Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Abhishek_Kumar1
Collaborator

Access rule creation issue using Ansible.

Jump to solution

Hi All

I have multiple policy package in my management server.

I am creating a rule using ansible, I want to create a rule in perticular policy package.

But when i am running my playbook, rule is automatic creating in standard policy package.

Even if I use policy installation module, i can install a policy as per my requirement.

================   ==================Error====================================================

"msg": "Unsupported parameters for (cp_mgmt_access_rule) module: policy_package Supported parameters include: action, action_settings, auto_publish_session, comments, content, content_direction, content_negate, custom_fields, destination, destination_negate, details_level, enabled, ignore_errors, ignore_warnings, inline_layer, install_on, layer, name, position, service, service_negate, source, source_negate, state, time, track, user_check, version, vpn, wait_for_task"

==============================================================================================

I am pasting my module below for your reference

========================================

---
- hosts: check_point
connection: httpapi
tasks:
- name: Create host object
cp_mgmt_host:
color: blue
ipv4_address: 192.0.2.2
name: CP_MGMT Host 1
state: present
auto_publish_session: true

- name: Create host object
cp_mgmt_host:
color: red
ipv4_address: 192.0.2.3
name: CP_MGMT Host 2
state: present
auto_publish_session: true

- name: Create host object
cp_mgmt_host:
color: dark green
ipv4_address: 192.0.2.4
name: CP_MGMT Host 3
state: present
auto_publish_session: true

- name: Create host object
cp_mgmt_host:
color: dark green
ipv4_address: 192.0.2.5
name: CP_MGMT Host 5
state: present
auto_publish_session: true

- name: add-access-rule
cp_mgmt_access_rule:
layer: Network

policy_package: test
name: mgmt rule
position: "1"
action: Accept
source: any
destination: CP_MGMT Host 5
service:
- https
- http
state: present


- name: add-access-rule
cp_mgmt_access_rule:
layer: Network
policy_package: test
name: Rule 1
position: "2"
action: Accept
source: CP_MGMT Host 1
destination: CP_MGMT Host 2
service:
- https
- http
state: present

- name: publish
cp_publish:

- name: install-policy
cp_mgmt_install_policy:
access: true
policy_package: test
targets:
- cp-gw
threat_prevention: true

 

 

Regards

Abhishek

0 Kudos
3 Solutions

Accepted Solutions
Abhishek_Kumar1
Collaborator

Thanks for your reply 

Layer is already defined in my playbook 

layer:network 

but i want to create a rule in specific policy package. how i can add policy package module in my playbook.

 

 

View solution in original post

0 Kudos
PhoneBoy
Admin
Admin
Rules cannot exist in a policy package outside of a layer.
If you want a rule in a policy package, it must be added to layer in the policy package.

What you are doing is adding a rule to the layer called Network.
This layer is included in the default Standard policy package.
The layer you are seeing in SmartConsole associated with your policy package might say "Network" but that's not it's name at the API level.
It's most likely "MyPolicyPackage Network" but you'd have to use either the show access-layers API or find the screen in SmartConsole that lists all the layers to confirm the correct name.

View solution in original post

0 Kudos
Abhishek_Kumar1
Collaborator

Thanks for your help and support.

It's working now, i can create a policy as per desire policy package.

Again thanks for your help and support.

 

Regards

Abhishek

View solution in original post

0 Kudos
4 Replies
PhoneBoy
Admin
Admin
A policy package can contain one or more policy layers.
A layer can exist in one or more policy packages.
You must specify the layer you wish for the rule to be added to (by name or uid), not the policy package.
0 Kudos
Abhishek_Kumar1
Collaborator

Thanks for your reply 

Layer is already defined in my playbook 

layer:network 

but i want to create a rule in specific policy package. how i can add policy package module in my playbook.

 

 

View solution in original post

0 Kudos
PhoneBoy
Admin
Admin
Rules cannot exist in a policy package outside of a layer.
If you want a rule in a policy package, it must be added to layer in the policy package.

What you are doing is adding a rule to the layer called Network.
This layer is included in the default Standard policy package.
The layer you are seeing in SmartConsole associated with your policy package might say "Network" but that's not it's name at the API level.
It's most likely "MyPolicyPackage Network" but you'd have to use either the show access-layers API or find the screen in SmartConsole that lists all the layers to confirm the correct name.

View solution in original post

0 Kudos
Abhishek_Kumar1
Collaborator

Thanks for your help and support.

It's working now, i can create a policy as per desire policy package.

Again thanks for your help and support.

 

Regards

Abhishek

View solution in original post

0 Kudos