check_point.mgmt.cp_mgmt_install_policy module – install policy on Check Point over Web Services API

Note

This module is part of the check_point.mgmt collection (version 2.3.0).

You might already have this collection installed if you are using the ansible package. It is not included in ansible-core. To check whether it is installed, run ansible-galaxy collection list.

To install it, use: ansible-galaxy collection install check_point.mgmt.

To use it in a playbook, specify: check_point.mgmt.cp_mgmt_install_policy.

New in version 2.9: of check_point.mgmt

Synopsis

  • install policy on Check Point over Web Services API

  • All operations are performed over Web Services API.

Parameters

Parameter

Comments

access

boolean

Set to be true in order to install the Access Control policy. By default, the value is true if Access Control policy is enabled on the input policy package, otherwise false.

Choices:

  • no

  • yes

desktop_security

boolean

Set to be true in order to install the Desktop Security policy. By default, the value is true if desktop security policy is enabled on the input policy package, otherwise false.

Choices:

  • no

  • yes

install_on_all_cluster_members_or_fail

boolean

Relevant for the gateway clusters. If true, the policy is installed on all the cluster members. If the installation on a cluster member fails, don’t install on that cluster.

Choices:

  • no

  • yes

policy_package

string

The name of the Policy Package to be installed.

prepare_only

boolean

If true, prepares the policy for the installation, but doesn’t install it on an installation target.

Choices:

  • no

  • yes

qos

boolean

Set to be true in order to install the QoS policy. By default, the value is true if Quality-of-Service policy is enabled on the input policy package, otherwise false.

Choices:

  • no

  • yes

revision

string

The UID of the revision of the policy to install.

targets

list / elements=string

On what targets to execute this command. Targets may be identified by their name, or object unique identifier.

threat_prevention

boolean

Set to be true in order to install the Threat Prevention policy. By default, the value is true if Threat Prevention policy is enabled on the input policy package, otherwise false.

Choices:

  • no

  • yes

version

string

Version of checkpoint. If not given one, the latest version taken.

wait_for_task

boolean

Wait for the task to end. Such as publish task.

Choices:

  • no

  • yes ← (default)

wait_for_task_timeout

integer

How many minutes to wait until throwing a timeout error.

Default: 30

Examples

- name: install-policy
  cp_mgmt_install_policy:
    access: true
    policy_package: standard
    targets:
    - corporate-gateway
    threat_prevention: true

Return Values

Common return values are documented here, the following are the fields unique to this module:

Key

Description

cp_mgmt_install_policy

dictionary

The checkpoint install-policy output.

Returned: always.

Authors

  • Or Soffer (@chkp-orso)