This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Aathi
Contributor
‎2019-04-11 06:40 AM
Jump to solution

Enable the access rule to correct-policy package

Hi Team,

 

 i am adding the rulebase via ansible  and having 2 policy package like "standard and Test_APP" policy package.whatever rule in publishing its going to standard only not going to APP policy  package.is there any way to publish the rule to APP policy package.

Please find the below script:

 

- name: "create rule at the top of a section called 'script rules'"
check_point_mgmt:
command: add-access-rule
parameters:
layer: "network"
name: "created by me"
position:
top: "web"
source:
- "host2"
destination:
- "host3"
service:
- "tcp_77"
action: "accept"
session-data: "{{login_response}}"

- name: "publish"
check_point_mgmt:
command: publish
session-data: "{{login_response}}"

- name: "install policy"
check_point_mgmt:
command: install-policy
parameters:
policy-package: "Test_APP"
session-data: "{{login_response}}"

rule is publishing on standard policy package.but policy is installing on Test_APP  targeted gateway. i need help on publishing the policy on correct policy package.

 

Regards

Aathi

 

1 Solution

Accepted Solutions
PhoneBoy
Admin
Admin
‎2019-04-11 06:39 PM
Jump to solution

When you add a rule, it must be added to the correct policy layer.
You can only install a policy package to a gateway, which contains one or more layers.
Can you verify your rule is being added to the correct layer?

View solution in original post

3 Replies
masher
Employee
Employee
‎2019-04-11 07:16 AM
Jump to solution

I don't know enough about ansible, but when using the mgmt_cli tool I have to reference the policy name as well as the layer in order for the rule to be accepted.

If you change your playbook from:

check_point_mgmt:
command: add-access-rule
parameters:
layer: "network"
name: "created by me"
....

To:

check_point_mgmt:
command: add-access-rule
parameters:
layer: "Test_APP Network"
name: "created by me"
position:

 

Does it put the access rule in the proper policy package and layer?

 

 

Aathi
Contributor
‎2019-04-11 08:03 PM
In response to masher
Jump to solution

Thanks Team for your excellent support and guidance.

Now i m able to publish the policy in correct policy package.

Regards

Aathi

PhoneBoy
Admin
Admin
‎2019-04-11 06:39 PM
Jump to solution

When you add a rule, it must be added to the correct policy layer.
You can only install a policy package to a gateway, which contains one or more layers.
Can you verify your rule is being added to the correct layer?
Upcoming Events

    Sort by:
    CheckMates Events