cancel
Showing results for 
Search instead for 
Did you mean: 
Create a Post
Highlighted

R80.40 Automation and Orchestration (Ansible/Terraform and more)

This video is about R80.40 Automation and Orchestration

Learn how to use Ansible and Terraform Check Point modules.

How to work with Bulk Operations

And how to use the new package deployment operation.

Demo files can be found here

Check Point Management API documentation can be found here

Check Point Terraform Provider documentation can be found here

Check Point Ansible documentation can be found  here

 

 

 

10 Replies
Highlighted
Iron

Re: R80.40 Automation and Orchestration (Ansible/Terraform and more)

thx, this is realy helpful.

Do you maybe know how to use Terraform with a Multi Domain Manager ?

https://community.checkpoint.com/t5/API-CLI-Discussion-and-Samples/Check-Point-provider-on-Terraform...

 

 

0 Kudos
Highlighted

Re: R80.40 Automation and Orchestration (Ansible/Terraform and more)

Nice demo 🙂 I've been looking forward to see the direction you'd be taking with Terraform. One question - how do you handle policy verification / overlaps in the rulebase? 

0 Kudos
Highlighted

Re: R80.40 Automation and Orchestration (Ansible/Terraform and more)

Same question here, how does it handle duplicate rules/rule placements
0 Kudos
Highlighted
Employee
Employee

Re: R80.40 Automation and Orchestration (Ansible/Terraform and more)

Hi @Ivan_Eriksen and @Magnus-Holmberg ,

Thanks for your questions.

You can see my answer to @Marcel_M about MDS.

Regarding rule verification - we will support in this command very soon.  (https://sc1.checkpoint.com/documents/latest/APIs/index.html#web/verify-policy~v1.6%20)

 

Please let me know if you have any other questions

 

Have a great day,

Ido.

0 Kudos
Highlighted

Re: R80.40 Automation and Orchestration (Ansible/Terraform and more)

Hi Ido,
Thanks for the update - and great to hear, that you're working policy verification. However, I'm not really sure, if your answer means that the Terraform provider will handle verification?
0 Kudos
Highlighted
Employee
Employee

Re: R80.40 Automation and Orchestration (Ansible/Terraform and more)

If you will decide to - once we will support in this command - you will be able to do so.

0 Kudos
Highlighted

Re: R80.40 Automation and Orchestration (Ansible/Terraform and more)

Let me clarify - if you want to use Terraform in an existing policy you'd need to handle policy verification / overlaps, otherwise you'd end up with a policy that fails on installation. So, given that policy verification is enabled pr default and generally adviced to be "on", the terraform provider would need to do some pretty advanced policy checks to ensure, that the resulting policy is valid. That's what I meant when asking, if the provide will "handle verification".

(Policy verification is not necessarily a great tool in an automated scenario in my mind).
0 Kudos
Highlighted
Employee
Employee

Re: R80.40 Automation and Orchestration (Ansible/Terraform and more)

Hi @Marcel_M ,

As I was answered in: 

https://community.checkpoint.com/t5/API-CLI-Discussion-and-Samples/Check-Point-provider-on-Terraform...

You must set environment variables to be able to use post apply/destroy commands.

And regarding MDS (Multi-Domain Security Management) - we will support it very soon. I will update the website and here once we do.

Have a great day!

Ido

Highlighted

Re: R80.40 Automation and Orchestration (Ansible/Terraform and more)

In the api 1.6 i do see that clusters has been added.

but it looks like VSX specific things are missing.

whats the status for API regarding VSX specific things like adding routing?

0 Kudos
Highlighted
Employee
Employee

Re: R80.40 Automation and Orchestration (Ansible/Terraform and more)

VSX commands are planned to be added in future releases.

0 Kudos