This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
boneyard
Contributor
‎2024-04-05 08:01 AM
Jump to solution

Creating a new firewall policy with Ansible

I have seen it asked before but haven't found a clear answer.

Currently im managing a firewall policy via Ansible. When I need to make big changes I just delete all rules and sections and load the new ones.

I would like to load the new rules in a different policy and then eventually install that policy. Afterwards perhaps deleting the old policy and use that process for future changes,

But it seems the Check Point Ansible modules don't do much with policies. I can do something with layers, but with the layer it is unclear to me in which policy it will be created.

Is it correct that policy creation is not done in Ansible?

0 Kudos
1 Solution

Accepted Solutions
Erik_Lagzdins
Employee Employee
Employee
‎2024-04-05 11:21 AM
Jump to solution

I believe what you are looking for is the cp_mgmt_package module to create a new policy and new Access Control layer, then use the cp_mgmt_access_rule module to add rules.

Documentation and examples for the modules can be found here: https://docs.ansible.com/ansible/devel/collections/check_point/mgmt/index.html

 

Process flow:

1. Create a brand new policy package with the cp_mgmt_package module, and add the access layer at the same time.

2. Add access rules with the cp_mgmt_access_rule or cp_mgmt_access_rules modules to the access layer in the new policy package. Both modules are designed to add/modify rules to access layer policies but have their own pros/cons depending on your situation.

3. Install the new policy over the existing policy on your gateway.

4. Delete the old unused policy package, manually or with the cp_mgmt_package module.

View solution in original post

0 Kudos
1 Reply
Erik_Lagzdins
Employee Employee
Employee
‎2024-04-05 11:21 AM
Jump to solution

I believe what you are looking for is the cp_mgmt_package module to create a new policy and new Access Control layer, then use the cp_mgmt_access_rule module to add rules.

Documentation and examples for the modules can be found here: https://docs.ansible.com/ansible/devel/collections/check_point/mgmt/index.html

 

Process flow:

1. Create a brand new policy package with the cp_mgmt_package module, and add the access layer at the same time.

2. Add access rules with the cp_mgmt_access_rule or cp_mgmt_access_rules modules to the access layer in the new policy package. Both modules are designed to add/modify rules to access layer policies but have their own pros/cons depending on your situation.

3. Install the new policy over the existing policy on your gateway.

4. Delete the old unused policy package, manually or with the cp_mgmt_package module.

0 Kudos
Upcoming Events

    CheckMates Events
    Top