This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
ABOUT CHECKMATES & FAQ
Create a Post
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Help

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
User1234
Contributor
‎2022-01-12 09:19 AM

Unrecognized parameter access-layers

Hi!

When executing an Ansible task for check_point.mgmt.cp_mgmt_package with

 

- name: set policy/package
      check_point.mgmt.cp_mgmt_package:
        name: default-policy
        access: true
        access_layers:
          add:
            - name: default-layer
              position: 1

 

it exits with an error

 

FAILED! => {"changed": false, "msg": "Checkpoint device returned error 400 with message {u'message': u'Unrecognized parameter [access-layers]', u'code': u'generic_err_invalid_parameter_name'} Unpublished changes were discarded"

 

Am I doing something wrong? I think the ansible task is used correctly. (Any other CP-related tasks are working fine.)
I recognise that the task uses 'access_layers' with an underscore while the error message contains 'access-layers' with a minus. The ansible documentation and examples use the underscore while the corresponding mgmt-api uses the minus. Is this a bug/typo?

0 Kudos
8 Replies
the_rock
Champion
Champion
‎2022-01-12 12:26 PM

Good question...it could be a typo or a bug, or both actually. That was the first thing I noticed when looking at the output. Lets see if someone else can confirm.

0 Kudos
Art_Zalenekas
Employee
Employee
‎2022-01-12 09:00 PM

It does work for me. I just added a Shared Layer into position #2. With remove parameter you can take the non-default layers out.

- name: set policy/package
  check_point.mgmt.cp_mgmt_package:
    name: Home
    access: true
    access_layers:
      add:
        - name: ApplCtrl
          position: 2

 

Kind regards,
Art

0 Kudos
User1234
Contributor
‎2022-01-12 11:30 PM
In response to Art_Zalenekas

I am also not able to add a shared layer into position 2, same error. I am using the latest version 2.2.0.
So, actually, I want to add a new policy with a new access layer and only have this access layer in the policy. I am grateful for any guidance.

0 Kudos
Art_Zalenekas
Employee
Employee
‎2022-01-13 08:27 AM
In response to User1234

Once you create a new policy, it also creates the default policy in the format "<Policy Name> Network". This layer cannot be removed, but you can add another layer above the default policy.

What version is your management server and are you using MDS environment? I ran Ansible (2.2.0) and mgmt_cli call against R81.10 T22 SMS.

0 Kudos
User1234
Contributor
‎2022-01-13 08:31 AM
In response to Art_Zalenekas

Alright.

It is a fresh installed R81.10 T22 without MDS. Ansible version 2.2.0

0 Kudos
Art_Zalenekas
Employee
Employee
‎2022-01-13 08:56 AM
In response to User1234

OK, so you run exactly the same environment. Try what I said in my statement above.

0 Kudos
User1234
Contributor
‎2022-01-14 01:11 AM
In response to Art_Zalenekas

I am afraid it does not work.

I tried to create the access-layer before and after policy creation and insert it to position 0,1,2,3. Still the same error message.

To be honest, I don't think the server even parses the name and position parameters as it raises an exception at the parameter access-layer which is one level on top.

0 Kudos
Art_Zalenekas
Employee
Employee
‎2022-01-18 10:03 PM
In response to User1234

It should work. Your positioning cannot be 0. It starts at 1. Also, you cannot move the default layer, but custom.

Try adding new policy, add some layers, move them out and through API add them again. It worked for me.

0 Kudos