check_point.mgmt.cp_mgmt_interface module – Manages interface objects on Checkpoint over Web Services API

Note

This module is part of the check_point.mgmt collection (version 6.5.0).

You might already have this collection installed if you are using the ansible package. It is not included in ansible-core. To check whether it is installed, run ansible-galaxy collection list.

To install it, use: ansible-galaxy collection install check_point.mgmt.

To use it in a playbook, specify: check_point.mgmt.cp_mgmt_interface.

New in check_point.mgmt 6.2.0

Synopsis

  • Manages interface objects on Checkpoint devices including creating, updating and removing objects.

  • All operations are performed over Web Services API.

  • Available from R82 management version.

Parameters

Parameter

Comments

anti_spoofing

boolean

Enable anti-spoofing.

Choices:

  • false

  • true

anti_spoofing_settings

dictionary

Anti Spoofing Settings.

action

string

If packets will be rejected (the Prevent option) or whether the packets will be monitored (the Detect option).

Choices:

  • "prevent"

  • "detect"

exclude_packets

boolean

Don’t check packets from excluded network.

Choices:

  • false

  • true

excluded_network_name

string

Excluded network name.

excluded_network_uid

string

Excluded network UID.

spoof_tracking

string

Spoof tracking.

Choices:

  • "none"

  • "log"

  • "alert"

auto_publish_session

boolean

Publish the current session if changes have been performed after task completes.

Choices:

  • false ← (default)

  • true

cluster_members

list / elements=dictionary

Network interface settings for cluster members.

color

string

Color of the object. Should be one of existing colors.

Choices:

  • "aquamarine"

  • "black"

  • "blue"

  • "crete blue"

  • "burlywood"

  • "cyan"

  • "dark green"

  • "khaki"

  • "orchid"

  • "dark orange"

  • "dark sea green"

  • "pink"

  • "turquoise"

  • "dark blue"

  • "firebrick"

  • "brown"

  • "forest green"

  • "gold"

  • "dark gold"

  • "gray"

  • "dark gray"

  • "light green"

  • "lemon chiffon"

  • "coral"

  • "sea green"

  • "sky blue"

  • "magenta"

  • "purple"

  • "slate blue"

  • "violet red"

  • "navy blue"

  • "olive"

  • "orange"

  • "red"

  • "sienna"

  • "yellow"

comments

string

Comments string.

details_level

string

The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed representation of the object.

Choices:

  • "uid"

  • "standard"

  • "full"

ignore_errors

boolean

Apply changes ignoring errors. You won’t be able to publish such a changes. If ignore-warnings flag was omitted - warnings will also be ignored.

Choices:

  • false

  • true

ignore_warnings

boolean

Apply changes ignoring warnings.

Choices:

  • false

  • true

ip_address

string

IPv4 or IPv6 address. If both addresses are required use ipv4-address and ipv6-address fields explicitly.

ipv4_address

string

IPv4 address.

ipv4_mask_length

string

IPv4 network mask length.

ipv4_network_mask

string

IPv4 network address.

ipv6_address

string

IPv6 address.

ipv6_mask_length

string

IPv6 network mask length.

ipv6_network_mask

string

IPv6 network address.

mask_length

string

IPv4 or IPv6 network mask length.

member_name

string

Cluster member object name.

name

string

Cluster member network interface name.

network_mask

string

IPv4 or IPv6 network mask. If both masks are required use ipv4-network-mask and ipv6-network-mask fields explicitly. Instead of providing mask itself it is possible to specify IPv4 or IPv6 mask length in mask-length field. If both masks length are required use ipv4-mask-length and ipv6-mask-length fields explicitly.

tags

list / elements=string

Collection of tag identifiers.

cluster_network_type

string

Cluster interface type.

Choices:

  • "cluster"

  • "sync"

  • "cluster + sync"

  • "private"

color

string

Color of the object. Should be one of existing colors.

Choices:

  • "aquamarine"

  • "black"

  • "blue"

  • "crete blue"

  • "burlywood"

  • "cyan"

  • "dark green"

  • "khaki"

  • "orchid"

  • "dark orange"

  • "dark sea green"

  • "pink"

  • "turquoise"

  • "dark blue"

  • "firebrick"

  • "brown"

  • "forest green"

  • "gold"

  • "dark gold"

  • "gray"

  • "dark gray"

  • "light green"

  • "lemon chiffon"

  • "coral"

  • "sea green"

  • "sky blue"

  • "magenta"

  • "purple"

  • "slate blue"

  • "violet red"

  • "navy blue"

  • "olive"

  • "orange"

  • "red"

  • "sienna"

  • "yellow"

comments

string

Comments string.

details_level

string

The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed representation of the object.

Choices:

  • "uid"

  • "standard"

  • "full"

domains_to_process

list / elements=string

Indicates which domains to process the commands on. It cannot be used with the details-level full, must be run from the System Domain only and with ignore-warnings true. Valid values are, CURRENT_DOMAIN, ALL_DOMAINS_ON_THIS_SERVER.

dynamic_ip

boolean

Enable dynamic interface.

Choices:

  • false

  • true

gateway_uid

string / required

Gateway or cluster object uid that the interface belongs to.

ignore_errors

boolean

Apply changes ignoring errors. You won’t be able to publish such a changes. If ignore-warnings flag was omitted - warnings will also be ignored.

Choices:

  • false

  • true

ignore_warnings

boolean

Apply changes ignoring warnings.

Choices:

  • false

  • true

ipv4_address

string

IPv4 network address.

ipv4_mask_length

integer

IPv4 mask length.

ipv4_network_mask

string

IPv4 network mask.

ipv6_address

string

IPv6 address.

ipv6_mask_length

integer

IPv6 mask length.

ipv6_network_mask

string

IPv6 network mask.

monitored_by_cluster

boolean

When Private is selected as the Cluster interface type, cluster can monitor or not monitor the interface.

Choices:

  • false

  • true

name

string / required

Network interface name.

network_interface_type

string

Network Interface Type.

Choices:

  • "alias"

  • "bond"

  • "bridge"

  • "bridge member"

  • "ethernet"

  • "loopback"

  • "6 in 4 tunnel"

  • "pppoe"

  • "vpn tunnel"

  • "vlan"

security_zone_settings

dictionary

Security Zone Settings.

auto_calculated

boolean

Security Zone is calculated according to where the interface leads to.

Choices:

  • false

  • true

specific_zone

string

Security Zone specified manually.

state

string

State of the access rule (present or absent).

Choices:

  • "present" ← (default)

  • "absent"

tags

list / elements=string

Collection of tag identifiers.

topology

string

Topology configuration.

Choices:

  • "automatic"

  • "external"

  • "internal"

topology_settings

dictionary

Topology Settings.

interface_leads_to_dmz

boolean

Whether this interface leads to demilitarized zone (perimeter network).

Choices:

  • false

  • true

ip_address_behind_this_interface

string

Network settings behind this interface.

Choices:

  • "not defined"

  • "network defined by the interface ip and net mask"

  • "network defined by routing"

  • "specific"

specific_network

string

Network behind this interface.

specific_network_uid

string

N/A

version

string

Version of checkpoint. If not given one, the latest version taken.

wait_for_task

boolean

Wait for the task to end. Such as publish task.

Choices:

  • false

  • true ← (default)

wait_for_task_timeout

integer

How many minutes to wait until throwing a timeout error.

Default: 30

Examples

- name: add-interface
  cp_mgmt_interface:
    anti_spoofing: true
    anti_spoofing_settings:
      action: detect
      exclude_packets: false
      spoof_tracking: log
    cluster_members:
      - ipv4_address: 2.2.2.1
        ipv4_mask_length: 24
        ipv4_network_mask: 255.255.255.0
        member_name: member1
        name: eth4
      - ipv4_address: 2.2.2.2
        ipv4_mask_length: 24
        ipv4_network_mask: 255.255.255.0
        member_name: member2
        name: eth4
    cluster_network_type: cluster
    gateway_uid: 20ec49e8-8cd8-4ad4-b204-0de8ae4e0e17
    ignore_warnings: false
    ipv4_address: 1.1.1.111
    ipv4_mask_length: 24
    name: eth0
    security_zone_settings:
      auto_calculated: false
      specific_zone: InternalZone
    state: present
    topology: internal
    topology_settings:
      interface_leads_to_dmz: false
      ip_address_behind_this_interface: network defined by routing

- name: set-interface
  cp_mgmt_interface:
    cluster_members:
      - ipv4_address: 4.4.4.1
        ipv4_mask_length: 22
        member_name: memberReal1
        uid: db4f8a63-5a94-46d8-b9e0-a63870bded3d
      - ipv4_address: 4.4.4.2
        ipv4_mask_length: 22
        member_name: memberReal2
        uid: baca571e-8ada-4be9-8966-145388f8e238
    cluster_network_type: cluster + sync
    ipv4_address: 4.4.4.111
    ipv4_mask_length: 22
    state: present
    topology: internal
    topology_settings:
      ip_address_behind_this_interface: network defined by routing
    name: eth0
    gateway_uid: 20ec49e8-8cd8-4ad4-b204-0de8ae4e0e17

- name: delete-interface
  cp_mgmt_interface:
    state: absent
    name: eth0
    gateway_uid: 20ec49e8-8cd8-4ad4-b204-0de8ae4e0e17

Return Values

Common return values are documented here, the following are the fields unique to this module:

Key

Description

cp_mgmt_interface

dictionary

The checkpoint object created or updated.

Returned: always, except when deleting the object.

Authors

  • Eden Brillant (@chkp-edenbr)