Try SpotterManages nat-rule objects on Checkpoint over Web Services API.
| "added in version" 5.0.0 of check_point.mgmt"
Authors: Eden Brillant (@chkp-edenbr)
preview | supported by community
Install with ansible-galaxy collection install check_point.mgmt:==5.2.3
collections:
- name: check_point.mgmt
version: 5.2.3Manages nat-rule objects on Checkpoint devices including creating, updating and removing objects.
Minimum version required is 1.7.1 and JHF with PMTR-88097.
All operations are performed over Web Services API.
- name: add-nat-rule
cp_mgmt_nat_rule:
name: nat_rule1
comments: comment example1 nat999
enabled: false
install_on:
- Policy Targets
original_destination: All_Internet
original_source: Any
package: standard
position: 1
state: present
- name: set-nat-rule
cp_mgmt_nat_rule:
name: nat_rule1
comments: rule for RND members RNDNetwork-> RND to Internal Network
enabled: false
original_service: ssh_version_2
original_source: Any
package: standard
state: present
- name: delete-nat-rule
cp_mgmt_nat_rule:
name: nat_rule1
package: standard
state: absent
name:
description:
- Rule name.
required: true
type: str
state:
choices:
- present
- absent
default: present
description:
- State of the access rule (present or absent).
type: str
method:
choices:
- static
- hide
- nat64
- nat46
- cgnat
description:
- Nat method.
type: str
enabled:
description:
- Enable/Disable the rule.
type: bool
package:
description:
- Name of the package.
type: str
version:
description:
- Version of checkpoint. If not given one, the latest version taken.
type: str
comments:
description:
- Comments string.
type: str
position:
description:
- Position in the rulebase. The use of values "top" and "bottom" may not be idempotent.
type: str
install_on:
description:
- Which Gateways identified by the name or UID to install the policy on.
elements: str
type: list
details_level:
choices:
- uid
- standard
- full
description:
- The level of detail for some of the fields in the response can vary from showing
only the UID value of the object to a fully detailed representation of the object.
type: str
ignore_errors:
description:
- Apply changes ignoring errors. You won't be able to publish such a changes. If ignore-warnings
flag was omitted - warnings will also be ignored.
type: bool
wait_for_task:
default: true
description:
- Wait for the task to end. Such as publish task.
type: bool
ignore_warnings:
description:
- Apply changes ignoring warnings.
type: bool
original_source:
description:
- Original source.
type: str
original_service:
description:
- Original service.
type: str
relative_position:
description:
- Position in the rulebase.
- Use of this field may not be idempotent.
suboptions:
above:
description:
- Add rule above specific rule/section identified by name (limited to 50 rules
if search_entire_rulebase is False).
type: str
below:
description:
- Add rule below specific rule/section identified by name (limited to 50 rules
if search_entire_rulebase is False).
type: str
bottom:
description:
- Add rule to the bottom of a specific section identified by name (limited to
50 rules if search_entire_rulebase is False).
type: str
top:
description:
- Add rule to the top of a specific section identified by name (limited to 50
rules if search_entire_rulebase is False).
type: str
type: dict
translated_source:
description:
- Translated source.
type: str
translated_service:
description:
- Translated service.
type: str
auto_publish_session:
default: false
description:
- Publish the current session if changes have been performed after task completes.
type: bool
original_destination:
description:
- Original destination.
type: str
wait_for_task_timeout:
default: 30
description:
- How many minutes to wait until throwing a timeout error.
type: int
search_entire_rulebase:
default: false
description:
- Whether to search the entire rulebase for a rule that's been edited in its relative_position
field to make sure there indeed has been a change in its position or the section
it might be in.
type: bool
translated_destination:
description:
- Translated destination.
type: str
cp_mgmt_nat_rule: description: The checkpoint object created or updated. returned: always, except when deleting the object. type: dict