Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Shay_Levin
Admin
Admin

R80.40 Automation and Orchestration (Ansible/Terraform and more)

This video is about R80.40 Automation and Orchestration

Learn how to use Ansible and Terraform Check Point modules.

How to work with Bulk Operations

And how to use the new package deployment operation.

Demo files can be found here

Check Point Management API documentation can be found here

Check Point Terraform Provider documentation can be found here

Check Point Ansible documentation can be found  here

 

 

 

12 Replies
Marcel_M
Contributor

thx, this is realy helpful.

Do you maybe know how to use Terraform with a Multi Domain Manager ?

https://community.checkpoint.com/t5/API-CLI-Discussion-and-Samples/Check-Point-provider-on-Terraform...

 

 

0 Kudos
Ivan_Eriksen
Explorer

Nice demo 🙂 I've been looking forward to see the direction you'd be taking with Terraform. One question - how do you handle policy verification / overlaps in the rulebase? 

0 Kudos
Magnus-Holmberg
Advisor
Advisor

Same question here, how does it handle duplicate rules/rule placements
https://www.youtube.com/c/MagnusHolmberg-NetSec
0 Kudos
chkp-idoma
Contributor

Hi @Ivan_Eriksen and @Magnus-Holmberg ,

Thanks for your questions.

You can see my answer to @Marcel_M about MDS.

Regarding rule verification - we will support in this command very soon.  (https://sc1.checkpoint.com/documents/latest/APIs/index.html#web/verify-policy~v1.6%20)

 

Please let me know if you have any other questions

 

Have a great day,

Ido.

0 Kudos
Ivan_Eriksen
Explorer

Hi Ido,
Thanks for the update - and great to hear, that you're working policy verification. However, I'm not really sure, if your answer means that the Terraform provider will handle verification?
0 Kudos
chkp-idoma
Contributor

If you will decide to - once we will support in this command - you will be able to do so.

0 Kudos
Ivan_Eriksen
Explorer

Let me clarify - if you want to use Terraform in an existing policy you'd need to handle policy verification / overlaps, otherwise you'd end up with a policy that fails on installation. So, given that policy verification is enabled pr default and generally adviced to be "on", the terraform provider would need to do some pretty advanced policy checks to ensure, that the resulting policy is valid. That's what I meant when asking, if the provide will "handle verification".

(Policy verification is not necessarily a great tool in an automated scenario in my mind).
0 Kudos
chkp-idoma
Contributor

Hi @Marcel_M ,

As I was answered in: 

https://community.checkpoint.com/t5/API-CLI-Discussion-and-Samples/Check-Point-provider-on-Terraform...

You must set environment variables to be able to use post apply/destroy commands.

And regarding MDS (Multi-Domain Security Management) - we will support it very soon. I will update the website and here once we do.

Have a great day!

Ido

Magnus-Holmberg
Advisor
Advisor

In the api 1.6 i do see that clusters has been added.

but it looks like VSX specific things are missing.

whats the status for API regarding VSX specific things like adding routing?

https://www.youtube.com/c/MagnusHolmberg-NetSec
0 Kudos
chkp-idoma
Contributor

VSX commands are planned to be added in future releases.

0 Kudos
Kris_Pellens
Collaborator

The Check Point network modules in Ansible are not fit for use and purpose!

E.g. in cp_mgmt_access_layer

  • data-awareness (data_awareness): not documented/implemented. But it is used in the example.
  • new-name (new_name): not documented/implemented.

When will this be documented/implemented?

0 Kudos
Or_Soffer
Employee
Employee

Hi,

Thanks for reaching us.

The data-awerness parameter should be "content-awaerness" in the example, we will change the example in the next version.
Rgarding the new-name parameter - sorry but we intentionally removed this functionality because it damages one of Ansible requirements for idempotency.

Thanks,
Or

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events