cancel
Showing results for 
Search instead for 
Did you mean: 
Create a Post
Highlighted
Nickel

Enable the access rule to correct-policy package

Jump to solution

Hi Team,

 

 i am adding the rulebase via ansible  and having 2 policy package like "standard and Test_APP" policy package.whatever rule in publishing its going to standard only not going to APP policy  package.is there any way to publish the rule to APP policy package.

Please find the below script:

 

- name: "create rule at the top of a section called 'script rules'"
check_point_mgmt:
command: add-access-rule
parameters:
layer: "network"
name: "created by me"
position:
top: "web"
source:
- "host2"
destination:
- "host3"
service:
- "tcp_77"
action: "accept"
session-data: "{{login_response}}"

- name: "publish"
check_point_mgmt:
command: publish
session-data: "{{login_response}}"

- name: "install policy"
check_point_mgmt:
command: install-policy
parameters:
policy-package: "Test_APP"
session-data: "{{login_response}}"

rule is publishing on standard policy package.but policy is installing on Test_APP  targeted gateway. i need help on publishing the policy on correct policy package.

 

Regards

Aathi

 

1 Solution

Accepted Solutions
Highlighted
Admin
Admin

Re: Enable the access rule to correct-policy package

Jump to solution
When you add a rule, it must be added to the correct policy layer.
You can only install a policy package to a gateway, which contains one or more layers.
Can you verify your rule is being added to the correct layer?

View solution in original post

3 Replies
Highlighted
Employee+
Employee+

Re: Enable the access rule to correct-policy package

Jump to solution

I don't know enough about ansible, but when using the mgmt_cli tool I have to reference the policy name as well as the layer in order for the rule to be accepted.

If you change your playbook from:

check_point_mgmt:
command: add-access-rule
parameters:
layer: "network"
name: "created by me"
....

To:

check_point_mgmt:
command: add-access-rule
parameters:
layer: "Test_APP Network"
name: "created by me"
position:

 

Does it put the access rule in the proper policy package and layer?

 

 

Highlighted
Nickel

Re: Enable the access rule to correct-policy package

Jump to solution

Thanks Team for your excellent support and guidance.

Now i m able to publish the policy in correct policy package.

Regards

Aathi

Highlighted
Admin
Admin

Re: Enable the access rule to correct-policy package

Jump to solution
When you add a rule, it must be added to the correct policy layer.
You can only install a policy package to a gateway, which contains one or more layers.
Can you verify your rule is being added to the correct layer?

View solution in original post