Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Vikas_Kakkar
Explorer

Ansible Playbook/Postman API queries of Rulebase prints Hex Format instead of ip addr/port/app/site

Hi Folks,

Need your help with couple of queries.

1. I am trying to print the rulebase (with/without filters) through Ansible playbook (access_rule_facts module of checkpoint collection), but, it prints the result in Hex format (not readable), not the way how it populates the value in smart console rules. How can I print it in normal ip addr/port number/application/site format? tried doing it through postman and result was same. Postman Output:

            "rule-number"1,
            "track": {
                "type""78566494-7e96-4513-ada9-ded83f4ee9ea",
                "per-session"true,
                "per-connection"false,
                "accounting"false,
                "enable-firewall-session"false,
                "alert""none"
            },
            "source": [
                "1f315bb4-9874-42a3-bcfd-5f7ced870804"
            ],
            "source-negate"false,
            "destination": [
                "f99b1488-7510-11e2-8668-87656188709b"
            ],
            "destination-negate"false,
            "service": [
                "b290c409-da67-4bb0-9a46-6e104953f149"
            ],
 
Ansible Playbook: 
        
---
- name: AccessRules_Information_playbook
hosts: check_point
connection: httpapi
gather_facts: false
vars:
ansible_checkpoint_domain: "My DMS Name"
tasks:
- name: Show URL Filtering Policy
check_point.mgmt.cp_mgmt_access_rule_facts:
details_level: standard
limit: 10
offset: 0
name: FW_Policy Application
use_object_dictionary: true
register: result
ignore_errors: True
- name: Rules information
debug:
msg: "{{ result.ansible_facts['access-rulebase'] }}"
 

=============

2. Is it possible to filter the output by source, destination, port and action? I assume if we choose to filter, then we need loop to print the same for all the rules. Is it possible within Ansible Playbook?

Any help here would be appreciated.

 

0 Kudos
1 Reply
PhoneBoy
Admin
Admin

You might try the regular REST API for the second question: https://sc1.checkpoint.com/documents/latest/APIs/index.html#cli/show-access-rulebase~v1.8%20
Possible this is also doable with Ansible

For the first question, you might need to use use_object_dictionary: false to get results that aren’t uuids.

0 Kudos