topic Re: Access rule creation issue using Ansible. in Ansible

Access rule creation issue using Ansible.

Abhishek_Kumar1 — Fri, 26 Jun 2020 19:09:32 GMT

Hi All

I have multiple policy package in my management server.

I am creating a rule using ansible, I want to create a rule in perticular policy package.

But when i am running my playbook, rule is automatic creating in standard policy package.

Even if I use policy installation module, i can install a policy as per my requirement.

================ ==================Error====================================================

"msg": "Unsupported parameters for (cp_mgmt_access_rule) module: policy_package Supported parameters include: action, action_settings, auto_publish_session, comments, content, content_direction, content_negate, custom_fields, destination, destination_negate, details_level, enabled, ignore_errors, ignore_warnings, inline_layer, install_on, layer, name, position, service, service_negate, source, source_negate, state, time, track, user_check, version, vpn, wait_for_task"

==============================================================================================

I am pasting my module below for your reference

========================================

---
- hosts: check_point
connection: httpapi
tasks:
- name: Create host object
cp_mgmt_host:
color: blue
ipv4_address: 192.0.2.2
name: CP_MGMT Host 1
state: present
auto_publish_session: true

- name: Create host object
cp_mgmt_host:
color: red
ipv4_address: 192.0.2.3
name: CP_MGMT Host 2
state: present
auto_publish_session: true

- name: Create host object
cp_mgmt_host:
color: dark green
ipv4_address: 192.0.2.4
name: CP_MGMT Host 3
state: present
auto_publish_session: true

- name: Create host object
cp_mgmt_host:
color: dark green
ipv4_address: 192.0.2.5
name: CP_MGMT Host 5
state: present
auto_publish_session: true

- name: add-access-rule
cp_mgmt_access_rule:
layer: Network

policy_package: test
name: mgmt rule
position: "1"
action: Accept
source: any
destination: CP_MGMT Host 5
service:
- https
- http
state: present

- name: add-access-rule
cp_mgmt_access_rule:
layer: Network
policy_package: test
name: Rule 1
position: "2"
action: Accept
source: CP_MGMT Host 1
destination: CP_MGMT Host 2
service:
- https
- http
state: present

- name: publish
cp_publish:

- name: install-policy
cp_mgmt_install_policy:
access: true
policy_package: test
targets:
- cp-gw
threat_prevention: true

Regards

Abhishek

Re: Access rule creation issue using Ansible.

PhoneBoy — Fri, 26 Jun 2020 19:59:56 GMT

A policy package can contain one or more policy layers.
A layer can exist in one or more policy packages.
You must specify the layer you wish for the rule to be added to (by name or uid), not the policy package.

Re: Access rule creation issue using Ansible.

Abhishek_Kumar1 — Sat, 27 Jun 2020 08:15:06 GMT

Thanks for your reply

Layer is already defined in my playbook

layer:network

but i want to create a rule in specific policy package. how i can add policy package module in my playbook.

Re: Access rule creation issue using Ansible.

PhoneBoy — Sun, 28 Jun 2020 00:02:48 GMT

Rules cannot exist in a policy package outside of a layer.
If you want a rule in a policy package, it must be added to layer in the policy package.

What you are doing is adding a rule to the layer called Network.
This layer is included in the default Standard policy package.
The layer you are seeing in SmartConsole associated with your policy package might say "Network" but that's not it's name at the API level.
It's most likely "MyPolicyPackage Network" but you'd have to use either the show access-layers API or find the screen in SmartConsole that lists all the layers to confirm the correct name.

Re: Access rule creation issue using Ansible.

Abhishek_Kumar1 — Mon, 29 Jun 2020 09:33:08 GMT

Thanks for your help and support.

It's working now, i can create a policy as per desire policy package.

Again thanks for your help and support.

Regards

Abhishek