Timeout while installing policy using Ansible

Govind135438 — Fri, 17 Apr 2026 11:00:59 GMT

Problem: Unable to execute Ansible task for installing security policy. Getting timeout.

The below code works until publish and I can see the policy in the SmartConsole. However the last step for installing the policy on the gateways is failing.

The code is tested using a VM running CheckPoint R82 with both mgmt and gateway running with trial license.

- name: Create Security Play hosts: check_point_mgmt connection: httpapi gather_facts: no vars: ansible_httpapi_use_ssl: true ansible_httpapi_validate_certs: false ansible_command_timeout: 180 tasks: - name: Check Point vars ansible.builtin.include_vars: file: global_vars/check_point_vars.yml # 1) Create a section for this zone (near the top of the layer) - name: Ensure policy section exists for the zone check_point.mgmt.cp_mgmt_access_section: layer: "{{ g_access_layer | default('Network') }}" name: "{{ pb_security_zone_name }} Section" position: top state: present wait_for_task: true wait_for_task_timeout: "{{ g_wait_for_task_timeout | default(600) }}" register: reg_zone_section # 2) Add a default deny-all rule at the TOP of that section - name: Add default deny-all rule in the zone section check_point.mgmt.cp_mgmt_access_rule: layer: "{{ g_access_layer | default('Network') }}" name: "Deny All - {{ pb_security_zone_name }}" action: "Drop" source: ["Any"] destination: ["Any"] service: ["Any"] track: type: "Log" # <-- dict, not a string enabled: true # Place the rule INSIDE the section, at the top: relative_position: top: "{{ pb_security_zone_name }} Section" search_entire_rulebase: true state: present wait_for_task: true wait_for_task_timeout: "{{ g_wait_for_task_timeout | default(600) }}" register: reg_zone_deny_rule # 3) Publish - name: Publish policy changes check_point.mgmt.cp_mgmt_publish: wait_for_task: true wait_for_task_timeout: "{{ g_wait_for_task_timeout | default(600) }}" # 4) Install policy on the target gateway - name: Install policy on gateway check_point.mgmt.cp_mgmt_install_policy: policy_package: "{{ g_policy_package | default('standard') }}" targets: - "{{ g_site_gateway_mapping[pb_site] }}" wait_for_task: true wait_for_task_timeout: "{{ g_wait_for_task_timeout | default(60) }}"

Error:

An exception occurred during task execution. To see the full traceback, use -vvv. The error was: TypeError: string indices must be integers fatal: [10.25.58.51]: FAILED! => {"changed": false, "module_stderr": "Traceback (most recent call last):\n File \"/home/avireddi/.ansible/tmp/ansible-local-9305292rr7xdd/ansible-tmp-1776420120.9631252-93492-187597626660727/AnsiballZ_cp_mgmt_install_policy.py\", line 107, in <module>\n _ansiballz_main()\n File \"/home/avireddi/.ansible/tmp/ansible-local-9305292rr7xdd/ansible-tmp-1776420120.9631252-93492-187597626660727/AnsiballZ_cp_mgmt_install_policy.py\", line 99, in _ansiballz_main\n invoke_module(zipped_mod, temp_path, ANSIBALLZ_PARAMS)\n File \"/home/avireddi/.ansible/tmp/ansible-local-9305292rr7xdd/ansible-tmp-1776420120.9631252-93492-187597626660727/AnsiballZ_cp_mgmt_install_policy.py\", line 47, in invoke_module\n runpy.run_module(mod_name='ansible_collections.check_point.mgmt.plugins.modules.cp_mgmt_install_policy', init_globals=dict(_module_fqn='ansible_collections.check_point.mgmt.plugins.modules.cp_mgmt_install_policy', _modlib_path=modlib_path),\n File \"/usr/lib/python3.10/runpy.py\", line 224, in run_module\n return _run_module_code(code, init_globals, run_name, mod_spec)\n File \"/usr/lib/python3.10/runpy.py\", line 96, in _run_module_code\n _run_code(code, mod_globals, init_globals,\n File \"/usr/lib/python3.10/runpy.py\", line 86, in _run_code\n exec(code, run_globals)\n File \"/tmp/ansible_check_point.mgmt.cp_mgmt_install_policy_payload_m5l067ne/ansible_check_point.mgmt.cp_mgmt_install_policy_payload.zip/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_install_policy.py\", line 138, in <module>\n File \"/tmp/ansible_check_point.mgmt.cp_mgmt_install_policy_payload_m5l067ne/ansible_check_point.mgmt.cp_mgmt_install_policy_payload.zip/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_install_policy.py\", line 133, in main\n File \"/tmp/ansible_check_point.mgmt.cp_mgmt_install_policy_payload_m5l067ne/ansible_check_point.mgmt.cp_mgmt_install_policy_payload.zip/ansible_collections/check_point/mgmt/plugins/module_utils/checkpoint.py\", line 551, in api_command\n File \"/tmp/ansible_check_point.mgmt.cp_mgmt_install_policy_payload_m5l067ne/ansible_check_point.mgmt.cp_mgmt_install_policy_payload.zip/ansible_collections/check_point/mgmt/plugins/module_utils/checkpoint.py\", line 353, in wait_for_task\nTypeError: string indices must be integers\n", "module_stdout": "", "msg": "MODULE FAILURE\nSee stdout/stderr for the exact error", "rc": 1}

Please help.

Re: Timeout while installing policy using Ansible

Vincent_Bacher — Fri, 17 Apr 2026 11:09:50 GMT

This error

TypeError: string indices must be integers

shows that ansible / script receives a string but expects an integer. So it's not an issue of the Check Point device.

Not familiar with ansible as i usually do own python scripts to access the API.
Maybe there es a debug option in ansible to show the raw json response when performing the steps?
Maybe you doulc set wait_for_response to false.

Re: Timeout while installing policy using Ansible

Govind135438 — Fri, 17 Apr 2026 12:31:39 GMT

Thank you for your reply.

We found the issue caused by the policy we were trying to create. The example code was dropping connections from "Any" to "Any" which caused blocking of SSH and HTTPS connectivity to checkpoint server.

We fixed the issue by changing the source to the new security zone we created.

topic Re: Timeout while installing policy using Ansible in Ansible

Timeout while installing policy using Ansible

Re: Timeout while installing policy using Ansible

Re: Timeout while installing policy using Ansible