Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Aathi
Contributor
Jump to solution

Enable the access rule to correct-policy package

Hi Team,

 

 i am adding the rulebase via ansible  and having 2 policy package like "standard and Test_APP" policy package.whatever rule in publishing its going to standard only not going to APP policy  package.is there any way to publish the rule to APP policy package.

Please find the below script:

 

- name: "create rule at the top of a section called 'script rules'"
check_point_mgmt:
command: add-access-rule
parameters:
layer: "network"
name: "created by me"
position:
top: "web"
source:
- "host2"
destination:
- "host3"
service:
- "tcp_77"
action: "accept"
session-data: "{{login_response}}"

- name: "publish"
check_point_mgmt:
command: publish
session-data: "{{login_response}}"

- name: "install policy"
check_point_mgmt:
command: install-policy
parameters:
policy-package: "Test_APP"
session-data: "{{login_response}}"

rule is publishing on standard policy package.but policy is installing on Test_APP  targeted gateway. i need help on publishing the policy on correct policy package.

 

Regards

Aathi

 

1 Solution

Accepted Solutions
PhoneBoy
Admin
Admin
When you add a rule, it must be added to the correct policy layer.
You can only install a policy package to a gateway, which contains one or more layers.
Can you verify your rule is being added to the correct layer?

View solution in original post

3 Replies
masher
Employee
Employee

I don't know enough about ansible, but when using the mgmt_cli tool I have to reference the policy name as well as the layer in order for the rule to be accepted.

If you change your playbook from:

check_point_mgmt:
command: add-access-rule
parameters:
layer: "network"
name: "created by me"
....

To:

check_point_mgmt:
command: add-access-rule
parameters:
layer: "Test_APP Network"
name: "created by me"
position:

 

Does it put the access rule in the proper policy package and layer?

 

 

Aathi
Contributor

Thanks Team for your excellent support and guidance.

Now i m able to publish the policy in correct policy package.

Regards

Aathi

PhoneBoy
Admin
Admin
When you add a rule, it must be added to the correct policy layer.
You can only install a policy package to a gateway, which contains one or more layers.
Can you verify your rule is being added to the correct layer?

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events