This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
User1234
Contributor
‎2022-01-12 09:19 AM

Unrecognized parameter access-layers

Hi!

When executing an Ansible task for check_point.mgmt.cp_mgmt_package with

 

- name: set policy/package
      check_point.mgmt.cp_mgmt_package:
        name: default-policy
        access: true
        access_layers:
          add:
            - name: default-layer
              position: 1

 

it exits with an error

 

FAILED! => {"changed": false, "msg": "Checkpoint device returned error 400 with message {u'message': u'Unrecognized parameter [access-layers]', u'code': u'generic_err_invalid_parameter_name'} Unpublished changes were discarded"

 

Am I doing something wrong? I think the ansible task is used correctly. (Any other CP-related tasks are working fine.)
I recognise that the task uses 'access_layers' with an underscore while the error message contains 'access-layers' with a minus. The ansible documentation and examples use the underscore while the corresponding mgmt-api uses the minus. Is this a bug/typo?

0 Kudos
8 Replies
the_rock
Legend
Legend
‎2022-01-12 12:26 PM

Good question...it could be a typo or a bug, or both actually. That was the first thing I noticed when looking at the output. Lets see if someone else can confirm.

0 Kudos
Art_Zalenekas
Employee
Employee
‎2022-01-12 09:00 PM

It does work for me. I just added a Shared Layer into position #2. With remove parameter you can take the non-default layers out.

- name: set policy/package
  check_point.mgmt.cp_mgmt_package:
    name: Home
    access: true
    access_layers:
      add:
        - name: ApplCtrl
          position: 2

 

Kind regards,
Art

0 Kudos
User1234
Contributor
‎2022-01-12 11:30 PM
In response to Art_Zalenekas

I am also not able to add a shared layer into position 2, same error. I am using the latest version 2.2.0.
So, actually, I want to add a new policy with a new access layer and only have this access layer in the policy. I am grateful for any guidance.

0 Kudos
Art_Zalenekas
Employee
Employee
‎2022-01-13 08:27 AM
In response to User1234

Once you create a new policy, it also creates the default policy in the format "<Policy Name> Network". This layer cannot be removed, but you can add another layer above the default policy.

What version is your management server and are you using MDS environment? I ran Ansible (2.2.0) and mgmt_cli call against R81.10 T22 SMS.

0 Kudos
User1234
Contributor
‎2022-01-13 08:31 AM
In response to Art_Zalenekas

Alright.

It is a fresh installed R81.10 T22 without MDS. Ansible version 2.2.0

0 Kudos
Art_Zalenekas
Employee
Employee
‎2022-01-13 08:56 AM
In response to User1234

OK, so you run exactly the same environment. Try what I said in my statement above.

0 Kudos
User1234
Contributor
‎2022-01-14 01:11 AM
In response to Art_Zalenekas

I am afraid it does not work.

I tried to create the access-layer before and after policy creation and insert it to position 0,1,2,3. Still the same error message.

To be honest, I don't think the server even parses the name and position parameters as it raises an exception at the parameter access-layer which is one level on top.

0 Kudos
Art_Zalenekas
Employee
Employee
‎2022-01-18 10:03 PM
In response to User1234

It should work. Your positioning cannot be 0. It starts at 1. Also, you cannot move the default layer, but custom.

Try adding new policy, add some layers, move them out and through API add them again. It worked for me.

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    CheckMates Events
    Top