check_point.mgmt.cp_mgmt_simple_gateway – Manages simple-gateway objects on Check Point over Web Services API

Note

This plugin is part of the check_point.mgmt collection (version 2.0.0).

To install it use: ansible-galaxy collection install check_point.mgmt.

To use it in a playbook, specify: check_point.mgmt.cp_mgmt_simple_gateway.

New in version 2.9: of check_point.mgmt

Synopsis

  • Manages simple-gateway objects on Check Point devices including creating, updating and removing objects.

  • All operations are performed over Web Services API.

Parameters

Parameter Choices/Defaults Comments
anti_bot
boolean
    Choices:
  • no
  • yes
Anti-Bot blade enabled.
anti_virus
boolean
    Choices:
  • no
  • yes
Anti-Virus blade enabled.
application_control
boolean
    Choices:
  • no
  • yes
Application Control blade enabled.
auto_publish_session
boolean
    Choices:
  • no
  • yes
Publish the current session if changes have been performed after task completes.
color
string
    Choices:
  • aquamarine
  • black
  • blue
  • crete blue
  • burlywood
  • cyan
  • dark green
  • khaki
  • orchid
  • dark orange
  • dark sea green
  • pink
  • turquoise
  • dark blue
  • firebrick
  • brown
  • forest green
  • gold
  • dark gold
  • gray
  • dark gray
  • light green
  • lemon chiffon
  • coral
  • sea green
  • sky blue
  • magenta
  • purple
  • slate blue
  • violet red
  • navy blue
  • olive
  • orange
  • red
  • sienna
  • yellow
Color of the object. Should be one of existing colors.
comments
string
Comments string.
content_awareness
boolean
    Choices:
  • no
  • yes
Content Awareness blade enabled.
details_level
string
    Choices:
  • uid
  • standard
  • full
The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed representation of the object.
firewall
boolean
    Choices:
  • no
  • yes
Firewall blade enabled.
firewall_settings
dictionary
N/A
auto_calculate_connections_hash_table_size_and_memory_pool
boolean
    Choices:
  • no
  • yes
N/A
auto_maximum_limit_for_concurrent_connections
boolean
    Choices:
  • no
  • yes
N/A
connections_hash_size
integer
N/A
maximum_limit_for_concurrent_connections
integer
N/A
maximum_memory_pool_size
integer
N/A
memory_pool_size
integer
N/A
gateway_version
string
Gateway platform version.
groups
list / elements=string
Collection of group identifiers.
ignore_errors
boolean
    Choices:
  • no
  • yes
Apply changes ignoring errors. You won't be able to publish such a changes. If ignore-warnings flag was omitted - warnings will also be ignored.
ignore_warnings
boolean
    Choices:
  • no
  • yes
Apply changes ignoring warnings.
interfaces
list / elements=string
Network interfaces. When a gateway is updated with a new interfaces, the existing interfaces are removed.
anti_spoofing
boolean
    Choices:
  • no
  • yes
N/A
anti_spoofing_settings
dictionary
N/A
action
string
    Choices:
  • prevent
  • detect
If packets will be rejected (the Prevent option) or whether the packets will be monitored (the Detect option).
color
string
    Choices:
  • aquamarine
  • black
  • blue
  • crete blue
  • burlywood
  • cyan
  • dark green
  • khaki
  • orchid
  • dark orange
  • dark sea green
  • pink
  • turquoise
  • dark blue
  • firebrick
  • brown
  • forest green
  • gold
  • dark gold
  • gray
  • dark gray
  • light green
  • lemon chiffon
  • coral
  • sea green
  • sky blue
  • magenta
  • purple
  • slate blue
  • violet red
  • navy blue
  • olive
  • orange
  • red
  • sienna
  • yellow
Color of the object. Should be one of existing colors.
comments
string
Comments string.
details_level
string
    Choices:
  • uid
  • standard
  • full
The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed representation of the object.
ignore_errors
boolean
    Choices:
  • no
  • yes
Apply changes ignoring errors. You won't be able to publish such a changes. If ignore-warnings flag was omitted - warnings will also be ignored.
ignore_warnings
boolean
    Choices:
  • no
  • yes
Apply changes ignoring warnings.
ip_address
string
IPv4 or IPv6 address. If both addresses are required use ipv4-address and ipv6-address fields explicitly.
ipv4_address
string
IPv4 address.
ipv4_mask_length
string
IPv4 network mask length.
ipv4_network_mask
string
IPv4 network address.
ipv6_address
string
IPv6 address.
ipv6_mask_length
string
IPv6 network mask length.
ipv6_network_mask
string
IPv6 network address.
mask_length
string
IPv4 or IPv6 network mask length.
name
string
Object name.
network_mask
string
IPv4 or IPv6 network mask. If both masks are required use ipv4-network-mask and ipv6-network-mask fields explicitly. Instead of providing mask itself it is possible to specify IPv4 or IPv6 mask length in mask-length field. If both masks length are required use ipv4-mask-length and ipv6-mask-length fields explicitly.
security_zone
boolean
    Choices:
  • no
  • yes
N/A
security_zone_settings
dictionary
N/A
auto_calculated
boolean
    Choices:
  • no
  • yes
Security Zone is calculated according to where the interface leads to.
specific_zone
string
Security Zone specified manually.
tags
list / elements=string
Collection of tag identifiers.
topology
string
    Choices:
  • automatic
  • external
  • internal
N/A
topology_settings
dictionary
N/A
interface_leads_to_dmz
boolean
    Choices:
  • no
  • yes
Whether this interface leads to demilitarized zone (perimeter network).
ip_address_behind_this_interface
string
    Choices:
  • not defined
  • network defined by the interface ip and net mask
  • network defined by routing
  • specific
N/A
specific_network
string
Network behind this interface.
ip_address
string
IPv4 or IPv6 address. If both addresses are required use ipv4-address and ipv6-address fields explicitly.
ips
boolean
    Choices:
  • no
  • yes
Intrusion Prevention System blade enabled.
ipv4_address
string
IPv4 address.
ipv6_address
string
IPv6 address.
logs_settings
dictionary
N/A
alert_when_free_disk_space_below
boolean
    Choices:
  • no
  • yes
N/A
alert_when_free_disk_space_below_threshold
integer
N/A
alert_when_free_disk_space_below_type
string
    Choices:
  • none
  • log
  • popup alert
  • mail alert
  • snmp trap alert
  • user defined alert no.1
  • user defined alert no.2
  • user defined alert no.3
N/A
before_delete_keep_logs_from_the_last_days
boolean
    Choices:
  • no
  • yes
N/A
before_delete_keep_logs_from_the_last_days_threshold
integer
N/A
before_delete_run_script
boolean
    Choices:
  • no
  • yes
N/A
before_delete_run_script_command
string
N/A
delete_index_files_older_than_days
boolean
    Choices:
  • no
  • yes
N/A
delete_index_files_older_than_days_threshold
integer
N/A
delete_index_files_when_index_size_above
boolean
    Choices:
  • no
  • yes
N/A
delete_index_files_when_index_size_above_threshold
integer
N/A
delete_when_free_disk_space_below
boolean
    Choices:
  • no
  • yes
N/A
delete_when_free_disk_space_below_threshold
integer
N/A
detect_new_citrix_ica_application_names
boolean
    Choices:
  • no
  • yes
N/A
forward_logs_to_log_server
boolean
    Choices:
  • no
  • yes
N/A
forward_logs_to_log_server_name
string
N/A
forward_logs_to_log_server_schedule_name
string
N/A
free_disk_space_metrics
string
    Choices:
  • mbytes
  • percent
N/A
perform_log_rotate_before_log_forwarding
boolean
    Choices:
  • no
  • yes
N/A
reject_connections_when_free_disk_space_below_threshold
boolean
    Choices:
  • no
  • yes
N/A
reserve_for_packet_capture_metrics
string
    Choices:
  • percent
  • mbytes
N/A
reserve_for_packet_capture_threshold
integer
N/A
rotate_log_by_file_size
boolean
    Choices:
  • no
  • yes
N/A
rotate_log_file_size_threshold
integer
N/A
rotate_log_on_schedule
boolean
    Choices:
  • no
  • yes
N/A
rotate_log_schedule_name
string
N/A
stop_logging_when_free_disk_space_below
boolean
    Choices:
  • no
  • yes
N/A
stop_logging_when_free_disk_space_below_threshold
integer
N/A
turn_on_qos_logging
boolean
    Choices:
  • no
  • yes
N/A
update_account_log_every
integer
N/A
name
string / required
Object name.
one_time_password
string
N/A
os_name
string
Gateway platform operating system.
save_logs_locally
boolean
    Choices:
  • no
  • yes
Save logs locally on the gateway.
send_alerts_to_server
list / elements=string
Server(s) to send alerts to.
send_logs_to_backup_server
list / elements=string
Backup server(s) to send logs to.
send_logs_to_server
list / elements=string
Server(s) to send logs to.
state
string
    Choices:
  • present ←
  • absent
State of the access rule (present or absent). Defaults to present.
tags
list / elements=string
Collection of tag identifiers.
threat_emulation
boolean
    Choices:
  • no
  • yes
Threat Emulation blade enabled.
threat_extraction
boolean
    Choices:
  • no
  • yes
Threat Extraction blade enabled.
url_filtering
boolean
    Choices:
  • no
  • yes
URL Filtering blade enabled.
version
string
Version of checkpoint. If not given one, the latest version taken.
vpn
boolean
    Choices:
  • no
  • yes
VPN blade enabled.
vpn_settings
dictionary
Gateway VPN settings.
maximum_concurrent_ike_negotiations
integer
N/A
maximum_concurrent_tunnels
integer
N/A
wait_for_task
boolean
    Choices:
  • no
  • yes ←
Wait for the task to end. Such as publish task.
wait_for_task_timeout
integer
Default:
30
How many minutes to wait until throwing a timeout error.

Examples

- name: add-simple-gateway
  cp_mgmt_simple_gateway:
    ip_address: 192.0.2.1
    name: gw1
    state: present

- name: set-simple-gateway
  cp_mgmt_simple_gateway:
    anti_bot: true
    anti_virus: true
    application_control: true
    ips: true
    name: test_gateway
    state: present
    threat_emulation: true
    url_filtering: true

- name: delete-simple-gateway
  cp_mgmt_simple_gateway:
    name: gw1
    state: absent

Return Values

Common return values are documented here, the following are the fields unique to this module:

Key Returned Description
cp_mgmt_simple_gateway
dictionary
always, except when deleting the object.
The checkpoint object created or updated.


Authors

  • Or Soffer (@chkp-orso)