check_point.mgmt.cp_mgmt_mobile_profile module – Manages mobile-profile objects on Checkpoint over Web Services API

Note

This module is part of the check_point.mgmt collection (version 6.2.1).

You might already have this collection installed if you are using the ansible package. It is not included in ansible-core. To check whether it is installed, run ansible-galaxy collection list.

To install it, use: ansible-galaxy collection install check_point.mgmt.

To use it in a playbook, specify: check_point.mgmt.cp_mgmt_mobile_profile.

New in check_point.mgmt 6.0.0

Synopsis

  • Manages mobile-profile objects on Checkpoint devices including creating, updating and removing objects.

  • All operations are performed over Web Services API.

Parameters

Parameter

Comments

applications

dictionary

Applications settings.

allow_caching_docsec_credentials

boolean

Allow store encrypted document credentials in application secure storage.

Choices:

  • false

  • true

allow_caching_docsec_keys

boolean

Allow store encrypted document keys in application secure storage.

Choices:

  • false

  • true

allow_calendar_sync

boolean

Allow synchronization between business calendar to device calendar.

Choices:

  • false

  • true

allow_contacts_from_global_address_list

boolean

Allow to add additional contacts from Global Address List to the app.

Choices:

  • false

  • true

allow_contacts_from_local_phone

boolean

Allow to add additional contacts from local phone to the app.

Choices:

  • false

  • true

allow_push_notification

boolean

Allow to receive push notifications of mails and meetings.

Choices:

  • false

  • true

calendar_from_the_last

integer

How far back to see your Calendar from the current date - you can choose a unit (day, week, month) in “calendar-from-the-last-unit” field.

calendar_from_the_last_unit

string

Unit for “calendar-from-the-last” numeric value.

Choices:

  • "weeks"

  • "months"

  • "days"

calendar_to_the_following

integer

How much ahead to see your Calendar from the current date - you can choose a unit (day, week, month) in “calendar-to-the-following-unit” field.

calendar_to_the_following_unit

string

Unit for “calendar-to-the-following” numeric value.

Choices:

  • "weeks"

  • "months"

  • "days"

enable_print_mails

boolean

Allow to print mails.

Choices:

  • false

  • true

mail_from_the_last

integer

How far back to see your emails from the current date - choose a unit (day, week, month) in “mail-from-the-last-unit” field.

mail_from_the_last_unit

string

Unit for “mail-from-the-last” numeric value.

Choices:

  • "weeks"

  • "months"

  • "days"

max_attachments_size

integer

Maximum size of attachments allowed for downloading - you can choose a unit (gbs, kbs, mbs, bytes) in “max-attachments-unit” field.

save_local_web_cache

boolean

Configure whether local cache data generated by web browser should be preserved.

Choices:

  • false

  • true

synchronize_contacts

string

Contacts synchronization method - from the mail server to device and the app and vice versa or from the mail server to device and the app or from the mail server to the app.

Choices:

  • "mail srv to app and device and vice versa"

  • "mail srv to app and device"

  • "mail srv to app"

auto_publish_session

boolean

Publish the current session if changes have been performed after task completes.

Choices:

  • false ← (default)

  • true

client_customization

dictionary

Client customization settings.

allow_calendar

boolean

Allow sync business calendar to device calendar.

Choices:

  • false

  • true

allow_contacts

boolean

Enable/Disable contacts app.

Choices:

  • false

  • true

allow_mail

boolean

Enable/Disable email app.

Choices:

  • false

  • true

allow_notes_sync

boolean

Allow sync business notes to device notes.

Choices:

  • false

  • true

allow_saved_file_apps

boolean

Allow the appearance of ‘Saved file app’ in the app list.

Choices:

  • false

  • true

allow_secure_chat

boolean

Enable/Disable Messages app (depends on Mail app).

Choices:

  • false

  • true

allow_tasks

boolean

Enable/Disable Tasks app.

Choices:

  • false

  • true

app_theme_color_dark

string

Configure the application display colors in Dark mode. 6 hex digits that define RGB color - relevant for IOS.

app_theme_color_light

string

Configure the application display colors in light mode. 6 hex digits that define RGB color - relevant for IOS.

certificate_expire_message

string

message to show users when certificate is expired - for admin to fill - can contain only English characters, digits, comma, spaces and points.

color

string

Color of the object. Should be one of existing colors.

Choices:

  • "aquamarine"

  • "black"

  • "blue"

  • "crete blue"

  • "burlywood"

  • "cyan"

  • "dark green"

  • "khaki"

  • "orchid"

  • "dark orange"

  • "dark sea green"

  • "pink"

  • "turquoise"

  • "dark blue"

  • "firebrick"

  • "brown"

  • "forest green"

  • "gold"

  • "dark gold"

  • "gray"

  • "dark gray"

  • "light green"

  • "lemon chiffon"

  • "coral"

  • "sea green"

  • "sky blue"

  • "magenta"

  • "purple"

  • "slate blue"

  • "violet red"

  • "navy blue"

  • "olive"

  • "orange"

  • "red"

  • "sienna"

  • "yellow"

comments

string

Comments string.

data_leak_prevention

dictionary

Data leak prevention settings.

accept_protected_file_extensions

list / elements=string

Accept protected files with these extensions from external apps to your app.

Choices:

  • "any file"

  • "word documents"

  • "excel documents"

  • "powerpoint documents"

  • "any microsoft office documents"

  • "media files"

accept_unprotected_file_extensions

list / elements=string

Accept unprotected files with these extensions from external apps to your app.

Choices:

  • "any file"

  • "word documents"

  • "excel documents"

  • "powerpoint documents"

  • "any microsoft office documents"

  • "media files"

allow_copy_paste

boolean

Allow copy paste of mail content.

Choices:

  • false

  • true

boolean

Allow import media from gallery.

Choices:

  • false

  • true

allow_taking_photos_and_videos

boolean

Allow the camera to be used from your app.

Choices:

  • false

  • true

allowed_domains_forward_attachment

string

exclusion of domains which attachments are allowed to be sent, even that shared policy prevents sharing these kinds of attached files - can contain only English characters, digits, comma, spaces and points.

block_forward_attachments

boolean

Allow share mail attachments with external mails.

Choices:

  • false

  • true

block_screenshot

boolean

If true - you can’t make a screenshot from your app.

Choices:

  • false

  • true

offer_capsule_as_viewer

boolean

Offer Capsule as a viewer for external protected documents.

Choices:

  • false

  • true

open_extension_with_external_app

list / elements=string

Open the following extensions from your app with external apps when they cannot be opened with Capsule viewer.

Choices:

  • "any file"

  • "word documents"

  • "excel documents"

  • "powerpoint documents"

  • "any microsoft office documents"

  • "media files"

share_protected_extension

list / elements=string

Share protected files extensions to external apps.

Choices:

  • "any file"

  • "word documents"

  • "excel documents"

  • "powerpoint documents"

  • "any microsoft office documents"

  • "media files"

share_unprotected_extension

list / elements=string

Share unprotected files extensions to external apps.

Choices:

  • "any file"

  • "word documents"

  • "excel documents"

  • "powerpoint documents"

  • "any microsoft office documents"

  • "media files"

details_level

string

The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed representation of the object.

Choices:

  • "uid"

  • "standard"

  • "full"

domains_to_process

list / elements=string

Indicates which domains to process the commands on. It cannot be used with the details-level full, must be run from the System Domain only and with ignore-warnings true. Valid values are, CURRENT_DOMAIN, ALL_DOMAINS_ON_THIS_SERVER.

harmony_mobile

dictionary

Integrations settings.

compromised_behavior

string

Device configuration - response to malicious behavior (configuration for Harmony SDK).

Choices:

  • "block"

  • "notify"

  • "ignore"

enable_harmony_mobile_sdk

boolean

Enable/disable Harmony SDK - cannot be enable if Harmony Mobile Application is enable.

Choices:

  • false

  • true

harmony_mobile_sdk_license

string

License for Harmony Mobile Sdk (configuration for Harmony SDK) - can contain only English characters, digits, comma, spaces and point.

malware_behavior

string

Behavior when App is identified as malicious (configuration for Harmony SDK).

Choices:

  • "block"

  • "notify"

  • "ignore"

man_in_the_middle_attack

string

Behavior when there is a network man-in-the-middle attack (configuration for Harmony SDK).

Choices:

  • "block"

  • "notify"

  • "ignore"

os_integrity_compromised

string

Behavior when Device OS is compromised (configuration for Harmony SDK).

Choices:

  • "block"

  • "notify"

  • "ignore"

protect_high_risk_action

string

What is the action if there is high risk found by Harmony Mobile.

Choices:

  • "none"

  • "wipe"

  • "block"

protect_high_risk_message

string

The message can contain only English characters, digits, comma, spaces and points.

protect_medium_risk_action

string

What is the action if there is medium risk found by Harmony Mobile.

Choices:

  • "none"

  • "wipe"

  • "block"

protect_medium_risk_message

string

The message can contain only English characters, digits, comma, spaces and points.

protect_not_activated_action

string

What is the action if there is policy violation (configuration for Harmony Mobile).

Choices:

  • "none"

  • "wipe"

  • "block"

protect_not_activated_message

string

The message can contain only English characters, digits, comma, spaces and points.

protect_policy_enabled

boolean

Enable/disable Protect Application- cannot be enable if Harmony SDK is enable.

Choices:

  • false

  • true

suspicious_app

string

Behavior when App is suspected as malicious (configuration for Harmony SDK).

Choices:

  • "block"

  • "notify"

  • "ignore"

suspicious_enterprise_certificate

string

Behavior when a certificate profile has been installed allowing the installing of apps on device from unknown source - iOS only (configuration for Harmony SDK).

Choices:

  • "block"

  • "notify"

  • "ignore"

ignore_errors

boolean

Apply changes ignoring errors. You won’t be able to publish such a changes. If ignore-warnings flag was omitted - warnings will also be ignored.

Choices:

  • false

  • true

ignore_warnings

boolean

Apply changes ignoring warnings.

Choices:

  • false

  • true

name

string / required

Object name.

security

dictionary

Security settings.

activate_passcode_lock

boolean

Require passcode to the application.

Choices:

  • false

  • true

allow_store_credentials

boolean

Allow storing the credentials on the device.

Choices:

  • false

  • true

block_3rd_party_keyboard

boolean

Block 3rd party keyboard.

Choices:

  • false

  • true

block_jailbroken

string

Action upon detection of jail broken devices.

Choices:

  • "block"

  • "none"

hide_ssl_connect_anyway_button

boolean

Hide connect button on critical SSL trust failures.

Choices:

  • false

  • true

passcode_profile

string

Passcode Policy object identified by the name or UID.

report_jailbroken

boolean

Issue log when device is detected as jail broken.

Choices:

  • false

  • true

session_timeout

integer

Session timeout - you can choose a unit (day, week, month) in “session-timeout-unit” field.

session_timeout_unit

string

Unit for “session-timeout” numeric value.

Choices:

  • "weeks"

  • "days"

  • "hours"

  • "minutes"

state

string

State of the access rule (present or absent).

Choices:

  • "present" ← (default)

  • "absent"

tags

list / elements=string

Collection of tag identifiers.

version

string

Version of checkpoint. If not given one, the latest version taken.

wait_for_task

boolean

Wait for the task to end. Such as publish task.

Choices:

  • false

  • true ← (default)

wait_for_task_timeout

integer

How many minutes to wait until throwing a timeout error.

Default: 30

Examples

- name: add-mobile-profile
  cp_mgmt_mobile_profile:
    name: New Mobile Profile
    state: present

- name: set-mobile-profile
  cp_mgmt_mobile_profile:
    data_leak_prevention:
      share_protected_extension: word documents
    name: New Mobile Profile
    state: present

- name: delete-mobile-profile
  cp_mgmt_mobile_profile:
    name: New Mobile Profile
    state: absent

Return Values

Common return values are documented here, the following are the fields unique to this module:

Key

Description

cp_mgmt_mobile_profile

dictionary

The checkpoint object created or updated.

Returned: always, except when deleting the object.

Authors

  • Eden Brillant (@chkp-edenbr)