check_point.mgmt.cp_mgmt_access_rule – Manages access-rule objects on Check Point over Web Services API
Note
This plugin is part of the check_point.mgmt collection (version 2.1.1).
You might already have this collection installed if you are using the ansible
package. It is not included in ansible-core
. To check whether it is installed, run ansible-galaxy collection list
.
To install it, use: ansible-galaxy collection install check_point.mgmt
.
To use it in a playbook, specify: check_point.mgmt.cp_mgmt_access_rule
.
New in version 2.9: of check_point.mgmt
Synopsis
- Manages access-rule objects on Check Point devices including creating, updating and removing objects.
- All operations are performed over Web Services API.
Parameters
Parameter | Choices/Defaults | Comments | ||
---|---|---|---|---|
action string | a "Accept", "Drop", "Ask", "Inform", "Reject", "User Auth", "Client Auth", "Apply Layer". | |||
action_settings dictionary | Action settings. | |||
enable_identity_captive_portal boolean |
| N/A | ||
limit string | N/A | |||
auto_publish_session boolean |
| Publish the current session if changes have been performed after task completes. | ||
comments string | Comments string. | |||
content list / elements=string | List of processed file types that this rule applies on. | |||
content_direction string |
| On which direction the file types processing is applied. | ||
content_negate boolean |
| True if negate is set for data. | ||
custom_fields dictionary | Custom fields. | |||
field_1 string | First custom field. | |||
field_2 string | Second custom field. | |||
field_3 string | Third custom field. | |||
destination list / elements=string | Collection of Network objects identified by the name or UID. | |||
destination_negate boolean |
| True if negate is set for destination. | ||
details_level string |
| The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed representation of the object. | ||
enabled boolean |
| Enable/Disable the rule. | ||
ignore_errors boolean |
| Apply changes ignoring errors. You won't be able to publish such a changes. If ignore-warnings flag was omitted - warnings will also be ignored. | ||
ignore_warnings boolean |
| Apply changes ignoring warnings. | ||
inline_layer string | Inline Layer identified by the name or UID. Relevant only if "Action" was set to "Apply Layer". | |||
install_on list / elements=string | Which Gateways identified by the name or UID to install the policy on. | |||
layer string | Layer that the rule belongs to identified by the name or UID. | |||
name string / required | Object name. | |||
position string | Position in the rulebase. | |||
service list / elements=string | Collection of Network objects identified by the name or UID. | |||
service_negate boolean |
| True if negate is set for service. | ||
source list / elements=string | Collection of Network objects identified by the name or UID. | |||
source_negate boolean |
| True if negate is set for source. | ||
state string |
| State of the access rule (present or absent). Defaults to present. | ||
time list / elements=string | List of time objects. For example, "Weekend", "Off-Work", "Every-Day". | |||
track dictionary | Track Settings. | |||
accounting boolean |
| Turns accounting for track on and off. | ||
alert string |
| Type of alert for the track. | ||
enable_firewall_session boolean |
| Determine whether to generate session log to firewall only connections. | ||
per_connection boolean |
| Determines whether to perform the log per connection. | ||
per_session boolean |
| Determines whether to perform the log per session. | ||
type string | a "Log", "Extended Log", "Detailed Log", "None". | |||
user_check dictionary | User check settings. | |||
confirm string |
| N/A | ||
custom_frequency dictionary | N/A | |||
every integer | N/A | |||
unit string |
| N/A | ||
frequency string |
| N/A | ||
interaction string | N/A | |||
version string | Version of checkpoint. If not given one, the latest version taken. | |||
vpn list / elements=string | Communities or Directional. | |||
community list / elements=string | List of community name or UID. | |||
directional list / elements=string | Communities directional match condition. | |||
from string | From community name or UID. | |||
to string | To community name or UID. | |||
wait_for_task boolean |
| Wait for the task to end. Such as publish task. | ||
wait_for_task_timeout integer | Default: 30 | How many minutes to wait until throwing a timeout error. |
Examples
- name: add-access-rule cp_mgmt_access_rule: layer: Network name: Rule 1 position: 1 service: - SMTP - AOL state: present - name: set-access-rule cp_mgmt_access_rule: action: Ask action_settings: enable_identity_captive_portal: true limit: Upload_1Gbps layer: Network name: Rule 1 state: present - name: delete-access-rule cp_mgmt_access_rule: layer: Network name: Rule 2 state: absent
Return Values
Common return values are documented here, the following are the fields unique to this module:
Key | Returned | Description |
---|---|---|
cp_mgmt_access_rule dictionary | always, except when deleting the object. | The checkpoint object created or updated. |
Authors
- Or Soffer (@chkp-orso)
© 2012–2018 Michael DeHaan
© 2018–2021 Red Hat, Inc.
Licensed under the GNU General Public License version 3.
https://docs.ansible.com/ansible/latest/collections/check_point/mgmt/cp_mgmt_access_rule_module.html