cp_mgmt_simple_gateway – Manages simple-gateway objects on Check Point over Web Services API
cp_mgmt_simple_gateway – Manages simple-gateway objects on Check Point over Web Services API
New in version 2.9.
Synopsis
- Manages simple-gateway objects on Check Point devices including creating, updating and removing objects.
- All operations are performed over Web Services API.
Parameters
Parameter | Choices/Defaults | Comments | ||
---|---|---|---|---|
anti_bot boolean |
|
Anti-Bot blade enabled. | ||
anti_virus boolean |
|
Anti-Virus blade enabled. | ||
application_control boolean |
|
Application Control blade enabled. | ||
auto_publish_session boolean |
|
Publish the current session if changes have been performed after task completes. | ||
color string |
|
Color of the object. Should be one of existing colors. | ||
comments string |
Comments string. | |||
content_awareness boolean |
|
Content Awareness blade enabled. | ||
details_level string |
|
The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed representation of the object. | ||
firewall boolean |
|
Firewall blade enabled. | ||
firewall_settings dictionary |
N/A | |||
auto_calculate_connections_hash_table_size_and_memory_pool boolean |
|
N/A | ||
auto_maximum_limit_for_concurrent_connections boolean |
|
N/A | ||
connections_hash_size integer |
N/A | |||
maximum_limit_for_concurrent_connections integer |
N/A | |||
maximum_memory_pool_size integer |
N/A | |||
memory_pool_size integer |
N/A | |||
groups list |
Collection of group identifiers. | |||
ignore_errors boolean |
|
Apply changes ignoring errors. You won't be able to publish such a changes. If ignore-warnings flag was omitted - warnings will also be ignored. | ||
ignore_warnings boolean |
|
Apply changes ignoring warnings. | ||
interfaces list |
Network interfaces. When a gateway is updated with a new interfaces, the existing interfaces are removed. | |||
anti_spoofing boolean |
|
N/A | ||
anti_spoofing_settings dictionary |
N/A | |||
action string |
|
If packets will be rejected (the Prevent option) or whether the packets will be monitored (the Detect option). | ||
color string |
|
Color of the object. Should be one of existing colors. | ||
comments string |
Comments string. | |||
details_level string |
|
The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed representation of the object. | ||
ignore_errors boolean |
|
Apply changes ignoring errors. You won't be able to publish such a changes. If ignore-warnings flag was omitted - warnings will also be ignored. | ||
ignore_warnings boolean |
|
Apply changes ignoring warnings. | ||
ip_address string |
IPv4 or IPv6 address. If both addresses are required use ipv4-address and ipv6-address fields explicitly. | |||
ipv4_address string |
IPv4 address. | |||
ipv4_mask_length string |
IPv4 network mask length. | |||
ipv4_network_mask string |
IPv4 network address. | |||
ipv6_address string |
IPv6 address. | |||
ipv6_mask_length string |
IPv6 network mask length. | |||
ipv6_network_mask string |
IPv6 network address. | |||
mask_length string |
IPv4 or IPv6 network mask length. | |||
name string |
Object name. | |||
network_mask string |
IPv4 or IPv6 network mask. If both masks are required use ipv4-network-mask and ipv6-network-mask fields explicitly. Instead of providing mask itself it is possible to specify IPv4 or IPv6 mask length in mask-length field. If both masks length are required use ipv4-mask-length and ipv6-mask-length fields explicitly. | |||
security_zone boolean |
|
N/A | ||
security_zone_settings dictionary |
N/A | |||
auto_calculated boolean |
|
Security Zone is calculated according to where the interface leads to. | ||
specific_zone string |
Security Zone specified manually. | |||
tags list |
Collection of tag identifiers. | |||
topology string |
|
N/A | ||
topology_settings dictionary |
N/A | |||
interface_leads_to_dmz boolean |
|
Whether this interface leads to demilitarized zone (perimeter network). | ||
ip_address_behind_this_interface string |
|
N/A | ||
specific_network string |
Network behind this interface. | |||
ip_address string |
IPv4 or IPv6 address. If both addresses are required use ipv4-address and ipv6-address fields explicitly. | |||
ips boolean |
|
Intrusion Prevention System blade enabled. | ||
ipv4_address string |
IPv4 address. | |||
ipv6_address string |
IPv6 address. | |||
logs_settings dictionary |
N/A | |||
alert_when_free_disk_space_below boolean |
|
N/A | ||
alert_when_free_disk_space_below_threshold integer |
N/A | |||
alert_when_free_disk_space_below_type string |
|
N/A | ||
before_delete_keep_logs_from_the_last_days boolean |
|
N/A | ||
before_delete_keep_logs_from_the_last_days_threshold integer |
N/A | |||
before_delete_run_script boolean |
|
N/A | ||
before_delete_run_script_command string |
N/A | |||
delete_index_files_older_than_days boolean |
|
N/A | ||
delete_index_files_older_than_days_threshold integer |
N/A | |||
delete_index_files_when_index_size_above boolean |
|
N/A | ||
delete_index_files_when_index_size_above_threshold integer |
N/A | |||
delete_when_free_disk_space_below boolean |
|
N/A | ||
delete_when_free_disk_space_below_threshold integer |
N/A | |||
detect_new_citrix_ica_application_names boolean |
|
N/A | ||
forward_logs_to_log_server boolean |
|
N/A | ||
forward_logs_to_log_server_name string |
N/A | |||
forward_logs_to_log_server_schedule_name string |
N/A | |||
free_disk_space_metrics string |
|
N/A | ||
perform_log_rotate_before_log_forwarding boolean |
|
N/A | ||
reject_connections_when_free_disk_space_below_threshold boolean |
|
N/A | ||
reserve_for_packet_capture_metrics string |
|
N/A | ||
reserve_for_packet_capture_threshold integer |
N/A | |||
rotate_log_by_file_size boolean |
|
N/A | ||
rotate_log_file_size_threshold integer |
N/A | |||
rotate_log_on_schedule boolean |
|
N/A | ||
rotate_log_schedule_name string |
N/A | |||
stop_logging_when_free_disk_space_below boolean |
|
N/A | ||
stop_logging_when_free_disk_space_below_threshold integer |
N/A | |||
turn_on_qos_logging boolean |
|
N/A | ||
update_account_log_every integer |
N/A | |||
name string / required |
Object name. | |||
one_time_password string |
N/A | |||
os_name string |
Gateway platform operating system. | |||
save_logs_locally boolean |
|
Save logs locally on the gateway. | ||
send_alerts_to_server list |
Server(s) to send alerts to. | |||
send_logs_to_backup_server list |
Backup server(s) to send logs to. | |||
send_logs_to_server list |
Server(s) to send logs to. | |||
state string |
|
State of the access rule (present or absent). Defaults to present. | ||
tags list |
Collection of tag identifiers. | |||
threat_emulation boolean |
|
Threat Emulation blade enabled. | ||
threat_extraction boolean |
|
Threat Extraction blade enabled. | ||
url_filtering boolean |
|
URL Filtering blade enabled. | ||
version string |
Gateway platform version. | |||
vpn boolean |
|
VPN blade enabled. | ||
vpn_settings dictionary |
Gateway VPN settings. | |||
maximum_concurrent_ike_negotiations integer |
N/A | |||
maximum_concurrent_tunnels integer |
N/A | |||
wait_for_task boolean |
|
Wait for the task to end. Such as publish task. |
Examples
- name: add-simple-gateway
cp_mgmt_simple_gateway:
ip_address: 192.0.2.1
name: gw1
state: present
- name: set-simple-gateway
cp_mgmt_simple_gateway:
anti_bot: true
anti_virus: true
application_control: true
ips: true
name: test_gateway
state: present
threat_emulation: true
url_filtering: true
- name: delete-simple-gateway
cp_mgmt_simple_gateway:
name: gw1
state: absent
Return Values
Common return values are documented here, the following are the fields unique to this module:
Key | Returned | Description |
---|---|---|
cp_mgmt_simple_gateway dictionary |
always, except when deleting the object. |
The checkpoint object created or updated.
|
Status
- This module is not guaranteed to have a backwards compatible interface. [preview]
- This module is maintained by the Ansible Community. [community]
Authors
- Or Soffer (@chkp-orso)
© 2012–2018 Michael DeHaan
© 2018–2019 Red Hat, Inc.
Licensed under the GNU General Public License version 3.
https://docs.ansible.com/ansible/2.9/modules/cp_mgmt_simple_gateway_module.html