Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
dirBow
Explorer
Jump to solution

Create a firewall rule within specific access section

Hi team,


I am currently developing a playbook to automate rule creation on checkpoint. But for now the rule is made at the very bottom/top of the list of rules and I want to make the rule on the specific access section. i'm using new module from ansible

here is my code:

- name: create access-rule if not present
check_point.mgmt.cp_mgmt_access_rule:
  layer: "{{ cp_layer }}"
  name: "{{ cp_access_rule_name }}"
  service:
     - "{{ cp_service_tcp_name }}"
  action: "{{ cp_access_rule_action }}"
  comments: create automatic by ansible
  source:
     - "{{ cp_access_rule_source }}"
  destination:
     - "{{ cp_access_rule_destination }}"
  enabled: true
  search_entire_rulebase: true
  track:
     type: log
  position: bottom
  state: present
  register: create_access_rule
ignore_errors: true

 

Is there any insight i can achieve to create rule on specific access section?

 
thanks in advance
regards
0 Kudos
1 Solution

Accepted Solutions
Erik_Lagzdins
Employee Employee
Employee

If you want to add a new access rule under a specific section title, you need to use the 'relative_position' parameter.

Here is an example if you want to create a rule at the top of the section named "Automated Rules".

    - name: "Demo - Add Standard Access Rule at top of section title"
      check_point.mgmt.cp_mgmt_access_rule:
        layer: "Access Rules Network"
        name: Test_Rule1
        state: present
        relative_position:
          top: "Automated Rules"
        service: SMTP
        source: Any
        action: Accept
        auto_publish_session: true

  

 

View solution in original post

2 Replies
Erik_Lagzdins
Employee Employee
Employee

If you want to add a new access rule under a specific section title, you need to use the 'relative_position' parameter.

Here is an example if you want to create a rule at the top of the section named "Automated Rules".

    - name: "Demo - Add Standard Access Rule at top of section title"
      check_point.mgmt.cp_mgmt_access_rule:
        layer: "Access Rules Network"
        name: Test_Rule1
        state: present
        relative_position:
          top: "Automated Rules"
        service: SMTP
        source: Any
        action: Accept
        auto_publish_session: true

  

 

dirBow
Explorer

hi erik,

sorry for the late reply.

i have tested relative_position and it works. thanks for your help

Upcoming Events

    CheckMates Events