This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
boneyard
Contributor
3 weeks ago

Creating a new firewall policy with Ansible

I have seen it asked before but haven't found a clear answer.

Currently im managing a firewall policy via Ansible. When I need to make big changes I just delete all rules and sections and load the new ones.

I would like to load the new rules in a different policy and then eventually install that policy. Afterwards perhaps deleting the old policy and use that process for future changes,

But it seems the Check Point Ansible modules don't do much with policies. I can do something with layers, but with the layer it is unclear to me in which policy it will be created.

Is it correct that policy creation is not done in Ansible?

0 Kudos
1 Reply
Erik_Lagzdins
Employee Employee
Employee
3 weeks ago

I believe what you are looking for is the cp_mgmt_package module to create a new policy and new Access Control layer, then use the cp_mgmt_access_rule module to add rules.

Documentation and examples for the modules can be found here: https://docs.ansible.com/ansible/devel/collections/check_point/mgmt/index.html

 

Process flow:

1. Create a brand new policy package with the cp_mgmt_package module, and add the access layer at the same time.

2. Add access rules with the cp_mgmt_access_rule or cp_mgmt_access_rules modules to the access layer in the new policy package. Both modules are designed to add/modify rules to access layer policies but have their own pros/cons depending on your situation.

3. Install the new policy over the existing policy on your gateway.

4. Delete the old unused policy package, manually or with the cp_mgmt_package module.

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    Virtual

    Tue 30 Apr 2024 @ 08:00 AM (CDT)

    Central US: What's New in R82?
    Virtual

    Tue 30 Apr 2024 @ 03:00 PM (CDT)

    EMEA: CPX 2024 Recap
    Virtual

    Wed 01 May 2024 @ 02:00 PM (EDT)

    South US: HTTPS Inspection Best Practices
    Virtual

    Thu 02 May 2024 @ 11:00 AM (SGT)

    APAC: What's new in R82
    Virtual

    Thu 02 May 2024 @ 10:00 AM (CEST)

    CheckMates Live BeLux: How Can Check Point AI Copilot Assist You?
    Virtual

    Thu 02 May 2024 @ 04:00 PM (CEST)

    CheckMates Live DACH - Keine Kompromisse - Sicheres SD-WAN
    Virtual

    Tue 30 Apr 2024 @ 08:00 AM (CDT)

    Central US: What's New in R82?
    Virtual

    Tue 30 Apr 2024 @ 03:00 PM (CDT)

    EMEA: CPX 2024 Recap
    Virtual

    Wed 01 May 2024 @ 02:00 PM (EDT)

    South US: HTTPS Inspection Best Practices
    Virtual

    Thu 02 May 2024 @ 11:00 AM (SGT)

    APAC: What's new in R82
    Virtual

    Thu 02 May 2024 @ 10:00 AM (CEST)

    CheckMates Live BeLux: How Can Check Point AI Copilot Assist You?
    Virtual

    Thu 02 May 2024 @ 04:00 PM (CEST)

    CheckMates Live DACH - Keine Kompromisse - Sicheres SD-WAN
    CheckMates Events