Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Uri_Bialik

Automate your R80 Management Server using Ansible

Overview

Ansible (www.ansible.com) is a popular automation tool.

The Check Point Management Ansible module brings the ability to automate Check Point R80 management tasks (e.g. adding objects, manipulate the rulebase, push policy) into the Ansible automation platform.

Description

Provide Ansible "playbooks" with simple access to all available Check Point R80 Management APIs.

The ansible module is written in Python and its source code is available - you're welcome to review code, suggest enhancements or modify it.

Instructions

Refer to our GitHub repo (the link below) for detailed instructions.

Tested on version

R80.10, API version 1.1

Source Code Availability

The source code is now public on GitHub repository:

https://github.com/CheckPoint-APIs-Team/cpAnsible

NOTICE: By using this sample code you agree to terms and conditions in this Terms and Conditions

...

34 Replies
Robert_Decker
Advisor

python 2.7.9 is required due to SSL issues.

Robert.

0 Kudos
Derek_Gottwalt
Participant

Our team is new to Ansible and to R80.10.  I was just appointed to be our Automation Lead.  I am looking for some guidance on what would be best best things to automate first?  I am not our primary Firewall Lead so I am looking for some Ideas of things to take to him.  I am very interested in learning all about how to use Ansible to automate as much of our day to day processes as possible but an looking for Ideas for a good starting point.  We also use Zscaler for proxy, splunk, Solarwinds for monitoring and alerting, and Service Now for ticketing.  We are wanting to integrate as many of these tools together and I believe Ansible as well as Checkpoint Rest API's is the way I would like to be able to accomplish this.  I welcome all ideas.

Thank You

Derek Gottwalt

0 Kudos
Robert_Decker
Advisor

Hi Derek,

Please take a look at this post containing video, slides, scripts. Very useful - 

https://community.checkpoint.com/thread/5478-leveraging-the-r8010-api-to-automate-and-streamline-sec...

Robert.

Martin_Raska
Advisor
Advisor

Guys has anyone encountered this issue?

root@kali-linux:/home# ansible-playbook demo-playbook.yml

PLAY [127.0.0.1] **************************************************************************************************************************************************************************

TASK [Gathering Facts] ********************************************************************************************************************************************************************
ok: [127.0.0.1]

TASK [login] ******************************************************************************************************************************************************************************
fatal: [127.0.0.1]: FAILED! => {"changed": false, "msg": "Login failed: No JSON object could be decoded"}
to retry, use: --limit @/home/demo-playbook.retry

PLAY RECAP ********************************************************************************************************************************************************************************
127.0.0.1 : ok=1 changed=0 unreachable=0 failed=1

0 Kudos
Martin_Raska
Advisor
Advisor

Its fixed now. The problem was with defining host as GUI client.

0 Kudos
Upcoming Events

    CheckMates Events