W3cubDocs

cp_mgmt_threat_rule – Manages threat-rule objects on Check Point over Web Services API

New in version 2.9.

Synopsis
Parameters
Examples
Return Values
Status

Synopsis

Manages threat-rule objects on Check Point devices including creating, updating and removing objects.
All operations are performed over Web Services API.

Parameters

Parameter		Choices/Defaults	Comments
action string			Action-the enforced profile.
auto_publish_session boolean		Choices: no yes	Publish the current session if changes have been performed after task completes.
comments string			Comments string.
destination list			Collection of Network objects identified by the name or UID.
destination_negate boolean		Choices: no yes	True if negate is set for destination.
details_level string		Choices: uid standard full	The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed representation of the object.
enabled boolean		Choices: no yes	Enable/Disable the rule.
ignore_errors boolean		Choices: no yes	Apply changes ignoring errors. You won't be able to publish such a changes. If ignore-warnings flag was omitted - warnings will also be ignored.
ignore_warnings boolean		Choices: no yes	Apply changes ignoring warnings.
install_on list			Which Gateways identified by the name or UID to install the policy on.
layer string			Layer that the rule belongs to identified by the name or UID.
name string / required			Object name.
position string			Position in the rulebase.
protected_scope list			Collection of objects defining Protected Scope identified by the name or UID.
protected_scope_negate boolean		Choices: no yes	True if negate is set for Protected Scope.
service list			Collection of Network objects identified by the name or UID.
service_negate boolean		Choices: no yes	True if negate is set for Service.
source list			Collection of Network objects identified by the name or UID.
source_negate boolean		Choices: no yes	True if negate is set for source.
state string		Choices: present ← absent	State of the access rule (present or absent). Defaults to present.
track string			Packet tracking.
track_settings dictionary			Threat rule track settings.
	packet_capture boolean	Choices: no yes	Packet capture.
version string			Version of checkpoint. If not given one, the latest version taken.
wait_for_task boolean		Choices: no yes ←	Wait for the task to end. Such as publish task.

Examples

- name: add-threat-rule
  cp_mgmt_threat_rule:
    comments: ''
    install_on: Policy Targets
    layer: New Layer 1
    name: First threat rule
    position: 1
    protected_scope: All_Internet
    state: present
    track: None

- name: set-threat-rule
  cp_mgmt_threat_rule:
    action: New Profile 1
    comments: commnet for the first rule
    install_on: Policy Targets
    layer: New Layer 1
    name: Rule Name
    position: 1
    protected_scope: All_Internet
    state: present

- name: delete-threat-rule
  cp_mgmt_threat_rule:
    layer: New Layer 1
    name: Rule Name
    state: absent

Return Values

Common return values are documented here, the following are the fields unique to this module:

Key	Returned	Description
cp_mgmt_threat_rule dictionary	always, except when deleting the object.	The checkpoint object created or updated.

Status

This module is not guaranteed to have a backwards compatible interface. [preview]
This module is maintained by the Ansible Community. [community]

Authors

Or Soffer (@chkp-orso)

Hint

If you notice any issues in this documentation, you can edit this document to improve it.

© 2012–2018 Michael DeHaan
© 2018–2019 Red Hat, Inc.
Licensed under the GNU General Public License version 3.
https://docs.ansible.com/ansible/2.9/modules/cp_mgmt_threat_rule_module.html