check_point.mgmt.cp_mgmt_access_rule – Manages access-rule objects on Check Point over Web Services API

Note

This plugin is part of the check_point.mgmt collection (version 2.0.0).

To install it use: ansible-galaxy collection install check_point.mgmt.

To use it in a playbook, specify: check_point.mgmt.cp_mgmt_access_rule.

New in version 2.9: of check_point.mgmt

Synopsis
Parameters
Examples
Return Values

Synopsis

Manages access-rule objects on Check Point devices including creating, updating and removing objects.
All operations are performed over Web Services API.

Parameters

Parameter			Choices/Defaults	Comments
action string				a "Accept", "Drop", "Ask", "Inform", "Reject", "User Auth", "Client Auth", "Apply Layer".
action_settings dictionary				Action settings.
	enable_identity_captive_portal boolean		Choices: no yes	N/A
	limit string			N/A
auto_publish_session boolean			Choices: no yes	Publish the current session if changes have been performed after task completes.
comments string				Comments string.
content list / elements=string				List of processed file types that this rule applies on.
content_direction string			Choices: any up down	On which direction the file types processing is applied.
content_negate boolean			Choices: no yes	True if negate is set for data.
custom_fields dictionary				Custom fields.
	field_1 string			First custom field.
	field_2 string			Second custom field.
	field_3 string			Third custom field.
destination list / elements=string				Collection of Network objects identified by the name or UID.
destination_negate boolean			Choices: no yes	True if negate is set for destination.
details_level string			Choices: uid standard full	The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed representation of the object.
enabled boolean			Choices: no yes	Enable/Disable the rule.
ignore_errors boolean			Choices: no yes	Apply changes ignoring errors. You won't be able to publish such a changes. If ignore-warnings flag was omitted - warnings will also be ignored.
ignore_warnings boolean			Choices: no yes	Apply changes ignoring warnings.
inline_layer string				Inline Layer identified by the name or UID. Relevant only if "Action" was set to "Apply Layer".
install_on list / elements=string				Which Gateways identified by the name or UID to install the policy on.
layer string				Layer that the rule belongs to identified by the name or UID.
name string / required				Object name.
position string				Position in the rulebase.
service list / elements=string				Collection of Network objects identified by the name or UID.
service_negate boolean			Choices: no yes	True if negate is set for service.
source list / elements=string				Collection of Network objects identified by the name or UID.
source_negate boolean			Choices: no yes	True if negate is set for source.
state string			Choices: present ← absent	State of the access rule (present or absent). Defaults to present.
time list / elements=string				List of time objects. For example, "Weekend", "Off-Work", "Every-Day".
track dictionary				Track Settings.
	accounting boolean		Choices: no yes	Turns accounting for track on and off.
	alert string		Choices: none alert snmp mail user alert 1 user alert 2 user alert 3	Type of alert for the track.
	enable_firewall_session boolean		Choices: no yes	Determine whether to generate session log to firewall only connections.
	per_connection boolean		Choices: no yes	Determines whether to perform the log per connection.
	per_session boolean		Choices: no yes	Determines whether to perform the log per session.
	type string			a "Log", "Extended Log", "Detailed Log", "None".
user_check dictionary				User check settings.
	confirm string		Choices: per rule per category per application/site per data type	N/A
	custom_frequency dictionary			N/A
		every integer		N/A
		unit string	Choices: hours days weeks months	N/A
	frequency string		Choices: once a day once a week once a month custom frequency...	N/A
	interaction string			N/A
version string				Version of checkpoint. If not given one, the latest version taken.
vpn list / elements=string				Communities or Directional.
	community list / elements=string			List of community name or UID.
	directional list / elements=string			Communities directional match condition.
		from string		From community name or UID.
		to string		To community name or UID.
wait_for_task boolean			Choices: no yes ←	Wait for the task to end. Such as publish task.
wait_for_task_timeout integer			Default: 30	How many minutes to wait until throwing a timeout error.

Examples

- name: add-access-rule
  cp_mgmt_access_rule:
    layer: Network
    name: Rule 1
    position: 1
    service:
    - SMTP
    - AOL
    state: present

- name: set-access-rule
  cp_mgmt_access_rule:
    action: Ask
    action_settings:
      enable_identity_captive_portal: true
      limit: Upload_1Gbps
    layer: Network
    name: Rule 1
    state: present

- name: delete-access-rule
  cp_mgmt_access_rule:
    layer: Network
    name: Rule 2
    state: absent

Return Values

Common return values are documented here, the following are the fields unique to this module:

Key	Returned	Description
cp_mgmt_access_rule dictionary	always, except when deleting the object.	The checkpoint object created or updated.

Authors

Or Soffer (@chkp-orso)

© 2012–2018 Michael DeHaan
© 2018–2021 Red Hat, Inc.
Licensed under the GNU General Public License version 3.
https://docs.ansible.com/ansible/2.11/collections/check_point/mgmt/cp_mgmt_access_rule_module.html