im trying to build a ansible playbook to create a new rule with new network,new tcp-serivces ports 3030 and 3131 443 to existing default policy to a specific destination network group.
---
- hosts: "localhost"
tasks:
- name: "login"
check_point_mgmt:
command: login
parameters:
username: "{{mgmt_user}}"
password: "{{mgmt_password}}"
management: "{{mgmt_server}}"
fingerprint: "E2:B7:XX:XX:XX:XX:XXXX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:1B:XX"
register: login_response
- name: "ADD-DEMO-NET-GROUP"
check_point_mgmt:
command: add-group
parameters:
name: "DEMO-NETS"
session-data: "{{login_response}}"
- name: "ADD-DEMOT-NET-103.119.75.0"
check_point_mgmt:
command: add-network
parameters:
name: "DEMO-TEST"
subnet: "103.119.75.0"
subnet-mask: "255.255.255.0"
groups: "DEMO-NETS"
session-data: "{{login_response}}
- name: "add access section new rules"
check_point_mgmt:
command: add-access-section
parameters:
layer: "Network"
name: "Newrules"
position: "top"
session-data: "{{login_response}}"
- name: "add access rule from DEMO-TEST networks to any"
check_point_mgmt:
command: add-access-rule
parameters:
layer: "Network"
name: "created by ansible playbook"
position:
top: "Newrules"
source:
- "DEMO-NETS"
destination:
- "any"
service:
- "any"
action: "accept"
track: "log"
session-data: "{{login_response}}"
- name: "publish"
check_point_mgmt:
command: publish
session-data: "{{login_response}}"
- name: "logout"
check_point_mgmt:
command: logout
session-data: "{{login_response}}"