check_point.mgmt.cp_mgmt_access_rule_facts – Get access-rule objects facts on Check Point over Web Services API

Note

This plugin is part of the check_point.mgmt collection (version 2.1.1).

You might already have this collection installed if you are using the ansible package. It is not included in ansible-core. To check whether it is installed, run ansible-galaxy collection list.

To install it, use: ansible-galaxy collection install check_point.mgmt.

To use it in a playbook, specify: check_point.mgmt.cp_mgmt_access_rule_facts.

New in version 2.9: of check_point.mgmt

Synopsis

  • Get access-rule objects facts on Check Point devices.
  • All operations are performed over Web Services API.
  • This module handles both operations, get a specific object and get several objects, For getting a specific object use the parameter ‘name’.

Parameters

Parameter Choices/Defaults Comments
dereference_group_members
boolean
    Choices:
  • no
  • yes
Indicates whether to dereference "members" field by details level for every object in reply.
details_level
string
    Choices:
  • uid
  • standard
  • full
The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed representation of the object.
filter
string
Search expression to filter the rulebase. The provided text should be exactly the same as it would be given in Smart Console. The logical operators in the expression ('AND', 'OR') should be provided in capital letters. If an operator is not used, the default OR operator applies.
filter_settings
dictionary
Sets filter preferences.
packet_search_settings
dictionary
When 'search-mode' is set to 'packet', this object allows to set the packet search preferences.
expand_group_members
boolean
    Choices:
  • no
  • yes
When true, if the search expression contains a UID or a name of a group object, results will include rules that match on at least one member of the group.
expand_group_with_exclusion_members
boolean
    Choices:
  • no
  • yes
When true, if the search expression contains a UID or a name of a group-with-exclusion object, results will include rules that match at least one member of the "include" part and is not a member of the "except" part.
match_on_any
boolean
    Choices:
  • no
  • yes
Whether to match on 'Any' object.
match_on_group_with_exclusion
boolean
    Choices:
  • no
  • yes
Whether to match on a group-with-exclusion.
match_on_negate
boolean
    Choices:
  • no
  • yes
Whether to match on a negated cell.
search_mode
string
    Choices:
  • general
  • packet
When set to 'general', both the Full Text Search and Packet Search are enabled. In this mode, Packet Search will not match on 'Any' object, a negated cell or a group-with-exclusion. When the search-mode is set to 'packet', by default, the match on 'Any' object, a negated cell or a group-with-exclusion are enabled. packet-search-settings may be provided to change the default behavior.
hits_settings
dictionary
N/A
from_date
string
Format, 'YYYY-MM-DD', 'YYYY-mm-ddThh:mm:ss'.
target
string
Target gateway name or UID.
to_date
string
Format, 'YYYY-MM-DD', 'YYYY-mm-ddThh:mm:ss'.
layer
string
Layer that the rule belongs to identified by the name or UID.
limit
integer
No more than that many results will be returned. This parameter is relevant only for getting few objects.
name
string
Object name. Should be unique in the domain.
offset
integer
Skip that many results before beginning to return them. This parameter is relevant only for getting few objects.
order
list / elements=string
Sorts results by the given field. By default the results are sorted in the ascending order by name. This parameter is relevant only for getting few objects.
ASC
string
    Choices:
  • name
Sorts results by the given field in ascending order.
DESC
string
    Choices:
  • name
Sorts results by the given field in descending order.
package
string
Name of the package.
show_as_ranges
boolean
    Choices:
  • no
  • yes
When true, the source, destination and services & applications parameters are displayed as ranges of IP addresses and port numbers rather than network objects.<br /> Objects that are not represented using IP addresses or port numbers are presented as objects.<br /> In addition, the response of each rule does not contain the parameters, source, source-negate, destination, destination-negate, service and service-negate, but instead it contains the parameters, source-ranges, destination-ranges and service-ranges.<br /><br /> Note, Requesting to show rules as ranges is limited up to 20 rules per request, otherwise an error is returned. If you wish to request more rules, use the offset and limit parameters to limit your request.
show_hits
boolean
    Choices:
  • no
  • yes
N/A
show_membership
boolean
    Choices:
  • no
  • yes
Indicates whether to calculate and show "groups" field for every object in reply.
use_object_dictionary
boolean
    Choices:
  • no
  • yes
N/A
version
string
Version of checkpoint. If not given one, the latest version taken.

Examples

- name: show-access-rule
  cp_mgmt_access_rule_facts:
    layer: Network
    name: Rule 1

- name: show-access-rulebase
  cp_mgmt_access_rule_facts:
    details_level: standard
    limit: 20
    name: Network
    offset: 0
    use_object_dictionary: true

Authors

  • Or Soffer (@chkp-orso)

© 2012–2018 Michael DeHaan
© 2018–2021 Red Hat, Inc.
Licensed under the GNU General Public License version 3.
https://docs.ansible.com/ansible/latest/collections/check_point/mgmt/cp_mgmt_access_rule_facts_module.html