checkpoint_access_rule – Manages access rules on Checkpoint over Web Services API

New in version 2.8.

Synopsis

  • Manages access rules on Checkpoint devices including creating, updating, removing access rules objects, All operations are performed over Web Services API.

Parameters

Parameter Choices/Defaults Comments
action
string
Default:
"drop"
Action of the access rule (accept, drop, inform, etc).
auto_install_policy
boolean
    Choices:
  • no
  • yes ←
Install the package policy if changes have been performed after the task completes.
auto_publish_session
boolean
    Choices:
  • no
  • yes ←
Publish the current session if changes have been performed after task completes.
destination
string
Destionation object of the access rule.
enabled
boolean
    Choices:
  • no
  • yes ←
Enabled or disabled flag.
layer
string / required
Layer to attach the access rule to.
name
string
Name of the access rule.
policy_package
string
Default:
"standard"
Package policy name to be installed.
position
string
Position of the access rule.
source
string
Source object of the access rule.
state
string
Default:
"present"
State of the access rule (present or absent). Defaults to present.
targets
list
Targets to install the package policy on.

Examples

- name: Create access rule
  checkpoint_access_rule:
    layer: Network
    name: "Drop attacker"
    position: top
    source: attacker
    destination: Any
    action: Drop

- name: Delete access rule
  checkpoint_access_rule:
    layer: Network
    name: "Drop attacker"

Return Values

Common return values are documented here, the following are the fields unique to this module:

Key Returned Description
checkpoint_access_rules
list
always, except when deleting the access rule.
The checkpoint access rule object created or updated.



Status

Red Hat Support

More information about Red Hat’s support of this module is available from this Red Hat Knowledge Base article.

Authors

  • Ansible by Red Hat (@rcarrillocruz)

Hint

If you notice any issues in this documentation you can edit this document to improve it.