topic Re: Create a firewall rule within specific access section in Ansible

Create a firewall rule within specific access section

dirBow — Tue, 11 Jun 2024 04:12:36 GMT

Hi team,

I am currently developing a playbook to automate rule creation on checkpoint. But for now the rule is made at the very bottom/top of the list of rules and I want to make the rule on the specific access section. i'm using new module from ansible

here is my code:

- name: create access-rule if not present
check_point.mgmt.cp_mgmt_access_rule:
layer: "{{ cp_layer }}"
name: "{{ cp_access_rule_name }}"
service:
     - "{{ cp_service_tcp_name }}"
action: "{{ cp_access_rule_action }}"
comments: create automatic by ansible
source:
     - "{{ cp_access_rule_source }}"
destination:
     - "{{ cp_access_rule_destination }}"
enabled: true
search_entire_rulebase: true
track:
     type: log
position: bottom
state: present
register: create_access_rule
ignore_errors: true

Is there any insight i can achieve to create rule on specific access section?

thanks in advance

regards

Re: Create a firewall rule within specific access section

Erik_Lagzdins — Tue, 11 Jun 2024 17:49:56 GMT

If you want to add a new access rule under a specific section title, you need to use the 'relative_position' parameter.

Here is an example if you want to create a rule at the top of the section named "Automated Rules".

- name: "Demo - Add Standard Access Rule at top of section title" check_point.mgmt.cp_mgmt_access_rule: layer: "Access Rules Network" name: Test_Rule1 state: present relative_position: top: "Automated Rules" service: SMTP source: Any action: Accept auto_publish_session: true

Re: Create a firewall rule within specific access section

dirBow — Sun, 16 Jun 2024 19:19:24 GMT

hi erik,

sorry for the late reply.

i have tested relative_position and it works. thanks for your help