This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
ABOUT CHECKMATES & FAQ
Create a Post
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Help
Abhishek_Kumar1
Collaborator
‎2020-06-26 12:09 PM

Access rule creation issue using Ansible.

Jump to solution

Hi All

I have multiple policy package in my management server.

I am creating a rule using ansible, I want to create a rule in perticular policy package.

But when i am running my playbook, rule is automatic creating in standard policy package.

Even if I use policy installation module, i can install a policy as per my requirement.

================   ==================Error====================================================

"msg": "Unsupported parameters for (cp_mgmt_access_rule) module: policy_package Supported parameters include: action, action_settings, auto_publish_session, comments, content, content_direction, content_negate, custom_fields, destination, destination_negate, details_level, enabled, ignore_errors, ignore_warnings, inline_layer, install_on, layer, name, position, service, service_negate, source, source_negate, state, time, track, user_check, version, vpn, wait_for_task"

==============================================================================================

I am pasting my module below for your reference

========================================

---
- hosts: check_point
connection: httpapi
tasks:
- name: Create host object
cp_mgmt_host:
color: blue
ipv4_address: 192.0.2.2
name: CP_MGMT Host 1
state: present
auto_publish_session: true

- name: Create host object
cp_mgmt_host:
color: red
ipv4_address: 192.0.2.3
name: CP_MGMT Host 2
state: present
auto_publish_session: true

- name: Create host object
cp_mgmt_host:
color: dark green
ipv4_address: 192.0.2.4
name: CP_MGMT Host 3
state: present
auto_publish_session: true

- name: Create host object
cp_mgmt_host:
color: dark green
ipv4_address: 192.0.2.5
name: CP_MGMT Host 5
state: present
auto_publish_session: true

- name: add-access-rule
cp_mgmt_access_rule:
layer: Network

policy_package: test
name: mgmt rule
position: "1"
action: Accept
source: any
destination: CP_MGMT Host 5
service:
- https
- http
state: present


- name: add-access-rule
cp_mgmt_access_rule:
layer: Network
policy_package: test
name: Rule 1
position: "2"
action: Accept
source: CP_MGMT Host 1
destination: CP_MGMT Host 2
service:
- https
- http
state: present

- name: publish
cp_publish:

- name: install-policy
cp_mgmt_install_policy:
access: true
policy_package: test
targets:
- cp-gw
threat_prevention: true

 

 

Regards

Abhishek

0 Kudos
3 Solutions

Accepted Solutions
Abhishek_Kumar1
Collaborator
‎2020-06-27 01:15 AM
In response to PhoneBoy

Jump to solution

Thanks for your reply 

Layer is already defined in my playbook 

layer:network 

but i want to create a rule in specific policy package. how i can add policy package module in my playbook.

 

 

View solution in original post

0 Kudos
PhoneBoy
Admin
Admin
‎2020-06-27 05:02 PM
In response to Abhishek_Kumar1

Jump to solution
Rules cannot exist in a policy package outside of a layer.
If you want a rule in a policy package, it must be added to layer in the policy package.

What you are doing is adding a rule to the layer called Network.
This layer is included in the default Standard policy package.
The layer you are seeing in SmartConsole associated with your policy package might say "Network" but that's not it's name at the API level.
It's most likely "MyPolicyPackage Network" but you'd have to use either the show access-layers API or find the screen in SmartConsole that lists all the layers to confirm the correct name.

View solution in original post

0 Kudos
Abhishek_Kumar1
Collaborator
‎2020-06-29 02:33 AM
In response to PhoneBoy

Jump to solution

Thanks for your help and support.

It's working now, i can create a policy as per desire policy package.

Again thanks for your help and support.

 

Regards

Abhishek

View solution in original post

0 Kudos
4 Replies
PhoneBoy
Admin
Admin
‎2020-06-26 12:59 PM

Jump to solution
A policy package can contain one or more policy layers.
A layer can exist in one or more policy packages.
You must specify the layer you wish for the rule to be added to (by name or uid), not the policy package.
0 Kudos
Abhishek_Kumar1
Collaborator
‎2020-06-27 01:15 AM
In response to PhoneBoy

Jump to solution

Thanks for your reply 

Layer is already defined in my playbook 

layer:network 

but i want to create a rule in specific policy package. how i can add policy package module in my playbook.

 

 

0 Kudos
PhoneBoy
Admin
Admin
‎2020-06-27 05:02 PM
In response to Abhishek_Kumar1

Jump to solution
Rules cannot exist in a policy package outside of a layer.
If you want a rule in a policy package, it must be added to layer in the policy package.

What you are doing is adding a rule to the layer called Network.
This layer is included in the default Standard policy package.
The layer you are seeing in SmartConsole associated with your policy package might say "Network" but that's not it's name at the API level.
It's most likely "MyPolicyPackage Network" but you'd have to use either the show access-layers API or find the screen in SmartConsole that lists all the layers to confirm the correct name.
0 Kudos
Abhishek_Kumar1
Collaborator
‎2020-06-29 02:33 AM
In response to PhoneBoy

Jump to solution

Thanks for your help and support.

It's working now, i can create a policy as per desire policy package.

Again thanks for your help and support.

 

Regards

Abhishek

0 Kudos