cp_mgmt_threat_exception – Manages threat-exception objects on Check Point over Web Services API
cp_mgmt_threat_exception – Manages threat-exception objects on Check Point over Web Services API
New in version 2.9.
Synopsis
- Manages threat-exception objects on Check Point devices including creating, updating and removing objects.
- All operations are performed over Web Services API.
Parameters
| Parameter | Choices/Defaults | Comments |
|---|---|---|
|
action string |
Action-the enforced profile. | |
|
auto_publish_session boolean |
|
Publish the current session if changes have been performed after task completes. |
|
comments string |
Comments string. | |
|
destination list |
Collection of Network objects identified by the name or UID. | |
|
destination_negate boolean |
|
True if negate is set for destination. |
|
details_level string |
|
The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed representation of the object. |
|
enabled boolean |
|
Enable/Disable the rule. |
|
exception_group_name string |
The name of the exception-group. | |
|
exception_group_uid string |
The UID of the exception-group. | |
|
ignore_errors boolean |
|
Apply changes ignoring errors. You won't be able to publish such a changes. If ignore-warnings flag was omitted - warnings will also be ignored. |
|
ignore_warnings boolean |
|
Apply changes ignoring warnings. |
|
install_on list |
Which Gateways identified by the name or UID to install the policy on. | |
|
layer string |
Layer that the rule belongs to identified by the name or UID. | |
|
name string / required |
The name of the exception. | |
|
position string |
Position in the rulebase. | |
|
protected_scope list |
Collection of objects defining Protected Scope identified by the name or UID. | |
|
protected_scope_negate boolean |
|
True if negate is set for Protected Scope. |
|
protection_or_site list |
Name of the protection or site. | |
|
rule_name string |
The name of the parent rule. | |
|
service list |
Collection of Network objects identified by the name or UID. | |
|
service_negate boolean |
|
True if negate is set for Service. |
|
source list |
Collection of Network objects identified by the name or UID. | |
|
source_negate boolean |
|
True if negate is set for source. |
|
state string |
|
State of the access rule (present or absent). Defaults to present. |
|
track string |
Packet tracking. | |
|
version string |
Version of checkpoint. If not given one, the latest version taken. | |
|
wait_for_task boolean |
|
Wait for the task to end. Such as publish task. |
Examples
- name: add-threat-exception
cp_mgmt_threat_exception:
layer: New Layer 1
name: Exception Rule
position: 1
protected_scope: All_Internet
rule_name: Threat Rule 1
state: present
track: Log
- name: set-threat-exception
cp_mgmt_threat_exception:
layer: New Layer 1
name: Exception Rule
rule_name: Threat Rule 1
state: present
- name: delete-threat-exception
cp_mgmt_threat_exception:
name: Exception Rule
layer: New Layer 1
rule_name: Threat Rule 1
state: absentReturn Values
Common return values are documented here, the following are the fields unique to this module:
| Key | Returned | Description |
|---|---|---|
|
cp_mgmt_threat_exception dictionary |
always, except when deleting the object. |
The checkpoint object created or updated.
|
Status
- This module is not guaranteed to have a backwards compatible interface. [preview]
- This module is maintained by the Ansible Community. [community]
Authors
- Or Soffer (@chkp-orso)
© 2012–2018 Michael DeHaan
© 2018–2019 Red Hat, Inc.
Licensed under the GNU General Public License version 3.
https://docs.ansible.com/ansible/2.9/modules/cp_mgmt_threat_exception_module.html
