check_point.mgmt.cp_mgmt_simple_gateway – Manages simple-gateway objects on Check Point over Web Services API

Note

This plugin is part of the check_point.mgmt collection (version 2.0.0).

To install it use: ansible-galaxy collection install check_point.mgmt.

To use it in a playbook, specify: check_point.mgmt.cp_mgmt_simple_gateway.

New in version 2.9: of check_point.mgmt

Synopsis
Parameters
Examples
Return Values

Synopsis

Manages simple-gateway objects on Check Point devices including creating, updating and removing objects.
All operations are performed over Web Services API.

Parameters

Parameter			Choices/Defaults	Comments
anti_bot boolean			no yes	Anti-Bot blade enabled.
anti_virus boolean			no yes	Anti-Virus blade enabled.
application_control boolean			no yes	Application Control blade enabled.
auto_publish_session boolean			no yes	Publish the current session if changes have been performed after task completes.
color string			aquamarine black blue crete blue burlywood cyan dark green khaki orchid dark orange dark sea green pink turquoise dark blue firebrick brown forest green gold dark gold gray dark gray light green lemon chiffon coral sea green sky blue magenta purple slate blue violet red navy blue olive orange red sienna yellow	Color of the object. Should be one of existing colors.
comments string				Comments string.
content_awareness boolean			no yes	Content Awareness blade enabled.
details_level string			uid standard full	The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed representation of the object.
firewall boolean			no yes	Firewall blade enabled.
firewall_settings dictionary				N/A
	auto_calculate_connections_hash_table_size_and_memory_pool boolean		no yes	N/A
	auto_maximum_limit_for_concurrent_connections boolean		no yes	N/A
	connections_hash_size integer			N/A
	maximum_limit_for_concurrent_connections integer			N/A
	maximum_memory_pool_size integer			N/A
	memory_pool_size integer			N/A
gateway_version string				Gateway platform version.
groups list / elements=string				Collection of group identifiers.
ignore_errors boolean			no yes	Apply changes ignoring errors. You won't be able to publish such a changes. If ignore-warnings flag was omitted - warnings will also be ignored.
ignore_warnings boolean			no yes	Apply changes ignoring warnings.
interfaces list / elements=string				Network interfaces. When a gateway is updated with a new interfaces, the existing interfaces are removed.
	anti_spoofing boolean		no yes	N/A
	anti_spoofing_settings dictionary			N/A
		action string	prevent detect	If packets will be rejected (the Prevent option) or whether the packets will be monitored (the Detect option).
	color string		aquamarine black blue crete blue burlywood cyan dark green khaki orchid dark orange dark sea green pink turquoise dark blue firebrick brown forest green gold dark gold gray dark gray light green lemon chiffon coral sea green sky blue magenta purple slate blue violet red navy blue olive orange red sienna yellow	Color of the object. Should be one of existing colors.
	comments string			Comments string.
	details_level string		uid standard full	The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed representation of the object.
	ignore_errors boolean		no yes	Apply changes ignoring errors. You won't be able to publish such a changes. If ignore-warnings flag was omitted - warnings will also be ignored.
	ignore_warnings boolean		no yes	Apply changes ignoring warnings.
	ip_address string			IPv4 or IPv6 address. If both addresses are required use ipv4-address and ipv6-address fields explicitly.
	ipv4_address string			IPv4 address.
	ipv4_mask_length string			IPv4 network mask length.
	ipv4_network_mask string			IPv4 network address.
	ipv6_address string			IPv6 address.
	ipv6_mask_length string			IPv6 network mask length.
	ipv6_network_mask string			IPv6 network address.
	mask_length string			IPv4 or IPv6 network mask length.
	name string			Object name.
	network_mask string			IPv4 or IPv6 network mask. If both masks are required use ipv4-network-mask and ipv6-network-mask fields explicitly. Instead of providing mask itself it is possible to specify IPv4 or IPv6 mask length in mask-length field. If both masks length are required use ipv4-mask-length and ipv6-mask-length fields explicitly.
	security_zone boolean		no yes	N/A
	security_zone_settings dictionary			N/A
		auto_calculated boolean	no yes	Security Zone is calculated according to where the interface leads to.
		specific_zone string		Security Zone specified manually.
	tags list / elements=string			Collection of tag identifiers.
	topology string		automatic external internal	N/A
	topology_settings dictionary			N/A
		interface_leads_to_dmz boolean	no yes	Whether this interface leads to demilitarized zone (perimeter network).
		ip_address_behind_this_interface string	not defined network defined by the interface ip and net mask network defined by routing specific	N/A
		specific_network string		Network behind this interface.
ip_address string				IPv4 or IPv6 address. If both addresses are required use ipv4-address and ipv6-address fields explicitly.
ips boolean			no yes	Intrusion Prevention System blade enabled.
ipv4_address string				IPv4 address.
ipv6_address string				IPv6 address.
logs_settings dictionary				N/A
	alert_when_free_disk_space_below boolean		no yes	N/A
	alert_when_free_disk_space_below_threshold integer			N/A
	alert_when_free_disk_space_below_type string		none log popup alert mail alert snmp trap alert user defined alert no.1 user defined alert no.2 user defined alert no.3	N/A
	before_delete_keep_logs_from_the_last_days boolean		no yes	N/A
	before_delete_keep_logs_from_the_last_days_threshold integer			N/A
	before_delete_run_script boolean		no yes	N/A
	before_delete_run_script_command string			N/A
	delete_index_files_older_than_days boolean		no yes	N/A
	delete_index_files_older_than_days_threshold integer			N/A
	delete_index_files_when_index_size_above boolean		no yes	N/A
	delete_index_files_when_index_size_above_threshold integer			N/A
	delete_when_free_disk_space_below boolean		no yes	N/A
	delete_when_free_disk_space_below_threshold integer			N/A
	detect_new_citrix_ica_application_names boolean		no yes	N/A
	forward_logs_to_log_server boolean		no yes	N/A
	forward_logs_to_log_server_name string			N/A
	forward_logs_to_log_server_schedule_name string			N/A
	free_disk_space_metrics string		mbytes percent	N/A
	perform_log_rotate_before_log_forwarding boolean		no yes	N/A
	reject_connections_when_free_disk_space_below_threshold boolean		no yes	N/A
	reserve_for_packet_capture_metrics string		percent mbytes	N/A
	reserve_for_packet_capture_threshold integer			N/A
	rotate_log_by_file_size boolean		no yes	N/A
	rotate_log_file_size_threshold integer			N/A
	rotate_log_on_schedule boolean		no yes	N/A
	rotate_log_schedule_name string			N/A
	stop_logging_when_free_disk_space_below boolean		no yes	N/A
	stop_logging_when_free_disk_space_below_threshold integer			N/A
	turn_on_qos_logging boolean		no yes	N/A
	update_account_log_every integer			N/A
name string / required				Object name.
one_time_password string				N/A
os_name string				Gateway platform operating system.
save_logs_locally boolean			no yes	Save logs locally on the gateway.
send_alerts_to_server list / elements=string				Server(s) to send alerts to.
send_logs_to_backup_server list / elements=string				Backup server(s) to send logs to.
send_logs_to_server list / elements=string				Server(s) to send logs to.
state string			present ← absent	State of the access rule (present or absent). Defaults to present.
tags list / elements=string				Collection of tag identifiers.
threat_emulation boolean			no yes	Threat Emulation blade enabled.
threat_extraction boolean			no yes	Threat Extraction blade enabled.
url_filtering boolean			no yes	URL Filtering blade enabled.
version string				Version of checkpoint. If not given one, the latest version taken.
vpn boolean			no yes	VPN blade enabled.
vpn_settings dictionary				Gateway VPN settings.
	maximum_concurrent_ike_negotiations integer			N/A
	maximum_concurrent_tunnels integer			N/A
wait_for_task boolean			no yes ←	Wait for the task to end. Such as publish task.
wait_for_task_timeout integer			Default: 30	How many minutes to wait until throwing a timeout error.

Examples

- name: add-simple-gateway
  cp_mgmt_simple_gateway:
    ip_address: 192.0.2.1
    name: gw1
    state: present

- name: set-simple-gateway
  cp_mgmt_simple_gateway:
    anti_bot: true
    anti_virus: true
    application_control: true
    ips: true
    name: test_gateway
    state: present
    threat_emulation: true
    url_filtering: true

- name: delete-simple-gateway
  cp_mgmt_simple_gateway:
    name: gw1
    state: absent

Return Values

Common return values are documented here, the following are the fields unique to this module:

Key	Returned	Description
cp_mgmt_simple_gateway dictionary	always, except when deleting the object.	The checkpoint object created or updated.

Authors

Or Soffer (@chkp-orso)

© 2012–2018 Michael DeHaan
© 2018–2021 Red Hat, Inc.
Licensed under the GNU General Public License version 3.
https://docs.ansible.com/ansible/2.11/collections/check_point/mgmt/cp_mgmt_simple_gateway_module.html