Try SpotterManages vpn-community-star objects on Check Point over Web Services API
| "added in version" 1.0.0 of check_point.mgmt"
Authors: Or Soffer (@chkp-orso)
preview | supported by community
Install with ansible-galaxy collection install check_point.mgmt:==5.2.3
collections:
- name: check_point.mgmt
version: 5.2.3Manages vpn-community-star objects on Check Point devices including creating, updating and removing objects.
All operations are performed over Web Services API.
- name: add-vpn-community-star
cp_mgmt_vpn_community_star:
center_gateways: Second_Security_Gateway
encryption_method: prefer ikev2 but support ikev1
encryption_suite: custom
ike_phase_1:
data_integrity: sha1
diffie_hellman_group: group 19
encryption_algorithm: aes-128
ike_phase_2:
data_integrity: aes-xcbc
encryption_algorithm: aes-gcm-128
name: New_VPN_Community_Star_1
state: present
- name: set-vpn-community-star
cp_mgmt_vpn_community_star:
encryption_method: ikev2 only
encryption_suite: custom
ike_phase_1:
data_integrity: sha1
diffie_hellman_group: group 19
encryption_algorithm: aes-128
ike_phase_2:
data_integrity: aes-xcbc
encryption_algorithm: aes-gcm-128
name: New_VPN_Community_Star_1
state: present
- name: delete-vpn-community-star
cp_mgmt_vpn_community_star:
name: New_VPN_Community_Star_1
state: absent
name:
description:
- Object name.
required: true
type: str
tags:
description:
- Collection of tag identifiers.
elements: str
type: list
color:
choices:
- aquamarine
- black
- blue
- crete blue
- burlywood
- cyan
- dark green
- khaki
- orchid
- dark orange
- dark sea green
- pink
- turquoise
- dark blue
- firebrick
- brown
- forest green
- gold
- dark gold
- gray
- dark gray
- light green
- lemon chiffon
- coral
- sea green
- sky blue
- magenta
- purple
- slate blue
- violet red
- navy blue
- olive
- orange
- red
- sienna
- yellow
description:
- Color of the object. Should be one of existing colors.
type: str
state:
choices:
- present
- absent
default: present
description:
- State of the access rule (present or absent).
type: str
version:
description:
- Version of checkpoint. If not given one, the latest version taken.
type: str
comments:
description:
- Comments string.
type: str
ike_phase_1:
description:
- Ike Phase 1 settings. Only applicable when the encryption-suite is set to [custom].
suboptions:
data_integrity:
choices:
- aes-xcbc
- sha1
- sha256
- sha384
- md5
description:
- The hash algorithm to be used.
type: str
diffie_hellman_group:
choices:
- group-1
- group-2
- group-5
- group-14
- group-19
- group-20
description:
- The Diffie-Hellman group to be used.
type: str
encryption_algorithm:
choices:
- cast
- aes-256
- des
- aes-128
- 3des
description:
- The encryption algorithm to be used.
type: str
ike_p1_rekey_time:
description:
- Indicates the time interval for IKE phase 1 renegotiation.
type: int
version_added: 5.1.0
version_added_collection: check_point.mgmt
ike_p1_rekey_time_unit:
choices:
- days
- hours
- minutes
- seconds
description:
- Indicates the time unit for [ike-p1-rekey-time-unit] parameter, rounded up to
minutes scale.
type: str
version_added: 5.1.0
version_added_collection: check_point.mgmt
type: dict
ike_phase_2:
description:
- Ike Phase 2 settings. Only applicable when the encryption-suite is set to [custom].
suboptions:
data_integrity:
choices:
- aes-xcbc
- sha1
- sha256
- sha384
- md5
description:
- The hash algorithm to be used.
type: str
encryption_algorithm:
choices:
- cast
- aes-gcm-256
- cast-40
- aes-256
- des
- aes-128
- 3des
- des-40cp
- aes-gcm-128
- none
description:
- The encryption algorithm to be used.
type: str
ike_p2_pfs_dh_grp:
choices:
- group-1
- group-2
- group-5
- group-14
- group-15
- group-16
- group-17
- group-18
- group-19
- group-20
- group-24
description:
- The Diffie-Hellman group to be used.
type: str
version_added: 5.1.0
version_added_collection: check_point.mgmt
ike_p2_rekey_time:
description:
- Indicates the time interval for IKE phase 2 renegotiation.
type: int
version_added: 5.1.0
version_added_collection: check_point.mgmt
ike_p2_rekey_time_unit:
choices:
- days
- hours
- minutes
- seconds
description:
- Indicates the time unit for [ike-p2-rekey-time-unit] parameter.
type: str
version_added: 5.1.0
version_added_collection: check_point.mgmt
ike_p2_use_pfs:
description:
- Indicates whether Perfect Forward Secrecy (PFS) is being used for IKE phase
2.
type: bool
version_added: 5.1.0
version_added_collection: check_point.mgmt
type: dict
details_level:
choices:
- uid
- standard
- full
description:
- The level of detail for some of the fields in the response can vary from showing
only the UID value of the object to a fully detailed representation of the object.
type: str
ignore_errors:
description:
- Apply changes ignoring errors. You won't be able to publish such a changes. If ignore-warnings
flag was omitted - warnings will also be ignored.
type: bool
wait_for_task:
default: true
description:
- Wait for the task to end. Such as publish task.
type: bool
shared_secrets:
description:
- Shared secrets for external gateways.
elements: dict
suboptions:
external_gateway:
description:
- External gateway identified by the name or UID.
type: str
shared_secret:
description:
- Shared secret.
type: str
type: list
center_gateways:
description:
- Collection of center VPN Gateway and VPN Device objects identified by the name or
UID.
elements: str
type: list
ignore_warnings:
description:
- Apply changes ignoring warnings.
type: bool
encryption_suite:
choices:
- suite-b-gcm-256
- custom
- vpn b
- vpn a
- suite-b-gcm-128
description:
- The encryption suite to be used.
type: str
encryption_method:
choices:
- prefer ikev2 but support ikev1
- ikev2 only
- ikev1 for ipv4 and ikev2 for ipv6 only
description:
- The encryption method to be used.
type: str
use_shared_secret:
description:
- Indicates whether the shared secret should be used for all external gateways.
type: bool
satellite_gateways:
description:
- Collection of Gateway objects representing satellite gateways identified by the
name or UID.
elements: str
type: list
tunnel_granularity:
choices:
- per_host
- per_subnet
- universal
description:
- VPN tunnel sharing option to be used.
type: str
version_added: 5.1.0
version_added_collection: check_point.mgmt
auto_publish_session:
default: false
description:
- Publish the current session if changes have been performed after task completes.
type: bool
granular_encryptions:
description:
- VPN granular encryption settings.
elements: dict
suboptions:
encryption_method:
choices:
- prefer ikev2 but support ikev1
- ikev2 only
- ikev1 for ipv4 and ikev2 for ipv6 only
description:
- The encryption method to be used.
type: str
encryption_suite:
choices:
- suite-b-gcm-256
- custom
- vpn b
- vpn a
- suite-b-gcm-128
description:
- The encryption suite to be used.
type: str
external_gateway:
description:
- Externally managed or 3rd party gateway identified by name or UID.
type: str
ike_phase_1:
description:
- Ike Phase 1 settings. Only applicable when the encryption-suite is set to [custom].
suboptions:
data_integrity:
choices:
- aes-xcbc
- sha1
- sha256
- sha384
- sha512
- md5
description:
- The hash algorithm to be used.
type: str
diffie_hellman_group:
choices:
- group-1
- group-2
- group-5
- group-14
- group-15
- group-16
- group-17
- group-18
- group-19
- group-20
- group-24
description:
- The Diffie-Hellman group to be used.
type: str
encryption_algorithm:
choices:
- cast
- aes-256
- des
- aes-128
- 3des
description:
- The encryption algorithm to be used.
type: str
ike_p1_rekey_time:
description:
- Indicates the time interval for IKE phase 1 renegotiation.
type: int
ike_p1_rekey_time_unit:
choices:
- days
- hours
- minutes
- seconds
description:
- Indicates the time unit for [ike-p1-rekey-time-unit] parameter, rounded
up to minutes scale.
type: str
type: dict
ike_phase_2:
description:
- Ike Phase 2 settings. Only applicable when the encryption-suite is set to [custom].
suboptions:
data_integrity:
choices:
- aes-xcbc
- sha1
- sha256
- sha384
- sha512
- md5
description:
- The hash algorithm to be used.
type: str
encryption_algorithm:
choices:
- cast
- aes-gcm-256
- cast-40
- aes-256
- des
- aes-128
- 3des
- des-40cp
- aes-gcm-128
- none
description:
- The encryption algorithm to be used.
type: str
ike_p2_pfs_dh_grp:
choices:
- group-1
- group-2
- group-5
- group-14
- group-15
- group-16
- group-17
- group-18
- group-19
- group-20
- group-24
description:
- The Diffie-Hellman group to be used.
type: str
ike_p2_rekey_time:
description:
- Indicates the time interval for IKE phase 2 renegotiation.
type: int
ike_p2_rekey_time_unit:
choices:
- days
- hours
- minutes
- seconds
description:
- Indicates the time unit for [ike-p2-rekey-time-unit] parameter.
type: str
ike_p2_use_pfs:
description:
- Indicates whether Perfect Forward Secrecy (PFS) is being used for IKE phase
2.
type: bool
type: dict
internal_gateway:
description:
- Internally managed Check Point gateway identified by name or UID, or 'Any' for
all internal-gateways participants in this community.
type: str
type: list
version_added: 5.1.0
version_added_collection: check_point.mgmt
mesh_center_gateways:
description:
- Indicates whether the meshed community is in center.
type: bool
override_vpn_domains:
description:
- The Overrides VPN Domains of the participants GWs.
elements: dict
suboptions:
gateway:
description:
- Participant gateway in override VPN domain identified by the name or UID.
type: str
vpn_domain:
description:
- VPN domain network identified by the name or UID.
type: str
type: list
version_added: 5.1.0
version_added_collection: check_point.mgmt
wait_for_task_timeout:
default: 30
description:
- How many minutes to wait until throwing a timeout error.
type: int
cp_mgmt_vpn_community_star: description: The checkpoint object created or updated. returned: always, except when deleting the object. type: dict