. type: bool portal_web_settings: description: - Configuration of the portal web settings. suboptions: aliases: description: - List of URL aliases that are redirected to the main portal URL. elements: str type: list ip_address: description: - Optional, IP address for the web portal to use, if your DNS server fails to resolve the main portal URL. Note, If your DNS server resolves the main portal URL, this IP address is ignored. type: str main_url: description: - The main URL for the web portal. type: str type: dict type: dict send_logs_to_backup_server: description: - Backup server(s) to send logs to. elements: str type: list
cp_mgmt_simple_cluster: description: The checkpoint object created or updated. returned: always, except when deleting the object. type: dict