check_point.mgmt.cp_mgmt_simple_gateway – Manages simple-gateway objects on Check Point over Web Services API

Note

This plugin is part of the check_point.mgmt collection (version 2.1.1).

You might already have this collection installed if you are using the ansible package. It is not included in ansible-core. To check whether it is installed, run ansible-galaxy collection list.

To install it, use: ansible-galaxy collection install check_point.mgmt.

To use it in a playbook, specify: check_point.mgmt.cp_mgmt_simple_gateway.

New in version 2.9: of check_point.mgmt

Synopsis

Manages simple-gateway objects on Check Point devices including creating, updating and removing objects.
All operations are performed over Web Services API.

Parameters

Parameter			Choices/Defaults	Comments
anti_bot boolean			Choices: no yes	Anti-Bot blade enabled.
anti_virus boolean			Choices: no yes	Anti-Virus blade enabled.
application_control boolean			Choices: no yes	Application Control blade enabled.
auto_publish_session boolean			Choices: no yes	Publish the current session if changes have been performed after task completes.
color string			Choices: aquamarine black blue crete blue burlywood cyan dark green khaki orchid dark orange dark sea green pink turquoise dark blue firebrick brown forest green gold dark gold gray dark gray light green lemon chiffon coral sea green sky blue magenta purple slate blue violet red navy blue olive orange red sienna yellow	Color of the object. Should be one of existing colors.
comments string				Comments string.
content_awareness boolean			Choices: no yes	Content Awareness blade enabled.
details_level string			Choices: uid standard full	The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed representation of the object.
firewall boolean			Choices: no yes	Firewall blade enabled.
firewall_settings dictionary				N/A
	auto_calculate_connections_hash_table_size_and_memory_pool boolean		Choices: no yes	N/A
	auto_maximum_limit_for_concurrent_connections boolean		Choices: no yes	N/A
	connections_hash_size integer			N/A
	maximum_limit_for_concurrent_connections integer			N/A
	maximum_memory_pool_size integer			N/A
	memory_pool_size integer			N/A
gateway_version string				Gateway platform version.
groups list / elements=string				Collection of group identifiers.
ignore_errors boolean			Choices: no yes	Apply changes ignoring errors. You won't be able to publish such a changes. If ignore-warnings flag was omitted - warnings will also be ignored.
ignore_warnings boolean			Choices: no yes	Apply changes ignoring warnings.
interfaces list / elements=string				Network interfaces. When a gateway is updated with a new interfaces, the existing interfaces are removed.
	anti_spoofing boolean		Choices: no yes	N/A
	anti_spoofing_settings dictionary			N/A
		action string	Choices: prevent detect	If packets will be rejected (the Prevent option) or whether the packets will be monitored (the Detect option).
	color string		Choices: aquamarine black blue crete blue burlywood cyan dark green khaki orchid dark orange dark sea green pink turquoise dark blue firebrick brown forest green gold dark gold gray dark gray light green lemon chiffon coral sea green sky blue magenta purple slate blue violet red navy blue olive orange red sienna yellow	Color of the object. Should be one of existing colors.
	comments string			Comments string.
	details_level string		Choices: uid standard full	The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed representation of the object.
	ignore_errors boolean		Choices: no yes	Apply changes ignoring errors. You won't be able to publish such a changes. If ignore-warnings flag was omitted - warnings will also be ignored.
	ignore_warnings boolean		Choices: no yes	Apply changes ignoring warnings.
	ip_address string			IPv4 or IPv6 address. If both addresses are required use ipv4-address and ipv6-address fields explicitly.
	ipv4_address string			IPv4 address.
	ipv4_mask_length string			IPv4 network mask length.
	ipv4_network_mask string			IPv4 network address.
	ipv6_address string			IPv6 address.
	ipv6_mask_length string			IPv6 network mask length.
	ipv6_network_mask string			IPv6 network address.
	mask_length string			IPv4 or IPv6 network mask length.
	name string			Object name.
	network_mask string			IPv4 or IPv6 network mask. If both masks are required use ipv4-network-mask and ipv6-network-mask fields explicitly. Instead of providing mask itself it is possible to specify IPv4 or IPv6 mask length in mask-length field. If both masks length are required use ipv4-mask-length and ipv6-mask-length fields explicitly.
	security_zone boolean		Choices: no yes	N/A
	security_zone_settings dictionary			N/A
		auto_calculated boolean	Choices: no yes	Security Zone is calculated according to where the interface leads to.
		specific_zone string		Security Zone specified manually.
	tags list / elements=string			Collection of tag identifiers.
	topology string		Choices: automatic external internal	N/A
	topology_settings dictionary			N/A
		interface_leads_to_dmz boolean	Choices: no yes	Whether this interface leads to demilitarized zone (perimeter network).
		ip_address_behind_this_interface string	Choices: not defined network defined by the interface ip and net mask network defined by routing specific	N/A
		specific_network string		Network behind this interface.
ip_address string				IPv4 or IPv6 address. If both addresses are required use ipv4-address and ipv6-address fields explicitly.
ips boolean			Choices: no yes	Intrusion Prevention System blade enabled.
ipv4_address string				IPv4 address.
ipv6_address string				IPv6 address.
logs_settings dictionary				N/A
	alert_when_free_disk_space_below boolean		Choices: no yes	N/A
	alert_when_free_disk_space_below_threshold integer			N/A
	alert_when_free_disk_space_below_type string		Choices: none log popup alert mail alert snmp trap alert user defined alert no.1 user defined alert no.2 user defined alert no.3	N/A
	before_delete_keep_logs_from_the_last_days boolean		Choices: no yes	N/A
	before_delete_keep_logs_from_the_last_days_threshold integer			N/A
	before_delete_run_script boolean		Choices: no yes	N/A
	before_delete_run_script_command string			N/A
	delete_index_files_older_than_days boolean		Choices: no yes	N/A
	delete_index_files_older_than_days_threshold integer			N/A
	delete_index_files_when_index_size_above boolean		Choices: no yes	N/A
	delete_index_files_when_index_size_above_threshold integer			N/A
	delete_when_free_disk_space_below boolean		Choices: no yes	N/A
	delete_when_free_disk_space_below_threshold integer			N/A
	detect_new_citrix_ica_application_names boolean		Choices: no yes	N/A
	forward_logs_to_log_server boolean		Choices: no yes	N/A
	forward_logs_to_log_server_name string			N/A
	forward_logs_to_log_server_schedule_name string			N/A
	free_disk_space_metrics string		Choices: mbytes percent	N/A
	perform_log_rotate_before_log_forwarding boolean		Choices: no yes	N/A
	reject_connections_when_free_disk_space_below_threshold boolean		Choices: no yes	N/A
	reserve_for_packet_capture_metrics string		Choices: percent mbytes	N/A
	reserve_for_packet_capture_threshold integer			N/A
	rotate_log_by_file_size boolean		Choices: no yes	N/A
	rotate_log_file_size_threshold integer			N/A
	rotate_log_on_schedule boolean		Choices: no yes	N/A
	rotate_log_schedule_name string			N/A
	stop_logging_when_free_disk_space_below boolean		Choices: no yes	N/A
	stop_logging_when_free_disk_space_below_threshold integer			N/A
	turn_on_qos_logging boolean		Choices: no yes	N/A
	update_account_log_every integer			N/A
name string / required				Object name.
one_time_password string				N/A
os_name string				Gateway platform operating system.
save_logs_locally boolean			Choices: no yes	Save logs locally on the gateway.
send_alerts_to_server list / elements=string				Server(s) to send alerts to.
send_logs_to_backup_server list / elements=string				Backup server(s) to send logs to.
send_logs_to_server list / elements=string				Server(s) to send logs to.
state string			Choices: present ← absent	State of the access rule (present or absent). Defaults to present.
tags list / elements=string				Collection of tag identifiers.
threat_emulation boolean			Choices: no yes	Threat Emulation blade enabled.
threat_extraction boolean			Choices: no yes	Threat Extraction blade enabled.
url_filtering boolean			Choices: no yes	URL Filtering blade enabled.
version string				Version of checkpoint. If not given one, the latest version taken.
vpn boolean			Choices: no yes	VPN blade enabled.
vpn_settings dictionary				Gateway VPN settings.
	maximum_concurrent_ike_negotiations integer			N/A
	maximum_concurrent_tunnels integer			N/A
wait_for_task boolean			Choices: no yes ←	Wait for the task to end. Such as publish task.
wait_for_task_timeout integer			Default: 30	How many minutes to wait until throwing a timeout error.

Examples

- name: add-simple-gateway
  cp_mgmt_simple_gateway:
    ip_address: 192.0.2.1
    name: gw1
    state: present

- name: set-simple-gateway
  cp_mgmt_simple_gateway:
    anti_bot: true
    anti_virus: true
    application_control: true
    ips: true
    name: test_gateway
    state: present
    threat_emulation: true
    url_filtering: true

- name: delete-simple-gateway
  cp_mgmt_simple_gateway:
    name: gw1
    state: absent

Return Values

Common return values are documented here, the following are the fields unique to this module:

Key	Returned	Description
cp_mgmt_simple_gateway dictionary	always, except when deleting the object.	The checkpoint object created or updated.

Authors

Or Soffer (@chkp-orso)

© 2012–2018 Michael DeHaan
© 2018–2021 Red Hat, Inc.
Licensed under the GNU General Public License version 3.
https://docs.ansible.com/ansible/latest/collections/check_point/mgmt/cp_mgmt_simple_gateway_module.html

Docs

Docs4dev

Title here