check_point.mgmt.cp_mgmt_access_rule – Manages access-rule objects on Check Point over Web Services API

From Get docs
Ansible/docs/2.10/collections/check point/mgmt/cp mgmt access rule module


check_point.mgmt.cp_mgmt_access_rule – Manages access-rule objects on Check Point over Web Services API

Note

This plugin is part of the check_point.mgmt collection (version 1.0.6).

To install it use: ansible-galaxy collection install check_point.mgmt.

To use it in a playbook, specify: check_point.mgmt.cp_mgmt_access_rule.


New in version 2.9: of check_point.mgmt


Synopsis

  • Manages access-rule objects on Check Point devices including creating, updating and removing objects.
  • All operations are performed over Web Services API.

Parameters

Parameter Choices/Defaults Comments

action

string

a "Accept", "Drop", "Ask", "Inform", "Reject", "User Auth", "Client Auth", "Apply Layer".

action_settings

dictionary

Action settings.

enable_identity_captive_portal

boolean

  • no
  • yes

N/A

limit

string

N/A

auto_publish_session

boolean

  • no
  • yes

Publish the current session if changes have been performed after task completes.

comments

string

Comments string.

content

list / elements=string

List of processed file types that this rule applies on.

content_direction

string

  • any
  • up
  • down

On which direction the file types processing is applied.

content_negate

boolean

  • no
  • yes

True if negate is set for data.

custom_fields

dictionary

Custom fields.

field_1

string

First custom field.

field_2

string

Second custom field.

field_3

string

Third custom field.

destination

list / elements=string

Collection of Network objects identified by the name or UID.

destination_negate

boolean

  • no
  • yes

True if negate is set for destination.

details_level

string

  • uid
  • standard
  • full

The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed representation of the object.

enabled

boolean

  • no
  • yes

Enable/Disable the rule.

ignore_errors

boolean

  • no
  • yes

Apply changes ignoring errors. You won't be able to publish such a changes. If ignore-warnings flag was omitted - warnings will also be ignored.

ignore_warnings

boolean

  • no
  • yes

Apply changes ignoring warnings.

inline_layer

string

Inline Layer identified by the name or UID. Relevant only if "Action" was set to "Apply Layer".

install_on

list / elements=string

Which Gateways identified by the name or UID to install the policy on.

layer

string

Layer that the rule belongs to identified by the name or UID.

name

string / required

Object name.

position

string

Position in the rulebase.

service

list / elements=string

Collection of Network objects identified by the name or UID.

service_negate

boolean

  • no
  • yes

True if negate is set for service.

source

list / elements=string

Collection of Network objects identified by the name or UID.

source_negate

boolean

  • no
  • yes

True if negate is set for source.

state

string

  • present

  • absent

State of the access rule (present or absent). Defaults to present.

time

list / elements=string

List of time objects. For example, "Weekend", "Off-Work", "Every-Day".

track

dictionary

Track Settings.

accounting

boolean

  • no
  • yes

Turns accounting for track on and off.

alert

string

  • none
  • alert
  • snmp
  • mail
  • user alert 1
  • user alert 2
  • user alert 3

Type of alert for the track.

enable_firewall_session

boolean

  • no
  • yes

Determine whether to generate session log to firewall only connections.

per_connection

boolean

  • no
  • yes

Determines whether to perform the log per connection.

per_session

boolean

  • no
  • yes

Determines whether to perform the log per session.

type

string

a "Log", "Extended Log", "Detailed Log", "None".

user_check

dictionary

User check settings.

confirm

string

  • per rule
  • per category
  • per application/site
  • per data type

N/A

custom_frequency

dictionary

N/A

every

integer

N/A

unit

string

  • hours
  • days
  • weeks
  • months

N/A

frequency

string

  • once a day
  • once a week
  • once a month
  • custom frequency...

N/A

interaction

string

N/A

version

string

Version of checkpoint. If not given one, the latest version taken.

vpn

list / elements=string

Communities or Directional.

community

list / elements=string

List of community name or UID.

directional

list / elements=string

Communities directional match condition.

from

string

From community name or UID.

to

string

To community name or UID.

wait_for_task

boolean

  • no

  • yes

Wait for the task to end. Such as publish task.



Examples

- name: add-access-rule
  cp_mgmt_access_rule:
    layer: Network
    name: Rule 1
    position: 1
    service:
    - SMTP
    - AOL
    state: present

- name: set-access-rule
  cp_mgmt_access_rule:
    action: Ask
    action_settings:
      enable_identity_captive_portal: true
      limit: Upload_1Gbps
    layer: Network
    name: Rule 1
    state: present

- name: delete-access-rule
  cp_mgmt_access_rule:
    layer: Network
    name: Rule 2
    state: absent

Return Values

Common return values are documented here, the following are the fields unique to this module:

Key Returned Description

cp_mgmt_access_rule

dictionary

always, except when deleting the object.

The checkpoint object created or updated.





Authors

  • Or Soffer (@chkp-orso)

© 2012–2018 Michael DeHaan
© 2018–2019 Red Hat, Inc.
Licensed under the GNU General Public License version 3.
https://docs.ansible.com/ansible/2.10/collections/check_point/mgmt/cp_mgmt_access_rule_module.html


Retrieved from "https://getdocs.org/index.php?title=Ansible/docs/2.10/collections/check_point/mgmt/cp_mgmt_access_rule_module&oldid=55658"
Powered by MediaWiki