check_point.mgmt.cp_mgmt_access_rules module – Manages access-rules objects on Check Point over Web Services API
Note
This module is part of the check_point.mgmt collection (version 5.1.1).
You might already have this collection installed if you are using the ansible
package.
It is not included in ansible-core
.
To check whether it is installed, run ansible-galaxy collection list
.
To install it, use: ansible-galaxy collection install check_point.mgmt
.
To use it in a playbook, specify: check_point.mgmt.cp_mgmt_access_rules
.
New in check_point.mgmt 2.2.0
Synopsis
Manages access-rules objects on Check Point devices including creating, updating and removing objects.
All operations are performed over Web Services API.
Note
This module has a corresponding action plugin.
Parameters
Parameter |
Comments |
---|---|
Publish the current session if changes have been performed after task completes. Choices:
|
|
The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed representation of the object. Choices:
|
|
Layer that the rule belongs to identified by the name or UID. |
|
List of rules. |
|
a “Accept”, “Drop”, “Ask”, “Inform”, “Reject”, “User Auth”, “Client Auth”, “Apply Layer”. |
|
Action settings. |
|
N/A Choices:
|
|
N/A |
|
Comments string. |
|
List of processed file types that this rule applies on. |
|
On which direction the file types processing is applied. Choices:
|
|
True if negate is set for data. Choices:
|
|
Custom fields. |
|
First custom field. |
|
Second custom field. |
|
Third custom field. |
|
Collection of Network objects identified by the name or UID. |
|
True if negate is set for destination. Choices:
|
|
The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed representation of the object. Choices:
|
|
Enable/Disable the rule. Choices:
|
|
Apply changes ignoring errors. You won’t be able to publish such a changes. If ignore-warnings flag was omitted - warnings will also be ignored. Choices:
|
|
Apply changes ignoring warnings. Choices:
|
|
Inline Layer identified by the name or UID. Relevant only if “Action” was set to “Apply Layer”. |
|
Which Gateways identified by the name or UID to install the policy on. |
|
Object name. |
|
Collection of Network objects identified by the name or UID. |
|
True if negate is set for service. Choices:
|
|
Collection of Network objects identified by the name or UID. |
|
True if negate is set for source. Choices:
|
|
State of the access rule (present or absent). Defaults to present. Choices:
|
|
List of time objects. For example, “Weekend”, “Off-Work”, “Every-Day”. |
|
Track Settings. |
|
Turns accounting for track on and off. Choices:
|
|
Type of alert for the track. Choices:
|
|
Determine whether to generate session log to firewall only connections. Choices:
|
|
Determines whether to perform the log per connection. Choices:
|
|
Determines whether to perform the log per session. Choices:
|
|
a “Log”, “Extended Log”, “Detailed Log”, “None”. |
|
User check settings. |
|
N/A Choices:
|
|
N/A |
|
N/A |
|
N/A Choices:
|
|
N/A Choices:
|
|
N/A |
|
Any or All_GwToGw. Choices:
|
|
Communities or Directional. |
|
List of community name or UID. |
|
Communities directional match condition. |
|
From community name or UID. |
|
To community name or UID. |
|
Version of checkpoint. If not given one, the latest version taken. |
|
How many minutes to wait until throwing a timeout error. Default: |
Examples
- name: add-access-rules
cp_mgmt_access_rules:
rules:
- name: Rule 1
service:
- SMTP
- AOL
state: present
- name: Rule 2
service:
- SMTP
state: present
layer: Network
auto_publish_session: true
Return Values
Common return values are documented here, the following are the fields unique to this module:
Key |
Description |
---|---|
The checkpoint object created or updated. Returned: always, except when deleting the object. |