cp_mgmt_access_rule – Manages access-rule objects on Check Point over Web Services API
cp_mgmt_access_rule – Manages access-rule objects on Check Point over Web Services API
New in version 2.9.
Synopsis
- Manages access-rule objects on Check Point devices including creating, updating and removing objects.
- All operations are performed over Web Services API.
Parameters
Parameter | Choices/Defaults | Comments | ||
---|---|---|---|---|
action string |
a "Accept", "Drop", "Ask", "Inform", "Reject", "User Auth", "Client Auth", "Apply Layer". | |||
action_settings dictionary |
Action settings. | |||
enable_identity_captive_portal boolean |
|
N/A | ||
limit string |
N/A | |||
auto_publish_session boolean |
|
Publish the current session if changes have been performed after task completes. | ||
comments string |
Comments string. | |||
content list |
List of processed file types that this rule applies on. | |||
content_direction string |
|
On which direction the file types processing is applied. | ||
content_negate boolean |
|
True if negate is set for data. | ||
custom_fields dictionary |
Custom fields. | |||
field_1 string |
First custom field. | |||
field_2 string |
Second custom field. | |||
field_3 string |
Third custom field. | |||
destination list |
Collection of Network objects identified by the name or UID. | |||
destination_negate boolean |
|
True if negate is set for destination. | ||
details_level string |
|
The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed representation of the object. | ||
enabled boolean |
|
Enable/Disable the rule. | ||
ignore_errors boolean |
|
Apply changes ignoring errors. You won't be able to publish such a changes. If ignore-warnings flag was omitted - warnings will also be ignored. | ||
ignore_warnings boolean |
|
Apply changes ignoring warnings. | ||
inline_layer string |
Inline Layer identified by the name or UID. Relevant only if "Action" was set to "Apply Layer". | |||
install_on list |
Which Gateways identified by the name or UID to install the policy on. | |||
layer string |
Layer that the rule belongs to identified by the name or UID. | |||
name string / required |
Object name. | |||
position string |
Position in the rulebase. | |||
service list |
Collection of Network objects identified by the name or UID. | |||
service_negate boolean |
|
True if negate is set for service. | ||
source list |
Collection of Network objects identified by the name or UID. | |||
source_negate boolean |
|
True if negate is set for source. | ||
state string |
|
State of the access rule (present or absent). Defaults to present. | ||
time list |
List of time objects. For example, "Weekend", "Off-Work", "Every-Day". | |||
track dictionary |
Track Settings. | |||
accounting boolean |
|
Turns accounting for track on and off. | ||
alert string |
|
Type of alert for the track. | ||
enable_firewall_session boolean |
|
Determine whether to generate session log to firewall only connections. | ||
per_connection boolean |
|
Determines whether to perform the log per connection. | ||
per_session boolean |
|
Determines whether to perform the log per session. | ||
type string |
a "Log", "Extended Log", "Detailed Log", "None". | |||
user_check dictionary |
User check settings. | |||
confirm string |
|
N/A | ||
custom_frequency dictionary |
N/A | |||
every integer |
N/A | |||
unit string |
|
N/A | ||
frequency string |
|
N/A | ||
interaction string |
N/A | |||
version string |
Version of checkpoint. If not given one, the latest version taken. | |||
vpn list |
Communities or Directional. | |||
community list |
List of community name or UID. | |||
directional list |
Communities directional match condition. | |||
from string |
From community name or UID. | |||
to string |
To community name or UID. | |||
wait_for_task boolean |
|
Wait for the task to end. Such as publish task. |
Examples
- name: add-access-rule
cp_mgmt_access_rule:
layer: Network
name: Rule 1
position: 1
service:
- SMTP
- AOL
state: present
- name: set-access-rule
cp_mgmt_access_rule:
action: Ask
action_settings:
enable_identity_captive_portal: true
limit: Upload_1Gbps
layer: Network
name: Rule 1
state: present
- name: delete-access-rule
cp_mgmt_access_rule:
layer: Network
name: Rule 2
state: absent
Return Values
Common return values are documented here, the following are the fields unique to this module:
Key | Returned | Description |
---|---|---|
cp_mgmt_access_rule dictionary |
always, except when deleting the object. |
The checkpoint object created or updated.
|
Status
- This module is not guaranteed to have a backwards compatible interface. [preview]
- This module is maintained by the Ansible Community. [community]
Authors
- Or Soffer (@chkp-orso)
© 2012–2018 Michael DeHaan
© 2018–2019 Red Hat, Inc.
Licensed under the GNU General Public License version 3.
https://docs.ansible.com/ansible/2.9/modules/cp_mgmt_access_rule_module.html