check_point.mgmt.cp_mgmt_set_app_control_advanced_settings module – Edit Application Control & URL Filtering Blades’ Settings.
Note
This module is part of the check_point.mgmt collection (version 6.2.1).
You might already have this collection installed if you are using the ansible package.
It is not included in ansible-core.
To check whether it is installed, run ansible-galaxy collection list.
To install it, use: ansible-galaxy collection install check_point.mgmt.
To use it in a playbook, specify: check_point.mgmt.cp_mgmt_set_app_control_advanced_settings.
New in check_point.mgmt 6.0.0
Synopsis
Edit Application Control & URL Filtering Blades’ Settings.
All operations are performed over Web Services API.
Parameters
Parameter |
Comments |
|---|---|
Publish the current session if changes have been performed after task completes. Choices:
|
|
Block requests when the web service is unavailable. When selected, requests are blocked when there is no connectivity to the Check Point Online Web Service. When cleared, requests are allowed when there is no connectivity. This property is not available in the Global domain of an MDS machine. Choices:
|
|
When selected, the Security Gateway connects to the Check Point Online Web Service to identify social networking widgets that it does not recognize. When cleared or there is no connectivity between the Security Gateway and the Check Point Online Web, the unknown widget is treated as Web Browsing traffic. This property is not available in the Global domain of an MDS machine. Choices:
|
|
Website categorization mode - select the mode that is used for website categorization. This property is not available in the Global domain of an MDS machine. |
|
Hold - Requests are blocked until categorization is complete. Background - Requests are allowed until categorization is complete. This property is not available in the Global domain of an MDS machine. Choices:
|
|
Hold - Requests are blocked until categorization is complete. Background - Requests are allowed until categorization is complete. This property is not available in the Global domain of an MDS machine. Choices:
|
|
Allows the editing of applications, categories, and services. This property is used only in the Global Domain of an MDS machine. Choices:
|
|
If you do not enable URL Filtering on the Security Gateway, you can use a generic Web browser application called Web Browsing in the rule. This application includes all HTTP traffic that is not a defined application Application and URL Filtering assigns Web Browsing as the default application for all HTTP traffic that does not match an application in the Application and URL Filtering Database. This property is not available in the Global domain of an MDS machine. Choices:
|
|
Enable HTTP inspection on non standard ports for application and URL filtering. This property is not available in the Global domain of an MDS machine. Choices:
|
|
In case of internal system error, allow or block all connections. This property is not available in the Global domain of an MDS machine. Choices:
|
|
Match Web application on ‘Any’ port when used in Block rule - By default this is set to true. and so applications are matched on all services when used in a Block rule. Choices:
|
|
In this section user can enable URL Filtering features. This property is not available in the Global domain of an MDS machine. |
|
Select this option to assign categories to cached search engine results and translated pages. When this option is selected, Application and URL Filtering assigns categories based on the original Web site instead of the ‘search engine pages’ category. This property is not available in the Global domain of an MDS machine. Choices:
|
|
This option lets Application and URL Filtering assign categories to HTTPS sites without activating HTTPS inspection. It assigns a site category based on its domain name and whether the site has a valid certificate. If the server certificate is, Trusted - Application and URL Filtering gets the domain name from the certificate and uses it to categorize the site. Not Trusted - Application and URL Filtering assigns a category based on the IP address. This property is not available in the Global domain of an MDS machine. Choices:
|
|
Select this option to require use of the safe search feature in search engines. When activated, the URL Filtering Policy uses the strictest available safe search option for the specified search engine. This option overrides user specified search engine options to block offensive material in search results. This property is not available in the Global domain of an MDS machine. Choices:
|
|
Version of checkpoint. If not given one, the latest version taken. |
|
Wait for the task to end. Such as publish task. Choices:
|
|
How many minutes to wait until throwing a timeout error. Default: |
|
Web browsing services are the services that match a Web-based custom Application/Site. |
|
Hold - Requests are blocked until categorization is complete. Background - Requests are allowed until categorization is complete. Custom - configure different settings depending on the service. Lets you set different modes for URL Filtering and Social Networking Widgets. This property is not available in the Global domain of an MDS machine. Choices:
|
Examples
- name: set-app-control-advanced-settings
cp_mgmt_set_app_control_advanced_settings:
block_request_when_web_service_is_unavailable: 'true'
categorize_social_network_widgets: 'true'
custom_categorization_settings:
social_network_widgets_mode: background
url_filtering_mode: hold
enable_web_browsing: 'true'
httpi_non_standard_ports: 'true'
internal_error_fail_mode: block connections
match_application_on_any_port: 'true'
url_filtering_settings:
categorize_cached_and_translated_pages: 'false'
categorize_https_websites: 'true'
enforce_safe_search: 'true'
web_browsing_services:
- AH
website_categorization_mode: custom
Return Values
Common return values are documented here, the following are the fields unique to this module:
Key |
Description |
|---|---|
The checkpoint set-app-control-advanced-settings output. Returned: always. |