This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
NUNO_C
Participant
‎2021-03-31 06:15 PM

Ansible rules and sections

Hi all,

I know and how to create sections  through ansible, but my doubt at moment is how to assign rules to sections?

An old version of checkpoint ansible modules it was possible but not now. Can someone give a example how to now?

 

Cheers,

Nuno

0 Kudos
3 Replies
AlekseiShelepov
Advisor
‎2021-04-01 05:02 AM

You should use position parameter. For example, using Web-API:

 

  - name: Add rule - Admin access
    uri:
      url: "https://{{ inventory_hostname }}:443/web_api/add-access-rule"
      method: POST
      body_format: json
      validate_certs: no
      headers:
        x-chkp-sid: "{{ cp_mgmt_session.json.sid }}"
      body: '{ "layer": "{{ cp_mgmt_policy }} Network", "position": { "bottom": "Administration and monitoring" }, "name": "Admin access", "service":[ "SSH", "HTTPS" ], "source": "grp_Admins", "action": "Accept", "track": "Log", "custom-fields": { "field-1": "Ansible automation {{ date }}"} }'

 

"position": { "bottom": "Administration and monitoring" }
Administration and monitoring is the name of the section in this case.
0 Kudos
NUNO_C
Participant
‎2021-04-06 03:33 AM
In response to AlekseiShelepov

Hi Aleksei,

Thanks for reply, I know it is possible to make those changes via api, but the purpose of my post is to do it via ansible/checkpoint modules. Not to mention this would require 2 extra tasks on ansible to achieve this result (login and logout).

Kind regards,

N

0 Kudos
AlekseiShelepov
Advisor
‎2021-04-06 04:09 AM
In response to NUNO_C

Well, you don't have to use URI module. I'm doing it with Ansible but without CheckPoint modules. I believe CheckPoint modules use the same Web-API calls inside so the parameter position should be there too. It has the parameter in the documentation:

https://docs.ansible.com/ansible/latest/collections/check_point/mgmt/checkpoint_access_rule_module.h...

And the cp_mgmt_access_rule module in https://github.com/CheckPointSW/CheckPointAnsibleMgmtCollection includes it too.

 

I decided not to use any of Check Point modules, as they had a bit confusing situation with namings within documents and were not updated for some time.

 

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    CheckMates Events
    li.common.scroll-to.top