cp_mgmt_access_rule – Manages access-rule objects on Check Point over Web Services API

From Get docs
Ansible/docs/2.9/modules/cp mgmt access rule module


cp_mgmt_access_rule – Manages access-rule objects on Check Point over Web Services API

New in version 2.9.


Synopsis

  • Manages access-rule objects on Check Point devices including creating, updating and removing objects.
  • All operations are performed over Web Services API.

Parameters

Parameter Choices/Defaults Comments

action

string

a "Accept", "Drop", "Ask", "Inform", "Reject", "User Auth", "Client Auth", "Apply Layer".

action_settings

dictionary

Action settings.

enable_identity_captive_portal

boolean

  • no
  • yes

N/A

limit

string

N/A

auto_publish_session

boolean

  • no
  • yes

Publish the current session if changes have been performed after task completes.

comments

string

Comments string.

content

list

List of processed file types that this rule applies on.

content_direction

string

  • any
  • up
  • down

On which direction the file types processing is applied.

content_negate

boolean

  • no
  • yes

True if negate is set for data.

custom_fields

dictionary

Custom fields.

field_1

string

First custom field.

field_2

string

Second custom field.

field_3

string

Third custom field.

destination

list

Collection of Network objects identified by the name or UID.

destination_negate

boolean

  • no
  • yes

True if negate is set for destination.

details_level

string

  • uid
  • standard
  • full

The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed representation of the object.

enabled

boolean

  • no
  • yes

Enable/Disable the rule.

ignore_errors

boolean

  • no
  • yes

Apply changes ignoring errors. You won't be able to publish such a changes. If ignore-warnings flag was omitted - warnings will also be ignored.

ignore_warnings

boolean

  • no
  • yes

Apply changes ignoring warnings.

inline_layer

string

Inline Layer identified by the name or UID. Relevant only if "Action" was set to "Apply Layer".

install_on

list

Which Gateways identified by the name or UID to install the policy on.

layer

string

Layer that the rule belongs to identified by the name or UID.

name

string / required

Object name.

position

string

Position in the rulebase.

service

list

Collection of Network objects identified by the name or UID.

service_negate

boolean

  • no
  • yes

True if negate is set for service.

source

list

Collection of Network objects identified by the name or UID.

source_negate

boolean

  • no
  • yes

True if negate is set for source.

state

string

  • present

  • absent

State of the access rule (present or absent). Defaults to present.

time

list

List of time objects. For example, "Weekend", "Off-Work", "Every-Day".

track

dictionary

Track Settings.

accounting

boolean

  • no
  • yes

Turns accounting for track on and off.

alert

string

  • none
  • alert
  • snmp
  • mail
  • user alert 1
  • user alert 2
  • user alert 3

Type of alert for the track.

enable_firewall_session

boolean

  • no
  • yes

Determine whether to generate session log to firewall only connections.

per_connection

boolean

  • no
  • yes

Determines whether to perform the log per connection.

per_session

boolean

  • no
  • yes

Determines whether to perform the log per session.

type

string

a "Log", "Extended Log", "Detailed Log", "None".

user_check

dictionary

User check settings.

confirm

string

  • per rule
  • per category
  • per application/site
  • per data type

N/A

custom_frequency

dictionary

N/A

every

integer

N/A

unit

string

  • hours
  • days
  • weeks
  • months

N/A

frequency

string

  • once a day
  • once a week
  • once a month
  • custom frequency...

N/A

interaction

string

N/A

version

string

Version of checkpoint. If not given one, the latest version taken.

vpn

list

Communities or Directional.

community

list

List of community name or UID.

directional

list

Communities directional match condition.

from

string

From community name or UID.

to

string

To community name or UID.

wait_for_task

boolean

  • no
  • yes

Wait for the task to end. Such as publish task.



Examples

- name: add-access-rule
  cp_mgmt_access_rule:
    layer: Network
    name: Rule 1
    position: 1
    service:
    - SMTP
    - AOL
    state: present

- name: set-access-rule
  cp_mgmt_access_rule:
    action: Ask
    action_settings:
      enable_identity_captive_portal: true
      limit: Upload_1Gbps
    layer: Network
    name: Rule 1
    state: present

- name: delete-access-rule
  cp_mgmt_access_rule:
    layer: Network
    name: Rule 2
    state: absent

Return Values

Common return values are documented here, the following are the fields unique to this module:

Key Returned Description

cp_mgmt_access_rule

dictionary

always, except when deleting the object.

The checkpoint object created or updated.





Status

Authors

  • Or Soffer (@chkp-orso)

Hint

If you notice any issues in this documentation, you can edit this document to improve it.


© 2012–2018 Michael DeHaan
© 2018–2019 Red Hat, Inc.
Licensed under the GNU General Public License version 3.
https://docs.ansible.com/ansible/2.9/modules/cp_mgmt_access_rule_module.html