Try SpotterManages checkpoint-host objects on Checkpoint over Web Services API
| "added in version" 5.0.0 of check_point.mgmt"
Authors: Eden Brillant (@chkp-edenbr)
preview | supported by community
Install with ansible-galaxy collection install check_point.mgmt:==5.2.3
collections:
- name: check_point.mgmt
version: 5.2.3Manages checkpoint-host objects on Checkpoint devices including creating, updating and removing objects.
All operations are performed over Web Services API.
- name: add-checkpoint-host
cp_mgmt_checkpoint_host:
ipv4_address: 5.5.5.5
management_blades:
logging_and_status: true
network_policy_management: true
name: secondarylogserver
state: present
- name: set-checkpoint-host
cp_mgmt_checkpoint_host:
hardware: Smart-1
management_blades:
compliance: true
network_policy_management: true
user_directory: true
name: secondarylogserver
os: Linux
state: present
- name: delete-checkpoint-host
cp_mgmt_checkpoint_host:
name: secondarylogserver
state: absent
os:
description:
- Operating system name.
type: str
name:
description:
- Object name.
required: true
type: str
tags:
description:
- Collection of tag identifiers.
elements: str
type: list
color:
choices:
- aquamarine
- black
- blue
- crete blue
- burlywood
- cyan
- dark green
- khaki
- orchid
- dark orange
- dark sea green
- pink
- turquoise
- dark blue
- firebrick
- brown
- forest green
- gold
- dark gold
- gray
- dark gray
- light green
- lemon chiffon
- coral
- sea green
- sky blue
- magenta
- purple
- slate blue
- violet red
- navy blue
- olive
- orange
- red
- sienna
- yellow
description:
- Color of the object. Should be one of existing colors.
type: str
state:
choices:
- present
- absent
default: present
description:
- State of the access rule (present or absent).
type: str
groups:
description:
- Collection of group identifiers.
elements: str
type: list
version:
description:
- Version of checkpoint. If not given one, the latest version taken.
type: str
comments:
description:
- Comments string.
type: str
hardware:
description:
- Hardware name.
type: str
interfaces:
description:
- Check Point host interfaces.
elements: dict
suboptions:
color:
choices:
- aquamarine
- black
- blue
- crete blue
- burlywood
- cyan
- dark green
- khaki
- orchid
- dark orange
- dark sea green
- pink
- turquoise
- dark blue
- firebrick
- brown
- forest green
- gold
- dark gold
- gray
- dark gray
- light green
- lemon chiffon
- coral
- sea green
- sky blue
- magenta
- purple
- slate blue
- violet red
- navy blue
- olive
- orange
- red
- sienna
- yellow
description:
- Color of the object. Should be one of existing colors.
type: str
comments:
description:
- Comments string.
type: str
details_level:
choices:
- uid
- standard
- full
description:
- The level of detail for some of the fields in the response can vary from showing
only the UID value of the object to a fully detailed representation of the object.
type: str
ignore_errors:
description:
- Apply changes ignoring errors. You won't be able to publish such a changes.
If ignore-warnings flag was omitted - warnings will also be ignored.
type: bool
ignore_warnings:
description:
- Apply changes ignoring warnings.
type: bool
mask_length:
description:
- IPv4 or IPv6 network mask length. If both masks are required use mask-length4
and mask-length6 fields explicitly. Instead of IPv4 mask length it is possible
to specify IPv4 mask itself in subnet-mask field.
type: int
mask_length4:
description:
- IPv4 network mask length.
type: int
mask_length6:
description:
- IPv6 network mask length.
type: int
name:
description:
- Interface name.
type: str
subnet:
description:
- IPv4 or IPv6 network address. If both addresses are required use subnet4 and
subnet6 fields explicitly.
type: str
subnet4:
description:
- IPv4 network address.
type: str
subnet6:
description:
- IPv6 network address.
type: str
subnet_mask:
description:
- IPv4 network mask.
type: str
type: list
ip_address:
description:
- IPv4 or IPv6 address. If both addresses are required use ipv4-address and ipv6-address
fields explicitly.
type: str
ipv4_address:
description:
- IPv4 address.
type: str
ipv6_address:
description:
- IPv6 address.
type: str
nat_settings:
description:
- NAT settings.
suboptions:
auto_rule:
description:
- Whether to add automatic address translation rules.
type: bool
hide_behind:
choices:
- gateway
- ip-address
description:
- Hide behind method. This parameter is forbidden in case "method" parameter is
"static".
type: str
install_on:
description:
- Which gateway should apply the NAT translation.
type: str
ip_address:
description:
- IPv4 or IPv6 address. If both addresses are required use ipv4-address and ipv6-address
fields explicitly. This parameter is not required in case "method" parameter
is "hide" and "hide-behind" parameter is "gateway".
type: str
ipv4_address:
description:
- IPv4 address.
type: str
ipv6_address:
description:
- IPv6 address.
type: str
method:
choices:
- hide
- static
description:
- NAT translation method.
type: str
type: dict
details_level:
choices:
- uid
- standard
- full
description:
- The level of detail for some of the fields in the response can vary from showing
only the UID value of the object to a fully detailed representation of the object.
type: str
ignore_errors:
description:
- Apply changes ignoring errors. You won't be able to publish such a changes. If ignore-warnings
flag was omitted - warnings will also be ignored.
type: bool
logs_settings:
description:
- Logs settings.
suboptions:
accept_syslog_messages:
description:
- Enable accept syslog messages.
type: bool
alert_when_free_disk_space_below:
description:
- Enable alert when free disk space is below threshold.
type: bool
alert_when_free_disk_space_below_threshold:
description:
- Alert when free disk space below threshold.
type: int
alert_when_free_disk_space_below_type:
choices:
- none
- log
- popup alert
- mail alert
- snmp trap alert
- user defined alert no.1
- user defined alert no.2
- user defined alert no.3
description:
- Alert when free disk space below type.
type: str
before_delete_keep_logs_from_the_last_days:
description:
- Enable before delete keep logs from the last days.
type: bool
before_delete_keep_logs_from_the_last_days_threshold:
description:
- Before delete keep logs from the last days threshold.
type: int
before_delete_run_script:
description:
- Enable Before delete run script.
type: bool
before_delete_run_script_command:
description:
- Before delete run script command.
type: str
delete_index_files_older_than_days:
description:
- Enable delete index files older than days.
type: bool
delete_index_files_older_than_days_threshold:
description:
- Delete index files older than days threshold.
type: int
delete_when_free_disk_space_below:
description:
- Enable delete when free disk space below.
type: bool
delete_when_free_disk_space_below_threshold:
description:
- Delete when free disk space below threshold.
type: int
detect_new_citrix_ica_application_names:
description:
- Enable detect new Citrix ICA application names.
type: bool
distribute_logs_between_all_active_servers:
description:
- Distribute logs between all active servers.
type: bool
enable_log_indexing:
description:
- Enable log indexing.
type: bool
forward_logs_to_log_server:
description:
- Enable forward logs to log server.
type: bool
forward_logs_to_log_server_name:
description:
- Forward logs to log server name.
type: str
forward_logs_to_log_server_schedule_name:
description:
- Forward logs to log server schedule name.
type: str
free_disk_space_metrics:
choices:
- mbytes
- percent
description:
- Free disk space metrics.
type: str
rotate_log_by_file_size:
description:
- Enable rotate log by file size.
type: bool
rotate_log_file_size_threshold:
description:
- Log file size threshold.
type: int
rotate_log_on_schedule:
description:
- Enable rotate log on schedule.
type: bool
rotate_log_schedule_name:
description:
- Rotate log schedule name.
type: str
smart_event_intro_correletion_unit:
description:
- Enable SmartEvent intro correlation unit.
type: bool
stop_logging_when_free_disk_space_below:
description:
- Enable stop logging when free disk space below.
type: bool
stop_logging_when_free_disk_space_below_threshold:
description:
- Stop logging when free disk space below threshold.
type: int
turn_on_qos_logging:
description:
- Enable turn on QoS Logging.
type: bool
update_account_log_every:
description:
- Update account log in every amount of seconds.
type: int
type: dict
wait_for_task:
default: true
description:
- Wait for the task to end. Such as publish task.
type: bool
ignore_warnings:
description:
- Apply changes ignoring warnings.
type: bool
management_blades:
description:
- Management blades.
suboptions:
compliance:
description:
- Compliance blade. Can be set when 'network-policy-management' was selected to
be True.
type: bool
endpoint_policy:
description:
- Enable Endpoint Policy. </br>To complete Endpoint Security Management configuration,
perform Install Database on your Endpoint Management Server. </br>Field is not
supported on Multi Domain Server environment.
type: bool
logging_and_status:
description:
- Enable Logging & Status.
type: bool
network_policy_management:
description:
- Enable Network Policy Management.
type: bool
smart_event_correlation:
description:
- Enable SmartEvent Correlation Unit.
type: bool
smart_event_server:
description:
- Enable SmartEvent server. </br>When activating SmartEvent server, blades 'logging-and-status'
and 'smart-event-correlation' should be set to True. </br>To complete SmartEvent
configuration, perform Install Database or Install Policy on your Security Management
servers and Log servers. </br>Activating SmartEvent Server is not recommended
in Management High Availability environment. For more information refer to sk25164.
type: bool
user_directory:
description:
- Enable User Directory. Can be set when 'network-policy-management' was selected
to be True.
type: bool
type: dict
one_time_password:
description:
- Secure internal connection one time password.
type: str
save_logs_locally:
description:
- Enable save logs locally.
type: bool
send_logs_to_server:
description:
- Collection of Server(s) to send logs to identified by the name or UID.
elements: str
type: list
auto_publish_session:
default: false
description:
- Publish the current session if changes have been performed after task completes.
type: bool
send_alerts_to_server:
description:
- Collection of Server(s) to send alerts to identified by the name or UID.
elements: str
type: list
wait_for_task_timeout:
default: 30
description:
- How many minutes to wait until throwing a timeout error.
type: int
check_point_host_version:
description:
- Check Point host platform version.
type: str
send_logs_to_backup_server:
description:
- Collection of Backup server(s) to send logs to identified by the name or UID.
elements: str
type: list
cp_mgmt_checkpoint_host: description: The checkpoint object created or updated. returned: always, except when deleting the object. type: dict