Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Derek_Gottwalt
Participant

Ansible Playbook Config information or Health Check

I am looking to see if anyone has already created a Ansible Playbook that goes out and gets configuration information or can do a health check from either Security Gateways Or Security Management Servers. Currently using R80.10 But also if there is anything for R80.20 we are planning on upgrading relatively soon. Also would be interested in any Ansible Playbook for other uses cases.  Our Shop is very new to Ansible. I have only done a few playbooks that heavily relied on Python Scripts. I have found that running the particular playbooks were very slow and also if anyone does anything else in the Management Server at the time it is running causes the playbook to fail.

Any Help would be Greatly Appreciated.

0 Kudos
3 Replies
PhoneBoy
Admin
Admin

First of all, since this is an automation/scripting question, let me move this to Developers (Code Hub)‌.

Second, up until fairly recently, most of our APIs were related to security policy management, not necessarily gateway/OS configuration.

That said, we just released new REST APIs for this: https://community.checkpoint.com/community/infinity-general/appliances-and-gaia/blog/2019/01/21/new-...

That said, I know we have been working on something with Ansible that leverages this API.

It's not yet publicly available.

Derek_Gottwalt
Participant

Do you have anymore information about working with Ansible that leverages the API's and also instructions for installing the GAIA API package into our Ansible Tower?

 

Thanks

 

Derek Gottwalt

0 Kudos
Derek_Gottwalt
Participant

Thanks for your response.  We are running Ansible Tower.  We are looking for a way to run a playbook or playbooks hopefully via API's That will get bring back certain Configurations so we can compare to a "Golden Image"  To see if anyone has been messing with configurations.  We also would probably be good with anything that can alert us to any configuration changes within Checkpoint. If there is a way built into Checkpoint R80.10 or soon to be R80.20 for us that can accomplish this with out Ansible that would be ok as well. 

 

Thanks

 

Derek Gottwalt 

0 Kudos