Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
amdan_bin_abdul
Explorer

how to create access rule ansible

im trying to build a ansible playbook to create a new rule with new network,new tcp-serivces ports 3030 and 3131 443 to existing default policy to a specific destination network group. 

---
- hosts: "localhost"
tasks:
- name: "login"
check_point_mgmt:
command: login
parameters:
username: "{{mgmt_user}}"
password: "{{mgmt_password}}"
management: "{{mgmt_server}}"
fingerprint: "E2:B7:XX:XX:XX:XX:XXXX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:1B:XX"
register: login_response

- name: "ADD-DEMO-NET-GROUP"
check_point_mgmt:
command: add-group
parameters:
name: "DEMO-NETS"
session-data: "{{login_response}}"

- name: "ADD-DEMOT-NET-103.119.75.0"
check_point_mgmt:
command: add-network
parameters:
name: "DEMO-TEST"
subnet: "103.119.75.0"
subnet-mask: "255.255.255.0"
groups: "DEMO-NETS"
session-data: "{{login_response}}

- name: "add access section new rules"
check_point_mgmt:
command: add-access-section
parameters:
layer: "Network"
name: "Newrules"
position: "top"
session-data: "{{login_response}}"

- name: "add access rule from DEMO-TEST networks to any"
check_point_mgmt:
command: add-access-rule
parameters:
layer: "Network"
name: "created by ansible playbook"
position:
top: "Newrules"
source:
- "DEMO-NETS"
destination:
- "any"
service:
- "any"
action: "accept"
track: "log"
session-data: "{{login_response}}"

- name: "publish"
check_point_mgmt:
command: publish
session-data: "{{login_response}}"

- name: "logout"
check_point_mgmt:
command: logout
session-data: "{{login_response}}"

1 Reply
PhoneBoy
Admin
Admin

At a high level you would have to create the relevant TCP services 3030 and 3031.

There is already a service for port 443 called https.

Either add said services directly to the rule or create a group of services and add that group.

Basic API documentation: Check Point - Management API reference 

0 Kudos
Upcoming Events

    CheckMates Events