Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 

R80.40 Automation and Orchestration (Ansible/Terraform and more)

This video is about R80.40 Automation and Orchestration

Learn how to use Ansible and Terraform Check Point modules.

How to work with Bulk Operations

And how to use the new package deployment operation.

Demo files can be found here

Check Point Management API documentation can be found here

Check Point Terraform Provider documentation can be found here

Check Point Ansible documentation can be found  here

 

 

 

12 Replies
Contributor

thx, this is realy helpful.

Do you maybe know how to use Terraform with a Multi Domain Manager ?

https://community.checkpoint.com/t5/API-CLI-Discussion-and-Samples/Check-Point-provider-on-Terraform...

 

 

0 Kudos
Reply
Explorer

Nice demo 🙂 I've been looking forward to see the direction you'd be taking with Terraform. One question - how do you handle policy verification / overlaps in the rulebase? 

0 Kudos
Reply

Same question here, how does it handle duplicate rules/rule placements
https://www.youtube.com/c/MagnusHolmberg-NetSec
0 Kudos
Reply
Employee
Employee

Hi @Ivan_Eriksen and @Magnus-Holmberg ,

Thanks for your questions.

You can see my answer to @Marcel_M about MDS.

Regarding rule verification - we will support in this command very soon.  (https://sc1.checkpoint.com/documents/latest/APIs/index.html#web/verify-policy~v1.6%20)

 

Please let me know if you have any other questions

 

Have a great day,

Ido.

0 Kudos
Reply
Explorer

Hi Ido,
Thanks for the update - and great to hear, that you're working policy verification. However, I'm not really sure, if your answer means that the Terraform provider will handle verification?
0 Kudos
Reply
Employee
Employee

If you will decide to - once we will support in this command - you will be able to do so.

0 Kudos
Reply
Explorer

Let me clarify - if you want to use Terraform in an existing policy you'd need to handle policy verification / overlaps, otherwise you'd end up with a policy that fails on installation. So, given that policy verification is enabled pr default and generally adviced to be "on", the terraform provider would need to do some pretty advanced policy checks to ensure, that the resulting policy is valid. That's what I meant when asking, if the provide will "handle verification".

(Policy verification is not necessarily a great tool in an automated scenario in my mind).
0 Kudos
Reply
Employee
Employee

Hi @Marcel_M ,

As I was answered in: 

https://community.checkpoint.com/t5/API-CLI-Discussion-and-Samples/Check-Point-provider-on-Terraform...

You must set environment variables to be able to use post apply/destroy commands.

And regarding MDS (Multi-Domain Security Management) - we will support it very soon. I will update the website and here once we do.

Have a great day!

Ido

In the api 1.6 i do see that clusters has been added.

but it looks like VSX specific things are missing.

whats the status for API regarding VSX specific things like adding routing?

https://www.youtube.com/c/MagnusHolmberg-NetSec
0 Kudos
Reply
Employee
Employee

VSX commands are planned to be added in future releases.

0 Kudos
Reply
Contributor

The Check Point network modules in Ansible are not fit for use and purpose!

E.g. in cp_mgmt_access_layer

  • data-awareness (data_awareness): not documented/implemented. But it is used in the example.
  • new-name (new_name): not documented/implemented.

When will this be documented/implemented?

0 Kudos
Reply
Employee
Employee

Hi,

Thanks for reaching us.

The data-awerness parameter should be "content-awaerness" in the example, we will change the example in the next version.
Rgarding the new-name parameter - sorry but we intentionally removed this functionality because it damages one of Ansible requirements for idempotency.

Thanks,
Or

0 Kudos
Reply