summaryrefslogtreecommitdiffstats
path: root/ansible_collections/check_point/mgmt/plugins/modules
diff options
context:
space:
mode:
authorDaniel Baumann <daniel.baumann@progress-linux.org>2024-04-13 12:04:41 +0000
committerDaniel Baumann <daniel.baumann@progress-linux.org>2024-04-13 12:04:41 +0000
commit975f66f2eebe9dadba04f275774d4ab83f74cf25 (patch)
tree89bd26a93aaae6a25749145b7e4bca4a1e75b2be /ansible_collections/check_point/mgmt/plugins/modules
parentInitial commit. (diff)
downloadansible-975f66f2eebe9dadba04f275774d4ab83f74cf25.tar.xz
ansible-975f66f2eebe9dadba04f275774d4ab83f74cf25.zip
Adding upstream version 7.7.0+dfsg.upstream/7.7.0+dfsg
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
Diffstat (limited to 'ansible_collections/check_point/mgmt/plugins/modules')
-rw-r--r--ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_access_layer.py171
-rw-r--r--ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_access_layer_facts.py127
-rw-r--r--ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_access_role.py217
-rw-r--r--ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_access_role_facts.py125
-rw-r--r--ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_access_rule.py423
-rw-r--r--ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_access_rule_facts.py245
-rw-r--r--ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_access_rules.py373
-rw-r--r--ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_access_section.py119
-rw-r--r--ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_add_api_key.py84
-rw-r--r--ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_add_data_center_object.py147
-rw-r--r--ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_add_domain.py164
-rw-r--r--ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_add_nat_rule.py159
-rw-r--r--ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_add_rules_batch.py136
-rw-r--r--ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_address_range.py215
-rw-r--r--ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_address_range_facts.py132
-rw-r--r--ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_administrator.py231
-rw-r--r--ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_administrator_facts.py127
-rw-r--r--ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_application_site.py180
-rw-r--r--ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_application_site_category.py141
-rw-r--r--ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_application_site_category_facts.py127
-rw-r--r--ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_application_site_facts.py137
-rw-r--r--ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_application_site_group.py147
-rw-r--r--ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_application_site_group_facts.py137
-rw-r--r--ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_approve_session.py77
-rw-r--r--ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_assign_global_assignment.py92
-rw-r--r--ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_check_network_feed.py203
-rw-r--r--ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_check_threat_ioc_feed.py223
-rw-r--r--ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_cluster_members_facts.py147
-rw-r--r--ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_connect_cloud_services.py82
-rw-r--r--ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_data_center_object_facts.py129
-rw-r--r--ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_delete_api_key.py89
-rw-r--r--ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_delete_data_center_object.py95
-rw-r--r--ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_delete_domain.py94
-rw-r--r--ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_delete_nat_rule.py90
-rw-r--r--ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_delete_rules_batch.py123
-rw-r--r--ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_discard.py76
-rw-r--r--ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_disconnect_cloud_services.py78
-rw-r--r--ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_dns_domain.py135
-rw-r--r--ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_dns_domain_facts.py132
-rw-r--r--ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_domain_facts.py134
-rw-r--r--ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_domain_permissions_profile.py598
-rw-r--r--ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_domain_permissions_profile_facts.py141
-rw-r--r--ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_dynamic_object.py125
-rw-r--r--ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_dynamic_object_facts.py129
-rw-r--r--ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_exception_group.py179
-rw-r--r--ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_exception_group_facts.py127
-rw-r--r--ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_get_platform.py82
-rw-r--r--ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_global_assignment.py132
-rw-r--r--ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_global_assignment_facts.py132
-rw-r--r--ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_group.py143
-rw-r--r--ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_group_facts.py144
-rw-r--r--ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_group_with_exclusion.py148
-rw-r--r--ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_group_with_exclusion_facts.py134
-rw-r--r--ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_host.py338
-rw-r--r--ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_host_facts.py132
-rw-r--r--ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_https_section.py119
-rw-r--r--ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_identity_tag.py135
-rw-r--r--ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_identity_tag_facts.py139
-rw-r--r--ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_idp_administrator_group.py160
-rw-r--r--ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_idp_administrator_group_facts.py138
-rw-r--r--ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_idp_to_domain_assignment_facts.py124
-rw-r--r--ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_install_database.py80
-rw-r--r--ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_install_lsm_policy.py80
-rw-r--r--ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_install_lsm_settings.py80
-rw-r--r--ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_install_policy.py127
-rw-r--r--ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_install_software_package.py121
-rw-r--r--ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_interoperable_device.py319
-rw-r--r--ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_interoperable_device_facts.py138
-rw-r--r--ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_lsm_cluster.py286
-rw-r--r--ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_lsm_cluster_facts.py146
-rw-r--r--ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_lsm_cluster_profile_facts.py146
-rw-r--r--ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_lsm_gateway.py178
-rw-r--r--ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_lsm_gateway_facts.py146
-rw-r--r--ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_lsm_gateway_profile_facts.py146
-rw-r--r--ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_lsm_run_script.py90
-rw-r--r--ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_md_permissions_profile.py210
-rw-r--r--ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_md_permissions_profile_facts.py141
-rw-r--r--ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_mds.py208
-rw-r--r--ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_mds_facts.py124
-rw-r--r--ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_multicast_address_range.py183
-rw-r--r--ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_multicast_address_range_facts.py130
-rw-r--r--ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_nat_rule_facts.py203
-rw-r--r--ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_nat_section.py119
-rw-r--r--ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_network.py227
-rw-r--r--ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_network_facts.py132
-rw-r--r--ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_network_feed.py243
-rw-r--r--ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_network_feed_facts.py143
-rw-r--r--ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_objects_facts.py181
-rw-r--r--ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_package.py251
-rw-r--r--ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_package_facts.py127
-rw-r--r--ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_provisioning_profile_facts.py146
-rw-r--r--ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_publish.py71
-rw-r--r--ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_put_file.py102
-rw-r--r--ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_reject_session.py83
-rw-r--r--ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_repository_script.py141
-rw-r--r--ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_repository_script_facts.py127
-rw-r--r--ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_reset_sic.py84
-rw-r--r--ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_run_ips_update.py76
-rw-r--r--ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_run_script.py101
-rw-r--r--ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_security_zone.py130
-rw-r--r--ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_security_zone_facts.py129
-rw-r--r--ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_service_dce_rpc.py149
-rw-r--r--ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_service_dce_rpc_facts.py132
-rw-r--r--ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_service_group.py149
-rw-r--r--ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_service_group_facts.py144
-rw-r--r--ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_service_icmp.py154
-rw-r--r--ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_service_icmp6.py154
-rw-r--r--ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_service_icmp6_facts.py131
-rw-r--r--ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_service_icmp_facts.py131
-rw-r--r--ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_service_other.py227
-rw-r--r--ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_service_other_facts.py132
-rw-r--r--ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_service_rpc.py149
-rw-r--r--ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_service_rpc_facts.py132
-rw-r--r--ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_service_sctp.py211
-rw-r--r--ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_service_sctp_facts.py132
-rw-r--r--ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_service_tcp.py231
-rw-r--r--ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_service_tcp_facts.py132
-rw-r--r--ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_service_udp.py238
-rw-r--r--ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_service_udp_facts.py132
-rw-r--r--ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_session_facts.py125
-rw-r--r--ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_set_domain.py181
-rw-r--r--ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_set_global_properties.py2044
-rw-r--r--ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_set_idp_default_assignment.py100
-rw-r--r--ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_set_idp_to_domain_assignment.py112
-rw-r--r--ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_set_nat_rule.py161
-rw-r--r--ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_set_session.py123
-rw-r--r--ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_set_threat_advanced_settings.py158
-rw-r--r--ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_show_access_section.py90
-rw-r--r--ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_show_cloud_services.py71
-rw-r--r--ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_show_global_properties.py71
-rw-r--r--ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_show_https_section.py90
-rw-r--r--ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_show_idp_default_assignment.py78
-rw-r--r--ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_show_logs.py149
-rw-r--r--ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_show_nat_section.py90
-rw-r--r--ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_show_servers_and_processes.py73
-rw-r--r--ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_show_software_package_details.py77
-rw-r--r--ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_show_task.py85
-rw-r--r--ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_show_tasks.py134
-rw-r--r--ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_show_threat_advanced_settings.py71
-rw-r--r--ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_simple_cluster.py1287
-rw-r--r--ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_simple_cluster_facts.py156
-rw-r--r--ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_simple_gateway.py637
-rw-r--r--ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_simple_gateway_facts.py132
-rw-r--r--ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_smtp_server.py171
-rw-r--r--ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_smtp_server_facts.py141
-rw-r--r--ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_submit_session.py77
-rw-r--r--ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_tag.py126
-rw-r--r--ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_tag_facts.py124
-rw-r--r--ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_test_sic_status.py82
-rw-r--r--ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_threat_exception.py219
-rw-r--r--ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_threat_exception_facts.py223
-rw-r--r--ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_threat_indicator.py274
-rw-r--r--ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_threat_indicator_facts.py124
-rw-r--r--ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_threat_layer.py128
-rw-r--r--ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_threat_layer_facts.py127
-rw-r--r--ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_threat_profile.py406
-rw-r--r--ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_threat_profile_facts.py127
-rw-r--r--ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_threat_protection_override.py131
-rw-r--r--ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_threat_rule.py214
-rw-r--r--ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_threat_rule_facts.py210
-rw-r--r--ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_time.py285
-rw-r--r--ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_time_facts.py127
-rw-r--r--ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_trusted_client.py216
-rw-r--r--ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_trusted_client_facts.py134
-rw-r--r--ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_uninstall_software_package.py106
-rw-r--r--ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_update_provisioned_satellites.py80
-rw-r--r--ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_verify_policy.py77
-rw-r--r--ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_verify_software_package.py104
-rw-r--r--ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_vpn_community_meshed.py232
-rw-r--r--ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_vpn_community_meshed_facts.py127
-rw-r--r--ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_vpn_community_star.py244
-rw-r--r--ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_vpn_community_star_facts.py127
-rw-r--r--ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_wildcard.py159
-rw-r--r--ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_wildcard_facts.py127
174 files changed, 29661 insertions, 0 deletions
diff --git a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_access_layer.py b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_access_layer.py
new file mode 100644
index 000000000..dde5b24b6
--- /dev/null
+++ b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_access_layer.py
@@ -0,0 +1,171 @@
+#!/usr/bin/python
+# -*- coding: utf-8 -*-
+#
+# Ansible module to manage Check Point Firewall (c) 2019
+#
+# Ansible is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# Ansible is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with Ansible. If not, see <http://www.gnu.org/licenses/>.
+#
+
+from __future__ import (absolute_import, division, print_function)
+
+__metaclass__ = type
+
+ANSIBLE_METADATA = {'metadata_version': '1.1',
+ 'status': ['preview'],
+ 'supported_by': 'community'}
+
+DOCUMENTATION = """
+---
+module: cp_mgmt_access_layer
+short_description: Manages access-layer objects on Check Point over Web Services API
+description:
+ - Manages access-layer objects on Check Point devices including creating, updating and removing objects.
+ - All operations are performed over Web Services API.
+version_added: "1.0.0"
+author: "Or Soffer (@chkp-orso)"
+options:
+ name:
+ description:
+ - Object name.
+ type: str
+ required: True
+ add_default_rule:
+ description:
+ - Indicates whether to include a cleanup rule in the new layer.
+ type: bool
+ applications_and_url_filtering:
+ description:
+ - Whether to enable Applications & URL Filtering blade on the layer.
+ type: bool
+ content_awareness:
+ description:
+ - Whether to enable Content Awareness blade on the layer.
+ type: bool
+ detect_using_x_forward_for:
+ description:
+ - Whether to use X-Forward-For HTTP header, which is added by the proxy server to keep track of the original source IP.
+ type: bool
+ firewall:
+ description:
+ - Whether to enable Firewall blade on the layer.
+ type: bool
+ implicit_cleanup_action:
+ description:
+ - The default "catch-all" action for traffic that does not match any explicit or implied rules in the layer.
+ type: str
+ choices: ['drop', 'accept']
+ mobile_access:
+ description:
+ - Whether to enable Mobile Access blade on the layer.
+ type: bool
+ shared:
+ description:
+ - Whether this layer is shared.
+ type: bool
+ tags:
+ description:
+ - Collection of tag identifiers.
+ type: list
+ elements: str
+ color:
+ description:
+ - Color of the object. Should be one of existing colors.
+ type: str
+ choices: ['aquamarine', 'black', 'blue', 'crete blue', 'burlywood', 'cyan', 'dark green', 'khaki', 'orchid', 'dark orange', 'dark sea green',
+ 'pink', 'turquoise', 'dark blue', 'firebrick', 'brown', 'forest green', 'gold', 'dark gold', 'gray', 'dark gray', 'light green', 'lemon chiffon',
+ 'coral', 'sea green', 'sky blue', 'magenta', 'purple', 'slate blue', 'violet red', 'navy blue', 'olive', 'orange', 'red', 'sienna', 'yellow']
+ comments:
+ description:
+ - Comments string.
+ type: str
+ details_level:
+ description:
+ - The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed
+ representation of the object.
+ type: str
+ choices: ['uid', 'standard', 'full']
+ ignore_warnings:
+ description:
+ - Apply changes ignoring warnings.
+ type: bool
+ ignore_errors:
+ description:
+ - Apply changes ignoring errors. You won't be able to publish such a changes. If ignore-warnings flag was omitted - warnings will also be ignored.
+ type: bool
+extends_documentation_fragment: check_point.mgmt.checkpoint_objects
+"""
+
+EXAMPLES = """
+- name: add-access-layer
+ cp_mgmt_access_layer:
+ name: New Layer 1
+ state: present
+
+- name: set-access-layer
+ cp_mgmt_access_layer:
+ applications_and_url_filtering: false
+ data_awareness: true
+ name: New Layer 1
+ state: present
+
+- name: delete-access-layer
+ cp_mgmt_access_layer:
+ name: New Layer 2
+ state: absent
+"""
+
+RETURN = """
+cp_mgmt_access_layer:
+ description: The checkpoint object created or updated.
+ returned: always, except when deleting the object.
+ type: dict
+"""
+
+from ansible.module_utils.basic import AnsibleModule
+from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_objects, api_call
+
+
+def main():
+ argument_spec = dict(
+ name=dict(type='str', required=True),
+ add_default_rule=dict(type='bool'),
+ applications_and_url_filtering=dict(type='bool'),
+ content_awareness=dict(type='bool'),
+ detect_using_x_forward_for=dict(type='bool'),
+ firewall=dict(type='bool'),
+ implicit_cleanup_action=dict(type='str', choices=['drop', 'accept']),
+ mobile_access=dict(type='bool'),
+ shared=dict(type='bool'),
+ tags=dict(type='list', elements='str'),
+ color=dict(type='str', choices=['aquamarine', 'black', 'blue', 'crete blue', 'burlywood', 'cyan', 'dark green',
+ 'khaki', 'orchid', 'dark orange', 'dark sea green', 'pink', 'turquoise', 'dark blue', 'firebrick', 'brown',
+ 'forest green', 'gold', 'dark gold', 'gray', 'dark gray', 'light green', 'lemon chiffon', 'coral', 'sea green',
+ 'sky blue', 'magenta', 'purple', 'slate blue', 'violet red', 'navy blue', 'olive', 'orange', 'red', 'sienna',
+ 'yellow']),
+ comments=dict(type='str'),
+ details_level=dict(type='str', choices=['uid', 'standard', 'full']),
+ ignore_warnings=dict(type='bool'),
+ ignore_errors=dict(type='bool')
+ )
+ argument_spec.update(checkpoint_argument_spec_for_objects)
+
+ module = AnsibleModule(argument_spec=argument_spec, supports_check_mode=True)
+ api_call_object = 'access-layer'
+
+ result = api_call(module, api_call_object)
+ module.exit_json(**result)
+
+
+if __name__ == '__main__':
+ main()
diff --git a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_access_layer_facts.py b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_access_layer_facts.py
new file mode 100644
index 000000000..40e98e990
--- /dev/null
+++ b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_access_layer_facts.py
@@ -0,0 +1,127 @@
+#!/usr/bin/python
+# -*- coding: utf-8 -*-
+#
+# Ansible module to manage Check Point Firewall (c) 2019
+#
+# Ansible is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# Ansible is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with Ansible. If not, see <http://www.gnu.org/licenses/>.
+#
+
+from __future__ import (absolute_import, division, print_function)
+
+__metaclass__ = type
+
+ANSIBLE_METADATA = {'metadata_version': '1.1',
+ 'status': ['preview'],
+ 'supported_by': 'community'}
+
+DOCUMENTATION = """
+---
+module: cp_mgmt_access_layer_facts
+short_description: Get access-layer objects facts on Check Point over Web Services API
+description:
+ - Get access-layer objects facts on Check Point devices.
+ - All operations are performed over Web Services API.
+ - This module handles both operations, get a specific object and get several objects,
+ For getting a specific object use the parameter 'name'.
+version_added: "1.0.0"
+author: "Or Soffer (@chkp-orso)"
+options:
+ name:
+ description:
+ - Object name.
+ This parameter is relevant only for getting a specific object.
+ type: str
+ details_level:
+ description:
+ - The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed
+ representation of the object.
+ type: str
+ choices: ['uid', 'standard', 'full']
+ limit:
+ description:
+ - No more than that many results will be returned.
+ This parameter is relevant only for getting few objects.
+ type: int
+ offset:
+ description:
+ - Skip that many results before beginning to return them.
+ This parameter is relevant only for getting few objects.
+ type: int
+ order:
+ description:
+ - Sorts results by the given field. By default the results are sorted in the ascending order by name.
+ This parameter is relevant only for getting few objects.
+ type: list
+ elements: dict
+ suboptions:
+ ASC:
+ description:
+ - Sorts results by the given field in ascending order.
+ type: str
+ choices: ['name']
+ DESC:
+ description:
+ - Sorts results by the given field in descending order.
+ type: str
+ choices: ['name']
+extends_documentation_fragment: check_point.mgmt.checkpoint_facts
+"""
+
+EXAMPLES = """
+- name: show-access-layer
+ cp_mgmt_access_layer_facts:
+ name: New Layer 1
+
+- name: show-access-layers
+ cp_mgmt_access_layer_facts:
+ details_level: standard
+ limit: 50
+ offset: 0
+"""
+
+RETURN = """
+ansible_facts:
+ description: The checkpoint object facts.
+ returned: always.
+ type: dict
+"""
+
+from ansible.module_utils.basic import AnsibleModule
+from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_facts, api_call_facts
+
+
+def main():
+ argument_spec = dict(
+ name=dict(type='str'),
+ details_level=dict(type='str', choices=['uid', 'standard', 'full']),
+ limit=dict(type='int'),
+ offset=dict(type='int'),
+ order=dict(type='list', elements='dict', options=dict(
+ ASC=dict(type='str', choices=['name']),
+ DESC=dict(type='str', choices=['name'])
+ ))
+ )
+ argument_spec.update(checkpoint_argument_spec_for_facts)
+
+ module = AnsibleModule(argument_spec=argument_spec, supports_check_mode=True)
+
+ api_call_object = "access-layer"
+ api_call_object_plural_version = "access-layers"
+
+ result = api_call_facts(module, api_call_object, api_call_object_plural_version)
+ module.exit_json(ansible_facts=result)
+
+
+if __name__ == '__main__':
+ main()
diff --git a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_access_role.py b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_access_role.py
new file mode 100644
index 000000000..1c9114484
--- /dev/null
+++ b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_access_role.py
@@ -0,0 +1,217 @@
+#!/usr/bin/python
+# -*- coding: utf-8 -*-
+#
+# Ansible module to manage Check Point Firewall (c) 2019
+#
+# Ansible is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# Ansible is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with Ansible. If not, see <http://www.gnu.org/licenses/>.
+#
+
+from __future__ import (absolute_import, division, print_function)
+
+__metaclass__ = type
+
+ANSIBLE_METADATA = {'metadata_version': '1.1',
+ 'status': ['preview'],
+ 'supported_by': 'community'}
+
+DOCUMENTATION = """
+---
+module: cp_mgmt_access_role
+short_description: Manages access-role objects on Check Point over Web Services API
+description:
+ - Manages access-role objects on Check Point devices including creating, updating and removing objects.
+ - All operations are performed over Web Services API.
+version_added: "1.0.0"
+author: "Or Soffer (@chkp-orso)"
+options:
+ name:
+ description:
+ - Object name.
+ type: str
+ required: True
+ machines_list:
+ description:
+ - Machines that can access the system.
+ type: list
+ elements: dict
+ suboptions:
+ source:
+ description:
+ - Active Directory name or UID or Identity Tag.
+ type: str
+ selection:
+ description:
+ - Name or UID of an object selected from source.
+ type: list
+ elements: str
+ base_dn:
+ description:
+ - When source is "Active Directory" use "base-dn" to refine the query in AD database.
+ type: str
+ machines:
+ description:
+ - Any or All Identified.
+ type: str
+ choices: ['any', 'all identified']
+ networks:
+ description:
+ - Collection of Network objects identified by the name or UID that can access the system.
+ type: list
+ elements: str
+ remote_access_clients:
+ description:
+ - Remote access clients identified by name or UID.
+ type: str
+ tags:
+ description:
+ - Collection of tag identifiers.
+ type: list
+ elements: str
+ users_list:
+ description:
+ - Users that can access the system.
+ type: list
+ elements: dict
+ suboptions:
+ source:
+ description:
+ - Active Directory name or UID or Identity Tag or Internal User Groups or LDAP groups or Guests.
+ type: str
+ selection:
+ description:
+ - Name or UID of an object selected from source.
+ type: list
+ elements: str
+ base_dn:
+ description:
+ - When source is "Active Directory" use "base-dn" to refine the query in AD database.
+ type: str
+ users:
+ description:
+ - Any or All Identified.
+ type: str
+ choices: ['any', 'all identified']
+ color:
+ description:
+ - Color of the object. Should be one of existing colors.
+ type: str
+ choices: ['aquamarine', 'black', 'blue', 'crete blue', 'burlywood', 'cyan', 'dark green', 'khaki', 'orchid', 'dark orange', 'dark sea green',
+ 'pink', 'turquoise', 'dark blue', 'firebrick', 'brown', 'forest green', 'gold', 'dark gold', 'gray', 'dark gray', 'light green', 'lemon chiffon',
+ 'coral', 'sea green', 'sky blue', 'magenta', 'purple', 'slate blue', 'violet red', 'navy blue', 'olive', 'orange', 'red', 'sienna', 'yellow']
+ comments:
+ description:
+ - Comments string.
+ type: str
+ details_level:
+ description:
+ - The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed
+ representation of the object.
+ type: str
+ choices: ['uid', 'standard', 'full']
+ ignore_warnings:
+ description:
+ - Apply changes ignoring warnings.
+ type: bool
+ ignore_errors:
+ description:
+ - Apply changes ignoring errors. You won't be able to publish such a changes. If ignore-warnings flag was omitted - warnings will also be ignored.
+ type: bool
+extends_documentation_fragment: check_point.mgmt.checkpoint_objects
+"""
+
+EXAMPLES = """
+- name: add-access-role
+ cp_mgmt_access_role:
+ name: New Access Role 1
+ networks: any
+ remote_access_clients: any
+ state: present
+ users: any
+
+- name: set-access-role
+ cp_mgmt_access_role:
+ users_list:
+ - source: "Internal User Groups"
+ selection: usersGroup
+ name: New Access Role 1
+ state: present
+
+- name: delete-access-role
+ cp_mgmt_access_role:
+ name: New Access Role 1
+ state: absent
+"""
+
+RETURN = """
+cp_mgmt_access_role:
+ description: The checkpoint object created or updated.
+ returned: always, except when deleting the object.
+ type: dict
+"""
+
+from ansible.module_utils.basic import AnsibleModule
+from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_objects, api_call
+
+
+def main():
+ argument_spec = dict(
+ name=dict(type='str', required=True),
+ machines_list=dict(type='list', elements='dict', options=dict(
+ source=dict(type='str'),
+ selection=dict(type='list', elements='str'),
+ base_dn=dict(type='str')
+ )),
+ machines=dict(type='str', choices=['any', 'all identified']),
+ networks=dict(type='list', elements='str'),
+ remote_access_clients=dict(type='str'),
+ tags=dict(type='list', elements='str'),
+ users_list=dict(type='list', elements='dict', options=dict(
+ source=dict(type='str'),
+ selection=dict(type='list', elements='str'),
+ base_dn=dict(type='str')
+ )),
+ users=dict(type='str', choices=['any', 'all identified']),
+ color=dict(type='str', choices=['aquamarine', 'black', 'blue', 'crete blue', 'burlywood', 'cyan', 'dark green',
+ 'khaki', 'orchid', 'dark orange', 'dark sea green', 'pink', 'turquoise', 'dark blue', 'firebrick', 'brown',
+ 'forest green', 'gold', 'dark gold', 'gray', 'dark gray', 'light green', 'lemon chiffon', 'coral', 'sea green',
+ 'sky blue', 'magenta', 'purple', 'slate blue', 'violet red', 'navy blue', 'olive', 'orange', 'red', 'sienna',
+ 'yellow']),
+ comments=dict(type='str'),
+ details_level=dict(type='str', choices=['uid', 'standard', 'full']),
+ ignore_warnings=dict(type='bool'),
+ ignore_errors=dict(type='bool')
+ )
+ argument_spec.update(checkpoint_argument_spec_for_objects)
+
+ module = AnsibleModule(argument_spec=argument_spec, supports_check_mode=True)
+ api_call_object = 'access-role'
+
+ if module.params["machines_list"] is not None:
+ if module.params["machines"] is not None:
+ raise AssertionError("The use of both 'machines_list' and 'machines' arguments isn't allowed")
+ module.params["machines"] = module.params["machines_list"]
+ module.params.pop("machines_list")
+
+ if module.params["users_list"] is not None:
+ if module.params["users"] is not None:
+ raise AssertionError("The use of both 'users_list' and 'users' arguments isn't allowed")
+ module.params["users"] = module.params["users_list"]
+ module.params.pop("users_list")
+
+ result = api_call(module, api_call_object)
+ module.exit_json(**result)
+
+
+if __name__ == '__main__':
+ main()
diff --git a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_access_role_facts.py b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_access_role_facts.py
new file mode 100644
index 000000000..6a8805e8c
--- /dev/null
+++ b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_access_role_facts.py
@@ -0,0 +1,125 @@
+#!/usr/bin/python
+# -*- coding: utf-8 -*-
+#
+# Ansible module to manage Check Point Firewall (c) 2019
+#
+# Ansible is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# Ansible is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with Ansible. If not, see <http://www.gnu.org/licenses/>.
+#
+
+from __future__ import (absolute_import, division, print_function)
+
+__metaclass__ = type
+
+ANSIBLE_METADATA = {'metadata_version': '1.1',
+ 'status': ['preview'],
+ 'supported_by': 'community'}
+
+DOCUMENTATION = """
+---
+module: cp_mgmt_access_role_facts
+short_description: Get access-role objects facts on Check Point over Web Services API
+description:
+ - Get access-role objects facts on Check Point devices.
+ - All operations are performed over Web Services API.
+ - This module handles both operations, get a specific object and get several objects,
+ For getting a specific object use the parameter 'name'.
+version_added: "1.0.0"
+author: "Or Soffer (@chkp-orso)"
+options:
+ name:
+ description:
+ - Object name.
+ This parameter is relevant only for getting a specific object.
+ type: str
+ details_level:
+ description:
+ - The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed
+ representation of the object.
+ type: str
+ choices: ['uid', 'standard', 'full']
+ limit:
+ description:
+ - No more than that many results will be returned.
+ This parameter is relevant only for getting few objects.
+ type: int
+ offset:
+ description:
+ - Skip that many results before beginning to return them.
+ This parameter is relevant only for getting few objects.
+ type: int
+ order:
+ description:
+ - Sorts results by the given field. By default the results are sorted in the ascending order by name.
+ This parameter is relevant only for getting few objects.
+ type: list
+ elements: dict
+ suboptions:
+ ASC:
+ description:
+ - Sorts results by the given field in ascending order.
+ type: str
+ choices: ['name']
+ DESC:
+ description:
+ - Sorts results by the given field in descending order.
+ type: str
+ choices: ['name']
+extends_documentation_fragment: check_point.mgmt.checkpoint_facts
+"""
+
+EXAMPLES = """
+- name: show-access-role
+ cp_mgmt_access_role_facts:
+ name: New Access Role 1
+
+- name: show-access-roles
+ cp_mgmt_access_role_facts:
+ details_level: full
+"""
+
+RETURN = """
+ansible_facts:
+ description: The checkpoint object facts.
+ returned: always.
+ type: dict
+"""
+
+from ansible.module_utils.basic import AnsibleModule
+from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_facts, api_call_facts
+
+
+def main():
+ argument_spec = dict(
+ name=dict(type='str'),
+ details_level=dict(type='str', choices=['uid', 'standard', 'full']),
+ limit=dict(type='int'),
+ offset=dict(type='int'),
+ order=dict(type='list', elements='dict', options=dict(
+ ASC=dict(type='str', choices=['name']),
+ DESC=dict(type='str', choices=['name'])
+ ))
+ )
+ argument_spec.update(checkpoint_argument_spec_for_facts)
+
+ module = AnsibleModule(argument_spec=argument_spec, supports_check_mode=True)
+
+ api_call_object = "access-role"
+ api_call_object_plural_version = "access-roles"
+
+ result = api_call_facts(module, api_call_object, api_call_object_plural_version)
+ module.exit_json(ansible_facts=result)
+
+
+if __name__ == '__main__':
+ main()
diff --git a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_access_rule.py b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_access_rule.py
new file mode 100644
index 000000000..11f359fe0
--- /dev/null
+++ b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_access_rule.py
@@ -0,0 +1,423 @@
+#!/usr/bin/python
+# -*- coding: utf-8 -*-
+#
+# Ansible module to manage Check Point Firewall (c) 2019
+#
+# Ansible is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# Ansible is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with Ansible. If not, see <http://www.gnu.org/licenses/>.
+#
+
+from __future__ import (absolute_import, division, print_function)
+
+__metaclass__ = type
+
+ANSIBLE_METADATA = {'metadata_version': '1.1',
+ 'status': ['preview'],
+ 'supported_by': 'community'}
+
+DOCUMENTATION = """
+---
+module: cp_mgmt_access_rule
+short_description: Manages access-rule objects on Check Point over Web Services API
+description:
+ - Manages access-rule objects on Check Point devices including creating, updating and removing objects.
+ - All operations are performed over Web Services API.
+version_added: "1.0.0"
+author: "Or Soffer (@chkp-orso)"
+options:
+ layer:
+ description:
+ - Layer that the rule belongs to identified by the name or UID.
+ type: str
+ position:
+ description:
+ - Position in the rulebase. The use of values "top" and "bottom" may not be idempotent.
+ type: str
+ relative_position:
+ description:
+ - Position in the rulebase.
+ - Use of this field may not be idempotent.
+ type: dict
+ suboptions:
+ below:
+ description:
+ - Add rule below specific rule/section identified by name (limited to 50 rules if
+ search_entire_rulebase is False).
+ type: str
+ above:
+ description:
+ - Add rule above specific rule/section identified by name (limited to 50 rules if
+ search_entire_rulebase is False).
+ type: str
+ top:
+ description:
+ - Add rule to the top of a specific section identified by name (limited to 50 rules if
+ search_entire_rulebase is False).
+ type: str
+ bottom:
+ description:
+ - Add rule to the bottom of a specific section identified by name (limited to 50 rules if
+ search_entire_rulebase is False).
+ type: str
+ search_entire_rulebase:
+ description:
+ - Whether to search the entire rulebase for a rule that's been edited in its relative_position field to make sure
+ there indeed has been a change in its position or the section it might be in.
+ type: bool
+ default: False
+ name:
+ description:
+ - Object name.
+ type: str
+ required: True
+ action:
+ description:
+ - a "Accept", "Drop", "Ask", "Inform", "Reject", "User Auth", "Client Auth", "Apply Layer".
+ type: str
+ action_settings:
+ description:
+ - Action settings.
+ type: dict
+ suboptions:
+ enable_identity_captive_portal:
+ description:
+ - N/A
+ type: bool
+ limit:
+ description:
+ - N/A
+ type: str
+ content:
+ description:
+ - List of processed file types that this rule applies on.
+ type: list
+ elements: dict
+ content_direction:
+ description:
+ - On which direction the file types processing is applied.
+ type: str
+ choices: ['any', 'up', 'down']
+ content_negate:
+ description:
+ - True if negate is set for data.
+ type: bool
+ custom_fields:
+ description:
+ - Custom fields.
+ type: dict
+ suboptions:
+ field_1:
+ description:
+ - First custom field.
+ type: str
+ field_2:
+ description:
+ - Second custom field.
+ type: str
+ field_3:
+ description:
+ - Third custom field.
+ type: str
+ destination:
+ description:
+ - Collection of Network objects identified by the name or UID.
+ type: list
+ elements: str
+ destination_negate:
+ description:
+ - True if negate is set for destination.
+ type: bool
+ enabled:
+ description:
+ - Enable/Disable the rule.
+ type: bool
+ inline_layer:
+ description:
+ - Inline Layer identified by the name or UID. Relevant only if "Action" was set to "Apply Layer".
+ type: str
+ install_on:
+ description:
+ - Which Gateways identified by the name or UID to install the policy on.
+ type: list
+ elements: str
+ service:
+ description:
+ - Collection of Network objects identified by the name or UID.
+ type: list
+ elements: str
+ service_negate:
+ description:
+ - True if negate is set for service.
+ type: bool
+ source:
+ description:
+ - Collection of Network objects identified by the name or UID.
+ type: list
+ elements: str
+ source_negate:
+ description:
+ - True if negate is set for source.
+ type: bool
+ time:
+ description:
+ - List of time objects. For example, "Weekend", "Off-Work", "Every-Day".
+ type: list
+ elements: str
+ track:
+ description:
+ - Track Settings.
+ type: dict
+ suboptions:
+ accounting:
+ description:
+ - Turns accounting for track on and off.
+ type: bool
+ alert:
+ description:
+ - Type of alert for the track.
+ type: str
+ choices: ['none', 'alert', 'snmp', 'mail', 'user alert 1', 'user alert 2', 'user alert 3']
+ enable_firewall_session:
+ description:
+ - Determine whether to generate session log to firewall only connections.
+ type: bool
+ per_connection:
+ description:
+ - Determines whether to perform the log per connection.
+ type: bool
+ per_session:
+ description:
+ - Determines whether to perform the log per session.
+ type: bool
+ type:
+ description:
+ - a "Log", "Extended Log", "Detailed Log", "None".
+ type: str
+ user_check:
+ description:
+ - User check settings.
+ type: dict
+ suboptions:
+ confirm:
+ description:
+ - N/A
+ type: str
+ choices: ['per rule', 'per category', 'per application/site', 'per data type']
+ custom_frequency:
+ description:
+ - N/A
+ type: dict
+ suboptions:
+ every:
+ description:
+ - N/A
+ type: int
+ unit:
+ description:
+ - N/A
+ type: str
+ choices: ['hours', 'days', 'weeks', 'months']
+ frequency:
+ description:
+ - N/A
+ type: str
+ choices: ['once a day', 'once a week', 'once a month', 'custom frequency...']
+ interaction:
+ description:
+ - N/A
+ type: str
+ vpn_list:
+ description:
+ - Communities or Directional.
+ type: list
+ elements: dict
+ suboptions:
+ community:
+ description:
+ - List of community name or UID.
+ type: list
+ elements: str
+ directional:
+ description:
+ - Communities directional match condition.
+ type: list
+ elements: dict
+ suboptions:
+ from:
+ description:
+ - From community name or UID.
+ type: str
+ to:
+ description:
+ - To community name or UID.
+ type: str
+ vpn:
+ description:
+ - Any or All_GwToGw.
+ type: str
+ choices: ['Any', 'All_GwToGw']
+ comments:
+ description:
+ - Comments string.
+ type: str
+ details_level:
+ description:
+ - The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed
+ representation of the object.
+ type: str
+ choices: ['uid', 'standard', 'full']
+ ignore_warnings:
+ description:
+ - Apply changes ignoring warnings.
+ type: bool
+ ignore_errors:
+ description:
+ - Apply changes ignoring errors. You won't be able to publish such a changes. If ignore-warnings flag was omitted - warnings will also be ignored.
+ type: bool
+extends_documentation_fragment: check_point.mgmt.checkpoint_objects
+"""
+
+EXAMPLES = """
+- name: add-access-rule
+ cp_mgmt_access_rule:
+ layer: Network
+ name: Rule 1
+ position: 1
+ service:
+ - SMTP
+ - AOL
+ vpn: All_GwToGw
+ state: present
+
+- name: set-access-rule
+ cp_mgmt_access_rule:
+ action: Ask
+ action_settings:
+ enable_identity_captive_portal: true
+ limit: Upload_1Gbps
+ layer: Network
+ name: Rule 1
+ state: present
+
+- name: delete-access-rule
+ cp_mgmt_access_rule:
+ layer: Network
+ name: Rule 2
+ state: absent
+"""
+
+RETURN = """
+cp_mgmt_access_rule:
+ description: The checkpoint object created or updated.
+ returned: always, except when deleting the object.
+ type: dict
+"""
+
+from ansible.module_utils.basic import AnsibleModule
+from ansible.module_utils.connection import Connection
+from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_objects, api_call, api_call_for_rule
+
+
+def main():
+ argument_spec = dict(
+ layer=dict(type='str'),
+ position=dict(type='str'),
+ relative_position=dict(type='dict', options=dict(
+ below=dict(type='str'),
+ above=dict(type='str'),
+ top=dict(type='str'),
+ bottom=dict(type='str')
+ )),
+ search_entire_rulebase=dict(type='bool', default=False),
+ name=dict(type='str', required=True),
+ action=dict(type='str'),
+ action_settings=dict(type='dict', options=dict(
+ enable_identity_captive_portal=dict(type='bool'),
+ limit=dict(type='str')
+ )),
+ content=dict(type='list', elements='dict'),
+ content_direction=dict(type='str', choices=['any', 'up', 'down']),
+ content_negate=dict(type='bool'),
+ custom_fields=dict(type='dict', options=dict(
+ field_1=dict(type='str'),
+ field_2=dict(type='str'),
+ field_3=dict(type='str')
+ )),
+ destination=dict(type='list', elements='str'),
+ destination_negate=dict(type='bool'),
+ enabled=dict(type='bool'),
+ inline_layer=dict(type='str'),
+ install_on=dict(type='list', elements='str'),
+ service=dict(type='list', elements='str'),
+ service_negate=dict(type='bool'),
+ source=dict(type='list', elements='str'),
+ source_negate=dict(type='bool'),
+ time=dict(type='list', elements='str'),
+ track=dict(type='dict', options=dict(
+ accounting=dict(type='bool'),
+ alert=dict(type='str', choices=['none', 'alert', 'snmp', 'mail', 'user alert 1', 'user alert 2', 'user alert 3']),
+ enable_firewall_session=dict(type='bool'),
+ per_connection=dict(type='bool'),
+ per_session=dict(type='bool'),
+ type=dict(type='str')
+ )),
+ user_check=dict(type='dict', options=dict(
+ confirm=dict(type='str', choices=['per rule', 'per category', 'per application/site', 'per data type']),
+ custom_frequency=dict(type='dict', options=dict(
+ every=dict(type='int'),
+ unit=dict(type='str', choices=['hours', 'days', 'weeks', 'months'])
+ )),
+ frequency=dict(type='str', choices=['once a day', 'once a week', 'once a month', 'custom frequency...']),
+ interaction=dict(type='str')
+ )),
+ vpn_list=dict(type='list', elements='dict', options=dict(
+ community=dict(type='list', elements='str'),
+ directional=dict(type='list', elements='dict', options=dict(
+ to=dict(type='str')
+ ))
+ )),
+ vpn=dict(type='str', choices=['Any', 'All_GwToGw']),
+ comments=dict(type='str'),
+ details_level=dict(type='str', choices=['uid', 'standard', 'full']),
+ ignore_warnings=dict(type='bool'),
+ ignore_errors=dict(type='bool')
+ )
+ argument_spec['vpn_list']['options']['directional']['options']['from'] = dict(type='str')
+ argument_spec.update(checkpoint_argument_spec_for_objects)
+
+ module = AnsibleModule(argument_spec=argument_spec, supports_check_mode=True)
+ api_call_object = 'access-rule'
+
+ if module.params["vpn_list"] is not None:
+ if module.params["vpn"] is not None:
+ raise AssertionError("The use of both 'vpn_list' and 'vpn' arguments isn't allowed")
+ module.params["vpn"] = module.params["vpn_list"]
+ module.params.pop("vpn_list")
+
+ if module.params["relative_position"] is not None:
+ if module.params["position"] is not None:
+ raise AssertionError("The use of both 'relative_position' and 'position' arguments isn't allowed")
+ module.params["position"] = module.params["relative_position"]
+ module.params.pop("relative_position")
+
+ if module.params['action'] is None and module.params['position'] is None:
+ module.params.pop("search_entire_rulebase")
+ result = api_call(module, api_call_object)
+ else:
+ result = api_call_for_rule(module, api_call_object)
+
+ module.exit_json(**result)
+
+
+if __name__ == '__main__':
+ main()
diff --git a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_access_rule_facts.py b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_access_rule_facts.py
new file mode 100644
index 000000000..3519e6ba1
--- /dev/null
+++ b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_access_rule_facts.py
@@ -0,0 +1,245 @@
+#!/usr/bin/python
+# -*- coding: utf-8 -*-
+#
+# Ansible module to manage Check Point Firewall (c) 2019
+#
+# Ansible is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# Ansible is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with Ansible. If not, see <http://www.gnu.org/licenses/>.
+#
+
+from __future__ import (absolute_import, division, print_function)
+
+__metaclass__ = type
+
+ANSIBLE_METADATA = {'metadata_version': '1.1',
+ 'status': ['preview'],
+ 'supported_by': 'community'}
+
+DOCUMENTATION = """
+---
+module: cp_mgmt_access_rule_facts
+short_description: Get access-rule objects facts on Check Point over Web Services API
+description:
+ - Get access-rule objects facts on Check Point devices.
+ - All operations are performed over Web Services API.
+ - This module handles both operations, get a specific object and get several objects,
+ For getting a specific object use the parameter 'name'.
+version_added: "1.0.0"
+author: "Or Soffer (@chkp-orso)"
+options:
+ name:
+ description:
+ - Object name. Should be unique in the domain.
+ type: str
+ layer:
+ description:
+ - Layer that the rule belongs to identified by the name or UID.
+ type: str
+ show_as_ranges:
+ description:
+ - When true, the source, destination and services & applications parameters are displayed as ranges of IP addresses and port numbers rather than
+ network objects.<br /> Objects that are not represented using IP addresses or port numbers are presented as objects.<br /> In addition, the response
+ of each rule does not contain the parameters, source, source-negate, destination, destination-negate, service and service-negate, but instead it
+ contains the parameters, source-ranges, destination-ranges and service-ranges.<br /><br /> Note, Requesting to show rules as ranges is limited up to
+ 20 rules per request, otherwise an error is returned. If you wish to request more rules, use the offset and limit parameters to limit your request.
+ type: bool
+ show_hits:
+ description:
+ - N/A
+ type: bool
+ hits_settings:
+ description:
+ - N/A
+ type: dict
+ suboptions:
+ from_date:
+ description:
+ - Format, 'YYYY-MM-DD', 'YYYY-mm-ddThh:mm:ss'.
+ type: str
+ target:
+ description:
+ - Target gateway name or UID.
+ type: str
+ to_date:
+ description:
+ - Format, 'YYYY-MM-DD', 'YYYY-mm-ddThh:mm:ss'.
+ type: str
+ details_level:
+ description:
+ - The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed
+ representation of the object.
+ type: str
+ choices: ['uid', 'standard', 'full']
+ filter:
+ description:
+ - Search expression to filter the rulebase. The provided text should be exactly the same as it would be given in Smart Console. The logical
+ operators in the expression ('AND', 'OR') should be provided in capital letters. If an operator is not used, the default OR operator applies.
+ type: str
+ filter_settings:
+ description:
+ - Sets filter preferences.
+ type: dict
+ suboptions:
+ search_mode:
+ description:
+ - When set to 'general', both the Full Text Search and Packet Search are enabled. In this mode, Packet Search will not match on 'Any'
+ object, a negated cell or a group-with-exclusion. When the search-mode is set to 'packet', by default, the match on 'Any' object, a negated cell
+ or a group-with-exclusion are enabled. packet-search-settings may be provided to change the default behavior.
+ type: str
+ choices: ['general', 'packet']
+ packet_search_settings:
+ description:
+ - When 'search-mode' is set to 'packet', this object allows to set the packet search preferences.
+ type: dict
+ suboptions:
+ expand_group_members:
+ description:
+ - When true, if the search expression contains a UID or a name of a group object, results will include rules that match on at
+ least one member of the group.
+ type: bool
+ expand_group_with_exclusion_members:
+ description:
+ - When true, if the search expression contains a UID or a name of a group-with-exclusion object, results will include rules that
+ match at least one member of the "include" part and is not a member of the "except" part.
+ type: bool
+ match_on_any:
+ description:
+ - Whether to match on 'Any' object.
+ type: bool
+ match_on_group_with_exclusion:
+ description:
+ - Whether to match on a group-with-exclusion.
+ type: bool
+ match_on_negate:
+ description:
+ - Whether to match on a negated cell.
+ type: bool
+ limit:
+ description:
+ - No more than that many results will be returned.
+ This parameter is relevant only for getting few objects.
+ type: int
+ offset:
+ description:
+ - Skip that many results before beginning to return them.
+ This parameter is relevant only for getting few objects.
+ type: int
+ order:
+ description:
+ - Sorts results by the given field. By default the results are sorted in the ascending order by name.
+ This parameter is relevant only for getting few objects.
+ type: list
+ elements: dict
+ suboptions:
+ ASC:
+ description:
+ - Sorts results by the given field in ascending order.
+ type: str
+ choices: ['name']
+ DESC:
+ description:
+ - Sorts results by the given field in descending order.
+ type: str
+ choices: ['name']
+ package:
+ description:
+ - Name of the package.
+ type: str
+ use_object_dictionary:
+ description:
+ - N/A
+ type: bool
+ dereference_group_members:
+ description:
+ - Indicates whether to dereference "members" field by details level for every object in reply.
+ type: bool
+ show_membership:
+ description:
+ - Indicates whether to calculate and show "groups" field for every object in reply.
+ type: bool
+extends_documentation_fragment: check_point.mgmt.checkpoint_facts
+"""
+
+EXAMPLES = """
+- name: show-access-rule
+ cp_mgmt_access_rule_facts:
+ layer: Network
+ name: Rule 1
+
+- name: show-access-rulebase
+ cp_mgmt_access_rule_facts:
+ details_level: standard
+ limit: 20
+ name: Network
+ offset: 0
+ use_object_dictionary: true
+"""
+
+RETURN = """
+ansible_facts:
+ description: The checkpoint object facts.
+ returned: always.
+ type: dict
+"""
+
+from ansible.module_utils.basic import AnsibleModule
+from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_facts, api_call_facts_for_rule
+
+
+def main():
+ argument_spec = dict(
+ name=dict(type='str'),
+ layer=dict(type='str'),
+ show_as_ranges=dict(type='bool'),
+ show_hits=dict(type='bool'),
+ hits_settings=dict(type='dict', options=dict(
+ from_date=dict(type='str'),
+ target=dict(type='str'),
+ to_date=dict(type='str')
+ )),
+ details_level=dict(type='str', choices=['uid', 'standard', 'full']),
+ filter=dict(type='str'),
+ filter_settings=dict(type='dict', options=dict(
+ search_mode=dict(type='str', choices=['general', 'packet']),
+ packet_search_settings=dict(type='dict', options=dict(
+ expand_group_members=dict(type='bool'),
+ expand_group_with_exclusion_members=dict(type='bool'),
+ match_on_any=dict(type='bool'),
+ match_on_group_with_exclusion=dict(type='bool'),
+ match_on_negate=dict(type='bool')
+ ))
+ )),
+ limit=dict(type='int'),
+ offset=dict(type='int'),
+ order=dict(type='list', elements='dict', options=dict(
+ ASC=dict(type='str', choices=['name']),
+ DESC=dict(type='str', choices=['name'])
+ )),
+ package=dict(type='str'),
+ use_object_dictionary=dict(type='bool'),
+ dereference_group_members=dict(type='bool'),
+ show_membership=dict(type='bool')
+ )
+ argument_spec.update(checkpoint_argument_spec_for_facts)
+
+ module = AnsibleModule(argument_spec=argument_spec, supports_check_mode=True)
+
+ api_call_object = "access-rule"
+ api_call_object_plural_version = "access-rulebase"
+
+ result = api_call_facts_for_rule(module, api_call_object, api_call_object_plural_version)
+ module.exit_json(ansible_facts=result)
+
+
+if __name__ == '__main__':
+ main()
diff --git a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_access_rules.py b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_access_rules.py
new file mode 100644
index 000000000..1597ab281
--- /dev/null
+++ b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_access_rules.py
@@ -0,0 +1,373 @@
+#!/usr/bin/python
+# -*- coding: utf-8 -*-
+#
+# Ansible module to manage Check Point Firewall (c) 2019
+#
+# Ansible is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# Ansible is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with Ansible. If not, see <http://www.gnu.org/licenses/>.
+#
+
+from __future__ import (absolute_import, division, print_function)
+
+__metaclass__ = type
+
+ANSIBLE_METADATA = {'metadata_version': '1.1',
+ 'status': ['preview'],
+ 'supported_by': 'community'}
+
+DOCUMENTATION = """
+---
+module: cp_mgmt_access_rules
+short_description: Manages access-rules objects on Check Point over Web Services API
+description:
+ - Manages access-rules objects on Check Point devices including creating, updating and removing objects.
+ - All operations are performed over Web Services API.
+version_added: "2.2.0"
+author: "Shiran Golzar (@chkp-shirango)"
+options:
+ layer:
+ description:
+ - Layer that the rule belongs to identified by the name or UID.
+ type: str
+ required: true
+ rules:
+ description:
+ - List of rules.
+ type: list
+ elements: dict
+ required: true
+ suboptions:
+ name:
+ description:
+ - Object name.
+ type: str
+ required: True
+ action:
+ description:
+ - a "Accept", "Drop", "Ask", "Inform", "Reject", "User Auth", "Client Auth", "Apply Layer".
+ type: str
+ action_settings:
+ description:
+ - Action settings.
+ type: dict
+ suboptions:
+ enable_identity_captive_portal:
+ description:
+ - N/A
+ type: bool
+ limit:
+ description:
+ - N/A
+ type: str
+ content:
+ description:
+ - List of processed file types that this rule applies on.
+ type: list
+ elements: dict
+ content_direction:
+ description:
+ - On which direction the file types processing is applied.
+ type: str
+ choices: ['any', 'up', 'down']
+ content_negate:
+ description:
+ - True if negate is set for data.
+ type: bool
+ custom_fields:
+ description:
+ - Custom fields.
+ type: dict
+ suboptions:
+ field_1:
+ description:
+ - First custom field.
+ type: str
+ field_2:
+ description:
+ - Second custom field.
+ type: str
+ field_3:
+ description:
+ - Third custom field.
+ type: str
+ destination:
+ description:
+ - Collection of Network objects identified by the name or UID.
+ type: list
+ elements: str
+ destination_negate:
+ description:
+ - True if negate is set for destination.
+ type: bool
+ enabled:
+ description:
+ - Enable/Disable the rule.
+ type: bool
+ inline_layer:
+ description:
+ - Inline Layer identified by the name or UID. Relevant only if "Action" was set to "Apply Layer".
+ type: str
+ install_on:
+ description:
+ - Which Gateways identified by the name or UID to install the policy on.
+ type: list
+ elements: str
+ service:
+ description:
+ - Collection of Network objects identified by the name or UID.
+ type: list
+ elements: str
+ service_negate:
+ description:
+ - True if negate is set for service.
+ type: bool
+ source:
+ description:
+ - Collection of Network objects identified by the name or UID.
+ type: list
+ elements: str
+ source_negate:
+ description:
+ - True if negate is set for source.
+ type: bool
+ time:
+ description:
+ - List of time objects. For example, "Weekend", "Off-Work", "Every-Day".
+ type: list
+ elements: str
+ track:
+ description:
+ - Track Settings.
+ type: dict
+ suboptions:
+ accounting:
+ description:
+ - Turns accounting for track on and off.
+ type: bool
+ alert:
+ description:
+ - Type of alert for the track.
+ type: str
+ choices: ['none', 'alert', 'snmp', 'mail', 'user alert 1', 'user alert 2', 'user alert 3']
+ enable_firewall_session:
+ description:
+ - Determine whether to generate session log to firewall only connections.
+ type: bool
+ per_connection:
+ description:
+ - Determines whether to perform the log per connection.
+ type: bool
+ per_session:
+ description:
+ - Determines whether to perform the log per session.
+ type: bool
+ type:
+ description:
+ - a "Log", "Extended Log", "Detailed Log", "None".
+ type: str
+ user_check:
+ description:
+ - User check settings.
+ type: dict
+ suboptions:
+ confirm:
+ description:
+ - N/A
+ type: str
+ choices: ['per rule', 'per category', 'per application/site', 'per data type']
+ custom_frequency:
+ description:
+ - N/A
+ type: dict
+ suboptions:
+ every:
+ description:
+ - N/A
+ type: int
+ unit:
+ description:
+ - N/A
+ type: str
+ choices: ['hours', 'days', 'weeks', 'months']
+ frequency:
+ description:
+ - N/A
+ type: str
+ choices: ['once a day', 'once a week', 'once a month', 'custom frequency...']
+ interaction:
+ description:
+ - N/A
+ type: str
+ vpn:
+ description:
+ - Communities or Directional.
+ type: list
+ elements: dict
+ suboptions:
+ community:
+ description:
+ - List of community name or UID.
+ type: list
+ elements: dict
+ directional:
+ description:
+ - Communities directional match condition.
+ type: list
+ elements: dict
+ suboptions:
+ from:
+ description:
+ - From community name or UID.
+ type: str
+ to:
+ description:
+ - To community name or UID.
+ type: str
+ comments:
+ description:
+ - Comments string.
+ type: str
+ details_level:
+ description:
+ - The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed
+ representation of the object.
+ type: str
+ choices: ['uid', 'standard', 'full']
+ ignore_warnings:
+ description:
+ - Apply changes ignoring warnings.
+ type: bool
+ ignore_errors:
+ description:
+ - Apply changes ignoring errors. You won't be able to publish such a changes. If ignore-warnings flag was omitted - warnings will also be ignored.
+ type: bool
+ state:
+ description:
+ - State of the access rule (present or absent). Defaults to present.
+ type: str
+ default: present
+ choices:
+ - 'present'
+ - 'absent'
+ details_level:
+ description:
+ - The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed
+ representation of the object.
+ type: str
+ choices: ['uid', 'standard', 'full']
+extends_documentation_fragment: check_point.mgmt.checkpoint_objects_action_module
+"""
+
+EXAMPLES = """
+- name: add-access-rules
+ cp_mgmt_access_rules:
+ rules:
+ - name: Rule 1
+ service:
+ - SMTP
+ - AOL
+ state: present
+ - name: Rule 2
+ service:
+ - SMTP
+ state: present
+ layer: Network
+ auto_publish_session: true
+"""
+
+RETURN = """
+cp_mgmt_access_rules:
+ description: The checkpoint object created or updated.
+ returned: always, except when deleting the object.
+ type: dict
+"""
+
+from ansible.module_utils.basic import AnsibleModule
+from ansible.module_utils.connection import Connection
+from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import \
+ checkpoint_argument_spec_for_action_module
+
+
+def main():
+ argument_spec = dict(
+ rules=dict(type='list', required=True, elements='dict', options=dict(
+ name=dict(type='str', required=True),
+ action=dict(type='str'),
+ action_settings=dict(type='dict', options=dict(
+ enable_identity_captive_portal=dict(type='bool'),
+ limit=dict(type='str')
+ )),
+ content=dict(type='list', elements='dict'),
+ content_direction=dict(type='str', choices=['any', 'up', 'down']),
+ content_negate=dict(type='bool'),
+ custom_fields=dict(type='dict', options=dict(
+ field_1=dict(type='str'),
+ field_2=dict(type='str'),
+ field_3=dict(type='str')
+ )),
+ destination=dict(type='list', elements='str'),
+ destination_negate=dict(type='bool'),
+ enabled=dict(type='bool'),
+ inline_layer=dict(type='str'),
+ install_on=dict(type='list', elements='str'),
+ service=dict(type='list', elements='str'),
+ service_negate=dict(type='bool'),
+ source=dict(type='list', elements='str'),
+ source_negate=dict(type='bool'),
+ time=dict(type='list', elements='str'),
+ track=dict(type='dict', options=dict(
+ accounting=dict(type='bool'),
+ alert=dict(type='str',
+ choices=['none', 'alert', 'snmp', 'mail', 'user alert 1', 'user alert 2', 'user alert 3']),
+ enable_firewall_session=dict(type='bool'),
+ per_connection=dict(type='bool'),
+ per_session=dict(type='bool'),
+ type=dict(type='str')
+ )),
+ user_check=dict(type='dict', options=dict(
+ confirm=dict(type='str', choices=['per rule', 'per category', 'per application/site', 'per data type']),
+ custom_frequency=dict(type='dict', options=dict(
+ every=dict(type='int'),
+ unit=dict(type='str', choices=['hours', 'days', 'weeks', 'months'])
+ )),
+ frequency=dict(type='str',
+ choices=['once a day', 'once a week', 'once a month', 'custom frequency...']),
+ interaction=dict(type='str')
+ )),
+ vpn=dict(type='list', elements='dict', options=dict(
+ community=dict(type='list', elements='dict'),
+ directional=dict(type='list', elements='dict', options=dict(
+ to=dict(type='str')
+ ))
+ )),
+ comments=dict(type='str'),
+ details_level=dict(type='str', choices=['uid', 'standard', 'full']),
+ ignore_warnings=dict(type='bool'),
+ ignore_errors=dict(type='bool'),
+ state=dict(type='str', choices=['present', 'absent'], default='present')
+
+ )),
+ layer=dict(type='str', required=True),
+ details_level=dict(type='str', choices=['uid', 'standard', 'full'])
+ )
+
+ argument_spec['rules']['options']['vpn']['options']['directional']['options']['from'] = dict(type='str')
+ argument_spec.update(checkpoint_argument_spec_for_action_module)
+
+ module = AnsibleModule(argument_spec=argument_spec)
+
+ module.exit_json()
+
+
+if __name__ == '__main__':
+ main()
diff --git a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_access_section.py b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_access_section.py
new file mode 100644
index 000000000..01a47a503
--- /dev/null
+++ b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_access_section.py
@@ -0,0 +1,119 @@
+#!/usr/bin/python
+# -*- coding: utf-8 -*-
+#
+# Ansible module to manage CheckPoint Firewall (c) 2019
+#
+# Ansible is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# Ansible is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with Ansible. If not, see <http://www.gnu.org/licenses/>.
+#
+
+from __future__ import (absolute_import, division, print_function)
+
+__metaclass__ = type
+
+ANSIBLE_METADATA = {'metadata_version': '1.1',
+ 'status': ['preview'],
+ 'supported_by': 'community'}
+
+DOCUMENTATION = """
+---
+module: cp_mgmt_access_section
+short_description: Manages access-section objects on Checkpoint over Web Services API
+description:
+ - Manages access-section objects on Checkpoint devices including creating, updating and removing objects.
+ - All operations are performed over Web Services API.
+version_added: "2.0.0"
+author: "Or Soffer (@chkp-orso)"
+options:
+ layer:
+ description:
+ - Layer that the rule belongs to identified by the name or UID.
+ type: str
+ position:
+ description:
+ - Position in the rulebase.
+ type: str
+ name:
+ description:
+ - Object name.
+ type: str
+ required: True
+ details_level:
+ description:
+ - The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed
+ representation of the object.
+ type: str
+ choices: ['uid', 'standard', 'full']
+ ignore_warnings:
+ description:
+ - Apply changes ignoring warnings.
+ type: bool
+ ignore_errors:
+ description:
+ - Apply changes ignoring errors. You won't be able to publish such a changes. If ignore-warnings flag was omitted - warnings will also be ignored.
+ type: bool
+extends_documentation_fragment: check_point.mgmt.checkpoint_objects
+"""
+
+EXAMPLES = """
+- name: add-access-section
+ cp_mgmt_access_section:
+ layer: Network
+ name: New Section 1
+ position: 1
+ state: present
+
+- name: set-access-section
+ cp_mgmt_access_section:
+ layer: Network
+ name: New Section 1
+ state: present
+
+- name: delete-access-section
+ cp_mgmt_access_section:
+ layer: Network
+ name: New Section 2
+ state: absent
+"""
+
+RETURN = """
+cp_mgmt_access_section:
+ description: The checkpoint object created or updated.
+ returned: always, except when deleting the object.
+ type: dict
+"""
+
+from ansible.module_utils.basic import AnsibleModule
+from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_objects, api_call
+
+
+def main():
+ argument_spec = dict(
+ layer=dict(type='str'),
+ position=dict(type='str'),
+ name=dict(type='str', required=True),
+ details_level=dict(type='str', choices=['uid', 'standard', 'full']),
+ ignore_warnings=dict(type='bool'),
+ ignore_errors=dict(type='bool')
+ )
+ argument_spec.update(checkpoint_argument_spec_for_objects)
+
+ module = AnsibleModule(argument_spec=argument_spec, supports_check_mode=True)
+ api_call_object = 'access-section'
+
+ result = api_call(module, api_call_object)
+ module.exit_json(**result)
+
+
+if __name__ == '__main__':
+ main()
diff --git a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_add_api_key.py b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_add_api_key.py
new file mode 100644
index 000000000..641cea5e9
--- /dev/null
+++ b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_add_api_key.py
@@ -0,0 +1,84 @@
+#!/usr/bin/python
+# -*- coding: utf-8 -*-
+#
+# Ansible module to manage CheckPoint Firewall (c) 2019
+#
+# Ansible is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# Ansible is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with Ansible. If not, see <http://www.gnu.org/licenses/>.
+#
+
+from __future__ import (absolute_import, division, print_function)
+
+__metaclass__ = type
+
+ANSIBLE_METADATA = {'metadata_version': '1.1',
+ 'status': ['preview'],
+ 'supported_by': 'community'}
+
+DOCUMENTATION = """
+---
+module: cp_mgmt_add_api_key
+short_description: Add API key for administrator, to enable login with it. For the key to be valid publish is needed.
+description:
+ - Add API key for administrator, to enable login with it. For the key to be valid publish is needed. <br>When using mgmt_cli tool, add -f json to get
+ the key in the command's output.
+ - All operations are performed over Web Services API.
+version_added: "2.0.0"
+author: "Or Soffer (@chkp-orso)"
+options:
+ admin_uid:
+ description:
+ - Administrator uid to generate API key for.
+ type: str
+ admin_name:
+ description:
+ - Administrator name to generate API key for.
+ type: str
+extends_documentation_fragment: check_point.mgmt.checkpoint_commands
+"""
+
+EXAMPLES = """
+- name: add-api-key
+ cp_mgmt_add_api_key:
+ admin_name: admin
+ state: present
+"""
+
+RETURN = """
+cp_mgmt_add_api_key:
+ description: The checkpoint add-api-key output.
+ returned: always.
+ type: dict
+"""
+
+from ansible.module_utils.basic import AnsibleModule
+from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_commands, api_command
+
+
+def main():
+ argument_spec = dict(
+ admin_uid=dict(type='str'),
+ admin_name=dict(type='str')
+ )
+ argument_spec.update(checkpoint_argument_spec_for_commands)
+
+ module = AnsibleModule(argument_spec=argument_spec)
+
+ command = "add-api-key"
+
+ result = api_command(module, command)
+ module.exit_json(**result)
+
+
+if __name__ == '__main__':
+ main()
diff --git a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_add_data_center_object.py b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_add_data_center_object.py
new file mode 100644
index 000000000..c4ad1d16f
--- /dev/null
+++ b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_add_data_center_object.py
@@ -0,0 +1,147 @@
+#!/usr/bin/python
+# -*- coding: utf-8 -*-
+#
+# Ansible module to manage CheckPoint Firewall (c) 2019
+#
+# Ansible is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# Ansible is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with Ansible. If not, see <http://www.gnu.org/licenses/>.
+#
+
+from __future__ import (absolute_import, division, print_function)
+
+__metaclass__ = type
+
+ANSIBLE_METADATA = {'metadata_version': '1.1',
+ 'status': ['preview'],
+ 'supported_by': 'community'}
+
+DOCUMENTATION = """
+---
+module: cp_mgmt_add_data_center_object
+short_description: Imports a Data Center Object from a Data Center Server.<br> Data Center Object represents an object in the cloud environment.
+description:
+ - Imports a Data Center Object from a Data Center Server.<br> Data Center Object represents an object in the cloud environment, e.g. a virtual machine,
+ cluster, network and more.<br> Use the show-data-center-content command to see the Data Center Objects that can be imported from a Data Center Server.
+ - All operations are performed over Web Services API.
+version_added: "2.0.0"
+author: "Or Soffer (@chkp-orso)"
+options:
+ data_center_name:
+ description:
+ - Name of the Data Center Server the object is in.
+ type: str
+ data_center_uid:
+ description:
+ - Unique identifier of the Data Center Server the object is in.
+ type: str
+ uri:
+ description:
+ - URI of the object in the Data Center Server.
+ type: str
+ uid_in_data_center:
+ description:
+ - Unique identifier of the object in the Data Center Server.
+ type: str
+ name:
+ description:
+ - Override default name on data-center.
+ type: str
+ tags:
+ description:
+ - Collection of tag identifiers.
+ type: list
+ elements: str
+ color:
+ description:
+ - Color of the object. Should be one of existing colors.
+ type: str
+ choices: ['aquamarine', 'black', 'blue', 'crete blue', 'burlywood', 'cyan', 'dark green', 'khaki', 'orchid', 'dark orange', 'dark sea green',
+ 'pink', 'turquoise', 'dark blue', 'firebrick', 'brown', 'forest green', 'gold', 'dark gold', 'gray', 'dark gray', 'light green', 'lemon chiffon',
+ 'coral', 'sea green', 'sky blue', 'magenta', 'purple', 'slate blue', 'violet red', 'navy blue', 'olive', 'orange', 'red', 'sienna', 'yellow']
+ comments:
+ description:
+ - Comments string.
+ type: str
+ details_level:
+ description:
+ - The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed
+ representation of the object.
+ type: str
+ choices: ['uid', 'standard', 'full']
+ groups:
+ description:
+ - Collection of group identifiers.
+ type: list
+ elements: str
+ ignore_warnings:
+ description:
+ - Apply changes ignoring warnings.
+ type: bool
+ ignore_errors:
+ description:
+ - Apply changes ignoring errors. You won't be able to publish such a changes. If ignore-warnings flag was omitted - warnings will also be ignored.
+ type: bool
+extends_documentation_fragment: check_point.mgmt.checkpoint_commands
+"""
+
+EXAMPLES = """
+- name: add-data-center-object
+ cp_mgmt_add_data_center_object:
+ data_center_name: vCenter 1
+ name: VM1 mgmt name
+ state: present
+ uri: /Datacenters/VMs/My VM1
+"""
+
+RETURN = """
+cp_mgmt_add_data_center_object:
+ description: The checkpoint add-data-center-object output.
+ returned: always.
+ type: dict
+"""
+
+from ansible.module_utils.basic import AnsibleModule
+from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_commands, api_command
+
+
+def main():
+ argument_spec = dict(
+ data_center_name=dict(type='str'),
+ data_center_uid=dict(type='str'),
+ uri=dict(type='str'),
+ uid_in_data_center=dict(type='str'),
+ name=dict(type='str'),
+ tags=dict(type='list', elements='str'),
+ color=dict(type='str', choices=['aquamarine', 'black', 'blue', 'crete blue', 'burlywood', 'cyan', 'dark green',
+ 'khaki', 'orchid', 'dark orange', 'dark sea green', 'pink', 'turquoise', 'dark blue', 'firebrick', 'brown',
+ 'forest green', 'gold', 'dark gold', 'gray', 'dark gray', 'light green', 'lemon chiffon', 'coral', 'sea green',
+ 'sky blue', 'magenta', 'purple', 'slate blue', 'violet red', 'navy blue', 'olive', 'orange', 'red', 'sienna',
+ 'yellow']),
+ comments=dict(type='str'),
+ details_level=dict(type='str', choices=['uid', 'standard', 'full']),
+ groups=dict(type='list', elements='str'),
+ ignore_warnings=dict(type='bool'),
+ ignore_errors=dict(type='bool')
+ )
+ argument_spec.update(checkpoint_argument_spec_for_commands)
+
+ module = AnsibleModule(argument_spec=argument_spec)
+
+ command = "add-data-center-object"
+
+ result = api_command(module, command)
+ module.exit_json(**result)
+
+
+if __name__ == '__main__':
+ main()
diff --git a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_add_domain.py b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_add_domain.py
new file mode 100644
index 000000000..bde1d9f4b
--- /dev/null
+++ b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_add_domain.py
@@ -0,0 +1,164 @@
+#!/usr/bin/python
+# -*- coding: utf-8 -*-
+#
+# Ansible module to manage CheckPoint Firewall (c) 2019
+#
+# Ansible is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# Ansible is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with Ansible. If not, see <http://www.gnu.org/licenses/>.
+#
+
+from __future__ import (absolute_import, division, print_function)
+
+__metaclass__ = type
+
+ANSIBLE_METADATA = {'metadata_version': '1.1',
+ 'status': ['preview'],
+ 'supported_by': 'community'}
+
+DOCUMENTATION = """
+---
+module: cp_mgmt_add_domain
+short_description: Create new object
+description:
+ - Create new object
+ - All operations are performed over Web Services API.
+version_added: "2.1.0"
+author: "Or Soffer (@chkp-orso)"
+options:
+ name:
+ description:
+ - Object name.
+ type: str
+ required: True
+ servers:
+ description:
+ - Domain servers. When this field is provided, 'set-domain' command is executed asynchronously.
+ type: list
+ elements: dict
+ suboptions:
+ name:
+ description:
+ - Object name. Must be unique in the domain.
+ type: str
+ ip_address:
+ description:
+ - IPv4 or IPv6 address. If both addresses are required use ipv4-address and ipv6-address fields explicitly.
+ type: str
+ ipv4_address:
+ description:
+ - IPv4 address.
+ type: str
+ ipv6_address:
+ description:
+ - IPv6 address.
+ type: str
+ multi_domain_server:
+ description:
+ - Multi Domain server name or UID.
+ type: str
+ active:
+ description:
+ - Activate domain server. Only one domain server is allowed to be active
+ type: bool
+ skip_start_domain_server:
+ description:
+ - Set this value to be true to prevent starting the new created domain.
+ type: bool
+ type:
+ description:
+ - Domain server type.
+ type: str
+ choices: ['management server', 'log server', 'smc']
+ color:
+ description:
+ - Color of the object. Should be one of existing colors.
+ type: str
+ choices: ['aquamarine', 'black', 'blue', 'crete blue', 'burlywood', 'cyan', 'dark green', 'khaki', 'orchid', 'dark orange', 'dark sea green',
+ 'pink', 'turquoise', 'dark blue', 'firebrick', 'brown', 'forest green', 'gold', 'dark gold', 'gray', 'dark gray', 'light green', 'lemon chiffon',
+ 'coral', 'sea green', 'sky blue', 'magenta', 'purple', 'slate blue', 'violet red', 'navy blue', 'olive', 'orange', 'red', 'sienna', 'yellow']
+ comments:
+ description:
+ - Comments string.
+ type: str
+ details_level:
+ description:
+ - The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed
+ representation of the object.
+ type: str
+ choices: ['uid', 'standard', 'full']
+ ignore_warnings:
+ description:
+ - Apply changes ignoring warnings.
+ type: bool
+ ignore_errors:
+ description:
+ - Apply changes ignoring errors. You won't be able to publish such a changes. If ignore-warnings flag was omitted - warnings will also be ignored.
+ type: bool
+extends_documentation_fragment: check_point.mgmt.checkpoint_commands
+"""
+
+EXAMPLES = """
+- name: add-domain
+ cp_mgmt_add_domain:
+ name: domain1
+ servers:
+ ip_address: 192.0.2.1
+ multi_domain_server: MDM_Server
+ name: domain1_ManagementServer_1
+"""
+
+RETURN = """
+cp_mgmt_domain:
+ description: The checkpoint add-domain output.
+ returned: always.
+ type: dict
+"""
+
+from ansible.module_utils.basic import AnsibleModule
+from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_commands, api_command
+
+
+def main():
+ argument_spec = dict(
+ name=dict(type='str', required=True),
+ servers=dict(type='list', elements='dict', options=dict(
+ name=dict(type='str'),
+ ip_address=dict(type='str'),
+ ipv4_address=dict(type='str'),
+ ipv6_address=dict(type='str'),
+ multi_domain_server=dict(type='str'),
+ active=dict(type='bool'),
+ skip_start_domain_server=dict(type='bool'),
+ type=dict(type='str', choices=['management server', 'log server', 'smc'])
+ )),
+ color=dict(type='str', choices=['aquamarine', 'black', 'blue', 'crete blue', 'burlywood', 'cyan', 'dark green',
+ 'khaki', 'orchid', 'dark orange', 'dark sea green', 'pink', 'turquoise', 'dark blue', 'firebrick', 'brown',
+ 'forest green', 'gold', 'dark gold', 'gray', 'dark gray', 'light green', 'lemon chiffon', 'coral', 'sea green',
+ 'sky blue', 'magenta', 'purple', 'slate blue', 'violet red', 'navy blue', 'olive', 'orange', 'red', 'sienna',
+ 'yellow']),
+ comments=dict(type='str'),
+ details_level=dict(type='str', choices=['uid', 'standard', 'full']),
+ ignore_warnings=dict(type='bool'),
+ ignore_errors=dict(type='bool'),
+ )
+ argument_spec.update(checkpoint_argument_spec_for_commands)
+
+ module = AnsibleModule(argument_spec=argument_spec)
+ command = 'add-domain'
+
+ result = api_command(module, command)
+ module.exit_json(**result)
+
+
+if __name__ == '__main__':
+ main()
diff --git a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_add_nat_rule.py b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_add_nat_rule.py
new file mode 100644
index 000000000..8b1151bd9
--- /dev/null
+++ b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_add_nat_rule.py
@@ -0,0 +1,159 @@
+#!/usr/bin/python
+# -*- coding: utf-8 -*-
+#
+# Ansible module to manage CheckPoint Firewall (c) 2019
+#
+# Ansible is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# Ansible is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with Ansible. If not, see <http://www.gnu.org/licenses/>.
+#
+
+from __future__ import (absolute_import, division, print_function)
+
+__metaclass__ = type
+
+ANSIBLE_METADATA = {'metadata_version': '1.1',
+ 'status': ['preview'],
+ 'supported_by': 'community'}
+
+DOCUMENTATION = """
+---
+module: cp_mgmt_add_nat_rule
+short_description: Create new object.
+description:
+ - Create new object.
+ - All operations are performed over Web Services API.
+version_added: "2.0.0"
+author: "Or Soffer (@chkp-orso)"
+options:
+ package:
+ description:
+ - Name of the package.
+ type: str
+ position:
+ description:
+ - Position in the rulebase.
+ type: str
+ enabled:
+ description:
+ - Enable/Disable the rule.
+ type: bool
+ install_on:
+ description:
+ - Which Gateways identified by the name or UID to install the policy on.
+ type: list
+ elements: str
+ method:
+ description:
+ - Nat method.
+ type: str
+ choices: ['static', 'hide', 'nat64', 'nat46']
+ original_destination:
+ description:
+ - Original destination.
+ type: str
+ original_service:
+ description:
+ - Original service.
+ type: str
+ original_source:
+ description:
+ - Original source.
+ type: str
+ translated_destination:
+ description:
+ - Translated destination.
+ type: str
+ translated_service:
+ description:
+ - Translated service.
+ type: str
+ translated_source:
+ description:
+ - Translated source.
+ type: str
+ comments:
+ description:
+ - Comments string.
+ type: str
+ details_level:
+ description:
+ - The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed
+ representation of the object.
+ type: str
+ choices: ['uid', 'standard', 'full']
+ ignore_warnings:
+ description:
+ - Apply changes ignoring warnings.
+ type: bool
+ ignore_errors:
+ description:
+ - Apply changes ignoring errors. You won't be able to publish such a changes. If ignore-warnings flag was omitted - warnings will also be ignored.
+ type: bool
+extends_documentation_fragment: check_point.mgmt.checkpoint_commands
+"""
+
+EXAMPLES = """
+- name: add-nat-rule
+ cp_mgmt_add_nat_rule:
+ comments: comment example1 nat999
+ enabled: false
+ install_on:
+ - Policy Targets
+ original_destination: All_Internet
+ original_source: Any
+ package: standard
+ position: 1
+ state: present
+"""
+
+RETURN = """
+cp_mgmt_add_nat_rule:
+ description: The checkpoint add-nat-rule output.
+ returned: always.
+ type: dict
+"""
+
+from ansible.module_utils.basic import AnsibleModule
+from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_commands, api_command
+
+
+def main():
+ argument_spec = dict(
+ package=dict(type='str'),
+ position=dict(type='str'),
+ enabled=dict(type='bool'),
+ install_on=dict(type='list', elements='str'),
+ method=dict(type='str', choices=['static', 'hide', 'nat64', 'nat46']),
+ original_destination=dict(type='str'),
+ original_service=dict(type='str'),
+ original_source=dict(type='str'),
+ translated_destination=dict(type='str'),
+ translated_service=dict(type='str'),
+ translated_source=dict(type='str'),
+ comments=dict(type='str'),
+ details_level=dict(type='str', choices=['uid', 'standard', 'full']),
+ ignore_warnings=dict(type='bool'),
+ ignore_errors=dict(type='bool')
+ )
+ argument_spec.update(checkpoint_argument_spec_for_commands)
+
+ module = AnsibleModule(argument_spec=argument_spec)
+
+ command = "add-nat-rule"
+
+ result = api_command(module, command)
+ module.exit_json(**result)
+
+
+if __name__ == '__main__':
+ main()
diff --git a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_add_rules_batch.py b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_add_rules_batch.py
new file mode 100644
index 000000000..58f7bb3bd
--- /dev/null
+++ b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_add_rules_batch.py
@@ -0,0 +1,136 @@
+#!/usr/bin/python
+# -*- coding: utf-8 -*-
+#
+# Ansible module to manage CheckPoint Firewall (c) 2019
+#
+# Ansible is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# Ansible is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with Ansible. If not, see <http://www.gnu.org/licenses/>.
+#
+
+from __future__ import (absolute_import, division, print_function)
+
+__metaclass__ = type
+
+ANSIBLE_METADATA = {'metadata_version': '1.1',
+ 'status': ['preview'],
+ 'supported_by': 'community'}
+
+DOCUMENTATION = """
+---
+module: cp_mgmt_add_rules_batch
+short_description: Creates new rules in batch. Use this API to achieve optimum performance when adding more than one rule.
+description:
+ - Creates new rules in batch. Use this API to achieve optimum performance when adding more than one rule.
+ - Add multiple rules to a layer in a specific position, incrementing position by one for each rule.
+ - Errors and warnings are ignored when using this API, operation will apply changes while ignoring errors. It is not
+ possible to publish changes that contain validations errors. You must use the "show-validations" API to see any
+ validation errors and warnings caused by the batch creation. Supported rules types are access-rule, nat-rule,
+ https-rule and threat-exception.
+ - This module is not idempotent.
+ - All operations are performed over Web Services API.
+version_added: "3.0.0"
+author: "Eden Brillant (@chkp-edenbr)"
+options:
+ objects:
+ description:
+ - Batch of rules separated by types.
+ type: list
+ elements: dict
+ suboptions:
+ layer:
+ description:
+ - Layer name or uid.
+ type: str
+ type:
+ description:
+ - Type of rules to be created. <br>Only types from above are supported.
+ type: str
+ first_position:
+ description:
+ - First rule position.
+ type: str
+ list:
+ description:
+ - List of rules from the same type to be created on the same layer. <br>Use the "add" API reference documentation for a single rule
+ command to find the expected fields for the request. <br>For example, to add access-rules, use the "add-access-rule" command found in the API
+ reference documentation (under Access Control & NAT). <br>Note, "set-if-exists", "ignore-errors", "ignore-warnings" and "details-level" options
+ are not supported when adding a batch of rules.
+ type: list
+ elements: dict
+ auto_publish_session:
+ description:
+ - Publish the current session if changes have been performed after task completes.
+ type: bool
+extends_documentation_fragment: check_point.mgmt.checkpoint_commands
+"""
+
+EXAMPLES = """
+- name: add-rules-batch
+ cp_mgmt_add_rules_batch:
+ objects:
+ - first_position: top
+ layer: Network
+ list:
+ - action: accept
+ name: access rule 1
+ - action: accept
+ name: access rule 2
+ type: access-rule
+ - first_position: top
+ layer: Standard
+ list:
+ - name: nat rule 1
+ - name: nat rule 2
+ type: nat-rule
+ - first_position: top
+ layer: Default Layer
+ list:
+ - name: https rule 1
+ - name: https rule 2
+ type: https-rule
+
+"""
+
+RETURN = """
+cp_mgmt_add_rules_batch:
+ description: The checkpoint add-rules-batch output.
+ returned: always.
+ type: dict
+"""
+
+from ansible.module_utils.basic import AnsibleModule
+from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_commands, api_command
+
+
+def main():
+ argument_spec = dict(
+ objects=dict(type='list', elements='dict', options=dict(
+ layer=dict(type='str'),
+ type=dict(type='str'),
+ first_position=dict(type='str'),
+ list=dict(type='list', elements='dict')
+ )),
+ auto_publish_session=dict(type='bool')
+ )
+ argument_spec.update(checkpoint_argument_spec_for_commands)
+
+ module = AnsibleModule(argument_spec=argument_spec)
+
+ command = "add-rules-batch"
+
+ result = api_command(module, command)
+ module.exit_json(**result)
+
+
+if __name__ == '__main__':
+ main()
diff --git a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_address_range.py b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_address_range.py
new file mode 100644
index 000000000..c678eb832
--- /dev/null
+++ b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_address_range.py
@@ -0,0 +1,215 @@
+#!/usr/bin/python
+# -*- coding: utf-8 -*-
+#
+# Ansible module to manage Check Point Firewall (c) 2019
+#
+# Ansible is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# Ansible is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with Ansible. If not, see <http://www.gnu.org/licenses/>.
+#
+
+from __future__ import (absolute_import, division, print_function)
+
+__metaclass__ = type
+
+ANSIBLE_METADATA = {'metadata_version': '1.1',
+ 'status': ['preview'],
+ 'supported_by': 'community'}
+
+DOCUMENTATION = """
+---
+module: cp_mgmt_address_range
+short_description: Manages address-range objects on Check Point over Web Services API
+description:
+ - Manages address-range objects on Check Point devices including creating, updating and removing objects.
+ - All operations are performed over Web Services API.
+version_added: "1.0.0"
+author: "Or Soffer (@chkp-orso)"
+options:
+ name:
+ description:
+ - Object name.
+ type: str
+ required: True
+ ip_address_first:
+ description:
+ - First IP address in the range. If both IPv4 and IPv6 address ranges are required, use the ipv4-address-first and the ipv6-address-first fields instead.
+ type: str
+ ipv4_address_first:
+ description:
+ - First IPv4 address in the range.
+ type: str
+ ipv6_address_first:
+ description:
+ - First IPv6 address in the range.
+ type: str
+ ip_address_last:
+ description:
+ - Last IP address in the range. If both IPv4 and IPv6 address ranges are required, use the ipv4-address-first and the ipv6-address-first fields instead.
+ type: str
+ ipv4_address_last:
+ description:
+ - Last IPv4 address in the range.
+ type: str
+ ipv6_address_last:
+ description:
+ - Last IPv6 address in the range.
+ type: str
+ nat_settings:
+ description:
+ - NAT settings.
+ type: dict
+ suboptions:
+ auto_rule:
+ description:
+ - Whether to add automatic address translation rules.
+ type: bool
+ ip_address:
+ description:
+ - IPv4 or IPv6 address. If both addresses are required use ipv4-address and ipv6-address fields explicitly. This parameter is not
+ required in case "method" parameter is "hide" and "hide-behind" parameter is "gateway".
+ type: str
+ ipv4_address:
+ description:
+ - IPv4 address.
+ type: str
+ ipv6_address:
+ description:
+ - IPv6 address.
+ type: str
+ hide_behind:
+ description:
+ - Hide behind method. This parameter is not required in case "method" parameter is "static".
+ type: str
+ choices: ['gateway', 'ip-address']
+ install_on:
+ description:
+ - Which gateway should apply the NAT translation.
+ type: str
+ method:
+ description:
+ - NAT translation method.
+ type: str
+ choices: ['hide', 'static']
+ tags:
+ description:
+ - Collection of tag identifiers.
+ type: list
+ elements: str
+ color:
+ description:
+ - Color of the object. Should be one of existing colors.
+ type: str
+ choices: ['aquamarine', 'black', 'blue', 'crete blue', 'burlywood', 'cyan', 'dark green', 'khaki', 'orchid', 'dark orange', 'dark sea green',
+ 'pink', 'turquoise', 'dark blue', 'firebrick', 'brown', 'forest green', 'gold', 'dark gold', 'gray', 'dark gray', 'light green', 'lemon chiffon',
+ 'coral', 'sea green', 'sky blue', 'magenta', 'purple', 'slate blue', 'violet red', 'navy blue', 'olive', 'orange', 'red', 'sienna', 'yellow']
+ comments:
+ description:
+ - Comments string.
+ type: str
+ details_level:
+ description:
+ - The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed
+ representation of the object.
+ type: str
+ choices: ['uid', 'standard', 'full']
+ groups:
+ description:
+ - Collection of group identifiers.
+ type: list
+ elements: str
+ ignore_warnings:
+ description:
+ - Apply changes ignoring warnings.
+ type: bool
+ ignore_errors:
+ description:
+ - Apply changes ignoring errors. You won't be able to publish such a changes. If ignore-warnings flag was omitted - warnings will also be ignored.
+ type: bool
+extends_documentation_fragment: check_point.mgmt.checkpoint_objects
+"""
+
+EXAMPLES = """
+- name: add-address-range
+ cp_mgmt_address_range:
+ ip_address_first: 192.0.2.1
+ ip_address_last: 192.0.2.10
+ name: New Address Range 1
+ state: present
+
+- name: set-address-range
+ cp_mgmt_address_range:
+ color: green
+ ip_address_first: 192.0.2.1
+ ip_address_last: 192.0.2.1
+ name: New Address Range 1
+ new_name: New Address Range 2
+ state: present
+
+- name: delete-address-range
+ cp_mgmt_address_range:
+ name: New Address Range 2
+ state: absent
+"""
+
+RETURN = """
+cp_mgmt_address_range:
+ description: The checkpoint object created or updated.
+ returned: always, except when deleting the object.
+ type: dict
+"""
+
+from ansible.module_utils.basic import AnsibleModule
+from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_objects, api_call
+
+
+def main():
+ argument_spec = dict(
+ name=dict(type='str', required=True),
+ ip_address_first=dict(type='str'),
+ ipv4_address_first=dict(type='str'),
+ ipv6_address_first=dict(type='str'),
+ ip_address_last=dict(type='str'),
+ ipv4_address_last=dict(type='str'),
+ ipv6_address_last=dict(type='str'),
+ nat_settings=dict(type='dict', options=dict(
+ auto_rule=dict(type='bool'),
+ ip_address=dict(type='str'),
+ ipv4_address=dict(type='str'),
+ ipv6_address=dict(type='str'),
+ hide_behind=dict(type='str', choices=['gateway', 'ip-address']),
+ install_on=dict(type='str'),
+ method=dict(type='str', choices=['hide', 'static'])
+ )),
+ tags=dict(type='list', elements='str'),
+ color=dict(type='str', choices=['aquamarine', 'black', 'blue', 'crete blue', 'burlywood', 'cyan', 'dark green',
+ 'khaki', 'orchid', 'dark orange', 'dark sea green', 'pink', 'turquoise', 'dark blue', 'firebrick', 'brown',
+ 'forest green', 'gold', 'dark gold', 'gray', 'dark gray', 'light green', 'lemon chiffon', 'coral', 'sea green',
+ 'sky blue', 'magenta', 'purple', 'slate blue', 'violet red', 'navy blue', 'olive', 'orange', 'red', 'sienna',
+ 'yellow']),
+ comments=dict(type='str'),
+ details_level=dict(type='str', choices=['uid', 'standard', 'full']),
+ groups=dict(type='list', elements='str'),
+ ignore_warnings=dict(type='bool'),
+ ignore_errors=dict(type='bool')
+ )
+ argument_spec.update(checkpoint_argument_spec_for_objects)
+
+ module = AnsibleModule(argument_spec=argument_spec, supports_check_mode=True)
+ api_call_object = 'address-range'
+
+ result = api_call(module, api_call_object)
+ module.exit_json(**result)
+
+
+if __name__ == '__main__':
+ main()
diff --git a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_address_range_facts.py b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_address_range_facts.py
new file mode 100644
index 000000000..f9032eef1
--- /dev/null
+++ b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_address_range_facts.py
@@ -0,0 +1,132 @@
+#!/usr/bin/python
+# -*- coding: utf-8 -*-
+#
+# Ansible module to manage Check Point Firewall (c) 2019
+#
+# Ansible is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# Ansible is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with Ansible. If not, see <http://www.gnu.org/licenses/>.
+#
+
+from __future__ import (absolute_import, division, print_function)
+
+__metaclass__ = type
+
+ANSIBLE_METADATA = {'metadata_version': '1.1',
+ 'status': ['preview'],
+ 'supported_by': 'community'}
+
+DOCUMENTATION = """
+---
+module: cp_mgmt_address_range_facts
+short_description: Get address-range objects facts on Check Point over Web Services API
+description:
+ - Get address-range objects facts on Check Point devices.
+ - All operations are performed over Web Services API.
+ - This module handles both operations, get a specific object and get several objects,
+ For getting a specific object use the parameter 'name'.
+version_added: "1.0.0"
+author: "Or Soffer (@chkp-orso)"
+options:
+ name:
+ description:
+ - Object name.
+ This parameter is relevant only for getting a specific object.
+ type: str
+ details_level:
+ description:
+ - The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed
+ representation of the object.
+ type: str
+ choices: ['uid', 'standard', 'full']
+ limit:
+ description:
+ - No more than that many results will be returned.
+ This parameter is relevant only for getting few objects.
+ type: int
+ offset:
+ description:
+ - Skip that many results before beginning to return them.
+ This parameter is relevant only for getting few objects.
+ type: int
+ order:
+ description:
+ - Sorts results by the given field. By default the results are sorted in the ascending order by name.
+ This parameter is relevant only for getting few objects.
+ type: list
+ elements: dict
+ suboptions:
+ ASC:
+ description:
+ - Sorts results by the given field in ascending order.
+ type: str
+ choices: ['name']
+ DESC:
+ description:
+ - Sorts results by the given field in descending order.
+ type: str
+ choices: ['name']
+ show_membership:
+ description:
+ - Indicates whether to calculate and show "groups" field for every object in reply.
+ type: bool
+extends_documentation_fragment: check_point.mgmt.checkpoint_facts
+"""
+
+EXAMPLES = """
+- name: show-address-range
+ cp_mgmt_address_range_facts:
+ name: New Address Range 1
+
+- name: show-address-ranges
+ cp_mgmt_address_range_facts:
+ details_level: standard
+ limit: 50
+ offset: 0
+"""
+
+RETURN = """
+ansible_facts:
+ description: The checkpoint object facts.
+ returned: always.
+ type: dict
+"""
+
+from ansible.module_utils.basic import AnsibleModule
+from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_facts, api_call_facts
+
+
+def main():
+ argument_spec = dict(
+ name=dict(type='str'),
+ details_level=dict(type='str', choices=['uid', 'standard', 'full']),
+ limit=dict(type='int'),
+ offset=dict(type='int'),
+ order=dict(type='list', elements='dict', options=dict(
+ ASC=dict(type='str', choices=['name']),
+ DESC=dict(type='str', choices=['name'])
+ )),
+ show_membership=dict(type='bool')
+ )
+ argument_spec.update(checkpoint_argument_spec_for_facts)
+
+ module = AnsibleModule(argument_spec=argument_spec, supports_check_mode=True)
+
+ api_call_object = "address-range"
+ api_call_object_plural_version = "address-ranges"
+
+ result = api_call_facts(module, api_call_object, api_call_object_plural_version)
+ module.exit_json(ansible_facts=result)
+
+
+if __name__ == '__main__':
+ main()
diff --git a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_administrator.py b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_administrator.py
new file mode 100644
index 000000000..7568f742c
--- /dev/null
+++ b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_administrator.py
@@ -0,0 +1,231 @@
+#!/usr/bin/python
+# -*- coding: utf-8 -*-
+#
+# Ansible module to manage CheckPoint Firewall (c) 2019
+#
+# Ansible is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# Ansible is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with Ansible. If not, see <http://www.gnu.org/licenses/>.
+#
+
+from __future__ import (absolute_import, division, print_function)
+
+__metaclass__ = type
+
+ANSIBLE_METADATA = {'metadata_version': '1.1',
+ 'status': ['preview'],
+ 'supported_by': 'community'}
+
+DOCUMENTATION = """
+---
+module: cp_mgmt_administrator
+short_description: Manages administrator objects on Checkpoint over Web Services API
+description:
+ - Manages administrator objects on Checkpoint devices including creating, updating and removing objects.
+ - All operations are performed over Web Services API.
+version_added: "1.0.0"
+author: "Or Soffer (@chkp-orso)"
+options:
+ name:
+ description:
+ - Object name.
+ type: str
+ required: True
+ authentication_method:
+ description:
+ - Authentication method.
+ type: str
+ choices: ['undefined', 'check point password', 'os password', 'securid', 'radius', 'tacacs', 'ad authentication', 'api key']
+ email:
+ description:
+ - Administrator email.
+ type: str
+ expiration_date:
+ description:
+ - Format, YYYY-MM-DD, YYYY-mm-ddThh,mm,ss.
+ type: str
+ multi_domain_profile:
+ description:
+ - Administrator multi-domain profile.
+ type: str
+ must_change_password:
+ description:
+ - True if administrator must change password on the next login.
+ type: bool
+ password:
+ description:
+ - Administrator password.
+ type: str
+ password_hash:
+ description:
+ - Administrator password hash.
+ type: str
+ permissions_profile:
+ description:
+ - Permission profile
+ type: str
+ permissions_profile_list:
+ description:
+ - Administrator permissions profile. Permissions profile should not be provided when multi-domain-profile is set to "Multi-Domain Super User" or
+ "Domain Super User". Used only in MDS.
+ type: list
+ elements: dict
+ suboptions:
+ profile:
+ description:
+ - Permission profile.
+ type: str
+ domain:
+ description:
+ - Domain.
+ type: str
+ phone_number:
+ description:
+ - Administrator phone number.
+ type: str
+ radius_server:
+ description:
+ - RADIUS server object identified by the name or UID. Must be set when "authentication-method" was selected to be "RADIUS".
+ type: str
+ tacacs_server:
+ description:
+ - TACACS server object identified by the name or UID. Must be set when "authentication-method" was selected to be "TACACS".
+ type: str
+ tags:
+ description:
+ - Collection of tag identifiers.
+ type: list
+ elements: str
+ color:
+ description:
+ - Color of the object. Should be one of existing colors.
+ type: str
+ choices: ['aquamarine', 'black', 'blue', 'crete blue', 'burlywood', 'cyan', 'dark green', 'khaki', 'orchid', 'dark orange', 'dark sea green',
+ 'pink', 'turquoise', 'dark blue', 'firebrick', 'brown', 'forest green', 'gold', 'dark gold', 'gray', 'dark gray', 'light green', 'lemon chiffon',
+ 'coral', 'sea green', 'sky blue', 'magenta', 'purple', 'slate blue', 'violet red', 'navy blue', 'olive', 'orange', 'red', 'sienna', 'yellow']
+ comments:
+ description:
+ - Comments string.
+ type: str
+ details_level:
+ description:
+ - The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed
+ representation of the object.
+ type: str
+ choices: ['uid', 'standard', 'full']
+ ignore_warnings:
+ description:
+ - Apply changes ignoring warnings.
+ type: bool
+ ignore_errors:
+ description:
+ - Apply changes ignoring errors. You won't be able to publish such a changes. If ignore-warnings flag was omitted - warnings will also be ignored.
+ type: bool
+extends_documentation_fragment: check_point.mgmt.checkpoint_objects
+"""
+
+EXAMPLES = """
+- name: add-administrator
+ cp_mgmt_administrator:
+ authentication_method: check point password
+ email: admin@gmail.com
+ must_change_password: false
+ name: admin
+ password: secret
+ permissions_profile: read write all
+ phone_number: 1800-800-800
+ state: present
+
+- name: set-administrator
+ cp_mgmt_administrator:
+ name: admin
+ password: new secret
+ permissions_profile: read only profile
+ state: present
+
+- name: delete-administrator
+ cp_mgmt_administrator:
+ name: admin
+ state: absent
+
+- name: add-administrator-in-MDS
+ cp_mgmt_administrator:
+ authentication_method: check point password
+ email: admin@gmail.com
+ must_change_password: false
+ name: admin
+ password: secret
+ permissions_profile_list:
+ profile: read write all
+ domain: dom1
+ phone_number: 1800-800-800
+ state: present
+"""
+
+RETURN = """
+cp_mgmt_administrator:
+ description: The checkpoint object created or updated.
+ returned: always, except when deleting the object.
+ type: dict
+"""
+
+from ansible.module_utils.basic import AnsibleModule
+from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_objects, api_call
+
+
+def main():
+ argument_spec = dict(
+ name=dict(type='str', required=True),
+ authentication_method=dict(type='str', choices=['undefined', 'check point password',
+ 'os password', 'securid', 'radius', 'tacacs', 'ad authentication', 'api key']),
+ email=dict(type='str'),
+ expiration_date=dict(type='str'),
+ multi_domain_profile=dict(type='str'),
+ must_change_password=dict(type='bool'),
+ password=dict(type='str', no_log=True),
+ password_hash=dict(type='str', no_log=True),
+ permissions_profile=dict(type='str'),
+ permissions_profile_list=dict(type='list', elements='dict', options=dict(
+ profile=dict(type='str'),
+ domain=dict(type='str')
+ )),
+ phone_number=dict(type='str'),
+ radius_server=dict(type='str'),
+ tacacs_server=dict(type='str'),
+ tags=dict(type='list', elements='str'),
+ color=dict(type='str', choices=['aquamarine', 'black', 'blue', 'crete blue', 'burlywood', 'cyan', 'dark green',
+ 'khaki', 'orchid', 'dark orange', 'dark sea green', 'pink', 'turquoise', 'dark blue', 'firebrick', 'brown',
+ 'forest green', 'gold', 'dark gold', 'gray', 'dark gray', 'light green', 'lemon chiffon', 'coral', 'sea green',
+ 'sky blue', 'magenta', 'purple', 'slate blue', 'violet red', 'navy blue', 'olive', 'orange', 'red', 'sienna',
+ 'yellow']),
+ comments=dict(type='str'),
+ details_level=dict(type='str', choices=['uid', 'standard', 'full']),
+ ignore_warnings=dict(type='bool'),
+ ignore_errors=dict(type='bool')
+ )
+ argument_spec.update(checkpoint_argument_spec_for_objects)
+
+ module = AnsibleModule(argument_spec=argument_spec, supports_check_mode=True)
+ api_call_object = 'administrator'
+
+ if module.params["permissions_profile_list"] is not None:
+ if module.params["permissions_profile"] is not None:
+ raise AssertionError("The use of both 'permissions_profile_list' and 'permissions_profile' arguments isn't allowed")
+ module.params["permissions_profile"] = module.params["permissions_profile_list"]
+ module.params.pop("permissions_profile_list")
+
+ result = api_call(module, api_call_object)
+ module.exit_json(**result)
+
+
+if __name__ == '__main__':
+ main()
diff --git a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_administrator_facts.py b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_administrator_facts.py
new file mode 100644
index 000000000..affd2febe
--- /dev/null
+++ b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_administrator_facts.py
@@ -0,0 +1,127 @@
+#!/usr/bin/python
+# -*- coding: utf-8 -*-
+#
+# Ansible module to manage CheckPoint Firewall (c) 2019
+#
+# Ansible is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# Ansible is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with Ansible. If not, see <http://www.gnu.org/licenses/>.
+#
+
+from __future__ import (absolute_import, division, print_function)
+
+__metaclass__ = type
+
+ANSIBLE_METADATA = {'metadata_version': '1.1',
+ 'status': ['preview'],
+ 'supported_by': 'community'}
+
+DOCUMENTATION = """
+---
+module: cp_mgmt_administrator_facts
+short_description: Get administrator objects facts on Checkpoint over Web Services API
+description:
+ - Get administrator objects facts on Checkpoint devices.
+ - All operations are performed over Web Services API.
+ - This module handles both operations, get a specific object and get several objects,
+ For getting a specific object use the parameter 'name'.
+version_added: "1.0.0"
+author: "Or Soffer (@chkp-orso)"
+options:
+ name:
+ description:
+ - Object name.
+ This parameter is relevant only for getting a specific object.
+ type: str
+ details_level:
+ description:
+ - The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed
+ representation of the object.
+ type: str
+ choices: ['uid', 'standard', 'full']
+ limit:
+ description:
+ - The maximal number of returned results.
+ This parameter is relevant only for getting few objects.
+ type: int
+ offset:
+ description:
+ - Number of the results to initially skip.
+ This parameter is relevant only for getting few objects.
+ type: int
+ order:
+ description:
+ - Sorts the results by search criteria. Automatically sorts the results by Name, in the ascending order.
+ This parameter is relevant only for getting few objects.
+ type: list
+ elements: dict
+ suboptions:
+ ASC:
+ description:
+ - Sorts results by the given field in ascending order.
+ type: str
+ choices: ['name']
+ DESC:
+ description:
+ - Sorts results by the given field in descending order.
+ type: str
+ choices: ['name']
+extends_documentation_fragment: check_point.mgmt.checkpoint_facts
+"""
+
+EXAMPLES = """
+- name: show-administrator
+ cp_mgmt_administrator_facts:
+ name: admin
+
+- name: show-administrators
+ cp_mgmt_administrator_facts:
+ details_level: standard
+ limit: 50
+ offset: 0
+"""
+
+RETURN = """
+ansible_facts:
+ description: The checkpoint object facts.
+ returned: always.
+ type: dict
+"""
+
+from ansible.module_utils.basic import AnsibleModule
+from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_facts, api_call_facts
+
+
+def main():
+ argument_spec = dict(
+ name=dict(type='str'),
+ details_level=dict(type='str', choices=['uid', 'standard', 'full']),
+ limit=dict(type='int'),
+ offset=dict(type='int'),
+ order=dict(type='list', elements='dict', options=dict(
+ ASC=dict(type='str', choices=['name']),
+ DESC=dict(type='str', choices=['name'])
+ ))
+ )
+ argument_spec.update(checkpoint_argument_spec_for_facts)
+
+ module = AnsibleModule(argument_spec=argument_spec, supports_check_mode=True)
+
+ api_call_object = "administrator"
+ api_call_object_plural_version = "administrators"
+
+ result = api_call_facts(module, api_call_object, api_call_object_plural_version)
+ module.exit_json(ansible_facts=result)
+
+
+if __name__ == '__main__':
+ main()
diff --git a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_application_site.py b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_application_site.py
new file mode 100644
index 000000000..36b042a10
--- /dev/null
+++ b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_application_site.py
@@ -0,0 +1,180 @@
+#!/usr/bin/python
+# -*- coding: utf-8 -*-
+#
+# Ansible module to manage Check Point Firewall (c) 2019
+#
+# Ansible is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# Ansible is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with Ansible. If not, see <http://www.gnu.org/licenses/>.
+#
+
+from __future__ import (absolute_import, division, print_function)
+
+__metaclass__ = type
+
+ANSIBLE_METADATA = {'metadata_version': '1.1',
+ 'status': ['preview'],
+ 'supported_by': 'community'}
+
+DOCUMENTATION = """
+---
+module: cp_mgmt_application_site
+short_description: Manages application-site objects on Check Point over Web Services API
+description:
+ - Manages application-site objects on Check Point devices including creating, updating and removing objects.
+ - All operations are performed over Web Services API.
+version_added: "1.0.0"
+author: "Or Soffer (@chkp-orso)"
+options:
+ name:
+ description:
+ - Object name.
+ type: str
+ required: True
+ primary_category:
+ description:
+ - Each application is assigned to one primary category based on its most defining aspect.
+ type: str
+ url_list:
+ description:
+ - URLs that determine this particular application.
+ type: list
+ elements: str
+ application_signature:
+ description:
+ - Application signature generated by <a
+ href="https,//supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk103051">Signature Tool</a>.
+ type: str
+ additional_categories:
+ description:
+ - Used to configure or edit the additional categories of a custom application / site used in the Application and URL Filtering or Threat Prevention.
+ type: list
+ elements: str
+ description:
+ description:
+ - A description for the application.
+ type: str
+ tags:
+ description:
+ - Collection of tag identifiers.
+ type: list
+ elements: str
+ urls_defined_as_regular_expression:
+ description:
+ - States whether the URL is defined as a Regular Expression or not.
+ type: bool
+ color:
+ description:
+ - Color of the object. Should be one of existing colors.
+ type: str
+ choices: ['aquamarine', 'black', 'blue', 'crete blue', 'burlywood', 'cyan', 'dark green', 'khaki', 'orchid', 'dark orange', 'dark sea green',
+ 'pink', 'turquoise', 'dark blue', 'firebrick', 'brown', 'forest green', 'gold', 'dark gold', 'gray', 'dark gray', 'light green', 'lemon chiffon',
+ 'coral', 'sea green', 'sky blue', 'magenta', 'purple', 'slate blue', 'violet red', 'navy blue', 'olive', 'orange', 'red', 'sienna', 'yellow']
+ comments:
+ description:
+ - Comments string.
+ type: str
+ details_level:
+ description:
+ - The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed
+ representation of the object.
+ type: str
+ choices: ['uid', 'standard', 'full']
+ groups:
+ description:
+ - Collection of group identifiers.
+ type: list
+ elements: str
+ ignore_warnings:
+ description:
+ - Apply changes ignoring warnings.
+ type: bool
+ ignore_errors:
+ description:
+ - Apply changes ignoring errors. You won't be able to publish such a changes. If ignore-warnings flag was omitted - warnings will also be ignored.
+ type: bool
+extends_documentation_fragment: check_point.mgmt.checkpoint_objects
+"""
+
+EXAMPLES = """
+- name: add-application-site
+ cp_mgmt_application_site:
+ additional_categories:
+ - Instant Chat
+ - Supports Streaming
+ - New Application Site Category 1
+ description: My Application Site
+ name: New Application Site 1
+ primary_category: Social Networking
+ state: present
+ url_list:
+ - www.cnet.com
+ - www.stackoverflow.com
+ urls_defined_as_regular_expression: false
+
+- name: set-application-site
+ cp_mgmt_application_site:
+ description: My New Application Site
+ name: New Application Site 1
+ primary_category: Instant Chat
+ state: present
+ urls_defined_as_regular_expression: true
+
+- name: delete-application-site
+ cp_mgmt_application_site:
+ name: New Application Site 2
+ state: absent
+"""
+
+RETURN = """
+cp_mgmt_application_site:
+ description: The checkpoint object created or updated.
+ returned: always, except when deleting the object.
+ type: dict
+"""
+
+from ansible.module_utils.basic import AnsibleModule
+from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_objects, api_call
+
+
+def main():
+ argument_spec = dict(
+ name=dict(type='str', required=True),
+ primary_category=dict(type='str'),
+ url_list=dict(type='list', elements='str'),
+ application_signature=dict(type='str'),
+ additional_categories=dict(type='list', elements='str'),
+ description=dict(type='str'),
+ tags=dict(type='list', elements='str'),
+ urls_defined_as_regular_expression=dict(type='bool'),
+ color=dict(type='str', choices=['aquamarine', 'black', 'blue', 'crete blue', 'burlywood', 'cyan', 'dark green',
+ 'khaki', 'orchid', 'dark orange', 'dark sea green', 'pink', 'turquoise', 'dark blue', 'firebrick', 'brown',
+ 'forest green', 'gold', 'dark gold', 'gray', 'dark gray', 'light green', 'lemon chiffon', 'coral', 'sea green',
+ 'sky blue', 'magenta', 'purple', 'slate blue', 'violet red', 'navy blue', 'olive', 'orange', 'red', 'sienna',
+ 'yellow']),
+ comments=dict(type='str'),
+ details_level=dict(type='str', choices=['uid', 'standard', 'full']),
+ groups=dict(type='list', elements='str'),
+ ignore_warnings=dict(type='bool'),
+ ignore_errors=dict(type='bool')
+ )
+ argument_spec.update(checkpoint_argument_spec_for_objects)
+
+ module = AnsibleModule(argument_spec=argument_spec, supports_check_mode=True)
+ api_call_object = 'application-site'
+
+ result = api_call(module, api_call_object)
+ module.exit_json(**result)
+
+
+if __name__ == '__main__':
+ main()
diff --git a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_application_site_category.py b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_application_site_category.py
new file mode 100644
index 000000000..4c3d94d13
--- /dev/null
+++ b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_application_site_category.py
@@ -0,0 +1,141 @@
+#!/usr/bin/python
+# -*- coding: utf-8 -*-
+#
+# Ansible module to manage Check Point Firewall (c) 2019
+#
+# Ansible is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# Ansible is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with Ansible. If not, see <http://www.gnu.org/licenses/>.
+#
+
+from __future__ import (absolute_import, division, print_function)
+
+__metaclass__ = type
+
+ANSIBLE_METADATA = {'metadata_version': '1.1',
+ 'status': ['preview'],
+ 'supported_by': 'community'}
+
+DOCUMENTATION = """
+---
+module: cp_mgmt_application_site_category
+short_description: Manages application-site-category objects on Check Point over Web Services API
+description:
+ - Manages application-site-category objects on Check Point devices including creating, updating and removing objects.
+ - All operations are performed over Web Services API.
+version_added: "1.0.0"
+author: "Or Soffer (@chkp-orso)"
+options:
+ name:
+ description:
+ - Object name.
+ type: str
+ required: True
+ description:
+ description:
+ - N/A
+ type: str
+ tags:
+ description:
+ - Collection of tag identifiers.
+ type: list
+ elements: str
+ color:
+ description:
+ - Color of the object. Should be one of existing colors.
+ type: str
+ choices: ['aquamarine', 'black', 'blue', 'crete blue', 'burlywood', 'cyan', 'dark green', 'khaki', 'orchid', 'dark orange', 'dark sea green',
+ 'pink', 'turquoise', 'dark blue', 'firebrick', 'brown', 'forest green', 'gold', 'dark gold', 'gray', 'dark gray', 'light green', 'lemon chiffon',
+ 'coral', 'sea green', 'sky blue', 'magenta', 'purple', 'slate blue', 'violet red', 'navy blue', 'olive', 'orange', 'red', 'sienna', 'yellow']
+ comments:
+ description:
+ - Comments string.
+ type: str
+ details_level:
+ description:
+ - The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed
+ representation of the object.
+ type: str
+ choices: ['uid', 'standard', 'full']
+ groups:
+ description:
+ - Collection of group identifiers.
+ type: list
+ elements: str
+ ignore_warnings:
+ description:
+ - Apply changes ignoring warnings.
+ type: bool
+ ignore_errors:
+ description:
+ - Apply changes ignoring errors. You won't be able to publish such a changes. If ignore-warnings flag was omitted - warnings will also be ignored.
+ type: bool
+extends_documentation_fragment: check_point.mgmt.checkpoint_objects
+"""
+
+EXAMPLES = """
+- name: add-application-site-category
+ cp_mgmt_application_site_category:
+ description: My Application Site category
+ name: New Application Site Category 1
+ state: present
+
+- name: set-application-site-category
+ cp_mgmt_application_site_category:
+ description: My new Application Site category
+ name: New Application Site Category 1
+ state: present
+
+- name: delete-application-site-category
+ cp_mgmt_application_site_category:
+ name: New Application Site Category 2
+ state: absent
+"""
+
+RETURN = """
+cp_mgmt_application_site_category:
+ description: The checkpoint object created or updated.
+ returned: always, except when deleting the object.
+ type: dict
+"""
+
+from ansible.module_utils.basic import AnsibleModule
+from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_objects, api_call
+
+
+def main():
+ argument_spec = dict(
+ name=dict(type='str', required=True),
+ description=dict(type='str'),
+ tags=dict(type='list', elements='str'),
+ color=dict(type='str', choices=['aquamarine', 'black', 'blue', 'crete blue', 'burlywood', 'cyan', 'dark green',
+ 'khaki', 'orchid', 'dark orange', 'dark sea green', 'pink', 'turquoise', 'dark blue', 'firebrick', 'brown',
+ 'forest green', 'gold', 'dark gold', 'gray', 'dark gray', 'light green', 'lemon chiffon', 'coral', 'sea green',
+ 'sky blue', 'magenta', 'purple', 'slate blue', 'violet red', 'navy blue', 'olive', 'orange', 'red', 'sienna',
+ 'yellow']),
+ comments=dict(type='str'),
+ details_level=dict(type='str', choices=['uid', 'standard', 'full']),
+ groups=dict(type='list', elements='str'),
+ ignore_warnings=dict(type='bool'),
+ ignore_errors=dict(type='bool')
+ )
+ argument_spec.update(checkpoint_argument_spec_for_objects)
+
+ module = AnsibleModule(argument_spec=argument_spec, supports_check_mode=True)
+ api_call_object = 'application-site-category'
+
+ result = api_call(module, api_call_object)
+ module.exit_json(**result)
+
+
+if __name__ == '__main__':
+ main()
diff --git a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_application_site_category_facts.py b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_application_site_category_facts.py
new file mode 100644
index 000000000..3c3653b5b
--- /dev/null
+++ b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_application_site_category_facts.py
@@ -0,0 +1,127 @@
+#!/usr/bin/python
+# -*- coding: utf-8 -*-
+#
+# Ansible module to manage Check Point Firewall (c) 2019
+#
+# Ansible is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# Ansible is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with Ansible. If not, see <http://www.gnu.org/licenses/>.
+#
+
+from __future__ import (absolute_import, division, print_function)
+
+__metaclass__ = type
+
+ANSIBLE_METADATA = {'metadata_version': '1.1',
+ 'status': ['preview'],
+ 'supported_by': 'community'}
+
+DOCUMENTATION = """
+---
+module: cp_mgmt_application_site_category_facts
+short_description: Get application-site-category objects facts on Check Point over Web Services API
+description:
+ - Get application-site-category objects facts on Check Point devices.
+ - All operations are performed over Web Services API.
+ - This module handles both operations, get a specific object and get several objects,
+ For getting a specific object use the parameter 'name'.
+version_added: "1.0.0"
+author: "Or Soffer (@chkp-orso)"
+options:
+ name:
+ description:
+ - Object name.
+ This parameter is relevant only for getting a specific object.
+ type: str
+ details_level:
+ description:
+ - The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed
+ representation of the object.
+ type: str
+ choices: ['uid', 'standard', 'full']
+ limit:
+ description:
+ - No more than that many results will be returned.
+ This parameter is relevant only for getting few objects.
+ type: int
+ offset:
+ description:
+ - Skip that many results before beginning to return them.
+ This parameter is relevant only for getting few objects.
+ type: int
+ order:
+ description:
+ - Sorts results by the given field. By default the results are sorted in the ascending order by name.
+ This parameter is relevant only for getting few objects.
+ type: list
+ elements: dict
+ suboptions:
+ ASC:
+ description:
+ - Sorts results by the given field in ascending order.
+ type: str
+ choices: ['name']
+ DESC:
+ description:
+ - Sorts results by the given field in descending order.
+ type: str
+ choices: ['name']
+extends_documentation_fragment: check_point.mgmt.checkpoint_facts
+"""
+
+EXAMPLES = """
+- name: show-application-site-category
+ cp_mgmt_application_site_category_facts:
+ name: Social Networking
+
+- name: show-application-site-categories
+ cp_mgmt_application_site_category_facts:
+ details_level: standard
+ limit: 50
+ offset: 0
+"""
+
+RETURN = """
+ansible_facts:
+ description: The checkpoint object facts.
+ returned: always.
+ type: dict
+"""
+
+from ansible.module_utils.basic import AnsibleModule
+from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_facts, api_call_facts
+
+
+def main():
+ argument_spec = dict(
+ name=dict(type='str'),
+ details_level=dict(type='str', choices=['uid', 'standard', 'full']),
+ limit=dict(type='int'),
+ offset=dict(type='int'),
+ order=dict(type='list', elements='dict', options=dict(
+ ASC=dict(type='str', choices=['name']),
+ DESC=dict(type='str', choices=['name'])
+ ))
+ )
+ argument_spec.update(checkpoint_argument_spec_for_facts)
+
+ module = AnsibleModule(argument_spec=argument_spec, supports_check_mode=True)
+
+ api_call_object = "application-site-category"
+ api_call_object_plural_version = "application-site-categories"
+
+ result = api_call_facts(module, api_call_object, api_call_object_plural_version)
+ module.exit_json(ansible_facts=result)
+
+
+if __name__ == '__main__':
+ main()
diff --git a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_application_site_facts.py b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_application_site_facts.py
new file mode 100644
index 000000000..2618cf6fb
--- /dev/null
+++ b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_application_site_facts.py
@@ -0,0 +1,137 @@
+#!/usr/bin/python
+# -*- coding: utf-8 -*-
+#
+# Ansible module to manage Check Point Firewall (c) 2019
+#
+# Ansible is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# Ansible is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with Ansible. If not, see <http://www.gnu.org/licenses/>.
+#
+
+from __future__ import (absolute_import, division, print_function)
+
+__metaclass__ = type
+
+ANSIBLE_METADATA = {'metadata_version': '1.1',
+ 'status': ['preview'],
+ 'supported_by': 'community'}
+
+DOCUMENTATION = """
+---
+module: cp_mgmt_application_site_facts
+short_description: Get application-site objects facts on Check Point over Web Services API
+description:
+ - Get application-site objects facts on Check Point devices.
+ - All operations are performed over Web Services API.
+ - This module handles both operations, get a specific object and get several objects,
+ For getting a specific object use the parameter 'name'.
+version_added: "1.0.0"
+author: "Or Soffer (@chkp-orso)"
+options:
+ name:
+ description:
+ - Object name.
+ This parameter is relevant only for getting a specific object.
+ type: str
+ application_id:
+ description:
+ - Object application identifier.
+ type: str
+ details_level:
+ description:
+ - The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed
+ representation of the object.
+ type: str
+ choices: ['uid', 'standard', 'full']
+ limit:
+ description:
+ - No more than that many results will be returned.
+ This parameter is relevant only for getting few objects.
+ type: int
+ offset:
+ description:
+ - Skip that many results before beginning to return them.
+ This parameter is relevant only for getting few objects.
+ type: int
+ order:
+ description:
+ - Sorts results by the given field. By default the results are sorted in the ascending order by name.
+ This parameter is relevant only for getting few objects.
+ type: list
+ elements: dict
+ suboptions:
+ ASC:
+ description:
+ - Sorts results by the given field in ascending order.
+ type: str
+ choices: ['name']
+ DESC:
+ description:
+ - Sorts results by the given field in descending order.
+ type: str
+ choices: ['name']
+ show_membership:
+ description:
+ - Indicates whether to calculate and show "groups" field for every object in reply.
+ type: bool
+extends_documentation_fragment: check_point.mgmt.checkpoint_facts
+"""
+
+EXAMPLES = """
+- name: show-application-site
+ cp_mgmt_application_site_facts:
+ name: facebook
+
+- name: show-application-sites
+ cp_mgmt_application_site_facts:
+ details_level: standard
+ limit: 50
+ offset: 0
+"""
+
+RETURN = """
+ansible_facts:
+ description: The checkpoint object facts.
+ returned: always.
+ type: dict
+"""
+
+from ansible.module_utils.basic import AnsibleModule
+from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_facts, api_call_facts
+
+
+def main():
+ argument_spec = dict(
+ name=dict(type='str'),
+ application_id=dict(type='str'),
+ details_level=dict(type='str', choices=['uid', 'standard', 'full']),
+ limit=dict(type='int'),
+ offset=dict(type='int'),
+ order=dict(type='list', elements='dict', options=dict(
+ ASC=dict(type='str', choices=['name']),
+ DESC=dict(type='str', choices=['name'])
+ )),
+ show_membership=dict(type='bool')
+ )
+ argument_spec.update(checkpoint_argument_spec_for_facts)
+
+ module = AnsibleModule(argument_spec=argument_spec, supports_check_mode=True)
+
+ api_call_object = "application-site"
+ api_call_object_plural_version = "application-sites"
+
+ result = api_call_facts(module, api_call_object, api_call_object_plural_version)
+ module.exit_json(ansible_facts=result)
+
+
+if __name__ == '__main__':
+ main()
diff --git a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_application_site_group.py b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_application_site_group.py
new file mode 100644
index 000000000..58c072771
--- /dev/null
+++ b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_application_site_group.py
@@ -0,0 +1,147 @@
+#!/usr/bin/python
+# -*- coding: utf-8 -*-
+#
+# Ansible module to manage Check Point Firewall (c) 2019
+#
+# Ansible is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# Ansible is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with Ansible. If not, see <http://www.gnu.org/licenses/>.
+#
+
+from __future__ import (absolute_import, division, print_function)
+
+__metaclass__ = type
+
+ANSIBLE_METADATA = {'metadata_version': '1.1',
+ 'status': ['preview'],
+ 'supported_by': 'community'}
+
+DOCUMENTATION = """
+---
+module: cp_mgmt_application_site_group
+short_description: Manages application-site-group objects on Check Point over Web Services API
+description:
+ - Manages application-site-group objects on Check Point devices including creating, updating and removing objects.
+ - All operations are performed over Web Services API.
+version_added: "1.0.0"
+author: "Or Soffer (@chkp-orso)"
+options:
+ name:
+ description:
+ - Object name.
+ type: str
+ required: True
+ members:
+ description:
+ - Collection of application and URL filtering objects identified by the name or UID.
+ type: list
+ elements: str
+ tags:
+ description:
+ - Collection of tag identifiers.
+ type: list
+ elements: str
+ color:
+ description:
+ - Color of the object. Should be one of existing colors.
+ type: str
+ choices: ['aquamarine', 'black', 'blue', 'crete blue', 'burlywood', 'cyan', 'dark green', 'khaki', 'orchid', 'dark orange', 'dark sea green',
+ 'pink', 'turquoise', 'dark blue', 'firebrick', 'brown', 'forest green', 'gold', 'dark gold', 'gray', 'dark gray', 'light green', 'lemon chiffon',
+ 'coral', 'sea green', 'sky blue', 'magenta', 'purple', 'slate blue', 'violet red', 'navy blue', 'olive', 'orange', 'red', 'sienna', 'yellow']
+ comments:
+ description:
+ - Comments string.
+ type: str
+ details_level:
+ description:
+ - The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed
+ representation of the object.
+ type: str
+ choices: ['uid', 'standard', 'full']
+ groups:
+ description:
+ - Collection of group identifiers.
+ type: list
+ elements: str
+ ignore_warnings:
+ description:
+ - Apply changes ignoring warnings.
+ type: bool
+ ignore_errors:
+ description:
+ - Apply changes ignoring errors. You won't be able to publish such a changes. If ignore-warnings flag was omitted - warnings will also be ignored.
+ type: bool
+extends_documentation_fragment: check_point.mgmt.checkpoint_objects
+"""
+
+EXAMPLES = """
+- name: add-application-site-group
+ cp_mgmt_application_site_group:
+ members:
+ - facebook
+ - Social Networking
+ - New Application Site 1
+ - New Application Site Category 1
+ name: New Application Site Group 1
+ state: present
+
+- name: set-application-site-group
+ cp_mgmt_application_site_group:
+ name: New Application Site Group 1
+ members:
+ - AliveProxy
+ state: present
+
+- name: delete-application-site-group
+ cp_mgmt_application_site_group:
+ name: New Application Site Group 1
+ state: absent
+"""
+
+RETURN = """
+cp_mgmt_application_site_group:
+ description: The checkpoint object created or updated.
+ returned: always, except when deleting the object.
+ type: dict
+"""
+
+from ansible.module_utils.basic import AnsibleModule
+from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_objects, api_call
+
+
+def main():
+ argument_spec = dict(
+ name=dict(type='str', required=True),
+ members=dict(type='list', elements='str'),
+ tags=dict(type='list', elements='str'),
+ color=dict(type='str', choices=['aquamarine', 'black', 'blue', 'crete blue', 'burlywood', 'cyan', 'dark green',
+ 'khaki', 'orchid', 'dark orange', 'dark sea green', 'pink', 'turquoise', 'dark blue', 'firebrick', 'brown',
+ 'forest green', 'gold', 'dark gold', 'gray', 'dark gray', 'light green', 'lemon chiffon', 'coral', 'sea green',
+ 'sky blue', 'magenta', 'purple', 'slate blue', 'violet red', 'navy blue', 'olive', 'orange', 'red', 'sienna',
+ 'yellow']),
+ comments=dict(type='str'),
+ details_level=dict(type='str', choices=['uid', 'standard', 'full']),
+ groups=dict(type='list', elements='str'),
+ ignore_warnings=dict(type='bool'),
+ ignore_errors=dict(type='bool')
+ )
+ argument_spec.update(checkpoint_argument_spec_for_objects)
+
+ module = AnsibleModule(argument_spec=argument_spec, supports_check_mode=True)
+ api_call_object = 'application-site-group'
+
+ result = api_call(module, api_call_object)
+ module.exit_json(**result)
+
+
+if __name__ == '__main__':
+ main()
diff --git a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_application_site_group_facts.py b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_application_site_group_facts.py
new file mode 100644
index 000000000..8a7ac74d4
--- /dev/null
+++ b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_application_site_group_facts.py
@@ -0,0 +1,137 @@
+#!/usr/bin/python
+# -*- coding: utf-8 -*-
+#
+# Ansible module to manage Check Point Firewall (c) 2019
+#
+# Ansible is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# Ansible is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with Ansible. If not, see <http://www.gnu.org/licenses/>.
+#
+
+from __future__ import (absolute_import, division, print_function)
+
+__metaclass__ = type
+
+ANSIBLE_METADATA = {'metadata_version': '1.1',
+ 'status': ['preview'],
+ 'supported_by': 'community'}
+
+DOCUMENTATION = """
+---
+module: cp_mgmt_application_site_group_facts
+short_description: Get application-site-group objects facts on Check Point over Web Services API
+description:
+ - Get application-site-group objects facts on Check Point devices.
+ - All operations are performed over Web Services API.
+ - This module handles both operations, get a specific object and get several objects,
+ For getting a specific object use the parameter 'name'.
+version_added: "1.0.0"
+author: "Or Soffer (@chkp-orso)"
+options:
+ name:
+ description:
+ - Object name.
+ This parameter is relevant only for getting a specific object.
+ type: str
+ details_level:
+ description:
+ - The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed
+ representation of the object.
+ type: str
+ choices: ['uid', 'standard', 'full']
+ limit:
+ description:
+ - No more than that many results will be returned.
+ This parameter is relevant only for getting few objects.
+ type: int
+ offset:
+ description:
+ - Skip that many results before beginning to return them.
+ This parameter is relevant only for getting few objects.
+ type: int
+ order:
+ description:
+ - Sorts results by the given field. By default the results are sorted in the ascending order by name.
+ This parameter is relevant only for getting few objects.
+ type: list
+ elements: dict
+ suboptions:
+ ASC:
+ description:
+ - Sorts results by the given field in ascending order.
+ type: str
+ choices: ['name']
+ DESC:
+ description:
+ - Sorts results by the given field in descending order.
+ type: str
+ choices: ['name']
+ dereference_group_members:
+ description:
+ - Indicates whether to dereference "members" field by details level for every object in reply.
+ type: bool
+ show_membership:
+ description:
+ - Indicates whether to calculate and show "groups" field for every object in reply.
+ type: bool
+extends_documentation_fragment: check_point.mgmt.checkpoint_facts
+"""
+
+EXAMPLES = """
+- name: show-application-site-group
+ cp_mgmt_application_site_group_facts:
+ name: New Application Site Group 1
+
+- name: show-application-site-groups
+ cp_mgmt_application_site_group_facts:
+ details_level: standard
+ limit: 50
+ offset: 0
+"""
+
+RETURN = """
+ansible_facts:
+ description: The checkpoint object facts.
+ returned: always.
+ type: dict
+"""
+
+from ansible.module_utils.basic import AnsibleModule
+from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_facts, api_call_facts
+
+
+def main():
+ argument_spec = dict(
+ name=dict(type='str'),
+ details_level=dict(type='str', choices=['uid', 'standard', 'full']),
+ limit=dict(type='int'),
+ offset=dict(type='int'),
+ order=dict(type='list', elements='dict', options=dict(
+ ASC=dict(type='str', choices=['name']),
+ DESC=dict(type='str', choices=['name'])
+ )),
+ dereference_group_members=dict(type='bool'),
+ show_membership=dict(type='bool')
+ )
+ argument_spec.update(checkpoint_argument_spec_for_facts)
+
+ module = AnsibleModule(argument_spec=argument_spec, supports_check_mode=True)
+
+ api_call_object = "application-site-group"
+ api_call_object_plural_version = "application-site-groups"
+
+ result = api_call_facts(module, api_call_object, api_call_object_plural_version)
+ module.exit_json(ansible_facts=result)
+
+
+if __name__ == '__main__':
+ main()
diff --git a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_approve_session.py b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_approve_session.py
new file mode 100644
index 000000000..d87b5738d
--- /dev/null
+++ b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_approve_session.py
@@ -0,0 +1,77 @@
+#!/usr/bin/python
+# -*- coding: utf-8 -*-
+#
+# Ansible module to manage CheckPoint Firewall (c) 2019
+#
+# Ansible is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# Ansible is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with Ansible. If not, see <http://www.gnu.org/licenses/>.
+#
+
+from __future__ import (absolute_import, division, print_function)
+
+__metaclass__ = type
+
+ANSIBLE_METADATA = {'metadata_version': '1.1',
+ 'status': ['preview'],
+ 'supported_by': 'community'}
+
+DOCUMENTATION = """
+---
+module: cp_mgmt_approve_session
+short_description: Workflow feature - Approve and Publish the session.
+description:
+ - Workflow feature - Approve and Publish the session.
+ - All operations are performed over Web Services API.
+version_added: "3.0.0"
+author: "Eden Brillant (@chkp-edenbr)"
+options:
+ uid:
+ description:
+ - Session unique identifier.
+ type: str
+extends_documentation_fragment: check_point.mgmt.checkpoint_commands
+"""
+
+EXAMPLES = """
+- name: approve-session
+ cp_mgmt_approve_session:
+ uid: 41e821a0-3720-11e3-aa6e-0800200c9fde
+"""
+
+RETURN = """
+cp_mgmt_approve_session:
+ description: The checkpoint approve-session output.
+ returned: always.
+ type: dict
+"""
+
+from ansible.module_utils.basic import AnsibleModule
+from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_commands, api_command
+
+
+def main():
+ argument_spec = dict(
+ uid=dict(type='str')
+ )
+ argument_spec.update(checkpoint_argument_spec_for_commands)
+
+ module = AnsibleModule(argument_spec=argument_spec)
+
+ command = "approve-session"
+
+ result = api_command(module, command)
+ module.exit_json(**result)
+
+
+if __name__ == '__main__':
+ main()
diff --git a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_assign_global_assignment.py b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_assign_global_assignment.py
new file mode 100644
index 000000000..f1b1df75d
--- /dev/null
+++ b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_assign_global_assignment.py
@@ -0,0 +1,92 @@
+#!/usr/bin/python
+# -*- coding: utf-8 -*-
+#
+# Ansible module to manage Check Point Firewall (c) 2019
+#
+# Ansible is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# Ansible is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with Ansible. If not, see <http://www.gnu.org/licenses/>.
+#
+
+from __future__ import (absolute_import, division, print_function)
+
+__metaclass__ = type
+
+ANSIBLE_METADATA = {'metadata_version': '1.1',
+ 'status': ['preview'],
+ 'supported_by': 'community'}
+
+DOCUMENTATION = """
+---
+module: cp_mgmt_assign_global_assignment
+short_description: assign global assignment on Check Point over Web Services API
+description:
+ - assign global assignment on Check Point over Web Services API
+ - All operations are performed over Web Services API.
+version_added: "1.0.0"
+author: "Or Soffer (@chkp-orso)"
+options:
+ dependent_domains:
+ description:
+ - N/A
+ type: list
+ elements: str
+ global_domains:
+ description:
+ - N/A
+ type: list
+ elements: str
+ details_level:
+ description:
+ - The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed
+ representation of the object.
+ type: str
+ choices: ['uid', 'standard', 'full']
+extends_documentation_fragment: check_point.mgmt.checkpoint_commands
+"""
+
+EXAMPLES = """
+- name: assign-global-assignment
+ cp_mgmt_assign_global_assignment:
+ dependent_domains: domain1
+ global_domains: Global2
+"""
+
+RETURN = """
+cp_mgmt_assign_global_assignment:
+ description: The checkpoint assign-global-assignment output.
+ returned: always.
+ type: dict
+"""
+
+from ansible.module_utils.basic import AnsibleModule
+from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_commands, api_command
+
+
+def main():
+ argument_spec = dict(
+ dependent_domains=dict(type='list', elements='str'),
+ global_domains=dict(type='list', elements='str'),
+ details_level=dict(type='str', choices=['uid', 'standard', 'full'])
+ )
+ argument_spec.update(checkpoint_argument_spec_for_commands)
+
+ module = AnsibleModule(argument_spec=argument_spec)
+
+ command = "assign-global-assignment"
+
+ result = api_command(module, command)
+ module.exit_json(**result)
+
+
+if __name__ == '__main__':
+ main()
diff --git a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_check_network_feed.py b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_check_network_feed.py
new file mode 100644
index 000000000..8c93bf16f
--- /dev/null
+++ b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_check_network_feed.py
@@ -0,0 +1,203 @@
+#!/usr/bin/python
+# -*- coding: utf-8 -*-
+#
+# Ansible module to manage CheckPoint Firewall (c) 2019
+#
+# Ansible is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# Ansible is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with Ansible. If not, see <http://www.gnu.org/licenses/>.
+#
+
+from __future__ import (absolute_import, division, print_function)
+
+__metaclass__ = type
+
+ANSIBLE_METADATA = {'metadata_version': '1.1',
+ 'status': ['preview'],
+ 'supported_by': 'community'}
+
+DOCUMENTATION = """
+---
+module: cp_mgmt_check_network_feed
+short_description: Check if a target can reach or parse a network feed; can work with an existing feed object or with a
+ new one (by providing all relevant feed parameters).
+description:
+ - Check if a target can reach or parse a network feed; can work with an existing feed object or with a new one (by providing all relevant feed parameters).
+ - All operations are performed over Web Services API.
+version_added: "3.0.0"
+author: "Eden Brillant (@chkp-edenbr)"
+options:
+ targets:
+ description:
+ - On what targets to execute this command. Targets may be identified by their name, or object unique identifier.
+ type: list
+ elements: str
+ network_feed:
+ description:
+ - network feed parameters.
+ type: dict
+ suboptions:
+ name:
+ description:
+ - Object name.
+ type: str
+ feed_url:
+ description:
+ - URL of the feed. URL should be written as http or https.
+ type: str
+ certificate_id:
+ description:
+ - Certificate SHA-1 fingerprint to access the feed.
+ type: str
+ feed_format:
+ description:
+ - Feed file format.
+ type: str
+ choices: ['Flat List', 'JSON']
+ feed_type:
+ description:
+ - Feed type to be enforced.
+ type: str
+ choices: ['Domain', 'IP Address', 'IP Address/Domain']
+ password:
+ description:
+ - password for authenticating with the URL.
+ type: str
+ username:
+ description:
+ - username for authenticating with the URL.
+ type: str
+ custom_header:
+ description:
+ - Headers to allow different authentication methods with the URL.
+ type: list
+ elements: dict
+ suboptions:
+ header_name:
+ description:
+ - The name of the HTTP header we wish to add.
+ type: str
+ header_value:
+ description:
+ - The name of the HTTP value we wish to add.
+ type: str
+ update_interval:
+ description:
+ - Interval in minutes for updating the feed on the Security Gateway.
+ type: int
+ data_column:
+ description:
+ - Number of the column that contains the feed's data.
+ type: int
+ fields_delimiter:
+ description:
+ - The delimiter that separates between the columns in the feed.
+ type: str
+ ignore_lines_that_start_with:
+ description:
+ - A prefix that will determine which lines to ignore.
+ type: str
+ json_query:
+ description:
+ - JQ query to be parsed.
+ type: str
+ use_gateway_proxy:
+ description:
+ - Use the gateway's proxy for retrieving the feed.
+ type: bool
+ details_level:
+ description:
+ - The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed
+ representation of the object.
+ type: str
+ choices: ['uid', 'standard', 'full']
+ domains_to_process:
+ description:
+ - Indicates which domains to process the commands on. It cannot be used with the details-level full, must be run from the System Domain
+ only and with ignore-warnings true. Valid values are, CURRENT_DOMAIN, ALL_DOMAINS_ON_THIS_SERVER.
+ type: list
+ elements: str
+ ignore_warnings:
+ description:
+ - Apply changes ignoring warnings.
+ type: bool
+ ignore_errors:
+ description:
+ - Apply changes ignoring errors. You won't be able to publish such a changes. If ignore-warnings flag was omitted - warnings will also be ignored.
+ type: bool
+ auto_publish_session:
+ description:
+ - Publish the current session if changes have been performed after task completes.
+ type: bool
+extends_documentation_fragment: check_point.mgmt.checkpoint_commands
+"""
+
+EXAMPLES = """
+- name: check-network-feed
+ cp_mgmt_check_network_feed:
+ network_feed:
+ name: existing_feed
+ targets: corporate-gateway
+"""
+
+RETURN = """
+cp_mgmt_check_network_feed:
+ description: The checkpoint check-network-feed output.
+ returned: always.
+ type: dict
+"""
+
+from ansible.module_utils.basic import AnsibleModule
+from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_commands, api_command
+
+
+def main():
+ argument_spec = dict(
+ targets=dict(type='list', elements='str'),
+ network_feed=dict(type='dict', options=dict(
+ name=dict(type='str'),
+ feed_url=dict(type='str'),
+ certificate_id=dict(type='str'),
+ feed_format=dict(type='str', choices=['Flat List', 'JSON']),
+ feed_type=dict(type='str', choices=['Domain', 'IP Address', 'IP Address/Domain']),
+ password=dict(type='str', no_log=True),
+ username=dict(type='str'),
+ custom_header=dict(type='list', elements='dict', options=dict(
+ header_name=dict(type='str'),
+ header_value=dict(type='str')
+ )),
+ update_interval=dict(type='int'),
+ data_column=dict(type='int'),
+ fields_delimiter=dict(type='str'),
+ ignore_lines_that_start_with=dict(type='str'),
+ json_query=dict(type='str'),
+ use_gateway_proxy=dict(type='bool'),
+ details_level=dict(type='str', choices=['uid', 'standard', 'full']),
+ domains_to_process=dict(type='list', elements='str'),
+ ignore_warnings=dict(type='bool'),
+ ignore_errors=dict(type='bool'),
+ )),
+ auto_publish_session=dict(type='bool')
+
+ )
+ argument_spec.update(checkpoint_argument_spec_for_commands)
+
+ module = AnsibleModule(argument_spec=argument_spec)
+
+ command = "check-network-feed"
+
+ result = api_command(module, command)
+ module.exit_json(**result)
+
+
+if __name__ == '__main__':
+ main()
diff --git a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_check_threat_ioc_feed.py b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_check_threat_ioc_feed.py
new file mode 100644
index 000000000..933349c9e
--- /dev/null
+++ b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_check_threat_ioc_feed.py
@@ -0,0 +1,223 @@
+#!/usr/bin/python
+# -*- coding: utf-8 -*-
+#
+# Ansible module to manage CheckPoint Firewall (c) 2019
+#
+# Ansible is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# Ansible is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with Ansible. If not, see <http://www.gnu.org/licenses/>.
+#
+
+from __future__ import (absolute_import, division, print_function)
+
+__metaclass__ = type
+
+ANSIBLE_METADATA = {'metadata_version': '1.1',
+ 'status': ['preview'],
+ 'supported_by': 'community'}
+
+DOCUMENTATION = """
+---
+module: cp_mgmt_check_threat_ioc_feed
+short_description: Check if a target can reach or parse a threat IOC feed; can work with an existing feed object or with
+ a new one (by providing all relevant feed parameters).
+description:
+ - Check if a target can reach or parse a threat IOC feed; can work with an existing feed object or with a new one (by providing all relevant feed
+ parameters).
+ - All operations are performed over Web Services API.
+version_added: "3.0.0"
+author: "Eden Brillant (@chkp-edenbr)"
+options:
+ ioc_feed:
+ description:
+ - threat ioc feed parameters.
+ type: dict
+ suboptions:
+ name:
+ description:
+ - Object name.
+ type: str
+ feed_url:
+ description:
+ - URL of the feed. URL should be written as http or https.
+ type: str
+ action:
+ description:
+ - The feed indicator's action.
+ type: str
+ choices: ['Prevent', 'Detect']
+ certificate_id:
+ description:
+ - Certificate SHA-1 fingerprint to access the feed.
+ type: str
+ custom_comment:
+ description:
+ - Custom IOC feed - the column number of comment.
+ type: int
+ custom_confidence:
+ description:
+ - Custom IOC feed - the column number of confidence.
+ type: int
+ custom_header:
+ description:
+ - Custom HTTP headers.
+ type: list
+ elements: dict
+ suboptions:
+ header_name:
+ description:
+ - The name of the HTTP header we wish to add.
+ type: str
+ header_value:
+ description:
+ - The name of the HTTP value we wish to add.
+ type: str
+ custom_name:
+ description:
+ - Custom IOC feed - the column number of name.
+ type: int
+ custom_severity:
+ description:
+ - Custom IOC feed - the column number of severity.
+ type: int
+ custom_type:
+ description:
+ - Custom IOC feed - the column number of type in case a specific type is not chosen.
+ type: int
+ custom_value:
+ description:
+ - Custom IOC feed - the column number of value in case a specific type is chosen.
+ type: int
+ enabled:
+ description:
+ - Sets whether this indicator feed is enabled.
+ type: bool
+ feed_type:
+ description:
+ - Feed type to be enforced.
+ type: str
+ choices: ['any type', 'domain', 'ip address', 'md5', 'url', 'ip range', 'mail subject', 'mail from', 'mail to', 'mail reply to',
+ 'mail cc', 'sha1', 'sha256']
+ password:
+ description:
+ - password for authenticating with the URL.
+ type: str
+ use_custom_feed_settings:
+ description:
+ - Set in order to configure a custom indicator feed.
+ type: bool
+ username:
+ description:
+ - username for authenticating with the URL.
+ type: str
+ fields_delimiter:
+ description:
+ - The delimiter that separates between the columns in the feed.
+ type: str
+ ignore_lines_that_start_with:
+ description:
+ - A prefix that will determine which lines to ignore.
+ type: str
+ use_gateway_proxy:
+ description:
+ - Use the gateway's proxy for retrieving the feed.
+ type: bool
+ details_level:
+ description:
+ - The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed
+ representation of the object.
+ type: str
+ choices: ['uid', 'standard', 'full']
+ ignore_warnings:
+ description:
+ - Apply changes ignoring warnings.
+ type: bool
+ ignore_errors:
+ description:
+ - Apply changes ignoring errors. You won't be able to publish such a changes. If ignore-warnings flag was omitted - warnings will also be ignored.
+ type: bool
+ targets:
+ description:
+ - On what targets to execute this command. Targets may be identified by their name, or object unique identifier.
+ type: list
+ elements: str
+ auto_publish_session:
+ description:
+ - Publish the current session if changes have been performed after task completes.
+ type: bool
+extends_documentation_fragment: check_point.mgmt.checkpoint_commands
+"""
+
+EXAMPLES = """
+- name: check-threat-ioc-feed
+ cp_mgmt_check_threat_ioc_feed:
+ ioc_feed:
+ name: existing_feed
+ targets: corporate-gateway
+"""
+
+RETURN = """
+cp_mgmt_check_threat_ioc_feed:
+ description: The checkpoint check-threat-ioc-feed output.
+ returned: always.
+ type: dict
+"""
+
+from ansible.module_utils.basic import AnsibleModule
+from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_commands, api_command
+
+
+def main():
+ argument_spec = dict(
+ ioc_feed=dict(type='dict', options=dict(
+ name=dict(type='str'),
+ feed_url=dict(type='str'),
+ action=dict(type='str', choices=['Prevent', 'Detect']),
+ certificate_id=dict(type='str'),
+ custom_comment=dict(type='int'),
+ custom_confidence=dict(type='int'),
+ custom_header=dict(type='list', elements='dict', options=dict(
+ header_name=dict(type='str'),
+ header_value=dict(type='str')
+ )),
+ custom_name=dict(type='int'),
+ custom_severity=dict(type='int'),
+ custom_type=dict(type='int'),
+ custom_value=dict(type='int'),
+ enabled=dict(type='bool'),
+ feed_type=dict(type='str', choices=['any type', 'domain', 'ip address', 'md5', 'url', 'ip range',
+ 'mail subject', 'mail from', 'mail to', 'mail reply to', 'mail cc', 'sha1', 'sha256']),
+ password=dict(type='str', no_log=True),
+ use_custom_feed_settings=dict(type='bool'),
+ username=dict(type='str'),
+ fields_delimiter=dict(type='str'),
+ ignore_lines_that_start_with=dict(type='str'),
+ use_gateway_proxy=dict(type='bool'),
+ details_level=dict(type='str', choices=['uid', 'standard', 'full']),
+ ignore_warnings=dict(type='bool'),
+ ignore_errors=dict(type='bool')
+ )),
+ targets=dict(type='list', elements='str'),
+ auto_publish_session=dict(type='bool')
+ )
+ argument_spec.update(checkpoint_argument_spec_for_commands)
+
+ module = AnsibleModule(argument_spec=argument_spec)
+
+ command = "check-threat-ioc-feed"
+
+ result = api_command(module, command)
+ module.exit_json(**result)
+
+
+if __name__ == '__main__':
+ main()
diff --git a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_cluster_members_facts.py b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_cluster_members_facts.py
new file mode 100644
index 000000000..203ce487e
--- /dev/null
+++ b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_cluster_members_facts.py
@@ -0,0 +1,147 @@
+#!/usr/bin/python
+# -*- coding: utf-8 -*-
+#
+# Ansible module to manage CheckPoint Firewall (c) 2019
+#
+# Ansible is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# Ansible is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with Ansible. If not, see <http://www.gnu.org/licenses/>.
+#
+
+from __future__ import (absolute_import, division, print_function)
+
+__metaclass__ = type
+
+ANSIBLE_METADATA = {'metadata_version': '1.1',
+ 'status': ['preview'],
+ 'supported_by': 'community'}
+
+DOCUMENTATION = """
+---
+module: cp_mgmt_cluster_members_facts
+short_description: Retrieve all existing cluster members in domain.
+description:
+ - Retrieve all existing cluster members in domain.
+ - All operations are performed over Web Services API.
+version_added: "3.0.0"
+author: "Eden Brillant (@chkp-edenbr)"
+options:
+ uid:
+ description:
+ - Cluster member unique identifier.
+ type: str
+ limit_interfaces:
+ description:
+ - Limit number of cluster member interfaces to show.
+ type: int
+ filter:
+ description:
+ - Search expression to filter objects by. The provided text should be exactly the same as it would be given in SmartConsole Object Explorer. The
+ logical operators in the expression ('AND', 'OR') should be provided in capital letters. The search involves both a IP search and a textual search in
+ name, comment, tags etc.
+ type: str
+ limit:
+ description:
+ - The maximal number of returned results.
+ This parameter is relevant only for getting few objects.
+ type: int
+ offset:
+ description:
+ - Number of the results to initially skip.
+ This parameter is relevant only for getting few objects.
+ type: int
+ order:
+ description:
+ - Sorts the results by search criteria. Automatically sorts the results by Name, in the ascending order.
+ This parameter is relevant only for getting few objects.
+ type: list
+ elements: dict
+ suboptions:
+ ASC:
+ description:
+ - Sorts results by the given field in ascending order.
+ type: str
+ choices: ['name']
+ DESC:
+ description:
+ - Sorts results by the given field in descending order.
+ type: str
+ choices: ['name']
+ show_membership:
+ description:
+ - Indicates whether to calculate and show "groups" field for every object in reply.
+ type: bool
+ details_level:
+ description:
+ - The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed
+ representation of the object.
+ type: str
+ choices: ['uid', 'standard', 'full']
+ domains_to_process:
+ description:
+ - Indicates which domains to process the commands on. It cannot be used with the details-level full, must be run from the System Domain only and
+ with ignore-warnings true. Valid values are, CURRENT_DOMAIN, ALL_DOMAINS_ON_THIS_SERVER.
+ type: list
+ elements: str
+extends_documentation_fragment: check_point.mgmt.checkpoint_facts
+"""
+
+EXAMPLES = """
+- name: show-cluster-member
+ cp_mgmt_cluster_members_facts:
+ uid: 871a47b9-0000-4444-555-593c2111111
+
+- name: show-cluster-members
+ cp_mgmt_cluster_members_facts:
+ details_level: standard
+ limit: 5
+"""
+
+RETURN = """
+ansible_facts:
+ description: The checkpoint object facts.
+ returned: always.
+ type: dict
+"""
+
+from ansible.module_utils.basic import AnsibleModule
+from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_facts, api_call_facts
+
+
+def main():
+ argument_spec = dict(
+ uid=dict(type='str'),
+ limit_interfaces=dict(type='int'),
+ filter=dict(type='str'),
+ limit=dict(type='int'),
+ offset=dict(type='int'),
+ order=dict(type='list', elements='dict', options=dict(
+ ASC=dict(type='str', choices=['name']),
+ DESC=dict(type='str', choices=['name'])
+ )),
+ show_membership=dict(type='bool'),
+ details_level=dict(type='str', choices=['uid', 'standard', 'full']),
+ domains_to_process=dict(type='list', elements='str')
+ )
+ argument_spec.update(checkpoint_argument_spec_for_facts)
+
+ module = AnsibleModule(argument_spec=argument_spec, supports_check_mode=True)
+
+ api_call_object = "cluster-member"
+ api_call_object_plural_version = "cluster-members"
+
+ result = api_call_facts(module, api_call_object, api_call_object_plural_version)
+ module.exit_json(**result)
+
+
+if __name__ == '__main__':
+ main()
diff --git a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_connect_cloud_services.py b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_connect_cloud_services.py
new file mode 100644
index 000000000..9194f9a0f
--- /dev/null
+++ b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_connect_cloud_services.py
@@ -0,0 +1,82 @@
+#!/usr/bin/python
+# -*- coding: utf-8 -*-
+#
+# Ansible module to manage CheckPoint Firewall (c) 2019
+#
+# Ansible is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# Ansible is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with Ansible. If not, see <http://www.gnu.org/licenses/>.
+#
+
+from __future__ import (absolute_import, division, print_function)
+
+__metaclass__ = type
+
+ANSIBLE_METADATA = {'metadata_version': '1.1',
+ 'status': ['preview'],
+ 'supported_by': 'community'}
+
+DOCUMENTATION = """
+---
+module: cp_mgmt_connect_cloud_services
+short_description: Securely connect the Management Server to Check Point's Infinity Portal. <br>This is a preliminary operation so that the management server
+ can use various Check Point cloud-based security services hosted in the Infinity Portal.
+description:
+ - Securely connect the Management Server to Check Point's Infinity Portal. <br>This is a preliminary operation so that the management server can use
+ various Check Point cloud-based security services hosted in the Infinity Portal.
+ - All operations are performed over Web Services API.
+version_added: "3.0.0"
+author: "Eden Brillant (@chkp-edenbr)"
+options:
+ auth_token:
+ description:
+ - Copy the authentication token from the Smart-1 cloud service hosted in the Infinity Portal.
+ type: str
+extends_documentation_fragment: check_point.mgmt.checkpoint_commands
+"""
+
+EXAMPLES = """
+- name: connect-cloud-services
+ cp_mgmt_connect_cloud_services:
+ #sgignore next_line
+ auth_token: aHR0cHM6Ly9kZXYtY2xvdWRpbmZyYS1ndy5rdWJlMS5pYWFzLmNoZWNrcG9pbnQuY29tL2FwcC9tYWFzL2FwaS92Mi9tYW5hZ2VtZW50
+ cy9hZmJlYWRlYS04Y2U2LTRlYTUtOTI4OS00ZTQ0N2M0ZjgyMTvY2xvdWRBY2Nlc3MvP290cD02ZWIzNThlOS1hMzkxLTQxOGQtYjlmZ
+ i0xOGIxOTQwOGJlN2Y=
+"""
+
+RETURN = """
+cp_mgmt_connect_cloud_services:
+ description: The checkpoint connect-cloud-services output.
+ returned: always.
+ type: dict
+"""
+
+from ansible.module_utils.basic import AnsibleModule
+from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_commands, api_command
+
+
+def main():
+ argument_spec = dict(
+ auth_token=dict(type='str', no_log=True)
+ )
+ argument_spec.update(checkpoint_argument_spec_for_commands)
+
+ module = AnsibleModule(argument_spec=argument_spec)
+
+ command = "connect-cloud-services"
+
+ result = api_command(module, command)
+ module.exit_json(**result)
+
+
+if __name__ == '__main__':
+ main()
diff --git a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_data_center_object_facts.py b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_data_center_object_facts.py
new file mode 100644
index 000000000..41400cf0a
--- /dev/null
+++ b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_data_center_object_facts.py
@@ -0,0 +1,129 @@
+#!/usr/bin/python
+# -*- coding: utf-8 -*-
+#
+# Ansible module to manage CheckPoint Firewall (c) 2019
+#
+# Ansible is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# Ansible is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with Ansible. If not, see <http://www.gnu.org/licenses/>.
+#
+
+from __future__ import (absolute_import, division, print_function)
+
+__metaclass__ = type
+
+ANSIBLE_METADATA = {'metadata_version': '1.1',
+ 'status': ['preview'],
+ 'supported_by': 'community'}
+
+DOCUMENTATION = """
+---
+module: cp_mgmt_data_center_object_facts
+short_description: Get data-center-object objects facts on Checkpoint over Web Services API
+description:
+ - Get data-center-object objects facts on Checkpoint devices.
+ - All operations are performed over Web Services API.
+ - This module handles both operations, get a specific object and get several objects,
+ For getting a specific object use the parameter 'name'.
+version_added: "2.0.0"
+author: "Or Soffer (@chkp-orso)"
+options:
+ name:
+ description:
+ - Object name.
+ This parameter is relevant only for getting a specific object.
+ type: str
+ details_level:
+ description:
+ - The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed
+ representation of the object.
+ type: str
+ choices: ['uid', 'standard', 'full']
+ limit:
+ description:
+ - The maximal number of returned results.
+ This parameter is relevant only for getting few objects.
+ type: int
+ offset:
+ description:
+ - Number of the results to initially skip.
+ This parameter is relevant only for getting few objects.
+ type: int
+ order:
+ description:
+ - Sorts the results by search criteria. Automatically sorts the results by Name, in the ascending order.
+ This parameter is relevant only for getting few objects.
+ type: list
+ elements: dict
+ suboptions:
+ ASC:
+ description:
+ - Sorts results by the given field in ascending order.
+ type: str
+ choices: ['name']
+ DESC:
+ description:
+ - Sorts results by the given field in descending order.
+ type: str
+ choices: ['name']
+ show_membership:
+ description:
+ - Indicates whether to calculate and show "groups" field for every object in reply.
+ type: bool
+extends_documentation_fragment: check_point.mgmt.checkpoint_facts
+"""
+
+EXAMPLES = """
+- name: show-data-center-object
+ cp_mgmt_data_center_object_facts:
+ name: VM1 mgmt name
+
+- name: show-data-center-objects
+ cp_mgmt_data_center_object_facts:
+"""
+
+RETURN = """
+ansible_facts:
+ description: The checkpoint object facts.
+ returned: always.
+ type: dict
+"""
+
+from ansible.module_utils.basic import AnsibleModule
+from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_facts, api_call_facts
+
+
+def main():
+ argument_spec = dict(
+ name=dict(type='str'),
+ details_level=dict(type='str', choices=['uid', 'standard', 'full']),
+ limit=dict(type='int'),
+ offset=dict(type='int'),
+ order=dict(type='list', elements='dict', options=dict(
+ ASC=dict(type='str', choices=['name']),
+ DESC=dict(type='str', choices=['name'])
+ )),
+ show_membership=dict(type='bool')
+ )
+ argument_spec.update(checkpoint_argument_spec_for_facts)
+
+ module = AnsibleModule(argument_spec=argument_spec, supports_check_mode=True)
+
+ api_call_object = "data-center-object"
+ api_call_object_plural_version = "data-center-objects"
+
+ result = api_call_facts(module, api_call_object, api_call_object_plural_version)
+ module.exit_json(ansible_facts=result)
+
+
+if __name__ == '__main__':
+ main()
diff --git a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_delete_api_key.py b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_delete_api_key.py
new file mode 100644
index 000000000..4839a1f27
--- /dev/null
+++ b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_delete_api_key.py
@@ -0,0 +1,89 @@
+#!/usr/bin/python
+# -*- coding: utf-8 -*-
+#
+# Ansible module to manage CheckPoint Firewall (c) 2019
+#
+# Ansible is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# Ansible is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with Ansible. If not, see <http://www.gnu.org/licenses/>.
+#
+
+from __future__ import (absolute_import, division, print_function)
+
+__metaclass__ = type
+
+ANSIBLE_METADATA = {'metadata_version': '1.1',
+ 'status': ['preview'],
+ 'supported_by': 'community'}
+
+DOCUMENTATION = """
+---
+module: cp_mgmt_delete_api_key
+short_description: Delete the API key. For the key to be invalid publish is needed.
+description:
+ - Delete the API key. For the key to be invalid publish is needed.
+ - All operations are performed over Web Services API.
+version_added: "2.0.0"
+author: "Or Soffer (@chkp-orso)"
+options:
+ api_key:
+ description:
+ - API key to be deleted.
+ type: str
+ admin_uid:
+ description:
+ - Administrator uid to generate API key for.
+ type: str
+ admin_name:
+ description:
+ - Administrator name to generate API key for.
+ type: str
+extends_documentation_fragment: check_point.mgmt.checkpoint_commands
+"""
+
+EXAMPLES = """
+- name: delete-api-key
+ cp_mgmt_delete_api_key:
+ #sgignore next_line
+ api_key: eea3be76f4a8eb740ee872bcedc692748ff256a2d21c9ffd2754facbde046d00
+ state: absent
+"""
+
+RETURN = """
+cp_mgmt_delete_api_key:
+ description: The checkpoint delete-api-key output.
+ returned: always.
+ type: dict
+"""
+
+from ansible.module_utils.basic import AnsibleModule
+from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_commands, api_command
+
+
+def main():
+ argument_spec = dict(
+ api_key=dict(type='str', no_log=True),
+ admin_uid=dict(type='str'),
+ admin_name=dict(type='str')
+ )
+ argument_spec.update(checkpoint_argument_spec_for_commands)
+
+ module = AnsibleModule(argument_spec=argument_spec)
+
+ command = "delete-api-key"
+
+ result = api_command(module, command)
+ module.exit_json(**result)
+
+
+if __name__ == '__main__':
+ main()
diff --git a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_delete_data_center_object.py b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_delete_data_center_object.py
new file mode 100644
index 000000000..52f4b6633
--- /dev/null
+++ b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_delete_data_center_object.py
@@ -0,0 +1,95 @@
+#!/usr/bin/python
+# -*- coding: utf-8 -*-
+#
+# Ansible module to manage CheckPoint Firewall (c) 2019
+#
+# Ansible is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# Ansible is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with Ansible. If not, see <http://www.gnu.org/licenses/>.
+#
+
+from __future__ import (absolute_import, division, print_function)
+
+__metaclass__ = type
+
+ANSIBLE_METADATA = {'metadata_version': '1.1',
+ 'status': ['preview'],
+ 'supported_by': 'community'}
+
+DOCUMENTATION = """
+---
+module: cp_mgmt_delete_data_center_object
+short_description: Delete existing object using object name or uid.
+description:
+ - Delete existing object using object name or uid.
+ - All operations are performed over Web Services API.
+version_added: "2.0.0"
+author: "Or Soffer (@chkp-orso)"
+options:
+ name:
+ description:
+ - Object name.
+ type: str
+ details_level:
+ description:
+ - The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed
+ representation of the object.
+ type: str
+ choices: ['uid', 'standard', 'full']
+ ignore_warnings:
+ description:
+ - Apply changes ignoring warnings.
+ type: bool
+ ignore_errors:
+ description:
+ - Apply changes ignoring errors. You won't be able to publish such a changes. If ignore-warnings flag was omitted - warnings will also be ignored.
+ type: bool
+extends_documentation_fragment: check_point.mgmt.checkpoint_commands
+"""
+
+EXAMPLES = """
+- name: delete-data-center-object
+ cp_mgmt_delete_data_center_object:
+ name: VM1 mgmt name
+ state: absent
+"""
+
+RETURN = """
+cp_mgmt_delete_data_center_object:
+ description: The checkpoint delete-data-center-object output.
+ returned: always.
+ type: dict
+"""
+
+from ansible.module_utils.basic import AnsibleModule
+from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_commands, api_command
+
+
+def main():
+ argument_spec = dict(
+ name=dict(type='str'),
+ details_level=dict(type='str', choices=['uid', 'standard', 'full']),
+ ignore_warnings=dict(type='bool'),
+ ignore_errors=dict(type='bool')
+ )
+ argument_spec.update(checkpoint_argument_spec_for_commands)
+
+ module = AnsibleModule(argument_spec=argument_spec)
+
+ command = "delete-data-center-object"
+
+ result = api_command(module, command)
+ module.exit_json(**result)
+
+
+if __name__ == '__main__':
+ main()
diff --git a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_delete_domain.py b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_delete_domain.py
new file mode 100644
index 000000000..4b356fd49
--- /dev/null
+++ b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_delete_domain.py
@@ -0,0 +1,94 @@
+#!/usr/bin/python
+# -*- coding: utf-8 -*-
+#
+# Ansible module to manage CheckPoint Firewall (c) 2019
+#
+# Ansible is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# Ansible is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with Ansible. If not, see <http://www.gnu.org/licenses/>.
+#
+
+from __future__ import (absolute_import, division, print_function)
+
+__metaclass__ = type
+
+ANSIBLE_METADATA = {'metadata_version': '1.1',
+ 'status': ['preview'],
+ 'supported_by': 'community'}
+
+DOCUMENTATION = """
+---
+module: cp_mgmt_delete_domain
+short_description: Delete existing object using object name or uid.
+description:
+ - Delete existing object using object name or uid.
+ - All operations are performed over Web Services API.
+version_added: "2.1.0"
+author: "Or Soffer (@chkp-orso)"
+options:
+ name:
+ description:
+ - Object name.
+ type: str
+ required: True
+ details_level:
+ description:
+ - The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed
+ representation of the object.
+ type: str
+ choices: ['uid', 'standard', 'full']
+ ignore_warnings:
+ description:
+ - Apply changes ignoring warnings.
+ type: bool
+ ignore_errors:
+ description:
+ - Apply changes ignoring errors. You won't be able to publish such a changes. If ignore-warnings flag was omitted - warnings will also be ignored.
+ type: bool
+extends_documentation_fragment: check_point.mgmt.checkpoint_commands
+"""
+
+EXAMPLES = """
+- name: delete-domain
+ cp_mgmt_delete_domain:
+ name: domain1
+"""
+
+RETURN = """
+cp_mgmt_domain:
+ description: The checkpoint delete-domain output.
+ returned: always.
+ type: dict
+"""
+
+from ansible.module_utils.basic import AnsibleModule
+from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_commands, api_command
+
+
+def main():
+ argument_spec = dict(
+ name=dict(type='str', required=True),
+ details_level=dict(type='str', choices=['uid', 'standard', 'full']),
+ ignore_warnings=dict(type='bool'),
+ ignore_errors=dict(type='bool'),
+ )
+ argument_spec.update(checkpoint_argument_spec_for_commands)
+
+ module = AnsibleModule(argument_spec=argument_spec)
+ command = 'delete-domain'
+
+ result = api_command(module, command)
+ module.exit_json(**result)
+
+
+if __name__ == '__main__':
+ main()
diff --git a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_delete_nat_rule.py b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_delete_nat_rule.py
new file mode 100644
index 000000000..2915667f3
--- /dev/null
+++ b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_delete_nat_rule.py
@@ -0,0 +1,90 @@
+#!/usr/bin/python
+# -*- coding: utf-8 -*-
+#
+# Ansible module to manage CheckPoint Firewall (c) 2019
+#
+# Ansible is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# Ansible is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with Ansible. If not, see <http://www.gnu.org/licenses/>.
+#
+
+from __future__ import (absolute_import, division, print_function)
+
+__metaclass__ = type
+
+ANSIBLE_METADATA = {'metadata_version': '1.1',
+ 'status': ['preview'],
+ 'supported_by': 'community'}
+
+DOCUMENTATION = """
+---
+module: cp_mgmt_delete_nat_rule
+short_description: Delete existing object using object name or uid.
+description:
+ - Delete existing object using object name or uid.
+ - All operations are performed over Web Services API.
+version_added: "2.0.0"
+author: "Or Soffer (@chkp-orso)"
+options:
+ rule_number:
+ description:
+ - Rule number.
+ type: str
+ package:
+ description:
+ - Name of the package.
+ type: str
+ details_level:
+ description:
+ - The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed
+ representation of the object.
+ type: str
+ choices: ['uid', 'standard', 'full']
+extends_documentation_fragment: check_point.mgmt.checkpoint_commands
+"""
+
+EXAMPLES = """
+- name: delete-nat-rule
+ cp_mgmt_delete_nat_rule:
+ package: standard
+ state: absent
+"""
+
+RETURN = """
+cp_mgmt_delete_nat_rule:
+ description: The checkpoint delete-nat-rule output.
+ returned: always.
+ type: dict
+"""
+
+from ansible.module_utils.basic import AnsibleModule
+from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_commands, api_command
+
+
+def main():
+ argument_spec = dict(
+ rule_number=dict(type='str'),
+ package=dict(type='str'),
+ details_level=dict(type='str', choices=['uid', 'standard', 'full'])
+ )
+ argument_spec.update(checkpoint_argument_spec_for_commands)
+
+ module = AnsibleModule(argument_spec=argument_spec)
+
+ command = "delete-nat-rule"
+
+ result = api_command(module, command)
+ module.exit_json(**result)
+
+
+if __name__ == '__main__':
+ main()
diff --git a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_delete_rules_batch.py b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_delete_rules_batch.py
new file mode 100644
index 000000000..8e17898be
--- /dev/null
+++ b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_delete_rules_batch.py
@@ -0,0 +1,123 @@
+#!/usr/bin/python
+# -*- coding: utf-8 -*-
+#
+# Ansible module to manage CheckPoint Firewall (c) 2019
+#
+# Ansible is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# Ansible is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with Ansible. If not, see <http://www.gnu.org/licenses/>.
+#
+
+from __future__ import (absolute_import, division, print_function)
+
+__metaclass__ = type
+
+ANSIBLE_METADATA = {'metadata_version': '1.1',
+ 'status': ['preview'],
+ 'supported_by': 'community'}
+
+DOCUMENTATION = """
+---
+module: cp_mgmt_delete_rules_batch
+short_description: Delete rules in batch from the same layer. Use this API to achieve optimum performance when removing more than one rule.
+description:
+ - Delete rules in batch from the same layer. Use this API to achieve optimum performance when removing more than one rule.
+ - Warnings are ignored when using this API, operation will apply changes while ignoring warnings.
+ - Supported rules types are access-rule, nat-rule, https-rule and threat-exception.
+ - This module is not idempotent.
+ - All operations are performed over Web Services API.
+version_added: "3.0.0"
+author: "Eden Brillant (@chkp-edenbr)"
+options:
+ objects:
+ description:
+ - Batch of rules separated by types.
+ type: list
+ elements: dict
+ suboptions:
+ layer:
+ description:
+ - Layer name or uid.
+ type: str
+ type:
+ description:
+ - Type of rules to be deleted. <br>Only types from above are supported.
+ type: str
+ list:
+ description:
+ - List of rules from the same type to be deleted. <br>Use the "delete" API reference documentation for a single rule command to find the
+ expected fields for the request.<br>For example, to delete access-rule, use the "delete-access-rule" command found in the API reference
+ documentation (under Access Control & NAT). <br>Note, "ignore-errors", "ignore-warnings" and "details-level" options are not supported when
+ deleting a batch of objects.
+ type: list
+ elements: dict
+ auto_publish_session:
+ description:
+ - Publish the current session if changes have been performed after task completes.
+ type: bool
+extends_documentation_fragment: check_point.mgmt.checkpoint_commands
+"""
+
+EXAMPLES = """
+- name: delete-rules-batch
+ cp_mgmt_delete_rules_batch:
+ objects:
+ - layer: Network
+ list:
+ - rule_number: 1
+ - rule_number: 2
+ type: access-rule
+ - layer: Standard
+ list:
+ - rule_number: 1
+ - rule_number: 2
+ type: nat-rule
+ - layer: Default Layer
+ list:
+ - rule_number: 1
+ - rule_number: 2
+ type: https-rule
+ state: absent
+"""
+
+RETURN = """
+cp_mgmt_delete_rules_batch:
+ description: The checkpoint delete-rules-batch output.
+ returned: always.
+ type: dict
+"""
+
+from ansible.module_utils.basic import AnsibleModule
+from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_commands, api_command
+
+
+def main():
+ argument_spec = dict(
+ objects=dict(type='list', elements='dict', options=dict(
+ layer=dict(type='str'),
+ type=dict(type='str'),
+ list=dict(type='list', elements='dict')
+ )),
+ auto_publish_session=dict(type='bool')
+ )
+ argument_spec.update(checkpoint_argument_spec_for_commands)
+
+ module = AnsibleModule(argument_spec=argument_spec)
+
+ command = "delete-rules-batch"
+
+ result = api_command(module, command)
+ module.exit_json(**result)
+
+
+if __name__ == '__main__':
+ main()
diff --git a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_discard.py b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_discard.py
new file mode 100644
index 000000000..7dc4844e9
--- /dev/null
+++ b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_discard.py
@@ -0,0 +1,76 @@
+#!/usr/bin/python
+# -*- coding: utf-8 -*-
+#
+# Ansible module to manage Check Point Firewall (c) 2019
+#
+# Ansible is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# Ansible is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with Ansible. If not, see <http://www.gnu.org/licenses/>.
+#
+
+from __future__ import (absolute_import, division, print_function)
+
+__metaclass__ = type
+
+ANSIBLE_METADATA = {'metadata_version': '1.1',
+ 'status': ['preview'],
+ 'supported_by': 'community'}
+
+DOCUMENTATION = """
+---
+module: cp_mgmt_discard
+short_description: All changes done by user are discarded and removed from database.
+description:
+ - All changes done by user are discarded and removed from database.
+ - All operations are performed over Web Services API.
+version_added: "1.0.0"
+author: "Or Soffer (@chkp-orso)"
+options:
+ uid:
+ description:
+ - Session unique identifier. Specify it to discard a different session than the one you currently use.
+ type: str
+extends_documentation_fragment: check_point.mgmt.checkpoint_commands
+"""
+
+EXAMPLES = """
+- name: discard
+ cp_mgmt_discard:
+"""
+
+RETURN = """
+cp_mgmt_discard:
+ description: The checkpoint discard output.
+ returned: always.
+ type: dict
+"""
+
+from ansible.module_utils.basic import AnsibleModule
+from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_commands, api_command
+
+
+def main():
+ argument_spec = dict(
+ uid=dict(type='str')
+ )
+ argument_spec.update(checkpoint_argument_spec_for_commands)
+
+ module = AnsibleModule(argument_spec=argument_spec)
+
+ command = "discard"
+
+ result = api_command(module, command)
+ module.exit_json(**result)
+
+
+if __name__ == '__main__':
+ main()
diff --git a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_disconnect_cloud_services.py b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_disconnect_cloud_services.py
new file mode 100644
index 000000000..82073cc7a
--- /dev/null
+++ b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_disconnect_cloud_services.py
@@ -0,0 +1,78 @@
+#!/usr/bin/python
+# -*- coding: utf-8 -*-
+#
+# Ansible module to manage CheckPoint Firewall (c) 2019
+#
+# Ansible is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# Ansible is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with Ansible. If not, see <http://www.gnu.org/licenses/>.
+#
+
+from __future__ import (absolute_import, division, print_function)
+
+__metaclass__ = type
+
+ANSIBLE_METADATA = {'metadata_version': '1.1',
+ 'status': ['preview'],
+ 'supported_by': 'community'}
+
+DOCUMENTATION = """
+---
+module: cp_mgmt_disconnect_cloud_services
+short_description: Disconnect the Management Server from Check Point's Infinity Portal.
+description:
+ - Disconnect the Management Server from Check Point's Infinity Portal.
+ - All operations are performed over Web Services API.
+version_added: "3.0.0"
+author: "Eden Brillant (@chkp-edenbr)"
+options:
+ force:
+ description:
+ - Disconnect the Management Server from Check Point Infinity Portal, and reset the connection locally, regardless of the result in the Infinity
+ Portal. This flag can be used if the disconnect-cloud-services command failed. Since with this flag this command affects only the local configuration,
+ make sure to disconnect the Management Server in the Infinity Portal as well.
+ type: bool
+extends_documentation_fragment: check_point.mgmt.checkpoint_commands
+"""
+
+EXAMPLES = """
+- name: disconnect-cloud-services
+ cp_mgmt_disconnect_cloud_services:
+"""
+
+RETURN = """
+cp_mgmt_disconnect_cloud_services:
+ description: The checkpoint disconnect-cloud-services output.
+ returned: always.
+ type: dict
+"""
+
+from ansible.module_utils.basic import AnsibleModule
+from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_commands, api_command
+
+
+def main():
+ argument_spec = dict(
+ force=dict(type='bool')
+ )
+ argument_spec.update(checkpoint_argument_spec_for_commands)
+
+ module = AnsibleModule(argument_spec=argument_spec)
+
+ command = "disconnect-cloud-services"
+
+ result = api_command(module, command)
+ module.exit_json(**result)
+
+
+if __name__ == '__main__':
+ main()
diff --git a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_dns_domain.py b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_dns_domain.py
new file mode 100644
index 000000000..127dce067
--- /dev/null
+++ b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_dns_domain.py
@@ -0,0 +1,135 @@
+#!/usr/bin/python
+# -*- coding: utf-8 -*-
+#
+# Ansible module to manage Check Point Firewall (c) 2019
+#
+# Ansible is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# Ansible is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with Ansible. If not, see <http://www.gnu.org/licenses/>.
+#
+
+from __future__ import (absolute_import, division, print_function)
+
+__metaclass__ = type
+
+ANSIBLE_METADATA = {'metadata_version': '1.1',
+ 'status': ['preview'],
+ 'supported_by': 'community'}
+
+DOCUMENTATION = """
+---
+module: cp_mgmt_dns_domain
+short_description: Manages dns-domain objects on Check Point over Web Services API
+description:
+ - Manages dns-domain objects on Check Point devices including creating, updating and removing objects.
+ - All operations are performed over Web Services API.
+version_added: "1.0.0"
+author: "Or Soffer (@chkp-orso)"
+options:
+ name:
+ description:
+ - Object name.
+ type: str
+ required: True
+ is_sub_domain:
+ description:
+ - Whether to match sub-domains in addition to the domain itself.
+ type: bool
+ tags:
+ description:
+ - Collection of tag identifiers.
+ type: list
+ elements: str
+ color:
+ description:
+ - Color of the object. Should be one of existing colors.
+ type: str
+ choices: ['aquamarine', 'black', 'blue', 'crete blue', 'burlywood', 'cyan', 'dark green', 'khaki', 'orchid', 'dark orange', 'dark sea green',
+ 'pink', 'turquoise', 'dark blue', 'firebrick', 'brown', 'forest green', 'gold', 'dark gold', 'gray', 'dark gray', 'light green', 'lemon chiffon',
+ 'coral', 'sea green', 'sky blue', 'magenta', 'purple', 'slate blue', 'violet red', 'navy blue', 'olive', 'orange', 'red', 'sienna', 'yellow']
+ comments:
+ description:
+ - Comments string.
+ type: str
+ details_level:
+ description:
+ - The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed
+ representation of the object.
+ type: str
+ choices: ['uid', 'standard', 'full']
+ ignore_warnings:
+ description:
+ - Apply changes ignoring warnings.
+ type: bool
+ ignore_errors:
+ description:
+ - Apply changes ignoring errors. You won't be able to publish such a changes. If ignore-warnings flag was omitted - warnings will also be ignored.
+ type: bool
+extends_documentation_fragment: check_point.mgmt.checkpoint_objects
+"""
+
+EXAMPLES = """
+- name: add-dns-domain
+ cp_mgmt_dns_domain:
+ is_sub_domain: false
+ name: .www.example.com
+ state: present
+
+- name: set-dns-domain
+ cp_mgmt_dns_domain:
+ is_sub_domain: true
+ name: .www.example.com
+ state: present
+
+- name: delete-dns-domain
+ cp_mgmt_dns_domain:
+ name: .example.com
+ state: absent
+"""
+
+RETURN = """
+cp_mgmt_dns_domain:
+ description: The checkpoint object created or updated.
+ returned: always, except when deleting the object.
+ type: dict
+"""
+
+from ansible.module_utils.basic import AnsibleModule
+from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_objects, api_call
+
+
+def main():
+ argument_spec = dict(
+ name=dict(type='str', required=True),
+ is_sub_domain=dict(type='bool'),
+ tags=dict(type='list', elements='str'),
+ color=dict(type='str', choices=['aquamarine', 'black', 'blue', 'crete blue', 'burlywood', 'cyan', 'dark green',
+ 'khaki', 'orchid', 'dark orange', 'dark sea green', 'pink', 'turquoise', 'dark blue', 'firebrick', 'brown',
+ 'forest green', 'gold', 'dark gold', 'gray', 'dark gray', 'light green', 'lemon chiffon', 'coral', 'sea green',
+ 'sky blue', 'magenta', 'purple', 'slate blue', 'violet red', 'navy blue', 'olive', 'orange', 'red', 'sienna',
+ 'yellow']),
+ comments=dict(type='str'),
+ details_level=dict(type='str', choices=['uid', 'standard', 'full']),
+ ignore_warnings=dict(type='bool'),
+ ignore_errors=dict(type='bool')
+ )
+ argument_spec.update(checkpoint_argument_spec_for_objects)
+
+ module = AnsibleModule(argument_spec=argument_spec, supports_check_mode=True)
+ api_call_object = 'dns-domain'
+
+ result = api_call(module, api_call_object)
+ module.exit_json(**result)
+
+
+if __name__ == '__main__':
+ main()
diff --git a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_dns_domain_facts.py b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_dns_domain_facts.py
new file mode 100644
index 000000000..87ab82c46
--- /dev/null
+++ b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_dns_domain_facts.py
@@ -0,0 +1,132 @@
+#!/usr/bin/python
+# -*- coding: utf-8 -*-
+#
+# Ansible module to manage Check Point Firewall (c) 2019
+#
+# Ansible is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# Ansible is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with Ansible. If not, see <http://www.gnu.org/licenses/>.
+#
+
+from __future__ import (absolute_import, division, print_function)
+
+__metaclass__ = type
+
+ANSIBLE_METADATA = {'metadata_version': '1.1',
+ 'status': ['preview'],
+ 'supported_by': 'community'}
+
+DOCUMENTATION = """
+---
+module: cp_mgmt_dns_domain_facts
+short_description: Get dns-domain objects facts on Check Point over Web Services API
+description:
+ - Get dns-domain objects facts on Check Point devices.
+ - All operations are performed over Web Services API.
+ - This module handles both operations, get a specific object and get several objects,
+ For getting a specific object use the parameter 'name'.
+version_added: "1.0.0"
+author: "Or Soffer (@chkp-orso)"
+options:
+ name:
+ description:
+ - Object name.
+ This parameter is relevant only for getting a specific object.
+ type: str
+ details_level:
+ description:
+ - The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed
+ representation of the object.
+ type: str
+ choices: ['uid', 'standard', 'full']
+ limit:
+ description:
+ - No more than that many results will be returned.
+ This parameter is relevant only for getting few objects.
+ type: int
+ offset:
+ description:
+ - Skip that many results before beginning to return them.
+ This parameter is relevant only for getting few objects.
+ type: int
+ order:
+ description:
+ - Sorts results by the given field. By default the results are sorted in the ascending order by name.
+ This parameter is relevant only for getting few objects.
+ type: list
+ elements: dict
+ suboptions:
+ ASC:
+ description:
+ - Sorts results by the given field in ascending order.
+ type: str
+ choices: ['name']
+ DESC:
+ description:
+ - Sorts results by the given field in descending order.
+ type: str
+ choices: ['name']
+ show_membership:
+ description:
+ - Indicates whether to calculate and show "groups" field for every object in reply.
+ type: bool
+extends_documentation_fragment: check_point.mgmt.checkpoint_facts
+"""
+
+EXAMPLES = """
+- name: show-dns-domain
+ cp_mgmt_dns_domain_facts:
+ name: .www.example.com
+
+- name: show-dns-domains
+ cp_mgmt_dns_domain_facts:
+ details_level: standard
+ limit: 50
+ offset: 0
+"""
+
+RETURN = """
+ansible_facts:
+ description: The checkpoint object facts.
+ returned: always.
+ type: dict
+"""
+
+from ansible.module_utils.basic import AnsibleModule
+from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_facts, api_call_facts
+
+
+def main():
+ argument_spec = dict(
+ name=dict(type='str'),
+ details_level=dict(type='str', choices=['uid', 'standard', 'full']),
+ limit=dict(type='int'),
+ offset=dict(type='int'),
+ order=dict(type='list', elements='dict', options=dict(
+ ASC=dict(type='str', choices=['name']),
+ DESC=dict(type='str', choices=['name'])
+ )),
+ show_membership=dict(type='bool')
+ )
+ argument_spec.update(checkpoint_argument_spec_for_facts)
+
+ module = AnsibleModule(argument_spec=argument_spec, supports_check_mode=True)
+
+ api_call_object = "dns-domain"
+ api_call_object_plural_version = "dns-domains"
+
+ result = api_call_facts(module, api_call_object, api_call_object_plural_version)
+ module.exit_json(ansible_facts=result)
+
+
+if __name__ == '__main__':
+ main()
diff --git a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_domain_facts.py b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_domain_facts.py
new file mode 100644
index 000000000..e6fab1445
--- /dev/null
+++ b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_domain_facts.py
@@ -0,0 +1,134 @@
+#!/usr/bin/python
+# -*- coding: utf-8 -*-
+#
+# Ansible module to manage CheckPoint Firewall (c) 2019
+#
+# Ansible is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# Ansible is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with Ansible. If not, see <http://www.gnu.org/licenses/>.
+#
+
+from __future__ import (absolute_import, division, print_function)
+
+__metaclass__ = type
+
+ANSIBLE_METADATA = {'metadata_version': '1.1',
+ 'status': ['preview'],
+ 'supported_by': 'community'}
+
+DOCUMENTATION = """
+---
+module: cp_mgmt_domain_facts
+short_description: Get domain objects facts on Checkpoint over Web Services API
+description:
+ - Get domain objects facts on Checkpoint devices.
+ - All operations are performed over Web Services API.
+ - This module handles both operations, get a specific object and get several objects,
+ For getting a specific object use the parameter 'name'.
+version_added: "2.1.0"
+author: "Or Soffer (@chkp-orso)"
+options:
+ name:
+ description:
+ - Object name.
+ This parameter is relevant only for getting a specific object.
+ type: str
+ details_level:
+ description:
+ - The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed
+ representation of the object.
+ type: str
+ choices: ['uid', 'standard', 'full']
+ filter:
+ description:
+ - Search expression to filter objects by. The provided text should be exactly the same as it would be given in SmartConsole Object Explorer. The
+ logical operators in the expression ('AND', 'OR') should be provided in capital letters. The search involves both a IP search and a textual search in
+ name, comment, tags etc.
+ type: str
+ limit:
+ description:
+ - The maximal number of returned results.
+ This parameter is relevant only for getting few objects.
+ type: int
+ offset:
+ description:
+ - Number of the results to initially skip.
+ This parameter is relevant only for getting few objects.
+ type: int
+ order:
+ description:
+ - Sorts the results by search criteria. Automatically sorts the results by Name, in the ascending order.
+ This parameter is relevant only for getting few objects.
+ type: list
+ elements: dict
+ suboptions:
+ ASC:
+ description:
+ - Sorts results by the given field in ascending order.
+ type: str
+ choices: ['name']
+ DESC:
+ description:
+ - Sorts results by the given field in descending order.
+ type: str
+ choices: ['name']
+extends_documentation_fragment: checkpoint_facts
+"""
+
+EXAMPLES = """
+- name: show-domain
+ cp_mgmt_domain_facts:
+ name: domain1
+
+- name: show-domains
+ cp_mgmt_domain_facts:
+ details_level: standard
+ limit: 50
+ offset: 0
+"""
+
+RETURN = """
+ansible_facts:
+ description: The checkpoint object facts.
+ returned: always.
+ type: dict
+"""
+
+from ansible.module_utils.basic import AnsibleModule
+from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_facts, api_call_facts
+
+
+def main():
+ argument_spec = dict(
+ name=dict(type='str'),
+ details_level=dict(type='str', choices=['uid', 'standard', 'full']),
+ filter=dict(type='str'),
+ limit=dict(type='int'),
+ offset=dict(type='int'),
+ order=dict(type='list', elements='dict', options=dict(
+ ASC=dict(type='str', choices=['name']),
+ DESC=dict(type='str', choices=['name'])
+ ))
+ )
+ argument_spec.update(checkpoint_argument_spec_for_facts)
+
+ module = AnsibleModule(argument_spec=argument_spec, supports_check_mode=True)
+
+ api_call_object = "domain"
+ api_call_object_plural_version = "domains"
+
+ result = api_call_facts(module, api_call_object, api_call_object_plural_version)
+ module.exit_json(ansible_facts=result)
+
+
+if __name__ == '__main__':
+ main()
diff --git a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_domain_permissions_profile.py b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_domain_permissions_profile.py
new file mode 100644
index 000000000..d327f30f6
--- /dev/null
+++ b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_domain_permissions_profile.py
@@ -0,0 +1,598 @@
+#!/usr/bin/python
+# -*- coding: utf-8 -*-
+#
+# Ansible module to manage CheckPoint Firewall (c) 2019
+#
+# Ansible is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# Ansible is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with Ansible. If not, see <http://www.gnu.org/licenses/>.
+#
+
+from __future__ import (absolute_import, division, print_function)
+
+__metaclass__ = type
+
+ANSIBLE_METADATA = {'metadata_version': '1.1',
+ 'status': ['preview'],
+ 'supported_by': 'community'}
+
+DOCUMENTATION = """
+---
+module: cp_mgmt_domain_permissions_profile
+short_description: Manages domain-permissions-profile objects on Checkpoint over Web Services API
+description:
+ - Manages domain-permissions-profile objects on Checkpoint devices including creating, updating and removing objects.
+ - All operations are performed over Web Services API.
+version_added: "3.0.0"
+author: "Eden Brillant (@chkp-edenbr)"
+options:
+ name:
+ description:
+ - Object name.
+ type: str
+ required: True
+ permission_type:
+ description:
+ - The type of the Permissions Profile.
+ type: str
+ choices: ['read write all', 'read only all', 'customized']
+ edit_common_objects:
+ description:
+ - Define and manage objects in the Check Point database, Network Objects, Services, Custom Application Site, VPN Community, Users, Servers,
+ Resources, Time, UserCheck, and Limit.<br>Only a 'Customized' permission-type profile can edit this permission.
+ type: bool
+ access_control:
+ description:
+ - Access Control permissions.<br>Only a 'Customized' permission-type profile can edit these permissions.
+ type: dict
+ suboptions:
+ show_policy:
+ description:
+ - Select to let administrators work with Access Control rules and NAT rules. If not selected, administrators cannot see these rules.
+ type: bool
+ policy_layers:
+ description:
+ - Layer editing permissions.<br>Available only if show-policy is set to true.
+ type: dict
+ suboptions:
+ edit_layers:
+ description:
+ - a "By Software Blades" - Edit Access Control layers that contain the blades enabled in the Permissions Profile.<br>"By
+ Selected Profile In A Layer Editor" - Administrators can only edit the layer if the Access Control layer editor gives editing permission to
+ their profiles.
+ type: str
+ choices: ['By Software Blades', 'By Selected Profile In A Layer Editor']
+ app_control_and_url_filtering:
+ description:
+ - Use Application and URL Filtering in Access Control rules.<br>Available only if edit-layers is set to "By Software Blades".
+ type: bool
+ content_awareness:
+ description:
+ - Use specified data types in Access Control rules.<br>Available only if edit-layers is set to "By Software Blades".
+ type: bool
+ firewall:
+ description:
+ - Work with Access Control and other Software Blades that do not have their own Policies.<br>Available only if edit-layers is
+ set to "By Software Blades".
+ type: bool
+ mobile_access:
+ description:
+ - Work with Mobile Access rules.<br>Available only if edit-layers is set to "By Software Blades".
+ type: bool
+ dlp_policy:
+ description:
+ - Configure DLP rules and Policies.
+ type: str
+ choices: ['read', 'write', 'disabled']
+ geo_control_policy:
+ description:
+ - Work with Access Control rules that control traffic to and from specified countries.
+ type: str
+ choices: ['read', 'write', 'disabled']
+ nat_policy:
+ description:
+ - Work with NAT in Access Control rules.
+ type: str
+ choices: ['read', 'write', 'disabled']
+ qos_policy:
+ description:
+ - Work with QoS Policies and rules.
+ type: str
+ choices: ['read', 'write', 'disabled']
+ access_control_objects_and_settings:
+ description:
+ - Allow editing of the following objet types, VPN Community, Access Role, Custom application group,Custom application, Custom category,
+ Limit, Application - Match Settings, Application Category - Match Settings,Override Categorization, Application and URL filtering blade - Advanced
+ Settings, Content Awareness blade - Advanced Settings.
+ type: str
+ choices: ['read', 'write', 'disabled']
+ app_control_and_url_filtering_update:
+ description:
+ - Install Application and URL Filtering updates.
+ type: bool
+ install_policy:
+ description:
+ - Install Access Control Policies.
+ type: bool
+ endpoint:
+ description:
+ - Endpoint permissions. Not supported for Multi-Domain Servers.<br>Only a 'Customized' permission-type profile can edit these permissions.
+ type: dict
+ suboptions:
+ manage_policies_and_software_deployment:
+ description:
+ - The administrator can work with policies, rules and actions.
+ type: bool
+ edit_endpoint_policies:
+ description:
+ - Available only if manage-policies-and-software-deployment is set to true.
+ type: bool
+ policies_installation:
+ description:
+ - The administrator can install policies on endpoint computers.
+ type: bool
+ edit_software_deployment:
+ description:
+ - The administrator can define deployment rules, create packages for export, and configure advanced package settings.<br>Available only
+ if manage-policies-and-software-deployment is set to true.
+ type: bool
+ software_deployment_installation:
+ description:
+ - The administrator can deploy packages and install endpoint clients.
+ type: bool
+ allow_executing_push_operations:
+ description:
+ - The administrator can start operations that the Security Management Server pushes directly to client computers with no policy
+ installation required.
+ type: bool
+ authorize_preboot_users:
+ description:
+ - The administrator can add and remove the users who are permitted to log on to Endpoint Security client computers with Full Disk Encryption.
+ type: bool
+ recovery_media:
+ description:
+ - The administrator can create recovery media on endpoint computers and devices.
+ type: bool
+ remote_help:
+ description:
+ - The administrator can use the Remote Help feature to reset user passwords and give access to locked out users.
+ type: bool
+ reset_computer_data:
+ description:
+ - The administrator can reset a computer, which deletes all information about the computer from the Security Management Server.
+ type: bool
+ events_and_reports:
+ description:
+ - Events and Reports permissions.<br>Only a 'Customized' permission-type profile can edit these permissions.
+ type: dict
+ suboptions:
+ smart_event:
+ description:
+ - a 'Custom' - Configure SmartEvent permissions.
+ type: str
+ choices: ['custom', 'app control and url filtering reports only']
+ events:
+ description:
+ - Work with event queries on the Events tab. Create custom event queries.<br>Available only if smart-event is set to 'Custom'.
+ type: str
+ choices: ['read', 'write', 'disabled']
+ policy:
+ description:
+ - Configure SmartEvent Policy rules and install SmartEvent Policies.<br>Available only if smart-event is set to 'Custom'.
+ type: str
+ choices: ['read', 'write', 'disabled']
+ reports:
+ description:
+ - Create and run SmartEvent reports.<br>Available only if smart-event is set to 'Custom'.
+ type: bool
+ gateways:
+ description:
+ - Gateways permissions. <br>Only a 'Customized' permission-type profile can edit these permissions.
+ type: dict
+ suboptions:
+ smart_update:
+ description:
+ - Install, update and delete Check Point licenses. This includes permissions to use SmartUpdate to manage licenses.
+ type: str
+ choices: ['read', 'write', 'disabled']
+ lsm_gw_db:
+ description:
+ - Access to objects defined in LSM gateway tables. These objects are managed in the SmartProvisioning GUI or LSMcli
+ command-line.<br>Note, 'Write' permission on lsm-gw-db allows administrator to run a script on SmartLSM gateway in Expert mode.
+ type: str
+ choices: ['read', 'write', 'disabled']
+ manage_provisioning_profiles:
+ description:
+ - Administrator can add, edit, delete, and assign provisioning profiles to gateways (both LSM and non-LSM).<br>Available for edit only
+ if lsm-gw-db is set with 'Write' permission.<br>Note, 'Read' permission on lsm-gw-db enables 'Read' permission for manage-provisioning-profiles.
+ type: str
+ choices: ['read', 'write', 'disabled']
+ vsx_provisioning:
+ description:
+ - Create and configure Virtual Systems and other VSX virtual objects.
+ type: bool
+ system_backup:
+ description:
+ - Backup Security Gateways.
+ type: bool
+ system_restore:
+ description:
+ - Restore Security Gateways from saved backups.
+ type: bool
+ open_shell:
+ description:
+ - Use the SmartConsole CLI to run commands.
+ type: bool
+ run_one_time_script:
+ description:
+ - Run user scripts from the command line.
+ type: bool
+ run_repository_script:
+ description:
+ - Run scripts from the repository.
+ type: bool
+ manage_repository_scripts:
+ description:
+ - Add, change and remove scripts in the repository.
+ type: str
+ choices: ['read', 'write', 'disabled']
+ management:
+ description:
+ - Management permissions.
+ type: dict
+ suboptions:
+ cme_operations:
+ description:
+ - Permission to read / edit the Cloud Management Extension (CME) configuration.<br>Not supported for Multi-Domain Servers.
+ type: str
+ choices: ['read', 'write', 'disabled']
+ manage_admins:
+ description:
+ - Controls the ability to manage Administrators, Permission Profiles, Trusted clients,API settings and Policy settings.<br>Only a "Read
+ Write All" permission-type profile can edit this permission.<br>Not supported for Multi-Domain Servers.
+ type: bool
+ management_api_login:
+ description:
+ - Permission to log in to the Security Management Server and run API commands using thesetools, mgmt_cli (Linux and Windows binaries),
+ Gaia CLI (clish) and Web Services (REST). Useful if you want to prevent administrators from running automatic scripts on the Management.<br>Note,
+ This permission is not required to run commands from within the API terminal in SmartConsole.<br>Not supported for Multi-Domain Servers.
+ type: bool
+ manage_sessions:
+ description:
+ - Lets you disconnect, discard, publish, or take over other administrator sessions.<br>Only a "Read Write All" permission-type profile
+ can edit this permission.
+ type: bool
+ high_availability_operations:
+ description:
+ - Configure and work with Domain High Availability.<br>Only a 'Customized' permission-type profile can edit this permission.
+ type: bool
+ approve_or_reject_sessions:
+ description:
+ - Approve / reject other sessions.
+ type: bool
+ publish_sessions:
+ description:
+ - Allow session publishing without an approval.
+ type: bool
+ manage_integration_with_cloud_services:
+ description:
+ - Manage integration with Cloud Services.
+ type: bool
+ monitoring_and_logging:
+ description:
+ - Monitoring and Logging permissions.<br>'Customized' permission-type profile can edit all these permissions. "Read Write All" permission-type
+ can edit only dlp-logs-including-confidential-fields and manage-dlp-messages permissions.
+ type: dict
+ suboptions:
+ monitoring:
+ description:
+ - See monitoring views and reports.
+ type: str
+ choices: ['read', 'write', 'disabled']
+ management_logs:
+ description:
+ - See Multi-Domain Server audit logs.
+ type: str
+ choices: ['read', 'write', 'disabled']
+ track_logs:
+ description:
+ - Use the log tracking features in SmartConsole.
+ type: str
+ choices: ['read', 'write', 'disabled']
+ app_and_url_filtering_logs:
+ description:
+ - Work with Application and URL Filtering logs.
+ type: bool
+ https_inspection_logs:
+ description:
+ - See logs generated by HTTPS Inspection.
+ type: bool
+ packet_capture_and_forensics:
+ description:
+ - See logs generated by the IPS and Forensics features.
+ type: bool
+ show_packet_capture_by_default:
+ description:
+ - Enable packet capture by default.
+ type: bool
+ identities:
+ description:
+ - Show user and computer identity information in logs.
+ type: bool
+ show_identities_by_default:
+ description:
+ - Show user and computer identity information in logs by default.
+ type: bool
+ dlp_logs_including_confidential_fields:
+ description:
+ - Show DLP logs including confidential fields.
+ type: bool
+ manage_dlp_messages:
+ description:
+ - View/Release/Discard DLP messages.<br>Available only if dlp-logs-including-confidential-fields is set to true.
+ type: bool
+ threat_prevention:
+ description:
+ - Threat Prevention permissions.<br>Only a 'Customized' permission-type profile can edit these permissions.
+ type: dict
+ suboptions:
+ policy_layers:
+ description:
+ - Configure Threat Prevention Policy rules.<br>Note, To have policy-layers permissions you must set policy-exceptionsand profiles
+ permissions. To have 'Write' permissions for policy-layers, policy-exceptions must be set with 'Write' permission as well.
+ type: str
+ choices: ['read', 'write', 'disabled']
+ edit_layers:
+ description:
+ - a 'ALL' - Gives permission to edit all layers.<br>"By Selected Profile In A Layer Editor" - Administrators can only edit the layer
+ if the Threat Prevention layer editor gives editing permission to their profiles.<br>Available only if policy-layers is set to 'Write'.
+ type: str
+ choices: ['By Selected Profile In A Layer Editor', 'All']
+ edit_settings:
+ description:
+ - Work with general Threat Prevention settings.
+ type: bool
+ policy_exceptions:
+ description:
+ - Configure exceptions to Threat Prevention rules.<br>Note, To have policy-exceptions you must set the protections permission.
+ type: str
+ choices: ['read', 'write', 'disabled']
+ profiles:
+ description:
+ - Configure Threat Prevention profiles.
+ type: str
+ choices: ['read', 'write', 'disabled']
+ protections:
+ description:
+ - Work with malware protections.
+ type: str
+ choices: ['read', 'write', 'disabled']
+ install_policy:
+ description:
+ - Install Policies.
+ type: bool
+ ips_update:
+ description:
+ - Update IPS protections.<br>Note, You do not have to log into the User Center to receive IPS updates.
+ type: bool
+ others:
+ description:
+ - Additional permissions.<br>Only a 'Customized' permission-type profile can edit these permissions.
+ type: dict
+ suboptions:
+ client_certificates:
+ description:
+ - Create and manage client certificates for Mobile Access.
+ type: bool
+ edit_cp_users_db:
+ description:
+ - Work with user accounts and groups.
+ type: bool
+ https_inspection:
+ description:
+ - Enable and configure HTTPS Inspection rules.
+ type: str
+ choices: ['read', 'write', 'disabled']
+ ldap_users_db:
+ description:
+ - Work with the LDAP database and user accounts, groups and OUs.
+ type: str
+ choices: ['read', 'write', 'disabled']
+ user_authority_access:
+ description:
+ - Work with Check Point User Authority authentication.
+ type: str
+ choices: ['read', 'write', 'disabled']
+ user_device_mgmt_conf:
+ description:
+ - Gives access to the UDM (User & Device Management) web-based application that handles security challenges in a "bring your own device"
+ (BYOD) workspace.
+ type: str
+ choices: ['read', 'write', 'disabled']
+ tags:
+ description:
+ - Collection of tag identifiers.
+ type: list
+ elements: str
+ color:
+ description:
+ - Color of the object. Should be one of existing colors.
+ type: str
+ choices: ['aquamarine', 'black', 'blue', 'crete blue', 'burlywood', 'cyan', 'dark green', 'khaki', 'orchid', 'dark orange', 'dark sea green',
+ 'pink', 'turquoise', 'dark blue', 'firebrick', 'brown', 'forest green', 'gold', 'dark gold', 'gray', 'dark gray', 'light green', 'lemon chiffon',
+ 'coral', 'sea green', 'sky blue', 'magenta', 'purple', 'slate blue', 'violet red', 'navy blue', 'olive', 'orange', 'red', 'sienna', 'yellow']
+ comments:
+ description:
+ - Comments string.
+ type: str
+ details_level:
+ description:
+ - The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed
+ representation of the object.
+ type: str
+ choices: ['uid', 'standard', 'full']
+ ignore_warnings:
+ description:
+ - Apply changes ignoring warnings.
+ type: bool
+ ignore_errors:
+ description:
+ - Apply changes ignoring errors. You won't be able to publish such a changes. If ignore-warnings flag was omitted - warnings will also be ignored.
+ type: bool
+extends_documentation_fragment: check_point.mgmt.checkpoint_objects
+"""
+
+EXAMPLES = """
+- name: add-domain-permissions-profile
+ cp_mgmt_domain_permissions_profile:
+ name: customized profile
+ state: present
+
+- name: set-domain-permissions-profile
+ cp_mgmt_domain_permissions_profile:
+ access_control.policy_layers: By Selected Profile In A Layer Editor
+ name: read profile
+ permission_type: customized
+ state: present
+
+- name: delete-domain-permissions-profile
+ cp_mgmt_domain_permissions_profile:
+ name: profile
+ state: absent
+"""
+
+RETURN = """
+cp_mgmt_domain_permissions_profile:
+ description: The checkpoint object created or updated.
+ returned: always, except when deleting the object.
+ type: dict
+"""
+
+from ansible.module_utils.basic import AnsibleModule
+from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_objects, api_call
+
+
+def main():
+ argument_spec = dict(
+ name=dict(type='str', required=True),
+ permission_type=dict(type='str', choices=['read write all', 'read only all', 'customized']),
+ edit_common_objects=dict(type='bool'),
+ access_control=dict(type='dict', options=dict(
+ show_policy=dict(type='bool'),
+ policy_layers=dict(type='dict', options=dict(
+ edit_layers=dict(type='str', choices=['By Software Blades', 'By Selected Profile In A Layer Editor']),
+ app_control_and_url_filtering=dict(type='bool'),
+ content_awareness=dict(type='bool'),
+ firewall=dict(type='bool'),
+ mobile_access=dict(type='bool')
+ )),
+ dlp_policy=dict(type='str', choices=['read', 'write', 'disabled']),
+ geo_control_policy=dict(type='str', choices=['read', 'write', 'disabled']),
+ nat_policy=dict(type='str', choices=['read', 'write', 'disabled']),
+ qos_policy=dict(type='str', choices=['read', 'write', 'disabled']),
+ access_control_objects_and_settings=dict(type='str', choices=['read', 'write', 'disabled']),
+ app_control_and_url_filtering_update=dict(type='bool'),
+ install_policy=dict(type='bool')
+ )),
+ endpoint=dict(type='dict', options=dict(
+ manage_policies_and_software_deployment=dict(type='bool'),
+ edit_endpoint_policies=dict(type='bool'),
+ policies_installation=dict(type='bool'),
+ edit_software_deployment=dict(type='bool'),
+ software_deployment_installation=dict(type='bool'),
+ allow_executing_push_operations=dict(type='bool'),
+ authorize_preboot_users=dict(type='bool'),
+ recovery_media=dict(type='bool'),
+ remote_help=dict(type='bool'),
+ reset_computer_data=dict(type='bool')
+ )),
+ events_and_reports=dict(type='dict', options=dict(
+ smart_event=dict(type='str', choices=['custom', 'app control and url filtering reports only']),
+ events=dict(type='str', choices=['read', 'write', 'disabled']),
+ policy=dict(type='str', choices=['read', 'write', 'disabled']),
+ reports=dict(type='bool')
+ )),
+ gateways=dict(type='dict', options=dict(
+ smart_update=dict(type='str', choices=['read', 'write', 'disabled']),
+ lsm_gw_db=dict(type='str', choices=['read', 'write', 'disabled']),
+ manage_provisioning_profiles=dict(type='str', choices=['read', 'write', 'disabled']),
+ vsx_provisioning=dict(type='bool'),
+ system_backup=dict(type='bool'),
+ system_restore=dict(type='bool'),
+ open_shell=dict(type='bool'),
+ run_one_time_script=dict(type='bool'),
+ run_repository_script=dict(type='bool'),
+ manage_repository_scripts=dict(type='str', choices=['read', 'write', 'disabled'])
+ )),
+ management=dict(type='dict', options=dict(
+ cme_operations=dict(type='str', choices=['read', 'write', 'disabled']),
+ manage_admins=dict(type='bool'),
+ management_api_login=dict(type='bool'),
+ manage_sessions=dict(type='bool'),
+ high_availability_operations=dict(type='bool'),
+ approve_or_reject_sessions=dict(type='bool'),
+ publish_sessions=dict(type='bool'),
+ manage_integration_with_cloud_services=dict(type='bool')
+ )),
+ monitoring_and_logging=dict(type='dict', options=dict(
+ monitoring=dict(type='str', choices=['read', 'write', 'disabled']),
+ management_logs=dict(type='str', choices=['read', 'write', 'disabled']),
+ track_logs=dict(type='str', choices=['read', 'write', 'disabled']),
+ app_and_url_filtering_logs=dict(type='bool'),
+ https_inspection_logs=dict(type='bool'),
+ packet_capture_and_forensics=dict(type='bool'),
+ show_packet_capture_by_default=dict(type='bool'),
+ identities=dict(type='bool'),
+ show_identities_by_default=dict(type='bool'),
+ dlp_logs_including_confidential_fields=dict(type='bool'),
+ manage_dlp_messages=dict(type='bool')
+ )),
+ threat_prevention=dict(type='dict', options=dict(
+ policy_layers=dict(type='str', choices=['read', 'write', 'disabled']),
+ edit_layers=dict(type='str', choices=['By Selected Profile In A Layer Editor', 'All']),
+ edit_settings=dict(type='bool'),
+ policy_exceptions=dict(type='str', choices=['read', 'write', 'disabled']),
+ profiles=dict(type='str', choices=['read', 'write', 'disabled']),
+ protections=dict(type='str', choices=['read', 'write', 'disabled']),
+ install_policy=dict(type='bool'),
+ ips_update=dict(type='bool')
+ )),
+ others=dict(type='dict', options=dict(
+ client_certificates=dict(type='bool'),
+ edit_cp_users_db=dict(type='bool'),
+ https_inspection=dict(type='str', choices=['read', 'write', 'disabled']),
+ ldap_users_db=dict(type='str', choices=['read', 'write', 'disabled']),
+ user_authority_access=dict(type='str', choices=['read', 'write', 'disabled']),
+ user_device_mgmt_conf=dict(type='str', choices=['read', 'write', 'disabled'])
+ )),
+ tags=dict(type='list', elements='str'),
+ color=dict(type='str', choices=['aquamarine', 'black', 'blue', 'crete blue', 'burlywood', 'cyan', 'dark green',
+ 'khaki', 'orchid', 'dark orange', 'dark sea green', 'pink', 'turquoise', 'dark blue', 'firebrick', 'brown',
+ 'forest green', 'gold', 'dark gold', 'gray', 'dark gray', 'light green', 'lemon chiffon', 'coral', 'sea green',
+ 'sky blue', 'magenta', 'purple', 'slate blue', 'violet red', 'navy blue', 'olive', 'orange', 'red', 'sienna',
+ 'yellow']),
+ comments=dict(type='str'),
+ details_level=dict(type='str', choices=['uid', 'standard', 'full']),
+ ignore_warnings=dict(type='bool'),
+ ignore_errors=dict(type='bool')
+ )
+ argument_spec.update(checkpoint_argument_spec_for_objects)
+
+ module = AnsibleModule(argument_spec=argument_spec, supports_check_mode=True)
+ api_call_object = 'domain-permissions-profile'
+
+ result = api_call(module, api_call_object)
+ module.exit_json(**result)
+
+
+if __name__ == '__main__':
+ main()
diff --git a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_domain_permissions_profile_facts.py b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_domain_permissions_profile_facts.py
new file mode 100644
index 000000000..b923f3939
--- /dev/null
+++ b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_domain_permissions_profile_facts.py
@@ -0,0 +1,141 @@
+#!/usr/bin/python
+# -*- coding: utf-8 -*-
+#
+# Ansible module to manage CheckPoint Firewall (c) 2019
+#
+# Ansible is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# Ansible is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with Ansible. If not, see <http://www.gnu.org/licenses/>.
+#
+
+from __future__ import (absolute_import, division, print_function)
+
+__metaclass__ = type
+
+ANSIBLE_METADATA = {'metadata_version': '1.1',
+ 'status': ['preview'],
+ 'supported_by': 'community'}
+
+DOCUMENTATION = """
+---
+module: cp_mgmt_domain_permissions_profile_facts
+short_description: Get domain-permissions-profile objects facts on Checkpoint over Web Services API
+description:
+ - Get domain-permissions-profile objects facts on Checkpoint devices.
+ - All operations are performed over Web Services API.
+ - This module handles both operations, get a specific object and get several objects,
+ For getting a specific object use the parameter 'name'.
+version_added: "3.0.0"
+author: "Eden Brillant (@chkp-edenbr)"
+options:
+ name:
+ description:
+ - Object name.
+ This parameter is relevant only for getting a specific object.
+ type: str
+ details_level:
+ description:
+ - The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed
+ representation of the object.
+ type: str
+ choices: ['uid', 'standard', 'full']
+ filter:
+ description:
+ - Search expression to filter objects by. The provided text should be exactly the same as it would be given in SmartConsole Object Explorer. The
+ logical operators in the expression ('AND', 'OR') should be provided in capital letters. The search involves both a IP search and a textual search in
+ name, comment, tags etc.
+ type: str
+ limit:
+ description:
+ - The maximal number of returned results.
+ This parameter is relevant only for getting few objects.
+ type: int
+ offset:
+ description:
+ - Number of the results to initially skip.
+ This parameter is relevant only for getting few objects.
+ type: int
+ order:
+ description:
+ - Sorts the results by search criteria. Automatically sorts the results by Name, in the ascending order.
+ This parameter is relevant only for getting few objects.
+ type: list
+ elements: dict
+ suboptions:
+ ASC:
+ description:
+ - Sorts results by the given field in ascending order.
+ type: str
+ choices: ['name']
+ DESC:
+ description:
+ - Sorts results by the given field in descending order.
+ type: str
+ choices: ['name']
+ domains_to_process:
+ description:
+ - Indicates which domains to process the commands on. It cannot be used with the details-level full, must be run from the System Domain only and
+ with ignore-warnings true. Valid values are, CURRENT_DOMAIN, ALL_DOMAINS_ON_THIS_SERVER.
+ type: list
+ elements: str
+extends_documentation_fragment: check_point.mgmt.checkpoint_facts
+"""
+
+EXAMPLES = """
+- name: show-domain-permissions-profile
+ cp_mgmt_domain_permissions_profile_facts:
+ name: profile
+
+- name: show-domain-permissions-profiles
+ cp_mgmt_domain_permissions_profile_facts:
+ details_level: standard
+ limit: 50
+ offset: 0
+"""
+
+RETURN = """
+ansible_facts:
+ description: The checkpoint object facts.
+ returned: always.
+ type: dict
+"""
+
+from ansible.module_utils.basic import AnsibleModule
+from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_facts, api_call_facts
+
+
+def main():
+ argument_spec = dict(
+ name=dict(type='str'),
+ details_level=dict(type='str', choices=['uid', 'standard', 'full']),
+ filter=dict(type='str'),
+ limit=dict(type='int'),
+ offset=dict(type='int'),
+ order=dict(type='list', elements='dict', options=dict(
+ ASC=dict(type='str', choices=['name']),
+ DESC=dict(type='str', choices=['name'])
+ )),
+ domains_to_process=dict(type='list', elements='str')
+ )
+ argument_spec.update(checkpoint_argument_spec_for_facts)
+
+ module = AnsibleModule(argument_spec=argument_spec, supports_check_mode=True)
+
+ api_call_object = "domain-permissions-profile"
+ api_call_object_plural_version = "domain-permissions-profiles"
+
+ result = api_call_facts(module, api_call_object, api_call_object_plural_version)
+ module.exit_json(ansible_facts=result)
+
+
+if __name__ == '__main__':
+ main()
diff --git a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_dynamic_object.py b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_dynamic_object.py
new file mode 100644
index 000000000..1a7ce5fa5
--- /dev/null
+++ b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_dynamic_object.py
@@ -0,0 +1,125 @@
+#!/usr/bin/python
+# -*- coding: utf-8 -*-
+#
+# Ansible module to manage Check Point Firewall (c) 2019
+#
+# Ansible is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# Ansible is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with Ansible. If not, see <http://www.gnu.org/licenses/>.
+#
+
+from __future__ import (absolute_import, division, print_function)
+
+__metaclass__ = type
+
+ANSIBLE_METADATA = {'metadata_version': '1.1',
+ 'status': ['preview'],
+ 'supported_by': 'community'}
+
+DOCUMENTATION = """
+---
+module: cp_mgmt_dynamic_object
+short_description: Manages dynamic-object objects on Check Point over Web Services API
+description:
+ - Manages dynamic-object objects on Check Point devices including creating, updating and removing objects.
+ - All operations are performed over Web Services API.
+version_added: "1.0.0"
+author: "Or Soffer (@chkp-orso)"
+options:
+ name:
+ description:
+ - Object name.
+ type: str
+ required: True
+ tags:
+ description:
+ - Collection of tag identifiers.
+ type: list
+ elements: str
+ color:
+ description:
+ - Color of the object. Should be one of existing colors.
+ type: str
+ choices: ['aquamarine', 'black', 'blue', 'crete blue', 'burlywood', 'cyan', 'dark green', 'khaki', 'orchid', 'dark orange', 'dark sea green',
+ 'pink', 'turquoise', 'dark blue', 'firebrick', 'brown', 'forest green', 'gold', 'dark gold', 'gray', 'dark gray', 'light green', 'lemon chiffon',
+ 'coral', 'sea green', 'sky blue', 'magenta', 'purple', 'slate blue', 'violet red', 'navy blue', 'olive', 'orange', 'red', 'sienna', 'yellow']
+ comments:
+ description:
+ - Comments string.
+ type: str
+ details_level:
+ description:
+ - The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed
+ representation of the object.
+ type: str
+ choices: ['uid', 'standard', 'full']
+ ignore_warnings:
+ description:
+ - Apply changes ignoring warnings.
+ type: bool
+ ignore_errors:
+ description:
+ - Apply changes ignoring errors. You won't be able to publish such a changes. If ignore-warnings flag was omitted - warnings will also be ignored.
+ type: bool
+extends_documentation_fragment: check_point.mgmt.checkpoint_objects
+"""
+
+EXAMPLES = """
+- name: add-dynamic-object
+ cp_mgmt_dynamic_object:
+ color: yellow
+ comments: My Dynamic Object 1
+ name: Dynamic_Object_1
+ state: present
+
+- name: delete-dynamic-object
+ cp_mgmt_dynamic_object:
+ name: Dynamic_Object_2
+ state: absent
+"""
+
+RETURN = """
+cp_mgmt_dynamic_object:
+ description: The checkpoint object created or updated.
+ returned: always, except when deleting the object.
+ type: dict
+"""
+
+from ansible.module_utils.basic import AnsibleModule
+from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_objects, api_call
+
+
+def main():
+ argument_spec = dict(
+ name=dict(type='str', required=True),
+ tags=dict(type='list', elements='str'),
+ color=dict(type='str', choices=['aquamarine', 'black', 'blue', 'crete blue', 'burlywood', 'cyan', 'dark green',
+ 'khaki', 'orchid', 'dark orange', 'dark sea green', 'pink', 'turquoise', 'dark blue', 'firebrick', 'brown',
+ 'forest green', 'gold', 'dark gold', 'gray', 'dark gray', 'light green', 'lemon chiffon', 'coral', 'sea green',
+ 'sky blue', 'magenta', 'purple', 'slate blue', 'violet red', 'navy blue', 'olive', 'orange', 'red', 'sienna',
+ 'yellow']),
+ comments=dict(type='str'),
+ details_level=dict(type='str', choices=['uid', 'standard', 'full']),
+ ignore_warnings=dict(type='bool'),
+ ignore_errors=dict(type='bool')
+ )
+ argument_spec.update(checkpoint_argument_spec_for_objects)
+
+ module = AnsibleModule(argument_spec=argument_spec, supports_check_mode=True)
+ api_call_object = 'dynamic-object'
+
+ result = api_call(module, api_call_object)
+ module.exit_json(**result)
+
+
+if __name__ == '__main__':
+ main()
diff --git a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_dynamic_object_facts.py b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_dynamic_object_facts.py
new file mode 100644
index 000000000..c049e0407
--- /dev/null
+++ b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_dynamic_object_facts.py
@@ -0,0 +1,129 @@
+#!/usr/bin/python
+# -*- coding: utf-8 -*-
+#
+# Ansible module to manage Check Point Firewall (c) 2019
+#
+# Ansible is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# Ansible is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with Ansible. If not, see <http://www.gnu.org/licenses/>.
+#
+
+from __future__ import (absolute_import, division, print_function)
+
+__metaclass__ = type
+
+ANSIBLE_METADATA = {'metadata_version': '1.1',
+ 'status': ['preview'],
+ 'supported_by': 'community'}
+
+DOCUMENTATION = """
+---
+module: cp_mgmt_dynamic_object_facts
+short_description: Get dynamic-object objects facts on Check Point over Web Services API
+description:
+ - Get dynamic-object objects facts on Check Point devices.
+ - All operations are performed over Web Services API.
+ - This module handles both operations, get a specific object and get several objects,
+ For getting a specific object use the parameter 'name'.
+version_added: "1.0.0"
+author: "Or Soffer (@chkp-orso)"
+options:
+ name:
+ description:
+ - Object name.
+ This parameter is relevant only for getting a specific object.
+ type: str
+ details_level:
+ description:
+ - The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed
+ representation of the object.
+ type: str
+ choices: ['uid', 'standard', 'full']
+ limit:
+ description:
+ - No more than that many results will be returned.
+ This parameter is relevant only for getting few objects.
+ type: int
+ offset:
+ description:
+ - Skip that many results before beginning to return them.
+ This parameter is relevant only for getting few objects.
+ type: int
+ order:
+ description:
+ - Sorts results by the given field. By default the results are sorted in the ascending order by name.
+ This parameter is relevant only for getting few objects.
+ type: list
+ elements: dict
+ suboptions:
+ ASC:
+ description:
+ - Sorts results by the given field in ascending order.
+ type: str
+ choices: ['name']
+ DESC:
+ description:
+ - Sorts results by the given field in descending order.
+ type: str
+ choices: ['name']
+ show_membership:
+ description:
+ - Indicates whether to calculate and show "groups" field for every object in reply.
+ type: bool
+extends_documentation_fragment: check_point.mgmt.checkpoint_facts
+"""
+
+EXAMPLES = """
+- name: show-dynamic-object
+ cp_mgmt_dynamic_object_facts:
+ name: Dynamic_Object_1
+
+- name: show-dynamic-objects
+ cp_mgmt_dynamic_object_facts:
+"""
+
+RETURN = """
+ansible_facts:
+ description: The checkpoint object facts.
+ returned: always.
+ type: dict
+"""
+
+from ansible.module_utils.basic import AnsibleModule
+from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_facts, api_call_facts
+
+
+def main():
+ argument_spec = dict(
+ name=dict(type='str'),
+ details_level=dict(type='str', choices=['uid', 'standard', 'full']),
+ limit=dict(type='int'),
+ offset=dict(type='int'),
+ order=dict(type='list', elements='dict', options=dict(
+ ASC=dict(type='str', choices=['name']),
+ DESC=dict(type='str', choices=['name'])
+ )),
+ show_membership=dict(type='bool')
+ )
+ argument_spec.update(checkpoint_argument_spec_for_facts)
+
+ module = AnsibleModule(argument_spec=argument_spec, supports_check_mode=True)
+
+ api_call_object = "dynamic-object"
+ api_call_object_plural_version = "dynamic-objects"
+
+ result = api_call_facts(module, api_call_object, api_call_object_plural_version)
+ module.exit_json(ansible_facts=result)
+
+
+if __name__ == '__main__':
+ main()
diff --git a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_exception_group.py b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_exception_group.py
new file mode 100644
index 000000000..025061d73
--- /dev/null
+++ b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_exception_group.py
@@ -0,0 +1,179 @@
+#!/usr/bin/python
+# -*- coding: utf-8 -*-
+#
+# Ansible module to manage Check Point Firewall (c) 2019
+#
+# Ansible is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# Ansible is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with Ansible. If not, see <http://www.gnu.org/licenses/>.
+#
+
+from __future__ import (absolute_import, division, print_function)
+
+__metaclass__ = type
+
+ANSIBLE_METADATA = {'metadata_version': '1.1',
+ 'status': ['preview'],
+ 'supported_by': 'community'}
+
+DOCUMENTATION = """
+---
+module: cp_mgmt_exception_group
+short_description: Manages exception-group objects on Check Point over Web Services API
+description:
+ - Manages exception-group objects on Check Point devices including creating, updating and removing objects.
+ - All operations are performed over Web Services API.
+version_added: "1.0.0"
+author: "Or Soffer (@chkp-orso)"
+options:
+ name:
+ description:
+ - Object name.
+ type: str
+ required: True
+ applied_profile:
+ description:
+ - The threat profile to apply this group to in the case of apply-on threat-rules-with-specific-profile.
+ type: str
+ applied_threat_rules:
+ description:
+ - The threat rules to apply this group on in the case of apply-on manually-select-threat-rules.
+ type: dict
+ suboptions:
+ add:
+ description:
+ - Adds to collection of values
+ type: list
+ elements: dict
+ suboptions:
+ layer:
+ description:
+ - The layer of the threat rule to which the group is to be attached.
+ type: str
+ name:
+ description:
+ - The name of the threat rule to which the group is to be attached.
+ type: str
+ rule_number:
+ description:
+ - The rule-number of the threat rule to which the group is to be attached.
+ type: str
+ position:
+ description:
+ - Position in the rulebase.
+ type: str
+ apply_on:
+ description:
+ - An exception group can be set to apply on all threat rules, all threat rules which have a specific profile, or those rules manually chosen by the user.
+ type: str
+ choices: ['all-threat-rules', 'all-threat-rules-with-specific-profile', 'manually-select-threat-rules']
+ tags:
+ description:
+ - Collection of tag identifiers.
+ type: list
+ elements: str
+ color:
+ description:
+ - Color of the object. Should be one of existing colors.
+ type: str
+ choices: ['aquamarine', 'black', 'blue', 'crete blue', 'burlywood', 'cyan', 'dark green', 'khaki', 'orchid', 'dark orange', 'dark sea green',
+ 'pink', 'turquoise', 'dark blue', 'firebrick', 'brown', 'forest green', 'gold', 'dark gold', 'gray', 'dark gray', 'light green', 'lemon chiffon',
+ 'coral', 'sea green', 'sky blue', 'magenta', 'purple', 'slate blue', 'violet red', 'navy blue', 'olive', 'orange', 'red', 'sienna', 'yellow']
+ comments:
+ description:
+ - Comments string.
+ type: str
+ details_level:
+ description:
+ - The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed
+ representation of the object.
+ type: str
+ choices: ['uid', 'standard', 'full']
+ ignore_warnings:
+ description:
+ - Apply changes ignoring warnings.
+ type: bool
+ ignore_errors:
+ description:
+ - Apply changes ignoring errors. You won't be able to publish such a changes. If ignore-warnings flag was omitted - warnings will also be ignored.
+ type: bool
+extends_documentation_fragment: check_point.mgmt.checkpoint_objects
+"""
+
+EXAMPLES = """
+- name: add-exception-group
+ cp_mgmt_exception_group:
+ applied_threat_rules.0.layer: MyLayer
+ applied_threat_rules.0.name: MyThreatRule
+ apply_on: manually-select-threat-rules
+ name: exception_group_2
+ state: present
+
+- name: set-exception-group
+ cp_mgmt_exception_group:
+ apply_on: all-threat-rules
+ name: exception_group_2
+ state: present
+ tags: tag3
+
+- name: delete-exception-group
+ cp_mgmt_exception_group:
+ name: exception_group_2
+ state: absent
+"""
+
+RETURN = """
+cp_mgmt_exception_group:
+ description: The checkpoint object created or updated.
+ returned: always, except when deleting the object.
+ type: dict
+"""
+
+from ansible.module_utils.basic import AnsibleModule
+from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_objects, api_call
+
+
+def main():
+ argument_spec = dict(
+ name=dict(type='str', required=True),
+ applied_profile=dict(type='str'),
+ applied_threat_rules=dict(type='dict', options=dict(
+ add=dict(type='list', elements='dict', options=dict(
+ layer=dict(type='str'),
+ name=dict(type='str'),
+ rule_number=dict(type='str'),
+ position=dict(type='str')
+ ))
+ )),
+ apply_on=dict(type='str', choices=['all-threat-rules', 'all-threat-rules-with-specific-profile', 'manually-select-threat-rules']),
+ tags=dict(type='list', elements='str'),
+ color=dict(type='str', choices=['aquamarine', 'black', 'blue', 'crete blue', 'burlywood', 'cyan', 'dark green',
+ 'khaki', 'orchid', 'dark orange', 'dark sea green', 'pink', 'turquoise', 'dark blue', 'firebrick', 'brown',
+ 'forest green', 'gold', 'dark gold', 'gray', 'dark gray', 'light green', 'lemon chiffon', 'coral', 'sea green',
+ 'sky blue', 'magenta', 'purple', 'slate blue', 'violet red', 'navy blue', 'olive', 'orange', 'red', 'sienna',
+ 'yellow']),
+ comments=dict(type='str'),
+ details_level=dict(type='str', choices=['uid', 'standard', 'full']),
+ ignore_warnings=dict(type='bool'),
+ ignore_errors=dict(type='bool')
+ )
+ argument_spec.update(checkpoint_argument_spec_for_objects)
+
+ module = AnsibleModule(argument_spec=argument_spec, supports_check_mode=True)
+ api_call_object = 'exception-group'
+
+ result = api_call(module, api_call_object)
+ module.exit_json(**result)
+
+
+if __name__ == '__main__':
+ main()
diff --git a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_exception_group_facts.py b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_exception_group_facts.py
new file mode 100644
index 000000000..cc88a3ab5
--- /dev/null
+++ b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_exception_group_facts.py
@@ -0,0 +1,127 @@
+#!/usr/bin/python
+# -*- coding: utf-8 -*-
+#
+# Ansible module to manage Check Point Firewall (c) 2019
+#
+# Ansible is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# Ansible is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with Ansible. If not, see <http://www.gnu.org/licenses/>.
+#
+
+from __future__ import (absolute_import, division, print_function)
+
+__metaclass__ = type
+
+ANSIBLE_METADATA = {'metadata_version': '1.1',
+ 'status': ['preview'],
+ 'supported_by': 'community'}
+
+DOCUMENTATION = """
+---
+module: cp_mgmt_exception_group_facts
+short_description: Get exception-group objects facts on Check Point over Web Services API
+description:
+ - Get exception-group objects facts on Check Point devices.
+ - All operations are performed over Web Services API.
+ - This module handles both operations, get a specific object and get several objects,
+ For getting a specific object use the parameter 'name'.
+version_added: "1.0.0"
+author: "Or Soffer (@chkp-orso)"
+options:
+ name:
+ description:
+ - Object name.
+ This parameter is relevant only for getting a specific object.
+ type: str
+ details_level:
+ description:
+ - The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed
+ representation of the object.
+ type: str
+ choices: ['uid', 'standard', 'full']
+ limit:
+ description:
+ - No more than that many results will be returned.
+ This parameter is relevant only for getting few objects.
+ type: int
+ offset:
+ description:
+ - Skip that many results before beginning to return them.
+ This parameter is relevant only for getting few objects.
+ type: int
+ order:
+ description:
+ - Sorts results by the given field. By default the results are sorted in the ascending order by name.
+ This parameter is relevant only for getting few objects.
+ type: list
+ elements: dict
+ suboptions:
+ ASC:
+ description:
+ - Sorts results by the given field in ascending order.
+ type: str
+ choices: ['name']
+ DESC:
+ description:
+ - Sorts results by the given field in descending order.
+ type: str
+ choices: ['name']
+extends_documentation_fragment: check_point.mgmt.checkpoint_facts
+"""
+
+EXAMPLES = """
+- name: show-exception-group
+ cp_mgmt_exception_group_facts:
+ name: exception_group_2
+
+- name: show-exception-groups
+ cp_mgmt_exception_group_facts:
+ details_level: standard
+ limit: 50
+ offset: 0
+"""
+
+RETURN = """
+ansible_facts:
+ description: The checkpoint object facts.
+ returned: always.
+ type: dict
+"""
+
+from ansible.module_utils.basic import AnsibleModule
+from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_facts, api_call_facts
+
+
+def main():
+ argument_spec = dict(
+ name=dict(type='str'),
+ details_level=dict(type='str', choices=['uid', 'standard', 'full']),
+ limit=dict(type='int'),
+ offset=dict(type='int'),
+ order=dict(type='list', elements='dict', options=dict(
+ ASC=dict(type='str', choices=['name']),
+ DESC=dict(type='str', choices=['name'])
+ ))
+ )
+ argument_spec.update(checkpoint_argument_spec_for_facts)
+
+ module = AnsibleModule(argument_spec=argument_spec, supports_check_mode=True)
+
+ api_call_object = "exception-group"
+ api_call_object_plural_version = "exception-groups"
+
+ result = api_call_facts(module, api_call_object, api_call_object_plural_version)
+ module.exit_json(ansible_facts=result)
+
+
+if __name__ == '__main__':
+ main()
diff --git a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_get_platform.py b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_get_platform.py
new file mode 100644
index 000000000..21c5fb23b
--- /dev/null
+++ b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_get_platform.py
@@ -0,0 +1,82 @@
+#!/usr/bin/python
+# -*- coding: utf-8 -*-
+#
+# Ansible module to manage CheckPoint Firewall (c) 2019
+#
+# Ansible is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# Ansible is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with Ansible. If not, see <http://www.gnu.org/licenses/>.
+#
+
+from __future__ import (absolute_import, division, print_function)
+
+__metaclass__ = type
+
+ANSIBLE_METADATA = {'metadata_version': '1.1',
+ 'status': ['preview'],
+ 'supported_by': 'community'}
+
+DOCUMENTATION = """
+---
+module: cp_mgmt_get_platform
+short_description: Get actual platform (Hardware, Version, OS) from gateway, cluster or Check Point host.
+description:
+ - Get actual platform (Hardware, Version, OS) from gateway, cluster or Check Point host.
+ - All operations are performed over Web Services API.
+version_added: "3.0.0"
+author: "Eden Brillant (@chkp-edenbr)"
+options:
+ name:
+ description:
+ - Gateway, cluster or Check Point host name.
+ type: str
+ auto_publish_session:
+ description:
+ - Publish the current session if changes have been performed after task completes.
+ type: bool
+extends_documentation_fragment: check_point.mgmt.checkpoint_commands
+"""
+
+EXAMPLES = """
+- name: get-platform
+ cp_mgmt_get_platform:
+ name: gw1
+"""
+
+RETURN = """
+cp_mgmt_get_platform:
+ description: The checkpoint get-platform output.
+ returned: always.
+ type: dict
+"""
+
+from ansible.module_utils.basic import AnsibleModule
+from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_commands, api_command
+
+
+def main():
+ argument_spec = dict(
+ name=dict(type='str'),
+ auto_publish_session=dict(type='bool')
+ )
+ argument_spec.update(checkpoint_argument_spec_for_commands)
+
+ module = AnsibleModule(argument_spec=argument_spec)
+
+ command = "get-platform"
+
+ result = api_command(module, command)
+ module.exit_json(**result)
+
+
+if __name__ == '__main__':
+ main()
diff --git a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_global_assignment.py b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_global_assignment.py
new file mode 100644
index 000000000..08bce2b9b
--- /dev/null
+++ b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_global_assignment.py
@@ -0,0 +1,132 @@
+#!/usr/bin/python
+# -*- coding: utf-8 -*-
+#
+# Ansible module to manage Check Point Firewall (c) 2019
+#
+# Ansible is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# Ansible is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with Ansible. If not, see <http://www.gnu.org/licenses/>.
+#
+
+from __future__ import (absolute_import, division, print_function)
+
+__metaclass__ = type
+
+ANSIBLE_METADATA = {'metadata_version': '1.1',
+ 'status': ['preview'],
+ 'supported_by': 'community'}
+
+DOCUMENTATION = """
+---
+module: cp_mgmt_global_assignment
+short_description: Manages global-assignment objects on Check Point over Web Services API
+description:
+ - Manages global-assignment objects on Check Point devices including creating, updating and removing objects.
+ - All operations are performed over Web Services API.
+version_added: "1.0.0"
+author: "Or Soffer (@chkp-orso)"
+options:
+ dependent_domain:
+ description:
+ - N/A
+ type: str
+ global_access_policy:
+ description:
+ - Global domain access policy that is assigned to a dependent domain.
+ type: str
+ global_domain:
+ description:
+ - N/A
+ type: str
+ global_threat_prevention_policy:
+ description:
+ - Global domain threat prevention policy that is assigned to a dependent domain.
+ type: str
+ manage_protection_actions:
+ description:
+ - N/A
+ type: bool
+ details_level:
+ description:
+ - The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed
+ representation of the object.
+ type: str
+ choices: ['uid', 'standard', 'full']
+ ignore_warnings:
+ description:
+ - Apply changes ignoring warnings.
+ type: bool
+ ignore_errors:
+ description:
+ - Apply changes ignoring errors. You won't be able to publish such a changes. If ignore-warnings flag was omitted - warnings will also be ignored.
+ type: bool
+extends_documentation_fragment: check_point.mgmt.checkpoint_objects
+"""
+
+EXAMPLES = """
+- name: add-global-assignment
+ cp_mgmt_global_assignment:
+ dependent_domain: domain2
+ global_access_policy: standard
+ global_domain: Global
+ global_threat_prevention_policy: standard
+ manage_protection_actions: true
+ state: present
+
+- name: set-global-assignment
+ cp_mgmt_global_assignment:
+ dependent_domain: domain1
+ global_domain: Global2
+ global_threat_prevention_policy: ''
+ manage_protection_actions: false
+ state: present
+
+- name: delete-global-assignment
+ cp_mgmt_global_assignment:
+ dependent_domain: domain1
+ global_domain: Global2
+ state: absent
+"""
+
+RETURN = """
+cp_mgmt_global_assignment:
+ description: The checkpoint object created or updated.
+ returned: always, except when deleting the object.
+ type: dict
+"""
+
+from ansible.module_utils.basic import AnsibleModule
+from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_objects, api_call
+
+
+def main():
+ argument_spec = dict(
+ dependent_domain=dict(type='str'),
+ global_access_policy=dict(type='str'),
+ global_domain=dict(type='str'),
+ global_threat_prevention_policy=dict(type='str'),
+ manage_protection_actions=dict(type='bool'),
+ details_level=dict(type='str', choices=['uid', 'standard', 'full']),
+ ignore_warnings=dict(type='bool'),
+ ignore_errors=dict(type='bool')
+ )
+ argument_spec.update(checkpoint_argument_spec_for_objects)
+
+ module = AnsibleModule(argument_spec=argument_spec, supports_check_mode=True)
+ api_call_object = 'global-assignment'
+
+ result = api_call(module, api_call_object)
+ module.exit_json(**result)
+
+
+if __name__ == '__main__':
+ main()
diff --git a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_global_assignment_facts.py b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_global_assignment_facts.py
new file mode 100644
index 000000000..be5c11788
--- /dev/null
+++ b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_global_assignment_facts.py
@@ -0,0 +1,132 @@
+#!/usr/bin/python
+# -*- coding: utf-8 -*-
+#
+# Ansible module to manage Check Point Firewall (c) 2019
+#
+# Ansible is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# Ansible is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with Ansible. If not, see <http://www.gnu.org/licenses/>.
+#
+
+from __future__ import (absolute_import, division, print_function)
+
+__metaclass__ = type
+
+ANSIBLE_METADATA = {'metadata_version': '1.1',
+ 'status': ['preview'],
+ 'supported_by': 'community'}
+
+DOCUMENTATION = """
+---
+module: cp_mgmt_global_assignment_facts
+short_description: Get global-assignment objects facts on Check Point over Web Services API
+description:
+ - Get global-assignment objects facts on Check Point devices.
+ - All operations are performed over Web Services API.
+ - This module handles both operations, get a specific object and get several objects,
+ For getting a specific object use the parameter 'name'.
+version_added: "1.0.0"
+author: "Or Soffer (@chkp-orso)"
+options:
+ dependent_domain:
+ description:
+ - N/A
+ type: str
+ global_domain:
+ description:
+ - N/A
+ type: str
+ details_level:
+ description:
+ - The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed
+ representation of the object.
+ type: str
+ choices: ['uid', 'standard', 'full']
+ limit:
+ description:
+ - No more than that many results will be returned.
+ This parameter is relevant only for getting few objects.
+ type: int
+ offset:
+ description:
+ - Skip that many results before beginning to return them.
+ This parameter is relevant only for getting few objects.
+ type: int
+ order:
+ description:
+ - Sorts results by the given field. By default the results are sorted in the ascending order by name.
+ This parameter is relevant only for getting few objects.
+ type: list
+ elements: dict
+ suboptions:
+ ASC:
+ description:
+ - Sorts results by the given field in ascending order.
+ type: str
+ choices: ['name']
+ DESC:
+ description:
+ - Sorts results by the given field in descending order.
+ type: str
+ choices: ['name']
+extends_documentation_fragment: check_point.mgmt.checkpoint_facts
+"""
+
+EXAMPLES = """
+- name: show-global-assignment
+ cp_mgmt_global_assignment_facts:
+ dependent_domain: domain1
+ global_domain: Global2
+
+- name: show-global-assignments
+ cp_mgmt_global_assignment_facts:
+ details_level: standard
+ limit: 50
+ offset: 0
+"""
+
+RETURN = """
+ansible_facts:
+ description: The checkpoint object facts.
+ returned: always.
+ type: dict
+"""
+
+from ansible.module_utils.basic import AnsibleModule
+from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_facts, api_call_facts
+
+
+def main():
+ argument_spec = dict(
+ dependent_domain=dict(type='str'),
+ global_domain=dict(type='str'),
+ details_level=dict(type='str', choices=['uid', 'standard', 'full']),
+ limit=dict(type='int'),
+ offset=dict(type='int'),
+ order=dict(type='list', elements='dict', options=dict(
+ ASC=dict(type='str', choices=['name']),
+ DESC=dict(type='str', choices=['name'])
+ ))
+ )
+ argument_spec.update(checkpoint_argument_spec_for_facts)
+
+ module = AnsibleModule(argument_spec=argument_spec, supports_check_mode=True)
+
+ api_call_object = "global-assignment"
+ api_call_object_plural_version = "global-assignments"
+
+ result = api_call_facts(module, api_call_object, api_call_object_plural_version)
+ module.exit_json(ansible_facts=result)
+
+
+if __name__ == '__main__':
+ main()
diff --git a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_group.py b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_group.py
new file mode 100644
index 000000000..fd134ff1a
--- /dev/null
+++ b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_group.py
@@ -0,0 +1,143 @@
+#!/usr/bin/python
+# -*- coding: utf-8 -*-
+#
+# Ansible module to manage Check Point Firewall (c) 2019
+#
+# Ansible is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# Ansible is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with Ansible. If not, see <http://www.gnu.org/licenses/>.
+#
+
+from __future__ import (absolute_import, division, print_function)
+
+__metaclass__ = type
+
+ANSIBLE_METADATA = {'metadata_version': '1.1',
+ 'status': ['preview'],
+ 'supported_by': 'community'}
+
+DOCUMENTATION = """
+---
+module: cp_mgmt_group
+short_description: Manages group objects on Check Point over Web Services API
+description:
+ - Manages group objects on Check Point devices including creating, updating and removing objects.
+ - All operations are performed over Web Services API.
+version_added: "1.0.0"
+author: "Or Soffer (@chkp-orso)"
+options:
+ name:
+ description:
+ - Object name.
+ type: str
+ required: True
+ members:
+ description:
+ - Collection of Network objects identified by the name or UID.
+ type: list
+ elements: str
+ tags:
+ description:
+ - Collection of tag identifiers.
+ type: list
+ elements: str
+ color:
+ description:
+ - Color of the object. Should be one of existing colors.
+ type: str
+ choices: ['aquamarine', 'black', 'blue', 'crete blue', 'burlywood', 'cyan', 'dark green', 'khaki', 'orchid', 'dark orange', 'dark sea green',
+ 'pink', 'turquoise', 'dark blue', 'firebrick', 'brown', 'forest green', 'gold', 'dark gold', 'gray', 'dark gray', 'light green', 'lemon chiffon',
+ 'coral', 'sea green', 'sky blue', 'magenta', 'purple', 'slate blue', 'violet red', 'navy blue', 'olive', 'orange', 'red', 'sienna', 'yellow']
+ comments:
+ description:
+ - Comments string.
+ type: str
+ details_level:
+ description:
+ - The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed
+ representation of the object.
+ type: str
+ choices: ['uid', 'standard', 'full']
+ groups:
+ description:
+ - Collection of group identifiers.
+ type: list
+ elements: str
+ ignore_warnings:
+ description:
+ - Apply changes ignoring warnings.
+ type: bool
+ ignore_errors:
+ description:
+ - Apply changes ignoring errors. You won't be able to publish such a changes. If ignore-warnings flag was omitted - warnings will also be ignored.
+ type: bool
+extends_documentation_fragment: check_point.mgmt.checkpoint_objects
+"""
+
+EXAMPLES = """
+- name: add-group
+ cp_mgmt_group:
+ members:
+ - New Host 1
+ - My Test Host 3
+ name: New Group 5
+ state: present
+
+- name: set-group
+ cp_mgmt_group:
+ name: New Group 1
+ state: present
+
+- name: delete-group
+ cp_mgmt_group:
+ name: New Group 1
+ state: absent
+"""
+
+RETURN = """
+cp_mgmt_group:
+ description: The checkpoint object created or updated.
+ returned: always, except when deleting the object.
+ type: dict
+"""
+
+from ansible.module_utils.basic import AnsibleModule
+from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_objects, api_call
+
+
+def main():
+ argument_spec = dict(
+ name=dict(type='str', required=True),
+ members=dict(type='list', elements='str'),
+ tags=dict(type='list', elements='str'),
+ color=dict(type='str', choices=['aquamarine', 'black', 'blue', 'crete blue', 'burlywood', 'cyan', 'dark green',
+ 'khaki', 'orchid', 'dark orange', 'dark sea green', 'pink', 'turquoise', 'dark blue', 'firebrick', 'brown',
+ 'forest green', 'gold', 'dark gold', 'gray', 'dark gray', 'light green', 'lemon chiffon', 'coral', 'sea green',
+ 'sky blue', 'magenta', 'purple', 'slate blue', 'violet red', 'navy blue', 'olive', 'orange', 'red', 'sienna',
+ 'yellow']),
+ comments=dict(type='str'),
+ details_level=dict(type='str', choices=['uid', 'standard', 'full']),
+ groups=dict(type='list', elements='str'),
+ ignore_warnings=dict(type='bool'),
+ ignore_errors=dict(type='bool')
+ )
+ argument_spec.update(checkpoint_argument_spec_for_objects)
+
+ module = AnsibleModule(argument_spec=argument_spec, supports_check_mode=True)
+ api_call_object = 'group'
+
+ result = api_call(module, api_call_object)
+ module.exit_json(**result)
+
+
+if __name__ == '__main__':
+ main()
diff --git a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_group_facts.py b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_group_facts.py
new file mode 100644
index 000000000..baa5b2763
--- /dev/null
+++ b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_group_facts.py
@@ -0,0 +1,144 @@
+#!/usr/bin/python
+# -*- coding: utf-8 -*-
+#
+# Ansible module to manage Check Point Firewall (c) 2019
+#
+# Ansible is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# Ansible is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with Ansible. If not, see <http://www.gnu.org/licenses/>.
+#
+
+from __future__ import (absolute_import, division, print_function)
+
+__metaclass__ = type
+
+ANSIBLE_METADATA = {'metadata_version': '1.1',
+ 'status': ['preview'],
+ 'supported_by': 'community'}
+
+DOCUMENTATION = """
+---
+module: cp_mgmt_group_facts
+short_description: Get group objects facts on Check Point over Web Services API
+description:
+ - Get group objects facts on Check Point devices.
+ - All operations are performed over Web Services API.
+ - This module handles both operations, get a specific object and get several objects,
+ For getting a specific object use the parameter 'name'.
+version_added: "1.0.0"
+author: "Or Soffer (@chkp-orso)"
+options:
+ name:
+ description:
+ - Object name.
+ This parameter is relevant only for getting a specific object.
+ type: str
+ show_as_ranges:
+ description:
+ - When true, the group's matched content is displayed as ranges of IP addresses rather than network objects.<br />Objects that are not
+ represented using IP addresses are presented as objects.<br />The 'members' parameter is omitted from the response and instead the 'ranges' parameter
+ is displayed.
+ type: bool
+ details_level:
+ description:
+ - The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed
+ representation of the object.
+ type: str
+ choices: ['uid', 'standard', 'full']
+ limit:
+ description:
+ - No more than that many results will be returned.
+ This parameter is relevant only for getting few objects.
+ type: int
+ offset:
+ description:
+ - Skip that many results before beginning to return them.
+ This parameter is relevant only for getting few objects.
+ type: int
+ order:
+ description:
+ - Sorts results by the given field. By default the results are sorted in the ascending order by name.
+ This parameter is relevant only for getting few objects.
+ type: list
+ elements: dict
+ suboptions:
+ ASC:
+ description:
+ - Sorts results by the given field in ascending order.
+ type: str
+ choices: ['name']
+ DESC:
+ description:
+ - Sorts results by the given field in descending order.
+ type: str
+ choices: ['name']
+ dereference_group_members:
+ description:
+ - Indicates whether to dereference "members" field by details level for every object in reply.
+ type: bool
+ show_membership:
+ description:
+ - Indicates whether to calculate and show "groups" field for every object in reply.
+ type: bool
+extends_documentation_fragment: check_point.mgmt.checkpoint_facts
+"""
+
+EXAMPLES = """
+- name: show-group
+ cp_mgmt_group_facts:
+ name: Demo_Group
+
+- name: show-groups
+ cp_mgmt_group_facts:
+ details_level: standard
+ limit: 50
+ offset: 0
+"""
+
+RETURN = """
+ansible_facts:
+ description: The checkpoint object facts.
+ returned: always.
+ type: dict
+"""
+
+from ansible.module_utils.basic import AnsibleModule
+from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_facts, api_call_facts
+
+
+def main():
+ argument_spec = dict(
+ name=dict(type='str'),
+ show_as_ranges=dict(type='bool'),
+ details_level=dict(type='str', choices=['uid', 'standard', 'full']),
+ limit=dict(type='int'),
+ offset=dict(type='int'),
+ order=dict(type='list', elements='dict', options=dict(
+ ASC=dict(type='str', choices=['name']),
+ DESC=dict(type='str', choices=['name'])
+ )),
+ dereference_group_members=dict(type='bool'),
+ show_membership=dict(type='bool')
+ )
+ argument_spec.update(checkpoint_argument_spec_for_facts)
+
+ module = AnsibleModule(argument_spec=argument_spec, supports_check_mode=True)
+
+ api_call_object = "group"
+ api_call_object_plural_version = "groups"
+
+ result = api_call_facts(module, api_call_object, api_call_object_plural_version)
+ module.exit_json(ansible_facts=result)
+
+
+if __name__ == '__main__':
+ main()
diff --git a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_group_with_exclusion.py b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_group_with_exclusion.py
new file mode 100644
index 000000000..8497cd60d
--- /dev/null
+++ b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_group_with_exclusion.py
@@ -0,0 +1,148 @@
+#!/usr/bin/python
+# -*- coding: utf-8 -*-
+#
+# Ansible module to manage Check Point Firewall (c) 2019
+#
+# Ansible is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# Ansible is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with Ansible. If not, see <http://www.gnu.org/licenses/>.
+#
+
+from __future__ import (absolute_import, division, print_function)
+
+__metaclass__ = type
+
+ANSIBLE_METADATA = {'metadata_version': '1.1',
+ 'status': ['preview'],
+ 'supported_by': 'community'}
+
+DOCUMENTATION = """
+---
+module: cp_mgmt_group_with_exclusion
+short_description: Manages group-with-exclusion objects on Check Point over Web Services API
+description:
+ - Manages group-with-exclusion objects on Check Point devices including creating, updating and removing objects.
+ - All operations are performed over Web Services API.
+version_added: "1.0.0"
+author: "Or Soffer (@chkp-orso)"
+options:
+ name:
+ description:
+ - Object name.
+ type: str
+ required: True
+ except:
+ description:
+ - Name or UID of an object which the group excludes.
+ type: str
+ include:
+ description:
+ - Name or UID of an object which the group includes.
+ type: str
+ tags:
+ description:
+ - Collection of tag identifiers.
+ type: list
+ elements: str
+ color:
+ description:
+ - Color of the object. Should be one of existing colors.
+ type: str
+ choices: ['aquamarine', 'black', 'blue', 'crete blue', 'burlywood', 'cyan', 'dark green', 'khaki', 'orchid', 'dark orange', 'dark sea green',
+ 'pink', 'turquoise', 'dark blue', 'firebrick', 'brown', 'forest green', 'gold', 'dark gold', 'gray', 'dark gray', 'light green', 'lemon chiffon',
+ 'coral', 'sea green', 'sky blue', 'magenta', 'purple', 'slate blue', 'violet red', 'navy blue', 'olive', 'orange', 'red', 'sienna', 'yellow']
+ comments:
+ description:
+ - Comments string.
+ type: str
+ details_level:
+ description:
+ - The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed
+ representation of the object.
+ type: str
+ choices: ['uid', 'standard', 'full']
+ groups:
+ description:
+ - Collection of group identifiers.
+ type: list
+ elements: str
+ ignore_warnings:
+ description:
+ - Apply changes ignoring warnings.
+ type: bool
+ ignore_errors:
+ description:
+ - Apply changes ignoring errors. You won't be able to publish such a changes. If ignore-warnings flag was omitted - warnings will also be ignored.
+ type: bool
+extends_documentation_fragment: check_point.mgmt.checkpoint_objects
+"""
+
+EXAMPLES = """
+- name: add-group-with-exclusion
+ cp_mgmt_group_with_exclusion:
+ except: New Group 2
+ include: New Group 1
+ name: Group with exclusion
+ state: present
+
+- name: set-group-with-exclusion
+ cp_mgmt_group_with_exclusion:
+ except: New Group 1
+ include: New Group 2
+ name: Group with exclusion
+ state: present
+
+- name: delete-group-with-exclusion
+ cp_mgmt_group_with_exclusion:
+ name: Group with exclusion
+ state: absent
+"""
+
+RETURN = """
+cp_mgmt_group_with_exclusion:
+ description: The checkpoint object created or updated.
+ returned: always, except when deleting the object.
+ type: dict
+"""
+
+from ansible.module_utils.basic import AnsibleModule
+from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_objects, api_call
+
+
+def main():
+ argument_spec = dict(
+ name=dict(type='str', required=True),
+ include=dict(type='str'),
+ tags=dict(type='list', elements='str'),
+ color=dict(type='str', choices=['aquamarine', 'black', 'blue', 'crete blue', 'burlywood', 'cyan', 'dark green',
+ 'khaki', 'orchid', 'dark orange', 'dark sea green', 'pink', 'turquoise', 'dark blue', 'firebrick', 'brown',
+ 'forest green', 'gold', 'dark gold', 'gray', 'dark gray', 'light green', 'lemon chiffon', 'coral', 'sea green',
+ 'sky blue', 'magenta', 'purple', 'slate blue', 'violet red', 'navy blue', 'olive', 'orange', 'red', 'sienna',
+ 'yellow']),
+ comments=dict(type='str'),
+ details_level=dict(type='str', choices=['uid', 'standard', 'full']),
+ groups=dict(type='list', elements='str'),
+ ignore_warnings=dict(type='bool'),
+ ignore_errors=dict(type='bool')
+ )
+ argument_spec['except'] = dict(type='str')
+ argument_spec.update(checkpoint_argument_spec_for_objects)
+
+ module = AnsibleModule(argument_spec=argument_spec, supports_check_mode=True)
+ api_call_object = 'group-with-exclusion'
+
+ result = api_call(module, api_call_object)
+ module.exit_json(**result)
+
+
+if __name__ == '__main__':
+ main()
diff --git a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_group_with_exclusion_facts.py b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_group_with_exclusion_facts.py
new file mode 100644
index 000000000..d2443e1cc
--- /dev/null
+++ b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_group_with_exclusion_facts.py
@@ -0,0 +1,134 @@
+#!/usr/bin/python
+# -*- coding: utf-8 -*-
+#
+# Ansible module to manage Check Point Firewall (c) 2019
+#
+# Ansible is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# Ansible is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with Ansible. If not, see <http://www.gnu.org/licenses/>.
+#
+
+from __future__ import (absolute_import, division, print_function)
+
+__metaclass__ = type
+
+ANSIBLE_METADATA = {'metadata_version': '1.1',
+ 'status': ['preview'],
+ 'supported_by': 'community'}
+
+DOCUMENTATION = """
+---
+module: cp_mgmt_group_with_exclusion_facts
+short_description: Get group-with-exclusion objects facts on Check Point over Web Services API
+description:
+ - Get group-with-exclusion objects facts on Check Point devices.
+ - All operations are performed over Web Services API.
+ - This module handles both operations, get a specific object and get several objects,
+ For getting a specific object use the parameter 'name'.
+version_added: "1.0.0"
+author: "Or Soffer (@chkp-orso)"
+options:
+ name:
+ description:
+ - Object name.
+ This parameter is relevant only for getting a specific object.
+ type: str
+ show_as_ranges:
+ description:
+ - When true, the group with exclusion's matched content is displayed as ranges of IP addresses rather than network objects.<br />Objects that
+ are not represented using IP addresses are presented as objects.<br />The 'include' and 'except' parameters are omitted from the response and instead
+ the 'ranges' parameter is displayed.
+ type: bool
+ details_level:
+ description:
+ - The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed
+ representation of the object.
+ type: str
+ choices: ['uid', 'standard', 'full']
+ limit:
+ description:
+ - No more than that many results will be returned.
+ This parameter is relevant only for getting few objects.
+ type: int
+ offset:
+ description:
+ - Skip that many results before beginning to return them.
+ This parameter is relevant only for getting few objects.
+ type: int
+ order:
+ description:
+ - Sorts results by the given field. By default the results are sorted in the ascending order by name.
+ This parameter is relevant only for getting few objects.
+ type: list
+ elements: dict
+ suboptions:
+ ASC:
+ description:
+ - Sorts results by the given field in ascending order.
+ type: str
+ choices: ['name']
+ DESC:
+ description:
+ - Sorts results by the given field in descending order.
+ type: str
+ choices: ['name']
+extends_documentation_fragment: check_point.mgmt.checkpoint_facts
+"""
+
+EXAMPLES = """
+- name: show-group-with-exclusion
+ cp_mgmt_group_with_exclusion_facts:
+ name: Group with exclusion
+
+- name: show-groups-with-exclusion
+ cp_mgmt_group_with_exclusion_facts:
+ details_level: standard
+ limit: 50
+ offset: 0
+"""
+
+RETURN = """
+ansible_facts:
+ description: The checkpoint object facts.
+ returned: always.
+ type: dict
+"""
+
+from ansible.module_utils.basic import AnsibleModule
+from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_facts, api_call_facts
+
+
+def main():
+ argument_spec = dict(
+ name=dict(type='str'),
+ show_as_ranges=dict(type='bool'),
+ details_level=dict(type='str', choices=['uid', 'standard', 'full']),
+ limit=dict(type='int'),
+ offset=dict(type='int'),
+ order=dict(type='list', elements='dict', options=dict(
+ ASC=dict(type='str', choices=['name']),
+ DESC=dict(type='str', choices=['name'])
+ ))
+ )
+ argument_spec.update(checkpoint_argument_spec_for_facts)
+
+ module = AnsibleModule(argument_spec=argument_spec, supports_check_mode=True)
+
+ api_call_object = "group-with-exclusion"
+ api_call_object_plural_version = "groups-with-exclusion"
+
+ result = api_call_facts(module, api_call_object, api_call_object_plural_version)
+ module.exit_json(ansible_facts=result)
+
+
+if __name__ == '__main__':
+ main()
diff --git a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_host.py b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_host.py
new file mode 100644
index 000000000..5ec16c1f7
--- /dev/null
+++ b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_host.py
@@ -0,0 +1,338 @@
+#!/usr/bin/python
+# -*- coding: utf-8 -*-
+#
+# Ansible module to manage Check Point Firewall (c) 2019
+#
+# Ansible is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# Ansible is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with Ansible. If not, see <http://www.gnu.org/licenses/>.
+#
+
+from __future__ import (absolute_import, division, print_function)
+
+__metaclass__ = type
+
+ANSIBLE_METADATA = {'metadata_version': '1.1',
+ 'status': ['preview'],
+ 'supported_by': 'community'}
+
+DOCUMENTATION = """
+---
+module: cp_mgmt_host
+short_description: Manages host objects on Check Point over Web Services API
+description:
+ - Manages host objects on Check Point devices including creating, updating and removing objects.
+ - All operations are performed over Web Services API.
+version_added: "1.0.0"
+author: "Or Soffer (@chkp-orso)"
+options:
+ name:
+ description:
+ - Object name.
+ type: str
+ required: True
+ ip_address:
+ description:
+ - IPv4 or IPv6 address. If both addresses are required use ipv4-address and ipv6-address fields explicitly.
+ type: str
+ ipv4_address:
+ description:
+ - IPv4 address.
+ type: str
+ ipv6_address:
+ description:
+ - IPv6 address.
+ type: str
+ interfaces:
+ description:
+ - Host interfaces.
+ type: list
+ elements: dict
+ suboptions:
+ name:
+ description:
+ - Interface name.
+ type: str
+ subnet:
+ description:
+ - IPv4 or IPv6 network address. If both addresses are required use subnet4 and subnet6 fields explicitly.
+ type: str
+ subnet4:
+ description:
+ - IPv4 network address.
+ type: str
+ subnet6:
+ description:
+ - IPv6 network address.
+ type: str
+ mask_length:
+ description:
+ - IPv4 or IPv6 network mask length. If both masks are required use mask-length4 and mask-length6 fields explicitly. Instead of IPv4 mask
+ length it is possible to specify IPv4 mask itself in subnet-mask field.
+ type: int
+ mask_length4:
+ description:
+ - IPv4 network mask length.
+ type: int
+ mask_length6:
+ description:
+ - IPv6 network mask length.
+ type: int
+ subnet_mask:
+ description:
+ - IPv4 network mask.
+ type: str
+ color:
+ description:
+ - Color of the object. Should be one of existing colors.
+ type: str
+ choices: ['aquamarine', 'black', 'blue', 'crete blue', 'burlywood', 'cyan', 'dark green', 'khaki', 'orchid', 'dark orange',
+ 'dark sea green', 'pink', 'turquoise', 'dark blue', 'firebrick', 'brown', 'forest green', 'gold', 'dark gold', 'gray', 'dark gray',
+ 'light green', 'lemon chiffon', 'coral', 'sea green', 'sky blue', 'magenta', 'purple', 'slate blue', 'violet red', 'navy blue', 'olive',
+ 'orange', 'red', 'sienna', 'yellow']
+ comments:
+ description:
+ - Comments string.
+ type: str
+ details_level:
+ description:
+ - The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed
+ representation of the object.
+ type: str
+ choices: ['uid', 'standard', 'full']
+ ignore_warnings:
+ description:
+ - Apply changes ignoring warnings.
+ type: bool
+ ignore_errors:
+ description:
+ - Apply changes ignoring errors. You won't be able to publish such a changes. If ignore-warnings flag was omitted - warnings will also be ignored.
+ type: bool
+ nat_settings:
+ description:
+ - NAT settings.
+ type: dict
+ suboptions:
+ auto_rule:
+ description:
+ - Whether to add automatic address translation rules.
+ type: bool
+ ip_address:
+ description:
+ - IPv4 or IPv6 address. If both addresses are required use ipv4-address and ipv6-address fields explicitly. This parameter is not
+ required in case "method" parameter is "hide" and "hide-behind" parameter is "gateway".
+ type: str
+ ipv4_address:
+ description:
+ - IPv4 address.
+ type: str
+ ipv6_address:
+ description:
+ - IPv6 address.
+ type: str
+ hide_behind:
+ description:
+ - Hide behind method. This parameter is not required in case "method" parameter is "static".
+ type: str
+ choices: ['gateway', 'ip-address']
+ install_on:
+ description:
+ - Which gateway should apply the NAT translation.
+ type: str
+ method:
+ description:
+ - NAT translation method.
+ type: str
+ choices: ['hide', 'static']
+ tags:
+ description:
+ - Collection of tag identifiers.
+ type: list
+ elements: str
+ host_servers:
+ description:
+ - Servers Configuration.
+ type: dict
+ suboptions:
+ dns_server:
+ description:
+ - Gets True if this server is a DNS Server.
+ type: bool
+ mail_server:
+ description:
+ - Gets True if this server is a Mail Server.
+ type: bool
+ web_server:
+ description:
+ - Gets True if this server is a Web Server.
+ type: bool
+ web_server_config:
+ description:
+ - Web Server configuration.
+ type: dict
+ suboptions:
+ additional_ports:
+ description:
+ - Server additional ports.
+ type: list
+ elements: str
+ application_engines:
+ description:
+ - Application engines of this web server.
+ type: list
+ elements: str
+ listen_standard_port:
+ description:
+ - Whether server listens to standard port.
+ type: bool
+ operating_system:
+ description:
+ - Operating System.
+ type: str
+ choices: ['sparc linux', 'windows', 'other', 'x86 linux', 'sparc solaris']
+ protected_by:
+ description:
+ - Network object which protects this server identified by the name or UID.
+ type: str
+ color:
+ description:
+ - Color of the object. Should be one of existing colors.
+ type: str
+ choices: ['aquamarine', 'black', 'blue', 'crete blue', 'burlywood', 'cyan', 'dark green', 'khaki', 'orchid', 'dark orange', 'dark sea green',
+ 'pink', 'turquoise', 'dark blue', 'firebrick', 'brown', 'forest green', 'gold', 'dark gold', 'gray', 'dark gray', 'light green', 'lemon chiffon',
+ 'coral', 'sea green', 'sky blue', 'magenta', 'purple', 'slate blue', 'violet red', 'navy blue', 'olive', 'orange', 'red', 'sienna', 'yellow']
+ comments:
+ description:
+ - Comments string.
+ type: str
+ details_level:
+ description:
+ - The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed
+ representation of the object.
+ type: str
+ choices: ['uid', 'standard', 'full']
+ groups:
+ description:
+ - Collection of group identifiers.
+ type: list
+ elements: str
+ ignore_warnings:
+ description:
+ - Apply changes ignoring warnings.
+ type: bool
+ ignore_errors:
+ description:
+ - Apply changes ignoring errors. You won't be able to publish such a changes. If ignore-warnings flag was omitted - warnings will also be ignored.
+ type: bool
+extends_documentation_fragment: check_point.mgmt.checkpoint_objects
+"""
+
+EXAMPLES = """
+- name: add-host
+ cp_mgmt_host:
+ ip_address: 192.0.2.1
+ name: New Host 1
+ state: present
+
+- name: set-host
+ cp_mgmt_host:
+ color: green
+ ipv4_address: 192.0.2.2
+ name: New Host 1
+ state: present
+
+- name: delete-host
+ cp_mgmt_host:
+ name: New Host 1
+ state: absent
+"""
+
+RETURN = """
+cp_mgmt_host:
+ description: The checkpoint object created or updated.
+ returned: always, except when deleting the object.
+ type: dict
+"""
+
+from ansible.module_utils.basic import AnsibleModule
+from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_objects, api_call
+
+
+def main():
+ argument_spec = dict(
+ name=dict(type='str', required=True),
+ ip_address=dict(type='str'),
+ ipv4_address=dict(type='str'),
+ ipv6_address=dict(type='str'),
+ interfaces=dict(type='list', elements='dict', options=dict(
+ name=dict(type='str'),
+ subnet=dict(type='str'),
+ subnet4=dict(type='str'),
+ subnet6=dict(type='str'),
+ mask_length=dict(type='int'),
+ mask_length4=dict(type='int'),
+ mask_length6=dict(type='int'),
+ subnet_mask=dict(type='str'),
+ color=dict(type='str', choices=['aquamarine', 'black', 'blue', 'crete blue', 'burlywood', 'cyan',
+ 'dark green', 'khaki', 'orchid', 'dark orange', 'dark sea green', 'pink', 'turquoise', 'dark blue', 'firebrick',
+ 'brown', 'forest green', 'gold', 'dark gold', 'gray', 'dark gray', 'light green', 'lemon chiffon', 'coral',
+ 'sea green', 'sky blue', 'magenta', 'purple', 'slate blue', 'violet red', 'navy blue', 'olive', 'orange', 'red',
+ 'sienna', 'yellow']),
+ comments=dict(type='str'),
+ details_level=dict(type='str', choices=['uid', 'standard', 'full']),
+ ignore_warnings=dict(type='bool'),
+ ignore_errors=dict(type='bool')
+ )),
+ nat_settings=dict(type='dict', options=dict(
+ auto_rule=dict(type='bool'),
+ ip_address=dict(type='str'),
+ ipv4_address=dict(type='str'),
+ ipv6_address=dict(type='str'),
+ hide_behind=dict(type='str', choices=['gateway', 'ip-address']),
+ install_on=dict(type='str'),
+ method=dict(type='str', choices=['hide', 'static'])
+ )),
+ tags=dict(type='list', elements='str'),
+ host_servers=dict(type='dict', options=dict(
+ dns_server=dict(type='bool'),
+ mail_server=dict(type='bool'),
+ web_server=dict(type='bool'),
+ web_server_config=dict(type='dict', options=dict(
+ additional_ports=dict(type='list', elements='str'),
+ application_engines=dict(type='list', elements='str'),
+ listen_standard_port=dict(type='bool'),
+ operating_system=dict(type='str', choices=['sparc linux', 'windows', 'other', 'x86 linux', 'sparc solaris']),
+ protected_by=dict(type='str')
+ ))
+ )),
+ color=dict(type='str', choices=['aquamarine', 'black', 'blue', 'crete blue', 'burlywood', 'cyan', 'dark green',
+ 'khaki', 'orchid', 'dark orange', 'dark sea green', 'pink', 'turquoise', 'dark blue', 'firebrick', 'brown',
+ 'forest green', 'gold', 'dark gold', 'gray', 'dark gray', 'light green', 'lemon chiffon', 'coral', 'sea green',
+ 'sky blue', 'magenta', 'purple', 'slate blue', 'violet red', 'navy blue', 'olive', 'orange', 'red', 'sienna',
+ 'yellow']),
+ comments=dict(type='str'),
+ details_level=dict(type='str', choices=['uid', 'standard', 'full']),
+ groups=dict(type='list', elements='str'),
+ ignore_warnings=dict(type='bool'),
+ ignore_errors=dict(type='bool')
+ )
+ argument_spec.update(checkpoint_argument_spec_for_objects)
+
+ module = AnsibleModule(argument_spec=argument_spec, supports_check_mode=True)
+ api_call_object = 'host'
+
+ result = api_call(module, api_call_object)
+ module.exit_json(**result)
+
+
+if __name__ == '__main__':
+ main()
diff --git a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_host_facts.py b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_host_facts.py
new file mode 100644
index 000000000..597b817f6
--- /dev/null
+++ b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_host_facts.py
@@ -0,0 +1,132 @@
+#!/usr/bin/python
+# -*- coding: utf-8 -*-
+#
+# Ansible module to manage Check Point Firewall (c) 2019
+#
+# Ansible is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# Ansible is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with Ansible. If not, see <http://www.gnu.org/licenses/>.
+#
+
+from __future__ import (absolute_import, division, print_function)
+
+__metaclass__ = type
+
+ANSIBLE_METADATA = {'metadata_version': '1.1',
+ 'status': ['preview'],
+ 'supported_by': 'community'}
+
+DOCUMENTATION = """
+---
+module: cp_mgmt_host_facts
+short_description: Get host objects facts on Check Point over Web Services API
+description:
+ - Get host objects facts on Check Point devices.
+ - All operations are performed over Web Services API.
+ - This module handles both operations, get a specific object and get several objects,
+ For getting a specific object use the parameter 'name'.
+version_added: "1.0.0"
+author: "Or Soffer (@chkp-orso)"
+options:
+ name:
+ description:
+ - Object name.
+ This parameter is relevant only for getting a specific object.
+ type: str
+ details_level:
+ description:
+ - The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed
+ representation of the object.
+ type: str
+ choices: ['uid', 'standard', 'full']
+ limit:
+ description:
+ - No more than that many results will be returned.
+ This parameter is relevant only for getting few objects.
+ type: int
+ offset:
+ description:
+ - Skip that many results before beginning to return them.
+ This parameter is relevant only for getting few objects.
+ type: int
+ order:
+ description:
+ - Sorts results by the given field. By default the results are sorted in the ascending order by name.
+ This parameter is relevant only for getting few objects.
+ type: list
+ elements: dict
+ suboptions:
+ ASC:
+ description:
+ - Sorts results by the given field in ascending order.
+ type: str
+ choices: ['name']
+ DESC:
+ description:
+ - Sorts results by the given field in descending order.
+ type: str
+ choices: ['name']
+ show_membership:
+ description:
+ - Indicates whether to calculate and show "groups" field for every object in reply.
+ type: bool
+extends_documentation_fragment: check_point.mgmt.checkpoint_facts
+"""
+
+EXAMPLES = """
+- name: show-host
+ cp_mgmt_host_facts:
+ name: New Host 1
+
+- name: show-hosts
+ cp_mgmt_host_facts:
+ details_level: standard
+ limit: 50
+ offset: 0
+"""
+
+RETURN = """
+ansible_facts:
+ description: The checkpoint object facts.
+ returned: always.
+ type: dict
+"""
+
+from ansible.module_utils.basic import AnsibleModule
+from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_facts, api_call_facts
+
+
+def main():
+ argument_spec = dict(
+ name=dict(type='str'),
+ details_level=dict(type='str', choices=['uid', 'standard', 'full']),
+ limit=dict(type='int'),
+ offset=dict(type='int'),
+ order=dict(type='list', elements='dict', options=dict(
+ ASC=dict(type='str', choices=['name']),
+ DESC=dict(type='str', choices=['name'])
+ )),
+ show_membership=dict(type='bool')
+ )
+ argument_spec.update(checkpoint_argument_spec_for_facts)
+
+ module = AnsibleModule(argument_spec=argument_spec, supports_check_mode=True)
+
+ api_call_object = "host"
+ api_call_object_plural_version = "hosts"
+
+ result = api_call_facts(module, api_call_object, api_call_object_plural_version)
+ module.exit_json(ansible_facts=result)
+
+
+if __name__ == '__main__':
+ main()
diff --git a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_https_section.py b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_https_section.py
new file mode 100644
index 000000000..aba2a6a89
--- /dev/null
+++ b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_https_section.py
@@ -0,0 +1,119 @@
+#!/usr/bin/python
+# -*- coding: utf-8 -*-
+#
+# Ansible module to manage CheckPoint Firewall (c) 2019
+#
+# Ansible is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# Ansible is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with Ansible. If not, see <http://www.gnu.org/licenses/>.
+#
+
+from __future__ import (absolute_import, division, print_function)
+
+__metaclass__ = type
+
+ANSIBLE_METADATA = {'metadata_version': '1.1',
+ 'status': ['preview'],
+ 'supported_by': 'community'}
+
+DOCUMENTATION = """
+---
+module: cp_mgmt_https_section
+short_description: Manages https-section objects on Checkpoint over Web Services API
+description:
+ - Manages https-section objects on Checkpoint devices including creating, updating and removing objects.
+ - All operations are performed over Web Services API.
+version_added: "2.0.0"
+author: "Or Soffer (@chkp-orso)"
+options:
+ layer:
+ description:
+ - Layer that holds the Object. Identified by the Name or UID.
+ type: str
+ position:
+ description:
+ - Position in the rulebase.
+ type: str
+ name:
+ description:
+ - Object name.
+ type: str
+ required: True
+ details_level:
+ description:
+ - The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed
+ representation of the object.
+ type: str
+ choices: ['uid', 'standard', 'full']
+ ignore_warnings:
+ description:
+ - Apply changes ignoring warnings.
+ type: bool
+ ignore_errors:
+ description:
+ - Apply changes ignoring errors. You won't be able to publish such a changes. If ignore-warnings flag was omitted - warnings will also be ignored.
+ type: bool
+extends_documentation_fragment: check_point.mgmt.checkpoint_objects
+"""
+
+EXAMPLES = """
+- name: add-https-section
+ cp_mgmt_https_section:
+ layer: Default Layer
+ name: New Section 1
+ position: 1
+ state: present
+
+- name: set-https-section
+ cp_mgmt_https_section:
+ layer: Default Layer
+ name: New Section 1
+ state: present
+
+- name: delete-https-section
+ cp_mgmt_https_section:
+ layer: Default Layer
+ name: New Section 2
+ state: absent
+"""
+
+RETURN = """
+cp_mgmt_https_section:
+ description: The checkpoint object created or updated.
+ returned: always, except when deleting the object.
+ type: dict
+"""
+
+from ansible.module_utils.basic import AnsibleModule
+from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_objects, api_call
+
+
+def main():
+ argument_spec = dict(
+ layer=dict(type='str'),
+ position=dict(type='str'),
+ name=dict(type='str', required=True),
+ details_level=dict(type='str', choices=['uid', 'standard', 'full']),
+ ignore_warnings=dict(type='bool'),
+ ignore_errors=dict(type='bool')
+ )
+ argument_spec.update(checkpoint_argument_spec_for_objects)
+
+ module = AnsibleModule(argument_spec=argument_spec, supports_check_mode=True)
+ api_call_object = 'https-section'
+
+ result = api_call(module, api_call_object)
+ module.exit_json(**result)
+
+
+if __name__ == '__main__':
+ main()
diff --git a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_identity_tag.py b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_identity_tag.py
new file mode 100644
index 000000000..782375d67
--- /dev/null
+++ b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_identity_tag.py
@@ -0,0 +1,135 @@
+#!/usr/bin/python
+# -*- coding: utf-8 -*-
+#
+# Ansible module to manage CheckPoint Firewall (c) 2019
+#
+# Ansible is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# Ansible is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with Ansible. If not, see <http://www.gnu.org/licenses/>.
+#
+
+from __future__ import (absolute_import, division, print_function)
+
+__metaclass__ = type
+
+ANSIBLE_METADATA = {'metadata_version': '1.1',
+ 'status': ['preview'],
+ 'supported_by': 'community'}
+
+DOCUMENTATION = """
+---
+module: cp_mgmt_identity_tag
+short_description: Manages identity-tag objects on Checkpoint over Web Services API
+description:
+ - Manages identity-tag objects on Checkpoint devices including creating, updating and removing objects.
+ - All operations are performed over Web Services API.
+version_added: "2.1.0"
+author: "Or Soffer (@chkp-orso)"
+options:
+ name:
+ description:
+ - Object name.
+ type: str
+ required: True
+ external_identifier:
+ description:
+ - External identifier. For example, Cisco ISE security group tag.
+ type: str
+ tags:
+ description:
+ - Collection of tag identifiers.
+ type: list
+ elements: str
+ color:
+ description:
+ - Color of the object. Should be one of existing colors.
+ type: str
+ choices: ['aquamarine', 'black', 'blue', 'crete blue', 'burlywood', 'cyan', 'dark green', 'khaki', 'orchid', 'dark orange', 'dark sea green',
+ 'pink', 'turquoise', 'dark blue', 'firebrick', 'brown', 'forest green', 'gold', 'dark gold', 'gray', 'dark gray', 'light green', 'lemon chiffon',
+ 'coral', 'sea green', 'sky blue', 'magenta', 'purple', 'slate blue', 'violet red', 'navy blue', 'olive', 'orange', 'red', 'sienna', 'yellow']
+ comments:
+ description:
+ - Comments string.
+ type: str
+ details_level:
+ description:
+ - The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed
+ representation of the object.
+ type: str
+ choices: ['uid', 'standard', 'full']
+ ignore_warnings:
+ description:
+ - Apply changes ignoring warnings.
+ type: bool
+ ignore_errors:
+ description:
+ - Apply changes ignoring errors. You won't be able to publish such a changes. If ignore-warnings flag was omitted - warnings will also be ignored.
+ type: bool
+extends_documentation_fragment: check_point.mgmt.checkpoint_objects
+"""
+
+EXAMPLES = """
+- name: add-identity-tag
+ cp_mgmt_identity_tag:
+ external_identifier: some external identifier
+ name: mytag
+ state: present
+
+- name: set-identity-tag
+ cp_mgmt_identity_tag:
+ external_identifier: Cisco ISE security group tag
+ name: mytag
+ state: present
+
+- name: delete-identity-tag
+ cp_mgmt_identity_tag:
+ name: myidentitytag
+ state: absent
+"""
+
+RETURN = """
+cp_mgmt_identity_tag:
+ description: The checkpoint object created or updated.
+ returned: always, except when deleting the object.
+ type: dict
+"""
+
+from ansible.module_utils.basic import AnsibleModule
+from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_objects, api_call
+
+
+def main():
+ argument_spec = dict(
+ name=dict(type='str', required=True),
+ external_identifier=dict(type='str'),
+ tags=dict(type='list', elements='str'),
+ color=dict(type='str', choices=['aquamarine', 'black', 'blue', 'crete blue', 'burlywood', 'cyan', 'dark green',
+ 'khaki', 'orchid', 'dark orange', 'dark sea green', 'pink', 'turquoise', 'dark blue', 'firebrick', 'brown',
+ 'forest green', 'gold', 'dark gold', 'gray', 'dark gray', 'light green', 'lemon chiffon', 'coral', 'sea green',
+ 'sky blue', 'magenta', 'purple', 'slate blue', 'violet red', 'navy blue', 'olive', 'orange', 'red', 'sienna',
+ 'yellow']),
+ comments=dict(type='str'),
+ details_level=dict(type='str', choices=['uid', 'standard', 'full']),
+ ignore_warnings=dict(type='bool'),
+ ignore_errors=dict(type='bool')
+ )
+ argument_spec.update(checkpoint_argument_spec_for_objects)
+
+ module = AnsibleModule(argument_spec=argument_spec, supports_check_mode=True)
+ api_call_object = 'identity-tag'
+
+ result = api_call(module, api_call_object)
+ module.exit_json(**result)
+
+
+if __name__ == '__main__':
+ main()
diff --git a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_identity_tag_facts.py b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_identity_tag_facts.py
new file mode 100644
index 000000000..07618264b
--- /dev/null
+++ b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_identity_tag_facts.py
@@ -0,0 +1,139 @@
+#!/usr/bin/python
+# -*- coding: utf-8 -*-
+#
+# Ansible module to manage CheckPoint Firewall (c) 2019
+#
+# Ansible is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# Ansible is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with Ansible. If not, see <http://www.gnu.org/licenses/>.
+#
+
+from __future__ import (absolute_import, division, print_function)
+
+__metaclass__ = type
+
+ANSIBLE_METADATA = {'metadata_version': '1.1',
+ 'status': ['preview'],
+ 'supported_by': 'community'}
+
+DOCUMENTATION = """
+---
+module: cp_mgmt_identity_tag_facts
+short_description: Get identity-tag objects facts on Checkpoint over Web Services API
+description:
+ - Get identity-tag objects facts on Checkpoint devices.
+ - All operations are performed over Web Services API.
+ - This module handles both operations, get a specific object and get several objects,
+ For getting a specific object use the parameter 'name'.
+version_added: "2.1.0"
+author: "Or Soffer (@chkp-orso)"
+options:
+ name:
+ description:
+ - Object name.
+ This parameter is relevant only for getting a specific object.
+ type: str
+ details_level:
+ description:
+ - The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed
+ representation of the object.
+ type: str
+ choices: ['uid', 'standard', 'full']
+ filter:
+ description:
+ - Search expression to filter objects by. The provided text should be exactly the same as it would be given in SmartConsole Object Explorer. The
+ logical operators in the expression ('AND', 'OR') should be provided in capital letters. The search involves both a IP search and a textual search in
+ name, comment, tags etc.
+ type: str
+ limit:
+ description:
+ - The maximal number of returned results.
+ This parameter is relevant only for getting few objects.
+ type: int
+ offset:
+ description:
+ - Number of the results to initially skip.
+ This parameter is relevant only for getting few objects.
+ type: int
+ order:
+ description:
+ - Sorts the results by search criteria. Automatically sorts the results by Name, in the ascending order.
+ This parameter is relevant only for getting few objects.
+ type: list
+ elements: dict
+ suboptions:
+ ASC:
+ description:
+ - Sorts results by the given field in ascending order.
+ type: str
+ choices: ['name']
+ DESC:
+ description:
+ - Sorts results by the given field in descending order.
+ type: str
+ choices: ['name']
+ domains_to_process:
+ description:
+ - Indicates which domains to process the commands on. It cannot be used with the details-level full, must be run from the System Domain only and
+ with ignore-warnings true. Valid values are, CURRENT_DOMAIN, ALL_DOMAINS_ON_THIS_SERVER.
+ type: list
+ elements: str
+extends_documentation_fragment: check_point.mgmt.checkpoint_facts
+"""
+
+EXAMPLES = """
+- name: show-identity-tag
+ cp_mgmt_identity_tag_facts:
+ name: myidentitytag
+
+- name: show-identity-tags
+ cp_mgmt_identity_tag_facts:
+ details_level: full
+"""
+
+RETURN = """
+ansible_facts:
+ description: The checkpoint object facts.
+ returned: always.
+ type: dict
+"""
+
+from ansible.module_utils.basic import AnsibleModule
+from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_facts, api_call_facts
+
+
+def main():
+ argument_spec = dict(
+ name=dict(type='str'),
+ details_level=dict(type='str', choices=['uid', 'standard', 'full']),
+ filter=dict(type='str'),
+ limit=dict(type='int'),
+ offset=dict(type='int'),
+ order=dict(type='list', elements='dict', options=dict(
+ ASC=dict(type='str', choices=['name']),
+ DESC=dict(type='str', choices=['name'])
+ )),
+ domains_to_process=dict(type='list', elements='str')
+ )
+ argument_spec.update(checkpoint_argument_spec_for_facts)
+
+ module = AnsibleModule(argument_spec=argument_spec, supports_check_mode=True)
+
+ api_call_object = "identity-tag"
+ api_call_object_plural_version = "identity-tags"
+
+ result = api_call_facts(module, api_call_object, api_call_object_plural_version)
+ module.exit_json(ansible_facts=result)
+
+
+if __name__ == '__main__':
+ main()
diff --git a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_idp_administrator_group.py b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_idp_administrator_group.py
new file mode 100644
index 000000000..ec08c8f3b
--- /dev/null
+++ b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_idp_administrator_group.py
@@ -0,0 +1,160 @@
+#!/usr/bin/python
+# -*- coding: utf-8 -*-
+#
+# Ansible module to manage CheckPoint Firewall (c) 2019
+#
+# Ansible is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# Ansible is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with Ansible. If not, see <http://www.gnu.org/licenses/>.
+#
+
+from __future__ import (absolute_import, division, print_function)
+
+__metaclass__ = type
+
+ANSIBLE_METADATA = {'metadata_version': '1.1',
+ 'status': ['preview'],
+ 'supported_by': 'community'}
+
+DOCUMENTATION = """
+---
+module: cp_mgmt_idp_administrator_group
+short_description: Manages idp-administrator-group objects on Checkpoint over Web Services API
+description:
+ - Manages idp-administrator-group objects on Checkpoint devices including creating, updating and removing objects.
+ - All operations are performed over Web Services API.
+version_added: "3.0.0"
+author: "Eden Brillant (@chkp-edenbr)"
+options:
+ name:
+ description:
+ - Object name.
+ type: str
+ required: True
+ group_id:
+ description:
+ - Group ID or Name should be set base on the source attribute of 'groups' in the Saml Assertion.
+ type: str
+ multi_domain_profile:
+ description:
+ - Administrator multi-domain profile.
+ type: str
+ permissions_profile:
+ description:
+ - Administrator permissions profile. Permissions profile should not be provided when multi-domain-profile is set to "Multi-Domain Super User" or
+ "Domain Super User".
+ type: list
+ elements: dict
+ suboptions:
+ domain:
+ description:
+ - N/A
+ type: str
+ profile:
+ description:
+ - Permission profile.
+ type: str
+ tags:
+ description:
+ - Collection of tag identifiers.
+ type: list
+ elements: str
+ color:
+ description:
+ - Color of the object. Should be one of existing colors.
+ type: str
+ choices: ['aquamarine', 'black', 'blue', 'crete blue', 'burlywood', 'cyan', 'dark green', 'khaki', 'orchid', 'dark orange', 'dark sea green',
+ 'pink', 'turquoise', 'dark blue', 'firebrick', 'brown', 'forest green', 'gold', 'dark gold', 'gray', 'dark gray', 'light green', 'lemon chiffon',
+ 'coral', 'sea green', 'sky blue', 'magenta', 'purple', 'slate blue', 'violet red', 'navy blue', 'olive', 'orange', 'red', 'sienna', 'yellow']
+ comments:
+ description:
+ - Comments string.
+ type: str
+ details_level:
+ description:
+ - The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed
+ representation of the object.
+ type: str
+ choices: ['uid', 'standard', 'full']
+ ignore_warnings:
+ description:
+ - Apply changes ignoring warnings.
+ type: bool
+ ignore_errors:
+ description:
+ - Apply changes ignoring errors. You won't be able to publish such a changes. If ignore-warnings flag was omitted - warnings will also be ignored.
+ type: bool
+extends_documentation_fragment: check_point.mgmt.checkpoint_objects
+"""
+
+EXAMPLES = """
+- name: add-idp-administrator-group
+ cp_mgmt_idp_administrator_group:
+ group_id: it-team
+ multi_domain_profile: domain super user
+ name: my super group
+ state: present
+
+- name: set-idp-administrator-group
+ cp_mgmt_idp_administrator_group:
+ group_id: global-domain-checkpoint
+ name: my global group
+ state: present
+
+- name: delete-idp-administrator-group
+ cp_mgmt_idp_administrator_group:
+ name: my super group
+ state: absent
+"""
+
+RETURN = """
+cp_mgmt_idp_administrator_group:
+ description: The checkpoint object created or updated.
+ returned: always, except when deleting the object.
+ type: dict
+"""
+
+from ansible.module_utils.basic import AnsibleModule
+from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_objects, api_call
+
+
+def main():
+ argument_spec = dict(
+ name=dict(type='str', required=True),
+ group_id=dict(type='str'),
+ multi_domain_profile=dict(type='str'),
+ permissions_profile=dict(type='list', elements='dict', options=dict(
+ domain=dict(type='str'),
+ profile=dict(type='str')
+ )),
+ tags=dict(type='list', elements='str'),
+ color=dict(type='str', choices=['aquamarine', 'black', 'blue', 'crete blue', 'burlywood', 'cyan', 'dark green',
+ 'khaki', 'orchid', 'dark orange', 'dark sea green', 'pink', 'turquoise', 'dark blue', 'firebrick', 'brown',
+ 'forest green', 'gold', 'dark gold', 'gray', 'dark gray', 'light green', 'lemon chiffon', 'coral', 'sea green',
+ 'sky blue', 'magenta', 'purple', 'slate blue', 'violet red', 'navy blue', 'olive', 'orange', 'red', 'sienna',
+ 'yellow']),
+ comments=dict(type='str'),
+ details_level=dict(type='str', choices=['uid', 'standard', 'full']),
+ ignore_warnings=dict(type='bool'),
+ ignore_errors=dict(type='bool')
+ )
+ argument_spec.update(checkpoint_argument_spec_for_objects)
+
+ module = AnsibleModule(argument_spec=argument_spec, supports_check_mode=True)
+ api_call_object = 'idp-administrator-group'
+
+ result = api_call(module, api_call_object)
+ module.exit_json(**result)
+
+
+if __name__ == '__main__':
+ main()
diff --git a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_idp_administrator_group_facts.py b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_idp_administrator_group_facts.py
new file mode 100644
index 000000000..bbe358d71
--- /dev/null
+++ b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_idp_administrator_group_facts.py
@@ -0,0 +1,138 @@
+#!/usr/bin/python
+# -*- coding: utf-8 -*-
+#
+# Ansible module to manage CheckPoint Firewall (c) 2019
+#
+# Ansible is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# Ansible is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with Ansible. If not, see <http://www.gnu.org/licenses/>.
+#
+
+from __future__ import (absolute_import, division, print_function)
+
+__metaclass__ = type
+
+ANSIBLE_METADATA = {'metadata_version': '1.1',
+ 'status': ['preview'],
+ 'supported_by': 'community'}
+
+DOCUMENTATION = """
+---
+module: cp_mgmt_idp_administrator_group_facts
+short_description: Get idp-administrator-group objects facts on Checkpoint over Web Services API
+description:
+ - Get idp-administrator-group objects facts on Checkpoint devices.
+ - All operations are performed over Web Services API.
+ - This module handles both operations, get a specific object and get several objects,
+ For getting a specific object use the parameter 'name'.
+version_added: "3.0.0"
+author: "Eden Brillant (@chkp-edenbr)"
+options:
+ name:
+ description:
+ - Object name.
+ This parameter is relevant only for getting a specific object.
+ type: str
+ details_level:
+ description:
+ - The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed
+ representation of the object.
+ type: str
+ choices: ['uid', 'standard', 'full']
+ filter:
+ description:
+ - Search expression to filter objects by. The provided text should be exactly the same as it would be given in SmartConsole Object Explorer. The
+ logical operators in the expression ('AND', 'OR') should be provided in capital letters. The search involves both a IP search and a textual search in
+ name, comment, tags etc.
+ type: str
+ limit:
+ description:
+ - The maximal number of returned results.
+ This parameter is relevant only for getting few objects.
+ type: int
+ offset:
+ description:
+ - Number of the results to initially skip.
+ This parameter is relevant only for getting few objects.
+ type: int
+ order:
+ description:
+ - Sorts the results by search criteria. Automatically sorts the results by Name, in the ascending order.
+ This parameter is relevant only for getting few objects.
+ type: list
+ elements: dict
+ suboptions:
+ ASC:
+ description:
+ - Sorts results by the given field in ascending order.
+ type: str
+ choices: ['name']
+ DESC:
+ description:
+ - Sorts results by the given field in descending order.
+ type: str
+ choices: ['name']
+ domains_to_process:
+ description:
+ - Indicates which domains to process the commands on. It cannot be used with the details-level full, must be run from the System Domain only and
+ with ignore-warnings true. Valid values are, CURRENT_DOMAIN, ALL_DOMAINS_ON_THIS_SERVER.
+ type: list
+ elements: str
+extends_documentation_fragment: check_point.mgmt.checkpoint_facts
+"""
+
+EXAMPLES = """
+- name: show-idp-administrator-group
+ cp_mgmt_idp_administrator_group_facts:
+ name: my global group
+
+- name: show-idp-administrator-groups
+ cp_mgmt_idp_administrator_group_facts:
+"""
+
+RETURN = """
+ansible_facts:
+ description: The checkpoint object facts.
+ returned: always.
+ type: dict
+"""
+
+from ansible.module_utils.basic import AnsibleModule
+from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_facts, api_call_facts
+
+
+def main():
+ argument_spec = dict(
+ name=dict(type='str'),
+ details_level=dict(type='str', choices=['uid', 'standard', 'full']),
+ filter=dict(type='str'),
+ limit=dict(type='int'),
+ offset=dict(type='int'),
+ order=dict(type='list', elements='dict', options=dict(
+ ASC=dict(type='str', choices=['name']),
+ DESC=dict(type='str', choices=['name'])
+ )),
+ domains_to_process=dict(type='list', elements='str')
+ )
+ argument_spec.update(checkpoint_argument_spec_for_facts)
+
+ module = AnsibleModule(argument_spec=argument_spec, supports_check_mode=True)
+
+ api_call_object = "idp-administrator-group"
+ api_call_object_plural_version = "idp-administrator-groups"
+
+ result = api_call_facts(module, api_call_object, api_call_object_plural_version)
+ module.exit_json(ansible_facts=result)
+
+
+if __name__ == '__main__':
+ main()
diff --git a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_idp_to_domain_assignment_facts.py b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_idp_to_domain_assignment_facts.py
new file mode 100644
index 000000000..41f30a52e
--- /dev/null
+++ b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_idp_to_domain_assignment_facts.py
@@ -0,0 +1,124 @@
+#!/usr/bin/python
+# -*- coding: utf-8 -*-
+#
+# Ansible module to manage CheckPoint Firewall (c) 2019
+#
+# Ansible is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# Ansible is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with Ansible. If not, see <http://www.gnu.org/licenses/>.
+#
+
+from __future__ import (absolute_import, division, print_function)
+
+__metaclass__ = type
+
+ANSIBLE_METADATA = {'metadata_version': '1.1',
+ 'status': ['preview'],
+ 'supported_by': 'community'}
+
+DOCUMENTATION = """
+---
+module: cp_mgmt_idp_to_domain_assignment_facts
+short_description: Get idp-to-domain-assignment objects facts on Checkpoint over Web Services API
+description:
+ - Get idp-to-domain-assignment objects facts on Checkpoint devices.
+ - All operations are performed over Web Services API.
+ - This module handles both operations, get a specific object and get several objects,
+ For getting a specific object use the parameter 'name'.
+version_added: "3.0.0"
+author: "Eden Brillant (@chkp-edenbr)"
+options:
+ assigned_domain:
+ description:
+ - Represents the Domain assigned by 'idp-to-domain-assignment', need to be domain name or UID.
+ type: str
+ details_level:
+ description:
+ - The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed
+ representation of the object.
+ type: str
+ choices: ['uid', 'standard', 'full']
+ limit:
+ description:
+ - The maximal number of returned results.
+ This parameter is relevant only for getting few objects.
+ type: int
+ offset:
+ description:
+ - Number of the results to initially skip.
+ This parameter is relevant only for getting few objects.
+ type: int
+ order:
+ description:
+ - Sorts the results by search criteria. Automatically sorts the results by Name, in the ascending order.
+ This parameter is relevant only for getting few objects.
+ type: list
+ elements: dict
+ suboptions:
+ ASC:
+ description:
+ - Sorts results by the given field in ascending order.
+ type: str
+ choices: ['name']
+ DESC:
+ description:
+ - Sorts results by the given field in descending order.
+ type: str
+ choices: ['name']
+extends_documentation_fragment: check_point.mgmt.checkpoint_facts
+"""
+
+EXAMPLES = """
+- name: show-idp-to-domain-assignment
+ cp_mgmt_idp_to_domain_assignment_facts:
+ assigned_domain: SMS
+
+- name: show-idp-to-domain-assignments
+ cp_mgmt_idp_to_domain_assignment_facts:
+ details_level: full
+"""
+
+RETURN = """
+ansible_facts:
+ description: The checkpoint object facts.
+ returned: always.
+ type: dict
+"""
+
+from ansible.module_utils.basic import AnsibleModule
+from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_facts, api_call_facts
+
+
+def main():
+ argument_spec = dict(
+ assigned_domain=dict(type='str'),
+ details_level=dict(type='str', choices=['uid', 'standard', 'full']),
+ limit=dict(type='int'),
+ offset=dict(type='int'),
+ order=dict(type='list', elements='dict', options=dict(
+ ASC=dict(type='str', choices=['name']),
+ DESC=dict(type='str', choices=['name'])
+ ))
+ )
+ argument_spec.update(checkpoint_argument_spec_for_facts)
+
+ module = AnsibleModule(argument_spec=argument_spec, supports_check_mode=True)
+
+ api_call_object = "idp-to-domain-assignment"
+ api_call_object_plural_version = "idp-to-domain-assignments"
+
+ result = api_call_facts(module, api_call_object, api_call_object_plural_version)
+ module.exit_json(ansible_facts=result)
+
+
+if __name__ == '__main__':
+ main()
diff --git a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_install_database.py b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_install_database.py
new file mode 100644
index 000000000..aba149118
--- /dev/null
+++ b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_install_database.py
@@ -0,0 +1,80 @@
+#!/usr/bin/python
+# -*- coding: utf-8 -*-
+#
+# Ansible module to manage CheckPoint Firewall (c) 2019
+#
+# Ansible is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# Ansible is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with Ansible. If not, see <http://www.gnu.org/licenses/>.
+#
+
+from __future__ import (absolute_import, division, print_function)
+
+__metaclass__ = type
+
+ANSIBLE_METADATA = {'metadata_version': '1.1',
+ 'status': ['preview'],
+ 'supported_by': 'community'}
+
+DOCUMENTATION = """
+---
+module: cp_mgmt_install_database
+short_description: Copies the user database and network objects information to specified targets.
+description:
+ - Copies the user database and network objects information to specified targets.
+ - All operations are performed over Web Services API.
+version_added: "2.1.0"
+author: "Or Soffer (@chkp-orso)"
+options:
+ targets:
+ description:
+ - Check Point host(s) with one or more Management Software Blades enabled. The targets can be identified by their name or unique identifier.
+ type: list
+ elements: str
+extends_documentation_fragment: check_point.mgmt.checkpoint_commands
+"""
+
+EXAMPLES = """
+- name: install-database
+ cp_mgmt_install_database:
+ targets:
+ - checkpointhost1
+ - checkpointhost2
+"""
+
+RETURN = """
+cp_mgmt_install_database:
+ description: The checkpoint install-database output.
+ returned: always.
+ type: dict
+"""
+
+from ansible.module_utils.basic import AnsibleModule
+from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_commands, api_command
+
+
+def main():
+ argument_spec = dict(
+ targets=dict(type='list', elements='str')
+ )
+ argument_spec.update(checkpoint_argument_spec_for_commands)
+
+ module = AnsibleModule(argument_spec=argument_spec)
+
+ command = "install-database"
+
+ result = api_command(module, command)
+ module.exit_json(**result)
+
+
+if __name__ == '__main__':
+ main()
diff --git a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_install_lsm_policy.py b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_install_lsm_policy.py
new file mode 100644
index 000000000..60cc030dd
--- /dev/null
+++ b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_install_lsm_policy.py
@@ -0,0 +1,80 @@
+#!/usr/bin/python
+# -*- coding: utf-8 -*-
+#
+# Ansible module to manage CheckPoint Firewall (c) 2019
+#
+# Ansible is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# Ansible is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with Ansible. If not, see <http://www.gnu.org/licenses/>.
+#
+
+from __future__ import (absolute_import, division, print_function)
+
+__metaclass__ = type
+
+ANSIBLE_METADATA = {'metadata_version': '1.1',
+ 'status': ['preview'],
+ 'supported_by': 'community'}
+
+DOCUMENTATION = """
+---
+module: cp_mgmt_install_lsm_policy
+short_description: Executes the lsm-install-policy on a given list of targets. Install the LSM policy that defined on the attached LSM profile on the targets
+ devices.
+description:
+ - Executes the lsm-install-policy on a given list of targets. Install the LSM policy that defined on the attached LSM profile on the targets devices.
+ - All operations are performed over Web Services API.
+version_added: "3.0.0"
+author: "Shiran Golzar (@chkp-shirango)"
+options:
+ targets:
+ description:
+ - On what targets to execute this command. Targets may be identified by their name, or object unique identifier.
+ type: list
+ elements: str
+extends_documentation_fragment: check_point.mgmt.checkpoint_commands
+"""
+
+EXAMPLES = """
+- name: install-lsm-policy
+ cp_mgmt_install_lsm_policy:
+ targets:
+ - lsm_gateway
+"""
+
+RETURN = """
+cp_mgmt_install_lsm_policy:
+ description: The checkpoint install-lsm-policy output.
+ returned: always.
+ type: dict
+"""
+
+from ansible.module_utils.basic import AnsibleModule
+from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_commands, api_command
+
+
+def main():
+ argument_spec = dict(
+ targets=dict(type='list', elements='str')
+ )
+ argument_spec.update(checkpoint_argument_spec_for_commands)
+
+ module = AnsibleModule(argument_spec=argument_spec)
+
+ command = "install-lsm-policy"
+
+ result = api_command(module, command)
+ module.exit_json(**result)
+
+
+if __name__ == '__main__':
+ main()
diff --git a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_install_lsm_settings.py b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_install_lsm_settings.py
new file mode 100644
index 000000000..53fba12d1
--- /dev/null
+++ b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_install_lsm_settings.py
@@ -0,0 +1,80 @@
+#!/usr/bin/python
+# -*- coding: utf-8 -*-
+#
+# Ansible module to manage CheckPoint Firewall (c) 2019
+#
+# Ansible is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# Ansible is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with Ansible. If not, see <http://www.gnu.org/licenses/>.
+#
+
+from __future__ import (absolute_import, division, print_function)
+
+__metaclass__ = type
+
+ANSIBLE_METADATA = {'metadata_version': '1.1',
+ 'status': ['preview'],
+ 'supported_by': 'community'}
+
+DOCUMENTATION = """
+---
+module: cp_mgmt_install_lsm_settings
+short_description: Executes the lsm-install-settings on a given list of targets. Install the provisioning settings that defined on the object on the targets
+ devices.
+description:
+ - Executes the lsm-install-settings on a given list of targets. Install the provisioning settings that defined on the object on the targets devices.
+ - All operations are performed over Web Services API.
+version_added: "3.0.0"
+author: "Shiran Golzar (@chkp-shirango)"
+options:
+ targets:
+ description:
+ - On what targets to execute this command. Targets may be identified by their name, or object unique identifier.
+ type: list
+ elements: str
+extends_documentation_fragment: check_point.mgmt.checkpoint_commands
+"""
+
+EXAMPLES = """
+- name: install-lsm-settings
+ cp_mgmt_install_lsm_settings:
+ targets:
+ - lsm_gateway
+"""
+
+RETURN = """
+cp_mgmt_install_lsm_settings:
+ description: The checkpoint install-lsm-settings output.
+ returned: always.
+ type: dict
+"""
+
+from ansible.module_utils.basic import AnsibleModule
+from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_commands, api_command
+
+
+def main():
+ argument_spec = dict(
+ targets=dict(type='list', elements='str')
+ )
+ argument_spec.update(checkpoint_argument_spec_for_commands)
+
+ module = AnsibleModule(argument_spec=argument_spec)
+
+ command = "install-lsm-settings"
+
+ result = api_command(module, command)
+ module.exit_json(**result)
+
+
+if __name__ == '__main__':
+ main()
diff --git a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_install_policy.py b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_install_policy.py
new file mode 100644
index 000000000..4a14111d2
--- /dev/null
+++ b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_install_policy.py
@@ -0,0 +1,127 @@
+#!/usr/bin/python
+# -*- coding: utf-8 -*-
+#
+# Ansible module to manage Check Point Firewall (c) 2019
+#
+# Ansible is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# Ansible is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with Ansible. If not, see <http://www.gnu.org/licenses/>.
+#
+
+from __future__ import (absolute_import, division, print_function)
+
+__metaclass__ = type
+
+ANSIBLE_METADATA = {'metadata_version': '1.1',
+ 'status': ['preview'],
+ 'supported_by': 'community'}
+
+DOCUMENTATION = """
+---
+module: cp_mgmt_install_policy
+short_description: install policy on Check Point over Web Services API
+description:
+ - install policy on Check Point over Web Services API
+ - All operations are performed over Web Services API.
+version_added: "1.0.0"
+author: "Or Soffer (@chkp-orso)"
+options:
+ policy_package:
+ description:
+ - The name of the Policy Package to be installed.
+ type: str
+ targets:
+ description:
+ - On what targets to execute this command. Targets may be identified by their name, or object unique identifier.
+ type: list
+ elements: str
+ access:
+ description:
+ - Set to be true in order to install the Access Control policy. By default, the value is true if Access Control policy is enabled on the input
+ policy package, otherwise false.
+ type: bool
+ desktop_security:
+ description:
+ - Set to be true in order to install the Desktop Security policy. By default, the value is true if desktop security policy is enabled on the
+ input policy package, otherwise false.
+ type: bool
+ qos:
+ description:
+ - Set to be true in order to install the QoS policy. By default, the value is true if Quality-of-Service policy is enabled on the input policy
+ package, otherwise false.
+ type: bool
+ threat_prevention:
+ description:
+ - Set to be true in order to install the Threat Prevention policy. By default, the value is true if Threat Prevention policy is enabled on the
+ input policy package, otherwise false.
+ type: bool
+ install_on_all_cluster_members_or_fail:
+ description:
+ - Relevant for the gateway clusters. If true, the policy is installed on all the cluster members. If the installation on a cluster member fails,
+ don't install on that cluster.
+ type: bool
+ prepare_only:
+ description:
+ - If true, prepares the policy for the installation, but doesn't install it on an installation target.
+ type: bool
+ revision:
+ description:
+ - The UID of the revision of the policy to install.
+ type: str
+extends_documentation_fragment: check_point.mgmt.checkpoint_commands
+"""
+
+EXAMPLES = """
+- name: install-policy
+ cp_mgmt_install_policy:
+ access: true
+ policy_package: standard
+ targets:
+ - corporate-gateway
+ threat_prevention: true
+"""
+
+RETURN = """
+cp_mgmt_install_policy:
+ description: The checkpoint install-policy output.
+ returned: always.
+ type: dict
+"""
+
+from ansible.module_utils.basic import AnsibleModule
+from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_commands, api_command
+
+
+def main():
+ argument_spec = dict(
+ policy_package=dict(type='str'),
+ targets=dict(type='list', elements='str'),
+ access=dict(type='bool'),
+ desktop_security=dict(type='bool'),
+ qos=dict(type='bool'),
+ threat_prevention=dict(type='bool'),
+ install_on_all_cluster_members_or_fail=dict(type='bool'),
+ prepare_only=dict(type='bool'),
+ revision=dict(type='str')
+ )
+ argument_spec.update(checkpoint_argument_spec_for_commands)
+
+ module = AnsibleModule(argument_spec=argument_spec)
+
+ command = "install-policy"
+
+ result = api_command(module, command)
+ module.exit_json(**result)
+
+
+if __name__ == '__main__':
+ main()
diff --git a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_install_software_package.py b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_install_software_package.py
new file mode 100644
index 000000000..3a967e6cb
--- /dev/null
+++ b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_install_software_package.py
@@ -0,0 +1,121 @@
+#!/usr/bin/python
+# -*- coding: utf-8 -*-
+#
+# Ansible module to manage CheckPoint Firewall (c) 2019
+#
+# Ansible is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# Ansible is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with Ansible. If not, see <http://www.gnu.org/licenses/>.
+#
+
+from __future__ import (absolute_import, division, print_function)
+
+__metaclass__ = type
+
+ANSIBLE_METADATA = {'metadata_version': '1.1',
+ 'status': ['preview'],
+ 'supported_by': 'community'}
+
+DOCUMENTATION = """
+---
+module: cp_mgmt_install_software_package
+short_description: Installs the software package on target machines.
+description:
+ - Installs the software package on target machines.
+ - All operations are performed over Web Services API.
+version_added: "2.0.0"
+author: "Or Soffer (@chkp-orso)"
+options:
+ name:
+ description:
+ - The name of the software package.
+ type: str
+ targets:
+ description:
+ - On what targets to execute this command. Targets may be identified by their name, or object unique identifier.
+ type: list
+ elements: str
+ cluster_installation_settings:
+ description:
+ - Installation settings for cluster.
+ type: dict
+ suboptions:
+ cluster_delay:
+ description:
+ - The delay between end of installation on one cluster members and start of installation on the next cluster member.
+ type: int
+ cluster_strategy:
+ description:
+ - The cluster installation strategy.
+ type: str
+ concurrency_limit:
+ description:
+ - The number of targets, on which the same package is installed at the same time.
+ type: int
+ method:
+ description:
+ - NOTE, Supported from Check Point version R81
+ - How we want to use the package.
+ type: str
+ choices: ['install', 'upgrade']
+ package_location:
+ description:
+ - NOTE, Supported from Check Point version R81
+ - The package repository.
+ type: str
+ choices: ['automatic', 'target-machine', 'central']
+extends_documentation_fragment: check_point.mgmt.checkpoint_commands
+"""
+
+EXAMPLES = """
+- name: install-software-package
+ cp_mgmt_install_software_package:
+ name: Check_Point_R80_40_JHF_MCD_DEMO_019_MAIN_Bundle_T1_VISIBLE_FULL.tgz
+ package_location: automatic
+ targets.1: corporate-gateway
+"""
+
+RETURN = """
+cp_mgmt_install_software_package:
+ description: The checkpoint install-software-package output.
+ returned: always.
+ type: dict
+"""
+
+from ansible.module_utils.basic import AnsibleModule
+from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_commands, api_command
+
+
+def main():
+ argument_spec = dict(
+ name=dict(type='str'),
+ targets=dict(type='list', elements='str'),
+ cluster_installation_settings=dict(type='dict', options=dict(
+ cluster_delay=dict(type='int'),
+ cluster_strategy=dict(type='str')
+ )),
+ concurrency_limit=dict(type='int'),
+ method=dict(type='str', choices=['install', 'upgrade']),
+ package_location=dict(type='str', choices=['automatic', 'target-machine', 'central'])
+ )
+ argument_spec.update(checkpoint_argument_spec_for_commands)
+
+ module = AnsibleModule(argument_spec=argument_spec)
+
+ command = "install-software-package"
+
+ result = api_command(module, command)
+ module.exit_json(**result)
+
+
+if __name__ == '__main__':
+ main()
diff --git a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_interoperable_device.py b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_interoperable_device.py
new file mode 100644
index 000000000..9416e810e
--- /dev/null
+++ b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_interoperable_device.py
@@ -0,0 +1,319 @@
+#!/usr/bin/python
+# -*- coding: utf-8 -*-
+#
+# Ansible module to manage CheckPoint Firewall (c) 2019
+#
+# Ansible is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# Ansible is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with Ansible. If not, see <http://www.gnu.org/licenses/>.
+#
+
+from __future__ import (absolute_import, division, print_function)
+
+__metaclass__ = type
+
+ANSIBLE_METADATA = {'metadata_version': '1.1',
+ 'status': ['preview'],
+ 'supported_by': 'community'}
+
+DOCUMENTATION = """
+---
+module: cp_mgmt_interoperable_device
+short_description: Manages interoperable-device objects on Checkpoint over Web Services API
+description:
+ - Manages interoperable-device objects on Checkpoint devices including creating, updating and removing objects.
+ - All operations are performed over Web Services API.
+version_added: "3.0.0"
+author: "Eden Brillant (@chkp-edenbr)"
+options:
+ name:
+ description:
+ - Object name.
+ type: str
+ required: True
+ ip_address:
+ description:
+ - IPv4 or IPv6 address.
+ type: str
+ ipv4_address:
+ description:
+ - IPv4 address of the Interoperable Device.
+ type: str
+ ipv6_address:
+ description:
+ - IPv6 address of the Interoperable Device.
+ type: str
+ interfaces:
+ description:
+ - Network interfaces.
+ type: list
+ elements: dict
+ suboptions:
+ name:
+ description:
+ - Object name. Must be unique in the domain.
+ type: str
+ ip_address:
+ description:
+ - IPv4 or IPv6 address. If both addresses are required use ipv4-address and ipv6-address fields explicitly.
+ type: str
+ ipv4_address:
+ description:
+ - IPv4 address.
+ type: str
+ ipv6_address:
+ description:
+ - IPv6 address.
+ type: str
+ network_mask:
+ description:
+ - IPv4 or IPv6 network mask. If both masks are required use ipv4-network-mask and ipv6-network-mask fields explicitly. Instead of
+ providing mask itself it is possible to specify IPv4 or IPv6 mask length in mask-length field. If both masks length are required use
+ ipv4-mask-length and ipv6-mask-length fields explicitly.
+ type: str
+ ipv4_network_mask:
+ description:
+ - IPv4 network address.
+ type: str
+ ipv6_network_mask:
+ description:
+ - IPv6 network address.
+ type: str
+ mask_length:
+ description:
+ - IPv4 or IPv6 network mask length.
+ type: str
+ ipv4_mask_length:
+ description:
+ - IPv4 network mask length.
+ type: str
+ ipv6_mask_length:
+ description:
+ - IPv6 network mask length.
+ type: str
+ tags:
+ description:
+ - Collection of tag identifiers.
+ type: list
+ elements: str
+ topology:
+ description:
+ - Topology configuration.
+ type: str
+ choices: ['external', 'internal']
+ topology_settings:
+ description:
+ - Internal topology settings.
+ type: dict
+ suboptions:
+ interface_leads_to_dmz:
+ description:
+ - Whether this interface leads to demilitarized zone (perimeter network).
+ type: bool
+ ip_address_behind_this_interface:
+ description:
+ - Network settings behind this interface.
+ type: str
+ choices: ['not defined', 'network defined by the interface ip and net mask', 'network defined by routing', 'specific']
+ specific_network:
+ description:
+ - Network behind this interface.
+ type: str
+ color:
+ description:
+ - Color of the object. Should be one of existing colors.
+ type: str
+ choices: ['aquamarine', 'black', 'blue', 'crete blue', 'burlywood', 'cyan', 'dark green', 'khaki', 'orchid', 'dark orange',
+ 'dark sea green', 'pink', 'turquoise', 'dark blue', 'firebrick', 'brown', 'forest green', 'gold', 'dark gold', 'gray', 'dark gray',
+ 'light green', 'lemon chiffon', 'coral', 'sea green', 'sky blue', 'magenta', 'purple', 'slate blue', 'violet red', 'navy blue', 'olive',
+ 'orange', 'red', 'sienna', 'yellow']
+ comments:
+ description:
+ - Comments string.
+ type: str
+ details_level:
+ description:
+ - The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed
+ representation of the object.
+ type: str
+ choices: ['uid', 'standard', 'full']
+ domains_to_process:
+ description:
+ - Indicates which domains to process the commands on. It cannot be used with the details-level full, must be run from the System Domain
+ only and with ignore-warnings true. Valid values are, CURRENT_DOMAIN, ALL_DOMAINS_ON_THIS_SERVER.
+ type: list
+ elements: str
+ ignore_warnings:
+ description:
+ - Apply changes ignoring warnings.
+ type: bool
+ ignore_errors:
+ description:
+ - Apply changes ignoring errors. You won't be able to publish such a changes. If ignore-warnings flag was omitted - warnings will also be ignored.
+ type: bool
+ vpn_settings:
+ description:
+ - VPN domain properties for the Interoperable Device.
+ type: dict
+ suboptions:
+ vpn_domain:
+ description:
+ - Network group representing the customized encryption domain. Must be set when vpn-domain-type is set to 'manual' option.
+ type: str
+ vpn_domain_exclude_external_ip_addresses:
+ description:
+ - Exclude the external IP addresses from the VPN domain of this Interoperable device.
+ type: bool
+ vpn_domain_type:
+ description:
+ - Indicates the encryption domain.
+ type: str
+ choices: ['manual', 'addresses_behind_gw']
+ tags:
+ description:
+ - Collection of tag identifiers.
+ type: list
+ elements: str
+ color:
+ description:
+ - Color of the object. Should be one of existing colors.
+ type: str
+ choices: ['aquamarine', 'black', 'blue', 'crete blue', 'burlywood', 'cyan', 'dark green', 'khaki', 'orchid', 'dark orange', 'dark sea green',
+ 'pink', 'turquoise', 'dark blue', 'firebrick', 'brown', 'forest green', 'gold', 'dark gold', 'gray', 'dark gray', 'light green', 'lemon chiffon',
+ 'coral', 'sea green', 'sky blue', 'magenta', 'purple', 'slate blue', 'violet red', 'navy blue', 'olive', 'orange', 'red', 'sienna', 'yellow']
+ comments:
+ description:
+ - Comments string.
+ type: str
+ details_level:
+ description:
+ - The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed
+ representation of the object.
+ type: str
+ choices: ['uid', 'standard', 'full']
+ domains_to_process:
+ description:
+ - Indicates which domains to process the commands on. It cannot be used with the details-level full, must be run from the System Domain only and
+ with ignore-warnings true. Valid values are, CURRENT_DOMAIN, ALL_DOMAINS_ON_THIS_SERVER.
+ type: list
+ elements: str
+ ignore_warnings:
+ description:
+ - Apply changes ignoring warnings.
+ type: bool
+ groups:
+ description:
+ - Collection of group identifiers.
+ type: list
+ elements: str
+ ignore_errors:
+ description:
+ - Apply changes ignoring errors. You won't be able to publish such a changes. If ignore-warnings flag was omitted - warnings will also be ignored.
+ type: bool
+extends_documentation_fragment: check_point.mgmt.checkpoint_objects
+"""
+
+EXAMPLES = """
+- name: add-interoperable-device
+ cp_mgmt_interoperable_device:
+ ip_address: 192.168.1.6
+ name: NewInteroperableDevice
+ state: present
+
+- name: set-interoperable-device
+ cp_mgmt_interoperable_device:
+ ip_address: 192.168.1.6
+ name: NewInteroperableDevice
+ state: present
+
+- name: delete-interoperable-device
+ cp_mgmt_interoperable_device:
+ name: NewInteroperableDevice
+ state: absent
+"""
+
+RETURN = """
+cp_mgmt_interoperable_device:
+ description: The checkpoint object created or updated.
+ returned: always, except when deleting the object.
+ type: dict
+"""
+
+from ansible.module_utils.basic import AnsibleModule
+from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_objects, api_call
+
+
+def main():
+ argument_spec = dict(
+ name=dict(type='str', required=True),
+ ip_address=dict(type='str'),
+ ipv4_address=dict(type='str'),
+ ipv6_address=dict(type='str'),
+ interfaces=dict(type='list', elements='dict', options=dict(
+ name=dict(type='str'),
+ ip_address=dict(type='str'),
+ ipv4_address=dict(type='str'),
+ ipv6_address=dict(type='str'),
+ network_mask=dict(type='str'),
+ ipv4_network_mask=dict(type='str'),
+ ipv6_network_mask=dict(type='str'),
+ mask_length=dict(type='str'),
+ ipv4_mask_length=dict(type='str'),
+ ipv6_mask_length=dict(type='str'),
+ tags=dict(type='list', elements='str'),
+ topology=dict(type='str', choices=['external', 'internal']),
+ topology_settings=dict(type='dict', options=dict(
+ interface_leads_to_dmz=dict(type='bool'),
+ ip_address_behind_this_interface=dict(type='str', choices=['not defined', 'network defined by the interface ip and net mask',
+ 'network defined by routing', 'specific']),
+ specific_network=dict(type='str')
+ )),
+ color=dict(type='str', choices=['aquamarine', 'black', 'blue', 'crete blue', 'burlywood', 'cyan',
+ 'dark green', 'khaki', 'orchid', 'dark orange', 'dark sea green', 'pink', 'turquoise', 'dark blue', 'firebrick',
+ 'brown', 'forest green', 'gold', 'dark gold', 'gray', 'dark gray', 'light green', 'lemon chiffon', 'coral',
+ 'sea green', 'sky blue', 'magenta', 'purple', 'slate blue', 'violet red', 'navy blue', 'olive', 'orange', 'red',
+ 'sienna', 'yellow']),
+ comments=dict(type='str'),
+ details_level=dict(type='str', choices=['uid', 'standard', 'full']),
+ domains_to_process=dict(type='list', elements='str'),
+ ignore_warnings=dict(type='bool'),
+ ignore_errors=dict(type='bool')
+ )),
+ vpn_settings=dict(type='dict', options=dict(
+ vpn_domain=dict(type='str'),
+ vpn_domain_exclude_external_ip_addresses=dict(type='bool'),
+ vpn_domain_type=dict(type='str', choices=['manual', 'addresses_behind_gw'])
+ )),
+ tags=dict(type='list', elements='str'),
+ color=dict(type='str', choices=['aquamarine', 'black', 'blue', 'crete blue', 'burlywood', 'cyan', 'dark green',
+ 'khaki', 'orchid', 'dark orange', 'dark sea green', 'pink', 'turquoise', 'dark blue', 'firebrick', 'brown',
+ 'forest green', 'gold', 'dark gold', 'gray', 'dark gray', 'light green', 'lemon chiffon', 'coral', 'sea green',
+ 'sky blue', 'magenta', 'purple', 'slate blue', 'violet red', 'navy blue', 'olive', 'orange', 'red', 'sienna',
+ 'yellow']),
+ comments=dict(type='str'),
+ details_level=dict(type='str', choices=['uid', 'standard', 'full']),
+ domains_to_process=dict(type='list', elements='str'),
+ ignore_warnings=dict(type='bool'),
+ groups=dict(type='list', elements='str'),
+ ignore_errors=dict(type='bool')
+ )
+ argument_spec.update(checkpoint_argument_spec_for_objects)
+
+ module = AnsibleModule(argument_spec=argument_spec, supports_check_mode=True)
+ api_call_object = 'interoperable-device'
+
+ result = api_call(module, api_call_object)
+ module.exit_json(**result)
+
+
+if __name__ == '__main__':
+ main()
diff --git a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_interoperable_device_facts.py b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_interoperable_device_facts.py
new file mode 100644
index 000000000..bbc70da9d
--- /dev/null
+++ b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_interoperable_device_facts.py
@@ -0,0 +1,138 @@
+#!/usr/bin/python
+# -*- coding: utf-8 -*-
+#
+# Ansible module to manage CheckPoint Firewall (c) 2019
+#
+# Ansible is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# Ansible is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with Ansible. If not, see <http://www.gnu.org/licenses/>.
+#
+
+from __future__ import (absolute_import, division, print_function)
+
+__metaclass__ = type
+
+ANSIBLE_METADATA = {'metadata_version': '1.1',
+ 'status': ['preview'],
+ 'supported_by': 'community'}
+
+DOCUMENTATION = """
+---
+module: cp_mgmt_interoperable_device_facts
+short_description: Get interoperable-device objects facts on Checkpoint over Web Services API
+description:
+ - Get interoperable-device objects facts on Checkpoint devices.
+ - All operations are performed over Web Services API.
+ - This module handles both operations, get a specific object and get several objects,
+ For getting a specific object use the parameter 'name'.
+version_added: "3.0.0"
+author: "Eden Brillant (@chkp-edenbr)"
+options:
+ name:
+ description:
+ - Object name.
+ This parameter is relevant only for getting a specific object.
+ type: str
+ details_level:
+ description:
+ - The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed
+ representation of the object.
+ type: str
+ choices: ['uid', 'standard', 'full']
+ filter:
+ description:
+ - Search expression to filter objects by. The provided text should be exactly the same as it would be given in SmartConsole Object Explorer. The
+ logical operators in the expression ('AND', 'OR') should be provided in capital letters. The search involves both a IP search and a textual search in
+ name, comment, tags etc.
+ type: str
+ limit:
+ description:
+ - The maximal number of returned results.
+ This parameter is relevant only for getting few objects.
+ type: int
+ offset:
+ description:
+ - Number of the results to initially skip.
+ This parameter is relevant only for getting few objects.
+ type: int
+ order:
+ description:
+ - Sorts the results by search criteria. Automatically sorts the results by Name, in the ascending order.
+ This parameter is relevant only for getting few objects.
+ type: list
+ elements: dict
+ suboptions:
+ ASC:
+ description:
+ - Sorts results by the given field in ascending order.
+ type: str
+ choices: ['name']
+ DESC:
+ description:
+ - Sorts results by the given field in descending order.
+ type: str
+ choices: ['name']
+ domains_to_process:
+ description:
+ - Indicates which domains to process the commands on. It cannot be used with the details-level full, must be run from the System Domain only and
+ with ignore-warnings true. Valid values are, CURRENT_DOMAIN, ALL_DOMAINS_ON_THIS_SERVER.
+ type: list
+ elements: str
+extends_documentation_fragment: check_point.mgmt.checkpoint_facts
+"""
+
+EXAMPLES = """
+- name: show-interoperable-device
+ cp_mgmt_interoperable_device_facts:
+ name: NewInteroperableDevice
+
+- name: show-interoperable-devices
+ cp_mgmt_interoperable_device_facts:
+"""
+
+RETURN = """
+ansible_facts:
+ description: The checkpoint object facts.
+ returned: always.
+ type: dict
+"""
+
+from ansible.module_utils.basic import AnsibleModule
+from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_facts, api_call_facts
+
+
+def main():
+ argument_spec = dict(
+ name=dict(type='str'),
+ details_level=dict(type='str', choices=['uid', 'standard', 'full']),
+ filter=dict(type='str'),
+ limit=dict(type='int'),
+ offset=dict(type='int'),
+ order=dict(type='list', elements='dict', options=dict(
+ ASC=dict(type='str', choices=['name']),
+ DESC=dict(type='str', choices=['name'])
+ )),
+ domains_to_process=dict(type='list', elements='str')
+ )
+ argument_spec.update(checkpoint_argument_spec_for_facts)
+
+ module = AnsibleModule(argument_spec=argument_spec, supports_check_mode=True)
+
+ api_call_object = "interoperable-device"
+ api_call_object_plural_version = "interoperable-devices"
+
+ result = api_call_facts(module, api_call_object, api_call_object_plural_version)
+ module.exit_json(ansible_facts=result)
+
+
+if __name__ == '__main__':
+ main()
diff --git a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_lsm_cluster.py b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_lsm_cluster.py
new file mode 100644
index 000000000..422d31424
--- /dev/null
+++ b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_lsm_cluster.py
@@ -0,0 +1,286 @@
+#!/usr/bin/python
+# -*- coding: utf-8 -*-
+#
+# Ansible module to manage CheckPoint Firewall (c) 2019
+#
+# Ansible is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# Ansible is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with Ansible. If not, see <http://www.gnu.org/licenses/>.
+#
+
+from __future__ import (absolute_import, division, print_function)
+
+__metaclass__ = type
+
+ANSIBLE_METADATA = {'metadata_version': '1.1',
+ 'status': ['preview'],
+ 'supported_by': 'community'}
+
+DOCUMENTATION = """
+---
+module: cp_mgmt_lsm_cluster
+short_description: Manages lsm-cluster objects on Checkpoint over Web Services API
+description:
+ - Manages lsm-cluster objects on Checkpoint devices including creating, updating and removing objects.
+ - All operations are performed over Web Services API.
+version_added: "2.3.0"
+author: "Shiran Golzar (@chkp-shirango)"
+options:
+ main_ip_address:
+ description:
+ - Main IP address.
+ type: str
+ name_prefix:
+ description:
+ - A prefix added to the profile name and creates the LSM cluster name.
+ type: str
+ name_suffix:
+ description:
+ - A suffix added to the profile name and creates the LSM cluster name.
+ type: str
+ security_profile:
+ description:
+ - LSM profile.
+ type: str
+ required: True
+ interfaces:
+ description:
+ - Interfaces.
+ type: list
+ elements: dict
+ suboptions:
+ name:
+ description:
+ - Interface name.
+ type: str
+ ip_address_override:
+ description:
+ - IP address override. Net mask is defined by the attached LSM profile.
+ type: str
+ member_network_override:
+ description:
+ - Member network override. Net mask is defined by the attached LSM profile.
+ type: str
+ members:
+ description:
+ - Members.
+ type: list
+ elements: dict
+ suboptions:
+ name:
+ description:
+ - Object name.
+ type: str
+ provisioning_settings:
+ description:
+ - Provisioning settings. This field is relevant just for SMB clusters.
+ type: dict
+ suboptions:
+ provisioning_profile:
+ description:
+ - Provisioning profile.
+ type: str
+ provisioning_state:
+ description:
+ - Provisioning state. This field is relevant just for SMB clusters. By default the state is 'manual'- enable provisioning but not attach
+ to profile.If 'using-profile' state is provided a provisioning profile must be provided in provisioning-settings.
+ type: str
+ choices: ['off', 'manual', 'using-profile']
+ sic:
+ description:
+ - Secure Internal Communication.
+ type: dict
+ suboptions:
+ ip_address:
+ description:
+ - IP address. When IP address is provided- initiate trusted communication immediately using this IP address.
+ type: str
+ one_time_password:
+ description:
+ - One-time password. When one-time password is provided without ip-address- trusted communication is
+ automatically initiated when the gateway connects to the Security Management server for the first time.
+ type: str
+ tags:
+ description:
+ - Collection of tag identifiers.
+ type: list
+ elements: str
+ color:
+ description:
+ - Color of the object. Should be one of existing colors.
+ type: str
+ choices: ['aquamarine', 'black', 'blue', 'crete blue', 'burlywood', 'cyan', 'dark green', 'khaki', 'orchid', 'dark orange',
+ 'dark sea green', 'pink', 'turquoise', 'dark blue', 'firebrick', 'brown', 'forest green', 'gold', 'dark gold', 'gray', 'dark gray',
+ 'light green', 'lemon chiffon', 'coral', 'sea green', 'sky blue', 'magenta', 'purple', 'slate blue', 'violet red', 'navy blue', 'olive',
+ 'orange', 'red', 'sienna', 'yellow']
+ comments:
+ description:
+ - Comments string.
+ type: str
+ color:
+ description:
+ - Color of the object. Should be one of existing colors.
+ type: str
+ choices: ['aquamarine', 'black', 'blue', 'crete blue', 'burlywood', 'cyan', 'dark green', 'khaki', 'orchid', 'dark orange', 'dark sea green',
+ 'pink', 'turquoise', 'dark blue', 'firebrick', 'brown', 'forest green', 'gold', 'dark gold', 'gray', 'dark gray', 'light green', 'lemon chiffon',
+ 'coral', 'sea green', 'sky blue', 'magenta', 'purple', 'slate blue', 'violet red', 'navy blue', 'olive', 'orange', 'red', 'sienna', 'yellow']
+ comments:
+ description:
+ - Comments string.
+ type: str
+ details_level:
+ description:
+ - The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed
+ representation of the object.
+ type: str
+ choices: ['uid', 'standard', 'full']
+ ignore_warnings:
+ description:
+ - Apply changes ignoring warnings.
+ type: bool
+ ignore_errors:
+ description:
+ - Apply changes ignoring errors. You won't be able to publish such a changes. If ignore-warnings flag was omitted - warnings will also be ignored.
+ type: bool
+extends_documentation_fragment: check_point.mgmt.checkpoint_objects
+"""
+
+EXAMPLES = """
+- name: add-lsm-cluster
+ cp_mgmt_lsm_cluster:
+ interfaces:
+ - ip_address_override: 192.168.8.197
+ member_network_override: 192.168.8.0
+ name: eth0
+ new_name: WAN
+ - ip_address_override: 10.8.197.1
+ member_network_override: 10.8.197.0
+ name: eth1
+ new_name: LAN1
+ - member_network_override: 10.10.10.0
+ name: eth2
+ main_ip_address: 192.168.8.197
+ members:
+ - name: Gaia_gw1
+ sic:
+ ip_address: 192.168.8.200
+ one_time_password: aaaa
+ - name: Gaia_gw2
+ sic:
+ ip_address: 192.168.8.202
+ one_time_password: aaaa
+ name_prefix: Gaia_
+ security_profile: gaia_cluster
+ state: present
+
+- name: set-lsm-cluster
+ cp_mgmt_lsm_cluster:
+ interfaces:
+ - ip_address_override: 192.168.8.197
+ member_network_override: 192.168.8.0
+ name: eth0
+ new_name: WAN
+ - ip_address_override: 10.8.197.1
+ member_network_override: 10.8.197.0
+ name: eth1
+ new_name: LAN1
+ - member_network_override: 10.10.10.0
+ name: eth2
+ members:
+ - name: Gaia_gw1
+ sic:
+ ip_address: 192.168.8.200
+ one_time_password: aaaa
+ - name: Gaia_gw2
+ sic:
+ ip_address: 192.168.8.202
+ one_time_password: aaaa
+ name: Gaia_gaia_cluster
+ state: present
+
+- name: delete-lsm-cluster
+ cp_mgmt_lsm_cluster:
+ name: lsm_cluster
+ state: absent
+"""
+
+RETURN = """
+cp_mgmt_lsm_cluster:
+ description: The checkpoint object created or updated.
+ returned: always, except when deleting the object.
+ type: dict
+"""
+
+from ansible.module_utils.basic import AnsibleModule
+from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_objects, api_call
+
+
+def main():
+ argument_spec = dict(
+ main_ip_address=dict(type='str'),
+ name_prefix=dict(type='str'),
+ name_suffix=dict(type='str'),
+ security_profile=dict(type='str', required=True),
+ interfaces=dict(type='list', elements='dict', options=dict(
+ name=dict(type='str'),
+ ip_address_override=dict(type='str'),
+ member_network_override=dict(type='str')
+ )),
+ members=dict(type='list', elements='dict', options=dict(
+ name=dict(type='str'),
+ provisioning_settings=dict(type='dict', options=dict(
+ provisioning_profile=dict(type='str')
+ )),
+ provisioning_state=dict(type='str', choices=['off', 'manual', 'using-profile']),
+ sic=dict(type='dict', options=dict(
+ ip_address=dict(type='str'),
+ one_time_password=dict(type='str', no_log=True)
+ )),
+ tags=dict(type='list', elements='str'),
+ color=dict(type='str', choices=['aquamarine', 'black', 'blue', 'crete blue', 'burlywood', 'cyan',
+ 'dark green', 'khaki', 'orchid', 'dark orange', 'dark sea green', 'pink', 'turquoise', 'dark blue', 'firebrick',
+ 'brown', 'forest green', 'gold', 'dark gold', 'gray', 'dark gray', 'light green', 'lemon chiffon', 'coral',
+ 'sea green', 'sky blue', 'magenta', 'purple', 'slate blue', 'violet red', 'navy blue', 'olive', 'orange', 'red',
+ 'sienna', 'yellow']),
+ comments=dict(type='str')
+ )),
+ color=dict(type='str', choices=['aquamarine', 'black', 'blue', 'crete blue', 'burlywood', 'cyan', 'dark green',
+ 'khaki', 'orchid', 'dark orange', 'dark sea green', 'pink', 'turquoise', 'dark blue', 'firebrick', 'brown',
+ 'forest green', 'gold', 'dark gold', 'gray', 'dark gray', 'light green', 'lemon chiffon', 'coral', 'sea green',
+ 'sky blue', 'magenta', 'purple', 'slate blue', 'violet red', 'navy blue', 'olive', 'orange', 'red', 'sienna',
+ 'yellow']),
+ comments=dict(type='str'),
+ details_level=dict(type='str', choices=['uid', 'standard', 'full']),
+ ignore_warnings=dict(type='bool'),
+ ignore_errors=dict(type='bool'),
+ )
+ argument_spec.update(checkpoint_argument_spec_for_objects)
+
+ module = AnsibleModule(argument_spec=argument_spec, supports_check_mode=True)
+
+ # Create lsm-cluster name
+ name = module.params['security_profile']
+
+ if module.params['name_prefix']:
+ name = module.params['name_prefix'] + name
+ if module.params['name_suffix']:
+ name = name + module.params['name_suffix']
+ module.params['name'] = name
+
+ api_call_object = 'lsm-cluster'
+
+ result = api_call(module, api_call_object)
+ module.exit_json(**result)
+
+
+if __name__ == '__main__':
+ main()
diff --git a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_lsm_cluster_facts.py b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_lsm_cluster_facts.py
new file mode 100644
index 000000000..1c7fbec44
--- /dev/null
+++ b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_lsm_cluster_facts.py
@@ -0,0 +1,146 @@
+#!/usr/bin/python
+# -*- coding: utf-8 -*-
+#
+# Ansible module to manage CheckPoint Firewall (c) 2019
+#
+# Ansible is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# Ansible is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with Ansible. If not, see <http://www.gnu.org/licenses/>.
+#
+
+from __future__ import (absolute_import, division, print_function)
+
+__metaclass__ = type
+
+ANSIBLE_METADATA = {'metadata_version': '1.1',
+ 'status': ['preview'],
+ 'supported_by': 'community'}
+
+DOCUMENTATION = """
+---
+module: cp_mgmt_lsm_cluster_facts
+short_description: Get lsm-cluster objects facts on Checkpoint over Web Services API
+description:
+ - Get lsm-cluster objects facts on Checkpoint devices.
+ - All operations are performed over Web Services API.
+ - This module handles both operations, get a specific object and get several objects,
+ For getting a specific object use the parameter 'name'.
+version_added: "2.3.0"
+author: "Shiran Golzar (@chkp-shirango)"
+options:
+ name:
+ description:
+ - Object name.
+ This parameter is relevant only for getting a specific object.
+ type: str
+ details_level:
+ description:
+ - The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed
+ representation of the object.
+ type: str
+ choices: ['uid', 'standard', 'full']
+ filter:
+ description:
+ - Search expression to filter objects by. The provided text should be exactly the same as it would be given in SmartConsole Object Explorer. The
+ logical operators in the expression ('AND', 'OR') should be provided in capital letters. The search involves both a IP search and a textual search in
+ name, comment, tags etc.
+ type: str
+ limit:
+ description:
+ - The maximal number of returned results.
+ This parameter is relevant only for getting few objects.
+ type: int
+ offset:
+ description:
+ - Number of the results to initially skip.
+ This parameter is relevant only for getting few objects.
+ type: int
+ order:
+ description:
+ - Sorts the results by search criteria. Automatically sorts the results by Name, in the ascending order.
+ This parameter is relevant only for getting few objects.
+ type: list
+ elements: dict
+ suboptions:
+ ASC:
+ description:
+ - Sorts results by the given field in ascending order.
+ type: str
+ choices: ['name']
+ DESC:
+ description:
+ - Sorts results by the given field in descending order.
+ type: str
+ choices: ['name']
+ show_membership:
+ description:
+ - Indicates whether to calculate and show "groups" field for every object in reply.
+ type: bool
+ domains_to_process:
+ description:
+ - Indicates which domains to process the commands on. It cannot be used with the details-level full, must be run from the System Domain only and
+ with ignore-warnings true. Valid values are, CURRENT_DOMAIN, ALL_DOMAINS_ON_THIS_SERVER.
+ type: list
+ elements: str
+extends_documentation_fragment: check_point.mgmt.checkpoint_facts
+"""
+
+EXAMPLES = """
+- name: show-lsm-cluster
+ cp_mgmt_lsm_cluster_facts:
+ name: lsm_cluster
+
+- name: show-lsm-clusters
+ cp_mgmt_lsm_cluster_facts:
+ details_level: standard
+ limit: 50
+ offset: 0
+"""
+
+RETURN = """
+ansible_facts:
+ description: The checkpoint object facts.
+ returned: always.
+ type: dict
+"""
+
+from ansible.module_utils.basic import AnsibleModule
+from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_facts, api_call_facts
+
+
+def main():
+ argument_spec = dict(
+ name=dict(type='str'),
+ details_level=dict(type='str', choices=['uid', 'standard', 'full']),
+ filter=dict(type='str'),
+ limit=dict(type='int'),
+ offset=dict(type='int'),
+ order=dict(type='list', elements='dict', options=dict(
+ ASC=dict(type='str', choices=['name']),
+ DESC=dict(type='str', choices=['name'])
+ )),
+ show_membership=dict(type='bool'),
+ domains_to_process=dict(type='list', elements='str')
+ )
+ argument_spec.update(checkpoint_argument_spec_for_facts)
+
+ module = AnsibleModule(argument_spec=argument_spec, supports_check_mode=True)
+
+ api_call_object = "lsm-cluster"
+ api_call_object_plural_version = "lsm-clusters"
+
+ result = api_call_facts(module, api_call_object, api_call_object_plural_version)
+ module.exit_json(ansible_facts=result)
+
+
+if __name__ == '__main__':
+ main()
diff --git a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_lsm_cluster_profile_facts.py b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_lsm_cluster_profile_facts.py
new file mode 100644
index 000000000..384c5b218
--- /dev/null
+++ b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_lsm_cluster_profile_facts.py
@@ -0,0 +1,146 @@
+#!/usr/bin/python
+# -*- coding: utf-8 -*-
+#
+# Ansible module to manage CheckPoint Firewall (c) 2019
+#
+# Ansible is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# Ansible is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with Ansible. If not, see <http://www.gnu.org/licenses/>.
+#
+
+from __future__ import (absolute_import, division, print_function)
+
+__metaclass__ = type
+
+ANSIBLE_METADATA = {'metadata_version': '1.1',
+ 'status': ['preview'],
+ 'supported_by': 'community'}
+
+DOCUMENTATION = """
+---
+module: cp_mgmt_lsm_cluster_profile_facts
+short_description: Get lsm-cluster-profile objects facts on Checkpoint over Web Services API
+description:
+ - Get lsm-cluster-profile objects facts on Checkpoint devices.
+ - All operations are performed over Web Services API.
+ - This module handles both operations, get a specific object and get several objects,
+ For getting a specific object use the parameter 'name'.
+version_added: "3.0.0"
+author: "Shiran Golzar (@chkp-shirango)"
+options:
+ name:
+ description:
+ - Object name.
+ This parameter is relevant only for getting a specific object.
+ type: str
+ details_level:
+ description:
+ - The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed
+ representation of the object.
+ type: str
+ choices: ['uid', 'standard', 'full']
+ filter:
+ description:
+ - Search expression to filter objects by. The provided text should be exactly the same as it would be given in SmartConsole Object Explorer. The
+ logical operators in the expression ('AND', 'OR') should be provided in capital letters. The search involves both a IP search and a textual search in
+ name, comment, tags etc.
+ type: str
+ limit:
+ description:
+ - The maximal number of returned results.
+ This parameter is relevant only for getting few objects.
+ type: int
+ offset:
+ description:
+ - Number of the results to initially skip.
+ This parameter is relevant only for getting few objects.
+ type: int
+ order:
+ description:
+ - Sorts the results by search criteria. Automatically sorts the results by Name, in the ascending order.
+ This parameter is relevant only for getting few objects.
+ type: list
+ elements: dict
+ suboptions:
+ ASC:
+ description:
+ - Sorts results by the given field in ascending order.
+ type: str
+ choices: ['name']
+ DESC:
+ description:
+ - Sorts results by the given field in descending order.
+ type: str
+ choices: ['name']
+ show_membership:
+ description:
+ - Indicates whether to calculate and show "groups" field for every object in reply.
+ type: bool
+ domains_to_process:
+ description:
+ - Indicates which domains to process the commands on. It cannot be used with the details-level full, must be run from the System Domain only and
+ with ignore-warnings true. Valid values are, CURRENT_DOMAIN, ALL_DOMAINS_ON_THIS_SERVER.
+ type: list
+ elements: str
+extends_documentation_fragment: check_point.mgmt.checkpoint_facts
+"""
+
+EXAMPLES = """
+- name: show-lsm-cluster-profile
+ cp_mgmt_lsm_cluster_profile_facts:
+ name: cluster_profile
+
+- name: show-lsm-cluster-profiles
+ cp_mgmt_lsm_cluster_profile_facts:
+ details_level: standard
+ limit: 50
+ offset: 0
+"""
+
+RETURN = """
+ansible_facts:
+ description: The checkpoint object facts.
+ returned: always.
+ type: dict
+"""
+
+from ansible.module_utils.basic import AnsibleModule
+from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_facts, api_call_facts
+
+
+def main():
+ argument_spec = dict(
+ name=dict(type='str'),
+ details_level=dict(type='str', choices=['uid', 'standard', 'full']),
+ filter=dict(type='str'),
+ limit=dict(type='int'),
+ offset=dict(type='int'),
+ order=dict(type='list', elements='dict', options=dict(
+ ASC=dict(type='str', choices=['name']),
+ DESC=dict(type='str', choices=['name'])
+ )),
+ show_membership=dict(type='bool'),
+ domains_to_process=dict(type='list', elements='str')
+ )
+ argument_spec.update(checkpoint_argument_spec_for_facts)
+
+ module = AnsibleModule(argument_spec=argument_spec, supports_check_mode=True)
+
+ api_call_object = "lsm-cluster-profile"
+ api_call_object_plural_version = "lsm-cluster-profiles"
+
+ result = api_call_facts(module, api_call_object, api_call_object_plural_version)
+ module.exit_json(ansible_facts=result)
+
+
+if __name__ == '__main__':
+ main()
diff --git a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_lsm_gateway.py b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_lsm_gateway.py
new file mode 100644
index 000000000..21fc7ce5a
--- /dev/null
+++ b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_lsm_gateway.py
@@ -0,0 +1,178 @@
+#!/usr/bin/python
+# -*- coding: utf-8 -*-
+#
+# Ansible module to manage CheckPoint Firewall (c) 2019
+#
+# Ansible is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# Ansible is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with Ansible. If not, see <http://www.gnu.org/licenses/>.
+#
+
+from __future__ import (absolute_import, division, print_function)
+
+__metaclass__ = type
+
+ANSIBLE_METADATA = {'metadata_version': '1.1',
+ 'status': ['preview'],
+ 'supported_by': 'community'}
+
+DOCUMENTATION = """
+---
+module: cp_mgmt_lsm_gateway
+short_description: Manages lsm-gateway objects on Checkpoint over Web Services API
+description:
+ - Manages lsm-gateway objects on Checkpoint devices including creating, updating and removing objects.
+ - All operations are performed over Web Services API.
+version_added: "2.3.0"
+author: "Shiran Golzar (@chkp-shirango)"
+options:
+ name:
+ description:
+ - Object name.
+ type: str
+ required: True
+ security_profile:
+ description:
+ - LSM profile.
+ type: str
+ provisioning_settings:
+ description:
+ - Provisioning settings.
+ type: dict
+ suboptions:
+ provisioning_profile:
+ description:
+ - Provisioning profile.
+ type: str
+ provisioning_state:
+ description:
+ - Provisioning state. By default the state is 'manual'- enable provisioning but not attach to profile.
+ - If 'using-profile' state is provided a provisioning profile must be provided in provisioning-settings.
+ type: str
+ choices: ['off', 'manual', 'using-profile']
+ sic:
+ description:
+ - Secure Internal Communication.
+ type: dict
+ suboptions:
+ ip_address:
+ description:
+ - IP address. When IP address is provided- initiate trusted communication immediately using this IP address.
+ type: str
+ one_time_password:
+ description:
+ - One-time password. When one-time password is provided without ip-address- trusted communication is automatically initiated when the
+ gateway connects to the Security Management server for the first time.
+ type: str
+ color:
+ description:
+ - Color of the object. Should be one of existing colors.
+ type: str
+ choices: ['aquamarine', 'black', 'blue', 'crete blue', 'burlywood', 'cyan', 'dark green', 'khaki', 'orchid', 'dark orange', 'dark sea green',
+ 'pink', 'turquoise', 'dark blue', 'firebrick', 'brown', 'forest green', 'gold', 'dark gold', 'gray', 'dark gray', 'light green', 'lemon chiffon',
+ 'coral', 'sea green', 'sky blue', 'magenta', 'purple', 'slate blue', 'violet red', 'navy blue', 'olive', 'orange', 'red', 'sienna', 'yellow']
+ comments:
+ description:
+ - Comments string.
+ type: str
+ details_level:
+ description:
+ - The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed
+ representation of the object.
+ type: str
+ choices: ['uid', 'standard', 'full']
+ ignore_warnings:
+ description:
+ - Apply changes ignoring warnings.
+ type: bool
+ ignore_errors:
+ description:
+ - Apply changes ignoring errors. You won't be able to publish such a changes. If ignore-warnings flag was omitted - warnings will also be ignored.
+ type: bool
+extends_documentation_fragment: check_point.mgmt.checkpoint_objects
+"""
+
+EXAMPLES = """
+- name: add-lsm-gateway
+ cp_mgmt_lsm_gateway:
+ name: lsm_gateway
+ provisioning_settings:
+ provisioning_profile: prv_profile
+ provisioning_state: using-profile
+ security_profile: lsm_profile
+ sic:
+ ip_address: 1.2.3.4
+ one_time_password: aaaa
+ state: present
+
+- name: set-lsm-gateway
+ cp_mgmt_lsm_gateway:
+ name: lsm_gateway
+ provisioning_settings:
+ provisioning_profile: prv_profile
+ provisioning_state: using-profile
+ security_profile: lsm_profile
+ sic:
+ ip_address: 1.2.3.4
+ one_time_password: aaaa
+ state: present
+
+- name: delete-lsm-gateway
+ cp_mgmt_lsm_gateway:
+ name: lsm_gateway
+ state: absent
+"""
+
+RETURN = """
+cp_mgmt_lsm_gateway:
+ description: The checkpoint object created or updated.
+ returned: always, except when deleting the object.
+ type: dict
+"""
+
+from ansible.module_utils.basic import AnsibleModule
+from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_objects, api_call
+
+
+def main():
+ argument_spec = dict(
+ name=dict(type='str', required=True),
+ security_profile=dict(type='str'),
+ provisioning_settings=dict(type='dict', options=dict(
+ provisioning_profile=dict(type='str')
+ )),
+ provisioning_state=dict(type='str', choices=['off', 'manual', 'using-profile']),
+ sic=dict(type='dict', options=dict(
+ ip_address=dict(type='str'),
+ one_time_password=dict(type='str', no_log=True)
+ )),
+ color=dict(type='str', choices=['aquamarine', 'black', 'blue', 'crete blue', 'burlywood', 'cyan', 'dark green',
+ 'khaki', 'orchid', 'dark orange', 'dark sea green', 'pink', 'turquoise', 'dark blue', 'firebrick', 'brown',
+ 'forest green', 'gold', 'dark gold', 'gray', 'dark gray', 'light green', 'lemon chiffon', 'coral', 'sea green',
+ 'sky blue', 'magenta', 'purple', 'slate blue', 'violet red', 'navy blue', 'olive', 'orange', 'red', 'sienna',
+ 'yellow']),
+ comments=dict(type='str'),
+ details_level=dict(type='str', choices=['uid', 'standard', 'full']),
+ ignore_warnings=dict(type='bool'),
+ ignore_errors=dict(type='bool')
+ )
+ argument_spec.update(checkpoint_argument_spec_for_objects)
+
+ module = AnsibleModule(argument_spec=argument_spec, supports_check_mode=True)
+ api_call_object = 'lsm-gateway'
+
+ result = api_call(module, api_call_object)
+ module.exit_json(**result)
+
+
+if __name__ == '__main__':
+ main()
diff --git a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_lsm_gateway_facts.py b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_lsm_gateway_facts.py
new file mode 100644
index 000000000..b13444e96
--- /dev/null
+++ b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_lsm_gateway_facts.py
@@ -0,0 +1,146 @@
+#!/usr/bin/python
+# -*- coding: utf-8 -*-
+#
+# Ansible module to manage CheckPoint Firewall (c) 2019
+#
+# Ansible is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# Ansible is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with Ansible. If not, see <http://www.gnu.org/licenses/>.
+#
+
+from __future__ import (absolute_import, division, print_function)
+
+__metaclass__ = type
+
+ANSIBLE_METADATA = {'metadata_version': '1.1',
+ 'status': ['preview'],
+ 'supported_by': 'community'}
+
+DOCUMENTATION = """
+---
+module: cp_mgmt_lsm_gateway_facts
+short_description: Get lsm-gateway objects facts on Checkpoint over Web Services API
+description:
+ - Get lsm-gateway objects facts on Checkpoint devices.
+ - All operations are performed over Web Services API.
+ - This module handles both operations, get a specific object and get several objects,
+ For getting a specific object use the parameter 'name'.
+version_added: "2.3.0"
+author: "Shiran Golzar (@chkp-shirango)"
+options:
+ name:
+ description:
+ - Object name.
+ This parameter is relevant only for getting a specific object.
+ type: str
+ details_level:
+ description:
+ - The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed
+ representation of the object.
+ type: str
+ choices: ['uid', 'standard', 'full']
+ filter:
+ description:
+ - Search expression to filter objects by. The provided text should be exactly the same as it would be given in SmartConsole Object Explorer. The
+ logical operators in the expression ('AND', 'OR') should be provided in capital letters. The search involves both a IP search and a textual search in
+ name, comment, tags etc.
+ type: str
+ limit:
+ description:
+ - The maximal number of returned results.
+ This parameter is relevant only for getting few objects.
+ type: int
+ offset:
+ description:
+ - Number of the results to initially skip.
+ This parameter is relevant only for getting few objects.
+ type: int
+ order:
+ description:
+ - Sorts the results by search criteria. Automatically sorts the results by Name, in the ascending order.
+ This parameter is relevant only for getting few objects.
+ type: list
+ elements: dict
+ suboptions:
+ ASC:
+ description:
+ - Sorts results by the given field in ascending order.
+ type: str
+ choices: ['name']
+ DESC:
+ description:
+ - Sorts results by the given field in descending order.
+ type: str
+ choices: ['name']
+ show_membership:
+ description:
+ - Indicates whether to calculate and show "groups" field for every object in reply.
+ type: bool
+ domains_to_process:
+ description:
+ - Indicates which domains to process the commands on. It cannot be used with the details-level full, must be run from the System Domain only and
+ with ignore-warnings true. Valid values are, CURRENT_DOMAIN, ALL_DOMAINS_ON_THIS_SERVER.
+ type: list
+ elements: str
+extends_documentation_fragment: check_point.mgmt.checkpoint_facts
+"""
+
+EXAMPLES = """
+- name: show-lsm-gateway
+ cp_mgmt_lsm_gateway_facts:
+ name: lsm_gateway
+
+- name: show-lsm-gateways
+ cp_mgmt_lsm_gateway_facts:
+ details_level: standard
+ limit: 50
+ offset: 0
+"""
+
+RETURN = """
+ansible_facts:
+ description: The checkpoint object facts.
+ returned: always.
+ type: dict
+"""
+
+from ansible.module_utils.basic import AnsibleModule
+from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_facts, api_call_facts
+
+
+def main():
+ argument_spec = dict(
+ name=dict(type='str'),
+ details_level=dict(type='str', choices=['uid', 'standard', 'full']),
+ filter=dict(type='str'),
+ limit=dict(type='int'),
+ offset=dict(type='int'),
+ order=dict(type='list', elements='dict', options=dict(
+ ASC=dict(type='str', choices=['name']),
+ DESC=dict(type='str', choices=['name'])
+ )),
+ show_membership=dict(type='bool'),
+ domains_to_process=dict(type='list', elements='str')
+ )
+ argument_spec.update(checkpoint_argument_spec_for_facts)
+
+ module = AnsibleModule(argument_spec=argument_spec, supports_check_mode=True)
+
+ api_call_object = "lsm-gateway"
+ api_call_object_plural_version = "lsm-gateways"
+
+ result = api_call_facts(module, api_call_object, api_call_object_plural_version)
+ module.exit_json(ansible_facts=result)
+
+
+if __name__ == '__main__':
+ main()
diff --git a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_lsm_gateway_profile_facts.py b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_lsm_gateway_profile_facts.py
new file mode 100644
index 000000000..6778f237c
--- /dev/null
+++ b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_lsm_gateway_profile_facts.py
@@ -0,0 +1,146 @@
+#!/usr/bin/python
+# -*- coding: utf-8 -*-
+#
+# Ansible module to manage CheckPoint Firewall (c) 2019
+#
+# Ansible is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# Ansible is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with Ansible. If not, see <http://www.gnu.org/licenses/>.
+#
+
+from __future__ import (absolute_import, division, print_function)
+
+__metaclass__ = type
+
+ANSIBLE_METADATA = {'metadata_version': '1.1',
+ 'status': ['preview'],
+ 'supported_by': 'community'}
+
+DOCUMENTATION = """
+---
+module: cp_mgmt_lsm_gateway_profile_facts
+short_description: Get lsm-gateway-profile objects facts on Checkpoint over Web Services API
+description:
+ - Get lsm-gateway-profile objects facts on Checkpoint devices.
+ - All operations are performed over Web Services API.
+ - This module handles both operations, get a specific object and get several objects,
+ For getting a specific object use the parameter 'name'.
+version_added: "3.0.0"
+author: "Shiran Golzar (@chkp-shirango)"
+options:
+ name:
+ description:
+ - Object name.
+ This parameter is relevant only for getting a specific object.
+ type: str
+ details_level:
+ description:
+ - The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed
+ representation of the object.
+ type: str
+ choices: ['uid', 'standard', 'full']
+ filter:
+ description:
+ - Search expression to filter objects by. The provided text should be exactly the same as it would be given in SmartConsole Object Explorer. The
+ logical operators in the expression ('AND', 'OR') should be provided in capital letters. The search involves both a IP search and a textual search in
+ name, comment, tags etc.
+ type: str
+ limit:
+ description:
+ - The maximal number of returned results.
+ This parameter is relevant only for getting few objects.
+ type: int
+ offset:
+ description:
+ - Number of the results to initially skip.
+ This parameter is relevant only for getting few objects.
+ type: int
+ order:
+ description:
+ - Sorts the results by search criteria. Automatically sorts the results by Name, in the ascending order.
+ This parameter is relevant only for getting few objects.
+ type: list
+ elements: dict
+ suboptions:
+ ASC:
+ description:
+ - Sorts results by the given field in ascending order.
+ type: str
+ choices: ['name']
+ DESC:
+ description:
+ - Sorts results by the given field in descending order.
+ type: str
+ choices: ['name']
+ show_membership:
+ description:
+ - Indicates whether to calculate and show "groups" field for every object in reply.
+ type: bool
+ domains_to_process:
+ description:
+ - Indicates which domains to process the commands on. It cannot be used with the details-level full, must be run from the System Domain only and
+ with ignore-warnings true. Valid values are, CURRENT_DOMAIN, ALL_DOMAINS_ON_THIS_SERVER.
+ type: list
+ elements: str
+extends_documentation_fragment: check_point.mgmt.checkpoint_facts
+"""
+
+EXAMPLES = """
+- name: show-lsm-gateway-profile
+ cp_mgmt_lsm_gateway_profile_facts:
+ name: gateway_profile
+
+- name: show-lsm-gateway-profiles
+ cp_mgmt_lsm_gateway_profile_facts:
+ details_level: standard
+ limit: 50
+ offset: 0
+"""
+
+RETURN = """
+ansible_facts:
+ description: The checkpoint object facts.
+ returned: always.
+ type: dict
+"""
+
+from ansible.module_utils.basic import AnsibleModule
+from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_facts, api_call_facts
+
+
+def main():
+ argument_spec = dict(
+ name=dict(type='str'),
+ details_level=dict(type='str', choices=['uid', 'standard', 'full']),
+ filter=dict(type='str'),
+ limit=dict(type='int'),
+ offset=dict(type='int'),
+ order=dict(type='list', elements='dict', options=dict(
+ ASC=dict(type='str', choices=['name']),
+ DESC=dict(type='str', choices=['name'])
+ )),
+ show_membership=dict(type='bool'),
+ domains_to_process=dict(type='list', elements='str')
+ )
+ argument_spec.update(checkpoint_argument_spec_for_facts)
+
+ module = AnsibleModule(argument_spec=argument_spec, supports_check_mode=True)
+
+ api_call_object = "lsm-gateway-profile"
+ api_call_object_plural_version = "lsm-gateway-profiles"
+
+ result = api_call_facts(module, api_call_object, api_call_object_plural_version)
+ module.exit_json(ansible_facts=result)
+
+
+if __name__ == '__main__':
+ main()
diff --git a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_lsm_run_script.py b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_lsm_run_script.py
new file mode 100644
index 000000000..d3828262d
--- /dev/null
+++ b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_lsm_run_script.py
@@ -0,0 +1,90 @@
+#!/usr/bin/python
+# -*- coding: utf-8 -*-
+#
+# Ansible module to manage CheckPoint Firewall (c) 2019
+#
+# Ansible is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# Ansible is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with Ansible. If not, see <http://www.gnu.org/licenses/>.
+#
+
+from __future__ import (absolute_import, division, print_function)
+
+__metaclass__ = type
+
+ANSIBLE_METADATA = {'metadata_version': '1.1',
+ 'status': ['preview'],
+ 'supported_by': 'community'}
+
+DOCUMENTATION = """
+---
+module: cp_mgmt_lsm_run_script
+short_description: Executes the lsm-run-script on a given list of targets. Run the given script on the targets devices.
+description:
+ - Executes the lsm-run-script on a given list of targets. Run the given script on the targets devices.
+ - All operations are performed over Web Services API.
+version_added: "3.0.0"
+author: "Shiran Golzar (@chkp-shirango)"
+options:
+ script_base64:
+ description:
+ - The entire content of the script encoded in Base64.
+ type: str
+ script:
+ description:
+ - The entire content of the script.
+ type: str
+ targets:
+ description:
+ - On what targets to execute this command. Targets may be identified by their name, or object unique identifier.
+ type: list
+ elements: str
+extends_documentation_fragment: check_point.mgmt.checkpoint_commands
+"""
+
+EXAMPLES = """
+- name: lsm-run-script
+ cp_mgmt_lsm_run_script:
+ script: ls -l /
+ targets:
+ - lsm_gateway
+"""
+
+RETURN = """
+cp_mgmt_lsm_run_script:
+ description: The checkpoint lsm-run-script output.
+ returned: always.
+ type: dict
+"""
+
+from ansible.module_utils.basic import AnsibleModule
+from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_commands, api_command
+
+
+def main():
+ argument_spec = dict(
+ script_base64=dict(type='str'),
+ script=dict(type='str'),
+ targets=dict(type='list', elements='str')
+ )
+ argument_spec.update(checkpoint_argument_spec_for_commands)
+
+ module = AnsibleModule(argument_spec=argument_spec)
+
+ command = "lsm-run-script"
+
+ result = api_command(module, command)
+ module.exit_json(**result)
+
+
+if __name__ == '__main__':
+ main()
diff --git a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_md_permissions_profile.py b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_md_permissions_profile.py
new file mode 100644
index 000000000..01f52aafe
--- /dev/null
+++ b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_md_permissions_profile.py
@@ -0,0 +1,210 @@
+#!/usr/bin/python
+# -*- coding: utf-8 -*-
+#
+# Ansible module to manage CheckPoint Firewall (c) 2019
+#
+# Ansible is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# Ansible is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with Ansible. If not, see <http://www.gnu.org/licenses/>.
+#
+
+from __future__ import (absolute_import, division, print_function)
+
+__metaclass__ = type
+
+ANSIBLE_METADATA = {'metadata_version': '1.1',
+ 'status': ['preview'],
+ 'supported_by': 'community'}
+
+DOCUMENTATION = """
+---
+module: cp_mgmt_md_permissions_profile
+short_description: Manages md-permissions-profile objects on Checkpoint over Web Services API
+description:
+ - Manages md-permissions-profile objects on Checkpoint devices including creating, updating and removing objects.
+ - All operations are performed over Web Services API.
+version_added: "3.0.0"
+author: "Eden Brillant (@chkp-edenbr)"
+options:
+ name:
+ description:
+ - Object name.
+ type: str
+ required: True
+ permission_level:
+ description:
+ - The level of the Multi Domain Permissions Profile.<br>The level cannot be changed after creation.
+ type: str
+ choices: ['super user', 'manager', 'domain level only']
+ mds_provisioning:
+ description:
+ - Create and manage Multi-Domain Servers and Multi-Domain Log Servers.<br>Only a "Super User" permission-level profile can select this option.
+ type: bool
+ manage_admins:
+ description:
+ - Create and manage Multi-Domain Security Management administrators with the same or lower permission level. For example, a Domain manager
+ cannot create Superusers or global managers.<br>Only a 'Manager' permission-level profile can edit this permission.
+ type: bool
+ manage_sessions:
+ description:
+ - Connect/disconnect Domain sessions, publish changes, and delete other administrator sessions.<br>Only a 'Manager' permission-level profile can
+ edit this permission.
+ type: bool
+ management_api_login:
+ description:
+ - Permission to log in to the Security Management Server and run API commands using these tools, mgmt_cli (Linux and Windows binaries), Gaia CLI
+ (clish) and Web Services (REST). Useful if you want to prevent administrators from running automatic scripts on the Management.<br>Note, This
+ permission is not required to run commands from within the API terminal in SmartConsole.
+ type: bool
+ cme_operations:
+ description:
+ - Permission to read / edit the Cloud Management Extension (CME) configuration.
+ type: str
+ choices: ['read', 'write', 'disabled']
+ global_vpn_management:
+ description:
+ - Lets the administrator select Enable global use for a Security Gateway shown in the MDS Gateways & Servers view.<br>Only a 'Manager'
+ permission-level profile can edit this permission.
+ type: bool
+ manage_global_assignments:
+ description:
+ - Controls the ability to create, edit and delete global assignment and not the ability to reassign, which is set according to the specific
+ Domain's permission profile.
+ type: bool
+ enable_default_profile_for_global_domains:
+ description:
+ - Enable the option to specify a default profile for all global domains.
+ type: bool
+ default_profile_global_domains:
+ description:
+ - Name or UID of the required default profile for all global domains.
+ type: str
+ view_global_objects_in_domain:
+ description:
+ - Lets an administrator with no global objects permissions view the global objects in the domain. This option is required for valid domain management.
+ type: bool
+ enable_default_profile_for_local_domains:
+ description:
+ - Enable the option to specify a default profile for all local domains.
+ type: bool
+ default_profile_local_domains:
+ description:
+ - Name or UID of the required default profile for all local domains.
+ type: str
+ tags:
+ description:
+ - Collection of tag identifiers.
+ type: list
+ elements: str
+ color:
+ description:
+ - Color of the object. Should be one of existing colors.
+ type: str
+ choices: ['aquamarine', 'black', 'blue', 'crete blue', 'burlywood', 'cyan', 'dark green', 'khaki', 'orchid', 'dark orange', 'dark sea green',
+ 'pink', 'turquoise', 'dark blue', 'firebrick', 'brown', 'forest green', 'gold', 'dark gold', 'gray', 'dark gray', 'light green', 'lemon chiffon',
+ 'coral', 'sea green', 'sky blue', 'magenta', 'purple', 'slate blue', 'violet red', 'navy blue', 'olive', 'orange', 'red', 'sienna', 'yellow']
+ comments:
+ description:
+ - Comments string.
+ type: str
+ details_level:
+ description:
+ - The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed
+ representation of the object.
+ type: str
+ choices: ['uid', 'standard', 'full']
+ domains_to_process:
+ description:
+ - Indicates which domains to process the commands on. It cannot be used with the details-level full, must be run from the System Domain only and
+ with ignore-warnings true. Valid values are, CURRENT_DOMAIN, ALL_DOMAINS_ON_THIS_SERVER.
+ type: list
+ elements: str
+ ignore_warnings:
+ description:
+ - Apply changes ignoring warnings.
+ type: bool
+ ignore_errors:
+ description:
+ - Apply changes ignoring errors. You won't be able to publish such a changes. If ignore-warnings flag was omitted - warnings will also be ignored.
+ type: bool
+extends_documentation_fragment: check_point.mgmt.checkpoint_objects
+"""
+
+EXAMPLES = """
+- name: add-md-permissions-profile
+ cp_mgmt_md_permissions_profile:
+ name: manager profile
+ state: present
+
+- name: set-md-permissions-profile
+ cp_mgmt_md_permissions_profile:
+ default_profile_global_domains: read write all
+ name: manager profile
+ permission_level: domain level only
+ state: present
+
+- name: delete-md-permissions-profile
+ cp_mgmt_md_permissions_profile:
+ name: profile
+ state: absent
+"""
+
+RETURN = """
+cp_mgmt_md_permissions_profile:
+ description: The checkpoint object created or updated.
+ returned: always, except when deleting the object.
+ type: dict
+"""
+
+from ansible.module_utils.basic import AnsibleModule
+from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_objects, api_call
+
+
+def main():
+ argument_spec = dict(
+ name=dict(type='str', required=True),
+ permission_level=dict(type='str', choices=['super user', 'manager', 'domain level only']),
+ mds_provisioning=dict(type='bool'),
+ manage_admins=dict(type='bool'),
+ manage_sessions=dict(type='bool'),
+ management_api_login=dict(type='bool'),
+ cme_operations=dict(type='str', choices=['read', 'write', 'disabled']),
+ global_vpn_management=dict(type='bool'),
+ manage_global_assignments=dict(type='bool'),
+ enable_default_profile_for_global_domains=dict(type='bool'),
+ default_profile_global_domains=dict(type='str'),
+ view_global_objects_in_domain=dict(type='bool'),
+ enable_default_profile_for_local_domains=dict(type='bool'),
+ default_profile_local_domains=dict(type='str'),
+ tags=dict(type='list', elements='str'),
+ color=dict(type='str', choices=['aquamarine', 'black', 'blue', 'crete blue', 'burlywood', 'cyan', 'dark green',
+ 'khaki', 'orchid', 'dark orange', 'dark sea green', 'pink', 'turquoise', 'dark blue', 'firebrick', 'brown',
+ 'forest green', 'gold', 'dark gold', 'gray', 'dark gray', 'light green', 'lemon chiffon', 'coral', 'sea green',
+ 'sky blue', 'magenta', 'purple', 'slate blue', 'violet red', 'navy blue', 'olive', 'orange', 'red', 'sienna',
+ 'yellow']),
+ comments=dict(type='str'),
+ details_level=dict(type='str', choices=['uid', 'standard', 'full']),
+ domains_to_process=dict(type='list', elements='str'),
+ ignore_warnings=dict(type='bool'),
+ ignore_errors=dict(type='bool')
+ )
+ argument_spec.update(checkpoint_argument_spec_for_objects)
+
+ module = AnsibleModule(argument_spec=argument_spec, supports_check_mode=True)
+ api_call_object = 'md-permissions-profile'
+
+ result = api_call(module, api_call_object)
+ module.exit_json(**result)
+
+
+if __name__ == '__main__':
+ main()
diff --git a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_md_permissions_profile_facts.py b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_md_permissions_profile_facts.py
new file mode 100644
index 000000000..285752fd7
--- /dev/null
+++ b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_md_permissions_profile_facts.py
@@ -0,0 +1,141 @@
+#!/usr/bin/python
+# -*- coding: utf-8 -*-
+#
+# Ansible module to manage CheckPoint Firewall (c) 2019
+#
+# Ansible is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# Ansible is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with Ansible. If not, see <http://www.gnu.org/licenses/>.
+#
+
+from __future__ import (absolute_import, division, print_function)
+
+__metaclass__ = type
+
+ANSIBLE_METADATA = {'metadata_version': '1.1',
+ 'status': ['preview'],
+ 'supported_by': 'community'}
+
+DOCUMENTATION = """
+---
+module: cp_mgmt_md_permissions_profile_facts
+short_description: Get md-permissions-profile objects facts on Checkpoint over Web Services API
+description:
+ - Get md-permissions-profile objects facts on Checkpoint devices.
+ - All operations are performed over Web Services API.
+ - This module handles both operations, get a specific object and get several objects,
+ For getting a specific object use the parameter 'name'.
+version_added: "3.0.0"
+author: "Eden Brillant (@chkp-edenbr)"
+options:
+ name:
+ description:
+ - Object name.
+ This parameter is relevant only for getting a specific object.
+ type: str
+ details_level:
+ description:
+ - The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed
+ representation of the object.
+ type: str
+ choices: ['uid', 'standard', 'full']
+ filter:
+ description:
+ - Search expression to filter objects by. The provided text should be exactly the same as it would be given in SmartConsole Object Explorer. The
+ logical operators in the expression ('AND', 'OR') should be provided in capital letters. The search involves both a IP search and a textual search in
+ name, comment, tags etc.
+ type: str
+ limit:
+ description:
+ - The maximal number of returned results.
+ This parameter is relevant only for getting few objects.
+ type: int
+ offset:
+ description:
+ - Number of the results to initially skip.
+ This parameter is relevant only for getting few objects.
+ type: int
+ order:
+ description:
+ - Sorts the results by search criteria. Automatically sorts the results by Name, in the ascending order.
+ This parameter is relevant only for getting few objects.
+ type: list
+ elements: dict
+ suboptions:
+ ASC:
+ description:
+ - Sorts results by the given field in ascending order.
+ type: str
+ choices: ['name']
+ DESC:
+ description:
+ - Sorts results by the given field in descending order.
+ type: str
+ choices: ['name']
+ domains_to_process:
+ description:
+ - Indicates which domains to process the commands on. It cannot be used with the details-level full, must be run from the System Domain only and
+ with ignore-warnings true. Valid values are, CURRENT_DOMAIN, ALL_DOMAINS_ON_THIS_SERVER.
+ type: list
+ elements: str
+extends_documentation_fragment: check_point.mgmt.checkpoint_facts
+"""
+
+EXAMPLES = """
+- name: show-md-permissions-profile
+ cp_mgmt_md_permissions_profile_facts:
+ name: profile
+
+- name: show-md-permissions-profiles
+ cp_mgmt_md_permissions_profile_facts:
+ details_level: standard
+ limit: 50
+ offset: 0
+"""
+
+RETURN = """
+ansible_facts:
+ description: The checkpoint object facts.
+ returned: always.
+ type: dict
+"""
+
+from ansible.module_utils.basic import AnsibleModule
+from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_facts, api_call_facts
+
+
+def main():
+ argument_spec = dict(
+ name=dict(type='str'),
+ details_level=dict(type='str', choices=['uid', 'standard', 'full']),
+ filter=dict(type='str'),
+ limit=dict(type='int'),
+ offset=dict(type='int'),
+ order=dict(type='list', elements='dict', options=dict(
+ ASC=dict(type='str', choices=['name']),
+ DESC=dict(type='str', choices=['name'])
+ )),
+ domains_to_process=dict(type='list', elements='str')
+ )
+ argument_spec.update(checkpoint_argument_spec_for_facts)
+
+ module = AnsibleModule(argument_spec=argument_spec, supports_check_mode=True)
+
+ api_call_object = "md-permissions-profile"
+ api_call_object_plural_version = "md-permissions-profiles"
+
+ result = api_call_facts(module, api_call_object, api_call_object_plural_version)
+ module.exit_json(ansible_facts=result)
+
+
+if __name__ == '__main__':
+ main()
diff --git a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_mds.py b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_mds.py
new file mode 100644
index 000000000..726164ba5
--- /dev/null
+++ b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_mds.py
@@ -0,0 +1,208 @@
+#!/usr/bin/python
+# -*- coding: utf-8 -*-
+#
+# Ansible module to manage CheckPoint Firewall (c) 2019
+#
+# Ansible is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# Ansible is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with Ansible. If not, see <http://www.gnu.org/licenses/>.
+#
+
+from __future__ import (absolute_import, division, print_function)
+
+__metaclass__ = type
+
+ANSIBLE_METADATA = {'metadata_version': '1.1',
+ 'status': ['preview'],
+ 'supported_by': 'community'}
+
+DOCUMENTATION = """
+---
+module: cp_mgmt_mds
+short_description: Manages mds objects on Checkpoint over Web Services API
+description:
+ - Manages mds objects on Checkpoint devices including creating, updating and removing objects.
+ - All operations are performed over Web Services API.
+version_added: "2.1.0"
+author: "Or Soffer (@chkp-orso)"
+options:
+ name:
+ description:
+ - Object name.
+ type: str
+ required: True
+ ip_address:
+ description:
+ - IPv4 or IPv6 address. If both addresses are required use ipv4-address and ipv6-address fields explicitly.
+ type: str
+ ipv4_address:
+ description:
+ - IPv4 address.
+ type: str
+ ipv6_address:
+ description:
+ - IPv6 address.
+ type: str
+ hardware:
+ description:
+ - Hardware name. For example, Open server, Smart-1, Other.
+ type: str
+ os:
+ description:
+ - Operating system name. For example, Gaia, Linux, SecurePlatform.
+ type: str
+ version:
+ description:
+ - System version.
+ type: str
+ one_time_password:
+ description:
+ - Secure internal connection one time password.
+ type: str
+ server_type:
+ description:
+ - Type of the management server.
+ type: str
+ choices: ['multi-domain server', 'multi-domain log server']
+ ip_pool_first:
+ description:
+ - First IP address in the range.
+ type: str
+ ipv4_pool_first:
+ description:
+ - First IPv4 address in the range.
+ type: str
+ ipv6_pool_first:
+ description:
+ - First IPv6 address in the range.
+ type: str
+ ip_pool_last:
+ description:
+ - Last IP address in the range.
+ type: str
+ ipv4_pool_last:
+ description:
+ - Last IPv4 address in the range.
+ type: str
+ ipv6_pool_last:
+ description:
+ - Last IPv6 address in the range.
+ type: str
+ tags:
+ description:
+ - Collection of tag identifiers.
+ type: list
+ elements: str
+ color:
+ description:
+ - Color of the object. Should be one of existing colors.
+ type: str
+ choices: ['aquamarine', 'black', 'blue', 'crete blue', 'burlywood', 'cyan', 'dark green', 'khaki', 'orchid', 'dark orange', 'dark sea green',
+ 'pink', 'turquoise', 'dark blue', 'firebrick', 'brown', 'forest green', 'gold', 'dark gold', 'gray', 'dark gray', 'light green', 'lemon chiffon',
+ 'coral', 'sea green', 'sky blue', 'magenta', 'purple', 'slate blue', 'violet red', 'navy blue', 'olive', 'orange', 'red', 'sienna', 'yellow']
+ comments:
+ description:
+ - Comments string.
+ type: str
+ details_level:
+ description:
+ - The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed
+ representation of the object.
+ type: str
+ choices: ['uid', 'standard', 'full']
+ ignore_warnings:
+ description:
+ - Apply changes ignoring warnings.
+ type: bool
+ ignore_errors:
+ description:
+ - Apply changes ignoring errors. You won't be able to publish such a changes. If ignore-warnings flag was omitted - warnings will also be ignored.
+ type: bool
+extends_documentation_fragment: check_point.mgmt.checkpoint_objects
+"""
+
+EXAMPLES = """
+- name: add-mds
+ cp_mgmt_mds:
+ hardware: open server
+ ip_address: 1.1.1.1
+ ip_pool_first: 2.2.2.2
+ ip_pool_last: 3.3.3.3
+ name: mymds
+ os: gaia
+ server_type: multi-domain server
+ state: present
+
+- name: set-mds
+ cp_mgmt_mds:
+ hardware: Smart-1
+ ip_address: 1.2.3.4
+ name: mymds
+ os: linux
+ state: present
+
+- name: delete-mds
+ cp_mgmt_mds:
+ name: mymds
+ state: absent
+"""
+
+RETURN = """
+cp_mgmt_mds:
+ description: The checkpoint object created or updated.
+ returned: always, except when deleting the object.
+ type: dict
+"""
+
+from ansible.module_utils.basic import AnsibleModule
+from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_objects, api_call
+
+
+def main():
+ argument_spec = dict(
+ name=dict(type='str', required=True),
+ ip_address=dict(type='str'),
+ ipv4_address=dict(type='str'),
+ ipv6_address=dict(type='str'),
+ hardware=dict(type='str'),
+ os=dict(type='str'),
+ version=dict(type='str'),
+ one_time_password=dict(type='str', no_log=True),
+ server_type=dict(type='str', choices=['multi-domain server', 'multi-domain log server']),
+ ip_pool_first=dict(type='str'),
+ ipv4_pool_first=dict(type='str'),
+ ipv6_pool_first=dict(type='str'),
+ ip_pool_last=dict(type='str'),
+ ipv4_pool_last=dict(type='str'),
+ ipv6_pool_last=dict(type='str'),
+ tags=dict(type='list', elements='str'),
+ color=dict(type='str', choices=['aquamarine', 'black', 'blue', 'crete blue', 'burlywood', 'cyan', 'dark green',
+ 'khaki', 'orchid', 'dark orange', 'dark sea green', 'pink', 'turquoise', 'dark blue', 'firebrick', 'brown',
+ 'forest green', 'gold', 'dark gold', 'gray', 'dark gray', 'light green', 'lemon chiffon', 'coral', 'sea green',
+ 'sky blue', 'magenta', 'purple', 'slate blue', 'violet red', 'navy blue', 'olive', 'orange', 'red', 'sienna',
+ 'yellow']),
+ comments=dict(type='str'),
+ details_level=dict(type='str', choices=['uid', 'standard', 'full']),
+ ignore_warnings=dict(type='bool'),
+ ignore_errors=dict(type='bool')
+ )
+ argument_spec.update(checkpoint_argument_spec_for_objects)
+
+ module = AnsibleModule(argument_spec=argument_spec, supports_check_mode=True)
+ api_call_object = 'mds'
+
+ result = api_call(module, api_call_object)
+ module.exit_json(**result)
+
+
+if __name__ == '__main__':
+ main()
diff --git a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_mds_facts.py b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_mds_facts.py
new file mode 100644
index 000000000..46bca5be4
--- /dev/null
+++ b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_mds_facts.py
@@ -0,0 +1,124 @@
+#!/usr/bin/python
+# -*- coding: utf-8 -*-
+#
+# Ansible module to manage Check Point Firewall (c) 2019
+#
+# Ansible is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# Ansible is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with Ansible. If not, see <http://www.gnu.org/licenses/>.
+#
+
+from __future__ import (absolute_import, division, print_function)
+
+__metaclass__ = type
+
+ANSIBLE_METADATA = {'metadata_version': '1.1',
+ 'status': ['preview'],
+ 'supported_by': 'community'}
+
+DOCUMENTATION = """
+---
+module: cp_mgmt_mds_facts
+short_description: Get Multi-Domain Server (mds) objects facts on Check Point over Web Services API
+description:
+ - Get mds objects facts on Check Point devices.
+ - All operations are performed over Web Services API.
+ - This module handles both operations, get a specific object and get several objects,
+ For getting a specific object use the parameter 'name'.
+version_added: "1.0.0"
+author: "Or Soffer (@chkp-orso)"
+options:
+ name:
+ description:
+ - Object name.
+ This parameter is relevant only for getting a specific object.
+ type: str
+ details_level:
+ description:
+ - The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed
+ representation of the object.
+ type: str
+ choices: ['uid', 'standard', 'full']
+ limit:
+ description:
+ - No more than that many results will be returned.
+ This parameter is relevant only for getting few objects.
+ type: int
+ offset:
+ description:
+ - Skip that many results before beginning to return them.
+ This parameter is relevant only for getting few objects.
+ type: int
+ order:
+ description:
+ - Sorts results by the given field. By default the results are sorted in the ascending order by name.
+ This parameter is relevant only for getting few objects.
+ type: list
+ elements: dict
+ suboptions:
+ ASC:
+ description:
+ - Sorts results by the given field in ascending order.
+ type: str
+ choices: ['name']
+ DESC:
+ description:
+ - Sorts results by the given field in descending order.
+ type: str
+ choices: ['name']
+extends_documentation_fragment: check_point.mgmt.checkpoint_facts
+"""
+
+EXAMPLES = """
+- name: show-mds
+ cp_mgmt_mds_facts:
+ name: test_mds1
+
+- name: show-mdss
+ cp_mgmt_mds_facts:
+"""
+
+RETURN = """
+ansible_facts:
+ description: The checkpoint object facts.
+ returned: always.
+ type: dict
+"""
+
+from ansible.module_utils.basic import AnsibleModule
+from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_facts, api_call_facts
+
+
+def main():
+ argument_spec = dict(
+ name=dict(type='str'),
+ details_level=dict(type='str', choices=['uid', 'standard', 'full']),
+ limit=dict(type='int'),
+ offset=dict(type='int'),
+ order=dict(type='list', elements='dict', options=dict(
+ ASC=dict(type='str', choices=['name']),
+ DESC=dict(type='str', choices=['name'])
+ ))
+ )
+ argument_spec.update(checkpoint_argument_spec_for_facts)
+
+ module = AnsibleModule(argument_spec=argument_spec, supports_check_mode=True)
+
+ api_call_object = "mds"
+ api_call_object_plural_version = "mdss"
+
+ result = api_call_facts(module, api_call_object, api_call_object_plural_version)
+ module.exit_json(ansible_facts=result)
+
+
+if __name__ == '__main__':
+ main()
diff --git a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_multicast_address_range.py b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_multicast_address_range.py
new file mode 100644
index 000000000..04cc7a72f
--- /dev/null
+++ b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_multicast_address_range.py
@@ -0,0 +1,183 @@
+#!/usr/bin/python
+# -*- coding: utf-8 -*-
+#
+# Ansible module to manage Check Point Firewall (c) 2019
+#
+# Ansible is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# Ansible is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with Ansible. If not, see <http://www.gnu.org/licenses/>.
+#
+
+from __future__ import (absolute_import, division, print_function)
+
+__metaclass__ = type
+
+ANSIBLE_METADATA = {'metadata_version': '1.1',
+ 'status': ['preview'],
+ 'supported_by': 'community'}
+
+DOCUMENTATION = """
+---
+module: cp_mgmt_multicast_address_range
+short_description: Manages multicast-address-range objects on Check Point over Web Services API
+description:
+ - Manages multicast-address-range objects on Check Point devices including creating, updating and removing objects.
+ - All operations are performed over Web Services API.
+version_added: "1.0.0"
+author: "Or Soffer (@chkp-orso)"
+options:
+ name:
+ description:
+ - Object name.
+ type: str
+ required: True
+ ip_address:
+ description:
+ - IPv4 or IPv6 address. If both addresses are required use ipv4-address and ipv6-address fields explicitly.
+ type: str
+ ipv4_address:
+ description:
+ - IPv4 address.
+ type: str
+ ipv6_address:
+ description:
+ - IPv6 address.
+ type: str
+ ip_address_first:
+ description:
+ - First IP address in the range. If both IPv4 and IPv6 address ranges are required, use the ipv4-address-first and the ipv6-address-first fields instead.
+ type: str
+ ipv4_address_first:
+ description:
+ - First IPv4 address in the range.
+ type: str
+ ipv6_address_first:
+ description:
+ - First IPv6 address in the range.
+ type: str
+ ip_address_last:
+ description:
+ - Last IP address in the range. If both IPv4 and IPv6 address ranges are required, use the ipv4-address-first and the ipv6-address-first fields instead.
+ type: str
+ ipv4_address_last:
+ description:
+ - Last IPv4 address in the range.
+ type: str
+ ipv6_address_last:
+ description:
+ - Last IPv6 address in the range.
+ type: str
+ tags:
+ description:
+ - Collection of tag identifiers.
+ type: list
+ elements: str
+ color:
+ description:
+ - Color of the object. Should be one of existing colors.
+ type: str
+ choices: ['aquamarine', 'black', 'blue', 'crete blue', 'burlywood', 'cyan', 'dark green', 'khaki', 'orchid', 'dark orange', 'dark sea green',
+ 'pink', 'turquoise', 'dark blue', 'firebrick', 'brown', 'forest green', 'gold', 'dark gold', 'gray', 'dark gray', 'light green', 'lemon chiffon',
+ 'coral', 'sea green', 'sky blue', 'magenta', 'purple', 'slate blue', 'violet red', 'navy blue', 'olive', 'orange', 'red', 'sienna', 'yellow']
+ comments:
+ description:
+ - Comments string.
+ type: str
+ details_level:
+ description:
+ - The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed
+ representation of the object.
+ type: str
+ choices: ['uid', 'standard', 'full']
+ groups:
+ description:
+ - Collection of group identifiers.
+ type: list
+ elements: str
+ ignore_warnings:
+ description:
+ - Apply changes ignoring warnings.
+ type: bool
+ ignore_errors:
+ description:
+ - Apply changes ignoring errors. You won't be able to publish such a changes. If ignore-warnings flag was omitted - warnings will also be ignored.
+ type: bool
+extends_documentation_fragment: check_point.mgmt.checkpoint_objects
+"""
+
+EXAMPLES = """
+- name: add-multicast-address-range
+ cp_mgmt_multicast_address_range:
+ ip_address_first: 224.0.0.1
+ ip_address_last: 224.0.0.4
+ name: New Multicast Address Range
+ state: present
+
+- name: set-multicast-address-range
+ cp_mgmt_multicast_address_range:
+ ip_address_first: 224.0.0.7
+ ip_address_last: 224.0.0.10
+ name: New Multicast Address Range
+ state: present
+
+- name: delete-multicast-address-range
+ cp_mgmt_multicast_address_range:
+ name: New Multicast Address Range
+ state: absent
+"""
+
+RETURN = """
+cp_mgmt_multicast_address_range:
+ description: The checkpoint object created or updated.
+ returned: always, except when deleting the object.
+ type: dict
+"""
+
+from ansible.module_utils.basic import AnsibleModule
+from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_objects, api_call
+
+
+def main():
+ argument_spec = dict(
+ name=dict(type='str', required=True),
+ ip_address=dict(type='str'),
+ ipv4_address=dict(type='str'),
+ ipv6_address=dict(type='str'),
+ ip_address_first=dict(type='str'),
+ ipv4_address_first=dict(type='str'),
+ ipv6_address_first=dict(type='str'),
+ ip_address_last=dict(type='str'),
+ ipv4_address_last=dict(type='str'),
+ ipv6_address_last=dict(type='str'),
+ tags=dict(type='list', elements='str'),
+ color=dict(type='str', choices=['aquamarine', 'black', 'blue', 'crete blue', 'burlywood', 'cyan', 'dark green',
+ 'khaki', 'orchid', 'dark orange', 'dark sea green', 'pink', 'turquoise', 'dark blue', 'firebrick', 'brown',
+ 'forest green', 'gold', 'dark gold', 'gray', 'dark gray', 'light green', 'lemon chiffon', 'coral', 'sea green',
+ 'sky blue', 'magenta', 'purple', 'slate blue', 'violet red', 'navy blue', 'olive', 'orange', 'red', 'sienna',
+ 'yellow']),
+ comments=dict(type='str'),
+ details_level=dict(type='str', choices=['uid', 'standard', 'full']),
+ groups=dict(type='list', elements='str'),
+ ignore_warnings=dict(type='bool'),
+ ignore_errors=dict(type='bool')
+ )
+ argument_spec.update(checkpoint_argument_spec_for_objects)
+
+ module = AnsibleModule(argument_spec=argument_spec, supports_check_mode=True)
+ api_call_object = 'multicast-address-range'
+
+ result = api_call(module, api_call_object)
+ module.exit_json(**result)
+
+
+if __name__ == '__main__':
+ main()
diff --git a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_multicast_address_range_facts.py b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_multicast_address_range_facts.py
new file mode 100644
index 000000000..c32390e6d
--- /dev/null
+++ b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_multicast_address_range_facts.py
@@ -0,0 +1,130 @@
+#!/usr/bin/python
+# -*- coding: utf-8 -*-
+#
+# Ansible module to manage Check Point Firewall (c) 2019
+#
+# Ansible is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# Ansible is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with Ansible. If not, see <http://www.gnu.org/licenses/>.
+#
+
+from __future__ import (absolute_import, division, print_function)
+
+__metaclass__ = type
+
+ANSIBLE_METADATA = {'metadata_version': '1.1',
+ 'status': ['preview'],
+ 'supported_by': 'community'}
+
+DOCUMENTATION = """
+---
+module: cp_mgmt_multicast_address_range_facts
+short_description: Get multicast-address-range objects facts on Check Point over Web Services API
+description:
+ - Get multicast-address-range objects facts on Check Point devices.
+ - All operations are performed over Web Services API.
+ - This module handles both operations, get a specific object and get several objects,
+ For getting a specific object use the parameter 'name'.
+version_added: "1.0.0"
+author: "Or Soffer (@chkp-orso)"
+options:
+ name:
+ description:
+ - Object name.
+ This parameter is relevant only for getting a specific object.
+ type: str
+ details_level:
+ description:
+ - The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed
+ representation of the object.
+ type: str
+ choices: ['uid', 'standard', 'full']
+ limit:
+ description:
+ - No more than that many results will be returned.
+ This parameter is relevant only for getting few objects.
+ type: int
+ offset:
+ description:
+ - Skip that many results before beginning to return them.
+ This parameter is relevant only for getting few objects.
+ type: int
+ order:
+ description:
+ - Sorts results by the given field. By default the results are sorted in the ascending order by name.
+ This parameter is relevant only for getting few objects.
+ type: list
+ elements: dict
+ suboptions:
+ ASC:
+ description:
+ - Sorts results by the given field in ascending order.
+ type: str
+ choices: ['name']
+ DESC:
+ description:
+ - Sorts results by the given field in descending order.
+ type: str
+ choices: ['name']
+ show_membership:
+ description:
+ - Indicates whether to calculate and show "groups" field for every object in reply.
+ type: bool
+extends_documentation_fragment: check_point.mgmt.checkpoint_facts
+"""
+
+EXAMPLES = """
+- name: show-multicast-address-range
+ cp_mgmt_multicast_address_range_facts:
+ name: New Multicast Address Range
+
+- name: show-multicast-address-ranges
+ cp_mgmt_multicast_address_range_facts:
+ details_level: full
+"""
+
+RETURN = """
+ansible_facts:
+ description: The checkpoint object facts.
+ returned: always.
+ type: dict
+"""
+
+from ansible.module_utils.basic import AnsibleModule
+from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_facts, api_call_facts
+
+
+def main():
+ argument_spec = dict(
+ name=dict(type='str'),
+ details_level=dict(type='str', choices=['uid', 'standard', 'full']),
+ limit=dict(type='int'),
+ offset=dict(type='int'),
+ order=dict(type='list', elements='dict', options=dict(
+ ASC=dict(type='str', choices=['name']),
+ DESC=dict(type='str', choices=['name'])
+ )),
+ show_membership=dict(type='bool')
+ )
+ argument_spec.update(checkpoint_argument_spec_for_facts)
+
+ module = AnsibleModule(argument_spec=argument_spec, supports_check_mode=True)
+
+ api_call_object = "multicast-address-range"
+ api_call_object_plural_version = "multicast-address-ranges"
+
+ result = api_call_facts(module, api_call_object, api_call_object_plural_version)
+ module.exit_json(ansible_facts=result)
+
+
+if __name__ == '__main__':
+ main()
diff --git a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_nat_rule_facts.py b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_nat_rule_facts.py
new file mode 100644
index 000000000..c1c4465bd
--- /dev/null
+++ b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_nat_rule_facts.py
@@ -0,0 +1,203 @@
+#!/usr/bin/python
+# -*- coding: utf-8 -*-
+#
+# Ansible module to manage CheckPoint Firewall (c) 2019
+#
+# Ansible is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# Ansible is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with Ansible. If not, see <http://www.gnu.org/licenses/>.
+#
+
+from __future__ import (absolute_import, division, print_function)
+
+__metaclass__ = type
+
+ANSIBLE_METADATA = {'metadata_version': '1.1',
+ 'status': ['preview'],
+ 'supported_by': 'community'}
+
+DOCUMENTATION = """
+---
+module: cp_mgmt_nat_rule_facts
+short_description: Get nat-rule objects facts on Checkpoint over Web Services API
+description:
+ - Get nat-rule objects facts on Checkpoint devices.
+ - All operations are performed over Web Services API.
+ - This module handles both operations, get a specific object and get several objects,
+ For getting a specific object use the parameter 'name'.
+version_added: "2.0.0"
+author: "Or Soffer (@chkp-orso)"
+options:
+ rule_number:
+ description:
+ - Rule number.
+ type: str
+ package:
+ description:
+ - Name of the package.
+ type: str
+ details_level:
+ description:
+ - The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed
+ representation of the object.
+ type: str
+ choices: ['uid', 'standard', 'full']
+ filter:
+ description:
+ - Search expression to filter the rulebase. The provided text should be exactly the same as it would be given in Smart Console. The logical
+ operators in the expression ('AND', 'OR') should be provided in capital letters. If an operator is not used, the default OR operator applies.
+ type: str
+ filter_settings:
+ description:
+ - Sets filter preferences.
+ type: dict
+ suboptions:
+ search_mode:
+ description:
+ - When set to 'general', both the Full Text Search and Packet Search are enabled. In this mode, Packet Search will not match on 'Any'
+ object, a negated cell or a group-with-exclusion. When the search-mode is set to 'packet', by default, the match on 'Any' object, a negated cell
+ or a group-with-exclusion are enabled. packet-search-settings may be provided to change the default behavior.
+ type: str
+ choices: ['general', 'packet']
+ packet_search_settings:
+ description:
+ - When 'search-mode' is set to 'packet', this object allows to set the packet search preferences.
+ type: dict
+ suboptions:
+ expand_group_members:
+ description:
+ - When true, if the search expression contains a UID or a name of a group object, results will include rules that match on at
+ least one member of the group.
+ type: bool
+ expand_group_with_exclusion_members:
+ description:
+ - When true, if the search expression contains a UID or a name of a group-with-exclusion object, results will include rules that
+ match at least one member of the "include" part and is not a member of the "except" part.
+ type: bool
+ match_on_any:
+ description:
+ - Whether to match on 'Any' object.
+ type: bool
+ match_on_group_with_exclusion:
+ description:
+ - Whether to match on a group-with-exclusion.
+ type: bool
+ match_on_negate:
+ description:
+ - Whether to match on a negated cell.
+ type: bool
+ limit:
+ description:
+ - The maximal number of returned results.
+ This parameter is relevant only for getting few objects.
+ type: int
+ offset:
+ description:
+ - Number of the results to initially skip.
+ This parameter is relevant only for getting few objects.
+ type: int
+ order:
+ description:
+ - Sorts the results by search criteria. Automatically sorts the results by Name, in the ascending order.
+ This parameter is relevant only for getting few objects.
+ type: list
+ elements: dict
+ suboptions:
+ ASC:
+ description:
+ - Sorts results by the given field in ascending order.
+ type: str
+ choices: ['name']
+ DESC:
+ description:
+ - Sorts results by the given field in descending order.
+ type: str
+ choices: ['name']
+ use_object_dictionary:
+ description:
+ - N/A
+ type: bool
+ dereference_group_members:
+ description:
+ - Indicates whether to dereference "members" field by details level for every object in reply.
+ type: bool
+ show_membership:
+ description:
+ - Indicates whether to calculate and show "groups" field for every object in reply.
+ type: bool
+extends_documentation_fragment: check_point.mgmt.checkpoint_facts
+"""
+
+EXAMPLES = """
+- name: show-nat-rule
+ cp_mgmt_nat_rule_facts:
+ package: standard
+
+- name: show-nat-rulebase
+ cp_mgmt_nat_rule_facts:
+ details_level: standard
+ limit: 2
+ offset: 1
+ package: standard
+ use_object_dictionary: true
+"""
+
+RETURN = """
+ansible_facts:
+ description: The checkpoint object facts.
+ returned: always.
+ type: dict
+"""
+
+from ansible.module_utils.basic import AnsibleModule
+from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_facts, api_call_facts_for_rule
+
+
+def main():
+ argument_spec = dict(
+ rule_number=dict(type='str'),
+ package=dict(type='str'),
+ details_level=dict(type='str', choices=['uid', 'standard', 'full']),
+ filter=dict(type='str'),
+ filter_settings=dict(type='dict', options=dict(
+ search_mode=dict(type='str', choices=['general', 'packet']),
+ packet_search_settings=dict(type='dict', options=dict(
+ expand_group_members=dict(type='bool'),
+ expand_group_with_exclusion_members=dict(type='bool'),
+ match_on_any=dict(type='bool'),
+ match_on_group_with_exclusion=dict(type='bool'),
+ match_on_negate=dict(type='bool')
+ ))
+ )),
+ limit=dict(type='int'),
+ offset=dict(type='int'),
+ order=dict(type='list', elements='dict', options=dict(
+ ASC=dict(type='str', choices=['name']),
+ DESC=dict(type='str', choices=['name'])
+ )),
+ use_object_dictionary=dict(type='bool'),
+ dereference_group_members=dict(type='bool'),
+ show_membership=dict(type='bool')
+ )
+ argument_spec.update(checkpoint_argument_spec_for_facts)
+
+ module = AnsibleModule(argument_spec=argument_spec, supports_check_mode=True)
+
+ api_call_object = "nat-rule"
+ api_call_object_plural_version = "nat-rulebase"
+
+ result = api_call_facts_for_rule(module, api_call_object, api_call_object_plural_version)
+ module.exit_json(ansible_facts=result)
+
+
+if __name__ == '__main__':
+ main()
diff --git a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_nat_section.py b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_nat_section.py
new file mode 100644
index 000000000..d81d2609d
--- /dev/null
+++ b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_nat_section.py
@@ -0,0 +1,119 @@
+#!/usr/bin/python
+# -*- coding: utf-8 -*-
+#
+# Ansible module to manage CheckPoint Firewall (c) 2019
+#
+# Ansible is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# Ansible is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with Ansible. If not, see <http://www.gnu.org/licenses/>.
+#
+
+from __future__ import (absolute_import, division, print_function)
+
+__metaclass__ = type
+
+ANSIBLE_METADATA = {'metadata_version': '1.1',
+ 'status': ['preview'],
+ 'supported_by': 'community'}
+
+DOCUMENTATION = """
+---
+module: cp_mgmt_nat_section
+short_description: Manages nat-section objects on Checkpoint over Web Services API
+description:
+ - Manages nat-section objects on Checkpoint devices including creating, updating and removing objects.
+ - All operations are performed over Web Services API.
+version_added: "2.0.0"
+author: "Or Soffer (@chkp-orso)"
+options:
+ package:
+ description:
+ - Name of the package.
+ type: str
+ position:
+ description:
+ - Position in the rulebase.
+ type: str
+ name:
+ description:
+ - Object name.
+ type: str
+ required: True
+ details_level:
+ description:
+ - The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed
+ representation of the object.
+ type: str
+ choices: ['uid', 'standard', 'full']
+ ignore_warnings:
+ description:
+ - Apply changes ignoring warnings.
+ type: bool
+ ignore_errors:
+ description:
+ - Apply changes ignoring errors. You won't be able to publish such a changes. If ignore-warnings flag was omitted - warnings will also be ignored.
+ type: bool
+extends_documentation_fragment: check_point.mgmt.checkpoint_objects
+"""
+
+EXAMPLES = """
+- name: add-nat-section
+ cp_mgmt_nat_section:
+ name: New Section 1
+ package: standard
+ position: 1
+ state: present
+
+- name: set-nat-section
+ cp_mgmt_nat_section:
+ name: New Section 1
+ package: standard
+ state: present
+
+- name: delete-nat-section
+ cp_mgmt_nat_section:
+ name: New Section 1
+ package: standard
+ state: absent
+"""
+
+RETURN = """
+cp_mgmt_nat_section:
+ description: The checkpoint object created or updated.
+ returned: always, except when deleting the object.
+ type: dict
+"""
+
+from ansible.module_utils.basic import AnsibleModule
+from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_objects, api_call
+
+
+def main():
+ argument_spec = dict(
+ package=dict(type='str'),
+ position=dict(type='str'),
+ name=dict(type='str', required=True),
+ details_level=dict(type='str', choices=['uid', 'standard', 'full']),
+ ignore_warnings=dict(type='bool'),
+ ignore_errors=dict(type='bool')
+ )
+ argument_spec.update(checkpoint_argument_spec_for_objects)
+
+ module = AnsibleModule(argument_spec=argument_spec, supports_check_mode=True)
+ api_call_object = 'nat-section'
+
+ result = api_call(module, api_call_object)
+ module.exit_json(**result)
+
+
+if __name__ == '__main__':
+ main()
diff --git a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_network.py b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_network.py
new file mode 100644
index 000000000..1fc5e0489
--- /dev/null
+++ b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_network.py
@@ -0,0 +1,227 @@
+#!/usr/bin/python
+# -*- coding: utf-8 -*-
+#
+# Ansible module to manage Check Point Firewall (c) 2019
+#
+# Ansible is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# Ansible is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with Ansible. If not, see <http://www.gnu.org/licenses/>.
+#
+
+from __future__ import (absolute_import, division, print_function)
+
+__metaclass__ = type
+
+ANSIBLE_METADATA = {'metadata_version': '1.1',
+ 'status': ['preview'],
+ 'supported_by': 'community'}
+
+DOCUMENTATION = """
+---
+module: cp_mgmt_network
+short_description: Manages network objects on Check Point over Web Services API
+description:
+ - Manages network objects on Check Point devices including creating, updating and removing objects.
+ - All operations are performed over Web Services API.
+version_added: "1.0.0"
+author: "Or Soffer (@chkp-orso)"
+options:
+ name:
+ description:
+ - Object name.
+ type: str
+ required: True
+ subnet:
+ description:
+ - IPv4 or IPv6 network address. If both addresses are required use subnet4 and subnet6 fields explicitly.
+ type: str
+ subnet4:
+ description:
+ - IPv4 network address.
+ type: str
+ subnet6:
+ description:
+ - IPv6 network address.
+ type: str
+ mask_length:
+ description:
+ - IPv4 or IPv6 network mask length. If both masks are required use mask-length4 and mask-length6 fields explicitly. Instead of IPv4 mask length
+ it is possible to specify IPv4 mask itself in subnet-mask field.
+ type: int
+ mask_length4:
+ description:
+ - IPv4 network mask length.
+ type: int
+ mask_length6:
+ description:
+ - IPv6 network mask length.
+ type: int
+ subnet_mask:
+ description:
+ - IPv4 network mask.
+ type: str
+ nat_settings:
+ description:
+ - NAT settings.
+ type: dict
+ suboptions:
+ auto_rule:
+ description:
+ - Whether to add automatic address translation rules.
+ type: bool
+ ip_address:
+ description:
+ - IPv4 or IPv6 address. If both addresses are required use ipv4-address and ipv6-address fields explicitly. This parameter is not
+ required in case "method" parameter is "hide" and "hide-behind" parameter is "gateway".
+ type: str
+ ipv4_address:
+ description:
+ - IPv4 address.
+ type: str
+ ipv6_address:
+ description:
+ - IPv6 address.
+ type: str
+ hide_behind:
+ description:
+ - Hide behind method. This parameter is not required in case "method" parameter is "static".
+ type: str
+ choices: ['gateway', 'ip-address']
+ install_on:
+ description:
+ - Which gateway should apply the NAT translation.
+ type: str
+ method:
+ description:
+ - NAT translation method.
+ type: str
+ choices: ['hide', 'static']
+ tags:
+ description:
+ - Collection of tag identifiers.
+ type: list
+ elements: str
+ broadcast:
+ description:
+ - Allow broadcast address inclusion.
+ type: str
+ choices: ['disallow', 'allow']
+ color:
+ description:
+ - Color of the object. Should be one of existing colors.
+ type: str
+ choices: ['aquamarine', 'black', 'blue', 'crete blue', 'burlywood', 'cyan', 'dark green', 'khaki', 'orchid', 'dark orange', 'dark sea green',
+ 'pink', 'turquoise', 'dark blue', 'firebrick', 'brown', 'forest green', 'gold', 'dark gold', 'gray', 'dark gray', 'light green', 'lemon chiffon',
+ 'coral', 'sea green', 'sky blue', 'magenta', 'purple', 'slate blue', 'violet red', 'navy blue', 'olive', 'orange', 'red', 'sienna', 'yellow']
+ comments:
+ description:
+ - Comments string.
+ type: str
+ details_level:
+ description:
+ - The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed
+ representation of the object.
+ type: str
+ choices: ['uid', 'standard', 'full']
+ groups:
+ description:
+ - Collection of group identifiers.
+ type: list
+ elements: str
+ ignore_warnings:
+ description:
+ - Apply changes ignoring warnings.
+ type: bool
+ ignore_errors:
+ description:
+ - Apply changes ignoring errors. You won't be able to publish such a changes. If ignore-warnings flag was omitted - warnings will also be ignored.
+ type: bool
+extends_documentation_fragment: check_point.mgmt.checkpoint_objects
+"""
+
+EXAMPLES = """
+- name: add-network
+ cp_mgmt_network:
+ name: New Network 1
+ state: present
+ subnet: 192.0.2.0
+ subnet_mask: 255.255.255.0
+
+- name: set-network
+ cp_mgmt_network:
+ color: green
+ mask_length: 16
+ name: New Network 1
+ new_name: New Network 2
+ state: present
+ subnet: 192.0.0.0
+
+- name: delete-network
+ cp_mgmt_network:
+ name: New Network 2
+ state: absent
+"""
+
+RETURN = """
+cp_mgmt_network:
+ description: The checkpoint object created or updated.
+ returned: always, except when deleting the object.
+ type: dict
+"""
+
+from ansible.module_utils.basic import AnsibleModule
+from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_objects, api_call
+
+
+def main():
+ argument_spec = dict(
+ name=dict(type='str', required=True),
+ subnet=dict(type='str'),
+ subnet4=dict(type='str'),
+ subnet6=dict(type='str'),
+ mask_length=dict(type='int'),
+ mask_length4=dict(type='int'),
+ mask_length6=dict(type='int'),
+ subnet_mask=dict(type='str'),
+ nat_settings=dict(type='dict', options=dict(
+ auto_rule=dict(type='bool'),
+ ip_address=dict(type='str'),
+ ipv4_address=dict(type='str'),
+ ipv6_address=dict(type='str'),
+ hide_behind=dict(type='str', choices=['gateway', 'ip-address']),
+ install_on=dict(type='str'),
+ method=dict(type='str', choices=['hide', 'static'])
+ )),
+ tags=dict(type='list', elements='str'),
+ broadcast=dict(type='str', choices=['disallow', 'allow']),
+ color=dict(type='str', choices=['aquamarine', 'black', 'blue', 'crete blue', 'burlywood', 'cyan', 'dark green',
+ 'khaki', 'orchid', 'dark orange', 'dark sea green', 'pink', 'turquoise', 'dark blue', 'firebrick', 'brown',
+ 'forest green', 'gold', 'dark gold', 'gray', 'dark gray', 'light green', 'lemon chiffon', 'coral', 'sea green',
+ 'sky blue', 'magenta', 'purple', 'slate blue', 'violet red', 'navy blue', 'olive', 'orange', 'red', 'sienna',
+ 'yellow']),
+ comments=dict(type='str'),
+ details_level=dict(type='str', choices=['uid', 'standard', 'full']),
+ groups=dict(type='list', elements='str'),
+ ignore_warnings=dict(type='bool'),
+ ignore_errors=dict(type='bool')
+ )
+ argument_spec.update(checkpoint_argument_spec_for_objects)
+
+ module = AnsibleModule(argument_spec=argument_spec, supports_check_mode=True)
+ api_call_object = 'network'
+
+ result = api_call(module, api_call_object)
+ module.exit_json(**result)
+
+
+if __name__ == '__main__':
+ main()
diff --git a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_network_facts.py b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_network_facts.py
new file mode 100644
index 000000000..9cb2382ca
--- /dev/null
+++ b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_network_facts.py
@@ -0,0 +1,132 @@
+#!/usr/bin/python
+# -*- coding: utf-8 -*-
+#
+# Ansible module to manage Check Point Firewall (c) 2019
+#
+# Ansible is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# Ansible is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with Ansible. If not, see <http://www.gnu.org/licenses/>.
+#
+
+from __future__ import (absolute_import, division, print_function)
+
+__metaclass__ = type
+
+ANSIBLE_METADATA = {'metadata_version': '1.1',
+ 'status': ['preview'],
+ 'supported_by': 'community'}
+
+DOCUMENTATION = """
+---
+module: cp_mgmt_network_facts
+short_description: Get network objects facts on Check Point over Web Services API
+description:
+ - Get network objects facts on Check Point devices.
+ - All operations are performed over Web Services API.
+ - This module handles both operations, get a specific object and get several objects,
+ For getting a specific object use the parameter 'name'.
+version_added: "1.0.0"
+author: "Or Soffer (@chkp-orso)"
+options:
+ name:
+ description:
+ - Object name.
+ This parameter is relevant only for getting a specific object.
+ type: str
+ details_level:
+ description:
+ - The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed
+ representation of the object.
+ type: str
+ choices: ['uid', 'standard', 'full']
+ limit:
+ description:
+ - No more than that many results will be returned.
+ This parameter is relevant only for getting few objects.
+ type: int
+ offset:
+ description:
+ - Skip that many results before beginning to return them.
+ This parameter is relevant only for getting few objects.
+ type: int
+ order:
+ description:
+ - Sorts results by the given field. By default the results are sorted in the ascending order by name.
+ This parameter is relevant only for getting few objects.
+ type: list
+ elements: dict
+ suboptions:
+ ASC:
+ description:
+ - Sorts results by the given field in ascending order.
+ type: str
+ choices: ['name']
+ DESC:
+ description:
+ - Sorts results by the given field in descending order.
+ type: str
+ choices: ['name']
+ show_membership:
+ description:
+ - Indicates whether to calculate and show "groups" field for every object in reply.
+ type: bool
+extends_documentation_fragment: check_point.mgmt.checkpoint_facts
+"""
+
+EXAMPLES = """
+- name: show-network
+ cp_mgmt_network_facts:
+ name: New Network 1
+
+- name: show-networks
+ cp_mgmt_network_facts:
+ details_level: standard
+ limit: 50
+ offset: 0
+"""
+
+RETURN = """
+ansible_facts:
+ description: The checkpoint object facts.
+ returned: always.
+ type: dict
+"""
+
+from ansible.module_utils.basic import AnsibleModule
+from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_facts, api_call_facts
+
+
+def main():
+ argument_spec = dict(
+ name=dict(type='str'),
+ details_level=dict(type='str', choices=['uid', 'standard', 'full']),
+ limit=dict(type='int'),
+ offset=dict(type='int'),
+ order=dict(type='list', elements='dict', options=dict(
+ ASC=dict(type='str', choices=['name']),
+ DESC=dict(type='str', choices=['name'])
+ )),
+ show_membership=dict(type='bool')
+ )
+ argument_spec.update(checkpoint_argument_spec_for_facts)
+
+ module = AnsibleModule(argument_spec=argument_spec, supports_check_mode=True)
+
+ api_call_object = "network"
+ api_call_object_plural_version = "networks"
+
+ result = api_call_facts(module, api_call_object, api_call_object_plural_version)
+ module.exit_json(ansible_facts=result)
+
+
+if __name__ == '__main__':
+ main()
diff --git a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_network_feed.py b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_network_feed.py
new file mode 100644
index 000000000..f00e21773
--- /dev/null
+++ b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_network_feed.py
@@ -0,0 +1,243 @@
+#!/usr/bin/python
+# -*- coding: utf-8 -*-
+#
+# Ansible module to manage CheckPoint Firewall (c) 2019
+#
+# Ansible is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# Ansible is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with Ansible. If not, see <http://www.gnu.org/licenses/>.
+#
+
+from __future__ import (absolute_import, division, print_function)
+
+__metaclass__ = type
+
+ANSIBLE_METADATA = {'metadata_version': '1.1',
+ 'status': ['preview'],
+ 'supported_by': 'community'}
+
+DOCUMENTATION = """
+---
+module: cp_mgmt_network_feed
+short_description: Manages network-feed objects on Checkpoint over Web Services API
+description:
+ - Manages network-feed objects on Checkpoint devices including creating, updating and removing objects.
+ - All operations are performed over Web Services API.
+version_added: "3.0.0"
+author: "Eden Brillant (@chkp-edenbr)"
+options:
+ name:
+ description:
+ - Object name.
+ type: str
+ required: True
+ feed_url:
+ description:
+ - URL of the feed. URL should be written as http or https.
+ type: str
+ certificate_id:
+ description:
+ - Certificate SHA-1 fingerprint to access the feed.
+ type: str
+ feed_format:
+ description:
+ - Feed file format.
+ type: str
+ choices: ['Flat List', 'JSON']
+ feed_type:
+ description:
+ - Feed type to be enforced.
+ type: str
+ choices: ['Domain', 'IP Address', 'IP Address/Domain']
+ password:
+ description:
+ - password for authenticating with the URL.
+ type: str
+ tags:
+ description:
+ - Collection of tag identifiers.
+ type: list
+ elements: str
+ username:
+ description:
+ - username for authenticating with the URL.
+ type: str
+ custom_header:
+ description:
+ - Headers to allow different authentication methods with the URL.
+ type: list
+ elements: dict
+ suboptions:
+ header_name:
+ description:
+ - The name of the HTTP header we wish to add.
+ type: str
+ header_value:
+ description:
+ - The name of the HTTP value we wish to add.
+ type: str
+ update_interval:
+ description:
+ - Interval in minutes for updating the feed on the Security Gateway.
+ type: int
+ data_column:
+ description:
+ - Number of the column that contains the feed's data.
+ type: int
+ fields_delimiter:
+ description:
+ - The delimiter that separates between the columns in the feed.
+ type: str
+ ignore_lines_that_start_with:
+ description:
+ - A prefix that will determine which lines to ignore.
+ type: str
+ json_query:
+ description:
+ - JQ query to be parsed.
+ type: str
+ use_gateway_proxy:
+ description:
+ - Use the gateway's proxy for retrieving the feed.
+ type: bool
+ color:
+ description:
+ - Color of the object. Should be one of existing colors.
+ type: str
+ choices: ['aquamarine', 'black', 'blue', 'crete blue', 'burlywood', 'cyan', 'dark green', 'khaki', 'orchid', 'dark orange', 'dark sea green',
+ 'pink', 'turquoise', 'dark blue', 'firebrick', 'brown', 'forest green', 'gold', 'dark gold', 'gray', 'dark gray', 'light green', 'lemon chiffon',
+ 'coral', 'sea green', 'sky blue', 'magenta', 'purple', 'slate blue', 'violet red', 'navy blue', 'olive', 'orange', 'red', 'sienna', 'yellow']
+ comments:
+ description:
+ - Comments string.
+ type: str
+ details_level:
+ description:
+ - The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed
+ representation of the object.
+ type: str
+ choices: ['uid', 'standard', 'full']
+ domains_to_process:
+ description:
+ - Indicates which domains to process the commands on. It cannot be used with the details-level full, must be run from the System Domain only and
+ with ignore-warnings true. Valid values are, CURRENT_DOMAIN, ALL_DOMAINS_ON_THIS_SERVER.
+ type: list
+ elements: str
+ ignore_warnings:
+ description:
+ - Apply changes ignoring warnings.
+ type: bool
+ ignore_errors:
+ description:
+ - Apply changes ignoring errors. You won't be able to publish such a changes. If ignore-warnings flag was omitted - warnings will also be ignored.
+ type: bool
+extends_documentation_fragment: check_point.mgmt.checkpoint_objects
+"""
+
+EXAMPLES = """
+- name: add-network-feed
+ cp_mgmt_network_feed:
+ custom_header:
+ - header_name: header1
+ header_value: value1
+ - header_name: header2
+ header_value: value2
+ data_column: 1
+ feed_format: Flat List
+ feed_type: IP Address
+ feed_url: https://www.feedsresource.com/resource
+ fields_delimiter: "\t"
+ ignore_lines_that_start_with: '!'
+ name: network_feed
+ password: feed_password
+ state: present
+ update_interval: 60
+ use_gateway_proxy: false
+ username: feed_username
+
+- name: set-network-feed
+ cp_mgmt_network_feed:
+ custom_header:
+ - header_name: new_header
+ header_value: new_value
+ data_column: 1
+ feed_format: Flat List
+ feed_type: IP Address
+ feed_url: https://www.feedsresource.com/new_resource
+ fields_delimiter: ','
+ ignore_lines_that_start_with: '!'
+ name: network_feed
+ password: new_password
+ state: present
+ update_interval: 60
+ use_gateway_proxy: false
+ username: new_username
+
+- name: delete-network-feed
+ cp_mgmt_network_feed:
+ name: network_feed
+ state: absent
+"""
+
+RETURN = """
+cp_mgmt_network_feed:
+ description: The checkpoint object created or updated.
+ returned: always, except when deleting the object.
+ type: dict
+"""
+
+from ansible.module_utils.basic import AnsibleModule
+from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_objects, api_call
+
+
+def main():
+ argument_spec = dict(
+ name=dict(type='str', required=True),
+ feed_url=dict(type='str'),
+ certificate_id=dict(type='str'),
+ feed_format=dict(type='str', choices=['Flat List', 'JSON']),
+ feed_type=dict(type='str', choices=['Domain', 'IP Address', 'IP Address/Domain']),
+ password=dict(type='str', no_log=True),
+ tags=dict(type='list', elements='str'),
+ username=dict(type='str'),
+ custom_header=dict(type='list', elements='dict', options=dict(
+ header_name=dict(type='str'),
+ header_value=dict(type='str')
+ )),
+ update_interval=dict(type='int'),
+ data_column=dict(type='int'),
+ fields_delimiter=dict(type='str'),
+ ignore_lines_that_start_with=dict(type='str'),
+ json_query=dict(type='str'),
+ use_gateway_proxy=dict(type='bool'),
+ color=dict(type='str', choices=['aquamarine', 'black', 'blue', 'crete blue', 'burlywood', 'cyan', 'dark green',
+ 'khaki', 'orchid', 'dark orange', 'dark sea green', 'pink', 'turquoise', 'dark blue', 'firebrick', 'brown',
+ 'forest green', 'gold', 'dark gold', 'gray', 'dark gray', 'light green', 'lemon chiffon', 'coral', 'sea green',
+ 'sky blue', 'magenta', 'purple', 'slate blue', 'violet red', 'navy blue', 'olive', 'orange', 'red', 'sienna',
+ 'yellow']),
+ comments=dict(type='str'),
+ details_level=dict(type='str', choices=['uid', 'standard', 'full']),
+ domains_to_process=dict(type='list', elements='str'),
+ ignore_warnings=dict(type='bool'),
+ ignore_errors=dict(type='bool')
+ )
+ argument_spec.update(checkpoint_argument_spec_for_objects)
+
+ module = AnsibleModule(argument_spec=argument_spec, supports_check_mode=True)
+ api_call_object = 'network-feed'
+
+ result = api_call(module, api_call_object)
+ module.exit_json(**result)
+
+
+if __name__ == '__main__':
+ main()
diff --git a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_network_feed_facts.py b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_network_feed_facts.py
new file mode 100644
index 000000000..e2aa53fbe
--- /dev/null
+++ b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_network_feed_facts.py
@@ -0,0 +1,143 @@
+#!/usr/bin/python
+# -*- coding: utf-8 -*-
+#
+# Ansible module to manage CheckPoint Firewall (c) 2019
+#
+# Ansible is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# Ansible is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with Ansible. If not, see <http://www.gnu.org/licenses/>.
+#
+
+from __future__ import (absolute_import, division, print_function)
+
+__metaclass__ = type
+
+ANSIBLE_METADATA = {'metadata_version': '1.1',
+ 'status': ['preview'],
+ 'supported_by': 'community'}
+
+DOCUMENTATION = """
+---
+module: cp_mgmt_network_feed_facts
+short_description: Get network-feed objects facts on Checkpoint over Web Services API
+description:
+ - Get network-feed objects facts on Checkpoint devices.
+ - All operations are performed over Web Services API.
+ - This module handles both operations, get a specific object and get several objects,
+ For getting a specific object use the parameter 'name'.
+version_added: "3.0.0"
+author: "Eden Brillant (@chkp-edenbr)"
+options:
+ name:
+ description:
+ - Object name.
+ This parameter is relevant only for getting a specific object.
+ type: str
+ details_level:
+ description:
+ - The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed
+ representation of the object.
+ type: str
+ choices: ['uid', 'standard', 'full']
+ filter:
+ description:
+ - Search expression to filter objects by. The provided text should be exactly the same as it would be given in SmartConsole Object Explorer. The
+ logical operators in the expression ('AND', 'OR') should be provided in capital letters. The search involves both a IP search and a textual search in
+ name, comment, tags etc.
+ type: str
+ limit:
+ description:
+ - The maximal number of returned results.
+ This parameter is relevant only for getting few objects.
+ type: int
+ offset:
+ description:
+ - Number of the results to initially skip.
+ This parameter is relevant only for getting few objects.
+ type: int
+ order:
+ description:
+ - Sorts the results by search criteria. Automatically sorts the results by Name, in the ascending order.
+ This parameter is relevant only for getting few objects.
+ type: list
+ elements: dict
+ suboptions:
+ ASC:
+ description:
+ - Sorts results by the given field in ascending order.
+ type: str
+ choices: ['name']
+ DESC:
+ description:
+ - Sorts results by the given field in descending order.
+ type: str
+ choices: ['name']
+ show_membership:
+ description:
+ - Indicates whether to calculate and show "groups" field for every object in reply.
+ type: bool
+ domains_to_process:
+ description:
+ - Indicates which domains to process the commands on. It cannot be used with the details-level full, must be run from the System Domain only and
+ with ignore-warnings true. Valid values are, CURRENT_DOMAIN, ALL_DOMAINS_ON_THIS_SERVER.
+ type: list
+ elements: str
+extends_documentation_fragment: check_point.mgmt.checkpoint_facts
+"""
+
+EXAMPLES = """
+- name: show-network-feed
+ cp_mgmt_network_feed_facts:
+ name: network_feed
+
+- name: show-network-feeds
+ cp_mgmt_network_feed_facts:
+"""
+
+RETURN = """
+ansible_facts:
+ description: The checkpoint object facts.
+ returned: always.
+ type: dict
+"""
+
+from ansible.module_utils.basic import AnsibleModule
+from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_facts, api_call_facts
+
+
+def main():
+ argument_spec = dict(
+ name=dict(type='str'),
+ details_level=dict(type='str', choices=['uid', 'standard', 'full']),
+ filter=dict(type='str'),
+ limit=dict(type='int'),
+ offset=dict(type='int'),
+ order=dict(type='list', elements='dict', options=dict(
+ ASC=dict(type='str', choices=['name']),
+ DESC=dict(type='str', choices=['name'])
+ )),
+ show_membership=dict(type='bool'),
+ domains_to_process=dict(type='list', elements='str')
+ )
+ argument_spec.update(checkpoint_argument_spec_for_facts)
+
+ module = AnsibleModule(argument_spec=argument_spec, supports_check_mode=True)
+
+ api_call_object = "network-feed"
+ api_call_object_plural_version = "network-feeds"
+
+ result = api_call_facts(module, api_call_object, api_call_object_plural_version)
+ module.exit_json(ansible_facts=result)
+
+
+if __name__ == '__main__':
+ main()
diff --git a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_objects_facts.py b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_objects_facts.py
new file mode 100644
index 000000000..50f059051
--- /dev/null
+++ b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_objects_facts.py
@@ -0,0 +1,181 @@
+#!/usr/bin/python
+# -*- coding: utf-8 -*-
+#
+# Ansible module to manage CheckPoint Firewall (c) 2019
+#
+# Ansible is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# Ansible is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with Ansible. If not, see <http://www.gnu.org/licenses/>.
+#
+
+from __future__ import (absolute_import, division, print_function)
+
+__metaclass__ = type
+
+ANSIBLE_METADATA = {'metadata_version': '1.1',
+ 'status': ['preview'],
+ 'supported_by': 'community'}
+
+DOCUMENTATION = """
+---
+module: cp_mgmt_objects_facts
+short_description: Get objects objects facts on Checkpoint over Web Services API
+description:
+ - Get objects facts on Checkpoint devices.
+ - All operations are performed over Web Services API.
+ - This module handles both operations, get a specific object and get several objects,
+ For getting a specific object use the parameter 'name'.
+version_added: "3.0.0"
+author: "Eden Brillant (@chkp-edenbr)"
+options:
+ uid:
+ description:
+ - Object unique identifier.
+ type: str
+ uids:
+ description:
+ - List of UIDs of the objects to retrieve.
+ type: list
+ elements: str
+ filter:
+ description:
+ - Search expression to filter objects by. The provided text should be exactly the same as it would be given in Smart Console. The logical
+ operators in the expression ('AND', 'OR') should be provided in capital letters. By default, the search involves both a textual search and a IP
+ search. To use IP search only, set the "ip-only" parameter to true.
+ type: str
+ ip_only:
+ description:
+ - If using "filter", use this field to search objects by their IP address only, without involving the textual search.<br><br>IP search use
+ cases<br>&nbsp;&nbsp;&nbsp;&nbsp; <ul><li>Full IPv4 address matches for,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; - Hosts, Check Point
+ Hosts and Gateways with exact IPv4 match or with interfaces which subnet contains the search
+ address<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; - IPv4 Networks and IPv4 Address Ranges that contain the search address</li>
+ <br>&nbsp;&nbsp;&nbsp;&nbsp; <li>Partial IPv4 address matches for,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; - Hosts, Networks, Check Point
+ Hosts and Gateways with IPv4 address that starts from the search address<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; - Hosts, Check Point
+ Hosts and Gateways with interfaces which subnet address starts from the search address<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; - IPv4
+ Address Ranges with first address or last address that starts from the search address<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; - IPv4
+ Networks and IPv4 Address Ranges that contain the network derived from the search address supplemented with missing octets (all
+ zeroes)<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; - Hosts, Check Point Hosts and Gateways with interfaces which subnet contains the network
+ derived from the search address supplemented with missing octets (all zeroes)</li><br>&nbsp;&nbsp;&nbsp;&nbsp; <li>IPv6
+ address,<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; - Not supported</li></ul><br><br> * Check Point Host is a server of type Network Policy
+ Management, Logging & Status, SmartEvent, etc.<br> * When one IP address is checked to start from another (partial) IP address - only full octets are
+ considered <br> * Check Examples part for IP search examples.
+ type: bool
+ limit:
+ description:
+ - The maximal number of returned results.
+ This parameter is relevant only for getting a specific object.
+ type: int
+ offset:
+ description:
+ - Number of the results to initially skip.
+ This parameter is relevant only for getting a specific object.
+ type: int
+ order:
+ description:
+ - Sorts the results by search criteria. Automatically sorts the results by Name, in the ascending order.
+ This parameter is relevant only for getting a specific object.
+ type: list
+ elements: dict
+ suboptions:
+ ASC:
+ description:
+ - Sorts results by the given field in ascending order.
+ type: str
+ choices: ['name']
+ DESC:
+ description:
+ - Sorts results by the given field in descending order.
+ type: str
+ choices: ['name']
+ type:
+ description:
+ - The objects' type, e.g., host, service-tcp, network, address-range...
+ type: str
+ dereference_group_members:
+ description:
+ - Indicates whether to dereference "members" field by details level for every object in reply.
+ type: bool
+ show_membership:
+ description:
+ - Indicates whether to calculate and show "groups" field for every object in reply.
+ type: bool
+ details_level:
+ description:
+ - The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed
+ representation of the object.
+ type: str
+ choices: ['uid', 'standard', 'full']
+ domains_to_process:
+ description:
+ - Indicates which domains to process the commands on. It cannot be used with the details-level full, must be run from the System Domain only and
+ with ignore-warnings true. Valid values are, CURRENT_DOMAIN, ALL_DOMAINS_ON_THIS_SERVER.
+ type: list
+ elements: str
+extends_documentation_fragment: check_point.mgmt.checkpoint_facts
+"""
+
+EXAMPLES = """
+- name: show-objects
+ cp_mgmt_objects_facts:
+ limit: 50
+ offset: 0
+ order:
+ - ASC: name
+ type: group
+
+- name: show-object
+ cp_mgmt_objects_facts:
+ uid: ef82887c-d08f-49a3-a18f-a376be633848
+"""
+
+RETURN = """
+ansible_facts:
+ description: The checkpoint object facts.
+ returned: always.
+ type: dict
+"""
+
+from ansible.module_utils.basic import AnsibleModule
+from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_facts, api_call_facts
+
+
+def main():
+ argument_spec = dict(
+ uid=dict(type='str'),
+ uids=dict(type='list', elements='str'),
+ filter=dict(type='str'),
+ ip_only=dict(type='bool'),
+ limit=dict(type='int'),
+ offset=dict(type='int'),
+ order=dict(type='list', elements='dict', options=dict(
+ ASC=dict(type='str', choices=['name']),
+ DESC=dict(type='str', choices=['name'])
+ )),
+ type=dict(type='str'),
+ dereference_group_members=dict(type='bool'),
+ show_membership=dict(type='bool'),
+ details_level=dict(type='str', choices=['uid', 'standard', 'full']),
+ domains_to_process=dict(type='list', elements='str')
+ )
+ argument_spec.update(checkpoint_argument_spec_for_facts)
+
+ module = AnsibleModule(argument_spec=argument_spec, supports_check_mode=True)
+
+ api_call_object = "object"
+ api_call_object_plural_version = "objects"
+
+ result = api_call_facts(module, api_call_object, api_call_object_plural_version)
+ module.exit_json(ansible_facts=result)
+
+
+if __name__ == '__main__':
+ main()
diff --git a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_package.py b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_package.py
new file mode 100644
index 000000000..e8a403f96
--- /dev/null
+++ b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_package.py
@@ -0,0 +1,251 @@
+#!/usr/bin/python
+# -*- coding: utf-8 -*-
+#
+# Ansible module to manage Check Point Firewall (c) 2019
+#
+# Ansible is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# Ansible is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with Ansible. If not, see <http://www.gnu.org/licenses/>.
+#
+
+from __future__ import (absolute_import, division, print_function)
+
+__metaclass__ = type
+
+ANSIBLE_METADATA = {'metadata_version': '1.1',
+ 'status': ['preview'],
+ 'supported_by': 'community'}
+
+DOCUMENTATION = """
+---
+module: cp_mgmt_package
+short_description: Manages package objects on Check Point over Web Services API
+description:
+ - Manages package objects on Check Point devices including creating, updating and removing objects.
+ - All operations are performed over Web Services API.
+version_added: "1.0.0"
+author: "Or Soffer (@chkp-orso)"
+options:
+ name:
+ description:
+ - Object name.
+ type: str
+ required: True
+ access:
+ description:
+ - True - enables, False - disables access & NAT policies, empty - nothing is changed.
+ type: bool
+ desktop_security:
+ description:
+ - True - enables, False - disables Desktop security policy, empty - nothing is changed.
+ type: bool
+ installation_targets:
+ description:
+ - Which Gateways identified by the name or UID to install the policy on.
+ type: list
+ elements: str
+ qos:
+ description:
+ - True - enables, False - disables QoS policy, empty - nothing is changed.
+ type: bool
+ qos_policy_type:
+ description:
+ - QoS policy type.
+ type: str
+ choices: ['recommended', 'express']
+ tags:
+ description:
+ - Collection of tag identifiers.
+ type: list
+ elements: str
+ threat_prevention:
+ description:
+ - True - enables, False - disables Threat policy, empty - nothing is changed.
+ type: bool
+ vpn_traditional_mode:
+ description:
+ - True - enables, False - disables VPN traditional mode, empty - nothing is changed.
+ type: bool
+ color:
+ description:
+ - Color of the object. Should be one of existing colors.
+ type: str
+ choices: ['aquamarine', 'black', 'blue', 'crete blue', 'burlywood', 'cyan', 'dark green', 'khaki', 'orchid', 'dark orange', 'dark sea green',
+ 'pink', 'turquoise', 'dark blue', 'firebrick', 'brown', 'forest green', 'gold', 'dark gold', 'gray', 'dark gray', 'light green', 'lemon chiffon',
+ 'coral', 'sea green', 'sky blue', 'magenta', 'purple', 'slate blue', 'violet red', 'navy blue', 'olive', 'orange', 'red', 'sienna', 'yellow']
+ comments:
+ description:
+ - Comments string.
+ type: str
+ details_level:
+ description:
+ - The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed
+ representation of the object.
+ type: str
+ choices: ['uid', 'standard', 'full']
+ ignore_warnings:
+ description:
+ - Apply changes ignoring warnings.
+ type: bool
+ ignore_errors:
+ description:
+ - Apply changes ignoring errors. You won't be able to publish such a changes. If ignore-warnings flag was omitted - warnings will also be ignored.
+ type: bool
+ access_layers:
+ description:
+ - Access policy layers.
+ type: dict
+ suboptions:
+ add:
+ description:
+ - Collection of Access layer objects to be added identified by the name or UID.
+ type: list
+ elements: dict
+ suboptions:
+ name:
+ description:
+ - Layer name or UID.
+ type: str
+ position:
+ description:
+ - Layer position.
+ type: int
+ remove:
+ description:
+ - Collection of Access layer objects to be removed identified by the name or UID.
+ type: list
+ elements: str
+ value:
+ description:
+ - Collection of Access layer objects to be set identified by the name or UID. Replaces existing Access layers.
+ type: list
+ elements: str
+ threat_layers:
+ description:
+ - Threat policy layers.
+ type: dict
+ suboptions:
+ add:
+ description:
+ - Collection of Threat layer objects to be added identified by the name or UID.
+ type: list
+ elements: dict
+ suboptions:
+ name:
+ description:
+ - Layer name or UID.
+ type: str
+ position:
+ description:
+ - Layer position.
+ type: int
+ remove:
+ description:
+ - Collection of Threat layer objects to be removed identified by the name or UID.
+ type: list
+ elements: str
+ value:
+ description:
+ - Collection of Threat layer objects to be set identified by the name or UID. Replaces existing Threat layers.
+ type: list
+ elements: str
+extends_documentation_fragment: check_point.mgmt.checkpoint_objects
+"""
+
+EXAMPLES = """
+- name: add-package
+ cp_mgmt_package:
+ access: true
+ color: green
+ comments: My Comments
+ name: New_Standard_Package_1
+ state: present
+ threat_prevention: false
+
+- name: set-package
+ cp_mgmt_package:
+ access_layers:
+ add:
+ - name: New Access Layer 1
+ position: 1
+ name: Standard
+ state: present
+ threat_layers:
+ add:
+ - name: New Layer 1
+ position: 2
+
+- name: delete-package
+ cp_mgmt_package:
+ name: New Standard Package 1
+ state: absent
+"""
+
+RETURN = """
+cp_mgmt_package:
+ description: The checkpoint object created or updated.
+ returned: always, except when deleting the object.
+ type: dict
+"""
+
+from ansible.module_utils.basic import AnsibleModule
+from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_objects, api_call
+
+
+def main():
+ argument_spec = dict(
+ name=dict(type='str', required=True),
+ access=dict(type='bool'),
+ desktop_security=dict(type='bool'),
+ installation_targets=dict(type='list', elements='str'),
+ qos=dict(type='bool'),
+ qos_policy_type=dict(type='str', choices=['recommended', 'express']),
+ tags=dict(type='list', elements='str'),
+ threat_prevention=dict(type='bool'),
+ vpn_traditional_mode=dict(type='bool'),
+ color=dict(type='str', choices=['aquamarine', 'black', 'blue', 'crete blue', 'burlywood', 'cyan', 'dark green',
+ 'khaki', 'orchid', 'dark orange', 'dark sea green', 'pink', 'turquoise', 'dark blue', 'firebrick', 'brown',
+ 'forest green', 'gold', 'dark gold', 'gray', 'dark gray', 'light green', 'lemon chiffon', 'coral', 'sea green',
+ 'sky blue', 'magenta', 'purple', 'slate blue', 'violet red', 'navy blue', 'olive', 'orange', 'red', 'sienna',
+ 'yellow']),
+ comments=dict(type='str'),
+ details_level=dict(type='str', choices=['uid', 'standard', 'full']),
+ ignore_warnings=dict(type='bool'),
+ ignore_errors=dict(type='bool'),
+ access_layers=dict(type='dict', options=dict(
+ add=dict(type='list', elements='dict', options=dict(
+ name=dict(type='str'),
+ position=dict(type='int')
+ )),
+ remove=dict(type='list', elements='str'),
+ value=dict(type='list', elements='str')
+ )),
+ threat_layers=dict(type='dict', options=dict(
+ add=dict(type='list', elements='dict', options=dict(
+ name=dict(type='str'),
+ position=dict(type='int')
+ )),
+ remove=dict(type='list', elements='str'),
+ value=dict(type='list', elements='str')
+ ))
+ )
+ argument_spec.update(checkpoint_argument_spec_for_objects)
+
+ module = AnsibleModule(argument_spec=argument_spec, supports_check_mode=True)
+ api_call_object = 'package'
+
+ result = api_call(module, api_call_object)
+ module.exit_json(**result)
+
+
+if __name__ == '__main__':
+ main()
diff --git a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_package_facts.py b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_package_facts.py
new file mode 100644
index 000000000..54c80e754
--- /dev/null
+++ b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_package_facts.py
@@ -0,0 +1,127 @@
+#!/usr/bin/python
+# -*- coding: utf-8 -*-
+#
+# Ansible module to manage Check Point Firewall (c) 2019
+#
+# Ansible is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# Ansible is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with Ansible. If not, see <http://www.gnu.org/licenses/>.
+#
+
+from __future__ import (absolute_import, division, print_function)
+
+__metaclass__ = type
+
+ANSIBLE_METADATA = {'metadata_version': '1.1',
+ 'status': ['preview'],
+ 'supported_by': 'community'}
+
+DOCUMENTATION = """
+---
+module: cp_mgmt_package_facts
+short_description: Get package objects facts on Check Point over Web Services API
+description:
+ - Get package objects facts on Check Point devices.
+ - All operations are performed over Web Services API.
+ - This module handles both operations, get a specific object and get several objects,
+ For getting a specific object use the parameter 'name'.
+version_added: "1.0.0"
+author: "Or Soffer (@chkp-orso)"
+options:
+ name:
+ description:
+ - Object name.
+ This parameter is relevant only for getting a specific object.
+ type: str
+ details_level:
+ description:
+ - The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed
+ representation of the object.
+ type: str
+ choices: ['uid', 'standard', 'full']
+ limit:
+ description:
+ - No more than that many results will be returned.
+ This parameter is relevant only for getting few objects.
+ type: int
+ offset:
+ description:
+ - Skip that many results before beginning to return them.
+ This parameter is relevant only for getting few objects.
+ type: int
+ order:
+ description:
+ - Sorts results by the given field. By default the results are sorted in the ascending order by name.
+ This parameter is relevant only for getting few objects.
+ type: list
+ elements: dict
+ suboptions:
+ ASC:
+ description:
+ - Sorts results by the given field in ascending order.
+ type: str
+ choices: ['name']
+ DESC:
+ description:
+ - Sorts results by the given field in descending order.
+ type: str
+ choices: ['name']
+extends_documentation_fragment: check_point.mgmt.checkpoint_facts
+"""
+
+EXAMPLES = """
+- name: show-package
+ cp_mgmt_package_facts:
+ name: New_Standard_Package_1
+
+- name: show-packages
+ cp_mgmt_package_facts:
+ details_level: standard
+ limit: 50
+ offset: 0
+"""
+
+RETURN = """
+ansible_facts:
+ description: The checkpoint object facts.
+ returned: always.
+ type: dict
+"""
+
+from ansible.module_utils.basic import AnsibleModule
+from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_facts, api_call_facts
+
+
+def main():
+ argument_spec = dict(
+ name=dict(type='str'),
+ details_level=dict(type='str', choices=['uid', 'standard', 'full']),
+ limit=dict(type='int'),
+ offset=dict(type='int'),
+ order=dict(type='list', elements='dict', options=dict(
+ ASC=dict(type='str', choices=['name']),
+ DESC=dict(type='str', choices=['name'])
+ ))
+ )
+ argument_spec.update(checkpoint_argument_spec_for_facts)
+
+ module = AnsibleModule(argument_spec=argument_spec, supports_check_mode=True)
+
+ api_call_object = "package"
+ api_call_object_plural_version = "packages"
+
+ result = api_call_facts(module, api_call_object, api_call_object_plural_version)
+ module.exit_json(ansible_facts=result)
+
+
+if __name__ == '__main__':
+ main()
diff --git a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_provisioning_profile_facts.py b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_provisioning_profile_facts.py
new file mode 100644
index 000000000..b77a9b141
--- /dev/null
+++ b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_provisioning_profile_facts.py
@@ -0,0 +1,146 @@
+#!/usr/bin/python
+# -*- coding: utf-8 -*-
+#
+# Ansible module to manage CheckPoint Firewall (c) 2019
+#
+# Ansible is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# Ansible is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with Ansible. If not, see <http://www.gnu.org/licenses/>.
+#
+
+from __future__ import (absolute_import, division, print_function)
+
+__metaclass__ = type
+
+ANSIBLE_METADATA = {'metadata_version': '1.1',
+ 'status': ['preview'],
+ 'supported_by': 'community'}
+
+DOCUMENTATION = """
+---
+module: cp_mgmt_provisioning_profile_facts
+short_description: Get provisioning-profile objects facts on Checkpoint over Web Services API
+description:
+ - Get provisioning-profile objects facts on Checkpoint devices.
+ - All operations are performed over Web Services API.
+ - This module handles both operations, get a specific object and get several objects,
+ For getting a specific object use the parameter 'name'.
+version_added: "3.0.0"
+author: "Shiran Golzar (@chkp-shirango)"
+options:
+ name:
+ description:
+ - Object name.
+ This parameter is relevant only for getting a specific object.
+ type: str
+ details_level:
+ description:
+ - The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed
+ representation of the object.
+ type: str
+ choices: ['uid', 'standard', 'full']
+ filter:
+ description:
+ - Search expression to filter objects by. The provided text should be exactly the same as it would be given in SmartConsole Object Explorer. The
+ logical operators in the expression ('AND', 'OR') should be provided in capital letters. The search involves both a IP search and a textual search in
+ name, comment, tags etc.
+ type: str
+ limit:
+ description:
+ - The maximal number of returned results.
+ This parameter is relevant only for getting few objects.
+ type: int
+ offset:
+ description:
+ - Number of the results to initially skip.
+ This parameter is relevant only for getting few objects.
+ type: int
+ order:
+ description:
+ - Sorts the results by search criteria. Automatically sorts the results by Name, in the ascending order.
+ This parameter is relevant only for getting few objects.
+ type: list
+ elements: dict
+ suboptions:
+ ASC:
+ description:
+ - Sorts results by the given field in ascending order.
+ type: str
+ choices: ['name']
+ DESC:
+ description:
+ - Sorts results by the given field in descending order.
+ type: str
+ choices: ['name']
+ show_membership:
+ description:
+ - Indicates whether to calculate and show "groups" field for every object in reply.
+ type: bool
+ domains_to_process:
+ description:
+ - Indicates which domains to process the commands on. It cannot be used with the details-level full, must be run from the System Domain only and
+ with ignore-warnings true. Valid values are, CURRENT_DOMAIN, ALL_DOMAINS_ON_THIS_SERVER.
+ type: list
+ elements: str
+extends_documentation_fragment: check_point.mgmt.checkpoint_facts
+"""
+
+EXAMPLES = """
+- name: show-provisioning-profile
+ cp_mgmt_provisioning_profile_facts:
+ name: prv_gaia_profile
+
+- name: show-provisioning-profiles
+ cp_mgmt_provisioning_profile_facts:
+ details_level: standard
+ limit: 50
+ offset: 0
+"""
+
+RETURN = """
+ansible_facts:
+ description: The checkpoint object facts.
+ returned: always.
+ type: dict
+"""
+
+from ansible.module_utils.basic import AnsibleModule
+from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_facts, api_call_facts
+
+
+def main():
+ argument_spec = dict(
+ name=dict(type='str'),
+ details_level=dict(type='str', choices=['uid', 'standard', 'full']),
+ filter=dict(type='str'),
+ limit=dict(type='int'),
+ offset=dict(type='int'),
+ order=dict(type='list', elements='dict', options=dict(
+ ASC=dict(type='str', choices=['name']),
+ DESC=dict(type='str', choices=['name'])
+ )),
+ show_membership=dict(type='bool'),
+ domains_to_process=dict(type='list', elements='str')
+ )
+ argument_spec.update(checkpoint_argument_spec_for_facts)
+
+ module = AnsibleModule(argument_spec=argument_spec, supports_check_mode=True)
+
+ api_call_object = "provisioning-profile"
+ api_call_object_plural_version = "provisioning-profiles"
+
+ result = api_call_facts(module, api_call_object, api_call_object_plural_version)
+ module.exit_json(ansible_facts=result)
+
+
+if __name__ == '__main__':
+ main()
diff --git a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_publish.py b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_publish.py
new file mode 100644
index 000000000..c7dedd20a
--- /dev/null
+++ b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_publish.py
@@ -0,0 +1,71 @@
+#!/usr/bin/python
+# -*- coding: utf-8 -*-
+#
+# Ansible module to manage Check Point Firewall (c) 2019
+#
+# Ansible is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# Ansible is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with Ansible. If not, see <http://www.gnu.org/licenses/>.
+#
+
+from __future__ import (absolute_import, division, print_function)
+
+__metaclass__ = type
+
+ANSIBLE_METADATA = {'metadata_version': '1.1',
+ 'status': ['preview'],
+ 'supported_by': 'community'}
+
+DOCUMENTATION = """
+---
+module: cp_mgmt_publish
+short_description: All the changes done by this user will be seen by all users only after publish is called.
+description:
+ - All the changes done by this user will be seen by all users only after publish is called.
+ - All operations are performed over Web Services API.
+version_added: "1.0.0"
+author: "Or Soffer (@chkp-orso)"
+options: {}
+extends_documentation_fragment: check_point.mgmt.checkpoint_commands
+"""
+
+EXAMPLES = """
+- name: publish
+ cp_mgmt_publish:
+"""
+
+RETURN = """
+cp_mgmt_publish:
+ description: The checkpoint publish output.
+ returned: always.
+ type: dict
+"""
+
+from ansible.module_utils.basic import AnsibleModule
+from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_commands, api_command
+
+
+def main():
+ argument_spec = dict(
+ )
+ argument_spec.update(checkpoint_argument_spec_for_commands)
+
+ module = AnsibleModule(argument_spec=argument_spec)
+
+ command = "publish"
+
+ result = api_command(module, command)
+ module.exit_json(**result)
+
+
+if __name__ == '__main__':
+ main()
diff --git a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_put_file.py b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_put_file.py
new file mode 100644
index 000000000..8f7eaec4c
--- /dev/null
+++ b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_put_file.py
@@ -0,0 +1,102 @@
+#!/usr/bin/python
+# -*- coding: utf-8 -*-
+#
+# Ansible module to manage Check Point Firewall (c) 2019
+#
+# Ansible is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# Ansible is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with Ansible. If not, see <http://www.gnu.org/licenses/>.
+#
+
+from __future__ import (absolute_import, division, print_function)
+
+__metaclass__ = type
+
+ANSIBLE_METADATA = {'metadata_version': '1.1',
+ 'status': ['preview'],
+ 'supported_by': 'community'}
+
+DOCUMENTATION = """
+---
+module: cp_mgmt_put_file
+short_description: put file on Check Point over Web Services API
+description:
+ - put file on Check Point over Web Services API
+ - All operations are performed over Web Services API.
+version_added: "1.0.0"
+author: "Or Soffer (@chkp-orso)"
+options:
+ targets:
+ description:
+ - On what targets to execute this command. Targets may be identified by their name, or object unique identifier.
+ type: list
+ elements: str
+ file_content:
+ description:
+ - N/A
+ type: str
+ file_name:
+ description:
+ - N/A
+ type: str
+ file_path:
+ description:
+ - N/A
+ type: str
+ comments:
+ description:
+ - Comments string.
+ type: str
+extends_documentation_fragment: check_point.mgmt.checkpoint_commands
+"""
+
+EXAMPLES = """
+- name: put-file
+ cp_mgmt_put_file:
+ file_content: 'vs ip 192.0.2.1\nvs2 ip 192.0.2.2'
+ file_name: vsx_conf
+ file_path: /home/admin/
+ targets:
+ - corporate-gateway
+"""
+
+RETURN = """
+cp_mgmt_put_file:
+ description: The checkpoint put-file output.
+ returned: always.
+ type: dict
+"""
+
+from ansible.module_utils.basic import AnsibleModule
+from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_commands, api_command
+
+
+def main():
+ argument_spec = dict(
+ targets=dict(type='list', elements='str'),
+ file_content=dict(type='str'),
+ file_name=dict(type='str'),
+ file_path=dict(type='str'),
+ comments=dict(type='str')
+ )
+ argument_spec.update(checkpoint_argument_spec_for_commands)
+
+ module = AnsibleModule(argument_spec=argument_spec)
+
+ command = "put-file"
+
+ result = api_command(module, command)
+ module.exit_json(**result)
+
+
+if __name__ == '__main__':
+ main()
diff --git a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_reject_session.py b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_reject_session.py
new file mode 100644
index 000000000..ab76c1389
--- /dev/null
+++ b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_reject_session.py
@@ -0,0 +1,83 @@
+#!/usr/bin/python
+# -*- coding: utf-8 -*-
+#
+# Ansible module to manage CheckPoint Firewall (c) 2019
+#
+# Ansible is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# Ansible is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with Ansible. If not, see <http://www.gnu.org/licenses/>.
+#
+
+from __future__ import (absolute_import, division, print_function)
+
+__metaclass__ = type
+
+ANSIBLE_METADATA = {'metadata_version': '1.1',
+ 'status': ['preview'],
+ 'supported_by': 'community'}
+
+DOCUMENTATION = """
+---
+module: cp_mgmt_reject_session
+short_description: Workflow feature - Return the session to the submitter administrator.
+description:
+ - Workflow feature - Return the session to the submitter administrator.
+ - All operations are performed over Web Services API.
+version_added: "3.0.0"
+author: "Eden Brillant (@chkp-edenbr)"
+options:
+ uid:
+ description:
+ - Session unique identifier.
+ type: str
+ comments:
+ description:
+ - Reject justification.
+ type: str
+extends_documentation_fragment: check_point.mgmt.checkpoint_commands
+"""
+
+EXAMPLES = """
+- name: reject-session
+ cp_mgmt_reject_session:
+ comments: Typo in host name
+ uid: 41e821a0-3720-11e3-aa6e-0800200c9fde
+"""
+
+RETURN = """
+cp_mgmt_reject_session:
+ description: The checkpoint reject-session output.
+ returned: always.
+ type: dict
+"""
+
+from ansible.module_utils.basic import AnsibleModule
+from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_commands, api_command
+
+
+def main():
+ argument_spec = dict(
+ uid=dict(type='str'),
+ comments=dict(type='str')
+ )
+ argument_spec.update(checkpoint_argument_spec_for_commands)
+
+ module = AnsibleModule(argument_spec=argument_spec)
+
+ command = "reject-session"
+
+ result = api_command(module, command)
+ module.exit_json(**result)
+
+
+if __name__ == '__main__':
+ main()
diff --git a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_repository_script.py b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_repository_script.py
new file mode 100644
index 000000000..62d48cc56
--- /dev/null
+++ b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_repository_script.py
@@ -0,0 +1,141 @@
+#!/usr/bin/python
+# -*- coding: utf-8 -*-
+#
+# Ansible module to manage CheckPoint Firewall (c) 2019
+#
+# Ansible is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# Ansible is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with Ansible. If not, see <http://www.gnu.org/licenses/>.
+#
+
+from __future__ import (absolute_import, division, print_function)
+
+__metaclass__ = type
+
+ANSIBLE_METADATA = {'metadata_version': '1.1',
+ 'status': ['preview'],
+ 'supported_by': 'community'}
+
+DOCUMENTATION = """
+---
+module: cp_mgmt_repository_script
+short_description: Manages repository-script objects on Checkpoint over Web Services API
+description:
+ - Manages repository-script objects on Checkpoint devices including creating, updating and removing objects.
+ - All operations are performed over Web Services API.
+version_added: "3.0.0"
+author: "Eden Brillant (@chkp-edenbr)"
+options:
+ name:
+ description:
+ - Object name.
+ type: str
+ required: True
+ script_body:
+ description:
+ - The entire content of the script.
+ type: str
+ script_body_base64:
+ description:
+ - The entire content of the script encoded in Base64.
+ type: str
+ tags:
+ description:
+ - Collection of tag identifiers.
+ type: list
+ elements: str
+ color:
+ description:
+ - Color of the object. Should be one of existing colors.
+ type: str
+ choices: ['aquamarine', 'black', 'blue', 'crete blue', 'burlywood', 'cyan', 'dark green', 'khaki', 'orchid', 'dark orange', 'dark sea green',
+ 'pink', 'turquoise', 'dark blue', 'firebrick', 'brown', 'forest green', 'gold', 'dark gold', 'gray', 'dark gray', 'light green', 'lemon chiffon',
+ 'coral', 'sea green', 'sky blue', 'magenta', 'purple', 'slate blue', 'violet red', 'navy blue', 'olive', 'orange', 'red', 'sienna', 'yellow']
+ comments:
+ description:
+ - Comments string.
+ type: str
+ ignore_warnings:
+ description:
+ - Apply changes ignoring warnings.
+ type: bool
+ ignore_errors:
+ description:
+ - Apply changes ignoring errors. You won't be able to publish such a changes. If ignore-warnings flag was omitted - warnings will also be ignored.
+ type: bool
+ details_level:
+ description:
+ - The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed
+ representation of the object.
+ type: str
+ choices: ['uid', 'standard', 'full']
+extends_documentation_fragment: check_point.mgmt.checkpoint_objects
+"""
+
+EXAMPLES = """
+- name: add-repository-script
+ cp_mgmt_repository_script:
+ name: New Script 1
+ script_body: ls -l /
+ state: present
+
+- name: set-repository-script
+ cp_mgmt_repository_script:
+ color: green
+ name: New Script 1
+ script_body: cpstat os -f all
+ state: present
+
+- name: delete-repository-script
+ cp_mgmt_repository_script:
+ name: New Script 1
+ state: absent
+"""
+
+RETURN = """
+cp_mgmt_repository_script:
+ description: The checkpoint object created or updated.
+ returned: always, except when deleting the object.
+ type: dict
+"""
+
+from ansible.module_utils.basic import AnsibleModule
+from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_objects, api_call
+
+
+def main():
+ argument_spec = dict(
+ name=dict(type='str', required=True),
+ script_body=dict(type='str'),
+ script_body_base64=dict(type='str'),
+ tags=dict(type='list', elements='str'),
+ color=dict(type='str', choices=['aquamarine', 'black', 'blue', 'crete blue', 'burlywood', 'cyan', 'dark green',
+ 'khaki', 'orchid', 'dark orange', 'dark sea green', 'pink', 'turquoise', 'dark blue', 'firebrick', 'brown',
+ 'forest green', 'gold', 'dark gold', 'gray', 'dark gray', 'light green', 'lemon chiffon', 'coral', 'sea green',
+ 'sky blue', 'magenta', 'purple', 'slate blue', 'violet red', 'navy blue', 'olive', 'orange', 'red', 'sienna',
+ 'yellow']),
+ comments=dict(type='str'),
+ ignore_warnings=dict(type='bool'),
+ ignore_errors=dict(type='bool'),
+ details_level=dict(type='str', choices=['uid', 'standard', 'full'])
+ )
+ argument_spec.update(checkpoint_argument_spec_for_objects)
+
+ module = AnsibleModule(argument_spec=argument_spec, supports_check_mode=True)
+ api_call_object = 'repository-script'
+
+ result = api_call(module, api_call_object)
+ module.exit_json(**result)
+
+
+if __name__ == '__main__':
+ main()
diff --git a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_repository_script_facts.py b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_repository_script_facts.py
new file mode 100644
index 000000000..67edad307
--- /dev/null
+++ b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_repository_script_facts.py
@@ -0,0 +1,127 @@
+#!/usr/bin/python
+# -*- coding: utf-8 -*-
+#
+# Ansible module to manage CheckPoint Firewall (c) 2019
+#
+# Ansible is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# Ansible is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with Ansible. If not, see <http://www.gnu.org/licenses/>.
+#
+
+from __future__ import (absolute_import, division, print_function)
+
+__metaclass__ = type
+
+ANSIBLE_METADATA = {'metadata_version': '1.1',
+ 'status': ['preview'],
+ 'supported_by': 'community'}
+
+DOCUMENTATION = """
+---
+module: cp_mgmt_repository_script_facts
+short_description: Get repository-script objects facts on Checkpoint over Web Services API
+description:
+ - Get repository-script objects facts on Checkpoint devices.
+ - All operations are performed over Web Services API.
+ - This module handles both operations, get a specific object and get several objects,
+ For getting a specific object use the parameter 'name'.
+version_added: "3.0.0"
+author: "Eden Brillant (@chkp-edenbr)"
+options:
+ name:
+ description:
+ - Object name.
+ This parameter is relevant only for getting a specific object.
+ type: str
+ details_level:
+ description:
+ - The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed
+ representation of the object.
+ type: str
+ choices: ['uid', 'standard', 'full']
+ limit:
+ description:
+ - The maximal number of returned results.
+ This parameter is relevant only for getting few objects.
+ type: int
+ offset:
+ description:
+ - Number of the results to initially skip.
+ This parameter is relevant only for getting few objects.
+ type: int
+ order:
+ description:
+ - Sorts the results by search criteria. Automatically sorts the results by Name, in the ascending order.
+ This parameter is relevant only for getting few objects.
+ type: list
+ elements: dict
+ suboptions:
+ ASC:
+ description:
+ - Sorts results by the given field in ascending order.
+ type: str
+ choices: ['name']
+ DESC:
+ description:
+ - Sorts results by the given field in descending order.
+ type: str
+ choices: ['name']
+extends_documentation_fragment: check_point.mgmt.checkpoint_facts
+"""
+
+EXAMPLES = """
+- name: show-repository-script
+ cp_mgmt_repository_script_facts:
+ name: New Script 1
+
+- name: show-repository-scripts
+ cp_mgmt_repository_script_facts:
+ details_level: standard
+ limit: 50
+ offset: 0
+"""
+
+RETURN = """
+ansible_facts:
+ description: The checkpoint object facts.
+ returned: always.
+ type: dict
+"""
+
+from ansible.module_utils.basic import AnsibleModule
+from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_facts, api_call_facts
+
+
+def main():
+ argument_spec = dict(
+ name=dict(type='str'),
+ details_level=dict(type='str', choices=['uid', 'standard', 'full']),
+ limit=dict(type='int'),
+ offset=dict(type='int'),
+ order=dict(type='list', elements='dict', options=dict(
+ ASC=dict(type='str', choices=['name']),
+ DESC=dict(type='str', choices=['name'])
+ ))
+ )
+ argument_spec.update(checkpoint_argument_spec_for_facts)
+
+ module = AnsibleModule(argument_spec=argument_spec, supports_check_mode=True)
+
+ api_call_object = "repository-script"
+ api_call_object_plural_version = "repository-scripts"
+
+ result = api_call_facts(module, api_call_object, api_call_object_plural_version)
+ module.exit_json(ansible_facts=result)
+
+
+if __name__ == '__main__':
+ main()
diff --git a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_reset_sic.py b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_reset_sic.py
new file mode 100644
index 000000000..cb5b8d00f
--- /dev/null
+++ b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_reset_sic.py
@@ -0,0 +1,84 @@
+#!/usr/bin/python
+# -*- coding: utf-8 -*-
+#
+# Ansible module to manage CheckPoint Firewall (c) 2019
+#
+# Ansible is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# Ansible is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with Ansible. If not, see <http://www.gnu.org/licenses/>.
+#
+
+from __future__ import (absolute_import, division, print_function)
+
+__metaclass__ = type
+
+ANSIBLE_METADATA = {'metadata_version': '1.1',
+ 'status': ['preview'],
+ 'supported_by': 'community'}
+
+DOCUMENTATION = """
+---
+module: cp_mgmt_reset_sic
+short_description: Reset Secure Internal Communication (SIC). To complete the reset operation need also to reset the device in the Check Point Configuration
+ Tool (by running cpconfig in Clish or Expert mode). Communication will not be possible until you reset and re-initialize the device properly.
+description:
+ - Reset Secure Internal Communication (SIC). To complete the reset operation need also to reset the device in the Check Point Configuration Tool (by
+ running cpconfig in Clish or Expert mode). Communication will not be possible until you reset and re-initialize the device properly.
+ - All operations are performed over Web Services API.
+version_added: "3.0.0"
+author: "Eden Brillant (@chkp-edenbr)"
+options:
+ name:
+ description:
+ - Gateway, cluster member or Check Point host name.
+ type: str
+ auto_publish_session:
+ description:
+ - Publish the current session if changes have been performed after task completes.
+ type: bool
+extends_documentation_fragment: check_point.mgmt.checkpoint_commands
+"""
+
+EXAMPLES = """
+- name: reset-sic
+ cp_mgmt_reset_sic:
+ name: gw1
+"""
+
+RETURN = """
+cp_mgmt_reset_sic:
+ description: The checkpoint reset-sic output.
+ returned: always.
+ type: dict
+"""
+
+from ansible.module_utils.basic import AnsibleModule
+from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_commands, api_command
+
+
+def main():
+ argument_spec = dict(
+ name=dict(type='str'),
+ auto_publish_session=dict(type='bool')
+ )
+ argument_spec.update(checkpoint_argument_spec_for_commands)
+
+ module = AnsibleModule(argument_spec=argument_spec)
+
+ command = "reset-sic"
+
+ result = api_command(module, command)
+ module.exit_json(**result)
+
+
+if __name__ == '__main__':
+ main()
diff --git a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_run_ips_update.py b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_run_ips_update.py
new file mode 100644
index 000000000..2c9f99347
--- /dev/null
+++ b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_run_ips_update.py
@@ -0,0 +1,76 @@
+#!/usr/bin/python
+# -*- coding: utf-8 -*-
+#
+# Ansible module to manage Check Point Firewall (c) 2019
+#
+# Ansible is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# Ansible is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with Ansible. If not, see <http://www.gnu.org/licenses/>.
+#
+
+from __future__ import (absolute_import, division, print_function)
+
+__metaclass__ = type
+
+ANSIBLE_METADATA = {'metadata_version': '1.1',
+ 'status': ['preview'],
+ 'supported_by': 'community'}
+
+DOCUMENTATION = """
+---
+module: cp_mgmt_run_ips_update
+short_description: Runs IPS database update. If "package-path" is not provided server will try to get the latest package from the User Center.
+description:
+ - Runs IPS database update. If "package-path" is not provided server will try to get the latest package from the User Center.
+ - All operations are performed over Web Services API.
+version_added: "1.0.0"
+author: "Or Soffer (@chkp-orso)"
+options:
+ package_path:
+ description:
+ - Offline update package path.
+ type: str
+extends_documentation_fragment: check_point.mgmt.checkpoint_commands
+"""
+
+EXAMPLES = """
+- name: run-ips-update
+ cp_mgmt_run_ips_update:
+"""
+
+RETURN = """
+cp_mgmt_run_ips_update:
+ description: The checkpoint run-ips-update output.
+ returned: always.
+ type: dict
+"""
+
+from ansible.module_utils.basic import AnsibleModule
+from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_commands, api_command
+
+
+def main():
+ argument_spec = dict(
+ package_path=dict(type='str')
+ )
+ argument_spec.update(checkpoint_argument_spec_for_commands)
+
+ module = AnsibleModule(argument_spec=argument_spec)
+
+ command = "run-ips-update"
+
+ result = api_command(module, command)
+ module.exit_json(**result)
+
+
+if __name__ == '__main__':
+ main()
diff --git a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_run_script.py b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_run_script.py
new file mode 100644
index 000000000..f4dabd98b
--- /dev/null
+++ b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_run_script.py
@@ -0,0 +1,101 @@
+#!/usr/bin/python
+# -*- coding: utf-8 -*-
+#
+# Ansible module to manage Check Point Firewall (c) 2019
+#
+# Ansible is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# Ansible is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with Ansible. If not, see <http://www.gnu.org/licenses/>.
+#
+
+from __future__ import (absolute_import, division, print_function)
+
+__metaclass__ = type
+
+ANSIBLE_METADATA = {'metadata_version': '1.1',
+ 'status': ['preview'],
+ 'supported_by': 'community'}
+
+DOCUMENTATION = """
+---
+module: cp_mgmt_run_script
+short_description: Executes the script on a given list of targets.
+description:
+ - Executes the script on a given list of targets.
+ - All operations are performed over Web Services API.
+version_added: "1.0.0"
+author: "Or Soffer (@chkp-orso)"
+options:
+ script_name:
+ description:
+ - Script name.
+ type: str
+ script:
+ description:
+ - Script body.
+ type: str
+ targets:
+ description:
+ - On what targets to execute this command. Targets may be identified by their name, or object unique identifier.
+ type: list
+ elements: str
+ args:
+ description:
+ - Script arguments.
+ type: str
+ comments:
+ description:
+ - Comments string.
+ type: str
+extends_documentation_fragment: check_point.mgmt.checkpoint_commands
+"""
+
+EXAMPLES = """
+- name: run-script
+ cp_mgmt_run_script:
+ script: ls -l /
+ script_name: 'Script Example: List files under / dir'
+ targets:
+ - corporate-gateway
+"""
+
+RETURN = """
+cp_mgmt_run_script:
+ description: The checkpoint run-script output.
+ returned: always.
+ type: dict
+"""
+
+from ansible.module_utils.basic import AnsibleModule
+from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_commands, api_command
+
+
+def main():
+ argument_spec = dict(
+ script_name=dict(type='str'),
+ script=dict(type='str'),
+ targets=dict(type='list', elements='str'),
+ args=dict(type='str'),
+ comments=dict(type='str')
+ )
+ argument_spec.update(checkpoint_argument_spec_for_commands)
+
+ module = AnsibleModule(argument_spec=argument_spec)
+
+ command = "run-script"
+
+ result = api_command(module, command)
+ module.exit_json(**result)
+
+
+if __name__ == '__main__':
+ main()
diff --git a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_security_zone.py b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_security_zone.py
new file mode 100644
index 000000000..6c9cab11b
--- /dev/null
+++ b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_security_zone.py
@@ -0,0 +1,130 @@
+#!/usr/bin/python
+# -*- coding: utf-8 -*-
+#
+# Ansible module to manage Check Point Firewall (c) 2019
+#
+# Ansible is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# Ansible is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with Ansible. If not, see <http://www.gnu.org/licenses/>.
+#
+
+from __future__ import (absolute_import, division, print_function)
+
+__metaclass__ = type
+
+ANSIBLE_METADATA = {'metadata_version': '1.1',
+ 'status': ['preview'],
+ 'supported_by': 'community'}
+
+DOCUMENTATION = """
+---
+module: cp_mgmt_security_zone
+short_description: Manages security-zone objects on Check Point over Web Services API
+description:
+ - Manages security-zone objects on Check Point devices including creating, updating and removing objects.
+ - All operations are performed over Web Services API.
+version_added: "1.0.0"
+author: "Or Soffer (@chkp-orso)"
+options:
+ name:
+ description:
+ - Object name.
+ type: str
+ required: True
+ tags:
+ description:
+ - Collection of tag identifiers.
+ type: list
+ elements: str
+ color:
+ description:
+ - Color of the object. Should be one of existing colors.
+ type: str
+ choices: ['aquamarine', 'black', 'blue', 'crete blue', 'burlywood', 'cyan', 'dark green', 'khaki', 'orchid', 'dark orange', 'dark sea green',
+ 'pink', 'turquoise', 'dark blue', 'firebrick', 'brown', 'forest green', 'gold', 'dark gold', 'gray', 'dark gray', 'light green', 'lemon chiffon',
+ 'coral', 'sea green', 'sky blue', 'magenta', 'purple', 'slate blue', 'violet red', 'navy blue', 'olive', 'orange', 'red', 'sienna', 'yellow']
+ comments:
+ description:
+ - Comments string.
+ type: str
+ details_level:
+ description:
+ - The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed
+ representation of the object.
+ type: str
+ choices: ['uid', 'standard', 'full']
+ ignore_warnings:
+ description:
+ - Apply changes ignoring warnings.
+ type: bool
+ ignore_errors:
+ description:
+ - Apply changes ignoring errors. You won't be able to publish such a changes. If ignore-warnings flag was omitted - warnings will also be ignored.
+ type: bool
+extends_documentation_fragment: check_point.mgmt.checkpoint_objects
+"""
+
+EXAMPLES = """
+- name: add-security-zone
+ cp_mgmt_security_zone:
+ color: yellow
+ comments: My Security Zone 1
+ name: SZone1
+ state: present
+
+- name: set-security-zone
+ cp_mgmt_security_zone:
+ name: SZone1
+ state: present
+
+- name: delete-security-zone
+ cp_mgmt_security_zone:
+ name: SZone2
+ state: absent
+"""
+
+RETURN = """
+cp_mgmt_security_zone:
+ description: The checkpoint object created or updated.
+ returned: always, except when deleting the object.
+ type: dict
+"""
+
+from ansible.module_utils.basic import AnsibleModule
+from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_objects, api_call
+
+
+def main():
+ argument_spec = dict(
+ name=dict(type='str', required=True),
+ tags=dict(type='list', elements='str'),
+ color=dict(type='str', choices=['aquamarine', 'black', 'blue', 'crete blue', 'burlywood', 'cyan', 'dark green',
+ 'khaki', 'orchid', 'dark orange', 'dark sea green', 'pink', 'turquoise', 'dark blue', 'firebrick', 'brown',
+ 'forest green', 'gold', 'dark gold', 'gray', 'dark gray', 'light green', 'lemon chiffon', 'coral', 'sea green',
+ 'sky blue', 'magenta', 'purple', 'slate blue', 'violet red', 'navy blue', 'olive', 'orange', 'red', 'sienna',
+ 'yellow']),
+ comments=dict(type='str'),
+ details_level=dict(type='str', choices=['uid', 'standard', 'full']),
+ ignore_warnings=dict(type='bool'),
+ ignore_errors=dict(type='bool')
+ )
+ argument_spec.update(checkpoint_argument_spec_for_objects)
+
+ module = AnsibleModule(argument_spec=argument_spec, supports_check_mode=True)
+ api_call_object = 'security-zone'
+
+ result = api_call(module, api_call_object)
+ module.exit_json(**result)
+
+
+if __name__ == '__main__':
+ main()
diff --git a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_security_zone_facts.py b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_security_zone_facts.py
new file mode 100644
index 000000000..90be77462
--- /dev/null
+++ b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_security_zone_facts.py
@@ -0,0 +1,129 @@
+#!/usr/bin/python
+# -*- coding: utf-8 -*-
+#
+# Ansible module to manage Check Point Firewall (c) 2019
+#
+# Ansible is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# Ansible is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with Ansible. If not, see <http://www.gnu.org/licenses/>.
+#
+
+from __future__ import (absolute_import, division, print_function)
+
+__metaclass__ = type
+
+ANSIBLE_METADATA = {'metadata_version': '1.1',
+ 'status': ['preview'],
+ 'supported_by': 'community'}
+
+DOCUMENTATION = """
+---
+module: cp_mgmt_security_zone_facts
+short_description: Get security-zone objects facts on Check Point over Web Services API
+description:
+ - Get security-zone objects facts on Check Point devices.
+ - All operations are performed over Web Services API.
+ - This module handles both operations, get a specific object and get several objects,
+ For getting a specific object use the parameter 'name'.
+version_added: "1.0.0"
+author: "Or Soffer (@chkp-orso)"
+options:
+ name:
+ description:
+ - Object name.
+ This parameter is relevant only for getting a specific object.
+ type: str
+ details_level:
+ description:
+ - The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed
+ representation of the object.
+ type: str
+ choices: ['uid', 'standard', 'full']
+ limit:
+ description:
+ - No more than that many results will be returned.
+ This parameter is relevant only for getting few objects.
+ type: int
+ offset:
+ description:
+ - Skip that many results before beginning to return them.
+ This parameter is relevant only for getting few objects.
+ type: int
+ order:
+ description:
+ - Sorts results by the given field. By default the results are sorted in the ascending order by name.
+ This parameter is relevant only for getting few objects.
+ type: list
+ elements: dict
+ suboptions:
+ ASC:
+ description:
+ - Sorts results by the given field in ascending order.
+ type: str
+ choices: ['name']
+ DESC:
+ description:
+ - Sorts results by the given field in descending order.
+ type: str
+ choices: ['name']
+ show_membership:
+ description:
+ - Indicates whether to calculate and show "groups" field for every object in reply.
+ type: bool
+extends_documentation_fragment: check_point.mgmt.checkpoint_facts
+"""
+
+EXAMPLES = """
+- name: show-security-zone
+ cp_mgmt_security_zone_facts:
+ name: SZone1
+
+- name: show-security-zones
+ cp_mgmt_security_zone_facts:
+"""
+
+RETURN = """
+ansible_facts:
+ description: The checkpoint object facts.
+ returned: always.
+ type: dict
+"""
+
+from ansible.module_utils.basic import AnsibleModule
+from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_facts, api_call_facts
+
+
+def main():
+ argument_spec = dict(
+ name=dict(type='str'),
+ details_level=dict(type='str', choices=['uid', 'standard', 'full']),
+ limit=dict(type='int'),
+ offset=dict(type='int'),
+ order=dict(type='list', elements='dict', options=dict(
+ ASC=dict(type='str', choices=['name']),
+ DESC=dict(type='str', choices=['name'])
+ )),
+ show_membership=dict(type='bool')
+ )
+ argument_spec.update(checkpoint_argument_spec_for_facts)
+
+ module = AnsibleModule(argument_spec=argument_spec, supports_check_mode=True)
+
+ api_call_object = "security-zone"
+ api_call_object_plural_version = "security-zones"
+
+ result = api_call_facts(module, api_call_object, api_call_object_plural_version)
+ module.exit_json(ansible_facts=result)
+
+
+if __name__ == '__main__':
+ main()
diff --git a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_service_dce_rpc.py b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_service_dce_rpc.py
new file mode 100644
index 000000000..63941587a
--- /dev/null
+++ b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_service_dce_rpc.py
@@ -0,0 +1,149 @@
+#!/usr/bin/python
+# -*- coding: utf-8 -*-
+#
+# Ansible module to manage Check Point Firewall (c) 2019
+#
+# Ansible is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# Ansible is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with Ansible. If not, see <http://www.gnu.org/licenses/>.
+#
+
+from __future__ import (absolute_import, division, print_function)
+
+__metaclass__ = type
+
+ANSIBLE_METADATA = {'metadata_version': '1.1',
+ 'status': ['preview'],
+ 'supported_by': 'community'}
+
+DOCUMENTATION = """
+---
+module: cp_mgmt_service_dce_rpc
+short_description: Manages service-dce-rpc objects on Check Point over Web Services API
+description:
+ - Manages service-dce-rpc objects on Check Point devices including creating, updating and removing objects.
+ - All operations are performed over Web Services API.
+version_added: "1.0.0"
+author: "Or Soffer (@chkp-orso)"
+options:
+ name:
+ description:
+ - Object name.
+ type: str
+ required: True
+ interface_uuid:
+ description:
+ - Network interface UUID.
+ type: str
+ keep_connections_open_after_policy_installation:
+ description:
+ - Keep connections open after policy has been installed even if they are not allowed under the new policy. This overrides the settings in the
+ Connection Persistence page. If you change this property, the change will not affect open connections, but only future connections.
+ type: bool
+ tags:
+ description:
+ - Collection of tag identifiers.
+ type: list
+ elements: str
+ color:
+ description:
+ - Color of the object. Should be one of existing colors.
+ type: str
+ choices: ['aquamarine', 'black', 'blue', 'crete blue', 'burlywood', 'cyan', 'dark green', 'khaki', 'orchid', 'dark orange', 'dark sea green',
+ 'pink', 'turquoise', 'dark blue', 'firebrick', 'brown', 'forest green', 'gold', 'dark gold', 'gray', 'dark gray', 'light green', 'lemon chiffon',
+ 'coral', 'sea green', 'sky blue', 'magenta', 'purple', 'slate blue', 'violet red', 'navy blue', 'olive', 'orange', 'red', 'sienna', 'yellow']
+ comments:
+ description:
+ - Comments string.
+ type: str
+ details_level:
+ description:
+ - The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed
+ representation of the object.
+ type: str
+ choices: ['uid', 'standard', 'full']
+ groups:
+ description:
+ - Collection of group identifiers.
+ type: list
+ elements: str
+ ignore_warnings:
+ description:
+ - Apply changes ignoring warnings.
+ type: bool
+ ignore_errors:
+ description:
+ - Apply changes ignoring errors. You won't be able to publish such a changes. If ignore-warnings flag was omitted - warnings will also be ignored.
+ type: bool
+extends_documentation_fragment: check_point.mgmt.checkpoint_objects
+"""
+
+EXAMPLES = """
+- name: add-service-dce-rpc
+ cp_mgmt_service_dce_rpc:
+ interface_uuid: 97aeb460-9aea-11d5-bd16-0090272ccb30
+ keep_connections_open_after_policy_installation: false
+ name: New_DCE-RPC_Service_1
+ state: present
+
+- name: set-service-dce-rpc
+ cp_mgmt_service_dce_rpc:
+ color: green
+ interface_uuid: 44aeb460-9aea-11d5-bd16-009027266b30
+ name: New_DCE-RPC_Service_1
+ state: present
+
+- name: delete-service-dce-rpc
+ cp_mgmt_service_dce_rpc:
+ name: New_DCE-RPC_Service_2
+ state: absent
+"""
+
+RETURN = """
+cp_mgmt_service_dce_rpc:
+ description: The checkpoint object created or updated.
+ returned: always, except when deleting the object.
+ type: dict
+"""
+
+from ansible.module_utils.basic import AnsibleModule
+from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_objects, api_call
+
+
+def main():
+ argument_spec = dict(
+ name=dict(type='str', required=True),
+ interface_uuid=dict(type='str'),
+ keep_connections_open_after_policy_installation=dict(type='bool'),
+ tags=dict(type='list', elements='str'),
+ color=dict(type='str', choices=['aquamarine', 'black', 'blue', 'crete blue', 'burlywood', 'cyan', 'dark green',
+ 'khaki', 'orchid', 'dark orange', 'dark sea green', 'pink', 'turquoise', 'dark blue', 'firebrick', 'brown',
+ 'forest green', 'gold', 'dark gold', 'gray', 'dark gray', 'light green', 'lemon chiffon', 'coral', 'sea green',
+ 'sky blue', 'magenta', 'purple', 'slate blue', 'violet red', 'navy blue', 'olive', 'orange', 'red', 'sienna',
+ 'yellow']),
+ comments=dict(type='str'),
+ details_level=dict(type='str', choices=['uid', 'standard', 'full']),
+ groups=dict(type='list', elements='str'),
+ ignore_warnings=dict(type='bool'),
+ ignore_errors=dict(type='bool')
+ )
+ argument_spec.update(checkpoint_argument_spec_for_objects)
+
+ module = AnsibleModule(argument_spec=argument_spec, supports_check_mode=True)
+ api_call_object = 'service-dce-rpc'
+
+ result = api_call(module, api_call_object)
+ module.exit_json(**result)
+
+
+if __name__ == '__main__':
+ main()
diff --git a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_service_dce_rpc_facts.py b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_service_dce_rpc_facts.py
new file mode 100644
index 000000000..b9419a93a
--- /dev/null
+++ b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_service_dce_rpc_facts.py
@@ -0,0 +1,132 @@
+#!/usr/bin/python
+# -*- coding: utf-8 -*-
+#
+# Ansible module to manage Check Point Firewall (c) 2019
+#
+# Ansible is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# Ansible is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with Ansible. If not, see <http://www.gnu.org/licenses/>.
+#
+
+from __future__ import (absolute_import, division, print_function)
+
+__metaclass__ = type
+
+ANSIBLE_METADATA = {'metadata_version': '1.1',
+ 'status': ['preview'],
+ 'supported_by': 'community'}
+
+DOCUMENTATION = """
+---
+module: cp_mgmt_service_dce_rpc_facts
+short_description: Get service-dce-rpc objects facts on Check Point over Web Services API
+description:
+ - Get service-dce-rpc objects facts on Check Point devices.
+ - All operations are performed over Web Services API.
+ - This module handles both operations, get a specific object and get several objects,
+ For getting a specific object use the parameter 'name'.
+version_added: "1.0.0"
+author: "Or Soffer (@chkp-orso)"
+options:
+ name:
+ description:
+ - Object name.
+ This parameter is relevant only for getting a specific object.
+ type: str
+ details_level:
+ description:
+ - The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed
+ representation of the object.
+ type: str
+ choices: ['uid', 'standard', 'full']
+ limit:
+ description:
+ - No more than that many results will be returned.
+ This parameter is relevant only for getting few objects.
+ type: int
+ offset:
+ description:
+ - Skip that many results before beginning to return them.
+ This parameter is relevant only for getting few objects.
+ type: int
+ order:
+ description:
+ - Sorts results by the given field. By default the results are sorted in the ascending order by name.
+ This parameter is relevant only for getting few objects.
+ type: list
+ elements: dict
+ suboptions:
+ ASC:
+ description:
+ - Sorts results by the given field in ascending order.
+ type: str
+ choices: ['name']
+ DESC:
+ description:
+ - Sorts results by the given field in descending order.
+ type: str
+ choices: ['name']
+ show_membership:
+ description:
+ - Indicates whether to calculate and show "groups" field for every object in reply.
+ type: bool
+extends_documentation_fragment: check_point.mgmt.checkpoint_facts
+"""
+
+EXAMPLES = """
+- name: show-service-dce-rpc
+ cp_mgmt_service_dce_rpc_facts:
+ name: HP-OpCdistm
+
+- name: show-services-dce-rpc
+ cp_mgmt_service_dce_rpc_facts:
+ details_level: standard
+ limit: 50
+ offset: 0
+"""
+
+RETURN = """
+ansible_facts:
+ description: The checkpoint object facts.
+ returned: always.
+ type: dict
+"""
+
+from ansible.module_utils.basic import AnsibleModule
+from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_facts, api_call_facts
+
+
+def main():
+ argument_spec = dict(
+ name=dict(type='str'),
+ details_level=dict(type='str', choices=['uid', 'standard', 'full']),
+ limit=dict(type='int'),
+ offset=dict(type='int'),
+ order=dict(type='list', elements='dict', options=dict(
+ ASC=dict(type='str', choices=['name']),
+ DESC=dict(type='str', choices=['name'])
+ )),
+ show_membership=dict(type='bool')
+ )
+ argument_spec.update(checkpoint_argument_spec_for_facts)
+
+ module = AnsibleModule(argument_spec=argument_spec, supports_check_mode=True)
+
+ api_call_object = "service-dce-rpc"
+ api_call_object_plural_version = "services-dce-rpc"
+
+ result = api_call_facts(module, api_call_object, api_call_object_plural_version)
+ module.exit_json(ansible_facts=result)
+
+
+if __name__ == '__main__':
+ main()
diff --git a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_service_group.py b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_service_group.py
new file mode 100644
index 000000000..1f78ac539
--- /dev/null
+++ b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_service_group.py
@@ -0,0 +1,149 @@
+#!/usr/bin/python
+# -*- coding: utf-8 -*-
+#
+# Ansible module to manage Check Point Firewall (c) 2019
+#
+# Ansible is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# Ansible is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with Ansible. If not, see <http://www.gnu.org/licenses/>.
+#
+
+from __future__ import (absolute_import, division, print_function)
+
+__metaclass__ = type
+
+ANSIBLE_METADATA = {'metadata_version': '1.1',
+ 'status': ['preview'],
+ 'supported_by': 'community'}
+
+DOCUMENTATION = """
+---
+module: cp_mgmt_service_group
+short_description: Manages service-group objects on Check Point over Web Services API
+description:
+ - Manages service-group objects on Check Point devices including creating, updating and removing objects.
+ - All operations are performed over Web Services API.
+version_added: "1.0.0"
+author: "Or Soffer (@chkp-orso)"
+options:
+ name:
+ description:
+ - Object name.
+ type: str
+ required: True
+ members:
+ description:
+ - Collection of Network objects identified by the name or UID.
+ type: list
+ elements: str
+ tags:
+ description:
+ - Collection of tag identifiers.
+ type: list
+ elements: str
+ color:
+ description:
+ - Color of the object. Should be one of existing colors.
+ type: str
+ choices: ['aquamarine', 'black', 'blue', 'crete blue', 'burlywood', 'cyan', 'dark green', 'khaki', 'orchid', 'dark orange', 'dark sea green',
+ 'pink', 'turquoise', 'dark blue', 'firebrick', 'brown', 'forest green', 'gold', 'dark gold', 'gray', 'dark gray', 'light green', 'lemon chiffon',
+ 'coral', 'sea green', 'sky blue', 'magenta', 'purple', 'slate blue', 'violet red', 'navy blue', 'olive', 'orange', 'red', 'sienna', 'yellow']
+ comments:
+ description:
+ - Comments string.
+ type: str
+ details_level:
+ description:
+ - The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed
+ representation of the object.
+ type: str
+ choices: ['uid', 'standard', 'full']
+ groups:
+ description:
+ - Collection of group identifiers.
+ type: list
+ elements: str
+ ignore_warnings:
+ description:
+ - Apply changes ignoring warnings.
+ type: bool
+ ignore_errors:
+ description:
+ - Apply changes ignoring errors. You won't be able to publish such a changes. If ignore-warnings flag was omitted - warnings will also be ignored.
+ type: bool
+extends_documentation_fragment: check_point.mgmt.checkpoint_objects
+"""
+
+EXAMPLES = """
+- name: add-service-group
+ cp_mgmt_service_group:
+ members:
+ - https
+ - bootp
+ - nisplus
+ - HP-OpCdistm
+ name: New Service Group 1
+ state: present
+
+- name: set-service-group
+ cp_mgmt_service_group:
+ name: New Service Group 1
+ members:
+ - https
+ - bootp
+ - nisplus
+ state: present
+
+- name: delete-service-group
+ cp_mgmt_service_group:
+ name: New Service Group 1
+ state: absent
+"""
+
+RETURN = """
+cp_mgmt_service_group:
+ description: The checkpoint object created or updated.
+ returned: always, except when deleting the object.
+ type: dict
+"""
+
+from ansible.module_utils.basic import AnsibleModule
+from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_objects, api_call
+
+
+def main():
+ argument_spec = dict(
+ name=dict(type='str', required=True),
+ members=dict(type='list', elements='str'),
+ tags=dict(type='list', elements='str'),
+ color=dict(type='str', choices=['aquamarine', 'black', 'blue', 'crete blue', 'burlywood', 'cyan', 'dark green',
+ 'khaki', 'orchid', 'dark orange', 'dark sea green', 'pink', 'turquoise', 'dark blue', 'firebrick', 'brown',
+ 'forest green', 'gold', 'dark gold', 'gray', 'dark gray', 'light green', 'lemon chiffon', 'coral', 'sea green',
+ 'sky blue', 'magenta', 'purple', 'slate blue', 'violet red', 'navy blue', 'olive', 'orange', 'red', 'sienna',
+ 'yellow']),
+ comments=dict(type='str'),
+ details_level=dict(type='str', choices=['uid', 'standard', 'full']),
+ groups=dict(type='list', elements='str'),
+ ignore_warnings=dict(type='bool'),
+ ignore_errors=dict(type='bool')
+ )
+ argument_spec.update(checkpoint_argument_spec_for_objects)
+
+ module = AnsibleModule(argument_spec=argument_spec, supports_check_mode=True)
+ api_call_object = 'service-group'
+
+ result = api_call(module, api_call_object)
+ module.exit_json(**result)
+
+
+if __name__ == '__main__':
+ main()
diff --git a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_service_group_facts.py b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_service_group_facts.py
new file mode 100644
index 000000000..f04e0b961
--- /dev/null
+++ b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_service_group_facts.py
@@ -0,0 +1,144 @@
+#!/usr/bin/python
+# -*- coding: utf-8 -*-
+#
+# Ansible module to manage Check Point Firewall (c) 2019
+#
+# Ansible is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# Ansible is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with Ansible. If not, see <http://www.gnu.org/licenses/>.
+#
+
+from __future__ import (absolute_import, division, print_function)
+
+__metaclass__ = type
+
+ANSIBLE_METADATA = {'metadata_version': '1.1',
+ 'status': ['preview'],
+ 'supported_by': 'community'}
+
+DOCUMENTATION = """
+---
+module: cp_mgmt_service_group_facts
+short_description: Get service-group objects facts on Check Point over Web Services API
+description:
+ - Get service-group objects facts on Check Point devices.
+ - All operations are performed over Web Services API.
+ - This module handles both operations, get a specific object and get several objects,
+ For getting a specific object use the parameter 'name'.
+version_added: "1.0.0"
+author: "Or Soffer (@chkp-orso)"
+options:
+ name:
+ description:
+ - Object name.
+ This parameter is relevant only for getting a specific object.
+ type: str
+ show_as_ranges:
+ description:
+ - When true, the service group's matched content is displayed as ranges of port numbers rather than service objects.<br />Objects that are not
+ represented using port numbers are presented as objects.<br />The 'members' parameter is omitted from the response and instead the 'ranges' parameter
+ is displayed.
+ type: bool
+ details_level:
+ description:
+ - The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed
+ representation of the object.
+ type: str
+ choices: ['uid', 'standard', 'full']
+ limit:
+ description:
+ - No more than that many results will be returned.
+ This parameter is relevant only for getting few objects.
+ type: int
+ offset:
+ description:
+ - Skip that many results before beginning to return them.
+ This parameter is relevant only for getting few objects.
+ type: int
+ order:
+ description:
+ - Sorts results by the given field. By default the results are sorted in the ascending order by name.
+ This parameter is relevant only for getting few objects.
+ type: list
+ elements: dict
+ suboptions:
+ ASC:
+ description:
+ - Sorts results by the given field in ascending order.
+ type: str
+ choices: ['name']
+ DESC:
+ description:
+ - Sorts results by the given field in descending order.
+ type: str
+ choices: ['name']
+ dereference_group_members:
+ description:
+ - Indicates whether to dereference "members" field by details level for every object in reply.
+ type: bool
+ show_membership:
+ description:
+ - Indicates whether to calculate and show "groups" field for every object in reply.
+ type: bool
+extends_documentation_fragment: check_point.mgmt.checkpoint_facts
+"""
+
+EXAMPLES = """
+- name: show-service-group
+ cp_mgmt_service_group_facts:
+ name: New Service Group 1
+
+- name: show-service-groups
+ cp_mgmt_service_group_facts:
+ details_level: standard
+ limit: 50
+ offset: 0
+"""
+
+RETURN = """
+ansible_facts:
+ description: The checkpoint object facts.
+ returned: always.
+ type: dict
+"""
+
+from ansible.module_utils.basic import AnsibleModule
+from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_facts, api_call_facts
+
+
+def main():
+ argument_spec = dict(
+ name=dict(type='str'),
+ show_as_ranges=dict(type='bool'),
+ details_level=dict(type='str', choices=['uid', 'standard', 'full']),
+ limit=dict(type='int'),
+ offset=dict(type='int'),
+ order=dict(type='list', elements='dict', options=dict(
+ ASC=dict(type='str', choices=['name']),
+ DESC=dict(type='str', choices=['name'])
+ )),
+ dereference_group_members=dict(type='bool'),
+ show_membership=dict(type='bool')
+ )
+ argument_spec.update(checkpoint_argument_spec_for_facts)
+
+ module = AnsibleModule(argument_spec=argument_spec, supports_check_mode=True)
+
+ api_call_object = "service-group"
+ api_call_object_plural_version = "service-groups"
+
+ result = api_call_facts(module, api_call_object, api_call_object_plural_version)
+ module.exit_json(ansible_facts=result)
+
+
+if __name__ == '__main__':
+ main()
diff --git a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_service_icmp.py b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_service_icmp.py
new file mode 100644
index 000000000..0cd0d4ca8
--- /dev/null
+++ b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_service_icmp.py
@@ -0,0 +1,154 @@
+#!/usr/bin/python
+# -*- coding: utf-8 -*-
+#
+# Ansible module to manage Check Point Firewall (c) 2019
+#
+# Ansible is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# Ansible is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with Ansible. If not, see <http://www.gnu.org/licenses/>.
+#
+
+from __future__ import (absolute_import, division, print_function)
+
+__metaclass__ = type
+
+ANSIBLE_METADATA = {'metadata_version': '1.1',
+ 'status': ['preview'],
+ 'supported_by': 'community'}
+
+DOCUMENTATION = """
+---
+module: cp_mgmt_service_icmp
+short_description: Manages service-icmp objects on Check Point over Web Services API
+description:
+ - Manages service-icmp objects on Check Point devices including creating, updating and removing objects.
+ - All operations are performed over Web Services API.
+version_added: "1.0.0"
+author: "Or Soffer (@chkp-orso)"
+options:
+ name:
+ description:
+ - Object name.
+ type: str
+ required: True
+ icmp_code:
+ description:
+ - As listed in, <a href="http,//www.iana.org/assignments/icmp-parameters" target="_blank">RFC 792</a>.
+ type: int
+ icmp_type:
+ description:
+ - As listed in, <a href="http,//www.iana.org/assignments/icmp-parameters" target="_blank">RFC 792</a>.
+ type: int
+ keep_connections_open_after_policy_installation:
+ description:
+ - Keep connections open after policy has been installed even if they are not allowed under the new policy. This overrides the settings in the
+ Connection Persistence page. If you change this property, the change will not affect open connections, but only future connections.
+ type: bool
+ tags:
+ description:
+ - Collection of tag identifiers.
+ type: list
+ elements: str
+ color:
+ description:
+ - Color of the object. Should be one of existing colors.
+ type: str
+ choices: ['aquamarine', 'black', 'blue', 'crete blue', 'burlywood', 'cyan', 'dark green', 'khaki', 'orchid', 'dark orange', 'dark sea green',
+ 'pink', 'turquoise', 'dark blue', 'firebrick', 'brown', 'forest green', 'gold', 'dark gold', 'gray', 'dark gray', 'light green', 'lemon chiffon',
+ 'coral', 'sea green', 'sky blue', 'magenta', 'purple', 'slate blue', 'violet red', 'navy blue', 'olive', 'orange', 'red', 'sienna', 'yellow']
+ comments:
+ description:
+ - Comments string.
+ type: str
+ details_level:
+ description:
+ - The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed
+ representation of the object.
+ type: str
+ choices: ['uid', 'standard', 'full']
+ groups:
+ description:
+ - Collection of group identifiers.
+ type: list
+ elements: str
+ ignore_warnings:
+ description:
+ - Apply changes ignoring warnings.
+ type: bool
+ ignore_errors:
+ description:
+ - Apply changes ignoring errors. You won't be able to publish such a changes. If ignore-warnings flag was omitted - warnings will also be ignored.
+ type: bool
+extends_documentation_fragment: check_point.mgmt.checkpoint_objects
+"""
+
+EXAMPLES = """
+- name: add-service-icmp
+ cp_mgmt_service_icmp:
+ icmp_code: 7
+ icmp_type: 5
+ name: Icmp1
+ state: present
+
+- name: set-service-icmp
+ cp_mgmt_service_icmp:
+ icmp_code: 13
+ icmp_type: 45
+ name: icmp1
+ state: present
+
+- name: delete-service-icmp
+ cp_mgmt_service_icmp:
+ name: icmp3
+ state: absent
+"""
+
+RETURN = """
+cp_mgmt_service_icmp:
+ description: The checkpoint object created or updated.
+ returned: always, except when deleting the object.
+ type: dict
+"""
+
+from ansible.module_utils.basic import AnsibleModule
+from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_objects, api_call
+
+
+def main():
+ argument_spec = dict(
+ name=dict(type='str', required=True),
+ icmp_code=dict(type='int'),
+ icmp_type=dict(type='int'),
+ keep_connections_open_after_policy_installation=dict(type='bool'),
+ tags=dict(type='list', elements='str'),
+ color=dict(type='str', choices=['aquamarine', 'black', 'blue', 'crete blue', 'burlywood', 'cyan', 'dark green',
+ 'khaki', 'orchid', 'dark orange', 'dark sea green', 'pink', 'turquoise', 'dark blue', 'firebrick', 'brown',
+ 'forest green', 'gold', 'dark gold', 'gray', 'dark gray', 'light green', 'lemon chiffon', 'coral', 'sea green',
+ 'sky blue', 'magenta', 'purple', 'slate blue', 'violet red', 'navy blue', 'olive', 'orange', 'red', 'sienna',
+ 'yellow']),
+ comments=dict(type='str'),
+ details_level=dict(type='str', choices=['uid', 'standard', 'full']),
+ groups=dict(type='list', elements='str'),
+ ignore_warnings=dict(type='bool'),
+ ignore_errors=dict(type='bool')
+ )
+ argument_spec.update(checkpoint_argument_spec_for_objects)
+
+ module = AnsibleModule(argument_spec=argument_spec, supports_check_mode=True)
+ api_call_object = 'service-icmp'
+
+ result = api_call(module, api_call_object)
+ module.exit_json(**result)
+
+
+if __name__ == '__main__':
+ main()
diff --git a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_service_icmp6.py b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_service_icmp6.py
new file mode 100644
index 000000000..fe845e609
--- /dev/null
+++ b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_service_icmp6.py
@@ -0,0 +1,154 @@
+#!/usr/bin/python
+# -*- coding: utf-8 -*-
+#
+# Ansible module to manage Check Point Firewall (c) 2019
+#
+# Ansible is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# Ansible is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with Ansible. If not, see <http://www.gnu.org/licenses/>.
+#
+
+from __future__ import (absolute_import, division, print_function)
+
+__metaclass__ = type
+
+ANSIBLE_METADATA = {'metadata_version': '1.1',
+ 'status': ['preview'],
+ 'supported_by': 'community'}
+
+DOCUMENTATION = """
+---
+module: cp_mgmt_service_icmp6
+short_description: Manages service-icmp6 objects on Check Point over Web Services API
+description:
+ - Manages service-icmp6 objects on Check Point devices including creating, updating and removing objects.
+ - All operations are performed over Web Services API.
+version_added: "1.0.0"
+author: "Or Soffer (@chkp-orso)"
+options:
+ name:
+ description:
+ - Object name.
+ type: str
+ required: True
+ icmp_code:
+ description:
+ - As listed in, <a href="http,//www.iana.org/assignments/icmp-parameters" target="_blank">RFC 792</a>.
+ type: int
+ icmp_type:
+ description:
+ - As listed in, <a href="http,//www.iana.org/assignments/icmp-parameters" target="_blank">RFC 792</a>.
+ type: int
+ keep_connections_open_after_policy_installation:
+ description:
+ - Keep connections open after policy has been installed even if they are not allowed under the new policy. This overrides the settings in the
+ Connection Persistence page. If you change this property, the change will not affect open connections, but only future connections.
+ type: bool
+ tags:
+ description:
+ - Collection of tag identifiers.
+ type: list
+ elements: str
+ color:
+ description:
+ - Color of the object. Should be one of existing colors.
+ type: str
+ choices: ['aquamarine', 'black', 'blue', 'crete blue', 'burlywood', 'cyan', 'dark green', 'khaki', 'orchid', 'dark orange', 'dark sea green',
+ 'pink', 'turquoise', 'dark blue', 'firebrick', 'brown', 'forest green', 'gold', 'dark gold', 'gray', 'dark gray', 'light green', 'lemon chiffon',
+ 'coral', 'sea green', 'sky blue', 'magenta', 'purple', 'slate blue', 'violet red', 'navy blue', 'olive', 'orange', 'red', 'sienna', 'yellow']
+ comments:
+ description:
+ - Comments string.
+ type: str
+ details_level:
+ description:
+ - The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed
+ representation of the object.
+ type: str
+ choices: ['uid', 'standard', 'full']
+ groups:
+ description:
+ - Collection of group identifiers.
+ type: list
+ elements: str
+ ignore_warnings:
+ description:
+ - Apply changes ignoring warnings.
+ type: bool
+ ignore_errors:
+ description:
+ - Apply changes ignoring errors. You won't be able to publish such a changes. If ignore-warnings flag was omitted - warnings will also be ignored.
+ type: bool
+extends_documentation_fragment: check_point.mgmt.checkpoint_objects
+"""
+
+EXAMPLES = """
+- name: add-service-icmp6
+ cp_mgmt_service_icmp6:
+ icmp_code: 7
+ icmp_type: 5
+ name: Icmp1
+ state: present
+
+- name: set-service-icmp6
+ cp_mgmt_service_icmp6:
+ icmp_code: 13
+ icmp_type: 45
+ name: icmp1
+ state: present
+
+- name: delete-service-icmp6
+ cp_mgmt_service_icmp6:
+ name: icmp2
+ state: absent
+"""
+
+RETURN = """
+cp_mgmt_service_icmp6:
+ description: The checkpoint object created or updated.
+ returned: always, except when deleting the object.
+ type: dict
+"""
+
+from ansible.module_utils.basic import AnsibleModule
+from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_objects, api_call
+
+
+def main():
+ argument_spec = dict(
+ name=dict(type='str', required=True),
+ icmp_code=dict(type='int'),
+ icmp_type=dict(type='int'),
+ keep_connections_open_after_policy_installation=dict(type='bool'),
+ tags=dict(type='list', elements='str'),
+ color=dict(type='str', choices=['aquamarine', 'black', 'blue', 'crete blue', 'burlywood', 'cyan', 'dark green',
+ 'khaki', 'orchid', 'dark orange', 'dark sea green', 'pink', 'turquoise', 'dark blue', 'firebrick', 'brown',
+ 'forest green', 'gold', 'dark gold', 'gray', 'dark gray', 'light green', 'lemon chiffon', 'coral', 'sea green',
+ 'sky blue', 'magenta', 'purple', 'slate blue', 'violet red', 'navy blue', 'olive', 'orange', 'red', 'sienna',
+ 'yellow']),
+ comments=dict(type='str'),
+ details_level=dict(type='str', choices=['uid', 'standard', 'full']),
+ groups=dict(type='list', elements='str'),
+ ignore_warnings=dict(type='bool'),
+ ignore_errors=dict(type='bool')
+ )
+ argument_spec.update(checkpoint_argument_spec_for_objects)
+
+ module = AnsibleModule(argument_spec=argument_spec, supports_check_mode=True)
+ api_call_object = 'service-icmp6'
+
+ result = api_call(module, api_call_object)
+ module.exit_json(**result)
+
+
+if __name__ == '__main__':
+ main()
diff --git a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_service_icmp6_facts.py b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_service_icmp6_facts.py
new file mode 100644
index 000000000..d94525f23
--- /dev/null
+++ b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_service_icmp6_facts.py
@@ -0,0 +1,131 @@
+#!/usr/bin/python
+# -*- coding: utf-8 -*-
+#
+# Ansible module to manage Check Point Firewall (c) 2019
+#
+# Ansible is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# Ansible is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with Ansible. If not, see <http://www.gnu.org/licenses/>.
+#
+
+from __future__ import (absolute_import, division, print_function)
+
+__metaclass__ = type
+
+ANSIBLE_METADATA = {'metadata_version': '1.1',
+ 'status': ['preview'],
+ 'supported_by': 'community'}
+
+DOCUMENTATION = """
+---
+module: cp_mgmt_service_icmp6_facts
+short_description: Get service-icmp6 objects facts on Check Point over Web Services API
+description:
+ - Get service-icmp6 objects facts on Check Point devices.
+ - All operations are performed over Web Services API.
+ - This module handles both operations, get a specific object and get several objects,
+ For getting a specific object use the parameter 'name'.
+version_added: "1.0.0"
+author: "Or Soffer (@chkp-orso)"
+options:
+ name:
+ description:
+ - Object name.
+ This parameter is relevant only for getting a specific object.
+ type: str
+ details_level:
+ description:
+ - The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed
+ representation of the object.
+ type: str
+ choices: ['uid', 'standard', 'full']
+ limit:
+ description:
+ - No more than that many results will be returned.
+ This parameter is relevant only for getting few objects.
+ type: int
+ offset:
+ description:
+ - Skip that many results before beginning to return them.
+ This parameter is relevant only for getting few objects.
+ type: int
+ order:
+ description:
+ - Sorts results by the given field. By default the results are sorted in the ascending order by name.
+ This parameter is relevant only for getting few objects.
+ type: list
+ elements: dict
+ suboptions:
+ ASC:
+ description:
+ - Sorts results by the given field in ascending order.
+ type: str
+ choices: ['name']
+ DESC:
+ description:
+ - Sorts results by the given field in descending order.
+ type: str
+ choices: ['name']
+ show_membership:
+ description:
+ - Indicates whether to calculate and show "groups" field for every object in reply.
+ type: bool
+extends_documentation_fragment: check_point.mgmt.checkpoint_facts
+"""
+
+EXAMPLES = """
+- name: show-service-icmp6
+ cp_mgmt_service_icmp6_facts:
+ name: echo-reply6
+
+- name: show-services-icmp6
+ cp_mgmt_service_icmp6_facts:
+ limit: 2
+ offset: 4
+"""
+
+RETURN = """
+ansible_facts:
+ description: The checkpoint object facts.
+ returned: always.
+ type: dict
+"""
+
+from ansible.module_utils.basic import AnsibleModule
+from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_facts, api_call_facts
+
+
+def main():
+ argument_spec = dict(
+ name=dict(type='str'),
+ details_level=dict(type='str', choices=['uid', 'standard', 'full']),
+ limit=dict(type='int'),
+ offset=dict(type='int'),
+ order=dict(type='list', elements='dict', options=dict(
+ ASC=dict(type='str', choices=['name']),
+ DESC=dict(type='str', choices=['name'])
+ )),
+ show_membership=dict(type='bool')
+ )
+ argument_spec.update(checkpoint_argument_spec_for_facts)
+
+ module = AnsibleModule(argument_spec=argument_spec, supports_check_mode=True)
+
+ api_call_object = "service-icmp6"
+ api_call_object_plural_version = "services-icmp6"
+
+ result = api_call_facts(module, api_call_object, api_call_object_plural_version)
+ module.exit_json(ansible_facts=result)
+
+
+if __name__ == '__main__':
+ main()
diff --git a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_service_icmp_facts.py b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_service_icmp_facts.py
new file mode 100644
index 000000000..8d044c37f
--- /dev/null
+++ b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_service_icmp_facts.py
@@ -0,0 +1,131 @@
+#!/usr/bin/python
+# -*- coding: utf-8 -*-
+#
+# Ansible module to manage Check Point Firewall (c) 2019
+#
+# Ansible is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# Ansible is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with Ansible. If not, see <http://www.gnu.org/licenses/>.
+#
+
+from __future__ import (absolute_import, division, print_function)
+
+__metaclass__ = type
+
+ANSIBLE_METADATA = {'metadata_version': '1.1',
+ 'status': ['preview'],
+ 'supported_by': 'community'}
+
+DOCUMENTATION = """
+---
+module: cp_mgmt_service_icmp_facts
+short_description: Get service-icmp objects facts on Check Point over Web Services API
+description:
+ - Get service-icmp objects facts on Check Point devices.
+ - All operations are performed over Web Services API.
+ - This module handles both operations, get a specific object and get several objects,
+ For getting a specific object use the parameter 'name'.
+version_added: "1.0.0"
+author: "Or Soffer (@chkp-orso)"
+options:
+ name:
+ description:
+ - Object name.
+ This parameter is relevant only for getting a specific object.
+ type: str
+ details_level:
+ description:
+ - The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed
+ representation of the object.
+ type: str
+ choices: ['uid', 'standard', 'full']
+ limit:
+ description:
+ - No more than that many results will be returned.
+ This parameter is relevant only for getting few objects.
+ type: int
+ offset:
+ description:
+ - Skip that many results before beginning to return them.
+ This parameter is relevant only for getting few objects.
+ type: int
+ order:
+ description:
+ - Sorts results by the given field. By default the results are sorted in the ascending order by name.
+ This parameter is relevant only for getting few objects.
+ type: list
+ elements: dict
+ suboptions:
+ ASC:
+ description:
+ - Sorts results by the given field in ascending order.
+ type: str
+ choices: ['name']
+ DESC:
+ description:
+ - Sorts results by the given field in descending order.
+ type: str
+ choices: ['name']
+ show_membership:
+ description:
+ - Indicates whether to calculate and show "groups" field for every object in reply.
+ type: bool
+extends_documentation_fragment: check_point.mgmt.checkpoint_facts
+"""
+
+EXAMPLES = """
+- name: show-service-icmp
+ cp_mgmt_service_icmp_facts:
+ name: info-req
+
+- name: show-services-icmp
+ cp_mgmt_service_icmp_facts:
+ limit: 4
+ offset: 3
+"""
+
+RETURN = """
+ansible_facts:
+ description: The checkpoint object facts.
+ returned: always.
+ type: dict
+"""
+
+from ansible.module_utils.basic import AnsibleModule
+from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_facts, api_call_facts
+
+
+def main():
+ argument_spec = dict(
+ name=dict(type='str'),
+ details_level=dict(type='str', choices=['uid', 'standard', 'full']),
+ limit=dict(type='int'),
+ offset=dict(type='int'),
+ order=dict(type='list', elements='dict', options=dict(
+ ASC=dict(type='str', choices=['name']),
+ DESC=dict(type='str', choices=['name'])
+ )),
+ show_membership=dict(type='bool')
+ )
+ argument_spec.update(checkpoint_argument_spec_for_facts)
+
+ module = AnsibleModule(argument_spec=argument_spec, supports_check_mode=True)
+
+ api_call_object = "service-icmp"
+ api_call_object_plural_version = "services-icmp"
+
+ result = api_call_facts(module, api_call_object, api_call_object_plural_version)
+ module.exit_json(ansible_facts=result)
+
+
+if __name__ == '__main__':
+ main()
diff --git a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_service_other.py b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_service_other.py
new file mode 100644
index 000000000..8e1766a58
--- /dev/null
+++ b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_service_other.py
@@ -0,0 +1,227 @@
+#!/usr/bin/python
+# -*- coding: utf-8 -*-
+#
+# Ansible module to manage Check Point Firewall (c) 2019
+#
+# Ansible is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# Ansible is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with Ansible. If not, see <http://www.gnu.org/licenses/>.
+#
+
+from __future__ import (absolute_import, division, print_function)
+
+__metaclass__ = type
+
+ANSIBLE_METADATA = {'metadata_version': '1.1',
+ 'status': ['preview'],
+ 'supported_by': 'community'}
+
+DOCUMENTATION = """
+---
+module: cp_mgmt_service_other
+short_description: Manages service-other objects on Check Point over Web Services API
+description:
+ - Manages service-other objects on Check Point devices including creating, updating and removing objects.
+ - All operations are performed over Web Services API.
+version_added: "1.0.0"
+author: "Or Soffer (@chkp-orso)"
+options:
+ name:
+ description:
+ - Object name.
+ type: str
+ required: True
+ accept_replies:
+ description:
+ - Specifies whether Other Service replies are to be accepted.
+ type: bool
+ action:
+ description:
+ - Contains an INSPECT expression that defines the action to take if a rule containing this service is matched.
+ Example, set r_mhandler &open_ssl_handler sets a handler on the connection.
+ type: str
+ aggressive_aging:
+ description:
+ - Sets short (aggressive) timeouts for idle connections.
+ type: dict
+ suboptions:
+ default_timeout:
+ description:
+ - Default aggressive aging timeout in seconds.
+ type: int
+ enable:
+ description:
+ - N/A
+ type: bool
+ timeout:
+ description:
+ - Aggressive aging timeout in seconds.
+ type: int
+ use_default_timeout:
+ description:
+ - N/A
+ type: bool
+ ip_protocol:
+ description:
+ - IP protocol number.
+ type: int
+ keep_connections_open_after_policy_installation:
+ description:
+ - Keep connections open after policy has been installed even if they are not allowed under the new policy. This overrides the settings in the
+ Connection Persistence page. If you change this property, the change will not affect open connections, but only future connections.
+ type: bool
+ match:
+ description:
+ - Contains an INSPECT expression that defines the matching criteria. The connection is examined against the expression during the first packet.
+ Example, tcp, dport = 21, direction = 0 matches incoming FTP control connections.
+ type: str
+ match_for_any:
+ description:
+ - Indicates whether this service is used when 'Any' is set as the rule's service and there are several service objects with the same source port
+ and protocol.
+ type: bool
+ override_default_settings:
+ description:
+ - Indicates whether this service is a Data Domain service which has been overridden.
+ type: bool
+ session_timeout:
+ description:
+ - Time (in seconds) before the session times out.
+ type: int
+ sync_connections_on_cluster:
+ description:
+ - Enables state-synchronized High Availability or Load Sharing on a ClusterXL or OPSEC-certified cluster.
+ type: bool
+ tags:
+ description:
+ - Collection of tag identifiers.
+ type: list
+ elements: str
+ use_default_session_timeout:
+ description:
+ - Use default virtual session timeout.
+ type: bool
+ color:
+ description:
+ - Color of the object. Should be one of existing colors.
+ type: str
+ choices: ['aquamarine', 'black', 'blue', 'crete blue', 'burlywood', 'cyan', 'dark green', 'khaki', 'orchid', 'dark orange', 'dark sea green',
+ 'pink', 'turquoise', 'dark blue', 'firebrick', 'brown', 'forest green', 'gold', 'dark gold', 'gray', 'dark gray', 'light green', 'lemon chiffon',
+ 'coral', 'sea green', 'sky blue', 'magenta', 'purple', 'slate blue', 'violet red', 'navy blue', 'olive', 'orange', 'red', 'sienna', 'yellow']
+ comments:
+ description:
+ - Comments string.
+ type: str
+ details_level:
+ description:
+ - The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed
+ representation of the object.
+ type: str
+ choices: ['uid', 'standard', 'full']
+ groups:
+ description:
+ - Collection of group identifiers.
+ type: list
+ elements: str
+ ignore_warnings:
+ description:
+ - Apply changes ignoring warnings.
+ type: bool
+ ignore_errors:
+ description:
+ - Apply changes ignoring errors. You won't be able to publish such a changes. If ignore-warnings flag was omitted - warnings will also be ignored.
+ type: bool
+extends_documentation_fragment: check_point.mgmt.checkpoint_objects
+"""
+
+EXAMPLES = """
+- name: add-service-other
+ cp_mgmt_service_other:
+ aggressive_aging:
+ enable: true
+ timeout: 360
+ use_default_timeout: false
+ ip_protocol: 51
+ keep_connections_open_after_policy_installation: false
+ match_for_any: true
+ name: New_Service_1
+ session_timeout: 0
+ state: present
+ sync_connections_on_cluster: true
+
+- name: set-service-other
+ cp_mgmt_service_other:
+ aggressive_aging:
+ default_timeout: 3600
+ color: green
+ name: New_Service_1
+ state: present
+
+- name: delete-service-other
+ cp_mgmt_service_other:
+ name: New_Service_2
+ state: absent
+"""
+
+RETURN = """
+cp_mgmt_service_other:
+ description: The checkpoint object created or updated.
+ returned: always, except when deleting the object.
+ type: dict
+"""
+
+from ansible.module_utils.basic import AnsibleModule
+from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_objects, api_call
+
+
+def main():
+ argument_spec = dict(
+ name=dict(type='str', required=True),
+ accept_replies=dict(type='bool'),
+ action=dict(type='str'),
+ aggressive_aging=dict(type='dict', options=dict(
+ default_timeout=dict(type='int'),
+ enable=dict(type='bool'),
+ timeout=dict(type='int'),
+ use_default_timeout=dict(type='bool')
+ )),
+ ip_protocol=dict(type='int'),
+ keep_connections_open_after_policy_installation=dict(type='bool'),
+ match=dict(type='str'),
+ match_for_any=dict(type='bool'),
+ override_default_settings=dict(type='bool'),
+ session_timeout=dict(type='int'),
+ sync_connections_on_cluster=dict(type='bool'),
+ tags=dict(type='list', elements='str'),
+ use_default_session_timeout=dict(type='bool'),
+ color=dict(type='str', choices=['aquamarine', 'black', 'blue', 'crete blue', 'burlywood', 'cyan', 'dark green',
+ 'khaki', 'orchid', 'dark orange', 'dark sea green', 'pink', 'turquoise', 'dark blue', 'firebrick', 'brown',
+ 'forest green', 'gold', 'dark gold', 'gray', 'dark gray', 'light green', 'lemon chiffon', 'coral', 'sea green',
+ 'sky blue', 'magenta', 'purple', 'slate blue', 'violet red', 'navy blue', 'olive', 'orange', 'red', 'sienna',
+ 'yellow']),
+ comments=dict(type='str'),
+ details_level=dict(type='str', choices=['uid', 'standard', 'full']),
+ groups=dict(type='list', elements='str'),
+ ignore_warnings=dict(type='bool'),
+ ignore_errors=dict(type='bool')
+ )
+ argument_spec.update(checkpoint_argument_spec_for_objects)
+
+ module = AnsibleModule(argument_spec=argument_spec, supports_check_mode=True)
+ api_call_object = 'service-other'
+
+ result = api_call(module, api_call_object)
+ module.exit_json(**result)
+
+
+if __name__ == '__main__':
+ main()
diff --git a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_service_other_facts.py b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_service_other_facts.py
new file mode 100644
index 000000000..e7ad3da11
--- /dev/null
+++ b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_service_other_facts.py
@@ -0,0 +1,132 @@
+#!/usr/bin/python
+# -*- coding: utf-8 -*-
+#
+# Ansible module to manage Check Point Firewall (c) 2019
+#
+# Ansible is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# Ansible is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with Ansible. If not, see <http://www.gnu.org/licenses/>.
+#
+
+from __future__ import (absolute_import, division, print_function)
+
+__metaclass__ = type
+
+ANSIBLE_METADATA = {'metadata_version': '1.1',
+ 'status': ['preview'],
+ 'supported_by': 'community'}
+
+DOCUMENTATION = """
+---
+module: cp_mgmt_service_other_facts
+short_description: Get service-other objects facts on Check Point over Web Services API
+description:
+ - Get service-other objects facts on Check Point devices.
+ - All operations are performed over Web Services API.
+ - This module handles both operations, get a specific object and get several objects,
+ For getting a specific object use the parameter 'name'.
+version_added: "1.0.0"
+author: "Or Soffer (@chkp-orso)"
+options:
+ name:
+ description:
+ - Object name.
+ This parameter is relevant only for getting a specific object.
+ type: str
+ details_level:
+ description:
+ - The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed
+ representation of the object.
+ type: str
+ choices: ['uid', 'standard', 'full']
+ limit:
+ description:
+ - No more than that many results will be returned.
+ This parameter is relevant only for getting few objects.
+ type: int
+ offset:
+ description:
+ - Skip that many results before beginning to return them.
+ This parameter is relevant only for getting few objects.
+ type: int
+ order:
+ description:
+ - Sorts results by the given field. By default the results are sorted in the ascending order by name.
+ This parameter is relevant only for getting few objects.
+ type: list
+ elements: dict
+ suboptions:
+ ASC:
+ description:
+ - Sorts results by the given field in ascending order.
+ type: str
+ choices: ['name']
+ DESC:
+ description:
+ - Sorts results by the given field in descending order.
+ type: str
+ choices: ['name']
+ show_membership:
+ description:
+ - Indicates whether to calculate and show "groups" field for every object in reply.
+ type: bool
+extends_documentation_fragment: check_point.mgmt.checkpoint_facts
+"""
+
+EXAMPLES = """
+- name: show-service-other
+ cp_mgmt_service_other_facts:
+ name: New_Service_1
+
+- name: show-services-other
+ cp_mgmt_service_other_facts:
+ details_level: standard
+ limit: 50
+ offset: 0
+"""
+
+RETURN = """
+ansible_facts:
+ description: The checkpoint object facts.
+ returned: always.
+ type: dict
+"""
+
+from ansible.module_utils.basic import AnsibleModule
+from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_facts, api_call_facts
+
+
+def main():
+ argument_spec = dict(
+ name=dict(type='str'),
+ details_level=dict(type='str', choices=['uid', 'standard', 'full']),
+ limit=dict(type='int'),
+ offset=dict(type='int'),
+ order=dict(type='list', elements='dict', options=dict(
+ ASC=dict(type='str', choices=['name']),
+ DESC=dict(type='str', choices=['name'])
+ )),
+ show_membership=dict(type='bool')
+ )
+ argument_spec.update(checkpoint_argument_spec_for_facts)
+
+ module = AnsibleModule(argument_spec=argument_spec, supports_check_mode=True)
+
+ api_call_object = "service-other"
+ api_call_object_plural_version = "services-other"
+
+ result = api_call_facts(module, api_call_object, api_call_object_plural_version)
+ module.exit_json(ansible_facts=result)
+
+
+if __name__ == '__main__':
+ main()
diff --git a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_service_rpc.py b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_service_rpc.py
new file mode 100644
index 000000000..e9f917ca1
--- /dev/null
+++ b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_service_rpc.py
@@ -0,0 +1,149 @@
+#!/usr/bin/python
+# -*- coding: utf-8 -*-
+#
+# Ansible module to manage Check Point Firewall (c) 2019
+#
+# Ansible is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# Ansible is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with Ansible. If not, see <http://www.gnu.org/licenses/>.
+#
+
+from __future__ import (absolute_import, division, print_function)
+
+__metaclass__ = type
+
+ANSIBLE_METADATA = {'metadata_version': '1.1',
+ 'status': ['preview'],
+ 'supported_by': 'community'}
+
+DOCUMENTATION = """
+---
+module: cp_mgmt_service_rpc
+short_description: Manages service-rpc objects on Check Point over Web Services API
+description:
+ - Manages service-rpc objects on Check Point devices including creating, updating and removing objects.
+ - All operations are performed over Web Services API.
+version_added: "1.0.0"
+author: "Or Soffer (@chkp-orso)"
+options:
+ name:
+ description:
+ - Object name.
+ type: str
+ required: True
+ keep_connections_open_after_policy_installation:
+ description:
+ - Keep connections open after policy has been installed even if they are not allowed under the new policy. This overrides the settings in the
+ Connection Persistence page. If you change this property, the change will not affect open connections, but only future connections.
+ type: bool
+ program_number:
+ description:
+ - N/A
+ type: int
+ tags:
+ description:
+ - Collection of tag identifiers.
+ type: list
+ elements: str
+ color:
+ description:
+ - Color of the object. Should be one of existing colors.
+ type: str
+ choices: ['aquamarine', 'black', 'blue', 'crete blue', 'burlywood', 'cyan', 'dark green', 'khaki', 'orchid', 'dark orange', 'dark sea green',
+ 'pink', 'turquoise', 'dark blue', 'firebrick', 'brown', 'forest green', 'gold', 'dark gold', 'gray', 'dark gray', 'light green', 'lemon chiffon',
+ 'coral', 'sea green', 'sky blue', 'magenta', 'purple', 'slate blue', 'violet red', 'navy blue', 'olive', 'orange', 'red', 'sienna', 'yellow']
+ comments:
+ description:
+ - Comments string.
+ type: str
+ details_level:
+ description:
+ - The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed
+ representation of the object.
+ type: str
+ choices: ['uid', 'standard', 'full']
+ groups:
+ description:
+ - Collection of group identifiers.
+ type: list
+ elements: str
+ ignore_warnings:
+ description:
+ - Apply changes ignoring warnings.
+ type: bool
+ ignore_errors:
+ description:
+ - Apply changes ignoring errors. You won't be able to publish such a changes. If ignore-warnings flag was omitted - warnings will also be ignored.
+ type: bool
+extends_documentation_fragment: check_point.mgmt.checkpoint_objects
+"""
+
+EXAMPLES = """
+- name: add-service-rpc
+ cp_mgmt_service_rpc:
+ keep_connections_open_after_policy_installation: false
+ name: New_RPC_Service_1
+ program_number: 5669
+ state: present
+
+- name: set-service-rpc
+ cp_mgmt_service_rpc:
+ color: green
+ name: New_RPC_Service_1
+ program_number: 5656
+ state: present
+
+- name: delete-service-rpc
+ cp_mgmt_service_rpc:
+ name: New_RPC_Service_2
+ state: absent
+"""
+
+RETURN = """
+cp_mgmt_service_rpc:
+ description: The checkpoint object created or updated.
+ returned: always, except when deleting the object.
+ type: dict
+"""
+
+from ansible.module_utils.basic import AnsibleModule
+from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_objects, api_call
+
+
+def main():
+ argument_spec = dict(
+ name=dict(type='str', required=True),
+ keep_connections_open_after_policy_installation=dict(type='bool'),
+ program_number=dict(type='int'),
+ tags=dict(type='list', elements='str'),
+ color=dict(type='str', choices=['aquamarine', 'black', 'blue', 'crete blue', 'burlywood', 'cyan', 'dark green',
+ 'khaki', 'orchid', 'dark orange', 'dark sea green', 'pink', 'turquoise', 'dark blue', 'firebrick', 'brown',
+ 'forest green', 'gold', 'dark gold', 'gray', 'dark gray', 'light green', 'lemon chiffon', 'coral', 'sea green',
+ 'sky blue', 'magenta', 'purple', 'slate blue', 'violet red', 'navy blue', 'olive', 'orange', 'red', 'sienna',
+ 'yellow']),
+ comments=dict(type='str'),
+ details_level=dict(type='str', choices=['uid', 'standard', 'full']),
+ groups=dict(type='list', elements='str'),
+ ignore_warnings=dict(type='bool'),
+ ignore_errors=dict(type='bool')
+ )
+ argument_spec.update(checkpoint_argument_spec_for_objects)
+
+ module = AnsibleModule(argument_spec=argument_spec, supports_check_mode=True)
+ api_call_object = 'service-rpc'
+
+ result = api_call(module, api_call_object)
+ module.exit_json(**result)
+
+
+if __name__ == '__main__':
+ main()
diff --git a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_service_rpc_facts.py b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_service_rpc_facts.py
new file mode 100644
index 000000000..3ff1f3c0b
--- /dev/null
+++ b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_service_rpc_facts.py
@@ -0,0 +1,132 @@
+#!/usr/bin/python
+# -*- coding: utf-8 -*-
+#
+# Ansible module to manage Check Point Firewall (c) 2019
+#
+# Ansible is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# Ansible is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with Ansible. If not, see <http://www.gnu.org/licenses/>.
+#
+
+from __future__ import (absolute_import, division, print_function)
+
+__metaclass__ = type
+
+ANSIBLE_METADATA = {'metadata_version': '1.1',
+ 'status': ['preview'],
+ 'supported_by': 'community'}
+
+DOCUMENTATION = """
+---
+module: cp_mgmt_service_rpc_facts
+short_description: Get service-rpc objects facts on Check Point over Web Services API
+description:
+ - Get service-rpc objects facts on Check Point devices.
+ - All operations are performed over Web Services API.
+ - This module handles both operations, get a specific object and get several objects,
+ For getting a specific object use the parameter 'name'.
+version_added: "1.0.0"
+author: "Or Soffer (@chkp-orso)"
+options:
+ name:
+ description:
+ - Object name.
+ This parameter is relevant only for getting a specific object.
+ type: str
+ details_level:
+ description:
+ - The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed
+ representation of the object.
+ type: str
+ choices: ['uid', 'standard', 'full']
+ limit:
+ description:
+ - No more than that many results will be returned.
+ This parameter is relevant only for getting few objects.
+ type: int
+ offset:
+ description:
+ - Skip that many results before beginning to return them.
+ This parameter is relevant only for getting few objects.
+ type: int
+ order:
+ description:
+ - Sorts results by the given field. By default the results are sorted in the ascending order by name.
+ This parameter is relevant only for getting few objects.
+ type: list
+ elements: dict
+ suboptions:
+ ASC:
+ description:
+ - Sorts results by the given field in ascending order.
+ type: str
+ choices: ['name']
+ DESC:
+ description:
+ - Sorts results by the given field in descending order.
+ type: str
+ choices: ['name']
+ show_membership:
+ description:
+ - Indicates whether to calculate and show "groups" field for every object in reply.
+ type: bool
+extends_documentation_fragment: check_point.mgmt.checkpoint_facts
+"""
+
+EXAMPLES = """
+- name: show-service-rpc
+ cp_mgmt_service_rpc_facts:
+ name: nisplus
+
+- name: show-services-rpc
+ cp_mgmt_service_rpc_facts:
+ details_level: standard
+ limit: 50
+ offset: 0
+"""
+
+RETURN = """
+ansible_facts:
+ description: The checkpoint object facts.
+ returned: always.
+ type: dict
+"""
+
+from ansible.module_utils.basic import AnsibleModule
+from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_facts, api_call_facts
+
+
+def main():
+ argument_spec = dict(
+ name=dict(type='str'),
+ details_level=dict(type='str', choices=['uid', 'standard', 'full']),
+ limit=dict(type='int'),
+ offset=dict(type='int'),
+ order=dict(type='list', elements='dict', options=dict(
+ ASC=dict(type='str', choices=['name']),
+ DESC=dict(type='str', choices=['name'])
+ )),
+ show_membership=dict(type='bool')
+ )
+ argument_spec.update(checkpoint_argument_spec_for_facts)
+
+ module = AnsibleModule(argument_spec=argument_spec, supports_check_mode=True)
+
+ api_call_object = "service-rpc"
+ api_call_object_plural_version = "services-rpc"
+
+ result = api_call_facts(module, api_call_object, api_call_object_plural_version)
+ module.exit_json(ansible_facts=result)
+
+
+if __name__ == '__main__':
+ main()
diff --git a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_service_sctp.py b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_service_sctp.py
new file mode 100644
index 000000000..624a81939
--- /dev/null
+++ b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_service_sctp.py
@@ -0,0 +1,211 @@
+#!/usr/bin/python
+# -*- coding: utf-8 -*-
+#
+# Ansible module to manage Check Point Firewall (c) 2019
+#
+# Ansible is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# Ansible is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with Ansible. If not, see <http://www.gnu.org/licenses/>.
+#
+
+from __future__ import (absolute_import, division, print_function)
+
+__metaclass__ = type
+
+ANSIBLE_METADATA = {'metadata_version': '1.1',
+ 'status': ['preview'],
+ 'supported_by': 'community'}
+
+DOCUMENTATION = """
+---
+module: cp_mgmt_service_sctp
+short_description: Manages service-sctp objects on Check Point over Web Services API
+description:
+ - Manages service-sctp objects on Check Point devices including creating, updating and removing objects.
+ - All operations are performed over Web Services API.
+version_added: "1.0.0"
+author: "Or Soffer (@chkp-orso)"
+options:
+ name:
+ description:
+ - Object name.
+ type: str
+ required: True
+ port:
+ description:
+ - Port number. To specify a port range add a hyphen between the lowest and the highest port numbers, for example 44-45.
+ type: str
+ aggressive_aging:
+ description:
+ - Sets short (aggressive) timeouts for idle connections.
+ type: dict
+ suboptions:
+ default_timeout:
+ description:
+ - Default aggressive aging timeout in seconds.
+ type: int
+ enable:
+ description:
+ - N/A
+ type: bool
+ timeout:
+ description:
+ - Aggressive aging timeout in seconds.
+ type: int
+ use_default_timeout:
+ description:
+ - N/A
+ type: bool
+ keep_connections_open_after_policy_installation:
+ description:
+ - Keep connections open after policy has been installed even if they are not allowed under the new policy. This overrides the settings in the
+ Connection Persistence page. If you change this property, the change will not affect open connections, but only future connections.
+ type: bool
+ match_for_any:
+ description:
+ - Indicates whether this service is used when 'Any' is set as the rule's service and there are several service objects with the same source port
+ and protocol.
+ type: bool
+ session_timeout:
+ description:
+ - Time (in seconds) before the session times out.
+ type: int
+ source_port:
+ description:
+ - Source port number. To specify a port range add a hyphen between the lowest and the highest port numbers, for example 44-45.
+ type: str
+ sync_connections_on_cluster:
+ description:
+ - Enables state-synchronized High Availability or Load Sharing on a ClusterXL or OPSEC-certified cluster.
+ type: bool
+ tags:
+ description:
+ - Collection of tag identifiers.
+ type: list
+ elements: str
+ use_default_session_timeout:
+ description:
+ - Use default virtual session timeout.
+ type: bool
+ color:
+ description:
+ - Color of the object. Should be one of existing colors.
+ type: str
+ choices: ['aquamarine', 'black', 'blue', 'crete blue', 'burlywood', 'cyan', 'dark green', 'khaki', 'orchid', 'dark orange', 'dark sea green',
+ 'pink', 'turquoise', 'dark blue', 'firebrick', 'brown', 'forest green', 'gold', 'dark gold', 'gray', 'dark gray', 'light green', 'lemon chiffon',
+ 'coral', 'sea green', 'sky blue', 'magenta', 'purple', 'slate blue', 'violet red', 'navy blue', 'olive', 'orange', 'red', 'sienna', 'yellow']
+ comments:
+ description:
+ - Comments string.
+ type: str
+ details_level:
+ description:
+ - The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed
+ representation of the object.
+ type: str
+ choices: ['uid', 'standard', 'full']
+ groups:
+ description:
+ - Collection of group identifiers.
+ type: list
+ elements: str
+ ignore_warnings:
+ description:
+ - Apply changes ignoring warnings.
+ type: bool
+ ignore_errors:
+ description:
+ - Apply changes ignoring errors. You won't be able to publish such a changes. If ignore-warnings flag was omitted - warnings will also be ignored.
+ type: bool
+extends_documentation_fragment: check_point.mgmt.checkpoint_objects
+"""
+
+EXAMPLES = """
+- name: add-service-sctp
+ cp_mgmt_service_sctp:
+ aggressive_aging:
+ enable: true
+ timeout: 360
+ use_default_timeout: false
+ keep_connections_open_after_policy_installation: false
+ match_for_any: true
+ name: New_SCTP_Service_1
+ port: 5669
+ session_timeout: 0
+ state: present
+ sync_connections_on_cluster: true
+
+- name: set-service-sctp
+ cp_mgmt_service_sctp:
+ aggressive_aging:
+ default_timeout: 3600
+ color: green
+ name: New_SCTP_Service_1
+ port: 5656
+ state: present
+
+- name: delete-service-sctp
+ cp_mgmt_service_sctp:
+ name: New_SCTP_Service_2
+ state: absent
+"""
+
+RETURN = """
+cp_mgmt_service_sctp:
+ description: The checkpoint object created or updated.
+ returned: always, except when deleting the object.
+ type: dict
+"""
+
+from ansible.module_utils.basic import AnsibleModule
+from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_objects, api_call
+
+
+def main():
+ argument_spec = dict(
+ name=dict(type='str', required=True),
+ port=dict(type='str'),
+ aggressive_aging=dict(type='dict', options=dict(
+ default_timeout=dict(type='int'),
+ enable=dict(type='bool'),
+ timeout=dict(type='int'),
+ use_default_timeout=dict(type='bool')
+ )),
+ keep_connections_open_after_policy_installation=dict(type='bool'),
+ match_for_any=dict(type='bool'),
+ session_timeout=dict(type='int'),
+ source_port=dict(type='str'),
+ sync_connections_on_cluster=dict(type='bool'),
+ tags=dict(type='list', elements='str'),
+ use_default_session_timeout=dict(type='bool'),
+ color=dict(type='str', choices=['aquamarine', 'black', 'blue', 'crete blue', 'burlywood', 'cyan', 'dark green',
+ 'khaki', 'orchid', 'dark orange', 'dark sea green', 'pink', 'turquoise', 'dark blue', 'firebrick', 'brown',
+ 'forest green', 'gold', 'dark gold', 'gray', 'dark gray', 'light green', 'lemon chiffon', 'coral', 'sea green',
+ 'sky blue', 'magenta', 'purple', 'slate blue', 'violet red', 'navy blue', 'olive', 'orange', 'red', 'sienna',
+ 'yellow']),
+ comments=dict(type='str'),
+ details_level=dict(type='str', choices=['uid', 'standard', 'full']),
+ groups=dict(type='list', elements='str'),
+ ignore_warnings=dict(type='bool'),
+ ignore_errors=dict(type='bool')
+ )
+ argument_spec.update(checkpoint_argument_spec_for_objects)
+
+ module = AnsibleModule(argument_spec=argument_spec, supports_check_mode=True)
+ api_call_object = 'service-sctp'
+
+ result = api_call(module, api_call_object)
+ module.exit_json(**result)
+
+
+if __name__ == '__main__':
+ main()
diff --git a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_service_sctp_facts.py b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_service_sctp_facts.py
new file mode 100644
index 000000000..852aacff5
--- /dev/null
+++ b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_service_sctp_facts.py
@@ -0,0 +1,132 @@
+#!/usr/bin/python
+# -*- coding: utf-8 -*-
+#
+# Ansible module to manage Check Point Firewall (c) 2019
+#
+# Ansible is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# Ansible is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with Ansible. If not, see <http://www.gnu.org/licenses/>.
+#
+
+from __future__ import (absolute_import, division, print_function)
+
+__metaclass__ = type
+
+ANSIBLE_METADATA = {'metadata_version': '1.1',
+ 'status': ['preview'],
+ 'supported_by': 'community'}
+
+DOCUMENTATION = """
+---
+module: cp_mgmt_service_sctp_facts
+short_description: Get service-sctp objects facts on Check Point over Web Services API
+description:
+ - Get service-sctp objects facts on Check Point devices.
+ - All operations are performed over Web Services API.
+ - This module handles both operations, get a specific object and get several objects,
+ For getting a specific object use the parameter 'name'.
+version_added: "1.0.0"
+author: "Or Soffer (@chkp-orso)"
+options:
+ name:
+ description:
+ - Object name.
+ This parameter is relevant only for getting a specific object.
+ type: str
+ details_level:
+ description:
+ - The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed
+ representation of the object.
+ type: str
+ choices: ['uid', 'standard', 'full']
+ limit:
+ description:
+ - No more than that many results will be returned.
+ This parameter is relevant only for getting few objects.
+ type: int
+ offset:
+ description:
+ - Skip that many results before beginning to return them.
+ This parameter is relevant only for getting few objects.
+ type: int
+ order:
+ description:
+ - Sorts results by the given field. By default the results are sorted in the ascending order by name.
+ This parameter is relevant only for getting few objects.
+ type: list
+ elements: dict
+ suboptions:
+ ASC:
+ description:
+ - Sorts results by the given field in ascending order.
+ type: str
+ choices: ['name']
+ DESC:
+ description:
+ - Sorts results by the given field in descending order.
+ type: str
+ choices: ['name']
+ show_membership:
+ description:
+ - Indicates whether to calculate and show "groups" field for every object in reply.
+ type: bool
+extends_documentation_fragment: check_point.mgmt.checkpoint_facts
+"""
+
+EXAMPLES = """
+- name: show-service-sctp
+ cp_mgmt_service_sctp_facts:
+ name: New_SCTP_Service_1
+
+- name: show-services-sctp
+ cp_mgmt_service_sctp_facts:
+ details_level: standard
+ limit: 50
+ offset: 0
+"""
+
+RETURN = """
+ansible_facts:
+ description: The checkpoint object facts.
+ returned: always.
+ type: dict
+"""
+
+from ansible.module_utils.basic import AnsibleModule
+from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_facts, api_call_facts
+
+
+def main():
+ argument_spec = dict(
+ name=dict(type='str'),
+ details_level=dict(type='str', choices=['uid', 'standard', 'full']),
+ limit=dict(type='int'),
+ offset=dict(type='int'),
+ order=dict(type='list', elements='dict', options=dict(
+ ASC=dict(type='str', choices=['name']),
+ DESC=dict(type='str', choices=['name'])
+ )),
+ show_membership=dict(type='bool')
+ )
+ argument_spec.update(checkpoint_argument_spec_for_facts)
+
+ module = AnsibleModule(argument_spec=argument_spec, supports_check_mode=True)
+
+ api_call_object = "service-sctp"
+ api_call_object_plural_version = "services-sctp"
+
+ result = api_call_facts(module, api_call_object, api_call_object_plural_version)
+ module.exit_json(ansible_facts=result)
+
+
+if __name__ == '__main__':
+ main()
diff --git a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_service_tcp.py b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_service_tcp.py
new file mode 100644
index 000000000..91b032b05
--- /dev/null
+++ b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_service_tcp.py
@@ -0,0 +1,231 @@
+#!/usr/bin/python
+# -*- coding: utf-8 -*-
+#
+# Ansible module to manage Check Point Firewall (c) 2019
+#
+# Ansible is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# Ansible is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with Ansible. If not, see <http://www.gnu.org/licenses/>.
+#
+
+from __future__ import (absolute_import, division, print_function)
+
+__metaclass__ = type
+
+ANSIBLE_METADATA = {'metadata_version': '1.1',
+ 'status': ['preview'],
+ 'supported_by': 'community'}
+
+DOCUMENTATION = """
+---
+module: cp_mgmt_service_tcp
+short_description: Manages service-tcp objects on Check Point over Web Services API
+description:
+ - Manages service-tcp objects on Check Point devices including creating, updating and removing objects.
+ - All operations are performed over Web Services API.
+version_added: "1.0.0"
+author: "Or Soffer (@chkp-orso)"
+options:
+ name:
+ description:
+ - Object name.
+ type: str
+ required: True
+ aggressive_aging:
+ description:
+ - Sets short (aggressive) timeouts for idle connections.
+ type: dict
+ suboptions:
+ default_timeout:
+ description:
+ - Default aggressive aging timeout in seconds.
+ type: int
+ enable:
+ description:
+ - N/A
+ type: bool
+ timeout:
+ description:
+ - Aggressive aging timeout in seconds.
+ type: int
+ use_default_timeout:
+ description:
+ - N/A
+ type: bool
+ keep_connections_open_after_policy_installation:
+ description:
+ - Keep connections open after policy has been installed even if they are not allowed under the new policy. This overrides the settings in the
+ Connection Persistence page. If you change this property, the change will not affect open connections, but only future connections.
+ type: bool
+ match_by_protocol_signature:
+ description:
+ - A value of true enables matching by the selected protocol's signature - the signature identifies the protocol as genuine. Select this option
+ to limit the port to the specified protocol. If the selected protocol does not support matching by signature, this field cannot be set to true.
+ type: bool
+ match_for_any:
+ description:
+ - Indicates whether this service is used when 'Any' is set as the rule's service and there are several service objects with the same source port
+ and protocol.
+ type: bool
+ override_default_settings:
+ description:
+ - Indicates whether this service is a Data Domain service which has been overridden.
+ type: bool
+ port:
+ description:
+ - The number of the port used to provide this service. To specify a port range, place a hyphen between the lowest and highest port numbers, for
+ example 44-55.
+ type: str
+ protocol:
+ description:
+ - Select the protocol type associated with the service, and by implication, the management server (if any) that enforces Content Security and
+ Authentication for the service. Selecting a Protocol Type invokes the specific protocol handlers for each protocol type, thus enabling higher level of
+ security by parsing the protocol, and higher level of connectivity by tracking dynamic actions (such as opening of ports).
+ type: str
+ session_timeout:
+ description:
+ - Time (in seconds) before the session times out.
+ type: int
+ source_port:
+ description:
+ - Port number for the client side service. If specified, only those Source port Numbers will be Accepted, Dropped, or Rejected during packet
+ inspection. Otherwise, the source port is not inspected.
+ type: str
+ sync_connections_on_cluster:
+ description:
+ - Enables state-synchronized High Availability or Load Sharing on a ClusterXL or OPSEC-certified cluster.
+ type: bool
+ tags:
+ description:
+ - Collection of tag identifiers.
+ type: list
+ elements: str
+ use_default_session_timeout:
+ description:
+ - Use default virtual session timeout.
+ type: bool
+ color:
+ description:
+ - Color of the object. Should be one of existing colors.
+ type: str
+ choices: ['aquamarine', 'black', 'blue', 'crete blue', 'burlywood', 'cyan', 'dark green', 'khaki', 'orchid', 'dark orange', 'dark sea green',
+ 'pink', 'turquoise', 'dark blue', 'firebrick', 'brown', 'forest green', 'gold', 'dark gold', 'gray', 'dark gray', 'light green', 'lemon chiffon',
+ 'coral', 'sea green', 'sky blue', 'magenta', 'purple', 'slate blue', 'violet red', 'navy blue', 'olive', 'orange', 'red', 'sienna', 'yellow']
+ comments:
+ description:
+ - Comments string.
+ type: str
+ details_level:
+ description:
+ - The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed
+ representation of the object.
+ type: str
+ choices: ['uid', 'standard', 'full']
+ groups:
+ description:
+ - Collection of group identifiers.
+ type: list
+ elements: str
+ ignore_warnings:
+ description:
+ - Apply changes ignoring warnings.
+ type: bool
+ ignore_errors:
+ description:
+ - Apply changes ignoring errors. You won't be able to publish such a changes. If ignore-warnings flag was omitted - warnings will also be ignored.
+ type: bool
+extends_documentation_fragment: check_point.mgmt.checkpoint_objects
+"""
+
+EXAMPLES = """
+- name: add-service-tcp
+ cp_mgmt_service_tcp:
+ aggressive_aging:
+ enable: true
+ timeout: 360
+ use_default_timeout: false
+ keep_connections_open_after_policy_installation: false
+ match_for_any: true
+ name: New_TCP_Service_1
+ port: 5669
+ session_timeout: 0
+ state: present
+ sync_connections_on_cluster: true
+
+- name: set-service-tcp
+ cp_mgmt_service_tcp:
+ aggressive_aging:
+ default_timeout: 3600
+ color: green
+ name: New_TCP_Service_1
+ port: 5656
+ state: present
+
+- name: delete-service-tcp
+ cp_mgmt_service_tcp:
+ name: New_TCP_Service_1
+ state: absent
+"""
+
+RETURN = """
+cp_mgmt_service_tcp:
+ description: The checkpoint object created or updated.
+ returned: always, except when deleting the object.
+ type: dict
+"""
+
+from ansible.module_utils.basic import AnsibleModule
+from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_objects, api_call
+
+
+def main():
+ argument_spec = dict(
+ name=dict(type='str', required=True),
+ aggressive_aging=dict(type='dict', options=dict(
+ default_timeout=dict(type='int'),
+ enable=dict(type='bool'),
+ timeout=dict(type='int'),
+ use_default_timeout=dict(type='bool')
+ )),
+ keep_connections_open_after_policy_installation=dict(type='bool'),
+ match_by_protocol_signature=dict(type='bool'),
+ match_for_any=dict(type='bool'),
+ override_default_settings=dict(type='bool'),
+ port=dict(type='str'),
+ protocol=dict(type='str'),
+ session_timeout=dict(type='int'),
+ source_port=dict(type='str'),
+ sync_connections_on_cluster=dict(type='bool'),
+ tags=dict(type='list', elements='str'),
+ use_default_session_timeout=dict(type='bool'),
+ color=dict(type='str', choices=['aquamarine', 'black', 'blue', 'crete blue', 'burlywood', 'cyan', 'dark green',
+ 'khaki', 'orchid', 'dark orange', 'dark sea green', 'pink', 'turquoise', 'dark blue', 'firebrick', 'brown',
+ 'forest green', 'gold', 'dark gold', 'gray', 'dark gray', 'light green', 'lemon chiffon', 'coral', 'sea green',
+ 'sky blue', 'magenta', 'purple', 'slate blue', 'violet red', 'navy blue', 'olive', 'orange', 'red', 'sienna',
+ 'yellow']),
+ comments=dict(type='str'),
+ details_level=dict(type='str', choices=['uid', 'standard', 'full']),
+ groups=dict(type='list', elements='str'),
+ ignore_warnings=dict(type='bool'),
+ ignore_errors=dict(type='bool')
+ )
+ argument_spec.update(checkpoint_argument_spec_for_objects)
+
+ module = AnsibleModule(argument_spec=argument_spec, supports_check_mode=True)
+ api_call_object = 'service-tcp'
+
+ result = api_call(module, api_call_object)
+ module.exit_json(**result)
+
+
+if __name__ == '__main__':
+ main()
diff --git a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_service_tcp_facts.py b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_service_tcp_facts.py
new file mode 100644
index 000000000..55e0c16d9
--- /dev/null
+++ b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_service_tcp_facts.py
@@ -0,0 +1,132 @@
+#!/usr/bin/python
+# -*- coding: utf-8 -*-
+#
+# Ansible module to manage Check Point Firewall (c) 2019
+#
+# Ansible is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# Ansible is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with Ansible. If not, see <http://www.gnu.org/licenses/>.
+#
+
+from __future__ import (absolute_import, division, print_function)
+
+__metaclass__ = type
+
+ANSIBLE_METADATA = {'metadata_version': '1.1',
+ 'status': ['preview'],
+ 'supported_by': 'community'}
+
+DOCUMENTATION = """
+---
+module: cp_mgmt_service_tcp_facts
+short_description: Get service-tcp objects facts on Check Point over Web Services API
+description:
+ - Get service-tcp objects facts on Check Point devices.
+ - All operations are performed over Web Services API.
+ - This module handles both operations, get a specific object and get several objects,
+ For getting a specific object use the parameter 'name'.
+version_added: "1.0.0"
+author: "Or Soffer (@chkp-orso)"
+options:
+ name:
+ description:
+ - Object name.
+ This parameter is relevant only for getting a specific object.
+ type: str
+ details_level:
+ description:
+ - The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed
+ representation of the object.
+ type: str
+ choices: ['uid', 'standard', 'full']
+ limit:
+ description:
+ - No more than that many results will be returned.
+ This parameter is relevant only for getting few objects.
+ type: int
+ offset:
+ description:
+ - Skip that many results before beginning to return them.
+ This parameter is relevant only for getting few objects.
+ type: int
+ order:
+ description:
+ - Sorts results by the given field. By default the results are sorted in the ascending order by name.
+ This parameter is relevant only for getting few objects.
+ type: list
+ elements: dict
+ suboptions:
+ ASC:
+ description:
+ - Sorts results by the given field in ascending order.
+ type: str
+ choices: ['name']
+ DESC:
+ description:
+ - Sorts results by the given field in descending order.
+ type: str
+ choices: ['name']
+ show_membership:
+ description:
+ - Indicates whether to calculate and show "groups" field for every object in reply.
+ type: bool
+extends_documentation_fragment: check_point.mgmt.checkpoint_facts
+"""
+
+EXAMPLES = """
+- name: show-service-tcp
+ cp_mgmt_service_tcp_facts:
+ name: https
+
+- name: show-services-tcp
+ cp_mgmt_service_tcp_facts:
+ details_level: standard
+ limit: 10
+ offset: 0
+"""
+
+RETURN = """
+ansible_facts:
+ description: The checkpoint object facts.
+ returned: always.
+ type: dict
+"""
+
+from ansible.module_utils.basic import AnsibleModule
+from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_facts, api_call_facts
+
+
+def main():
+ argument_spec = dict(
+ name=dict(type='str'),
+ details_level=dict(type='str', choices=['uid', 'standard', 'full']),
+ limit=dict(type='int'),
+ offset=dict(type='int'),
+ order=dict(type='list', elements='dict', options=dict(
+ ASC=dict(type='str', choices=['name']),
+ DESC=dict(type='str', choices=['name'])
+ )),
+ show_membership=dict(type='bool')
+ )
+ argument_spec.update(checkpoint_argument_spec_for_facts)
+
+ module = AnsibleModule(argument_spec=argument_spec, supports_check_mode=True)
+
+ api_call_object = "service-tcp"
+ api_call_object_plural_version = "services-tcp"
+
+ result = api_call_facts(module, api_call_object, api_call_object_plural_version)
+ module.exit_json(ansible_facts=result)
+
+
+if __name__ == '__main__':
+ main()
diff --git a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_service_udp.py b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_service_udp.py
new file mode 100644
index 000000000..31558754b
--- /dev/null
+++ b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_service_udp.py
@@ -0,0 +1,238 @@
+#!/usr/bin/python
+# -*- coding: utf-8 -*-
+#
+# Ansible module to manage Check Point Firewall (c) 2019
+#
+# Ansible is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# Ansible is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with Ansible. If not, see <http://www.gnu.org/licenses/>.
+#
+
+from __future__ import (absolute_import, division, print_function)
+
+__metaclass__ = type
+
+ANSIBLE_METADATA = {'metadata_version': '1.1',
+ 'status': ['preview'],
+ 'supported_by': 'community'}
+
+DOCUMENTATION = """
+---
+module: cp_mgmt_service_udp
+short_description: Manages service-udp objects on Check Point over Web Services API
+description:
+ - Manages service-udp objects on Check Point devices including creating, updating and removing objects.
+ - All operations are performed over Web Services API.
+version_added: "1.0.0"
+author: "Or Soffer (@chkp-orso)"
+options:
+ name:
+ description:
+ - Object name.
+ type: str
+ required: True
+ accept_replies:
+ description:
+ - N/A
+ type: bool
+ aggressive_aging:
+ description:
+ - Sets short (aggressive) timeouts for idle connections.
+ type: dict
+ suboptions:
+ default_timeout:
+ description:
+ - Default aggressive aging timeout in seconds.
+ type: int
+ enable:
+ description:
+ - N/A
+ type: bool
+ timeout:
+ description:
+ - Aggressive aging timeout in seconds.
+ type: int
+ use_default_timeout:
+ description:
+ - N/A
+ type: bool
+ keep_connections_open_after_policy_installation:
+ description:
+ - Keep connections open after policy has been installed even if they are not allowed under the new policy. This overrides the settings in the
+ Connection Persistence page. If you change this property, the change will not affect open connections, but only future connections.
+ type: bool
+ match_by_protocol_signature:
+ description:
+ - A value of true enables matching by the selected protocol's signature - the signature identifies the protocol as genuine. Select this option
+ to limit the port to the specified protocol. If the selected protocol does not support matching by signature, this field cannot be set to true.
+ type: bool
+ match_for_any:
+ description:
+ - Indicates whether this service is used when 'Any' is set as the rule's service and there are several service objects with the same source port
+ and protocol.
+ type: bool
+ override_default_settings:
+ description:
+ - Indicates whether this service is a Data Domain service which has been overridden.
+ type: bool
+ port:
+ description:
+ - The number of the port used to provide this service. To specify a port range, place a hyphen between the lowest and highest port numbers, for
+ example 44-55.
+ type: str
+ protocol:
+ description:
+ - Select the protocol type associated with the service, and by implication, the management server (if any) that enforces Content Security and
+ Authentication for the service. Selecting a Protocol Type invokes the specific protocol handlers for each protocol type, thus enabling higher level of
+ security by parsing the protocol, and higher level of connectivity by tracking dynamic actions (such as opening of ports).
+ type: str
+ session_timeout:
+ description:
+ - Time (in seconds) before the session times out.
+ type: int
+ source_port:
+ description:
+ - Port number for the client side service. If specified, only those Source port Numbers will be Accepted, Dropped, or Rejected during packet
+ inspection. Otherwise, the source port is not inspected.
+ type: str
+ sync_connections_on_cluster:
+ description:
+ - Enables state-synchronized High Availability or Load Sharing on a ClusterXL or OPSEC-certified cluster.
+ type: bool
+ tags:
+ description:
+ - Collection of tag identifiers.
+ type: list
+ elements: str
+ use_default_session_timeout:
+ description:
+ - Use default virtual session timeout.
+ type: bool
+ color:
+ description:
+ - Color of the object. Should be one of existing colors.
+ type: str
+ choices: ['aquamarine', 'black', 'blue', 'crete blue', 'burlywood', 'cyan', 'dark green', 'khaki', 'orchid', 'dark orange', 'dark sea green',
+ 'pink', 'turquoise', 'dark blue', 'firebrick', 'brown', 'forest green', 'gold', 'dark gold', 'gray', 'dark gray', 'light green', 'lemon chiffon',
+ 'coral', 'sea green', 'sky blue', 'magenta', 'purple', 'slate blue', 'violet red', 'navy blue', 'olive', 'orange', 'red', 'sienna', 'yellow']
+ comments:
+ description:
+ - Comments string.
+ type: str
+ details_level:
+ description:
+ - The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed
+ representation of the object.
+ type: str
+ choices: ['uid', 'standard', 'full']
+ groups:
+ description:
+ - Collection of group identifiers.
+ type: list
+ elements: str
+ ignore_warnings:
+ description:
+ - Apply changes ignoring warnings.
+ type: bool
+ ignore_errors:
+ description:
+ - Apply changes ignoring errors. You won't be able to publish such a changes. If ignore-warnings flag was omitted - warnings will also be ignored.
+ type: bool
+extends_documentation_fragment: check_point.mgmt.checkpoint_objects
+"""
+
+EXAMPLES = """
+- name: add-service-udp
+ cp_mgmt_service_udp:
+ accept_replies: false
+ aggressive_aging:
+ enable: true
+ timeout: 360
+ use_default_timeout: false
+ keep_connections_open_after_policy_installation: false
+ match_for_any: true
+ name: New_UDP_Service_1
+ port: 5669
+ session_timeout: 0
+ state: present
+ sync_connections_on_cluster: true
+
+- name: set-service-udp
+ cp_mgmt_service_udp:
+ accept_replies: true
+ aggressive_aging:
+ default_timeout: 3600
+ color: green
+ name: New_UDP_Service_1
+ port: 5656
+ state: present
+
+- name: delete-service-udp
+ cp_mgmt_service_udp:
+ name: New_UDP_Service_2
+ state: absent
+"""
+
+RETURN = """
+cp_mgmt_service_udp:
+ description: The checkpoint object created or updated.
+ returned: always, except when deleting the object.
+ type: dict
+"""
+
+from ansible.module_utils.basic import AnsibleModule
+from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_objects, api_call
+
+
+def main():
+ argument_spec = dict(
+ name=dict(type='str', required=True),
+ accept_replies=dict(type='bool'),
+ aggressive_aging=dict(type='dict', options=dict(
+ default_timeout=dict(type='int'),
+ enable=dict(type='bool'),
+ timeout=dict(type='int'),
+ use_default_timeout=dict(type='bool')
+ )),
+ keep_connections_open_after_policy_installation=dict(type='bool'),
+ match_by_protocol_signature=dict(type='bool'),
+ match_for_any=dict(type='bool'),
+ override_default_settings=dict(type='bool'),
+ port=dict(type='str'),
+ protocol=dict(type='str'),
+ session_timeout=dict(type='int'),
+ source_port=dict(type='str'),
+ sync_connections_on_cluster=dict(type='bool'),
+ tags=dict(type='list', elements='str'),
+ use_default_session_timeout=dict(type='bool'),
+ color=dict(type='str', choices=['aquamarine', 'black', 'blue', 'crete blue', 'burlywood', 'cyan', 'dark green',
+ 'khaki', 'orchid', 'dark orange', 'dark sea green', 'pink', 'turquoise', 'dark blue', 'firebrick', 'brown',
+ 'forest green', 'gold', 'dark gold', 'gray', 'dark gray', 'light green', 'lemon chiffon', 'coral', 'sea green',
+ 'sky blue', 'magenta', 'purple', 'slate blue', 'violet red', 'navy blue', 'olive', 'orange', 'red', 'sienna',
+ 'yellow']),
+ comments=dict(type='str'),
+ details_level=dict(type='str', choices=['uid', 'standard', 'full']),
+ groups=dict(type='list', elements='str'),
+ ignore_warnings=dict(type='bool'),
+ ignore_errors=dict(type='bool')
+ )
+ argument_spec.update(checkpoint_argument_spec_for_objects)
+
+ module = AnsibleModule(argument_spec=argument_spec, supports_check_mode=True)
+ api_call_object = 'service-udp'
+
+ result = api_call(module, api_call_object)
+ module.exit_json(**result)
+
+
+if __name__ == '__main__':
+ main()
diff --git a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_service_udp_facts.py b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_service_udp_facts.py
new file mode 100644
index 000000000..1668739ab
--- /dev/null
+++ b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_service_udp_facts.py
@@ -0,0 +1,132 @@
+#!/usr/bin/python
+# -*- coding: utf-8 -*-
+#
+# Ansible module to manage Check Point Firewall (c) 2019
+#
+# Ansible is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# Ansible is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with Ansible. If not, see <http://www.gnu.org/licenses/>.
+#
+
+from __future__ import (absolute_import, division, print_function)
+
+__metaclass__ = type
+
+ANSIBLE_METADATA = {'metadata_version': '1.1',
+ 'status': ['preview'],
+ 'supported_by': 'community'}
+
+DOCUMENTATION = """
+---
+module: cp_mgmt_service_udp_facts
+short_description: Get service-udp objects facts on Check Point over Web Services API
+description:
+ - Get service-udp objects facts on Check Point devices.
+ - All operations are performed over Web Services API.
+ - This module handles both operations, get a specific object and get several objects,
+ For getting a specific object use the parameter 'name'.
+version_added: "1.0.0"
+author: "Or Soffer (@chkp-orso)"
+options:
+ name:
+ description:
+ - Object name.
+ This parameter is relevant only for getting a specific object.
+ type: str
+ details_level:
+ description:
+ - The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed
+ representation of the object.
+ type: str
+ choices: ['uid', 'standard', 'full']
+ limit:
+ description:
+ - No more than that many results will be returned.
+ This parameter is relevant only for getting few objects.
+ type: int
+ offset:
+ description:
+ - Skip that many results before beginning to return them.
+ This parameter is relevant only for getting few objects.
+ type: int
+ order:
+ description:
+ - Sorts results by the given field. By default the results are sorted in the ascending order by name.
+ This parameter is relevant only for getting few objects.
+ type: list
+ elements: dict
+ suboptions:
+ ASC:
+ description:
+ - Sorts results by the given field in ascending order.
+ type: str
+ choices: ['name']
+ DESC:
+ description:
+ - Sorts results by the given field in descending order.
+ type: str
+ choices: ['name']
+ show_membership:
+ description:
+ - Indicates whether to calculate and show "groups" field for every object in reply.
+ type: bool
+extends_documentation_fragment: check_point.mgmt.checkpoint_facts
+"""
+
+EXAMPLES = """
+- name: show-service-udp
+ cp_mgmt_service_udp_facts:
+ name: bootp
+
+- name: show-services-udp
+ cp_mgmt_service_udp_facts:
+ details_level: standard
+ limit: 10
+ offset: 0
+"""
+
+RETURN = """
+ansible_facts:
+ description: The checkpoint object facts.
+ returned: always.
+ type: dict
+"""
+
+from ansible.module_utils.basic import AnsibleModule
+from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_facts, api_call_facts
+
+
+def main():
+ argument_spec = dict(
+ name=dict(type='str'),
+ details_level=dict(type='str', choices=['uid', 'standard', 'full']),
+ limit=dict(type='int'),
+ offset=dict(type='int'),
+ order=dict(type='list', elements='dict', options=dict(
+ ASC=dict(type='str', choices=['name']),
+ DESC=dict(type='str', choices=['name'])
+ )),
+ show_membership=dict(type='bool')
+ )
+ argument_spec.update(checkpoint_argument_spec_for_facts)
+
+ module = AnsibleModule(argument_spec=argument_spec, supports_check_mode=True)
+
+ api_call_object = "service-udp"
+ api_call_object_plural_version = "services-udp"
+
+ result = api_call_facts(module, api_call_object, api_call_object_plural_version)
+ module.exit_json(ansible_facts=result)
+
+
+if __name__ == '__main__':
+ main()
diff --git a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_session_facts.py b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_session_facts.py
new file mode 100644
index 000000000..9b64722da
--- /dev/null
+++ b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_session_facts.py
@@ -0,0 +1,125 @@
+#!/usr/bin/python
+# -*- coding: utf-8 -*-
+#
+# Ansible module to manage Check Point Firewall (c) 2019
+#
+# Ansible is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# Ansible is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with Ansible. If not, see <http://www.gnu.org/licenses/>.
+#
+
+from __future__ import (absolute_import, division, print_function)
+
+__metaclass__ = type
+
+ANSIBLE_METADATA = {'metadata_version': '1.1',
+ 'status': ['preview'],
+ 'supported_by': 'community'}
+
+DOCUMENTATION = """
+---
+module: cp_mgmt_session_facts
+short_description: Get session objects facts on Check Point over Web Services API
+description:
+ - Get session objects facts on Check Point devices.
+ - All operations are performed over Web Services API.
+ - This module handles both operations, get a specific object and get several objects,
+ For getting a specific object use the parameter 'name'.
+version_added: "1.0.0"
+author: "Or Soffer (@chkp-orso)"
+options:
+ limit:
+ description:
+ - No more than that many results will be returned.
+ This parameter is relevant only for getting few objects.
+ type: int
+ offset:
+ description:
+ - Skip that many results before beginning to return them.
+ This parameter is relevant only for getting few objects.
+ type: int
+ order:
+ description:
+ - Sorts results by the given field. By default the results are sorted in the descending order by the session publish time.
+ This parameter is relevant only for getting few objects.
+ type: list
+ elements: dict
+ suboptions:
+ ASC:
+ description:
+ - Sorts results by the given field in ascending order.
+ type: str
+ choices: ['name']
+ DESC:
+ description:
+ - Sorts results by the given field in descending order.
+ type: str
+ choices: ['name']
+ view_published_sessions:
+ description:
+ - Show a list of published sessions.
+ type: bool
+ details_level:
+ description:
+ - The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed
+ representation of the object.
+ type: str
+ choices: ['uid', 'standard', 'full']
+extends_documentation_fragment: check_point.mgmt.checkpoint_facts
+"""
+
+EXAMPLES = """
+- name: show-session
+ cp_mgmt_session_facts:
+
+- name: show-sessions
+ cp_mgmt_session_facts:
+ details_level: standard
+ limit: 50
+ offset: 0
+"""
+
+RETURN = """
+ansible_facts:
+ description: The checkpoint object facts.
+ returned: always.
+ type: dict
+"""
+
+from ansible.module_utils.basic import AnsibleModule
+from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_facts, api_call_facts
+
+
+def main():
+ argument_spec = dict(
+ limit=dict(type='int'),
+ offset=dict(type='int'),
+ order=dict(type='list', elements='dict', options=dict(
+ ASC=dict(type='str', choices=['name']),
+ DESC=dict(type='str', choices=['name'])
+ )),
+ view_published_sessions=dict(type='bool'),
+ details_level=dict(type='str', choices=['uid', 'standard', 'full'])
+ )
+ argument_spec.update(checkpoint_argument_spec_for_facts)
+
+ module = AnsibleModule(argument_spec=argument_spec, supports_check_mode=True)
+
+ api_call_object = "session"
+ api_call_object_plural_version = "sessions"
+
+ result = api_call_facts(module, api_call_object, api_call_object_plural_version)
+ module.exit_json(ansible_facts=result)
+
+
+if __name__ == '__main__':
+ main()
diff --git a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_set_domain.py b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_set_domain.py
new file mode 100644
index 000000000..186bc4b2d
--- /dev/null
+++ b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_set_domain.py
@@ -0,0 +1,181 @@
+#!/usr/bin/python
+# -*- coding: utf-8 -*-
+#
+# Ansible module to manage CheckPoint Firewall (c) 2019
+#
+# Ansible is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# Ansible is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with Ansible. If not, see <http://www.gnu.org/licenses/>.
+#
+
+from __future__ import (absolute_import, division, print_function)
+
+__metaclass__ = type
+
+ANSIBLE_METADATA = {'metadata_version': '1.1',
+ 'status': ['preview'],
+ 'supported_by': 'community'}
+
+DOCUMENTATION = """
+---
+module: cp_mgmt_set_domain
+short_description: Edit existing object using object name or uid.
+description:
+ - Edit existing object using object name or uid.
+ - All operations are performed over Web Services API.
+version_added: "2.1.0"
+author: "Or Soffer (@chkp-orso)"
+options:
+ name:
+ description:
+ - Object name.
+ type: str
+ required: True
+ servers:
+ description:
+ - Domain servers. When this field is provided, 'set-domain' command is executed asynchronously.
+ type: dict
+ suboptions:
+ add:
+ description:
+ - Adds to collection of values
+ type: list
+ elements: dict
+ suboptions:
+ name:
+ description:
+ - Object name. Must be unique in the domain.
+ type: str
+ ip_address:
+ description:
+ - IPv4 or IPv6 address. If both addresses are required use ipv4-address and ipv6-address fields explicitly.
+ type: str
+ ipv4_address:
+ description:
+ - IPv4 address.
+ type: str
+ ipv6_address:
+ description:
+ - IPv6 address.
+ type: str
+ multi_domain_server:
+ description:
+ - Multi Domain server name or UID.
+ type: str
+ skip_start_domain_server:
+ description:
+ - Set this value to be true to prevent starting the new created domain.
+ type: bool
+ type:
+ description:
+ - Domain server type.
+ type: str
+ choices: ['management server', 'log server', 'smc']
+ remove:
+ description:
+ - Remove from collection of values
+ type: list
+ elements: str
+ suboptions:
+ name:
+ description:
+ - Object name. Must be unique in the domain.
+ type: str
+ color:
+ description:
+ - Color of the object. Should be one of existing colors.
+ type: str
+ choices: ['aquamarine', 'black', 'blue', 'crete blue', 'burlywood', 'cyan', 'dark green', 'khaki', 'orchid', 'dark orange', 'dark sea green',
+ 'pink', 'turquoise', 'dark blue', 'firebrick', 'brown', 'forest green', 'gold', 'dark gold', 'gray', 'dark gray', 'light green', 'lemon chiffon',
+ 'coral', 'sea green', 'sky blue', 'magenta', 'purple', 'slate blue', 'violet red', 'navy blue', 'olive', 'orange', 'red', 'sienna', 'yellow']
+ comments:
+ description:
+ - Comments string.
+ type: str
+ details_level:
+ description:
+ - The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed
+ representation of the object.
+ type: str
+ choices: ['uid', 'standard', 'full']
+ ignore_warnings:
+ description:
+ - Apply changes ignoring warnings.
+ type: bool
+ ignore_errors:
+ description:
+ - Apply changes ignoring errors. You won't be able to publish such a changes. If ignore-warnings flag was omitted - warnings will also be ignored.
+ type: bool
+ tags:
+ description:
+ - Collection of tag identifiers. Note, The list of tags can not be modified in a single command together with the domain servers. To modify
+ tags, please use the separate 'set-domain' command, without providing the list of domain servers.
+ type: list
+ elements: str
+extends_documentation_fragment: check_point.mgmt.checkpoint_commands
+"""
+
+EXAMPLES = """
+- name: set-domain
+ cp_mgmt_set_domain:
+ comments: This is domain1 comment
+ name: domain1
+"""
+
+RETURN = """
+cp_mgmt_domain:
+ description: The checkpoint set-domain output.
+ returned: always.
+ type: dict
+"""
+
+from ansible.module_utils.basic import AnsibleModule
+from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_commands, api_command
+
+
+def main():
+ argument_spec = dict(
+ name=dict(type='str', required=True),
+ servers=dict(type='dict', options=dict(
+ add=dict(type='list', elements='dict', options=dict(
+ name=dict(type='str'),
+ ip_address=dict(type='str'),
+ ipv4_address=dict(type='str'),
+ ipv6_address=dict(type='str'),
+ multi_domain_server=dict(type='str'),
+ skip_start_domain_server=dict(type='bool'),
+ type=dict(type='str', choices=['management server', 'log server', 'smc'])
+ )),
+ remove=dict(type='list', elements='str')
+ )),
+ color=dict(type='str', choices=['aquamarine', 'black', 'blue', 'crete blue', 'burlywood', 'cyan', 'dark green',
+ 'khaki', 'orchid', 'dark orange', 'dark sea green', 'pink', 'turquoise', 'dark blue', 'firebrick', 'brown',
+ 'forest green', 'gold', 'dark gold', 'gray', 'dark gray', 'light green', 'lemon chiffon', 'coral', 'sea green',
+ 'sky blue', 'magenta', 'purple', 'slate blue', 'violet red', 'navy blue', 'olive', 'orange', 'red', 'sienna',
+ 'yellow']),
+ comments=dict(type='str'),
+ details_level=dict(type='str', choices=['uid', 'standard', 'full']),
+ ignore_warnings=dict(type='bool'),
+ ignore_errors=dict(type='bool'),
+ tags=dict(type='list', elements='str')
+ )
+ argument_spec.update(checkpoint_argument_spec_for_commands)
+
+ module = AnsibleModule(argument_spec=argument_spec)
+ command = 'set-domain'
+
+ result = api_command(module, command)
+ module.exit_json(**result)
+
+
+if __name__ == '__main__':
+ main()
diff --git a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_set_global_properties.py b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_set_global_properties.py
new file mode 100644
index 000000000..12549bb8c
--- /dev/null
+++ b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_set_global_properties.py
@@ -0,0 +1,2044 @@
+#!/usr/bin/python
+# -*- coding: utf-8 -*-
+#
+# Ansible module to manage CheckPoint Firewall (c) 2019
+#
+# Ansible is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# Ansible is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with Ansible. If not, see <http://www.gnu.org/licenses/>.
+#
+
+from __future__ import (absolute_import, division, print_function)
+
+__metaclass__ = type
+
+ANSIBLE_METADATA = {'metadata_version': '1.1',
+ 'status': ['preview'],
+ 'supported_by': 'community'}
+
+DOCUMENTATION = """
+---
+module: cp_mgmt_set_global_properties
+short_description: Edit Global Properties.
+description:
+ - Edit Global Properties.
+ - All operations are performed over Web Services API.
+version_added: "3.0.0"
+author: "Eden Brillant (@chkp-edenbr)"
+options:
+ firewall:
+ description:
+ - Add implied rules to or remove them from the Firewall Rule Base. Determine the position of the implied rules in the Rule Base, and whether or
+ not to log them.
+ type: dict
+ suboptions:
+ accept_control_connections:
+ description:
+ - Used for,<br>&nbsp;&nbsp;&nbsp;&nbsp; <ul><li> Installing the security policy from the Security Management server to the
+ gateways.</li><br>&nbsp;&nbsp;&nbsp;&nbsp; <li> Sending logs from the gateways to the Security Management server.</li><br>&nbsp;&nbsp;&nbsp;&nbsp;
+ <li> Communication between SmartConsole clients and the Security Management Server</li><br>&nbsp;&nbsp;&nbsp;&nbsp; <li> Communication between
+ Firewall daemons on different machines (Security Management Server, Security Gateway).</li><br>&nbsp;&nbsp;&nbsp;&nbsp; <li> Connecting to OPSEC
+ applications such as RADIUS and TACACS authentication servers.</li></ul>If you disable Accept Control Connections and you want Check Point
+ components to communicate with each other and with OPSEC components, you must explicitly allow these connections in the Rule Base.
+ type: bool
+ accept_ips1_management_connections:
+ description:
+ - Accepts IPS-1 connections.<br>Available only if accept-control-connections is true.
+ type: bool
+ accept_remote_access_control_connections:
+ description:
+ - Accepts Remote Access connections.<br>Available only if accept-control-connections is true.
+ type: bool
+ accept_smart_update_connections:
+ description:
+ - Accepts SmartUpdate connections.
+ type: bool
+ accept_outgoing_packets_originating_from_gw:
+ description:
+ - Accepts all packets from connections that originate at the Check Point Security Gateway.
+ type: bool
+ accept_outgoing_packets_originating_from_gw_position:
+ description:
+ - The position of the implied rules in the Rule Base.<br>Available only if accept-outgoing-packets-originating-from-gw is false.
+ type: str
+ choices: ['first', 'last', 'before last']
+ accept_outgoing_packets_originating_from_connectra_gw:
+ description:
+ - Accepts outgoing packets originating from Connectra gateway.<br>Available only if accept-outgoing-packets-originating-from-gw is false.
+ type: bool
+ accept_outgoing_packets_to_cp_online_services:
+ description:
+ - Allow Security Gateways to access Check Point online services. Supported for R80.10 Gateway and higher.<br>Available only if
+ accept-outgoing-packets-originating-from-gw is false.
+ type: bool
+ accept_outgoing_packets_to_cp_online_services_position:
+ description:
+ - The position of the implied rules in the Rule Base.<br>Available only if accept-outgoing-packets-to-cp-online-services is true.
+ type: str
+ choices: ['first', 'last', 'before last']
+ accept_domain_name_over_tcp:
+ description:
+ - Accepts Domain Name (DNS) queries and replies over TCP, to allow downloading of the domain name-resolving tables used for zone
+ transfers between servers. For clients, DNS over TCP is only used if the tables to be transferred are very large.
+ type: bool
+ accept_domain_name_over_tcp_position:
+ description:
+ - The position of the implied rules in the Rule Base.<br>Available only if accept-domain-name-over-tcp is true.
+ type: str
+ choices: ['first', 'last', 'before last']
+ accept_domain_name_over_udp:
+ description:
+ - Accepts Domain Name (DNS) queries and replies over UDP.
+ type: bool
+ accept_domain_name_over_udp_position:
+ description:
+ - The position of the implied rules in the Rule Base.<br>Available only if accept-domain-name-over-udp is true.
+ type: str
+ choices: ['first', 'last', 'before last']
+ accept_dynamic_addr_modules_outgoing_internet_connections:
+ description:
+ - Accept Dynamic Address modules' outgoing internet connections.Accepts DHCP traffic for DAIP (Dynamically Assigned IP Address)
+ gateways. In Small Office Appliance gateways, this rule allows outgoing DHCP, PPP, PPTP and L2TP Internet connections (regardless of whether it is
+ or is not a DAIP gateway).
+ type: bool
+ accept_icmp_requests:
+ description:
+ - Accepts Internet Control Message Protocol messages.
+ type: bool
+ accept_icmp_requests_position:
+ description:
+ - The position of the implied rules in the Rule Base.<br>Available only if accept-icmp-requests is true.
+ type: str
+ choices: ['first', 'last', 'before last']
+ accept_identity_awareness_control_connections:
+ description:
+ - Accepts traffic between Security Gateways in distributed environment configurations of Identity Awareness.
+ type: bool
+ accept_identity_awareness_control_connections_position:
+ description:
+ - The position of the implied rules in the Rule Base.<br>Available only if accept-identity-awareness-control-connections is true.
+ type: str
+ choices: ['first', 'last', 'before last']
+ accept_incoming_traffic_to_dhcp_and_dns_services_of_gws:
+ description:
+ - Allows the Small Office Appliance gateway to provide DHCP relay, DHCP server and DNS proxy services regardless of the rule base.
+ type: bool
+ accept_rip:
+ description:
+ - Accepts Routing Information Protocol (RIP), using UDP on port 520.
+ type: bool
+ accept_rip_position:
+ description:
+ - The position of the implied rules in the Rule Base.<br>Available only if accept-rip is true.
+ type: str
+ choices: ['first', 'last', 'before last']
+ accept_vrrp_packets_originating_from_cluster_members:
+ description:
+ - Selecting this option creates an implied rule in the security policy Rule Base that accepts VRRP inbound and outbound traffic to and
+ from the members of the cluster.
+ type: bool
+ accept_web_and_ssh_connections_for_gw_administration:
+ description:
+ - Accepts Web and SSH connections for Small Office Appliance gateways.
+ type: bool
+ log_implied_rules:
+ description:
+ - Produces log records for communications that match the implied rules that are generated in the Rule Base from the properties defined
+ in this window.
+ type: bool
+ security_server:
+ description:
+ - Control the welcome messages that users will see when logging in to servers behind Check Point Security Gateways.
+ type: dict
+ suboptions:
+ client_auth_welcome_file:
+ description:
+ - Client authentication welcome file is the name of a file whose contents are to be displayed when a user begins a Client
+ Authenticated session (optional) using the Manual Sign On Method. Client Authenticated Sessions initiated by Manual Sign On are not mediated
+ by a security server.
+ type: str
+ ftp_welcome_msg_file:
+ description:
+ - FTP welcome message file is the name of a file whose contents are to be displayed when a user begins an Authenticated FTP session.
+ type: str
+ rlogin_welcome_msg_file:
+ description:
+ - Rlogin welcome message file is the name of a file whose contents are to be displayed when a user begins an Authenticated RLOGIN session.
+ type: str
+ telnet_welcome_msg_file:
+ description:
+ - Telnet welcome message file is the name of a file whose contents are to be displayed when a user begins an Authenticated Telnet session.
+ type: str
+ mdq_welcome_msg:
+ description:
+ - MDQ Welcome Message is the message to be displayed when a user begins an MDQ session. The MDQ Welcome Message should contain
+ characters according to RFC 1035 and it must follow the ARPANET host name rules,<br> - This message must begin with a number or letter.
+ After the first letter or number character the remaining characters can be a letter, number, space, tab or hyphen.<br> - This message must
+ not end with a space or a tab and is limited to 63 characters.
+ type: str
+ smtp_welcome_msg:
+ description:
+ - SMTP Welcome Message is the message to be displayed when a user begins an SMTP session.
+ type: str
+ http_next_proxy_host:
+ description:
+ - HTTP next proxy host is the host name of the HTTP proxy behind the Check Point Security Gateway HTTP security server (if there
+ is one). Changing the HTTP Next Proxy fields takes effect after the Security Gateway database is downloaded to the authenticating gateway, or
+ after the security policy is re-installed. <br>These settings apply only to firewalled gateways prior to NG. For later versions, these
+ settings should be defined in the Node Properties window.
+ type: str
+ http_next_proxy_port:
+ description:
+ - HTTP next proxy port is the port of the HTTP proxy behind the Check Point Security Gateway HTTP security server (if there is
+ one). Changing the HTTP Next Proxy fields takes effect after the Security Gateway database is downloaded to the authenticating gateway, or
+ after the security policy is re-installed. <br>These settings apply only to firewalled gateways prior to NG. For later versions, these
+ settings should be defined in the Node Properties window.
+ type: int
+ http_servers:
+ description:
+ - This list specifies the HTTP servers. Defining HTTP servers allows you to restrict incoming HTTP.
+ type: list
+ elements: dict
+ suboptions:
+ logical_name:
+ description:
+ - Unique Logical Name of the HTTP Server.
+ type: str
+ host:
+ description:
+ - Host name of the HTTP Server.
+ type: str
+ port:
+ description:
+ - Port number of the HTTP Server.
+ type: int
+ reauthentication:
+ description:
+ - Specify whether users must reauthenticate when accessing a specific server.
+ type: str
+ choices: ['standard', 'post request', 'every request']
+ server_for_null_requests:
+ description:
+ - The Logical Name of a Null Requests Server from http-servers.
+ type: str
+ nat:
+ description:
+ - Configure settings that apply to all NAT connections.
+ type: dict
+ suboptions:
+ allow_bi_directional_nat:
+ description:
+ - Applies to automatic NAT rules in the NAT Rule Base, and allows two automatic NAT rules to match a connection. Without Bidirectional
+ NAT, only one automatic NAT rule can match a connection.
+ type: bool
+ auto_arp_conf:
+ description:
+ - Ensures that ARP requests for a translated (NATed) machine, network or address range are answered by the Check Point Security Gateway.
+ type: bool
+ merge_manual_proxy_arp_conf:
+ description:
+ - Merges the automatic and manual ARP configurations. Manual proxy ARP configuration is required for manual Static NAT
+ rules.<br>Available only if auto-arp-conf is true.
+ type: bool
+ auto_translate_dest_on_client_side:
+ description:
+ - Applies to packets originating at the client, with the server as its destination. Static NAT for the server is performed on the client side.
+ type: bool
+ manually_translate_dest_on_client_side:
+ description:
+ - Applies to packets originating at the client, with the server as its destination. Static NAT for the server is performed on the client side.
+ type: bool
+ enable_ip_pool_nat:
+ description:
+ - Applies to packets originating at the client, with the server as its destination. Static NAT for the server is performed on the client side.
+ type: bool
+ addr_alloc_and_release_track:
+ description:
+ - Specifies whether to log each allocation and release of an IP address from the IP Pool.<br>Available only if enable-ip-pool-nat is true.
+ type: str
+ choices: ['ip allocation log', 'none']
+ addr_exhaustion_track:
+ description:
+ - Specifies the action to take if the IP Pool is exhausted.<br>Available only if enable-ip-pool-nat is true.
+ type: str
+ choices: ['ip exhaustion alert', 'none', 'ip exhaustion log']
+ authentication:
+ description:
+ - Define Authentication properties that are common to all users and to the various ways that the Check Point Security Gateway asks for passwords
+ (User, Client and Session Authentication).
+ type: dict
+ suboptions:
+ auth_internal_users_with_specific_suffix:
+ description:
+ - Enforce suffix for internal users authentication.
+ type: bool
+ allowed_suffix_for_internal_users:
+ description:
+ - Suffix for internal users authentication.
+ type: str
+ max_days_before_expiration_of_non_pulled_user_certificates:
+ description:
+ - Users certificates which were initiated but not pulled will expire after the specified number of days. Any value from 1 to 60 days can
+ be entered in this field.
+ type: int
+ max_client_auth_attempts_before_connection_termination:
+ description:
+ - Allowed Number of Failed Client Authentication Attempts Before Session Termination. Any value from 1 to 800 attempts can be entered in this field.
+ type: int
+ max_rlogin_attempts_before_connection_termination:
+ description:
+ - Allowed Number of Failed rlogin Attempts Before Session Termination. Any value from 1 to 800 attempts can be entered in this field.
+ type: int
+ max_session_auth_attempts_before_connection_termination:
+ description:
+ - Allowed Number of Failed Session Authentication Attempts Before Session Termination. Any value from 1 to 800 attempts can be entered in this field.
+ type: int
+ max_telnet_attempts_before_connection_termination:
+ description:
+ - Allowed Number of Failed telnet Attempts Before Session Termination. Any value from 1 to 800 attempts can be entered in this field.
+ type: int
+ enable_delayed_auth:
+ description:
+ - all authentications other than certificate-based authentications will be delayed by the specified time. Applying this delay will stall
+ brute force authentication attacks. The delay is applied for both failed and successful authentication attempts.
+ type: bool
+ delay_each_auth_attempt_by:
+ description:
+ - Delay each authentication attempt by the specified number of milliseconds. Any value from 1 to 25000 can be entered in this field.
+ type: int
+ vpn:
+ description:
+ - Configure settings relevant to VPN.
+ type: dict
+ suboptions:
+ vpn_conf_method:
+ description:
+ - Decide on Simplified or Traditional mode for all new security policies or decide which mode to use on a policy by policy basis.
+ type: str
+ choices: ['simplified', 'traditional', 'per policy']
+ domain_name_for_dns_resolving:
+ description:
+ - Enter the domain name that will be used for gateways DNS lookup. The DNS host name that is used is "gateway_name.domain_name".
+ type: str
+ enable_backup_gw:
+ description:
+ - Enable Backup Gateway.
+ type: bool
+ enable_decrypt_on_accept_for_gw_to_gw_traffic:
+ description:
+ - Enable decrypt on accept for gateway to gateway traffic. This is only relevant for policies in traditional mode. In Traditional Mode,
+ the 'Accept' action determines that a connection is allowed, while the 'Encrypt' action determines that a connection is allowed and encrypted.
+ Select whether VPN accepts an encrypted packet that matches a rule with an 'Accept' action or drops it.
+ type: bool
+ enable_load_distribution_for_mep_conf:
+ description:
+ - Enable load distribution for Multiple Entry Points configurations (Site To Site connections). The VPN Multiple Entry Point (MEP)
+ feature supplies high availability and load distribution for Check Point Security Gateways. MEP works in four modes,<br>&nbsp;&nbsp;&nbsp;&nbsp;
+ <ul><li> First to Respond, in which the first gateway to reply to the peer gateway is chosen. An organization would choose this option if, for
+ example, the organization has two gateways in a MEPed configuration - one in London, the other in New York. It makes sense for Check Point
+ Security Gateway peers located in England to try the London gateway first and the NY gateway second. Being geographically closer to Check Point
+ Security Gateway peers in England, the London gateway will be the first to respond, and becomes the entry point to the internal
+ network.</li><br>&nbsp;&nbsp;&nbsp;&nbsp; <li> VPN Domain, is when the destination IP belongs to a particular VPN domain, the gateway of that
+ domain becomes the chosen entry point. This gateway becomes the primary gateway while other gateways in the MEP configuration become its backup
+ gateways.</li><br>&nbsp;&nbsp;&nbsp;&nbsp; <li> Random Selection, in which the remote Check Point Security Gateway peer randomly selects a gateway
+ with which to open a VPN connection. For each IP source/destination address pair, a new gateway is randomly selected. An organization might have a
+ number of machines with equal performance abilities. In this case, it makes sense to enable load distribution. The machines are used in a random
+ and equal way.</li><br>&nbsp;&nbsp;&nbsp;&nbsp; <li> Manually set priority list, gateway priorities can be set manually for the entire community
+ or for individual satellite gateways.</li></ul>.
+ type: bool
+ enable_vpn_directional_match_in_vpn_column:
+ description:
+ - Enable VPN Directional Match in VPN Column.<br>Note, VPN Directional Match is supported only on Gaia, SecurePlatform, Linux and IPSO.
+ type: bool
+ grace_period_after_the_crl_is_not_valid:
+ description:
+ - When establishing VPN tunnels, the peer presents its certificate for authentication. The clock on the gateway machine must be
+ synchronized with the clock on the Certificate Authority machine. Otherwise, the Certificate Revocation List (CRL) used for validating the peer's
+ certificate may be considered invalid and thus the authentication fails. To resolve the issue of differing clock times, a Grace Period permits a
+ wider window for CRL validity.
+ type: int
+ grace_period_before_the_crl_is_valid:
+ description:
+ - When establishing VPN tunnels, the peer presents its certificate for authentication. The clock on the gateway machine must be
+ synchronized with the clock on the Certificate Authority machine. Otherwise, the Certificate Revocation List (CRL) used for validating the peer's
+ certificate may be considered invalid and thus the authentication fails. To resolve the issue of differing clock times, a Grace Period permits a
+ wider window for CRL validity.
+ type: int
+ grace_period_extension_for_secure_remote_secure_client:
+ description:
+ - When dealing with remote clients the Grace Period needs to be extended. The remote client sometimes relies on the peer gateway to
+ supply the CRL. If the client's clock is not synchronized with the gateway's clock, a CRL that is considered valid by the gateway may be
+ considered invalid by the client.
+ type: int
+ support_ike_dos_protection_from_identified_src:
+ description:
+ - When the number of IKE negotiations handled simultaneously exceeds a threshold above VPN's capacity, a gateway concludes that it is
+ either under a high load or experiencing a Denial of Service attack. VPN can filter out peers that are the probable source of the potential Denial
+ of Service attack. There are two kinds of protection,<br>&nbsp;&nbsp;&nbsp;&nbsp; <ul><li> Stateless - the peer has to respond to an IKE
+ notification in a way that proves the peer's IP address is not spoofed. If the peer cannot prove this, VPN does not allocate resources for the IKE
+ negotiation</li><br>&nbsp;&nbsp;&nbsp;&nbsp; <li> Puzzles - this is the same as Stateless, but in addition, the peer has to solve a mathematical
+ puzzle. Solving this puzzle consumes peer CPU resources in a way that makes it difficult to initiate multiple IKE negotiations
+ simultaneously.</li></ul>Puzzles is more secure then Stateless, but affects performance.<br>Since these kinds of attacks involve a new proprietary
+ addition to the IKE protocol, enabling these protection mechanisms may cause difficulties with non Check Point VPN products or older versions of
+ VPN.
+ type: str
+ choices: ['puzzles', 'stateless', 'none']
+ support_ike_dos_protection_from_unidentified_src:
+ description:
+ - When the number of IKE negotiations handled simultaneously exceeds a threshold above VPN's capacity, a gateway concludes that it is
+ either under a high load or experiencing a Denial of Service attack. VPN can filter out peers that are the probable source of the potential Denial
+ of Service attack. There are two kinds of protection,<br>&nbsp;&nbsp;&nbsp;&nbsp; <ul><li> Stateless - the peer has to respond to an IKE
+ notification in a way that proves the peer's IP address is not spoofed. If the peer cannot prove this, VPN does not allocate resources for the IKE
+ negotiation</li><br>&nbsp;&nbsp;&nbsp;&nbsp; <li> Puzzles - this is the same as Stateless, but in addition, the peer has to solve a mathematical
+ puzzle. Solving this puzzle consumes peer CPU resources in a way that makes it difficult to initiate multiple IKE negotiations
+ simultaneously.</li></ul>Puzzles is more secure then Stateless, but affects performance.<br>Since these kinds of attacks involve a new proprietary
+ addition to the IKE protocol, enabling these protection mechanisms may cause difficulties with non Check Point VPN products or older versions of
+ VPN.
+ type: str
+ choices: ['puzzles', 'stateless', 'none']
+ remote_access:
+ description:
+ - Configure Remote Access properties.
+ type: dict
+ suboptions:
+ enable_back_connections:
+ description:
+ - Usually communication with remote clients must be initialized by the clients. However, once a client has opened a connection, the
+ hosts behind VPN can open a return or back connection to the client. For a back connection, the client's details must be maintained on all the
+ devices between the client and the gateway, and on the gateway itself. Determine whether the back connection is enabled.
+ type: bool
+ keep_alive_packet_to_gw_interval:
+ description:
+ - Usually communication with remote clients must be initialized by the clients. However, once a client has opened a connection, the
+ hosts behind VPN can open a return or back connection to the client. For a back connection, the client's details must be maintained on all the
+ devices between the client and the gateway, and on the gateway itself. Determine frequency (in seconds) of the Keep Alive packets sent by the
+ client in order to maintain the connection with the gateway.<br>Available only if enable-back-connections is true.
+ type: int
+ encrypt_dns_traffic:
+ description:
+ - You can decide whether DNS queries sent by the remote client to a DNS server located on the corporate LAN are passed through the VPN
+ tunnel or not. Disable this option if the client has to make DNS queries to the DNS server on the corporate LAN while connecting to the
+ organization but without using the SecuRemote client.
+ type: bool
+ simultaneous_login_mode:
+ description:
+ - Select the simultaneous login mode.
+ type: str
+ choices: ['allowonlysinglelogintouser', 'allowseverallogintouser']
+ vpn_authentication_and_encryption:
+ description:
+ - configure supported Encryption and Authentication methods for Remote Access clients.
+ type: dict
+ suboptions:
+ encryption_algorithms:
+ description:
+ - Select the methods negotiated in IKE phase 2 and used in IPSec connections.
+ type: dict
+ suboptions:
+ ike:
+ description:
+ - Configure the IKE Phase 1 settings.
+ type: dict
+ suboptions:
+ support_encryption_algorithms:
+ description:
+ - Select the encryption algorithms that will be supported with remote hosts.
+ type: dict
+ suboptions:
+ tdes:
+ description:
+ - Select whether the Triple DES encryption algorithm will be supported with remote hosts.
+ type: bool
+ aes_128:
+ description:
+ - Select whether the AES-128 encryption algorithm will be supported with remote hosts.
+ type: bool
+ aes_256:
+ description:
+ - Select whether the AES-256 encryption algorithm will be supported with remote hosts.
+ type: bool
+ des:
+ description:
+ - Select whether the DES encryption algorithm will be supported with remote hosts.
+ type: bool
+ use_encryption_algorithm:
+ description:
+ - Choose the encryption algorithm that will have the highest priority of the selected algorithms. If given a
+ choice of more that one encryption algorithm to use, the algorithm selected in this field will be used.
+ type: str
+ choices: ['AES-256', 'DES', 'AES-128', 'TDES']
+ support_data_integrity:
+ description:
+ - Select the hash algorithms that will be supported with remote hosts to ensure data integrity.
+ type: dict
+ suboptions:
+ aes_xcbc:
+ description:
+ - Select whether the AES-XCBC hash algorithm will be supported with remote hosts to ensure data integrity.
+ type: bool
+ md5:
+ description:
+ - Select whether the MD5 hash algorithm will be supported with remote hosts to ensure data integrity.
+ type: bool
+ sha1:
+ description:
+ - Select whether the SHA1 hash algorithm will be supported with remote hosts to ensure data integrity.
+ type: bool
+ sha256:
+ description:
+ - Select whether the SHA256 hash algorithm will be supported with remote hosts to ensure data integrity.
+ type: bool
+ use_data_integrity:
+ description:
+ - The hash algorithm chosen here will be given the highest priority if more than one choice is offered.
+ type: str
+ choices: ['aes-xcbc', 'sha256', 'sha1', 'md5']
+ support_diffie_hellman_groups:
+ description:
+ - Select the Diffie-Hellman groups that will be supported with remote hosts.
+ type: dict
+ suboptions:
+ group1:
+ description:
+ - Select whether Diffie-Hellman Group 1 (768 bit) will be supported with remote hosts.
+ type: bool
+ group14:
+ description:
+ - Select whether Diffie-Hellman Group 14 (2048 bit) will be supported with remote hosts.
+ type: bool
+ group2:
+ description:
+ - Select whether Diffie-Hellman Group 2 (1024 bit) will be supported with remote hosts.
+ type: bool
+ group5:
+ description:
+ - Select whether Diffie-Hellman Group 5 (1536 bit) will be supported with remote hosts.
+ type: bool
+ use_diffie_hellman_group:
+ description:
+ - SecureClient users utilize the Diffie-Hellman group selected in this field.
+ type: str
+ choices: ['group 1', 'group 2', 'group 5', 'group 14']
+ ipsec:
+ description:
+ - Configure the IPSEC Phase 2 settings.
+ type: dict
+ suboptions:
+ support_encryption_algorithms:
+ description:
+ - Select the encryption algorithms that will be supported with remote hosts.
+ type: dict
+ suboptions:
+ tdes:
+ description:
+ - Select whether the Triple DES encryption algorithm will be supported with remote hosts.
+ type: bool
+ aes_128:
+ description:
+ - Select whether the AES-128 encryption algorithm will be supported with remote hosts.
+ type: bool
+ aes_256:
+ description:
+ - Select whether the AES-256 encryption algorithm will be supported with remote hosts.
+ type: bool
+ des:
+ description:
+ - Select whether the DES encryption algorithm will be supported with remote hosts.
+ type: bool
+ use_encryption_algorithm:
+ description:
+ - Choose the encryption algorithm that will have the highest priority of the selected algorithms. If given a
+ choice of more that one encryption algorithm to use, the algorithm selected in this field will be used.
+ type: str
+ choices: ['AES-256', 'DES', 'AES-128', 'TDES']
+ support_data_integrity:
+ description:
+ - Select the hash algorithms that will be supported with remote hosts to ensure data integrity.
+ type: dict
+ suboptions:
+ aes_xcbc:
+ description:
+ - Select whether the AES-XCBC hash algorithm will be supported with remote hosts to ensure data integrity.
+ type: bool
+ md5:
+ description:
+ - Select whether the MD5 hash algorithm will be supported with remote hosts to ensure data integrity.
+ type: bool
+ sha1:
+ description:
+ - Select whether the SHA1 hash algorithm will be supported with remote hosts to ensure data integrity.
+ type: bool
+ sha256:
+ description:
+ - Select whether the SHA256 hash algorithm will be supported with remote hosts to ensure data integrity.
+ type: bool
+ use_data_integrity:
+ description:
+ - The hash algorithm chosen here will be given the highest priority if more than one choice is offered.
+ type: str
+ choices: ['aes-xcbc', 'sha1', 'sha256', 'sha384', 'sha512', 'md5']
+ enforce_encryption_alg_and_data_integrity_on_all_users:
+ description:
+ - Enforce Encryption Algorithm and Data Integrity on all users.
+ type: bool
+ encryption_method:
+ description:
+ - Select the encryption method.
+ type: str
+ choices: ['prefer_ikev2_support_ikev1', 'ike_v2_only', 'ike_v1_only']
+ pre_shared_secret:
+ description:
+ - the user password is specified in the Authentication tab in the user's IKE properties (in the user properties window, Encryption tab > Edit).
+ type: bool
+ support_legacy_auth_for_sc_l2tp_nokia_clients:
+ description:
+ - Support Legacy Authentication for SC (hybrid mode), L2TP (PAP) and Nokia clients (CRACK).
+ type: bool
+ support_legacy_eap:
+ description:
+ - Support Legacy EAP (Extensible Authentication Protocol).
+ type: bool
+ support_l2tp_with_pre_shared_key:
+ description:
+ - Use a centrally managed pre-shared key for IKE.
+ type: bool
+ l2tp_pre_shared_key:
+ description:
+ - Type in the pre-shared key.<br>Available only if support-l2tp-with-pre-shared-key is set to true.
+ type: str
+ vpn_advanced:
+ description:
+ - Configure encryption methods and interface resolution for remote access clients.
+ type: dict
+ suboptions:
+ allow_clear_traffic_to_encryption_domain_when_disconnected:
+ description:
+ - SecuRemote/SecureClient behavior while disconnected - How traffic to the VPN domain is handled when the Remote Access VPN
+ client is not connected to the site. Traffic can either be dropped or sent in clear without encryption.
+ type: bool
+ enable_load_distribution_for_mep_conf:
+ description:
+ - Load distribution for Multiple Entry Points configurations - Remote access clients will randomly select a gateway from the
+ list of entry points. Make sure to define the same VPN domain for all the Security Gateways you want to be entry points.
+ type: bool
+ use_first_allocated_om_ip_addr_for_all_conn_to_the_gws_of_the_site:
+ description:
+ - Use first allocated Office Mode IP Address for all connections to the Gateways of the site.After a remote user connects and
+ receives an Office Mode IP address from a gateway, every connection to that gateways encryption domain will go out with the Office Mode IP as
+ the internal source IP. The Office Mode IP is what hosts in the encryption domain will recognize as the remote user's IP address. The Office
+ Mode IP address assigned by a specific gateway can be used in its own encryption domain and in neighboring encryption domains as well. The
+ neighboring encryption domains should reside behind gateways that are members of the same VPN community as the assigning gateway. Since the
+ remote hosts connections are dependant on the Office Mode IP address it received, should the gateway that issued the IP become unavailable,
+ all the connections to the site will terminate.
+ type: bool
+ scv:
+ description:
+ - Define properties of the Secure Configuration Verification process.
+ type: dict
+ suboptions:
+ apply_scv_on_simplified_mode_fw_policies:
+ description:
+ - Determine whether the gateway verifies that remote access clients are securely configured. This is set here only if the
+ security policy is defined in the Simplified Mode. If the security policy is defined in the Traditional Mode, verification takes place per
+ rule.
+ type: bool
+ exceptions:
+ description:
+ - Specify the hosts that can be accessed using the selected services even if the client is not verified.<br>Available only if
+ apply-scv-on-simplified-mode-fw-policies is true.
+ type: list
+ elements: dict
+ suboptions:
+ hosts:
+ description:
+ - Specify the Hosts to be excluded from SCV.
+ type: list
+ elements: str
+ services:
+ description:
+ - Specify the services to be accessed.
+ type: list
+ elements: str
+ no_scv_for_unsupported_cp_clients:
+ description:
+ - Do not apply Secure Configuration Verification for connections from Check Point VPN clients that don't support it, such as SSL
+ Network Extender, GO, Capsule VPN / Connect, Endpoint Connects lower than R75, or L2TP clients.<br>Available only if
+ apply-scv-on-simplified-mode-fw-policies is true.
+ type: bool
+ upon_verification_accept_and_log_client_connection:
+ description:
+ - If the gateway verifies the client's configuration, decide how the gateway should handle connections with clients that fail
+ the Security Configuration Verification. It is possible to either drop the connection or Accept the connection and log it.
+ type: bool
+ only_tcp_ip_protocols_are_used:
+ description:
+ - Most SCV checks are configured via the SCV policy. Specify whether to verify that only TCP/IP protocols are used.
+ type: bool
+ policy_installed_on_all_interfaces:
+ description:
+ - Most SCV checks are configured via the SCV policy. Specify whether to verify that the Desktop Security Policy is installed on
+ all the interfaces of the client.
+ type: bool
+ generate_log:
+ description:
+ - If the client identifies that the secure configuration has been violated, select whether a log is generated by the remote
+ access client and sent to the Security Management server.
+ type: bool
+ notify_user:
+ description:
+ - If the client identifies that the secure configuration has been violated, select whether to user should be notified.
+ type: bool
+ ssl_network_extender:
+ description:
+ - Define properties for SSL Network Extender users.
+ type: dict
+ suboptions:
+ user_auth_method:
+ description:
+ - Wide Impact, Also applies for SecureClient Mobile devices and Check Point GO clients!<br>User authentication method indicates
+ how the user will be authenticated by the gateway. Changes made here will also apply for SSL clients.<br>Legacy - Username and password
+ only.<br>Certificate - Certificate only with an existing certificate.<br>Certificate with Enrollment - Allows you to obtain a new certificate
+ and then use certificate authentication only.<br>Mixed - Can use either username and password or certificate.
+ type: str
+ choices: ['certificate_with_enrollment', 'certificate', 'mixed', 'legacy']
+ supported_encryption_methods:
+ description:
+ - Wide Impact, Also applies to SecureClient Mobile devices!<br>Select the encryption algorithms that will be supported for
+ remote users. Changes made here will also apply for all SSL clients.
+ type: str
+ choices: ['3des_or_rc4', '3des_only']
+ client_upgrade_upon_connection:
+ description:
+ - When a client connects to the gateway with SSL Network Extender, the client automatically checks for upgrade. Select whether
+ the client should automatically upgrade.
+ type: str
+ choices: ['force_upgrade', 'ask_user', 'no_upgrade']
+ client_uninstall_upon_disconnection:
+ description:
+ - Select whether the client should automatically uninstall SSL Network Extender when it disconnects from the gateway.
+ type: str
+ choices: ['force_uninstall', 'ask_user', 'dont_uninstall']
+ re_auth_user_interval:
+ description:
+ - Wide Impact, Applies for the SecureClient Mobile!<br>Select the interval that users will need to reauthenticate.
+ type: int
+ scan_ep_machine_for_compliance_with_ep_compliance_policy:
+ description:
+ - Set to true if you want endpoint machines to be scanned for compliance with the Endpoint Compliance Policy.
+ type: bool
+ client_outgoing_keep_alive_packets_frequency:
+ description:
+ - Select the interval which the keep-alive packets are sent.
+ type: int
+ secure_client_mobile:
+ description:
+ - Define properties for SecureClient Mobile.
+ type: dict
+ suboptions:
+ user_auth_method:
+ description:
+ - Wide Impact, Also applies for SSL Network Extender clients and Check Point GO clients.<br>How the user will be authenticated by the gateway.
+ type: str
+ choices: ['certificate_with_enrollment', 'certificate', 'mixed', 'legacy']
+ enable_password_caching:
+ description:
+ - If the password entered to authenticate is saved locally on the user's machine.
+ type: str
+ choices: ['client_decide', 'true', 'false']
+ cache_password_timeout:
+ description:
+ - Cached password timeout (in minutes).
+ type: int
+ re_auth_user_interval:
+ description:
+ - Wide Impact, Also applies for SSL Network Extender clients!<br>The length of time (in minutes) until the user's credentials
+ are resent to the gateway to verify authorization.
+ type: int
+ connect_mode:
+ description:
+ - Methods by which a connection to the gateway will be initiated,<br>Configured On Endpoint Client - the method used for
+ initiating a connection to a gateway is determined by the endpoint client<br>Manual - VPN connections will not be initiated
+ automatically.<br>Always connected - SecureClient Mobile will automatically establish a connection to the last connected gateway under the
+ following circumstances, (a) the device has a valid IP address, (b) when the device "wakes up" from a low-power state or a soft-reset, or (c)
+ after a condition that caused the device to automatically disconnect ceases to exist (for example, Device is out of PC Sync, Disconnect is not
+ idle.).<br>On application request - Applications requiring access to resources through the VPN will be able to initiate a VPN connection.
+ type: str
+ choices: ['manual', 'always connected', 'on application request', 'configured on endpoint client']
+ automatically_initiate_dialup:
+ description:
+ - When selected, the client will initiate a GPRS dialup connection before attempting to establish the VPN connection. Note that
+ if a local IP address is already available through another network interface, then the GPRS dialup is not initiated.
+ type: str
+ choices: ['client_decide', 'true', 'false']
+ disconnect_when_device_is_idle:
+ description:
+ - Enabling this feature will disconnect users from the gateway if there is no traffic sent during the defined time period.
+ type: str
+ choices: ['client_decide', 'true', 'false']
+ supported_encryption_methods:
+ description:
+ - Wide Impact, Also applies for SSL Network Extender clients!<br>Select the encryption algorithms that will be supported with remote users.
+ type: str
+ choices: ['3des_or_rc4', '3des_only']
+ route_all_traffic_to_gw:
+ description:
+ - Operates the client in Hub Mode, sending all traffic to the VPN server for routing, filtering, and processing.
+ type: str
+ choices: ['client_decide', 'true', 'false']
+ endpoint_connect:
+ description:
+ - Configure global settings for Endpoint Connect. These settings apply to all gateways.
+ type: dict
+ suboptions:
+ enable_password_caching:
+ description:
+ - If the password entered to authenticate is saved locally on the user's machine.
+ type: str
+ choices: ['client_decide', 'true', 'false']
+ cache_password_timeout:
+ description:
+ - Cached password timeout (in minutes).
+ type: int
+ re_auth_user_interval:
+ description:
+ - The length of time (in minutes) until the user's credentials are resent to the gateway to verify authorization.
+ type: int
+ connect_mode:
+ description:
+ - Methods by which a connection to the gateway will be initiated,<br>Manual - VPN connections will not be initiated
+ automatically.<br>Always connected - Endpoint Connect will automatically establish a connection to the last connected gateway under the
+ following circumstances, (a) the device has a valid IP address, (b) when the device "wakes up" from a low-power state or a soft-reset, or (c)
+ after a condition that caused the device to automatically disconnect ceases to exist (for example, Device is out of PC Sync, Disconnect is not
+ idle.).<br>Configured on endpoint client - the method used for initiating a connection to a gateway is determined by the endpoint client.
+ type: str
+ choices: ['Manual', 'Always Connected', 'Configured On Endpoint Client']
+ network_location_awareness:
+ description:
+ - Wide Impact, Also applies for Check Point GO clients!<br>Endpoint Connect intelligently detects whether it is inside or
+ outside of the VPN domain (Enterprise LAN), and automatically connects or disconnects as required. Select true and edit
+ network-location-awareness-conf to configure this capability.
+ type: str
+ choices: ['client_decide', 'true', 'false']
+ network_location_awareness_conf:
+ description:
+ - Configure how the client determines its location in relation to the internal network.
+ type: dict
+ suboptions:
+ vpn_clients_are_considered_inside_the_internal_network_when_the_client:
+ description:
+ - When a VPN client is within the internal network, the internal resources are available and the VPN tunnel should be
+ disconnected. Determine when VPN clients are considered inside the internal network,<br>Connects to GW through internal interface - The
+ client connects to the gateway through one of its internal interfaces (recommended).<br>Connects from network or group - The client
+ connects from a network or group specified in network-or-group-of-conn-vpn-client.<br>Runs on computer with access to Active Directory
+ domain - The client runs on a computer that can access its Active Directory domain.<br>Note, The VPN tunnel will resume automatically when
+ the VPN client is no longer in the internal network and the client is set to "Always connected" mode.
+ type: str
+ choices: ['connects to gw through internal interface', 'connects from network or group',
+ 'runs on computer with access to active directory domain']
+ network_or_group_of_conn_vpn_client:
+ description:
+ - Name or UID of Network or Group the VPN client is connected from.<br>Available only if
+ vpn-clients-are-considered-inside-the-internal-network-when-the-client is set to "Connects from network or group".
+ type: str
+ consider_wireless_networks_as_external:
+ description:
+ - The speed at which locations are classified as internal or external can be increased by creating a list of wireless
+ networks that are known to be external. A wireless network is identified by its Service Set Identifier (SSID) a name used to identify a
+ particular 802.11 wireless LAN.
+ type: bool
+ excluded_internal_wireless_networks:
+ description:
+ - Excludes the specified internal networks names (SSIDs).<br>Available only if consider-wireless-networks-as-external is set to true.
+ type: list
+ elements: str
+ consider_undefined_dns_suffixes_as_external:
+ description:
+ - The speed at which locations are classified as internal or external can be increased by creating a list of DNS
+ suffixes that are known to be external. Enable this to be able to define DNS suffixes which won't be considered external.
+ type: bool
+ dns_suffixes:
+ description:
+ - DNS suffixes not defined here will be considered as external. If this list is empty
+ consider-undefined-dns-suffixes-as-external will automatically be set to false.<br>Available only if
+ consider-undefined-dns-suffixes-as-external is set to true.
+ type: list
+ elements: str
+ remember_previously_detected_external_networks:
+ description:
+ - The speed at which locations are classified as internal or external can be increased by caching (on the client side)
+ names of networks that were previously determined to be external.
+ type: bool
+ disconnect_when_conn_to_network_is_lost:
+ description:
+ - Enabling this feature disconnects users from the gateway when connectivity to the network is lost.
+ type: str
+ choices: ['client_decide', 'true', 'false']
+ disconnect_when_device_is_idle:
+ description:
+ - Enabling this feature will disconnect users from the gateway if there is no traffic sent during the defined time period.
+ type: str
+ choices: ['client_decide', 'true', 'false']
+ route_all_traffic_to_gw:
+ description:
+ - Operates the client in Hub Mode, sending all traffic to the VPN server for routing, filtering, and processing.
+ type: str
+ choices: ['client_decide', 'true', 'false']
+ client_upgrade_mode:
+ description:
+ - Select an option to determine how the client is upgraded.
+ type: str
+ choices: ['force_upgrade', 'ask_user', 'no_upgrade']
+ hot_spot_and_hotel_registration:
+ description:
+ - Configure the settings for Wireless Hot Spot and Hotel Internet access registration.
+ type: dict
+ suboptions:
+ enable_registration:
+ description:
+ - Set Enable registration to true in order to configure settings. Set Enable registration to false in order to cancel
+ registration (the configurations below won't be available). When the feature is enabled, you have several minutes to complete registration.
+ type: bool
+ local_subnets_access_only:
+ description:
+ - Local subnets access only.
+ type: bool
+ registration_timeout:
+ description:
+ - Maximum time (in seconds) to complete registration.
+ type: int
+ track_log:
+ description:
+ - Track log.
+ type: bool
+ max_ip_access_during_registration:
+ description:
+ - Maximum number of addresses to allow access to during registration.
+ type: int
+ ports:
+ description:
+ - Ports to be opened during registration (up to 10 ports).
+ type: list
+ elements: str
+ user_directory:
+ description:
+ - User can enable LDAP User Directory as well as specify global parameters for LDAP. If LDAP User Directory is enabled, this means that users
+ are managed on an external LDAP server and not on the internal Check Point Security Gateway users databases.
+ type: dict
+ suboptions:
+ enable_password_change_when_user_active_directory_expires:
+ description:
+ - For organizations using MS Active Directory, this setting enables users whose passwords have expired to automatically create new passwords.
+ type: bool
+ cache_size:
+ description:
+ - The maximum number of cached users allowed. The cache is FIFO (first-in, first-out). When a new user is added to a full cache, the
+ first user is deleted to make room for the new user. The Check Point Security Gateway does not query the LDAP server for users already in the
+ cache, unless the cache has timed out.
+ type: int
+ enable_password_expiration_configuration:
+ description:
+ - Enable configuring of the number of days during which the password is valid.<br>If
+ enable-password-change-when-user-active-directory-expires is true, the password expiration time is determined by the Active Directory. In this
+ case it is recommended not to set this to true.
+ type: bool
+ password_expires_after:
+ description:
+ - Specifies the number of days during which the password is valid. Users are authenticated using a special LDAP password. Should this
+ password expire, a new password must be defined.<br>Available only if enable-password-expiration-configuration is true.
+ type: int
+ timeout_on_cached_users:
+ description:
+ - The period of time in which a cached user is timed out and will need to be fetched again from the LDAP server.
+ type: int
+ display_user_dn_at_login:
+ description:
+ - Decide whether or not you would like to display the user's DN when logging in. If you choose to display the user DN, you can select
+ whether to display it, when the user is prompted for the password at login, or on the request of the authentication scheme. This property is a
+ useful diagnostic tool when there is more than one user with the same name in an Account Unit. In this case, the first one is chosen and the
+ others are ignored.
+ type: str
+ choices: ['no display', 'display upon request', 'display']
+ enforce_rules_for_user_mgmt_admins:
+ description:
+ - Enforces password strength rules on LDAP users when you create or modify a Check Point Password.
+ type: bool
+ min_password_length:
+ description:
+ - Specifies the minimum length (in characters) of the password.
+ type: int
+ password_must_include_a_digit:
+ description:
+ - Password must include a digit.
+ type: bool
+ password_must_include_a_symbol:
+ description:
+ - Password must include a symbol.
+ type: bool
+ password_must_include_lowercase_char:
+ description:
+ - Password must include a lowercase character.
+ type: bool
+ password_must_include_uppercase_char:
+ description:
+ - Password must include an uppercase character.
+ type: bool
+ qos:
+ description:
+ - Define the general parameters of Quality of Service (QoS) and apply them to QoS rules.
+ type: dict
+ suboptions:
+ default_weight_of_rule:
+ description:
+ - Define a Weight at which bandwidth will be guaranteed. Set a default weight for a rule.<br>Note, Value will be applied to new rules only.
+ type: int
+ max_weight_of_rule:
+ description:
+ - Define a Weight at which bandwidth will be guaranteed. Set a maximum weight for a rule.
+ type: int
+ unit_of_measure:
+ description:
+ - Define the Rate at which packets are transmitted, for which bandwidth will be guaranteed. Set a Unit of measure.
+ type: str
+ choices: ['bits-per-sec', 'bytes-per-sec', 'kbits-per-sec', 'kbytes-per-sec', 'mbits-per-sec', 'mbytes-per-sec']
+ authenticated_ip_expiration:
+ description:
+ - Define the Authentication time-out for QoS. This timeout is set in minutes. In an Authenticated IP all connections which are open in a
+ specified time limit will be guaranteed bandwidth, but will not be guaranteed bandwidth after the time limit.
+ type: int
+ non_authenticated_ip_expiration:
+ description:
+ - Define the Authentication time-out for QoS. This timeout is set in minutes.
+ type: int
+ unanswered_queried_ip_expiration:
+ description:
+ - Define the Authentication time-out for QoS. This timeout is set in minutes.
+ type: int
+ carrier_security:
+ description:
+ - Specify system-wide properties. Select GTP intra tunnel inspection options, including anti-spoofing; tracking and logging options, and integrity tests.
+ type: dict
+ suboptions:
+ block_gtp_in_gtp:
+ description:
+ - Prevents GTP packets from being encapsulated inside GTP tunnels. When this option is checked, such packets are dropped and logged.
+ type: bool
+ enforce_gtp_anti_spoofing:
+ description:
+ - verifies that G-PDUs are using the end user IP address that has been agreed upon in the PDP context activation process. When this
+ option is checked, packets that do not use this IP address are dropped and logged.
+ type: bool
+ produce_extended_logs_on_unmatched_pdus:
+ description:
+ - logs GTP packets not matched by previous rules with Carrier Security's extended GTP-related log fields. These logs are brown and their
+ Action attribute is empty. The default setting is checked.
+ type: bool
+ produce_extended_logs_on_unmatched_pdus_position:
+ description:
+ - Choose to place this implicit rule Before Last or as the Last rule.<br>Available only if produce-extended-logs-on-unmatched-pdus is true.
+ type: str
+ choices: ['before last', 'last']
+ protocol_violation_track_option:
+ description:
+ - Set the appropriate track or alert option to be used when a protocol violation (malformed packet) is detected.
+ type: str
+ choices: ['none', 'log', 'popup alert', 'mail alert', 'snmp trap alert', 'user defined alert no.1', 'user defined alert no.2',
+ 'user defined alert no.3']
+ enable_g_pdu_seq_number_check_with_max_deviation:
+ description:
+ - If set to false, sequence checking is not enforced and all out-of-sequence G-PDUs will be accepted.<br>To enhance performance, disable
+ this extended integrity test.
+ type: bool
+ g_pdu_seq_number_check_max_deviation:
+ description:
+ - specifies that a G-PDU is accepted only if the difference between its sequence number and the expected sequence number is less than or
+ equal to the allowed deviation.<br>Available only ifenable-g-pdu-seq-number-check-with-max-deviation is true.
+ type: int
+ verify_flow_labels:
+ description:
+ - See that each packet's flow label matches the flow labels defined by GTP signaling. This option is relevant for GTP version 0
+ only.<br>To enhance performance, disable this extended integrity test.
+ type: bool
+ allow_ggsn_replies_from_multiple_interfaces:
+ description:
+ - Allows GTP signaling replies from an IP address different from the IP address to which the requests are sent (Relevant only for
+ gateways below R80).
+ type: bool
+ enable_reverse_connections:
+ description:
+ - Allows Carrier Security gateways to accept PDUs sent from the GGSN to the SGSN, on a previously established PDP context, even if these
+ PDUs are sent over ports that do not match the ports of the established PDP context.
+ type: bool
+ gtp_signaling_rate_limit_sampling_interval:
+ description:
+ - Works in correlation with the property Enforce GTP Signal packet rate limit found in the Carrier Security window of the GSN network
+ object. For example, with the rate limit sampling interval default of 1 second, and the network object enforced a GTP signal packet rate limit of
+ the default 2048 PDU per second, sampling will occur one time per second, or 2048 signaling PDUs between two consecutive samplings.
+ type: int
+ one_gtp_echo_on_each_path_frequency:
+ description:
+ - sets the number of GTP Echo exchanges per path allowed per configured time period. Echo requests exceeding this rate are dropped and
+ logged. Setting the value to 0 disables the feature and allows an unlimited number of echo requests per path at any interval.
+ type: int
+ aggressive_aging:
+ description:
+ - If true, enables configuring aggressive aging thresholds and time out value.
+ type: bool
+ aggressive_timeout:
+ description:
+ - Aggressive timeout. Available only if aggressive-aging is true.
+ type: int
+ memory_activation_threshold:
+ description:
+ - Memory activation threshold. Available only if aggressive-aging is true.
+ type: int
+ memory_deactivation_threshold:
+ description:
+ - Memory deactivation threshold. Available only if aggressive-aging is true.
+ type: int
+ tunnel_activation_threshold:
+ description:
+ - Tunnel activation threshold. Available only if aggressive-aging is true.
+ type: int
+ tunnel_deactivation_threshold:
+ description:
+ - Tunnel deactivation threshold. Available only if aggressive-aging is true.
+ type: int
+ user_accounts:
+ description:
+ - Set the expiration for a user account and configure "about to expire" warnings.
+ type: dict
+ suboptions:
+ expiration_date_method:
+ description:
+ - Select an Expiration Date Method.<br>Expire at - Account expires on the date that you select.<br>Expire after - Account expires after
+ the number of days that you select.
+ type: str
+ choices: ['expire after', 'expire at']
+ expiration_date:
+ description:
+ - Specify an Expiration Date in the following format, YYYY-MM-DD.<br>Available only if expiration-date-method is set to "expire at".
+ type: str
+ days_until_expiration:
+ description:
+ - Account expires after the number of days that you select.<br>Available only if expiration-date-method is set to "expire after".
+ type: int
+ show_accounts_expiration_indication_days_in_advance:
+ description:
+ - Activates the Expired Accounts link, to open the Expired Accounts window.
+ type: bool
+ user_authority:
+ description:
+ - Decide whether to display and access the WebAccess rule base. This policy defines which users (that is, which Windows Domains) have access to
+ the internal sites of the organization.
+ type: dict
+ suboptions:
+ display_web_access_view:
+ description:
+ - Specify whether or not to display the WebAccess rule base. This rule base is used for UserAuthority.
+ type: bool
+ windows_domains_to_trust:
+ description:
+ - When matching Firewall usernames to Windows Domains usernames for Single Sign on, selectwhether to trust all or specify which Windows
+ Domain should be trusted.<br>ALL - Enables you to allow all Windows domains to access the internal sites of the organization.<br>SELECTIVELY -
+ Enables you to specify which Windows domains will have access to the internal sites of the organization.
+ type: str
+ choices: ['selectively', 'all']
+ trust_only_following_windows_domains:
+ description:
+ - Specify which Windows domains will have access to the internal sites of the organization.<br>Available only if
+ windows-domains-to-trust is set to SELECTIVELY.
+ type: list
+ elements: str
+ connect_control:
+ description:
+ - Configure settings that relate to ConnectControl server load balancing.
+ type: dict
+ suboptions:
+ load_agents_port:
+ description:
+ - Sets the port number on which load measuring agents communicate with ConnectControl.
+ type: int
+ load_measurement_interval:
+ description:
+ - sets how often (in seconds) the load measuring agents report their load status to ConnectControl.
+ type: int
+ persistence_server_timeout:
+ description:
+ - Sets the amount of time (in seconds) that a client, once directed to a particular server, will continue to be directed to that same server.
+ type: int
+ server_availability_check_interval:
+ description:
+ - Sets how often (in seconds) ConnectControl checks to make sure the load balanced servers are running and responding to service requests.
+ type: int
+ server_check_retries:
+ description:
+ - Sets how many times ConnectControl attempts to contact a server before ceasing to direct traffic to it.
+ type: int
+ stateful_inspection:
+ description:
+ - Adjust Stateful Inspection parameters.
+ type: dict
+ suboptions:
+ tcp_start_timeout:
+ description:
+ - A TCP connection will be timed out if the interval between the arrival of the first packet and establishment of the connection (TCP
+ three-way handshake) exceeds TCP start timeout seconds.
+ type: int
+ tcp_session_timeout:
+ description:
+ - The length of time (in seconds) an idle connection will remain in the Security Gateway connections table.
+ type: int
+ tcp_end_timeout:
+ description:
+ - A TCP connection will only terminate TCP end timeout seconds after two FIN packets (one in each direction, client-to-server, and
+ server-to-client) or an RST packet. When a TCP connection ends (FIN packets sent or connection reset) the Check Point Security Gateway will keep
+ the connection in the connections table for another TCP end timeout seconds, to allow for stray ACKs of the connection that arrive late.
+ type: int
+ tcp_end_timeout_r8020_gw_and_above:
+ description:
+ - A TCP connection will only terminate TCP end timeout seconds after two FIN packets (one in each direction, client-to-server, and
+ server-to-client) or an RST packet. When a TCP connection ends (FIN packets sent or connection reset) the Check Point Security Gateway will keep
+ the connection in the connections table for another TCP end timeout seconds, to allow for stray ACKs of the connection that arrive late.
+ type: int
+ udp_virtual_session_timeout:
+ description:
+ - Specifies the amount of time (in seconds) a UDP reply channel may remain open without any packets being returned.
+ type: int
+ icmp_virtual_session_timeout:
+ description:
+ - An ICMP virtual session will be considered to have timed out after this time period (in seconds).
+ type: int
+ other_ip_protocols_virtual_session_timeout:
+ description:
+ - A virtual session of services which are not explicitly configured here will be considered to have timed out after this time period (in seconds).
+ type: int
+ sctp_start_timeout:
+ description:
+ - SCTP connections will be timed out if the interval between the arrival of the first packet and establishment of the connection exceeds
+ this value (in seconds).
+ type: int
+ sctp_session_timeout:
+ description:
+ - Time (in seconds) an idle connection will remain in the Security Gateway connections table.
+ type: int
+ sctp_end_timeout:
+ description:
+ - SCTP connections end after this number of seconds, after the connection ends or is reset, to allow for stray ACKs of the connection
+ that arrive late.
+ type: int
+ accept_stateful_udp_replies_for_unknown_services:
+ description:
+ - Specifies if UDP replies are to be accepted for unknown services.
+ type: bool
+ accept_stateful_icmp_errors:
+ description:
+ - Accept ICMP error packets which refer to another non-ICMP connection (for example, to an ongoing TCP or UDP connection) that was
+ accepted by the Rule Base.
+ type: bool
+ accept_stateful_icmp_replies:
+ description:
+ - Accept ICMP reply packets for ICMP requests that were accepted by the Rule Base.
+ type: bool
+ accept_stateful_other_ip_protocols_replies_for_unknown_services:
+ description:
+ - Accept reply packets for other undefined services (that is, services which are not one of the following, TCP, UDP, ICMP).
+ type: bool
+ drop_out_of_state_tcp_packets:
+ description:
+ - Drop TCP packets which are not consistent with the current state of the connection.
+ type: bool
+ log_on_drop_out_of_state_tcp_packets:
+ description:
+ - Generates a log entry when these out of state TCP packets are dropped.<br>Available only if drop-out-of-state-tcp-packets is true.
+ type: bool
+ tcp_out_of_state_drop_exceptions:
+ description:
+ - Name or uid of the gateways and clusters for which Out of State packets are allowed.
+ type: list
+ elements: str
+ drop_out_of_state_icmp_packets:
+ description:
+ - Drop ICMP packets which are not consistent with the current state of the connection.
+ type: bool
+ log_on_drop_out_of_state_icmp_packets:
+ description:
+ - Generates a log entry when these out of state ICMP packets are dropped.<br>Available only if drop-out-of-state-icmp-packets is true.
+ type: bool
+ drop_out_of_state_sctp_packets:
+ description:
+ - Drop SCTP packets which are not consistent with the current state of the connection.
+ type: bool
+ log_on_drop_out_of_state_sctp_packets:
+ description:
+ - Generates a log entry when these out of state SCTP packets are dropped.<br>Available only if drop-out-of-state-sctp-packets is true.
+ type: bool
+ log_and_alert:
+ description:
+ - Define system-wide logging and alerting parameters.
+ type: dict
+ suboptions:
+ administrative_notifications:
+ description:
+ - Administrative notifications specifies the action to be taken when an administrative event (for example, when a certificate is about
+ to expire) occurs.
+ type: str
+ choices: ['none', 'log', 'popup alert', 'mail alert', 'snmp trap alert', 'user defined alert no.1', 'user defined alert no.2',
+ 'user defined alert no.3']
+ connection_matched_by_sam:
+ description:
+ - Connection matched by SAM specifies the action to be taken when a connection is blocked by SAM (Suspicious Activities Monitoring).
+ type: str
+ choices: ['Popup Alert', 'Mail Alert', 'SNMP Trap Alert', 'User Defined Alert no.1', 'User Defined Alert no.2', 'User Defined Alert no.3']
+ dynamic_object_resolution_failure:
+ description:
+ - Dynamic object resolution failure specifies the action to be taken when a dynamic object cannot be resolved.
+ type: str
+ choices: ['none', 'log', 'popup alert', 'mail alert', 'snmp trap alert', 'user defined alert no.1', 'user defined alert no.2',
+ 'user defined alert no.3']
+ ip_options_drop:
+ description:
+ - IP Options drop specifies the action to take when a packet with IP Options is encountered. The Check Point Security Gateway always
+ drops these packets, but you can log them or issue an alert.
+ type: str
+ choices: ['none', 'log', 'popup alert', 'mail alert', 'snmp trap alert', 'user defined alert no.1', 'user defined alert no.2',
+ 'user defined alert no.3']
+ packet_is_incorrectly_tagged:
+ description:
+ - Packet is incorrectly tagged.
+ type: str
+ choices: ['none', 'log', 'popup alert', 'mail alert', 'snmp trap alert', 'user defined alert no.1', 'user defined alert no.2',
+ 'user defined alert no.3']
+ packet_tagging_brute_force_attack:
+ description:
+ - Packet tagging brute force attack.
+ type: str
+ choices: ['none', 'log', 'popup alert', 'mail alert', 'snmp trap alert', 'user defined alert no.1', 'user defined alert no.2',
+ 'user defined alert no.3']
+ sla_violation:
+ description:
+ - SLA violation specifies the action to be taken when an SLA violation occurs, as defined in the Virtual Links window.
+ type: str
+ choices: ['none', 'log', 'popup alert', 'mail alert', 'snmp trap alert', 'user defined alert no.1', 'user defined alert no.2',
+ 'user defined alert no.3']
+ vpn_conf_and_key_exchange_errors:
+ description:
+ - VPN configuration & key exchange errors specifies the action to be taken when logging configuration or key exchange errors occur, for
+ example, when attempting to establish encrypted communication with a network object inside the same encryption domain.
+ type: str
+ choices: ['none', 'log', 'popup alert', 'mail alert', 'snmp trap alert', 'user defined alert no.1', 'user defined alert no.2',
+ 'user defined alert no.3']
+ vpn_packet_handling_error:
+ description:
+ - VPN packet handling errors specifies the action to be taken when encryption or decryption errors occurs. A log entry contains the
+ action performed (Drop or Reject) and a short description of the error cause, for example, scheme or method mismatch.
+ type: str
+ choices: ['none', 'log', 'popup alert', 'mail alert', 'snmp trap alert', 'user defined alert no.1', 'user defined alert no.2',
+ 'user defined alert no.3']
+ vpn_successful_key_exchange:
+ description:
+ - VPN successful key exchange specifies the action to be taken when VPN keys are successfully exchanged.
+ type: str
+ choices: ['none', 'log', 'popup alert', 'mail alert', 'snmp trap alert', 'user defined alert no.1', 'user defined alert no.2',
+ 'user defined alert no.3']
+ log_every_authenticated_http_connection:
+ description:
+ - Log every authenticated HTTP connection specifies that a log entry should be generated for every authenticated HTTP connection.
+ type: bool
+ log_traffic:
+ description:
+ - Log Traffic specifies whether or not to log traffic.
+ type: str
+ choices: ['none', 'log']
+ alerts:
+ description:
+ - Define the behavior of alert logs and the type of alert used for System Alert logs.
+ type: dict
+ suboptions:
+ send_popup_alert_to_smartview_monitor:
+ description:
+ - Send popup alert to SmartView Monitor when an alert is issued, it is also sent to SmartView Monitor.
+ type: bool
+ popup_alert_script:
+ description:
+ - Run popup alert script the operating system script to be executed when an alert is issued. For example, set another form of
+ notification, such as an email or a user-defined command.
+ type: str
+ send_mail_alert_to_smartview_monitor:
+ description:
+ - Send mail alert to SmartView Monitor when a mail alert is issued, it is also sent to SmartView Monitor.
+ type: bool
+ mail_alert_script:
+ description:
+ - Run mail alert script the operating system script to be executed when Mail is specified as the Track in a rule. The default is
+ internal_sendmail, which is not a script but an internal Security Gateway command.
+ type: str
+ send_snmp_trap_alert_to_smartview_monitor:
+ description:
+ - Send SNMP trap alert to SmartView Monitor when an SNMP trap alert is issued, it is also sent to SmartView Monitor.
+ type: bool
+ snmp_trap_alert_script:
+ description:
+ - Run SNMP trap alert script command to be executed when SNMP Trap is specified as the Track in a rule. By default the
+ internal_snmp_trap is used. This command is executed by the fwd process.
+ type: str
+ send_user_defined_alert_num1_to_smartview_monitor:
+ description:
+ - Send user defined alert no. 1 to SmartView Monitor when an alert is issued, it is also sent to SmartView Monitor.
+ type: bool
+ user_defined_script_num1:
+ description:
+ - Run user defined script the operating system script to be run when User-Defined is specified as the Track in a rule, or when
+ User Defined Alert no. 1 is selected as a Track Option.
+ type: str
+ send_user_defined_alert_num2_to_smartview_monitor:
+ description:
+ - Send user defined alert no. 2 to SmartView Monitor when an alert is issued, it is also sent to SmartView Monitor.
+ type: bool
+ user_defined_script_num2:
+ description:
+ - Run user defined 2 script the operating system script to be run when User-Defined is specified as the Track in a rule, or when
+ User Defined Alert no. 2 is selected as a Track Option.
+ type: str
+ send_user_defined_alert_num3_to_smartview_monitor:
+ description:
+ - Send user defined alert no. 3 to SmartView Monitor when an alert is issued, it is also sent to SmartView Monitor.
+ type: bool
+ user_defined_script_num3:
+ description:
+ - Run user defined 3 script the operating system script to be run when User-Defined is specified as the Track in a rule, or when
+ User Defined Alert no. 3 is selected as a Track Option.
+ type: str
+ default_track_option_for_system_alerts:
+ description:
+ - Set the default track option for System Alerts.
+ type: str
+ choices: ['Popup Alert', 'Mail Alert', 'SNMP Trap Alert', 'User Defined Alert no.1', 'User Defined Alert no.2', 'User Defined Alert no.3']
+ time_settings:
+ description:
+ - Configure the time settings associated with system-wide logging and alerting parameters.
+ type: dict
+ suboptions:
+ excessive_log_grace_period:
+ description:
+ - Specifies the minimum amount of time (in seconds) between consecutive logs of similar packets. Two packets are considered
+ similar if they have the same source address, source port, destination address, and destination port; and the same protocol was used. After
+ the first packet, similar packets encountered in the grace period will be acted upon according to the security policy, but only the first
+ packet generates a log entry or an alert. Any value from 0 to 90 seconds can be entered in this field.<br>Note, This option only applies for
+ DROP rules with logging.
+ type: int
+ logs_resolving_timeout:
+ description:
+ - Specifies the amount of time (in seconds), after which the log page is displayed without resolving names and while showing
+ only IP addresses. Any value from 0 to 90 seconds can be entered in this field.
+ type: int
+ status_fetching_interval:
+ description:
+ - Specifies the frequency at which the Security Management server queries the Check Point Security gateway, Check Point QoS and
+ other gateways it manages for status information. Any value from 30 to 900 seconds can be entered in this field.
+ type: int
+ virtual_link_statistics_logging_interval:
+ description:
+ - Specifies the frequency (in seconds) with which Virtual Link statistics will be logged. This parameter is relevant only for
+ Virtual Links defined with SmartView Monitor statistics enabled in the SLA Parameters tab of the Virtual Link window. Any value from 60 to
+ 3600 seconds can be entered in this field.
+ type: int
+ data_access_control:
+ description:
+ - Configure automatic downloads from Check Point and anonymously share product data. Options selected here apply to all Security Gateways,
+ Clusters and VSX devices managed by this management server.
+ type: dict
+ suboptions:
+ auto_download_important_data:
+ description:
+ - Automatically download and install Software Blade Contracts, security updates and other important data (highly recommended).
+ type: bool
+ auto_download_sw_updates_and_new_features:
+ description:
+ - Automatically download software updates and new features (highly recommended).<br>Available only if auto-download-important-data is set to true.
+ type: bool
+ send_anonymous_info:
+ description:
+ - Help Check Point improve the product by sending anonymous information.
+ type: bool
+ share_sensitive_info:
+ description:
+ - Approve sharing core dump files and other relevant crash data which might contain personal information. All shared data will be
+ processed in accordance with Check Point's Privacy Policy.<br>Available only if send-anonymous-info is set to true.
+ type: bool
+ non_unique_ip_address_ranges:
+ description:
+ - Specify Non Unique IP Address Ranges.
+ type: list
+ elements: dict
+ suboptions:
+ address_type:
+ description:
+ - The type of the IP Address.
+ type: str
+ choices: ['IPv4', 'IPv6']
+ first_ipv4_address:
+ description:
+ - The first IPV4 Address in the range.
+ type: str
+ first_ipv6_address:
+ description:
+ - The first IPV6 Address in the range.
+ type: str
+ last_ipv4_address:
+ description:
+ - The last IPV4 Address in the range.
+ type: str
+ last_ipv6_address:
+ description:
+ - The last IPV6 Address in the range.
+ type: str
+ proxy:
+ description:
+ - Select whether a proxy server is used when servers, gateways, or clients need to access the internet for certain Check Point features and set
+ the default proxy server that will be used.
+ type: dict
+ suboptions:
+ use_proxy_server:
+ description:
+ - If set to true, a proxy server is used when features need to access the internet.
+ type: bool
+ proxy_address:
+ description:
+ - Specify the URL or IP address of the proxy server.<br>Available only if use-proxy-server is set to true.
+ type: str
+ proxy_port:
+ description:
+ - Specify the Port on which the server will be accessed.<br>Available only if use-proxy-server is set to true.
+ type: int
+ user_check:
+ description:
+ - Set a language for the UserCheck message if the language setting in the user's browser cannot be determined.
+ type: dict
+ suboptions:
+ preferred_language:
+ description:
+ - The preferred language for new UserCheck message.
+ type: str
+ choices: ['Afrikaans', 'Albanian', 'Amharic', 'Arabic', 'Armenian', 'Basque', 'Belarusian', 'Bosnian', 'Bulgarian', 'Catalan',
+ 'Chinese', 'Croatian', 'Czech', 'Danish', 'Dutch', 'English', 'Estonian', 'Finnish', 'French', 'Gaelic', 'Georgian', 'German', 'Greek',
+ 'Hebrew', 'Hindi', 'Hungarian', 'Icelandic', 'Indonesian', 'Irish', 'Italian', 'Japanese', 'Korean', 'Latvian', 'Lithuanian', 'Macedonia',
+ 'Maltese', 'Nepali', 'Norwegian', 'Polish', 'Portuguese', 'Romanian', 'Russian', 'Serbian', 'Slovak', 'Slovenian', 'Sorbian', 'Spanish',
+ 'Swahili', 'Swedish', 'Thai', 'Turkish', 'Ukrainian', 'Vietnamese', 'Welsh']
+ send_emails_using_mail_server:
+ description:
+ - Name or UID of mail server to send emails to.
+ type: str
+ hit_count:
+ description:
+ - Enable the Hit Count feature that tracks the number of connections that each rule matches.
+ type: dict
+ suboptions:
+ enable_hit_count:
+ description:
+ - Select to enable or clear to disable all Security Gateways to monitor the number of connections each rule matches.
+ type: bool
+ keep_hit_count_data_up_to:
+ description:
+ - Select one of the time range options. Data is kept in the Security Management Server database for this period and is shown in the Hits column.
+ type: str
+ choices: ['3 months', '6 months', '1 year', '2 years']
+ advanced_conf:
+ description:
+ - Configure advanced global attributes. It's highly recommended to consult with Check Point's Technical Support before modifying these values.
+ type: dict
+ suboptions:
+ certs_and_pki:
+ description:
+ - Configure Certificates and PKI properties.
+ type: dict
+ suboptions:
+ cert_validation_enforce_key_size:
+ description:
+ - Enforce key length in certificate validation (R80+ gateways only).
+ type: str
+ choices: ['off', 'alert', 'fail']
+ host_certs_ecdsa_key_size:
+ description:
+ - Select the key size for ECDSA of the host certificate.
+ type: str
+ choices: ['p-256', 'p-384', 'p-521']
+ host_certs_key_size:
+ description:
+ - Select the key size of the host certificate.
+ type: str
+ choices: ['4096', '1024', '2048']
+ allow_remote_registration_of_opsec_products:
+ description:
+ - After installing an OPSEC application, the remote administration (RA) utility enables an OPSEC product to finish registering itself without
+ having to access the SmartConsole. If set to true, any host including the application host can run the utility. Otherwise, the RA utility can only be
+ run from the Security Management host.
+ type: bool
+ num_spoofing_errs_that_trigger_brute_force:
+ description:
+ - Indicates how many incorrectly signed packets will be tolerated before assuming that there is an attack on the packet tagging and revoking the
+ client's key.
+ type: int
+ details_level:
+ description:
+ - The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed
+ representation of the object.
+ type: str
+ choices: ['uid', 'standard', 'full']
+ domains_to_process:
+ description:
+ - Indicates which domains to process the commands on. It cannot be used with the details-level full, must be run from the System Domain only and
+ with ignore-warnings true. Valid values are, CURRENT_DOMAIN, ALL_DOMAINS_ON_THIS_SERVER.
+ type: list
+ elements: str
+ ignore_warnings:
+ description:
+ - Apply changes ignoring warnings.
+ type: bool
+ ignore_errors:
+ description:
+ - Apply changes ignoring errors. You won't be able to publish such a changes. If ignore-warnings flag was omitted - warnings will also be ignored.
+ type: bool
+ auto_publish_session:
+ description:
+ - Publish the current session if changes have been performed after task completes.
+ type: bool
+extends_documentation_fragment: check_point.mgmt.checkpoint_commands
+"""
+
+EXAMPLES = """
+- name: set-global-properties
+ cp_mgmt_set_global_properties:
+ firewall:
+ security_server:
+ http_servers:
+ - host: host name of server
+ logical_name: unique logical name
+ port: 8080
+ reauthentication: post request
+ state: present
+"""
+
+RETURN = """
+cp_mgmt_set_global_properties:
+ description: The checkpoint set-global-properties output.
+ returned: always.
+ type: dict
+"""
+
+from ansible.module_utils.basic import AnsibleModule
+from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_commands, api_command
+
+
+def main():
+ argument_spec = dict(
+ firewall=dict(type='dict', options=dict(
+ accept_control_connections=dict(type='bool'),
+ accept_ips1_management_connections=dict(type='bool'),
+ accept_remote_access_control_connections=dict(type='bool'),
+ accept_smart_update_connections=dict(type='bool'),
+ accept_outgoing_packets_originating_from_gw=dict(type='bool'),
+ accept_outgoing_packets_originating_from_gw_position=dict(type='str', choices=['first', 'last', 'before last']),
+ accept_outgoing_packets_originating_from_connectra_gw=dict(type='bool'),
+ accept_outgoing_packets_to_cp_online_services=dict(type='bool'),
+ accept_outgoing_packets_to_cp_online_services_position=dict(type='str', choices=['first', 'last', 'before last']),
+ accept_domain_name_over_tcp=dict(type='bool'),
+ accept_domain_name_over_tcp_position=dict(type='str', choices=['first', 'last', 'before last']),
+ accept_domain_name_over_udp=dict(type='bool'),
+ accept_domain_name_over_udp_position=dict(type='str', choices=['first', 'last', 'before last']),
+ accept_dynamic_addr_modules_outgoing_internet_connections=dict(type='bool'),
+ accept_icmp_requests=dict(type='bool'),
+ accept_icmp_requests_position=dict(type='str', choices=['first', 'last', 'before last']),
+ accept_identity_awareness_control_connections=dict(type='bool'),
+ accept_identity_awareness_control_connections_position=dict(type='str', choices=['first', 'last', 'before last']),
+ accept_incoming_traffic_to_dhcp_and_dns_services_of_gws=dict(type='bool'),
+ accept_rip=dict(type='bool'),
+ accept_rip_position=dict(type='str', choices=['first', 'last', 'before last']),
+ accept_vrrp_packets_originating_from_cluster_members=dict(type='bool'),
+ accept_web_and_ssh_connections_for_gw_administration=dict(type='bool'),
+ log_implied_rules=dict(type='bool'),
+ security_server=dict(type='dict', options=dict(
+ client_auth_welcome_file=dict(type='str'),
+ ftp_welcome_msg_file=dict(type='str'),
+ rlogin_welcome_msg_file=dict(type='str'),
+ telnet_welcome_msg_file=dict(type='str'),
+ mdq_welcome_msg=dict(type='str'),
+ smtp_welcome_msg=dict(type='str'),
+ http_next_proxy_host=dict(type='str'),
+ http_next_proxy_port=dict(type='int'),
+ http_servers=dict(type='list', elements='dict', options=dict(
+ logical_name=dict(type='str'),
+ host=dict(type='str'),
+ port=dict(type='int'),
+ reauthentication=dict(type='str', choices=['standard', 'post request', 'every request'])
+ )),
+ server_for_null_requests=dict(type='str')
+ ))
+ )),
+ nat=dict(type='dict', options=dict(
+ allow_bi_directional_nat=dict(type='bool'),
+ auto_arp_conf=dict(type='bool'),
+ merge_manual_proxy_arp_conf=dict(type='bool'),
+ auto_translate_dest_on_client_side=dict(type='bool'),
+ manually_translate_dest_on_client_side=dict(type='bool'),
+ enable_ip_pool_nat=dict(type='bool'),
+ addr_alloc_and_release_track=dict(type='str', choices=['ip allocation log', 'none']),
+ addr_exhaustion_track=dict(type='str', choices=['ip exhaustion alert', 'none', 'ip exhaustion log'])
+ )),
+ authentication=dict(type='dict', options=dict(
+ auth_internal_users_with_specific_suffix=dict(type='bool'),
+ allowed_suffix_for_internal_users=dict(type='str'),
+ max_days_before_expiration_of_non_pulled_user_certificates=dict(type='int'),
+ max_client_auth_attempts_before_connection_termination=dict(type='int'),
+ max_rlogin_attempts_before_connection_termination=dict(type='int'),
+ max_session_auth_attempts_before_connection_termination=dict(type='int'),
+ max_telnet_attempts_before_connection_termination=dict(type='int'),
+ enable_delayed_auth=dict(type='bool'),
+ delay_each_auth_attempt_by=dict(type='int')
+ )),
+ vpn=dict(type='dict', options=dict(
+ vpn_conf_method=dict(type='str', choices=['simplified', 'traditional', 'per policy']),
+ domain_name_for_dns_resolving=dict(type='str'),
+ enable_backup_gw=dict(type='bool'),
+ enable_decrypt_on_accept_for_gw_to_gw_traffic=dict(type='bool'),
+ enable_load_distribution_for_mep_conf=dict(type='bool'),
+ enable_vpn_directional_match_in_vpn_column=dict(type='bool'),
+ grace_period_after_the_crl_is_not_valid=dict(type='int'),
+ grace_period_before_the_crl_is_valid=dict(type='int'),
+ grace_period_extension_for_secure_remote_secure_client=dict(type='int'),
+ support_ike_dos_protection_from_identified_src=dict(type='str', choices=['puzzles', 'stateless', 'none']),
+ support_ike_dos_protection_from_unidentified_src=dict(type='str', choices=['puzzles', 'stateless', 'none'])
+ )),
+ remote_access=dict(type='dict', options=dict(
+ enable_back_connections=dict(type='bool'),
+ keep_alive_packet_to_gw_interval=dict(type='int'),
+ encrypt_dns_traffic=dict(type='bool'),
+ simultaneous_login_mode=dict(type='str', choices=['allowonlysinglelogintouser', 'allowseverallogintouser']),
+ vpn_authentication_and_encryption=dict(type='dict', options=dict(
+ encryption_algorithms=dict(type='dict', options=dict(
+ ike=dict(type='dict', options=dict(
+ support_encryption_algorithms=dict(type='dict', options=dict(
+ tdes=dict(type='bool'),
+ aes_128=dict(type='bool'),
+ aes_256=dict(type='bool'),
+ des=dict(type='bool')
+ )),
+ use_encryption_algorithm=dict(type='str', choices=['AES-256', 'DES', 'AES-128', 'TDES']),
+ support_data_integrity=dict(type='dict', options=dict(
+ aes_xcbc=dict(type='bool'),
+ md5=dict(type='bool'),
+ sha1=dict(type='bool'),
+ sha256=dict(type='bool')
+ )),
+ use_data_integrity=dict(type='str', choices=['aes-xcbc', 'sha256', 'sha1', 'md5']),
+ support_diffie_hellman_groups=dict(type='dict', options=dict(
+ group1=dict(type='bool'),
+ group14=dict(type='bool'),
+ group2=dict(type='bool'),
+ group5=dict(type='bool')
+ )),
+ use_diffie_hellman_group=dict(type='str', choices=['group 1', 'group 2', 'group 5', 'group 14'])
+ )),
+ ipsec=dict(type='dict', options=dict(
+ support_encryption_algorithms=dict(type='dict', options=dict(
+ tdes=dict(type='bool'),
+ aes_128=dict(type='bool'),
+ aes_256=dict(type='bool'),
+ des=dict(type='bool')
+ )),
+ use_encryption_algorithm=dict(type='str', choices=['AES-256', 'DES', 'AES-128', 'TDES']),
+ support_data_integrity=dict(type='dict', options=dict(
+ aes_xcbc=dict(type='bool'),
+ md5=dict(type='bool'),
+ sha1=dict(type='bool'),
+ sha256=dict(type='bool')
+ )),
+ use_data_integrity=dict(type='str', choices=['aes-xcbc', 'sha1', 'sha256', 'sha384', 'sha512', 'md5']),
+ enforce_encryption_alg_and_data_integrity_on_all_users=dict(type='bool')
+ ))
+ )),
+ encryption_method=dict(type='str', choices=['prefer_ikev2_support_ikev1', 'ike_v2_only', 'ike_v1_only']),
+ pre_shared_secret=dict(type='bool'),
+ support_legacy_auth_for_sc_l2tp_nokia_clients=dict(type='bool'),
+ support_legacy_eap=dict(type='bool'),
+ support_l2tp_with_pre_shared_key=dict(type='bool'),
+ l2tp_pre_shared_key=dict(type='str', no_log=True)
+ )),
+ vpn_advanced=dict(type='dict', options=dict(
+ allow_clear_traffic_to_encryption_domain_when_disconnected=dict(type='bool'),
+ enable_load_distribution_for_mep_conf=dict(type='bool'),
+ use_first_allocated_om_ip_addr_for_all_conn_to_the_gws_of_the_site=dict(type='bool')
+ )),
+ scv=dict(type='dict', options=dict(
+ apply_scv_on_simplified_mode_fw_policies=dict(type='bool'),
+ exceptions=dict(type='list', elements='dict', options=dict(
+ hosts=dict(type='list', elements='str'),
+ services=dict(type='list', elements='str')
+ )),
+ no_scv_for_unsupported_cp_clients=dict(type='bool'),
+ upon_verification_accept_and_log_client_connection=dict(type='bool'),
+ only_tcp_ip_protocols_are_used=dict(type='bool'),
+ policy_installed_on_all_interfaces=dict(type='bool'),
+ generate_log=dict(type='bool'),
+ notify_user=dict(type='bool')
+ )),
+ ssl_network_extender=dict(type='dict', options=dict(
+ user_auth_method=dict(type='str', choices=['certificate_with_enrollment', 'certificate', 'mixed', 'legacy']),
+ supported_encryption_methods=dict(type='str', choices=['3des_or_rc4', '3des_only']),
+ client_upgrade_upon_connection=dict(type='str', choices=['force_upgrade', 'ask_user', 'no_upgrade']),
+ client_uninstall_upon_disconnection=dict(type='str', choices=['force_uninstall', 'ask_user', 'dont_uninstall']),
+ re_auth_user_interval=dict(type='int'),
+ scan_ep_machine_for_compliance_with_ep_compliance_policy=dict(type='bool'),
+ client_outgoing_keep_alive_packets_frequency=dict(type='int')
+ )),
+ secure_client_mobile=dict(type='dict', options=dict(
+ user_auth_method=dict(type='str', choices=['certificate_with_enrollment', 'certificate', 'mixed', 'legacy']),
+ enable_password_caching=dict(type='str', choices=['client_decide', 'true', 'false']),
+ cache_password_timeout=dict(type='int'),
+ re_auth_user_interval=dict(type='int'),
+ connect_mode=dict(type='str', choices=['manual', 'always connected', 'on application request', 'configured on endpoint client']),
+ automatically_initiate_dialup=dict(type='str', choices=['client_decide', 'true', 'false']),
+ disconnect_when_device_is_idle=dict(type='str', choices=['client_decide', 'true', 'false']),
+ supported_encryption_methods=dict(type='str', choices=['3des_or_rc4', '3des_only']),
+ route_all_traffic_to_gw=dict(type='str', choices=['client_decide', 'true', 'false'])
+ )),
+ endpoint_connect=dict(type='dict', options=dict(
+ enable_password_caching=dict(type='str', choices=['client_decide', 'true', 'false']),
+ cache_password_timeout=dict(type='int'),
+ re_auth_user_interval=dict(type='int'),
+ connect_mode=dict(type='str', choices=['Manual', 'Always Connected', 'Configured On Endpoint Client']),
+ network_location_awareness=dict(type='str', choices=['client_decide', 'true', 'false']),
+ network_location_awareness_conf=dict(type='dict', options=dict(
+ vpn_clients_are_considered_inside_the_internal_network_when_the_client=dict(
+ type='str',
+ choices=['connects to gw through internal interface',
+ 'connects from network or group',
+ 'runs on computer with access to active directory domain']),
+ network_or_group_of_conn_vpn_client=dict(type='str'),
+ consider_wireless_networks_as_external=dict(type='bool'),
+ excluded_internal_wireless_networks=dict(type='list', elements='str'),
+ consider_undefined_dns_suffixes_as_external=dict(type='bool'),
+ dns_suffixes=dict(type='list', elements='str'),
+ remember_previously_detected_external_networks=dict(type='bool')
+ )),
+ disconnect_when_conn_to_network_is_lost=dict(type='str', choices=['client_decide', 'true', 'false']),
+ disconnect_when_device_is_idle=dict(type='str', choices=['client_decide', 'true', 'false']),
+ route_all_traffic_to_gw=dict(type='str', choices=['client_decide', 'true', 'false']),
+ client_upgrade_mode=dict(type='str', choices=['force_upgrade', 'ask_user', 'no_upgrade'])
+ )),
+ hot_spot_and_hotel_registration=dict(type='dict', options=dict(
+ enable_registration=dict(type='bool'),
+ local_subnets_access_only=dict(type='bool'),
+ registration_timeout=dict(type='int'),
+ track_log=dict(type='bool'),
+ max_ip_access_during_registration=dict(type='int'),
+ ports=dict(type='list', elements='str')
+ ))
+ )),
+ user_directory=dict(type='dict', options=dict(
+ enable_password_change_when_user_active_directory_expires=dict(type='bool'),
+ cache_size=dict(type='int'),
+ enable_password_expiration_configuration=dict(type='bool'),
+ password_expires_after=dict(type='int', no_log=False),
+ timeout_on_cached_users=dict(type='int'),
+ display_user_dn_at_login=dict(type='str', choices=['no display', 'display upon request', 'display']),
+ enforce_rules_for_user_mgmt_admins=dict(type='bool'),
+ min_password_length=dict(type='int', no_log=False),
+ password_must_include_a_digit=dict(type='bool'),
+ password_must_include_a_symbol=dict(type='bool'),
+ password_must_include_lowercase_char=dict(type='bool'),
+ password_must_include_uppercase_char=dict(type='bool')
+ )),
+ qos=dict(type='dict', options=dict(
+ default_weight_of_rule=dict(type='int'),
+ max_weight_of_rule=dict(type='int'),
+ unit_of_measure=dict(type='str', choices=['bits-per-sec', 'bytes-per-sec', 'kbits-per-sec', 'kbytes-per-sec', 'mbits-per-sec', 'mbytes-per-sec']),
+ authenticated_ip_expiration=dict(type='int'),
+ non_authenticated_ip_expiration=dict(type='int'),
+ unanswered_queried_ip_expiration=dict(type='int')
+ )),
+ carrier_security=dict(type='dict', options=dict(
+ block_gtp_in_gtp=dict(type='bool'),
+ enforce_gtp_anti_spoofing=dict(type='bool'),
+ produce_extended_logs_on_unmatched_pdus=dict(type='bool'),
+ produce_extended_logs_on_unmatched_pdus_position=dict(type='str', choices=['before last', 'last']),
+ protocol_violation_track_option=dict(type='str', choices=['none', 'log',
+ 'popup alert', 'mail alert', 'snmp trap alert', 'user defined alert no.1',
+ 'user defined alert no.2', 'user defined alert no.3']),
+ enable_g_pdu_seq_number_check_with_max_deviation=dict(type='bool'),
+ g_pdu_seq_number_check_max_deviation=dict(type='int'),
+ verify_flow_labels=dict(type='bool'),
+ allow_ggsn_replies_from_multiple_interfaces=dict(type='bool'),
+ enable_reverse_connections=dict(type='bool'),
+ gtp_signaling_rate_limit_sampling_interval=dict(type='int'),
+ one_gtp_echo_on_each_path_frequency=dict(type='int'),
+ aggressive_aging=dict(type='bool'),
+ aggressive_timeout=dict(type='int'),
+ memory_activation_threshold=dict(type='int'),
+ memory_deactivation_threshold=dict(type='int'),
+ tunnel_activation_threshold=dict(type='int'),
+ tunnel_deactivation_threshold=dict(type='int')
+ )),
+ user_accounts=dict(type='dict', options=dict(
+ expiration_date_method=dict(type='str', choices=['expire after', 'expire at']),
+ expiration_date=dict(type='str'),
+ days_until_expiration=dict(type='int'),
+ show_accounts_expiration_indication_days_in_advance=dict(type='bool')
+ )),
+ user_authority=dict(type='dict', options=dict(
+ display_web_access_view=dict(type='bool'),
+ windows_domains_to_trust=dict(type='str', choices=['selectively', 'all']),
+ trust_only_following_windows_domains=dict(type='list', elements='str')
+ )),
+ connect_control=dict(type='dict', options=dict(
+ load_agents_port=dict(type='int'),
+ load_measurement_interval=dict(type='int'),
+ persistence_server_timeout=dict(type='int'),
+ server_availability_check_interval=dict(type='int'),
+ server_check_retries=dict(type='int')
+ )),
+ stateful_inspection=dict(type='dict', options=dict(
+ tcp_start_timeout=dict(type='int'),
+ tcp_session_timeout=dict(type='int'),
+ tcp_end_timeout=dict(type='int'),
+ tcp_end_timeout_r8020_gw_and_above=dict(type='int'),
+ udp_virtual_session_timeout=dict(type='int'),
+ icmp_virtual_session_timeout=dict(type='int'),
+ other_ip_protocols_virtual_session_timeout=dict(type='int'),
+ sctp_start_timeout=dict(type='int'),
+ sctp_session_timeout=dict(type='int'),
+ sctp_end_timeout=dict(type='int'),
+ accept_stateful_udp_replies_for_unknown_services=dict(type='bool'),
+ accept_stateful_icmp_errors=dict(type='bool'),
+ accept_stateful_icmp_replies=dict(type='bool'),
+ accept_stateful_other_ip_protocols_replies_for_unknown_services=dict(type='bool'),
+ drop_out_of_state_tcp_packets=dict(type='bool'),
+ log_on_drop_out_of_state_tcp_packets=dict(type='bool'),
+ tcp_out_of_state_drop_exceptions=dict(type='list', elements='str'),
+ drop_out_of_state_icmp_packets=dict(type='bool'),
+ log_on_drop_out_of_state_icmp_packets=dict(type='bool'),
+ drop_out_of_state_sctp_packets=dict(type='bool'),
+ log_on_drop_out_of_state_sctp_packets=dict(type='bool')
+ )),
+ log_and_alert=dict(type='dict', options=dict(
+ administrative_notifications=dict(type='str', choices=['none', 'log',
+ 'popup alert', 'mail alert', 'snmp trap alert', 'user defined alert no.1',
+ 'user defined alert no.2', 'user defined alert no.3']),
+ connection_matched_by_sam=dict(type='str', choices=['Popup Alert', 'Mail Alert',
+ 'SNMP Trap Alert', 'User Defined Alert no.1', 'User Defined Alert no.2',
+ 'User Defined Alert no.3']),
+ dynamic_object_resolution_failure=dict(type='str', choices=['none', 'log',
+ 'popup alert', 'mail alert', 'snmp trap alert', 'user defined alert no.1',
+ 'user defined alert no.2', 'user defined alert no.3']),
+ ip_options_drop=dict(type='str', choices=['none', 'log', 'popup alert', 'mail alert',
+ 'snmp trap alert', 'user defined alert no.1', 'user defined alert no.2', 'user defined alert no.3']),
+ packet_is_incorrectly_tagged=dict(type='str', choices=['none', 'log',
+ 'popup alert', 'mail alert', 'snmp trap alert', 'user defined alert no.1',
+ 'user defined alert no.2', 'user defined alert no.3']),
+ packet_tagging_brute_force_attack=dict(type='str', choices=['none', 'log',
+ 'popup alert', 'mail alert', 'snmp trap alert', 'user defined alert no.1',
+ 'user defined alert no.2', 'user defined alert no.3']),
+ sla_violation=dict(type='str', choices=['none', 'log', 'popup alert', 'mail alert',
+ 'snmp trap alert', 'user defined alert no.1', 'user defined alert no.2', 'user defined alert no.3']),
+ vpn_conf_and_key_exchange_errors=dict(type='str', choices=['none', 'log',
+ 'popup alert', 'mail alert', 'snmp trap alert', 'user defined alert no.1',
+ 'user defined alert no.2', 'user defined alert no.3']),
+ vpn_packet_handling_error=dict(type='str', choices=['none', 'log', 'popup alert',
+ 'mail alert', 'snmp trap alert', 'user defined alert no.1', 'user defined alert no.2',
+ 'user defined alert no.3']),
+ vpn_successful_key_exchange=dict(type='str', choices=['none', 'log',
+ 'popup alert', 'mail alert', 'snmp trap alert', 'user defined alert no.1',
+ 'user defined alert no.2', 'user defined alert no.3']),
+ log_every_authenticated_http_connection=dict(type='bool'),
+ log_traffic=dict(type='str', choices=['none', 'log']),
+ alerts=dict(type='dict', options=dict(
+ send_popup_alert_to_smartview_monitor=dict(type='bool'),
+ popup_alert_script=dict(type='str'),
+ send_mail_alert_to_smartview_monitor=dict(type='bool'),
+ mail_alert_script=dict(type='str'),
+ send_snmp_trap_alert_to_smartview_monitor=dict(type='bool'),
+ snmp_trap_alert_script=dict(type='str'),
+ send_user_defined_alert_num1_to_smartview_monitor=dict(type='bool'),
+ user_defined_script_num1=dict(type='str'),
+ send_user_defined_alert_num2_to_smartview_monitor=dict(type='bool'),
+ user_defined_script_num2=dict(type='str'),
+ send_user_defined_alert_num3_to_smartview_monitor=dict(type='bool'),
+ user_defined_script_num3=dict(type='str'),
+ default_track_option_for_system_alerts=dict(type='str', choices=['Popup Alert', 'Mail Alert', 'SNMP Trap Alert',
+ 'User Defined Alert no.1', 'User Defined Alert no.2',
+ 'User Defined Alert no.3'])
+ )),
+ time_settings=dict(type='dict', options=dict(
+ excessive_log_grace_period=dict(type='int'),
+ logs_resolving_timeout=dict(type='int'),
+ status_fetching_interval=dict(type='int'),
+ virtual_link_statistics_logging_interval=dict(type='int')
+ ))
+ )),
+ data_access_control=dict(type='dict', options=dict(
+ auto_download_important_data=dict(type='bool'),
+ auto_download_sw_updates_and_new_features=dict(type='bool'),
+ send_anonymous_info=dict(type='bool'),
+ share_sensitive_info=dict(type='bool')
+ )),
+ non_unique_ip_address_ranges=dict(type='list', elements='dict', options=dict(
+ address_type=dict(type='str', choices=['IPv4', 'IPv6']),
+ first_ipv4_address=dict(type='str'),
+ first_ipv6_address=dict(type='str'),
+ last_ipv4_address=dict(type='str'),
+ last_ipv6_address=dict(type='str')
+ )),
+ proxy=dict(type='dict', options=dict(
+ use_proxy_server=dict(type='bool'),
+ proxy_address=dict(type='str'),
+ proxy_port=dict(type='int')
+ )),
+ user_check=dict(type='dict', options=dict(
+ preferred_language=dict(type='str', choices=['Afrikaans', 'Albanian', 'Amharic', 'Arabic',
+ 'Armenian', 'Basque', 'Belarusian', 'Bosnian', 'Bulgarian', 'Catalan', 'Chinese', 'Croatian', 'Czech',
+ 'Danish', 'Dutch', 'English', 'Estonian', 'Finnish', 'French', 'Gaelic', 'Georgian', 'German',
+ 'Greek', 'Hebrew', 'Hindi', 'Hungarian', 'Icelandic', 'Indonesian', 'Irish', 'Italian', 'Japanese',
+ 'Korean', 'Latvian', 'Lithuanian', 'Macedonia', 'Maltese', 'Nepali', 'Norwegian', 'Polish',
+ 'Portuguese', 'Romanian', 'Russian', 'Serbian', 'Slovak', 'Slovenian', 'Sorbian', 'Spanish',
+ 'Swahili', 'Swedish', 'Thai', 'Turkish', 'Ukrainian', 'Vietnamese', 'Welsh']),
+ send_emails_using_mail_server=dict(type='str')
+ )),
+ hit_count=dict(type='dict', options=dict(
+ enable_hit_count=dict(type='bool'),
+ keep_hit_count_data_up_to=dict(type='str', choices=['3 months', '6 months', '1 year', '2 years'])
+ )),
+ advanced_conf=dict(type='dict', options=dict(
+ certs_and_pki=dict(type='dict', options=dict(
+ cert_validation_enforce_key_size=dict(type='str', choices=['off', 'alert', 'fail']),
+ host_certs_ecdsa_key_size=dict(type='str', choices=['p-256', 'p-384', 'p-521']),
+ host_certs_key_size=dict(type='str', choices=['4096', '1024', '2048'])
+ ))
+ )),
+ allow_remote_registration_of_opsec_products=dict(type='bool'),
+ num_spoofing_errs_that_trigger_brute_force=dict(type='int'),
+ details_level=dict(type='str', choices=['uid', 'standard', 'full']),
+ domains_to_process=dict(type='list', elements='str'),
+ ignore_warnings=dict(type='bool'),
+ ignore_errors=dict(type='bool'),
+ auto_publish_session=dict(type='bool')
+ )
+ argument_spec.update(checkpoint_argument_spec_for_commands)
+
+ module = AnsibleModule(argument_spec=argument_spec)
+
+ command = "set-global-properties"
+
+ result = api_command(module, command)
+ module.exit_json(**result)
+
+
+if __name__ == '__main__':
+ main()
diff --git a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_set_idp_default_assignment.py b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_set_idp_default_assignment.py
new file mode 100644
index 000000000..c8b74f7f7
--- /dev/null
+++ b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_set_idp_default_assignment.py
@@ -0,0 +1,100 @@
+#!/usr/bin/python
+# -*- coding: utf-8 -*-
+#
+# Ansible module to manage CheckPoint Firewall (c) 2019
+#
+# Ansible is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# Ansible is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with Ansible. If not, see <http://www.gnu.org/licenses/>.
+#
+
+from __future__ import (absolute_import, division, print_function)
+
+__metaclass__ = type
+
+ANSIBLE_METADATA = {'metadata_version': '1.1',
+ 'status': ['preview'],
+ 'supported_by': 'community'}
+
+DOCUMENTATION = """
+---
+module: cp_mgmt_set_idp_default_assignment
+short_description: Set default Identity Provider assignment to be use for Management server administrator access.
+description:
+ - Set default Identity Provider assignment to be use for Management server administrator access.
+ - All operations are performed over Web Services API.
+version_added: "3.0.0"
+author: "Eden Brillant (@chkp-edenbr)"
+options:
+ identity_provider:
+ description:
+ - Represents the Identity Provider to be used for Login by this assignment identified by the name or UID, to cancel existing assignment should
+ set to 'none'.
+ type: str
+ details_level:
+ description:
+ - The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed
+ representation of the object.
+ type: str
+ choices: ['uid', 'standard', 'full']
+ ignore_warnings:
+ description:
+ - Apply changes ignoring warnings.
+ type: bool
+ ignore_errors:
+ description:
+ - Apply changes ignoring errors. You won't be able to publish such a changes. If ignore-warnings flag was omitted - warnings will also be ignored.
+ type: bool
+ auto_publish_session:
+ description:
+ - Publish the current session if changes have been performed after task completes.
+ type: bool
+extends_documentation_fragment: check_point.mgmt.checkpoint_commands
+"""
+
+EXAMPLES = """
+- name: set-idp-default-assignment
+ cp_mgmt_set_idp_default_assignment:
+ identity_provider: azure
+"""
+
+RETURN = """
+cp_mgmt_set_idp_default_assignment:
+ description: The checkpoint set-idp-default-assignment output.
+ returned: always.
+ type: dict
+"""
+
+from ansible.module_utils.basic import AnsibleModule
+from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_commands, api_command
+
+
+def main():
+ argument_spec = dict(
+ identity_provider=dict(type='str'),
+ details_level=dict(type='str', choices=['uid', 'standard', 'full']),
+ ignore_warnings=dict(type='bool'),
+ ignore_errors=dict(type='bool'),
+ auto_publish_session=dict(type='bool')
+ )
+ argument_spec.update(checkpoint_argument_spec_for_commands)
+
+ module = AnsibleModule(argument_spec=argument_spec)
+
+ command = "set-idp-default-assignment"
+
+ result = api_command(module, command)
+ module.exit_json(**result)
+
+
+if __name__ == '__main__':
+ main()
diff --git a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_set_idp_to_domain_assignment.py b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_set_idp_to_domain_assignment.py
new file mode 100644
index 000000000..b14aca799
--- /dev/null
+++ b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_set_idp_to_domain_assignment.py
@@ -0,0 +1,112 @@
+#!/usr/bin/python
+# -*- coding: utf-8 -*-
+#
+# Ansible module to manage CheckPoint Firewall (c) 2019
+#
+# Ansible is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# Ansible is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with Ansible. If not, see <http://www.gnu.org/licenses/>.
+#
+
+from __future__ import (absolute_import, division, print_function)
+
+__metaclass__ = type
+
+ANSIBLE_METADATA = {'metadata_version': '1.1',
+ 'status': ['preview'],
+ 'supported_by': 'community'}
+
+DOCUMENTATION = """
+---
+module: cp_mgmt_set_idp_to_domain_assignment
+short_description: Set Identity Provider assignment to domain, to allow administrator login to that domain using that identity provider, if there is no
+ Identity Provider assigned to the domain the 'idp-default-assignment' will be used. This command only available for Multi-Domain server.
+description:
+ - Set Identity Provider assignment to domain, to allow administrator login to that domain using that identity provider, if there is no Identity Provider
+ assigned to the domain the 'idp-default-assignment' will be used. This command only available for Multi-Domain server.
+ - All operations are performed over Web Services API.
+version_added: "3.0.0"
+author: "Eden Brillant (@chkp-edenbr)"
+options:
+ assigned_domain:
+ description:
+ - Represents the Domain assigned by 'idp-to-domain-assignment', need to be domain name or UID.
+ type: str
+ identity_provider:
+ description:
+ - Represents the Identity Provider to be used for Login by this assignment. Must be set when "using-default" was set to be false.
+ type: str
+ using_default:
+ description:
+ - Is this assignment override by 'idp-default-assignment'.
+ type: bool
+ details_level:
+ description:
+ - The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed
+ representation of the object.
+ type: str
+ choices: ['uid', 'standard', 'full']
+ ignore_warnings:
+ description:
+ - Apply changes ignoring warnings.
+ type: bool
+ ignore_errors:
+ description:
+ - Apply changes ignoring errors. You won't be able to publish such a changes. If ignore-warnings flag was omitted - warnings will also be ignored.
+ type: bool
+ auto_publish_session:
+ description:
+ - Publish the current session if changes have been performed after task completes.
+ type: bool
+extends_documentation_fragment: check_point.mgmt.checkpoint_commands
+"""
+
+EXAMPLES = """
+- name: set-idp-to-domain-assignment
+ cp_mgmt_set_idp_to_domain_assignment:
+ assigned_domain: BSMS
+ identity_provider: okta
+"""
+
+RETURN = """
+cp_mgmt_set_idp_to_domain_assignment:
+ description: The checkpoint set-idp-to-domain-assignment output.
+ returned: always.
+ type: dict
+"""
+
+from ansible.module_utils.basic import AnsibleModule
+from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_commands, api_command
+
+
+def main():
+ argument_spec = dict(
+ assigned_domain=dict(type='str'),
+ identity_provider=dict(type='str'),
+ using_default=dict(type='bool'),
+ details_level=dict(type='str', choices=['uid', 'standard', 'full']),
+ ignore_warnings=dict(type='bool'),
+ ignore_errors=dict(type='bool'),
+ auto_publish_session=dict(type='bool')
+ )
+ argument_spec.update(checkpoint_argument_spec_for_commands)
+
+ module = AnsibleModule(argument_spec=argument_spec)
+
+ command = "set-idp-to-domain-assignment"
+
+ result = api_command(module, command)
+ module.exit_json(**result)
+
+
+if __name__ == '__main__':
+ main()
diff --git a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_set_nat_rule.py b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_set_nat_rule.py
new file mode 100644
index 000000000..01832640e
--- /dev/null
+++ b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_set_nat_rule.py
@@ -0,0 +1,161 @@
+#!/usr/bin/python
+# -*- coding: utf-8 -*-
+#
+# Ansible module to manage CheckPoint Firewall (c) 2019
+#
+# Ansible is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# Ansible is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with Ansible. If not, see <http://www.gnu.org/licenses/>.
+#
+
+from __future__ import (absolute_import, division, print_function)
+
+__metaclass__ = type
+
+ANSIBLE_METADATA = {'metadata_version': '1.1',
+ 'status': ['preview'],
+ 'supported_by': 'community'}
+
+DOCUMENTATION = """
+---
+module: cp_mgmt_set_nat_rule
+short_description: Edit existing object using object name or uid.
+description:
+ - Edit existing object using object name or uid.
+ - All operations are performed over Web Services API.
+version_added: "2.0.0"
+author: "Or Soffer (@chkp-orso)"
+options:
+ rule_number:
+ description:
+ - Rule number.
+ type: str
+ package:
+ description:
+ - Name of the package.
+ type: str
+ enabled:
+ description:
+ - Enable/Disable the rule.
+ type: bool
+ install_on:
+ description:
+ - Which Gateways identified by the name or UID to install the policy on.
+ type: list
+ elements: str
+ method:
+ description:
+ - Nat method.
+ type: str
+ choices: ['static', 'hide', 'nat64', 'nat46']
+ new_position:
+ description:
+ - New position in the rulebase.
+ type: str
+ original_destination:
+ description:
+ - Original destination.
+ type: str
+ original_service:
+ description:
+ - Original service.
+ type: str
+ original_source:
+ description:
+ - Original source.
+ type: str
+ translated_destination:
+ description:
+ - Translated destination.
+ type: str
+ translated_service:
+ description:
+ - Translated service.
+ type: str
+ translated_source:
+ description:
+ - Translated source.
+ type: str
+ comments:
+ description:
+ - Comments string.
+ type: str
+ details_level:
+ description:
+ - The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed
+ representation of the object.
+ type: str
+ choices: ['uid', 'standard', 'full']
+ ignore_warnings:
+ description:
+ - Apply changes ignoring warnings.
+ type: bool
+ ignore_errors:
+ description:
+ - Apply changes ignoring errors. You won't be able to publish such a changes. If ignore-warnings flag was omitted - warnings will also be ignored.
+ type: bool
+extends_documentation_fragment: check_point.mgmt.checkpoint_commands
+"""
+
+EXAMPLES = """
+- name: set-nat-rule
+ cp_mgmt_set_nat_rule:
+ comments: rule for RND members RNDNetwork-> RND to Internal Network
+ enabled: false
+ original_service: ssh_version_2
+ original_source: Any
+ package: standard
+ state: present
+"""
+
+RETURN = """
+cp_mgmt_set_nat_rule:
+ description: The checkpoint set-nat-rule output.
+ returned: always.
+ type: dict
+"""
+
+from ansible.module_utils.basic import AnsibleModule
+from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_commands, api_command
+
+
+def main():
+ argument_spec = dict(
+ rule_number=dict(type='str'),
+ package=dict(type='str'),
+ enabled=dict(type='bool'),
+ install_on=dict(type='list', elements='str'),
+ method=dict(type='str', choices=['static', 'hide', 'nat64', 'nat46']),
+ new_position=dict(type='str'),
+ original_destination=dict(type='str'),
+ original_service=dict(type='str'),
+ original_source=dict(type='str'),
+ translated_destination=dict(type='str'),
+ translated_service=dict(type='str'),
+ translated_source=dict(type='str'),
+ comments=dict(type='str'),
+ details_level=dict(type='str', choices=['uid', 'standard', 'full']),
+ ignore_warnings=dict(type='bool'),
+ ignore_errors=dict(type='bool')
+ )
+ argument_spec.update(checkpoint_argument_spec_for_commands)
+
+ module = AnsibleModule(argument_spec=argument_spec)
+
+ command = "set-nat-rule"
+
+ result = api_command(module, command)
+ module.exit_json(**result)
+
+
+if __name__ == '__main__':
+ main()
diff --git a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_set_session.py b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_set_session.py
new file mode 100644
index 000000000..9979860b2
--- /dev/null
+++ b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_set_session.py
@@ -0,0 +1,123 @@
+#!/usr/bin/python
+# -*- coding: utf-8 -*-
+#
+# Ansible module to manage CheckPoint Firewall (c) 2019
+#
+# Ansible is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# Ansible is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with Ansible. If not, see <http://www.gnu.org/licenses/>.
+#
+
+from __future__ import (absolute_import, division, print_function)
+
+__metaclass__ = type
+
+ANSIBLE_METADATA = {'metadata_version': '1.1',
+ 'status': ['preview'],
+ 'supported_by': 'community'}
+
+DOCUMENTATION = """
+---
+module: cp_mgmt_set_session
+short_description: Edit user's current session.
+description:
+ - Edit user's current session.
+ - All operations are performed over Web Services API.
+version_added: "2.0.0"
+author: "Or Soffer (@chkp-orso)"
+options:
+ description:
+ description:
+ - Session description.
+ type: str
+ new_name:
+ description:
+ - New name of the object.
+ type: str
+ tags:
+ description:
+ - Collection of tag identifiers.
+ type: list
+ elements: str
+ color:
+ description:
+ - Color of the object. Should be one of existing colors.
+ type: str
+ choices: ['aquamarine', 'black', 'blue', 'crete blue', 'burlywood', 'cyan', 'dark green', 'khaki', 'orchid', 'dark orange', 'dark sea green',
+ 'pink', 'turquoise', 'dark blue', 'firebrick', 'brown', 'forest green', 'gold', 'dark gold', 'gray', 'dark gray', 'light green', 'lemon chiffon',
+ 'coral', 'sea green', 'sky blue', 'magenta', 'purple', 'slate blue', 'violet red', 'navy blue', 'olive', 'orange', 'red', 'sienna', 'yellow']
+ comments:
+ description:
+ - Comments string.
+ type: str
+ details_level:
+ description:
+ - The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed
+ representation of the object.
+ type: str
+ choices: ['uid', 'standard', 'full']
+ ignore_warnings:
+ description:
+ - Apply changes ignoring warnings.
+ type: bool
+ ignore_errors:
+ description:
+ - Apply changes ignoring errors. You won't be able to publish such a changes. If ignore-warnings flag was omitted - warnings will also be ignored.
+ type: bool
+extends_documentation_fragment: check_point.mgmt.checkpoint_commands
+"""
+
+EXAMPLES = """
+- name: set-session
+ cp_mgmt_set_session:
+ description: Session to work on ticket number CR00323665
+ state: present
+"""
+
+RETURN = """
+cp_mgmt_set_session:
+ description: The checkpoint set-session output.
+ returned: always.
+ type: dict
+"""
+
+from ansible.module_utils.basic import AnsibleModule
+from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_commands, api_command
+
+
+def main():
+ argument_spec = dict(
+ description=dict(type='str'),
+ new_name=dict(type='str'),
+ tags=dict(type='list', elements='str'),
+ color=dict(type='str', choices=['aquamarine', 'black', 'blue', 'crete blue', 'burlywood', 'cyan', 'dark green',
+ 'khaki', 'orchid', 'dark orange', 'dark sea green', 'pink', 'turquoise', 'dark blue', 'firebrick', 'brown',
+ 'forest green', 'gold', 'dark gold', 'gray', 'dark gray', 'light green', 'lemon chiffon', 'coral', 'sea green',
+ 'sky blue', 'magenta', 'purple', 'slate blue', 'violet red', 'navy blue', 'olive', 'orange', 'red', 'sienna',
+ 'yellow']),
+ comments=dict(type='str'),
+ details_level=dict(type='str', choices=['uid', 'standard', 'full']),
+ ignore_warnings=dict(type='bool'),
+ ignore_errors=dict(type='bool')
+ )
+ argument_spec.update(checkpoint_argument_spec_for_commands)
+
+ module = AnsibleModule(argument_spec=argument_spec)
+
+ command = "set-session"
+
+ result = api_command(module, command)
+ module.exit_json(**result)
+
+
+if __name__ == '__main__':
+ main()
diff --git a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_set_threat_advanced_settings.py b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_set_threat_advanced_settings.py
new file mode 100644
index 000000000..15258f900
--- /dev/null
+++ b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_set_threat_advanced_settings.py
@@ -0,0 +1,158 @@
+#!/usr/bin/python
+# -*- coding: utf-8 -*-
+#
+# Ansible module to manage CheckPoint Firewall (c) 2019
+#
+# Ansible is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# Ansible is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with Ansible. If not, see <http://www.gnu.org/licenses/>.
+#
+
+from __future__ import (absolute_import, division, print_function)
+
+__metaclass__ = type
+
+ANSIBLE_METADATA = {'metadata_version': '1.1',
+ 'status': ['preview'],
+ 'supported_by': 'community'}
+
+DOCUMENTATION = """
+---
+module: cp_mgmt_set_threat_advanced_settings
+short_description: Edit Threat Prevention's Blades' Settings.
+description:
+ - Edit Threat Prevention's Blades' Settings.
+ - All operations are performed over Web Services API.
+version_added: "3.0.0"
+author: "Eden Brillant (@chkp-edenbr)"
+options:
+ feed_retrieving_interval:
+ description:
+ - Feed retrieving intervals of External Feed, in the form of HH,MM.
+ type: str
+ httpi_non_standard_ports:
+ description:
+ - Enable HTTP Inspection on non standard ports for Threat Prevention blades.
+ type: bool
+ internal_error_fail_mode:
+ description:
+ - In case of internal system error, allow or block all connections.
+ type: str
+ choices: ['allow connections', 'block connections']
+ log_unification_timeout:
+ description:
+ - Session unification timeout for logs (minutes).
+ type: int
+ resource_classification:
+ description:
+ - Allow (Background) or Block (Hold) requests until categorization is complete.
+ type: dict
+ suboptions:
+ custom_settings:
+ description:
+ - On Custom mode, custom resources classification per service.
+ type: dict
+ suboptions:
+ anti_bot:
+ description:
+ - Custom Settings for Anti Bot Blade.
+ type: str
+ choices: ['background', 'hold']
+ anti_virus:
+ description:
+ - Custom Settings for Anti Virus Blade.
+ type: str
+ choices: ['background', 'hold']
+ zero_phishing:
+ description:
+ - Custom Settings for Zero Phishing Blade.
+ type: str
+ choices: ['background', 'hold']
+ mode:
+ description:
+ - Set all services to the same mode or choose a custom mode.
+ type: str
+ choices: ['background', 'hold', 'custom']
+ web_service_fail_mode:
+ description:
+ - Block connections when the web service is unavailable.
+ type: str
+ choices: ['allow connections', 'block connections']
+ ignore_warnings:
+ description:
+ - Apply changes ignoring warnings.
+ type: bool
+ ignore_errors:
+ description:
+ - Apply changes ignoring errors. You won't be able to publish such a changes. If ignore-warnings flag was omitted - warnings will also be ignored.
+ type: bool
+ auto_publish_session:
+ description:
+ - Publish the current session if changes have been performed after task completes.
+ type: bool
+extends_documentation_fragment: check_point.mgmt.checkpoint_commands
+"""
+
+EXAMPLES = """
+- name: set-threat-advanced-settings
+ cp_mgmt_set_threat_advanced_settings:
+ feed_retrieving_interval: 00:05
+ httpi_non_standard_ports: true
+ internal_error_fail_mode: allow connections
+ log_unification_timeout: 600
+ resource_classification.mode: hold
+ resource_classification.web_service_fail_mode: block connections
+ state: present
+"""
+
+RETURN = """
+cp_mgmt_set_threat_advanced_settings:
+ description: The checkpoint set-threat-advanced-settings output.
+ returned: always.
+ type: dict
+"""
+
+from ansible.module_utils.basic import AnsibleModule
+from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_commands, api_command
+
+
+def main():
+ argument_spec = dict(
+ feed_retrieving_interval=dict(type='str'),
+ httpi_non_standard_ports=dict(type='bool'),
+ internal_error_fail_mode=dict(type='str', choices=['allow connections', 'block connections']),
+ log_unification_timeout=dict(type='int'),
+ resource_classification=dict(type='dict', options=dict(
+ custom_settings=dict(type='dict', options=dict(
+ anti_bot=dict(type='str', choices=['background', 'hold']),
+ anti_virus=dict(type='str', choices=['background', 'hold']),
+ zero_phishing=dict(type='str', choices=['background', 'hold'])
+ )),
+ mode=dict(type='str', choices=['background', 'hold', 'custom']),
+ web_service_fail_mode=dict(type='str', choices=['allow connections', 'block connections'])
+ )),
+ ignore_warnings=dict(type='bool'),
+ ignore_errors=dict(type='bool'),
+ auto_publish_session=dict(type='bool')
+ )
+ argument_spec.update(checkpoint_argument_spec_for_commands)
+
+ module = AnsibleModule(argument_spec=argument_spec)
+
+ command = "set-threat-advanced-settings"
+
+ result = api_command(module, command)
+ module.exit_json(**result)
+
+
+if __name__ == '__main__':
+ main()
diff --git a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_show_access_section.py b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_show_access_section.py
new file mode 100644
index 000000000..dfa684fda
--- /dev/null
+++ b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_show_access_section.py
@@ -0,0 +1,90 @@
+#!/usr/bin/python
+# -*- coding: utf-8 -*-
+#
+# Ansible module to manage CheckPoint Firewall (c) 2019
+#
+# Ansible is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# Ansible is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with Ansible. If not, see <http://www.gnu.org/licenses/>.
+#
+
+from __future__ import (absolute_import, division, print_function)
+
+__metaclass__ = type
+
+ANSIBLE_METADATA = {'metadata_version': '1.1',
+ 'status': ['preview'],
+ 'supported_by': 'community'}
+
+DOCUMENTATION = """
+---
+module: cp_mgmt_show_access_section
+short_description: Retrieve existing object using object name or uid.
+description:
+ - Retrieve existing object using object name or uid.
+ - All operations are performed over Web Services API.
+version_added: "2.0.0"
+author: "Or Soffer (@chkp-orso)"
+options:
+ name:
+ description:
+ - Object name.
+ type: str
+ layer:
+ description:
+ - Layer that the rule belongs to identified by the name or UID.
+ type: str
+ details_level:
+ description:
+ - The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed
+ representation of the object.
+ type: str
+ choices: ['uid', 'standard', 'full']
+extends_documentation_fragment: check_point.mgmt.checkpoint_commands
+"""
+
+EXAMPLES = """
+- name: show-access-section
+ cp_mgmt_show_access_section:
+ layer: Network
+ name: New Section 1
+"""
+
+RETURN = """
+cp_mgmt_show_access_section:
+ description: The checkpoint show-access-section output.
+ returned: always.
+ type: dict
+"""
+
+from ansible.module_utils.basic import AnsibleModule
+from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_commands, api_command
+
+
+def main():
+ argument_spec = dict(
+ name=dict(type='str'),
+ layer=dict(type='str'),
+ details_level=dict(type='str', choices=['uid', 'standard', 'full'])
+ )
+ argument_spec.update(checkpoint_argument_spec_for_commands)
+
+ module = AnsibleModule(argument_spec=argument_spec)
+
+ command = "show-access-section"
+
+ result = api_command(module, command)
+ module.exit_json(**result)
+
+
+if __name__ == '__main__':
+ main()
diff --git a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_show_cloud_services.py b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_show_cloud_services.py
new file mode 100644
index 000000000..91725ff53
--- /dev/null
+++ b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_show_cloud_services.py
@@ -0,0 +1,71 @@
+#!/usr/bin/python
+# -*- coding: utf-8 -*-
+#
+# Ansible module to manage CheckPoint Firewall (c) 2019
+#
+# Ansible is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# Ansible is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with Ansible. If not, see <http://www.gnu.org/licenses/>.
+#
+
+from __future__ import (absolute_import, division, print_function)
+
+__metaclass__ = type
+
+ANSIBLE_METADATA = {'metadata_version': '1.1',
+ 'status': ['preview'],
+ 'supported_by': 'community'}
+
+DOCUMENTATION = """
+---
+module: cp_mgmt_show_cloud_services
+short_description: Show the connection status of the Management Server to Check Point's Infinity Portal.
+description:
+ - Show the connection status of the Management Server to Check Point's Infinity Portal.
+ - All operations are performed over Web Services API.
+version_added: "3.0.0"
+author: "Eden Brillant (@chkp-edenbr)"
+options: {}
+extends_documentation_fragment: check_point.mgmt.checkpoint_commands
+"""
+
+EXAMPLES = """
+- name: show-cloud-services
+ cp_mgmt_show_cloud_services:
+"""
+
+RETURN = """
+cp_mgmt_show_cloud_services:
+ description: The checkpoint show-cloud-services output.
+ returned: always.
+ type: dict
+"""
+
+from ansible.module_utils.basic import AnsibleModule
+from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_commands, api_command
+
+
+def main():
+ argument_spec = dict(
+ )
+ argument_spec.update(checkpoint_argument_spec_for_commands)
+
+ module = AnsibleModule(argument_spec=argument_spec)
+
+ command = "show-cloud-services"
+
+ result = api_command(module, command)
+ module.exit_json(**result)
+
+
+if __name__ == '__main__':
+ main()
diff --git a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_show_global_properties.py b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_show_global_properties.py
new file mode 100644
index 000000000..24f40149b
--- /dev/null
+++ b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_show_global_properties.py
@@ -0,0 +1,71 @@
+#!/usr/bin/python
+# -*- coding: utf-8 -*-
+#
+# Ansible module to manage CheckPoint Firewall (c) 2019
+#
+# Ansible is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# Ansible is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with Ansible. If not, see <http://www.gnu.org/licenses/>.
+#
+
+from __future__ import (absolute_import, division, print_function)
+
+__metaclass__ = type
+
+ANSIBLE_METADATA = {'metadata_version': '1.1',
+ 'status': ['preview'],
+ 'supported_by': 'community'}
+
+DOCUMENTATION = """
+---
+module: cp_mgmt_show_global_properties
+short_description: Retrieve Global Properties.
+description:
+ - Retrieve Global Properties.
+ - All operations are performed over Web Services API.
+version_added: "3.0.0"
+author: "Eden Brillant (@chkp-edenbr)"
+options: {}
+extends_documentation_fragment: check_point.mgmt.checkpoint_commands
+"""
+
+EXAMPLES = """
+- name: show-global-properties
+ cp_mgmt_show_global_properties:
+"""
+
+RETURN = """
+cp_mgmt_show_global_properties:
+ description: The checkpoint show-global-properties output.
+ returned: always.
+ type: dict
+"""
+
+from ansible.module_utils.basic import AnsibleModule
+from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_commands, api_command
+
+
+def main():
+ argument_spec = dict(
+ )
+ argument_spec.update(checkpoint_argument_spec_for_commands)
+
+ module = AnsibleModule(argument_spec=argument_spec)
+
+ command = "show-global-properties"
+
+ result = api_command(module, command)
+ module.exit_json(**result)
+
+
+if __name__ == '__main__':
+ main()
diff --git a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_show_https_section.py b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_show_https_section.py
new file mode 100644
index 000000000..e05e8b4b3
--- /dev/null
+++ b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_show_https_section.py
@@ -0,0 +1,90 @@
+#!/usr/bin/python
+# -*- coding: utf-8 -*-
+#
+# Ansible module to manage CheckPoint Firewall (c) 2019
+#
+# Ansible is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# Ansible is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with Ansible. If not, see <http://www.gnu.org/licenses/>.
+#
+
+from __future__ import (absolute_import, division, print_function)
+
+__metaclass__ = type
+
+ANSIBLE_METADATA = {'metadata_version': '1.1',
+ 'status': ['preview'],
+ 'supported_by': 'community'}
+
+DOCUMENTATION = """
+---
+module: cp_mgmt_show_https_section
+short_description: Retrieve existing HTTPS Inspection section using section name or uid and layer name.
+description:
+ - Retrieve existing HTTPS Inspection section using section name or uid and layer name.
+ - All operations are performed over Web Services API.
+version_added: "2.0.0"
+author: "Or Soffer (@chkp-orso)"
+options:
+ name:
+ description:
+ - Object name.
+ type: str
+ layer:
+ description:
+ - Layer that holds the Object. Identified by the Name or UID.
+ type: str
+ details_level:
+ description:
+ - The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed
+ representation of the object.
+ type: str
+ choices: ['uid', 'standard', 'full']
+extends_documentation_fragment: check_point.mgmt.checkpoint_commands
+"""
+
+EXAMPLES = """
+- name: show-https-section
+ cp_mgmt_show_https_section:
+ layer: Default Layer
+ name: New Section 1
+"""
+
+RETURN = """
+cp_mgmt_show_https_section:
+ description: The checkpoint show-https-section output.
+ returned: always.
+ type: dict
+"""
+
+from ansible.module_utils.basic import AnsibleModule
+from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_commands, api_command
+
+
+def main():
+ argument_spec = dict(
+ name=dict(type='str'),
+ layer=dict(type='str'),
+ details_level=dict(type='str', choices=['uid', 'standard', 'full'])
+ )
+ argument_spec.update(checkpoint_argument_spec_for_commands)
+
+ module = AnsibleModule(argument_spec=argument_spec)
+
+ command = "show-https-section"
+
+ result = api_command(module, command)
+ module.exit_json(**result)
+
+
+if __name__ == '__main__':
+ main()
diff --git a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_show_idp_default_assignment.py b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_show_idp_default_assignment.py
new file mode 100644
index 000000000..e6962ce94
--- /dev/null
+++ b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_show_idp_default_assignment.py
@@ -0,0 +1,78 @@
+#!/usr/bin/python
+# -*- coding: utf-8 -*-
+#
+# Ansible module to manage CheckPoint Firewall (c) 2019
+#
+# Ansible is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# Ansible is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with Ansible. If not, see <http://www.gnu.org/licenses/>.
+#
+
+from __future__ import (absolute_import, division, print_function)
+
+__metaclass__ = type
+
+ANSIBLE_METADATA = {'metadata_version': '1.1',
+ 'status': ['preview'],
+ 'supported_by': 'community'}
+
+DOCUMENTATION = """
+---
+module: cp_mgmt_show_idp_default_assignment
+short_description: Retrieve default Identity Provider assignment that used for Management server administrator access.
+description:
+ - Retrieve default Identity Provider assignment that used for Management server administrator access.
+ - All operations are performed over Web Services API.
+version_added: "3.0.0"
+author: "Eden Brillant (@chkp-edenbr)"
+options:
+ details_level:
+ description:
+ - The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed
+ representation of the object.
+ type: str
+ choices: ['uid', 'standard', 'full']
+extends_documentation_fragment: check_point.mgmt.checkpoint_commands
+"""
+
+EXAMPLES = """
+- name: show-idp-default-assignment
+ cp_mgmt_show_idp_default_assignment:
+"""
+
+RETURN = """
+cp_mgmt_show_idp_default_assignment:
+ description: The checkpoint show-idp-default-assignment output.
+ returned: always.
+ type: dict
+"""
+
+from ansible.module_utils.basic import AnsibleModule
+from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_commands, api_command
+
+
+def main():
+ argument_spec = dict(
+ details_level=dict(type='str', choices=['uid', 'standard', 'full'])
+ )
+ argument_spec.update(checkpoint_argument_spec_for_commands)
+
+ module = AnsibleModule(argument_spec=argument_spec)
+
+ command = "show-idp-default-assignment"
+
+ result = api_command(module, command)
+ module.exit_json(**result)
+
+
+if __name__ == '__main__':
+ main()
diff --git a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_show_logs.py b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_show_logs.py
new file mode 100644
index 000000000..59ecccd35
--- /dev/null
+++ b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_show_logs.py
@@ -0,0 +1,149 @@
+#!/usr/bin/python
+# -*- coding: utf-8 -*-
+#
+# Ansible module to manage CheckPoint Firewall (c) 2019
+#
+# Ansible is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# Ansible is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with Ansible. If not, see <http://www.gnu.org/licenses/>.
+#
+
+from __future__ import (absolute_import, division, print_function)
+
+__metaclass__ = type
+
+ANSIBLE_METADATA = {'metadata_version': '1.1',
+ 'status': ['preview'],
+ 'supported_by': 'community'}
+
+DOCUMENTATION = """
+---
+module: cp_mgmt_show_logs
+short_description: Showing logs according to the given filter.
+description:
+ - Showing logs according to the given filter.
+ - All operations are performed over Web Services API.
+version_added: "2.0.0"
+author: "Or Soffer (@chkp-orso)"
+options:
+ new_query:
+ description:
+ - Running a new query.
+ type: dict
+ suboptions:
+ filter:
+ description:
+ - The filter as entered in SmartConsole/SmartView.
+ type: str
+ time_frame:
+ description:
+ - Specify the time frame to query logs.
+ type: str
+ choices: ['last-7-days', 'last-hour', 'today', 'last-24-hours', 'yesterday', 'this-week', 'this-month', 'last-30-days', 'all-time', 'custom']
+ custom_start:
+ description:
+ - This option is only applicable when using the custom time-frame option.
+ type: str
+ custom_end:
+ description:
+ - This option is only applicable when using the custom time-frame option.
+ type: str
+ max_logs_per_request:
+ description:
+ - Limit the number of logs to be retrieved.
+ type: int
+ top:
+ description:
+ - Top results configuration.
+ type: dict
+ suboptions:
+ field:
+ description:
+ - The field on which the top command is executed.
+ type: str
+ choices: ['sources', 'destinations', 'services', 'actions', 'blades' , 'origins', 'users', 'applications']
+ count:
+ description:
+ - The number of results to retrieve.
+ type: int
+ type:
+ description:
+ - Type of logs to return.
+ type: str
+ choices: ['logs', 'audit']
+ log_servers:
+ description:
+ - List of IP's of logs servers to query.
+ type: list
+ elements: str
+ query_id:
+ description:
+ - Get the next page of last run query with specified limit.
+ type: str
+ ignore_warnings:
+ description:
+ - Ignore warnings if exist.
+ type: bool
+extends_documentation_fragment: check_point.mgmt.checkpoint_commands
+"""
+
+EXAMPLES = """
+- name: show-logs
+ cp_mgmt_show_logs:
+ new_query:
+ filter: blade:"Threat Emulation"
+ max_logs_per_request: '2'
+ time_frame: today
+"""
+
+RETURN = """
+cp_mgmt_show_logs:
+ description: The checkpoint show-logs output.
+ returned: always.
+ type: dict
+"""
+
+from ansible.module_utils.basic import AnsibleModule
+from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_commands, api_command
+
+
+def main():
+ argument_spec = dict(
+ new_query=dict(type='dict', options=dict(
+ filter=dict(type='str'),
+ time_frame=dict(type='str', choices=['last-7-days', 'last-hour', 'today', 'last-24-hours', 'yesterday',
+ 'this-week', 'this-month', 'last-30-days', 'all-time', 'custom']),
+ custom_start=dict(type='str'),
+ custom_end=dict(type='str'),
+ max_logs_per_request=dict(type='int'),
+ top=dict(type='dict', options=dict(
+ field=dict(type='str', choices=['sources', 'destinations', 'services', 'actions', 'blades', 'origins', 'users', 'applications']),
+ count=dict(type='int')
+ )),
+ type=dict(type='str', choices=['logs', 'audit']),
+ log_servers=dict(type='list', elements='str')
+ )),
+ query_id=dict(type='str'),
+ ignore_warnings=dict(type='bool')
+ )
+ argument_spec.update(checkpoint_argument_spec_for_commands)
+
+ module = AnsibleModule(argument_spec=argument_spec)
+
+ command = "show-logs"
+
+ result = api_command(module, command)
+ module.exit_json(**result)
+
+
+if __name__ == '__main__':
+ main()
diff --git a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_show_nat_section.py b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_show_nat_section.py
new file mode 100644
index 000000000..92809266c
--- /dev/null
+++ b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_show_nat_section.py
@@ -0,0 +1,90 @@
+#!/usr/bin/python
+# -*- coding: utf-8 -*-
+#
+# Ansible module to manage CheckPoint Firewall (c) 2019
+#
+# Ansible is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# Ansible is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with Ansible. If not, see <http://www.gnu.org/licenses/>.
+#
+
+from __future__ import (absolute_import, division, print_function)
+
+__metaclass__ = type
+
+ANSIBLE_METADATA = {'metadata_version': '1.1',
+ 'status': ['preview'],
+ 'supported_by': 'community'}
+
+DOCUMENTATION = """
+---
+module: cp_mgmt_show_nat_section
+short_description: Retrieve existing object using object name or uid.
+description:
+ - Retrieve existing object using object name or uid.
+ - All operations are performed over Web Services API.
+version_added: "2.0.0"
+author: "Or Soffer (@chkp-orso)"
+options:
+ name:
+ description:
+ - Object name.
+ type: str
+ package:
+ description:
+ - Name of the package.
+ type: str
+ details_level:
+ description:
+ - The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed
+ representation of the object.
+ type: str
+ choices: ['uid', 'standard', 'full']
+extends_documentation_fragment: check_point.mgmt.checkpoint_commands
+"""
+
+EXAMPLES = """
+- name: show-nat-section
+ cp_mgmt_show_nat_section:
+ name: New Section 1
+ package: standard
+"""
+
+RETURN = """
+cp_mgmt_show_nat_section:
+ description: The checkpoint show-nat-section output.
+ returned: always.
+ type: dict
+"""
+
+from ansible.module_utils.basic import AnsibleModule
+from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_commands, api_command
+
+
+def main():
+ argument_spec = dict(
+ name=dict(type='str'),
+ package=dict(type='str'),
+ details_level=dict(type='str', choices=['uid', 'standard', 'full'])
+ )
+ argument_spec.update(checkpoint_argument_spec_for_commands)
+
+ module = AnsibleModule(argument_spec=argument_spec)
+
+ command = "show-nat-section"
+
+ result = api_command(module, command)
+ module.exit_json(**result)
+
+
+if __name__ == '__main__':
+ main()
diff --git a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_show_servers_and_processes.py b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_show_servers_and_processes.py
new file mode 100644
index 000000000..6014b40a3
--- /dev/null
+++ b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_show_servers_and_processes.py
@@ -0,0 +1,73 @@
+#!/usr/bin/python
+# -*- coding: utf-8 -*-
+#
+# Ansible module to manage CheckPoint Firewall (c) 2019
+#
+# Ansible is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# Ansible is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with Ansible. If not, see <http://www.gnu.org/licenses/>.
+#
+
+from __future__ import (absolute_import, division, print_function)
+
+__metaclass__ = type
+
+ANSIBLE_METADATA = {'metadata_version': '1.1',
+ 'status': ['preview'],
+ 'supported_by': 'community'}
+
+DOCUMENTATION = """
+---
+module: cp_mgmt_show_servers_and_processes
+short_description: Shows the status of all processes in the current machine (Multi-Domain Server and all Domain Management / Log Servers). <br>This command is
+ available only on Multi-Domain Server.
+description:
+ - Shows the status of all processes in the current machine (Multi-Domain Server and all Domain Management / Log Servers). <br>This command is available
+ only on Multi-Domain Server.
+ - All operations are performed over Web Services API.
+version_added: "3.0.0"
+author: "Eden Brillant (@chkp-edenbr)"
+options: {}
+extends_documentation_fragment: check_point.mgmt.checkpoint_commands
+"""
+
+EXAMPLES = """
+- name: show-servers-and-processes
+ cp_mgmt_show_servers_and_processes:
+"""
+
+RETURN = """
+cp_mgmt_show_servers_and_processes:
+ description: The checkpoint show-servers-and-processes output.
+ returned: always.
+ type: dict
+"""
+
+from ansible.module_utils.basic import AnsibleModule
+from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_commands, api_command
+
+
+def main():
+ argument_spec = dict(
+ )
+ argument_spec.update(checkpoint_argument_spec_for_commands)
+
+ module = AnsibleModule(argument_spec=argument_spec)
+
+ command = "show-servers-and-processes"
+
+ result = api_command(module, command)
+ module.exit_json(**result)
+
+
+if __name__ == '__main__':
+ main()
diff --git a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_show_software_package_details.py b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_show_software_package_details.py
new file mode 100644
index 000000000..0b6ef90b7
--- /dev/null
+++ b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_show_software_package_details.py
@@ -0,0 +1,77 @@
+#!/usr/bin/python
+# -*- coding: utf-8 -*-
+#
+# Ansible module to manage CheckPoint Firewall (c) 2019
+#
+# Ansible is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# Ansible is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with Ansible. If not, see <http://www.gnu.org/licenses/>.
+#
+
+from __future__ import (absolute_import, division, print_function)
+
+__metaclass__ = type
+
+ANSIBLE_METADATA = {'metadata_version': '1.1',
+ 'status': ['preview'],
+ 'supported_by': 'community'}
+
+DOCUMENTATION = """
+---
+module: cp_mgmt_show_software_package_details
+short_description: Gets the software package information from the cloud.
+description:
+ - Gets the software package information from the cloud.
+ - All operations are performed over Web Services API.
+version_added: "2.0.0"
+author: "Or Soffer (@chkp-orso)"
+options:
+ name:
+ description:
+ - The name of the software package.
+ type: str
+extends_documentation_fragment: check_point.mgmt.checkpoint_commands
+"""
+
+EXAMPLES = """
+- name: show-software-package-details
+ cp_mgmt_show_software_package_details:
+ name: Check_Point_R80_40_JHF_MCD_DEMO_019_MAIN_Bundle_T1_VISIBLE_FULL.tgz
+"""
+
+RETURN = """
+cp_mgmt_show_software_package_details:
+ description: The checkpoint show-software-package-details output.
+ returned: always.
+ type: dict
+"""
+
+from ansible.module_utils.basic import AnsibleModule
+from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_commands, api_command
+
+
+def main():
+ argument_spec = dict(
+ name=dict(type='str')
+ )
+ argument_spec.update(checkpoint_argument_spec_for_commands)
+
+ module = AnsibleModule(argument_spec=argument_spec)
+
+ command = "show-software-package-details"
+
+ result = api_command(module, command)
+ module.exit_json(**result)
+
+
+if __name__ == '__main__':
+ main()
diff --git a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_show_task.py b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_show_task.py
new file mode 100644
index 000000000..d90bc7bbf
--- /dev/null
+++ b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_show_task.py
@@ -0,0 +1,85 @@
+#!/usr/bin/python
+# -*- coding: utf-8 -*-
+#
+# Ansible module to manage CheckPoint Firewall (c) 2019
+#
+# Ansible is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# Ansible is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with Ansible. If not, see <http://www.gnu.org/licenses/>.
+#
+
+from __future__ import (absolute_import, division, print_function)
+
+__metaclass__ = type
+
+ANSIBLE_METADATA = {'metadata_version': '1.1',
+ 'status': ['preview'],
+ 'supported_by': 'community'}
+
+DOCUMENTATION = """
+---
+module: cp_mgmt_show_task
+short_description: Show task progress and details.
+description:
+ - Show task progress and details.
+ - All operations are performed over Web Services API.
+version_added: "2.0.0"
+author: "Or Soffer (@chkp-orso)"
+options:
+ task_id:
+ description:
+ - Unique identifier of one or more tasks.
+ type: list
+ elements: str
+ details_level:
+ description:
+ - The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed
+ representation of the object.
+ type: str
+ choices: ['uid', 'standard', 'full']
+extends_documentation_fragment: check_point.mgmt.checkpoint_commands
+"""
+
+EXAMPLES = """
+- name: show-task
+ cp_mgmt_show_task:
+ task_id: 2eec70e5-78a8-4bdb-9a76-cfb5601d0bcb
+"""
+
+RETURN = """
+cp_mgmt_show_task:
+ description: The checkpoint show-task output.
+ returned: always.
+ type: dict
+"""
+
+from ansible.module_utils.basic import AnsibleModule
+from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_commands, api_command
+
+
+def main():
+ argument_spec = dict(
+ task_id=dict(type='list', elements='str'),
+ details_level=dict(type='str', choices=['uid', 'standard', 'full'])
+ )
+ argument_spec.update(checkpoint_argument_spec_for_commands)
+
+ module = AnsibleModule(argument_spec=argument_spec)
+
+ command = "show-task"
+
+ result = api_command(module, command)
+ module.exit_json(**result)
+
+
+if __name__ == '__main__':
+ main()
diff --git a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_show_tasks.py b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_show_tasks.py
new file mode 100644
index 000000000..a9fcdd872
--- /dev/null
+++ b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_show_tasks.py
@@ -0,0 +1,134 @@
+#!/usr/bin/python
+# -*- coding: utf-8 -*-
+#
+# Ansible module to manage CheckPoint Firewall (c) 2019
+#
+# Ansible is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# Ansible is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with Ansible. If not, see <http://www.gnu.org/licenses/>.
+#
+
+from __future__ import (absolute_import, division, print_function)
+
+__metaclass__ = type
+
+ANSIBLE_METADATA = {'metadata_version': '1.1',
+ 'status': ['preview'],
+ 'supported_by': 'community'}
+
+DOCUMENTATION = """
+---
+module: cp_mgmt_show_tasks
+short_description: Retrieve all tasks and show their progress and details.
+description:
+ - Retrieve all tasks and show their progress and details.
+ - All operations are performed over Web Services API.
+version_added: "2.0.0"
+author: "Or Soffer (@chkp-orso)"
+options:
+ initiator:
+ description:
+ - Initiator's name. If name isn't specified, tasks from all initiators will be shown.
+ type: str
+ status:
+ description:
+ - Status.
+ type: str
+ choices: ['successful', 'failed', 'in-progress', 'all']
+ from_date:
+ description:
+ - The date from which tracking tasks is to be performed, by the task's last update date. ISO 8601. If timezone isn't specified in the input, the
+ Management server's timezone is used.
+ type: str
+ to_date:
+ description:
+ - The date until which tracking tasks is to be performed, by the task's last update date. ISO 8601. If timezone isn't specified in the input,
+ the Management server's timezone is used.
+ type: str
+ limit:
+ description:
+ - The maximal number of returned results.
+ type: int
+ offset:
+ description:
+ - Number of the results to initially skip.
+ type: int
+ order:
+ description:
+ - Sorts results by the given field. By default the results are sorted in the descending order by the task's last update date.
+ type: list
+ elements: dict
+ suboptions:
+ ASC:
+ description:
+ - Sorts results by the given field in ascending order.
+ type: str
+ choices: ['name']
+ DESC:
+ description:
+ - Sorts results by the given field in descending order.
+ type: str
+ choices: ['name']
+ details_level:
+ description:
+ - The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed
+ representation of the object.
+ type: str
+ choices: ['uid', 'standard', 'full']
+extends_documentation_fragment: check_point.mgmt.checkpoint_commands
+"""
+
+EXAMPLES = """
+- name: show-tasks
+ cp_mgmt_show_tasks:
+ from_date: '2018-05-23T08:00:00'
+ initiator: admin1
+ status: successful
+"""
+
+RETURN = """
+cp_mgmt_show_tasks:
+ description: The checkpoint show-tasks output.
+ returned: always.
+ type: dict
+"""
+
+from ansible.module_utils.basic import AnsibleModule
+from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_commands, api_command
+
+
+def main():
+ argument_spec = dict(
+ initiator=dict(type='str'),
+ status=dict(type='str', choices=['successful', 'failed', 'in-progress', 'all']),
+ from_date=dict(type='str'),
+ to_date=dict(type='str'),
+ limit=dict(type='int'),
+ offset=dict(type='int'),
+ order=dict(type='list', elements='dict', options=dict(
+ ASC=dict(type='str', choices=['name']),
+ DESC=dict(type='str', choices=['name'])
+ )),
+ details_level=dict(type='str', choices=['uid', 'standard', 'full'])
+ )
+ argument_spec.update(checkpoint_argument_spec_for_commands)
+
+ module = AnsibleModule(argument_spec=argument_spec)
+
+ command = "show-tasks"
+
+ result = api_command(module, command)
+ module.exit_json(**result)
+
+
+if __name__ == '__main__':
+ main()
diff --git a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_show_threat_advanced_settings.py b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_show_threat_advanced_settings.py
new file mode 100644
index 000000000..5af7329a7
--- /dev/null
+++ b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_show_threat_advanced_settings.py
@@ -0,0 +1,71 @@
+#!/usr/bin/python
+# -*- coding: utf-8 -*-
+#
+# Ansible module to manage CheckPoint Firewall (c) 2019
+#
+# Ansible is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# Ansible is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with Ansible. If not, see <http://www.gnu.org/licenses/>.
+#
+
+from __future__ import (absolute_import, division, print_function)
+
+__metaclass__ = type
+
+ANSIBLE_METADATA = {'metadata_version': '1.1',
+ 'status': ['preview'],
+ 'supported_by': 'community'}
+
+DOCUMENTATION = """
+---
+module: cp_mgmt_show_threat_advanced_settings
+short_description: Show Threat Prevention's Blades' Settings.
+description:
+ - Show Threat Prevention's Blades' Settings.
+ - All operations are performed over Web Services API.
+version_added: "3.0.0"
+author: "Eden Brillant (@chkp-edenbr)"
+options: {}
+extends_documentation_fragment: check_point.mgmt.checkpoint_commands
+"""
+
+EXAMPLES = """
+- name: show-threat-advanced-settings
+ cp_mgmt_show_threat_advanced_settings:
+"""
+
+RETURN = """
+cp_mgmt_show_threat_advanced_settings:
+ description: The checkpoint show-threat-advanced-settings output.
+ returned: always.
+ type: dict
+"""
+
+from ansible.module_utils.basic import AnsibleModule
+from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_commands, api_command
+
+
+def main():
+ argument_spec = dict(
+ )
+ argument_spec.update(checkpoint_argument_spec_for_commands)
+
+ module = AnsibleModule(argument_spec=argument_spec)
+
+ command = "show-threat-advanced-settings"
+
+ result = api_command(module, command)
+ module.exit_json(**result)
+
+
+if __name__ == '__main__':
+ main()
diff --git a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_simple_cluster.py b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_simple_cluster.py
new file mode 100644
index 000000000..0742d2489
--- /dev/null
+++ b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_simple_cluster.py
@@ -0,0 +1,1287 @@
+#!/usr/bin/python
+# -*- coding: utf-8 -*-
+#
+# Ansible module to manage CheckPoint Firewall (c) 2019
+#
+# Ansible is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# Ansible is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with Ansible. If not, see <http://www.gnu.org/licenses/>.
+#
+
+from __future__ import (absolute_import, division, print_function)
+
+__metaclass__ = type
+
+ANSIBLE_METADATA = {'metadata_version': '1.1',
+ 'status': ['preview'],
+ 'supported_by': 'community'}
+
+DOCUMENTATION = """
+---
+module: cp_mgmt_simple_cluster
+short_description: Manages simple-cluster objects on Checkpoint over Web Services API
+description:
+ - Manages simple-cluster objects on Checkpoint devices including creating, updating and removing objects.
+ - All operations are performed over Web Services API.
+version_added: "3.0.0"
+author: "Eden Brillant (@chkp-edenbr)"
+options:
+ name:
+ description:
+ - Object name.
+ type: str
+ required: True
+ ip_address:
+ description:
+ - IPv4 or IPv6 address. If both addresses are required use ipv4-address and ipv6-address fields explicitly.
+ type: str
+ ipv4_address:
+ description:
+ - IPv4 address.
+ type: str
+ ipv6_address:
+ description:
+ - IPv6 address.
+ type: str
+ anti_bot:
+ description:
+ - Anti-Bot blade enabled.
+ type: bool
+ anti_virus:
+ description:
+ - Anti-Virus blade enabled.
+ type: bool
+ application_control:
+ description:
+ - Application Control blade enabled.
+ type: bool
+ cluster_mode:
+ description:
+ - Cluster mode.
+ type: str
+ choices: ['cluster-xl-ha', 'cluster-ls-multicast', 'cluster-ls-unicast', 'opsec-ha', 'opsec-ls']
+ content_awareness:
+ description:
+ - Content Awareness blade enabled.
+ type: bool
+ firewall:
+ description:
+ - Firewall blade enabled.
+ type: bool
+ firewall_settings:
+ description:
+ - N/A
+ type: dict
+ suboptions:
+ auto_calculate_connections_hash_table_size_and_memory_pool:
+ description:
+ - N/A
+ type: bool
+ auto_maximum_limit_for_concurrent_connections:
+ description:
+ - N/A
+ type: bool
+ connections_hash_size:
+ description:
+ - N/A
+ type: int
+ maximum_limit_for_concurrent_connections:
+ description:
+ - N/A
+ type: int
+ maximum_memory_pool_size:
+ description:
+ - N/A
+ type: int
+ memory_pool_size:
+ description:
+ - N/A
+ type: int
+ hardware:
+ description:
+ - Cluster platform hardware.
+ type: str
+ interfaces:
+ description:
+ - N/A
+ type: list
+ elements: dict
+ suboptions:
+ name:
+ description:
+ - Object name.
+ type: str
+ interface_type:
+ description:
+ - Cluster interface type.
+ type: str
+ choices: ['cluster', 'sync', 'cluster + sync', 'private']
+ ip_address:
+ description:
+ - IPv4 or IPv6 address. If both addresses are required use ipv4-address and ipv6-address fields explicitly.
+ type: str
+ ipv4_address:
+ description:
+ - IPv4 address.
+ type: str
+ ipv6_address:
+ description:
+ - IPv6 address.
+ type: str
+ network_mask:
+ description:
+ - IPv4 or IPv6 network mask. If both masks are required use ipv4-network-mask and ipv6-network-mask fields explicitly. Instead of
+ providing mask itself it is possible to specify IPv4 or IPv6 mask length in mask-length field. If both masks length are required use
+ ipv4-mask-length and ipv6-mask-length fields explicitly.
+ type: str
+ ipv4_network_mask:
+ description:
+ - IPv4 network address.
+ type: str
+ ipv6_network_mask:
+ description:
+ - IPv6 network address.
+ type: str
+ mask_length:
+ description:
+ - IPv4 or IPv6 network mask length.
+ type: str
+ ipv4_mask_length:
+ description:
+ - IPv4 network mask length.
+ type: str
+ ipv6_mask_length:
+ description:
+ - IPv6 network mask length.
+ type: str
+ anti_spoofing:
+ description:
+ - N/A
+ type: bool
+ anti_spoofing_settings:
+ description:
+ - N/A
+ type: dict
+ suboptions:
+ action:
+ description:
+ - If packets will be rejected (the Prevent option) or whether the packets will be monitored (the Detect option).
+ type: str
+ choices: ['prevent', 'detect']
+ exclude_packets:
+ description:
+ - Don't check packets from excluded network.
+ type: bool
+ excluded_network_name:
+ description:
+ - Excluded network name.
+ type: str
+ excluded_network_uid:
+ description:
+ - Excluded network UID.
+ type: str
+ spoof_tracking:
+ description:
+ - Spoof tracking.
+ type: str
+ choices: ['none', 'log', 'alert']
+ multicast_address:
+ description:
+ - Multicast IP Address.
+ type: str
+ multicast_address_type:
+ description:
+ - Multicast Address Type.
+ type: str
+ choices: ['manual', 'default']
+ security_zone:
+ description:
+ - N/A
+ type: bool
+ security_zone_settings:
+ description:
+ - N/A
+ type: dict
+ suboptions:
+ auto_calculated:
+ description:
+ - Security Zone is calculated according to where the interface leads to.
+ type: bool
+ specific_zone:
+ description:
+ - Security Zone specified manually.
+ type: str
+ tags:
+ description:
+ - Collection of tag identifiers.
+ type: list
+ elements: str
+ topology:
+ description:
+ - N/A
+ type: str
+ choices: ['automatic', 'external', 'internal']
+ topology_settings:
+ description:
+ - N/A
+ type: dict
+ suboptions:
+ interface_leads_to_dmz:
+ description:
+ - Whether this interface leads to demilitarized zone (perimeter network).
+ type: bool
+ ip_address_behind_this_interface:
+ description:
+ - Network settings behind this interface.
+ type: str
+ choices: ['not defined', 'network defined by the interface ip and net mask', 'network defined by routing', 'specific']
+ specific_network:
+ description:
+ - Network behind this interface.
+ type: str
+ color:
+ description:
+ - Color of the object. Should be one of existing colors.
+ type: str
+ choices: ['aquamarine', 'black', 'blue', 'crete blue', 'burlywood', 'cyan', 'dark green', 'khaki', 'orchid', 'dark orange',
+ 'dark sea green', 'pink', 'turquoise', 'dark blue', 'firebrick', 'brown', 'forest green', 'gold', 'dark gold', 'gray', 'dark gray',
+ 'light green', 'lemon chiffon', 'coral', 'sea green', 'sky blue', 'magenta', 'purple', 'slate blue', 'violet red', 'navy blue', 'olive',
+ 'orange', 'red', 'sienna', 'yellow']
+ comments:
+ description:
+ - Comments string.
+ type: str
+ details_level:
+ description:
+ - The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed
+ representation of the object.
+ type: str
+ choices: ['uid', 'standard', 'full']
+ ignore_warnings:
+ description:
+ - Apply changes ignoring warnings.
+ type: bool
+ ignore_errors:
+ description:
+ - Apply changes ignoring errors. You won't be able to publish such a changes. If ignore-warnings flag was omitted - warnings will also be ignored.
+ type: bool
+ ips:
+ description:
+ - Intrusion Prevention System blade enabled.
+ type: bool
+ members:
+ description:
+ - Cluster members list. Only new cluster member can be added. Adding existing gateway is not supported.
+ type: list
+ elements: dict
+ suboptions:
+ name:
+ description:
+ - Object name.
+ type: str
+ interfaces:
+ description:
+ - Cluster Member network interfaces.
+ type: list
+ elements: dict
+ suboptions:
+ name:
+ description:
+ - Object name.
+ type: str
+ anti_spoofing:
+ description:
+ - N/A
+ type: bool
+ anti_spoofing_settings:
+ description:
+ - N/A
+ type: dict
+ suboptions:
+ action:
+ description:
+ - If packets will be rejected (the Prevent option) or whether the packets will be monitored (the Detect option).
+ type: str
+ choices: ['prevent', 'detect']
+ exclude_packets:
+ description:
+ - Don't check packets from excluded network.
+ type: bool
+ excluded_network_name:
+ description:
+ - Excluded network name.
+ type: str
+ excluded_network_uid:
+ description:
+ - Excluded network UID.
+ type: str
+ spoof_tracking:
+ description:
+ - Spoof tracking.
+ type: str
+ choices: ['none', 'log', 'alert']
+ ip_address:
+ description:
+ - IPv4 or IPv6 address. If both addresses are required use ipv4-address and ipv6-address fields explicitly.
+ type: str
+ ipv4_address:
+ description:
+ - IPv4 address.
+ type: str
+ ipv6_address:
+ description:
+ - IPv6 address.
+ type: str
+ network_mask:
+ description:
+ - IPv4 or IPv6 network mask. If both masks are required use ipv4-network-mask and ipv6-network-mask fields explicitly. Instead
+ of providing mask itself it is possible to specify IPv4 or IPv6 mask length in mask-length field. If both masks length are required use
+ ipv4-mask-length and ipv6-mask-length fields explicitly.
+ type: str
+ ipv4_network_mask:
+ description:
+ - IPv4 network address.
+ type: str
+ ipv6_network_mask:
+ description:
+ - IPv6 network address.
+ type: str
+ mask_length:
+ description:
+ - IPv4 or IPv6 network mask length.
+ type: str
+ ipv4_mask_length:
+ description:
+ - IPv4 network mask length.
+ type: str
+ ipv6_mask_length:
+ description:
+ - IPv6 network mask length.
+ type: str
+ security_zone:
+ description:
+ - N/A
+ type: bool
+ security_zone_settings:
+ description:
+ - N/A
+ type: dict
+ suboptions:
+ auto_calculated:
+ description:
+ - Security Zone is calculated according to where the interface leads to.
+ type: bool
+ specific_zone:
+ description:
+ - Security Zone specified manually.
+ type: str
+ tags:
+ description:
+ - Collection of tag identifiers.
+ type: list
+ elements: str
+ topology:
+ description:
+ - N/A
+ type: str
+ choices: ['automatic', 'external', 'internal']
+ topology_settings:
+ description:
+ - N/A
+ type: dict
+ suboptions:
+ interface_leads_to_dmz:
+ description:
+ - Whether this interface leads to demilitarized zone (perimeter network).
+ type: bool
+ ip_address_behind_this_interface:
+ description:
+ - Network settings behind this interface.
+ type: str
+ choices: ['not defined', 'network defined by the interface ip and net mask', 'network defined by routing', 'specific']
+ specific_network:
+ description:
+ - Network behind this interface.
+ type: str
+ color:
+ description:
+ - Color of the object. Should be one of existing colors.
+ type: str
+ choices: ['aquamarine', 'black', 'blue', 'crete blue', 'burlywood', 'cyan', 'dark green', 'khaki', 'orchid', 'dark orange',
+ 'dark sea green', 'pink', 'turquoise', 'dark blue', 'firebrick', 'brown', 'forest green', 'gold', 'dark gold', 'gray', 'dark gray',
+ 'light green', 'lemon chiffon', 'coral', 'sea green', 'sky blue', 'magenta', 'purple', 'slate blue', 'violet red', 'navy blue', 'olive',
+ 'orange', 'red', 'sienna', 'yellow']
+ comments:
+ description:
+ - Comments string.
+ type: str
+ details_level:
+ description:
+ - The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully
+ detailed representation of the object.
+ type: str
+ choices: ['uid', 'standard', 'full']
+ ignore_warnings:
+ description:
+ - Apply changes ignoring warnings.
+ type: bool
+ ignore_errors:
+ description:
+ - Apply changes ignoring errors. You won't be able to publish such a changes. If ignore-warnings flag was omitted - warnings
+ will also be ignored.
+ type: bool
+ ip_address:
+ description:
+ - IPv4 or IPv6 address. If both addresses are required use ipv4-address and ipv6-address fields explicitly.
+ type: str
+ ipv4_address:
+ description:
+ - IPv4 address.
+ type: str
+ ipv6_address:
+ description:
+ - IPv6 address.
+ type: str
+ one_time_password:
+ description:
+ - N/A
+ type: str
+ tags:
+ description:
+ - Collection of tag identifiers.
+ type: list
+ elements: str
+ color:
+ description:
+ - Color of the object. Should be one of existing colors.
+ type: str
+ choices: ['aquamarine', 'black', 'blue', 'crete blue', 'burlywood', 'cyan', 'dark green', 'khaki', 'orchid', 'dark orange',
+ 'dark sea green', 'pink', 'turquoise', 'dark blue', 'firebrick', 'brown', 'forest green', 'gold', 'dark gold', 'gray', 'dark gray',
+ 'light green', 'lemon chiffon', 'coral', 'sea green', 'sky blue', 'magenta', 'purple', 'slate blue', 'violet red', 'navy blue', 'olive',
+ 'orange', 'red', 'sienna', 'yellow']
+ comments:
+ description:
+ - Comments string.
+ type: str
+ details_level:
+ description:
+ - The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed
+ representation of the object.
+ type: str
+ choices: ['uid', 'standard', 'full']
+ ignore_warnings:
+ description:
+ - Apply changes ignoring warnings.
+ type: bool
+ ignore_errors:
+ description:
+ - Apply changes ignoring errors. You won't be able to publish such a changes. If ignore-warnings flag was omitted - warnings will also be ignored.
+ type: bool
+ os_name:
+ description:
+ - Cluster platform operating system.
+ type: str
+ platform_portal_settings:
+ description:
+ - Platform portal settings.
+ type: dict
+ suboptions:
+ portal_web_settings:
+ description:
+ - Configuration of the portal web settings.
+ type: dict
+ suboptions:
+ aliases:
+ description:
+ - List of URL aliases that are redirected to the main portal URL.
+ type: list
+ elements: str
+ ip_address:
+ description:
+ - Optional, IP address for the web portal to use, if your DNS server fails to resolve the main portal URL.
+ Note, If your DNS server resolves the main portal URL, this IP address is ignored.
+ type: str
+ main_url:
+ description:
+ - The main URL for the web portal.
+ type: str
+ certificate_settings:
+ description:
+ - Configuration of the portal certificate settings.
+ type: dict
+ suboptions:
+ base64_certificate:
+ description:
+ - The certificate file encoded in Base64 with padding. This file must be in the *.p12 format.
+ type: str
+ base64_password:
+ description:
+ - Password (encoded in Base64 with padding) for the certificate file.
+ type: str
+ accessibility:
+ description:
+ - Configuration of the portal access settings.
+ type: dict
+ suboptions:
+ allow_access_from:
+ description:
+ - Allowed access to the web portal (based on interfaces, or security policy).
+ type: str
+ choices: ['rule_base', 'internal_interfaces', 'all_interfaces']
+ internal_access_settings:
+ description:
+ - Configuration of the additional portal access settings for internal interfaces only.
+ type: dict
+ suboptions:
+ undefined:
+ description:
+ - Controls portal access settings for internal interfaces, whose topology is set to 'Undefined'.
+ type: bool
+ dmz:
+ description:
+ - Controls portal access settings for internal interfaces, whose topology is set to 'DMZ'.
+ type: bool
+ vpn:
+ description:
+ - Controls portal access settings for interfaces that are part of a VPN Encryption Domain.
+ type: bool
+ send_alerts_to_server:
+ description:
+ - Server(s) to send alerts to.
+ type: list
+ elements: str
+ send_logs_to_backup_server:
+ description:
+ - Backup server(s) to send logs to.
+ type: list
+ elements: str
+ send_logs_to_server:
+ description:
+ - Server(s) to send logs to.
+ type: list
+ elements: str
+ tags:
+ description:
+ - Collection of tag identifiers.
+ type: list
+ elements: str
+ threat_emulation:
+ description:
+ - Threat Emulation blade enabled.
+ type: bool
+ threat_extraction:
+ description:
+ - Threat Extraction blade enabled.
+ type: bool
+ threat_prevention_mode:
+ description:
+ - The mode of Threat Prevention to use. When using Autonomous Threat Prevention, disabling the Threat Prevention blades is not allowed.
+ type: str
+ choices: ['autonomous', 'custom']
+ url_filtering:
+ description:
+ - URL Filtering blade enabled.
+ type: bool
+ usercheck_portal_settings:
+ description:
+ - UserCheck portal settings.
+ type: dict
+ suboptions:
+ enabled:
+ description:
+ - State of the web portal (enabled or disabled). The supported blades are, {'Application Control', 'URL Filtering', 'Data Loss
+ Prevention', 'Anti Virus', 'Anti Bot', 'Threat Emulation', 'Threat Extraction', 'Data Awareness'}.
+ type: bool
+ portal_web_settings:
+ description:
+ - Configuration of the portal web settings.
+ type: dict
+ suboptions:
+ aliases:
+ description:
+ - List of URL aliases that are redirected to the main portal URL.
+ type: list
+ elements: str
+ ip_address:
+ description:
+ - Optional, IP address for the web portal to use, if your DNS server fails to resolve the main portal URL.
+ Note, If your DNS server resolves the main portal URL, this IP address is ignored.
+ type: str
+ main_url:
+ description:
+ - The main URL for the web portal.
+ type: str
+ certificate_settings:
+ description:
+ - Configuration of the portal certificate settings.
+ type: dict
+ suboptions:
+ base64_certificate:
+ description:
+ - The certificate file encoded in Base64 with padding. This file must be in the *.p12 format.
+ type: str
+ base64_password:
+ description:
+ - Password (encoded in Base64 with padding) for the certificate file.
+ type: str
+ accessibility:
+ description:
+ - Configuration of the portal access settings.
+ type: dict
+ suboptions:
+ allow_access_from:
+ description:
+ - Allowed access to the web portal (based on interfaces, or security policy).
+ type: str
+ choices: ['rule_base', 'internal_interfaces', 'all_interfaces']
+ internal_access_settings:
+ description:
+ - Configuration of the additional portal access settings for internal interfaces only.
+ type: dict
+ suboptions:
+ undefined:
+ description:
+ - Controls portal access settings for internal interfaces, whose topology is set to 'Undefined'.
+ type: bool
+ dmz:
+ description:
+ - Controls portal access settings for internal interfaces, whose topology is set to 'DMZ'.
+ type: bool
+ vpn:
+ description:
+ - Controls portal access settings for interfaces that are part of a VPN Encryption Domain.
+ type: bool
+ cluster_version:
+ description:
+ - Cluster platform version.
+ type: str
+ vpn:
+ description:
+ - VPN blade enabled.
+ type: bool
+ vpn_settings:
+ description:
+ - Gateway VPN settings.
+ type: dict
+ suboptions:
+ authentication:
+ description:
+ - Authentication.
+ type: dict
+ suboptions:
+ authentication_clients:
+ description:
+ - Collection of VPN Authentication clients identified by the name or UID.
+ type: list
+ elements: str
+ link_selection:
+ description:
+ - Link Selection.
+ type: dict
+ suboptions:
+ ip_selection:
+ description:
+ - N/A
+ type: str
+ choices: ['use-main-address', 'use-selected-address-from-topology', 'use-statically-nated-ip',
+ 'calculated-ip-based-on-topology', 'dns-resolving-from-hostname', 'dns-resolving-from-gateway-and-domain-name',
+ 'use-probing-with-high-availability', 'use-probing-with-load-sharing', 'use-one-time-probing']
+ dns_resolving_hostname:
+ description:
+ - DNS Resolving Hostname. Must be set when "ip-selection" was selected to be "dns-resolving-from-hostname".
+ type: str
+ ip_address:
+ description:
+ - IP Address. Must be set when "ip-selection" was selected to be "use-selected-address-from-topology" or "use-statically-nated-ip".
+ type: str
+ maximum_concurrent_ike_negotiations:
+ description:
+ - N/A
+ type: int
+ maximum_concurrent_tunnels:
+ description:
+ - N/A
+ type: int
+ office_mode:
+ description:
+ - Office Mode. Notation Wide Impact - Office Mode apply IPSec VPN Software Blade clients and to the Mobile Access Software Blade clients.
+ type: dict
+ suboptions:
+ mode:
+ description:
+ - Office Mode Permissions.When selected to be "off", all the other definitions are irrelevant.
+ type: str
+ choices: ['off', 'specific-group', 'all-users']
+ group:
+ description:
+ - Group. Identified by name or UID. Must be set when "office-mode-permissions" was selected to be "group".
+ type: str
+ allocate_ip_address_from:
+ description:
+ - Allocate IP address Method.
+ Allocate IP address by sequentially trying the given methods until success.
+ type: dict
+ suboptions:
+ radius_server:
+ description:
+ - Radius server used to authenticate the user.
+ type: bool
+ use_allocate_method:
+ description:
+ - Use Allocate Method.
+ type: bool
+ allocate_method:
+ description:
+ - Using either Manual (IP Pool) or Automatic (DHCP).
+ Must be set when "use-allocate-method" is true.
+ type: str
+ choices: ['manual', 'automatic']
+ manual_network:
+ description:
+ - Manual Network. Identified by name or UID.
+ Must be set when "allocate-method" was selected to be "manual".
+ type: str
+ dhcp_server:
+ description:
+ - DHCP Server. Identified by name or UID.
+ Must be set when "allocate-method" was selected to be "automatic".
+ type: str
+ virtual_ip_address:
+ description:
+ - Virtual IPV4 address for DHCP server replies.
+ Must be set when "allocate-method" was selected to be "automatic".
+ type: str
+ dhcp_mac_address:
+ description:
+ - Calculated MAC address for DHCP allocation.
+ Must be set when "allocate-method" was selected to be "automatic".
+ type: str
+ choices: ['per-machine', 'per-user']
+ optional_parameters:
+ description:
+ - This configuration applies to all Office Mode methods except Automatic (using DHCP) and ipassignment.conf entries which contain this data.
+ type: dict
+ suboptions:
+ use_primary_dns_server:
+ description:
+ - Use Primary DNS Server.
+ type: bool
+ primary_dns_server:
+ description:
+ - Primary DNS Server. Identified by name or UID.
+ Must be set when "use-primary-dns-server" is true and can not be set when "use-primary-dns-server" is false.
+ type: str
+ use_first_backup_dns_server:
+ description:
+ - Use First Backup DNS Server.
+ type: bool
+ first_backup_dns_server:
+ description:
+ - First Backup DNS Server. Identified by name or UID.
+ Must be set when "use-first-backup-dns-server" is true and can not be set when "use-first-backup-dns-server" is false.
+ type: str
+ use_second_backup_dns_server:
+ description:
+ - Use Second Backup DNS Server.
+ type: bool
+ second_backup_dns_server:
+ description:
+ - Second Backup DNS Server. Identified by name or UID.
+ Must be set when "use-second-backup-dns-server" is true and can not be set when "use-second-backup-dns-server" is false.
+ type: str
+ dns_suffixes:
+ description:
+ - DNS Suffixes.
+ type: str
+ use_primary_wins_server:
+ description:
+ - Use Primary WINS Server.
+ type: bool
+ primary_wins_server:
+ description:
+ - Primary WINS Server. Identified by name or UID.
+ Must be set when "use-primary-wins-server" is true and can not be set when "use-primary-wins-server" is false.
+ type: str
+ use_first_backup_wins_server:
+ description:
+ - Use First Backup WINS Server.
+ type: bool
+ first_backup_wins_server:
+ description:
+ - First Backup WINS Server. Identified by name or UID.
+ Must be set when "use-first-backup-wins-server" is true and can not be set when "use-first-backup-wins-server" is false.
+ type: str
+ use_second_backup_wins_server:
+ description:
+ - Use Second Backup WINS Server.
+ type: bool
+ second_backup_wins_server:
+ description:
+ - Second Backup WINS Server. Identified by name or UID.
+ Must be set when "use-second-backup-wins-server" is true and can not be set when "use-second-backup-wins-server" is false.
+ type: str
+ ip_lease_duration:
+ description:
+ - IP Lease Duration in Minutes. The value must be in the range 2-32767.
+ type: int
+ support_multiple_interfaces:
+ description:
+ - Support connectivity enhancement for gateways with multiple external interfaces.
+ type: bool
+ perform_anti_spoofing:
+ description:
+ - Perform Anti-Spoofing on Office Mode addresses.
+ type: bool
+ anti_spoofing_additional_addresses:
+ description:
+ - Additional IP Addresses for Anti-Spoofing. Identified by name or UID.
+ Must be set when "perform-anti-spoofings" is true.
+ type: str
+ remote_access:
+ description:
+ - Remote Access.
+ type: dict
+ suboptions:
+ support_l2tp:
+ description:
+ - Support L2TP (relevant only when office mode is active).
+ type: bool
+ l2tp_auth_method:
+ description:
+ - L2TP Authentication Method.
+ Must be set when "support-l2tp" is true.
+ type: str
+ choices: ['certificate', 'md5']
+ l2tp_certificate:
+ description:
+ - L2TP Certificate.
+ Must be set when "l2tp-auth-method" was selected to be "certificate".
+ Insert "defaultCert" when you want to use the default certificate.
+ type: str
+ allow_vpn_clients_to_route_traffic:
+ description:
+ - Allow VPN clients to route traffic.
+ type: bool
+ support_nat_traversal_mechanism:
+ description:
+ - Support NAT traversal mechanism (UDP encapsulation).
+ type: bool
+ nat_traversal_service:
+ description:
+ - Allocated NAT traversal UDP service. Identified by name or UID.
+ Must be set when "support-nat-traversal-mechanism" is true.
+ type: str
+ support_visitor_mode:
+ description:
+ - Support Visitor Mode.
+ type: bool
+ visitor_mode_service:
+ description:
+ - TCP Service for Visitor Mode. Identified by name or UID.
+ Must be set when "support-visitor-mode" is true.
+ type: str
+ visitor_mode_interface:
+ description:
+ - Interface for Visitor Mode.
+ Must be set when "support-visitor-mode" is true.
+ Insert IPV4 Address of existing interface or "All IPs" when you want all interfaces.
+ type: str
+ vpn_domain:
+ description:
+ - Gateway VPN domain identified by the name or UID.
+ type: str
+ vpn_domain_type:
+ description:
+ - Gateway VPN domain type.
+ type: str
+ choices: ['manual', 'addresses_behind_gw']
+ show_portals_certificate:
+ description:
+ - Indicates whether to show the portals certificate value in the reply.
+ type: bool
+ color:
+ description:
+ - Color of the object. Should be one of existing colors.
+ type: str
+ choices: ['aquamarine', 'black', 'blue', 'crete blue', 'burlywood', 'cyan', 'dark green', 'khaki', 'orchid', 'dark orange', 'dark sea green',
+ 'pink', 'turquoise', 'dark blue', 'firebrick', 'brown', 'forest green', 'gold', 'dark gold', 'gray', 'dark gray', 'light green', 'lemon chiffon',
+ 'coral', 'sea green', 'sky blue', 'magenta', 'purple', 'slate blue', 'violet red', 'navy blue', 'olive', 'orange', 'red', 'sienna', 'yellow']
+ comments:
+ description:
+ - Comments string.
+ type: str
+ details_level:
+ description:
+ - The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed
+ representation of the object.
+ type: str
+ choices: ['uid', 'standard', 'full']
+ groups:
+ description:
+ - Collection of group identifiers.
+ type: list
+ elements: str
+ ignore_warnings:
+ description:
+ - Apply changes ignoring warnings.
+ type: bool
+ ignore_errors:
+ description:
+ - Apply changes ignoring errors. You won't be able to publish such a changes. If ignore-warnings flag was omitted - warnings will also be ignored.
+ type: bool
+extends_documentation_fragment: check_point.mgmt.checkpoint_objects
+"""
+
+EXAMPLES = """
+- name: add-simple-cluster
+ cp_mgmt_simple_cluster:
+ cluster_mode: cluster-xl-ha
+ color: yellow
+ firewall: true
+ interfaces:
+ - anti_spoofing: true
+ interface_type: cluster
+ ip_address: 17.23.5.1
+ name: eth0
+ network_mask: 255.255.255.0
+ topology: EXTERNAL
+ - interface_type: sync
+ name: eth1
+ topology: INTERNAL
+ topology_settings:
+ interface_leads_to_dmz: false
+ ip_address_behind_this_interface: network defined by the interface ip and net
+ mask
+ - anti_spoofing: true
+ interface_type: cluster
+ ip_address: 192.168.1.1
+ name: eth2
+ network_mask: 255.255.255.0
+ topology: INTERNAL
+ topology_settings:
+ interface_leads_to_dmz: false
+ ip_address_behind_this_interface: network defined by the interface ip and net
+ mask
+ ip_address: 17.23.5.1
+ members:
+ - interfaces:
+ - ip_address: 17.23.5.2
+ name: eth0
+ network_mask: 255.255.255.0
+ - ip_address: 1.1.2.4
+ name: eth1
+ network_mask: 255.255.255.0
+ - ip_address: 192.168.1.2
+ name: eth2
+ network_mask: 255.255.255.0
+ ip_address: 17.23.5.2
+ name: member1
+ one_time_password: abcd
+ - interfaces:
+ - ip_address: 17.23.5.3
+ name: eth0
+ network_mask: 255.255.255.0
+ - ip_address: 1.1.2.5
+ name: eth1
+ network_mask: 255.255.255.0
+ - ip_address: 192.168.1.3
+ name: eth2
+ network_mask: 255.255.255.0
+ ip_address: 17.23.5.3
+ name: member2
+ one_time_password: abcd
+ name: cluster1
+ os_name: Gaia
+ state: present
+ cluster_version: R80.30
+
+- name: set-simple-cluster
+ cp_mgmt_simple_cluster:
+ name: cluster1
+ state: present
+
+- name: delete-simple-cluster
+ cp_mgmt_simple_cluster:
+ name: cluster1
+ state: absent
+"""
+
+RETURN = """
+cp_mgmt_simple_cluster:
+ description: The checkpoint object created or updated.
+ returned: always, except when deleting the object.
+ type: dict
+"""
+
+from ansible.module_utils.basic import AnsibleModule
+from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_objects, api_call
+
+
+def main():
+ argument_spec = dict(
+ name=dict(type='str', required=True),
+ ip_address=dict(type='str'),
+ ipv4_address=dict(type='str'),
+ ipv6_address=dict(type='str'),
+ anti_bot=dict(type='bool'),
+ anti_virus=dict(type='bool'),
+ application_control=dict(type='bool'),
+ cluster_mode=dict(type='str', choices=['cluster-xl-ha', 'cluster-ls-multicast', 'cluster-ls-unicast', 'opsec-ha', 'opsec-ls']),
+ content_awareness=dict(type='bool'),
+ firewall=dict(type='bool'),
+ firewall_settings=dict(type='dict', options=dict(
+ auto_calculate_connections_hash_table_size_and_memory_pool=dict(type='bool'),
+ auto_maximum_limit_for_concurrent_connections=dict(type='bool'),
+ connections_hash_size=dict(type='int'),
+ maximum_limit_for_concurrent_connections=dict(type='int'),
+ maximum_memory_pool_size=dict(type='int'),
+ memory_pool_size=dict(type='int')
+ )),
+ hardware=dict(type='str'),
+ interfaces=dict(type='list', elements='dict', options=dict(
+ name=dict(type='str'),
+ interface_type=dict(type='str', choices=['cluster', 'sync', 'cluster + sync', 'private']),
+ ip_address=dict(type='str'),
+ ipv4_address=dict(type='str'),
+ ipv6_address=dict(type='str'),
+ network_mask=dict(type='str'),
+ ipv4_network_mask=dict(type='str'),
+ ipv6_network_mask=dict(type='str'),
+ mask_length=dict(type='str'),
+ ipv4_mask_length=dict(type='str'),
+ ipv6_mask_length=dict(type='str'),
+ anti_spoofing=dict(type='bool'),
+ anti_spoofing_settings=dict(type='dict', options=dict(
+ action=dict(type='str', choices=['prevent', 'detect']),
+ exclude_packets=dict(type='bool'),
+ excluded_network_name=dict(type='str'),
+ excluded_network_uid=dict(type='str'),
+ spoof_tracking=dict(type='str', choices=['none', 'log', 'alert'])
+ )),
+ multicast_address=dict(type='str'),
+ multicast_address_type=dict(type='str', choices=['manual', 'default']),
+ security_zone=dict(type='bool'),
+ security_zone_settings=dict(type='dict', options=dict(
+ auto_calculated=dict(type='bool'),
+ specific_zone=dict(type='str')
+ )),
+ tags=dict(type='list', elements='str'),
+ topology=dict(type='str', choices=['automatic', 'external', 'internal']),
+ topology_settings=dict(type='dict', options=dict(
+ interface_leads_to_dmz=dict(type='bool'),
+ ip_address_behind_this_interface=dict(type='str', choices=['not defined', 'network defined by the interface ip and net mask',
+ 'network defined by routing', 'specific']),
+ specific_network=dict(type='str')
+ )),
+ color=dict(type='str', choices=['aquamarine', 'black', 'blue', 'crete blue', 'burlywood', 'cyan',
+ 'dark green', 'khaki', 'orchid', 'dark orange', 'dark sea green', 'pink', 'turquoise', 'dark blue', 'firebrick',
+ 'brown', 'forest green', 'gold', 'dark gold', 'gray', 'dark gray', 'light green', 'lemon chiffon', 'coral',
+ 'sea green', 'sky blue', 'magenta', 'purple', 'slate blue', 'violet red', 'navy blue', 'olive', 'orange', 'red',
+ 'sienna', 'yellow']),
+ comments=dict(type='str'),
+ details_level=dict(type='str', choices=['uid', 'standard', 'full']),
+ ignore_warnings=dict(type='bool'),
+ ignore_errors=dict(type='bool')
+ )),
+ ips=dict(type='bool'),
+ members=dict(type='list', elements='dict', options=dict(
+ name=dict(type='str'),
+ interfaces=dict(type='list', elements='dict', options=dict(
+ name=dict(type='str'),
+ anti_spoofing=dict(type='bool'),
+ anti_spoofing_settings=dict(type='dict', options=dict(
+ action=dict(type='str', choices=['prevent', 'detect']),
+ exclude_packets=dict(type='bool'),
+ excluded_network_name=dict(type='str'),
+ excluded_network_uid=dict(type='str'),
+ spoof_tracking=dict(type='str', choices=['none', 'log', 'alert'])
+ )),
+ ip_address=dict(type='str'),
+ ipv4_address=dict(type='str'),
+ ipv6_address=dict(type='str'),
+ network_mask=dict(type='str'),
+ ipv4_network_mask=dict(type='str'),
+ ipv6_network_mask=dict(type='str'),
+ mask_length=dict(type='str'),
+ ipv4_mask_length=dict(type='str'),
+ ipv6_mask_length=dict(type='str'),
+ security_zone=dict(type='bool'),
+ security_zone_settings=dict(type='dict', options=dict(
+ auto_calculated=dict(type='bool'),
+ specific_zone=dict(type='str')
+ )),
+ tags=dict(type='list', elements='str'),
+ topology=dict(type='str', choices=['automatic', 'external', 'internal']),
+ topology_settings=dict(type='dict', options=dict(
+ interface_leads_to_dmz=dict(type='bool'),
+ ip_address_behind_this_interface=dict(type='str', choices=['not defined', 'network defined by the interface ip and net mask',
+ 'network defined by routing', 'specific']),
+ specific_network=dict(type='str')
+ )),
+ color=dict(type='str', choices=['aquamarine', 'black', 'blue', 'crete blue', 'burlywood',
+ 'cyan', 'dark green', 'khaki', 'orchid', 'dark orange', 'dark sea green', 'pink', 'turquoise', 'dark blue',
+ 'firebrick', 'brown', 'forest green', 'gold', 'dark gold', 'gray', 'dark gray', 'light green', 'lemon chiffon',
+ 'coral', 'sea green', 'sky blue', 'magenta', 'purple', 'slate blue', 'violet red', 'navy blue', 'olive',
+ 'orange', 'red', 'sienna', 'yellow']),
+ comments=dict(type='str'),
+ details_level=dict(type='str', choices=['uid', 'standard', 'full']),
+ ignore_warnings=dict(type='bool'),
+ ignore_errors=dict(type='bool')
+ )),
+ ip_address=dict(type='str'),
+ ipv4_address=dict(type='str'),
+ ipv6_address=dict(type='str'),
+ one_time_password=dict(type='str', no_log=True),
+ tags=dict(type='list', elements='str'),
+ color=dict(type='str', choices=['aquamarine', 'black', 'blue', 'crete blue', 'burlywood', 'cyan',
+ 'dark green', 'khaki', 'orchid', 'dark orange', 'dark sea green', 'pink', 'turquoise', 'dark blue', 'firebrick',
+ 'brown', 'forest green', 'gold', 'dark gold', 'gray', 'dark gray', 'light green', 'lemon chiffon', 'coral',
+ 'sea green', 'sky blue', 'magenta', 'purple', 'slate blue', 'violet red', 'navy blue', 'olive', 'orange', 'red',
+ 'sienna', 'yellow']),
+ comments=dict(type='str'),
+ details_level=dict(type='str', choices=['uid', 'standard', 'full']),
+ ignore_warnings=dict(type='bool'),
+ ignore_errors=dict(type='bool')
+ )),
+ os_name=dict(type='str'),
+ platform_portal_settings=dict(type='dict', options=dict(
+ portal_web_settings=dict(type='dict', options=dict(
+ aliases=dict(type='list', elements='str'),
+ ip_address=dict(type='str'),
+ main_url=dict(type='str')
+ )),
+ certificate_settings=dict(type='dict', options=dict(
+ base64_certificate=dict(type='str'),
+ base64_password=dict(type='str', no_log=True)
+ )),
+ accessibility=dict(type='dict', options=dict(
+ allow_access_from=dict(type='str', choices=['rule_base', 'internal_interfaces', 'all_interfaces']),
+ internal_access_settings=dict(type='dict', options=dict(
+ undefined=dict(type='bool'),
+ dmz=dict(type='bool'),
+ vpn=dict(type='bool')
+ ))
+ ))
+ )),
+ send_alerts_to_server=dict(type='list', elements='str'),
+ send_logs_to_backup_server=dict(type='list', elements='str'),
+ send_logs_to_server=dict(type='list', elements='str'),
+ tags=dict(type='list', elements='str'),
+ threat_emulation=dict(type='bool'),
+ threat_extraction=dict(type='bool'),
+ threat_prevention_mode=dict(type='str', choices=['autonomous', 'custom']),
+ url_filtering=dict(type='bool'),
+ usercheck_portal_settings=dict(type='dict', options=dict(
+ enabled=dict(type='bool'),
+ portal_web_settings=dict(type='dict', options=dict(
+ aliases=dict(type='list', elements='str'),
+ ip_address=dict(type='str'),
+ main_url=dict(type='str')
+ )),
+ certificate_settings=dict(type='dict', options=dict(
+ base64_certificate=dict(type='str'),
+ base64_password=dict(type='str', no_log=True)
+ )),
+ accessibility=dict(type='dict', options=dict(
+ allow_access_from=dict(type='str', choices=['rule_base', 'internal_interfaces', 'all_interfaces']),
+ internal_access_settings=dict(type='dict', options=dict(
+ undefined=dict(type='bool'),
+ dmz=dict(type='bool'),
+ vpn=dict(type='bool')
+ ))
+ ))
+ )),
+ cluster_version=dict(type='str'),
+ vpn=dict(type='bool'),
+ vpn_settings=dict(type='dict', options=dict(
+ authentication=dict(type='dict', options=dict(
+ authentication_clients=dict(type='list', elements='str')
+ )),
+ link_selection=dict(type='dict', options=dict(
+ ip_selection=dict(type='str', choices=['use-main-address',
+ 'use-selected-address-from-topology', 'use-statically-nated-ip', 'calculated-ip-based-on-topology',
+ 'dns-resolving-from-hostname', 'dns-resolving-from-gateway-and-domain-name',
+ 'use-probing-with-high-availability', 'use-probing-with-load-sharing', 'use-one-time-probing']),
+ dns_resolving_hostname=dict(type='str'),
+ ip_address=dict(type='str')
+ )),
+ maximum_concurrent_ike_negotiations=dict(type='int'),
+ maximum_concurrent_tunnels=dict(type='int'),
+ office_mode=dict(type='dict', options=dict(
+ mode=dict(type='str', choices=['off', 'specific-group', 'all-users']),
+ group=dict(type='str'),
+ allocate_ip_address_from=dict(type='dict', options=dict(
+ radius_server=dict(type='bool'),
+ use_allocate_method=dict(type='bool'),
+ allocate_method=dict(type='str', choices=['manual', 'automatic']),
+ manual_network=dict(type='str'),
+ dhcp_server=dict(type='str'),
+ virtual_ip_address=dict(type='str'),
+ dhcp_mac_address=dict(type='str', choices=['per-machine', 'per-user']),
+ optional_parameters=dict(type='dict', options=dict(
+ use_primary_dns_server=dict(type='bool'),
+ primary_dns_server=dict(type='str'),
+ use_first_backup_dns_server=dict(type='bool'),
+ first_backup_dns_server=dict(type='str'),
+ use_second_backup_dns_server=dict(type='bool'),
+ second_backup_dns_server=dict(type='str'),
+ dns_suffixes=dict(type='str'),
+ use_primary_wins_server=dict(type='bool'),
+ primary_wins_server=dict(type='str'),
+ use_first_backup_wins_server=dict(type='bool'),
+ first_backup_wins_server=dict(type='str'),
+ use_second_backup_wins_server=dict(type='bool'),
+ second_backup_wins_server=dict(type='str'),
+ ip_lease_duration=dict(type='int')
+ ))
+ )),
+ support_multiple_interfaces=dict(type='bool'),
+ perform_anti_spoofing=dict(type='bool'),
+ anti_spoofing_additional_addresses=dict(type='str')
+ )),
+ remote_access=dict(type='dict', options=dict(
+ support_l2tp=dict(type='bool'),
+ l2tp_auth_method=dict(type='str', choices=['certificate', 'md5']),
+ l2tp_certificate=dict(type='str'),
+ allow_vpn_clients_to_route_traffic=dict(type='bool'),
+ support_nat_traversal_mechanism=dict(type='bool'),
+ nat_traversal_service=dict(type='str'),
+ support_visitor_mode=dict(type='bool'),
+ visitor_mode_service=dict(type='str'),
+ visitor_mode_interface=dict(type='str')
+ )),
+ vpn_domain=dict(type='str'),
+ vpn_domain_type=dict(type='str', choices=['manual', 'addresses_behind_gw'])
+ )),
+ show_portals_certificate=dict(type='bool'),
+ color=dict(type='str', choices=['aquamarine', 'black', 'blue', 'crete blue', 'burlywood', 'cyan', 'dark green',
+ 'khaki', 'orchid', 'dark orange', 'dark sea green', 'pink', 'turquoise', 'dark blue', 'firebrick', 'brown',
+ 'forest green', 'gold', 'dark gold', 'gray', 'dark gray', 'light green', 'lemon chiffon', 'coral', 'sea green',
+ 'sky blue', 'magenta', 'purple', 'slate blue', 'violet red', 'navy blue', 'olive', 'orange', 'red', 'sienna',
+ 'yellow']),
+ comments=dict(type='str'),
+ details_level=dict(type='str', choices=['uid', 'standard', 'full']),
+ groups=dict(type='list', elements='str'),
+ ignore_warnings=dict(type='bool'),
+ ignore_errors=dict(type='bool')
+ )
+ argument_spec.update(checkpoint_argument_spec_for_objects)
+
+ module = AnsibleModule(argument_spec=argument_spec, supports_check_mode=True)
+ api_call_object = 'simple-cluster'
+
+ result = api_call(module, api_call_object)
+ module.exit_json(**result)
+
+
+if __name__ == '__main__':
+ main()
diff --git a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_simple_cluster_facts.py b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_simple_cluster_facts.py
new file mode 100644
index 000000000..c422eabf1
--- /dev/null
+++ b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_simple_cluster_facts.py
@@ -0,0 +1,156 @@
+#!/usr/bin/python
+# -*- coding: utf-8 -*-
+#
+# Ansible module to manage CheckPoint Firewall (c) 2019
+#
+# Ansible is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# Ansible is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with Ansible. If not, see <http://www.gnu.org/licenses/>.
+#
+
+from __future__ import (absolute_import, division, print_function)
+
+__metaclass__ = type
+
+ANSIBLE_METADATA = {'metadata_version': '1.1',
+ 'status': ['preview'],
+ 'supported_by': 'community'}
+
+DOCUMENTATION = """
+---
+module: cp_mgmt_simple_cluster_facts
+short_description: Get simple-cluster objects facts on Checkpoint over Web Services API
+description:
+ - Get simple-cluster objects facts on Checkpoint devices.
+ - All operations are performed over Web Services API.
+ - This module handles both operations, get a specific object and get several objects,
+ For getting a specific object use the parameter 'name'.
+version_added: "3.0.0"
+author: "Eden Brillant (@chkp-edenbr)"
+options:
+ name:
+ description:
+ - Object name.
+ This parameter is relevant only for getting a specific object.
+ type: str
+ limit_interfaces:
+ description:
+ - Limit number of interfaces to show. Default is 50.
+ type: int
+ show_portals_certificate:
+ description:
+ - Indicates whether to show the portals certificate value in the reply.
+ type: bool
+ details_level:
+ description:
+ - The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed
+ representation of the object.
+ type: str
+ choices: ['uid', 'standard', 'full']
+ filter:
+ description:
+ - Search expression to filter objects by. The provided text should be exactly the same as it would be given in SmartConsole Object Explorer. The
+ logical operators in the expression ('AND', 'OR') should be provided in capital letters. The search involves both a IP search and a textual search in
+ name, comment, tags etc.
+ type: str
+ limit:
+ description:
+ - The maximal number of returned results.
+ This parameter is relevant only for getting few objects.
+ type: int
+ offset:
+ description:
+ - Number of the results to initially skip.
+ This parameter is relevant only for getting few objects.
+ type: int
+ order:
+ description:
+ - Sorts the results by search criteria. Automatically sorts the results by Name, in the ascending order.
+ This parameter is relevant only for getting few objects.
+ type: list
+ elements: dict
+ suboptions:
+ ASC:
+ description:
+ - Sorts results by the given field in ascending order.
+ type: str
+ choices: ['name']
+ DESC:
+ description:
+ - Sorts results by the given field in descending order.
+ type: str
+ choices: ['name']
+ show_membership:
+ description:
+ - Indicates whether to calculate and show "groups" field for every object in reply.
+ type: bool
+ domains_to_process:
+ description:
+ - Indicates which domains to process the commands on. It cannot be used with the details-level full, must be run from the System Domain only and
+ with ignore-warnings true. Valid values are, CURRENT_DOMAIN, ALL_DOMAINS_ON_THIS_SERVER.
+ type: list
+ elements: str
+extends_documentation_fragment: check_point.mgmt.checkpoint_facts
+"""
+
+EXAMPLES = """
+- name: show-simple-cluster
+ cp_mgmt_simple_cluster_facts:
+ name: cluster1
+
+- name: show-simple-clusters
+ cp_mgmt_simple_cluster_facts:
+ details_level: standard
+ limit: 50
+ offset: 0
+"""
+
+RETURN = """
+ansible_facts:
+ description: The checkpoint object facts.
+ returned: always.
+ type: dict
+"""
+
+from ansible.module_utils.basic import AnsibleModule
+from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_facts, api_call_facts
+
+
+def main():
+ argument_spec = dict(
+ name=dict(type='str'),
+ limit_interfaces=dict(type='int'),
+ show_portals_certificate=dict(type='bool'),
+ details_level=dict(type='str', choices=['uid', 'standard', 'full']),
+ filter=dict(type='str'),
+ limit=dict(type='int'),
+ offset=dict(type='int'),
+ order=dict(type='list', elements='dict', options=dict(
+ ASC=dict(type='str', choices=['name']),
+ DESC=dict(type='str', choices=['name'])
+ )),
+ show_membership=dict(type='bool'),
+ domains_to_process=dict(type='list', elements='str')
+ )
+ argument_spec.update(checkpoint_argument_spec_for_facts)
+
+ module = AnsibleModule(argument_spec=argument_spec, supports_check_mode=True)
+
+ api_call_object = "simple-cluster"
+ api_call_object_plural_version = "simple-clusters"
+
+ result = api_call_facts(module, api_call_object, api_call_object_plural_version)
+ module.exit_json(ansible_facts=result)
+
+
+if __name__ == '__main__':
+ main()
diff --git a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_simple_gateway.py b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_simple_gateway.py
new file mode 100644
index 000000000..ce530d3f3
--- /dev/null
+++ b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_simple_gateway.py
@@ -0,0 +1,637 @@
+#!/usr/bin/python
+# -*- coding: utf-8 -*-
+#
+# Ansible module to manage Check Point Firewall (c) 2019
+#
+# Ansible is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# Ansible is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with Ansible. If not, see <http://www.gnu.org/licenses/>.
+#
+
+from __future__ import (absolute_import, division, print_function)
+
+__metaclass__ = type
+
+ANSIBLE_METADATA = {'metadata_version': '1.1',
+ 'status': ['preview'],
+ 'supported_by': 'community'}
+
+DOCUMENTATION = """
+---
+module: cp_mgmt_simple_gateway
+short_description: Manages simple-gateway objects on Check Point over Web Services API
+description:
+ - Manages simple-gateway objects on Check Point devices including creating, updating and removing objects.
+ - All operations are performed over Web Services API.
+version_added: "1.0.0"
+author: "Or Soffer (@chkp-orso)"
+options:
+ name:
+ description:
+ - Object name.
+ type: str
+ required: True
+ ip_address:
+ description:
+ - IPv4 or IPv6 address. If both addresses are required use ipv4-address and ipv6-address fields explicitly.
+ type: str
+ ipv4_address:
+ description:
+ - IPv4 address.
+ type: str
+ ipv6_address:
+ description:
+ - IPv6 address.
+ type: str
+ anti_bot:
+ description:
+ - Anti-Bot blade enabled.
+ type: bool
+ anti_virus:
+ description:
+ - Anti-Virus blade enabled.
+ type: bool
+ application_control:
+ description:
+ - Application Control blade enabled.
+ type: bool
+ content_awareness:
+ description:
+ - Content Awareness blade enabled.
+ type: bool
+ firewall:
+ description:
+ - Firewall blade enabled.
+ type: bool
+ firewall_settings:
+ description:
+ - N/A
+ type: dict
+ suboptions:
+ auto_calculate_connections_hash_table_size_and_memory_pool:
+ description:
+ - N/A
+ type: bool
+ auto_maximum_limit_for_concurrent_connections:
+ description:
+ - N/A
+ type: bool
+ connections_hash_size:
+ description:
+ - N/A
+ type: int
+ maximum_limit_for_concurrent_connections:
+ description:
+ - N/A
+ type: int
+ maximum_memory_pool_size:
+ description:
+ - N/A
+ type: int
+ memory_pool_size:
+ description:
+ - N/A
+ type: int
+ interfaces:
+ description:
+ - Network interfaces. When a gateway is updated with a new interfaces, the existing interfaces are removed.
+ type: list
+ elements: dict
+ suboptions:
+ name:
+ description:
+ - Object name.
+ type: str
+ anti_spoofing:
+ description:
+ - N/A
+ type: bool
+ anti_spoofing_settings:
+ description:
+ - N/A
+ type: dict
+ suboptions:
+ action:
+ description:
+ - If packets will be rejected (the Prevent option) or whether the packets will be monitored (the Detect option).
+ type: str
+ choices: ['prevent', 'detect']
+ ip_address:
+ description:
+ - IPv4 or IPv6 address. If both addresses are required use ipv4-address and ipv6-address fields explicitly.
+ type: str
+ ipv4_address:
+ description:
+ - IPv4 address.
+ type: str
+ ipv6_address:
+ description:
+ - IPv6 address.
+ type: str
+ network_mask:
+ description:
+ - IPv4 or IPv6 network mask. If both masks are required use ipv4-network-mask and ipv6-network-mask fields explicitly. Instead of
+ providing mask itself it is possible to specify IPv4 or IPv6 mask length in mask-length field. If both masks length are required use
+ ipv4-mask-length and ipv6-mask-length fields explicitly.
+ type: str
+ ipv4_network_mask:
+ description:
+ - IPv4 network address.
+ type: str
+ ipv6_network_mask:
+ description:
+ - IPv6 network address.
+ type: str
+ mask_length:
+ description:
+ - IPv4 or IPv6 network mask length.
+ type: str
+ ipv4_mask_length:
+ description:
+ - IPv4 network mask length.
+ type: str
+ ipv6_mask_length:
+ description:
+ - IPv6 network mask length.
+ type: str
+ security_zone:
+ description:
+ - N/A
+ type: bool
+ security_zone_settings:
+ description:
+ - N/A
+ type: dict
+ suboptions:
+ auto_calculated:
+ description:
+ - Security Zone is calculated according to where the interface leads to.
+ type: bool
+ specific_zone:
+ description:
+ - Security Zone specified manually.
+ type: str
+ tags:
+ description:
+ - Collection of tag identifiers.
+ type: list
+ elements: str
+ topology:
+ description:
+ - N/A
+ type: str
+ choices: ['automatic', 'external', 'internal']
+ topology_settings:
+ description:
+ - N/A
+ type: dict
+ suboptions:
+ interface_leads_to_dmz:
+ description:
+ - Whether this interface leads to demilitarized zone (perimeter network).
+ type: bool
+ ip_address_behind_this_interface:
+ description:
+ - N/A
+ type: str
+ choices: ['not defined', 'network defined by the interface ip and net mask', 'network defined by routing', 'specific']
+ specific_network:
+ description:
+ - Network behind this interface.
+ type: str
+ color:
+ description:
+ - Color of the object. Should be one of existing colors.
+ type: str
+ choices: ['aquamarine', 'black', 'blue', 'crete blue', 'burlywood', 'cyan', 'dark green', 'khaki', 'orchid', 'dark orange',
+ 'dark sea green', 'pink', 'turquoise', 'dark blue', 'firebrick', 'brown', 'forest green', 'gold', 'dark gold', 'gray', 'dark gray',
+ 'light green', 'lemon chiffon', 'coral', 'sea green', 'sky blue', 'magenta', 'purple', 'slate blue', 'violet red', 'navy blue', 'olive',
+ 'orange', 'red', 'sienna', 'yellow']
+ comments:
+ description:
+ - Comments string.
+ type: str
+ details_level:
+ description:
+ - The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed
+ representation of the object.
+ type: str
+ choices: ['uid', 'standard', 'full']
+ ignore_warnings:
+ description:
+ - Apply changes ignoring warnings.
+ type: bool
+ ignore_errors:
+ description:
+ - Apply changes ignoring errors. You won't be able to publish such a changes. If ignore-warnings flag was omitted - warnings will also be ignored.
+ type: bool
+ ips:
+ description:
+ - Intrusion Prevention System blade enabled.
+ type: bool
+ logs_settings:
+ description:
+ - N/A
+ type: dict
+ suboptions:
+ alert_when_free_disk_space_below:
+ description:
+ - N/A
+ type: bool
+ alert_when_free_disk_space_below_threshold:
+ description:
+ - N/A
+ type: int
+ alert_when_free_disk_space_below_type:
+ description:
+ - N/A
+ type: str
+ choices: ['none', 'log', 'popup alert', 'mail alert', 'snmp trap alert', 'user defined alert no.1', 'user defined alert no.2',
+ 'user defined alert no.3']
+ before_delete_keep_logs_from_the_last_days:
+ description:
+ - N/A
+ type: bool
+ before_delete_keep_logs_from_the_last_days_threshold:
+ description:
+ - N/A
+ type: int
+ before_delete_run_script:
+ description:
+ - N/A
+ type: bool
+ before_delete_run_script_command:
+ description:
+ - N/A
+ type: str
+ delete_index_files_older_than_days:
+ description:
+ - N/A
+ type: bool
+ delete_index_files_older_than_days_threshold:
+ description:
+ - N/A
+ type: int
+ delete_index_files_when_index_size_above:
+ description:
+ - N/A
+ type: bool
+ delete_index_files_when_index_size_above_threshold:
+ description:
+ - N/A
+ type: int
+ delete_when_free_disk_space_below:
+ description:
+ - N/A
+ type: bool
+ delete_when_free_disk_space_below_threshold:
+ description:
+ - N/A
+ type: int
+ detect_new_citrix_ica_application_names:
+ description:
+ - N/A
+ type: bool
+ forward_logs_to_log_server:
+ description:
+ - N/A
+ type: bool
+ forward_logs_to_log_server_name:
+ description:
+ - N/A
+ type: str
+ forward_logs_to_log_server_schedule_name:
+ description:
+ - N/A
+ type: str
+ free_disk_space_metrics:
+ description:
+ - N/A
+ type: str
+ choices: ['mbytes', 'percent']
+ perform_log_rotate_before_log_forwarding:
+ description:
+ - N/A
+ type: bool
+ reject_connections_when_free_disk_space_below_threshold:
+ description:
+ - N/A
+ type: bool
+ reserve_for_packet_capture_metrics:
+ description:
+ - N/A
+ type: str
+ choices: ['percent', 'mbytes']
+ reserve_for_packet_capture_threshold:
+ description:
+ - N/A
+ type: int
+ rotate_log_by_file_size:
+ description:
+ - N/A
+ type: bool
+ rotate_log_file_size_threshold:
+ description:
+ - N/A
+ type: int
+ rotate_log_on_schedule:
+ description:
+ - N/A
+ type: bool
+ rotate_log_schedule_name:
+ description:
+ - N/A
+ type: str
+ stop_logging_when_free_disk_space_below:
+ description:
+ - N/A
+ type: bool
+ stop_logging_when_free_disk_space_below_threshold:
+ description:
+ - N/A
+ type: int
+ turn_on_qos_logging:
+ description:
+ - N/A
+ type: bool
+ update_account_log_every:
+ description:
+ - N/A
+ type: int
+ one_time_password:
+ description:
+ - N/A
+ type: str
+ os_name:
+ description:
+ - Gateway platform operating system.
+ type: str
+ save_logs_locally:
+ description:
+ - Save logs locally on the gateway.
+ type: bool
+ send_alerts_to_server:
+ description:
+ - Server(s) to send alerts to.
+ type: list
+ elements: str
+ send_logs_to_backup_server:
+ description:
+ - Backup server(s) to send logs to.
+ type: list
+ elements: str
+ send_logs_to_server:
+ description:
+ - Server(s) to send logs to.
+ type: list
+ elements: str
+ tags:
+ description:
+ - Collection of tag identifiers.
+ type: list
+ elements: str
+ threat_emulation:
+ description:
+ - Threat Emulation blade enabled.
+ type: bool
+ threat_extraction:
+ description:
+ - Threat Extraction blade enabled.
+ type: bool
+ url_filtering:
+ description:
+ - URL Filtering blade enabled.
+ type: bool
+ gateway_version:
+ description:
+ - Gateway platform version.
+ type: str
+ vpn:
+ description:
+ - VPN blade enabled.
+ type: bool
+ vpn_settings:
+ description:
+ - Gateway VPN settings.
+ type: dict
+ suboptions:
+ maximum_concurrent_ike_negotiations:
+ description:
+ - N/A
+ type: int
+ maximum_concurrent_tunnels:
+ description:
+ - N/A
+ type: int
+ color:
+ description:
+ - Color of the object. Should be one of existing colors.
+ type: str
+ choices: ['aquamarine', 'black', 'blue', 'crete blue', 'burlywood', 'cyan', 'dark green', 'khaki', 'orchid', 'dark orange', 'dark sea green',
+ 'pink', 'turquoise', 'dark blue', 'firebrick', 'brown', 'forest green', 'gold', 'dark gold', 'gray', 'dark gray', 'light green', 'lemon chiffon',
+ 'coral', 'sea green', 'sky blue', 'magenta', 'purple', 'slate blue', 'violet red', 'navy blue', 'olive', 'orange', 'red', 'sienna', 'yellow']
+ comments:
+ description:
+ - Comments string.
+ type: str
+ details_level:
+ description:
+ - The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed
+ representation of the object.
+ type: str
+ choices: ['uid', 'standard', 'full']
+ groups:
+ description:
+ - Collection of group identifiers.
+ type: list
+ elements: str
+ ignore_warnings:
+ description:
+ - Apply changes ignoring warnings.
+ type: bool
+ ignore_errors:
+ description:
+ - Apply changes ignoring errors. You won't be able to publish such a changes. If ignore-warnings flag was omitted - warnings will also be ignored.
+ type: bool
+extends_documentation_fragment: check_point.mgmt.checkpoint_objects
+"""
+
+EXAMPLES = """
+- name: add-simple-gateway
+ cp_mgmt_simple_gateway:
+ ip_address: 192.0.2.1
+ name: gw1
+ state: present
+
+- name: set-simple-gateway
+ cp_mgmt_simple_gateway:
+ anti_bot: true
+ anti_virus: true
+ application_control: true
+ ips: true
+ name: test_gateway
+ state: present
+ threat_emulation: true
+ url_filtering: true
+
+- name: delete-simple-gateway
+ cp_mgmt_simple_gateway:
+ name: gw1
+ state: absent
+"""
+
+RETURN = """
+cp_mgmt_simple_gateway:
+ description: The checkpoint object created or updated.
+ returned: always, except when deleting the object.
+ type: dict
+"""
+
+from ansible.module_utils.basic import AnsibleModule
+from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_objects, api_call
+
+
+def main():
+ argument_spec = dict(
+ name=dict(type='str', required=True),
+ ip_address=dict(type='str'),
+ ipv4_address=dict(type='str'),
+ ipv6_address=dict(type='str'),
+ anti_bot=dict(type='bool'),
+ anti_virus=dict(type='bool'),
+ application_control=dict(type='bool'),
+ content_awareness=dict(type='bool'),
+ firewall=dict(type='bool'),
+ firewall_settings=dict(type='dict', options=dict(
+ auto_calculate_connections_hash_table_size_and_memory_pool=dict(type='bool'),
+ auto_maximum_limit_for_concurrent_connections=dict(type='bool'),
+ connections_hash_size=dict(type='int'),
+ maximum_limit_for_concurrent_connections=dict(type='int'),
+ maximum_memory_pool_size=dict(type='int'),
+ memory_pool_size=dict(type='int')
+ )),
+ interfaces=dict(type='list', elements='dict', options=dict(
+ name=dict(type='str'),
+ anti_spoofing=dict(type='bool'),
+ anti_spoofing_settings=dict(type='dict', options=dict(
+ action=dict(type='str', choices=['prevent', 'detect'])
+ )),
+ ip_address=dict(type='str'),
+ ipv4_address=dict(type='str'),
+ ipv6_address=dict(type='str'),
+ network_mask=dict(type='str'),
+ ipv4_network_mask=dict(type='str'),
+ ipv6_network_mask=dict(type='str'),
+ mask_length=dict(type='str'),
+ ipv4_mask_length=dict(type='str'),
+ ipv6_mask_length=dict(type='str'),
+ security_zone=dict(type='bool'),
+ security_zone_settings=dict(type='dict', options=dict(
+ auto_calculated=dict(type='bool'),
+ specific_zone=dict(type='str')
+ )),
+ tags=dict(type='list', elements='str'),
+ topology=dict(type='str', choices=['automatic', 'external', 'internal']),
+ topology_settings=dict(type='dict', options=dict(
+ interface_leads_to_dmz=dict(type='bool'),
+ ip_address_behind_this_interface=dict(type='str', choices=['not defined', 'network defined by the interface ip and net mask',
+ 'network defined by routing', 'specific']),
+ specific_network=dict(type='str')
+ )),
+ color=dict(type='str', choices=['aquamarine', 'black', 'blue', 'crete blue', 'burlywood', 'cyan',
+ 'dark green', 'khaki', 'orchid', 'dark orange', 'dark sea green', 'pink', 'turquoise', 'dark blue',
+ 'firebrick',
+ 'brown', 'forest green', 'gold', 'dark gold', 'gray', 'dark gray', 'light green', 'lemon chiffon',
+ 'coral',
+ 'sea green', 'sky blue', 'magenta', 'purple', 'slate blue', 'violet red', 'navy blue', 'olive', 'orange',
+ 'red',
+ 'sienna', 'yellow']),
+ comments=dict(type='str'),
+ details_level=dict(type='str', choices=['uid', 'standard', 'full']),
+ ignore_warnings=dict(type='bool'),
+ ignore_errors=dict(type='bool')
+ )),
+ ips=dict(type='bool'),
+ logs_settings=dict(type='dict', options=dict(
+ alert_when_free_disk_space_below=dict(type='bool'),
+ alert_when_free_disk_space_below_threshold=dict(type='int'),
+ alert_when_free_disk_space_below_type=dict(type='str', choices=['none',
+ 'log', 'popup alert', 'mail alert', 'snmp trap alert',
+ 'user defined alert no.1',
+ 'user defined alert no.2', 'user defined alert no.3']),
+ before_delete_keep_logs_from_the_last_days=dict(type='bool'),
+ before_delete_keep_logs_from_the_last_days_threshold=dict(type='int'),
+ before_delete_run_script=dict(type='bool'),
+ before_delete_run_script_command=dict(type='str'),
+ delete_index_files_older_than_days=dict(type='bool'),
+ delete_index_files_older_than_days_threshold=dict(type='int'),
+ delete_index_files_when_index_size_above=dict(type='bool'),
+ delete_index_files_when_index_size_above_threshold=dict(type='int'),
+ delete_when_free_disk_space_below=dict(type='bool'),
+ delete_when_free_disk_space_below_threshold=dict(type='int'),
+ detect_new_citrix_ica_application_names=dict(type='bool'),
+ forward_logs_to_log_server=dict(type='bool'),
+ forward_logs_to_log_server_name=dict(type='str'),
+ forward_logs_to_log_server_schedule_name=dict(type='str'),
+ free_disk_space_metrics=dict(type='str', choices=['mbytes', 'percent']),
+ perform_log_rotate_before_log_forwarding=dict(type='bool'),
+ reject_connections_when_free_disk_space_below_threshold=dict(type='bool'),
+ reserve_for_packet_capture_metrics=dict(type='str', choices=['percent', 'mbytes']),
+ reserve_for_packet_capture_threshold=dict(type='int'),
+ rotate_log_by_file_size=dict(type='bool'),
+ rotate_log_file_size_threshold=dict(type='int'),
+ rotate_log_on_schedule=dict(type='bool'),
+ rotate_log_schedule_name=dict(type='str'),
+ stop_logging_when_free_disk_space_below=dict(type='bool'),
+ stop_logging_when_free_disk_space_below_threshold=dict(type='int'),
+ turn_on_qos_logging=dict(type='bool'),
+ update_account_log_every=dict(type='int')
+ )),
+ one_time_password=dict(type='str', no_log=True),
+ os_name=dict(type='str'),
+ save_logs_locally=dict(type='bool'),
+ send_alerts_to_server=dict(type='list', elements='str'),
+ send_logs_to_backup_server=dict(type='list', elements='str'),
+ send_logs_to_server=dict(type='list', elements='str'),
+ tags=dict(type='list', elements='str'),
+ threat_emulation=dict(type='bool'),
+ threat_extraction=dict(type='bool'),
+ url_filtering=dict(type='bool'),
+ gateway_version=dict(type='str'),
+ vpn=dict(type='bool'),
+ vpn_settings=dict(type='dict', options=dict(
+ maximum_concurrent_ike_negotiations=dict(type='int'),
+ maximum_concurrent_tunnels=dict(type='int')
+ )),
+ color=dict(type='str', choices=['aquamarine', 'black', 'blue', 'crete blue', 'burlywood', 'cyan', 'dark green',
+ 'khaki', 'orchid', 'dark orange', 'dark sea green', 'pink', 'turquoise', 'dark blue', 'firebrick', 'brown',
+ 'forest green', 'gold', 'dark gold', 'gray', 'dark gray', 'light green', 'lemon chiffon', 'coral',
+ 'sea green',
+ 'sky blue', 'magenta', 'purple', 'slate blue', 'violet red', 'navy blue', 'olive', 'orange', 'red', 'sienna',
+ 'yellow']),
+ comments=dict(type='str'),
+ details_level=dict(type='str', choices=['uid', 'standard', 'full']),
+ groups=dict(type='list', elements='str'),
+ ignore_warnings=dict(type='bool'),
+ ignore_errors=dict(type='bool')
+ )
+ argument_spec.update(checkpoint_argument_spec_for_objects)
+
+ module = AnsibleModule(argument_spec=argument_spec, supports_check_mode=True)
+ api_call_object = 'simple-gateway'
+
+ result = api_call(module, api_call_object)
+ module.exit_json(**result)
+
+
+if __name__ == '__main__':
+ main()
diff --git a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_simple_gateway_facts.py b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_simple_gateway_facts.py
new file mode 100644
index 000000000..cdccabb18
--- /dev/null
+++ b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_simple_gateway_facts.py
@@ -0,0 +1,132 @@
+#!/usr/bin/python
+# -*- coding: utf-8 -*-
+#
+# Ansible module to manage Check Point Firewall (c) 2019
+#
+# Ansible is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# Ansible is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with Ansible. If not, see <http://www.gnu.org/licenses/>.
+#
+
+from __future__ import (absolute_import, division, print_function)
+
+__metaclass__ = type
+
+ANSIBLE_METADATA = {'metadata_version': '1.1',
+ 'status': ['preview'],
+ 'supported_by': 'community'}
+
+DOCUMENTATION = """
+---
+module: cp_mgmt_simple_gateway_facts
+short_description: Get simple-gateway objects facts on Check Point over Web Services API
+description:
+ - Get simple-gateway objects facts on Check Point devices.
+ - All operations are performed over Web Services API.
+ - This module handles both operations, get a specific object and get several objects,
+ For getting a specific object use the parameter 'name'.
+version_added: "1.0.0"
+author: "Or Soffer (@chkp-orso)"
+options:
+ name:
+ description:
+ - Object name.
+ This parameter is relevant only for getting a specific object.
+ type: str
+ details_level:
+ description:
+ - The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed
+ representation of the object.
+ type: str
+ choices: ['uid', 'standard', 'full']
+ limit:
+ description:
+ - No more than that many results will be returned.
+ This parameter is relevant only for getting few objects.
+ type: int
+ offset:
+ description:
+ - Skip that many results before beginning to return them.
+ This parameter is relevant only for getting few objects.
+ type: int
+ order:
+ description:
+ - Sorts results by the given field. By default the results are sorted in the ascending order by name.
+ This parameter is relevant only for getting few objects.
+ type: list
+ elements: dict
+ suboptions:
+ ASC:
+ description:
+ - Sorts results by the given field in ascending order.
+ type: str
+ choices: ['name']
+ DESC:
+ description:
+ - Sorts results by the given field in descending order.
+ type: str
+ choices: ['name']
+ show_membership:
+ description:
+ - Indicates whether to calculate and show "groups" field for every object in reply.
+ type: bool
+extends_documentation_fragment: check_point.mgmt.checkpoint_facts
+"""
+
+EXAMPLES = """
+- name: show-simple-gateway
+ cp_mgmt_simple_gateway_facts:
+ name: gw1
+
+- name: show-simple-gateways
+ cp_mgmt_simple_gateway_facts:
+ details_level: standard
+ limit: 50
+ offset: 0
+"""
+
+RETURN = """
+ansible_facts:
+ description: The checkpoint object facts.
+ returned: always.
+ type: dict
+"""
+
+from ansible.module_utils.basic import AnsibleModule
+from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_facts, api_call_facts
+
+
+def main():
+ argument_spec = dict(
+ name=dict(type='str'),
+ details_level=dict(type='str', choices=['uid', 'standard', 'full']),
+ limit=dict(type='int'),
+ offset=dict(type='int'),
+ order=dict(type='list', elements='dict', options=dict(
+ ASC=dict(type='str', choices=['name']),
+ DESC=dict(type='str', choices=['name'])
+ )),
+ show_membership=dict(type='bool')
+ )
+ argument_spec.update(checkpoint_argument_spec_for_facts)
+
+ module = AnsibleModule(argument_spec=argument_spec, supports_check_mode=True)
+
+ api_call_object = "simple-gateway"
+ api_call_object_plural_version = "simple-gateways"
+
+ result = api_call_facts(module, api_call_object, api_call_object_plural_version)
+ module.exit_json(ansible_facts=result)
+
+
+if __name__ == '__main__':
+ main()
diff --git a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_smtp_server.py b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_smtp_server.py
new file mode 100644
index 000000000..7feb0b7e1
--- /dev/null
+++ b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_smtp_server.py
@@ -0,0 +1,171 @@
+#!/usr/bin/python
+# -*- coding: utf-8 -*-
+#
+# Ansible module to manage CheckPoint Firewall (c) 2019
+#
+# Ansible is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# Ansible is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with Ansible. If not, see <http://www.gnu.org/licenses/>.
+#
+
+from __future__ import (absolute_import, division, print_function)
+
+__metaclass__ = type
+
+ANSIBLE_METADATA = {'metadata_version': '1.1',
+ 'status': ['preview'],
+ 'supported_by': 'community'}
+
+DOCUMENTATION = """
+---
+module: cp_mgmt_smtp_server
+short_description: Manages smtp-server objects on Checkpoint over Web Services API
+description:
+ - Manages smtp-server objects on Checkpoint devices including creating, updating and removing objects.
+ - All operations are performed over Web Services API.
+version_added: "3.0.0"
+author: "Eden Brillant (@chkp-edenbr)"
+options:
+ name:
+ description:
+ - Object name.
+ type: str
+ required: True
+ port:
+ description:
+ - The SMTP port to use.
+ type: int
+ server:
+ description:
+ - The SMTP server address.
+ type: str
+ password:
+ description:
+ - A password for the SMTP server.
+ type: str
+ username:
+ description:
+ - A username for the SMTP server.
+ type: str
+ authentication:
+ description:
+ - Does the mail server requires authentication.
+ type: bool
+ encryption:
+ description:
+ - Encryption type.
+ type: str
+ choices: ['none', 'ssl', 'tls']
+ tags:
+ description:
+ - Collection of tag identifiers.
+ type: list
+ elements: str
+ color:
+ description:
+ - Color of the object. Should be one of existing colors.
+ type: str
+ choices: ['aquamarine', 'black', 'blue', 'crete blue', 'burlywood', 'cyan', 'dark green', 'khaki', 'orchid', 'dark orange', 'dark sea green',
+ 'pink', 'turquoise', 'dark blue', 'firebrick', 'brown', 'forest green', 'gold', 'dark gold', 'gray', 'dark gray', 'light green', 'lemon chiffon',
+ 'coral', 'sea green', 'sky blue', 'magenta', 'purple', 'slate blue', 'violet red', 'navy blue', 'olive', 'orange', 'red', 'sienna', 'yellow']
+ comments:
+ description:
+ - Comments string.
+ type: str
+ details_level:
+ description:
+ - The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed
+ representation of the object.
+ type: str
+ choices: ['uid', 'standard', 'full']
+ domains_to_process:
+ description:
+ - Indicates which domains to process the commands on. It cannot be used with the details-level full, must be run from the System Domain only and
+ with ignore-warnings true. Valid values are, CURRENT_DOMAIN, ALL_DOMAINS_ON_THIS_SERVER.
+ type: list
+ elements: str
+ ignore_warnings:
+ description:
+ - Apply changes ignoring warnings.
+ type: bool
+ ignore_errors:
+ description:
+ - Apply changes ignoring errors. You won't be able to publish such a changes. If ignore-warnings flag was omitted - warnings will also be ignored.
+ type: bool
+extends_documentation_fragment: check_point.mgmt.checkpoint_objects
+"""
+
+EXAMPLES = """
+- name: add-smtp-server
+ cp_mgmt_smtp_server:
+ encryption: none
+ name: SMTP1
+ port: '25'
+ server: smtp.example.com
+ state: present
+
+- name: set-smtp-server
+ cp_mgmt_smtp_server:
+ name: SMTP
+ port: '25'
+ server: smtp.example.com
+ state: present
+
+- name: delete-smtp-server
+ cp_mgmt_smtp_server:
+ name: SMTP
+ state: absent
+"""
+
+RETURN = """
+cp_mgmt_smtp_server:
+ description: The checkpoint object created or updated.
+ returned: always, except when deleting the object.
+ type: dict
+"""
+
+from ansible.module_utils.basic import AnsibleModule
+from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_objects, api_call
+
+
+def main():
+ argument_spec = dict(
+ name=dict(type='str', required=True),
+ port=dict(type='int'),
+ server=dict(type='str'),
+ password=dict(type='str', no_log=True),
+ username=dict(type='str'),
+ authentication=dict(type='bool'),
+ encryption=dict(type='str', choices=['none', 'ssl', 'tls']),
+ tags=dict(type='list', elements='str'),
+ color=dict(type='str', choices=['aquamarine', 'black', 'blue', 'crete blue', 'burlywood', 'cyan', 'dark green',
+ 'khaki', 'orchid', 'dark orange', 'dark sea green', 'pink', 'turquoise', 'dark blue', 'firebrick', 'brown',
+ 'forest green', 'gold', 'dark gold', 'gray', 'dark gray', 'light green', 'lemon chiffon', 'coral', 'sea green',
+ 'sky blue', 'magenta', 'purple', 'slate blue', 'violet red', 'navy blue', 'olive', 'orange', 'red', 'sienna',
+ 'yellow']),
+ comments=dict(type='str'),
+ details_level=dict(type='str', choices=['uid', 'standard', 'full']),
+ domains_to_process=dict(type='list', elements='str'),
+ ignore_warnings=dict(type='bool'),
+ ignore_errors=dict(type='bool')
+ )
+ argument_spec.update(checkpoint_argument_spec_for_objects)
+
+ module = AnsibleModule(argument_spec=argument_spec, supports_check_mode=True)
+ api_call_object = 'smtp-server'
+
+ result = api_call(module, api_call_object)
+ module.exit_json(**result)
+
+
+if __name__ == '__main__':
+ main()
diff --git a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_smtp_server_facts.py b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_smtp_server_facts.py
new file mode 100644
index 000000000..b574885fd
--- /dev/null
+++ b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_smtp_server_facts.py
@@ -0,0 +1,141 @@
+#!/usr/bin/python
+# -*- coding: utf-8 -*-
+#
+# Ansible module to manage CheckPoint Firewall (c) 2019
+#
+# Ansible is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# Ansible is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with Ansible. If not, see <http://www.gnu.org/licenses/>.
+#
+
+from __future__ import (absolute_import, division, print_function)
+
+__metaclass__ = type
+
+ANSIBLE_METADATA = {'metadata_version': '1.1',
+ 'status': ['preview'],
+ 'supported_by': 'community'}
+
+DOCUMENTATION = """
+---
+module: cp_mgmt_smtp_server_facts
+short_description: Get smtp-server objects facts on Checkpoint over Web Services API
+description:
+ - Get smtp-server objects facts on Checkpoint devices.
+ - All operations are performed over Web Services API.
+ - This module handles both operations, get a specific object and get several objects,
+ For getting a specific object use the parameter 'name'.
+version_added: "3.0.0"
+author: "Eden Brillant (@chkp-edenbr)"
+options:
+ name:
+ description:
+ - Object name.
+ This parameter is relevant only for getting a specific object.
+ type: str
+ details_level:
+ description:
+ - The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed
+ representation of the object.
+ type: str
+ choices: ['uid', 'standard', 'full']
+ filter:
+ description:
+ - Search expression to filter objects by. The provided text should be exactly the same as it would be given in SmartConsole Object Explorer. The
+ logical operators in the expression ('AND', 'OR') should be provided in capital letters. The search involves both a IP search and a textual search in
+ name, comment, tags etc.
+ type: str
+ limit:
+ description:
+ - The maximal number of returned results.
+ This parameter is relevant only for getting few objects.
+ type: int
+ offset:
+ description:
+ - Number of the results to initially skip.
+ This parameter is relevant only for getting few objects.
+ type: int
+ order:
+ description:
+ - Sorts the results by search criteria. Automatically sorts the results by Name, in the ascending order.
+ This parameter is relevant only for getting few objects.
+ type: list
+ elements: dict
+ suboptions:
+ ASC:
+ description:
+ - Sorts results by the given field in ascending order.
+ type: str
+ choices: ['name']
+ DESC:
+ description:
+ - Sorts results by the given field in descending order.
+ type: str
+ choices: ['name']
+ domains_to_process:
+ description:
+ - Indicates which domains to process the commands on. It cannot be used with the details-level full, must be run from the System Domain only and
+ with ignore-warnings true. Valid values are, CURRENT_DOMAIN, ALL_DOMAINS_ON_THIS_SERVER.
+ type: list
+ elements: str
+extends_documentation_fragment: check_point.mgmt.checkpoint_facts
+"""
+
+EXAMPLES = """
+- name: show-smtp-server
+ cp_mgmt_smtp_server_facts:
+ name: SMTP
+
+- name: show-smtp-servers
+ cp_mgmt_smtp_server_facts:
+ details_level: standard
+ limit: 50
+ offset: 0
+"""
+
+RETURN = """
+ansible_facts:
+ description: The checkpoint object facts.
+ returned: always.
+ type: dict
+"""
+
+from ansible.module_utils.basic import AnsibleModule
+from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_facts, api_call_facts
+
+
+def main():
+ argument_spec = dict(
+ name=dict(type='str'),
+ details_level=dict(type='str', choices=['uid', 'standard', 'full']),
+ filter=dict(type='str'),
+ limit=dict(type='int'),
+ offset=dict(type='int'),
+ order=dict(type='list', elements='dict', options=dict(
+ ASC=dict(type='str', choices=['name']),
+ DESC=dict(type='str', choices=['name'])
+ )),
+ domains_to_process=dict(type='list', elements='str')
+ )
+ argument_spec.update(checkpoint_argument_spec_for_facts)
+
+ module = AnsibleModule(argument_spec=argument_spec, supports_check_mode=True)
+
+ api_call_object = "smtp-server"
+ api_call_object_plural_version = "smtp-servers"
+
+ result = api_call_facts(module, api_call_object, api_call_object_plural_version)
+ module.exit_json(ansible_facts=result)
+
+
+if __name__ == '__main__':
+ main()
diff --git a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_submit_session.py b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_submit_session.py
new file mode 100644
index 000000000..0dfdd0f5e
--- /dev/null
+++ b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_submit_session.py
@@ -0,0 +1,77 @@
+#!/usr/bin/python
+# -*- coding: utf-8 -*-
+#
+# Ansible module to manage CheckPoint Firewall (c) 2019
+#
+# Ansible is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# Ansible is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with Ansible. If not, see <http://www.gnu.org/licenses/>.
+#
+
+from __future__ import (absolute_import, division, print_function)
+
+__metaclass__ = type
+
+ANSIBLE_METADATA = {'metadata_version': '1.1',
+ 'status': ['preview'],
+ 'supported_by': 'community'}
+
+DOCUMENTATION = """
+---
+module: cp_mgmt_submit_session
+short_description: Workflow feature - Submit the session for approval.
+description:
+ - Workflow feature - Submit the session for approval.
+ - All operations are performed over Web Services API.
+version_added: "3.0.0"
+author: "Eden Brillant (@chkp-edenbr)"
+options:
+ uid:
+ description:
+ - Session unique identifier.
+ type: str
+extends_documentation_fragment: check_point.mgmt.checkpoint_commands
+"""
+
+EXAMPLES = """
+- name: submit-session
+ cp_mgmt_submit_session:
+ uid: 41e821a0-3720-11e3-aa6e-0800200c9fde
+"""
+
+RETURN = """
+cp_mgmt_submit_session:
+ description: The checkpoint submit-session output.
+ returned: always.
+ type: dict
+"""
+
+from ansible.module_utils.basic import AnsibleModule
+from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_commands, api_command
+
+
+def main():
+ argument_spec = dict(
+ uid=dict(type='str')
+ )
+ argument_spec.update(checkpoint_argument_spec_for_commands)
+
+ module = AnsibleModule(argument_spec=argument_spec)
+
+ command = "submit-session"
+
+ result = api_command(module, command)
+ module.exit_json(**result)
+
+
+if __name__ == '__main__':
+ main()
diff --git a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_tag.py b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_tag.py
new file mode 100644
index 000000000..07bc150ce
--- /dev/null
+++ b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_tag.py
@@ -0,0 +1,126 @@
+#!/usr/bin/python
+# -*- coding: utf-8 -*-
+#
+# Ansible module to manage Check Point Firewall (c) 2019
+#
+# Ansible is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# Ansible is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with Ansible. If not, see <http://www.gnu.org/licenses/>.
+#
+
+from __future__ import (absolute_import, division, print_function)
+
+__metaclass__ = type
+
+ANSIBLE_METADATA = {'metadata_version': '1.1',
+ 'status': ['preview'],
+ 'supported_by': 'community'}
+
+DOCUMENTATION = """
+---
+module: cp_mgmt_tag
+short_description: Manages tag objects on Check Point over Web Services API
+description:
+ - Manages tag objects on Check Point devices including creating, updating and removing objects.
+ - All operations are performed over Web Services API.
+version_added: "1.0.0"
+author: "Or Soffer (@chkp-orso)"
+options:
+ name:
+ description:
+ - Object name.
+ type: str
+ required: True
+ tags:
+ description:
+ - Collection of tag identifiers.
+ type: list
+ elements: str
+ color:
+ description:
+ - Color of the object. Should be one of existing colors.
+ type: str
+ choices: ['aquamarine', 'black', 'blue', 'crete blue', 'burlywood', 'cyan', 'dark green', 'khaki', 'orchid', 'dark orange', 'dark sea green',
+ 'pink', 'turquoise', 'dark blue', 'firebrick', 'brown', 'forest green', 'gold', 'dark gold', 'gray', 'dark gray', 'light green', 'lemon chiffon',
+ 'coral', 'sea green', 'sky blue', 'magenta', 'purple', 'slate blue', 'violet red', 'navy blue', 'olive', 'orange', 'red', 'sienna', 'yellow']
+ comments:
+ description:
+ - Comments string.
+ type: str
+ details_level:
+ description:
+ - The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed
+ representation of the object.
+ type: str
+ choices: ['uid', 'standard', 'full']
+ ignore_warnings:
+ description:
+ - Apply changes ignoring warnings.
+ type: bool
+ ignore_errors:
+ description:
+ - Apply changes ignoring errors. You won't be able to publish such a changes. If ignore-warnings flag was omitted - warnings will also be ignored.
+ type: bool
+extends_documentation_fragment: check_point.mgmt.checkpoint_objects
+"""
+
+EXAMPLES = """
+- name: add-tag
+ cp_mgmt_tag:
+ name: My New Tag1
+ state: present
+ tags:
+ - tag1
+ - tag2
+
+- name: delete-tag
+ cp_mgmt_tag:
+ name: My New Tag1
+ state: absent
+"""
+
+RETURN = """
+cp_mgmt_tag:
+ description: The checkpoint object created or updated.
+ returned: always, except when deleting the object.
+ type: dict
+"""
+
+from ansible.module_utils.basic import AnsibleModule
+from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_objects, api_call
+
+
+def main():
+ argument_spec = dict(
+ name=dict(type='str', required=True),
+ tags=dict(type='list', elements='str'),
+ color=dict(type='str', choices=['aquamarine', 'black', 'blue', 'crete blue', 'burlywood', 'cyan', 'dark green',
+ 'khaki', 'orchid', 'dark orange', 'dark sea green', 'pink', 'turquoise', 'dark blue', 'firebrick', 'brown',
+ 'forest green', 'gold', 'dark gold', 'gray', 'dark gray', 'light green', 'lemon chiffon', 'coral', 'sea green',
+ 'sky blue', 'magenta', 'purple', 'slate blue', 'violet red', 'navy blue', 'olive', 'orange', 'red', 'sienna',
+ 'yellow']),
+ comments=dict(type='str'),
+ details_level=dict(type='str', choices=['uid', 'standard', 'full']),
+ ignore_warnings=dict(type='bool'),
+ ignore_errors=dict(type='bool')
+ )
+ argument_spec.update(checkpoint_argument_spec_for_objects)
+
+ module = AnsibleModule(argument_spec=argument_spec, supports_check_mode=True)
+ api_call_object = 'tag'
+
+ result = api_call(module, api_call_object)
+ module.exit_json(**result)
+
+
+if __name__ == '__main__':
+ main()
diff --git a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_tag_facts.py b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_tag_facts.py
new file mode 100644
index 000000000..942e1415b
--- /dev/null
+++ b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_tag_facts.py
@@ -0,0 +1,124 @@
+#!/usr/bin/python
+# -*- coding: utf-8 -*-
+#
+# Ansible module to manage Check Point Firewall (c) 2019
+#
+# Ansible is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# Ansible is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with Ansible. If not, see <http://www.gnu.org/licenses/>.
+#
+
+from __future__ import (absolute_import, division, print_function)
+
+__metaclass__ = type
+
+ANSIBLE_METADATA = {'metadata_version': '1.1',
+ 'status': ['preview'],
+ 'supported_by': 'community'}
+
+DOCUMENTATION = """
+---
+module: cp_mgmt_tag_facts
+short_description: Get tag objects facts on Check Point over Web Services API
+description:
+ - Get tag objects facts on Check Point devices.
+ - All operations are performed over Web Services API.
+ - This module handles both operations, get a specific object and get several objects,
+ For getting a specific object use the parameter 'name'.
+version_added: "1.0.0"
+author: "Or Soffer (@chkp-orso)"
+options:
+ name:
+ description:
+ - Object name.
+ This parameter is relevant only for getting a specific object.
+ type: str
+ details_level:
+ description:
+ - The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed
+ representation of the object.
+ type: str
+ choices: ['uid', 'standard', 'full']
+ limit:
+ description:
+ - No more than that many results will be returned.
+ This parameter is relevant only for getting few objects.
+ type: int
+ offset:
+ description:
+ - Skip that many results before beginning to return them.
+ This parameter is relevant only for getting few objects.
+ type: int
+ order:
+ description:
+ - Sorts results by the given field. By default the results are sorted in the ascending order by name.
+ This parameter is relevant only for getting few objects.
+ type: list
+ elements: dict
+ suboptions:
+ ASC:
+ description:
+ - Sorts results by the given field in ascending order.
+ type: str
+ choices: ['name']
+ DESC:
+ description:
+ - Sorts results by the given field in descending order.
+ type: str
+ choices: ['name']
+extends_documentation_fragment: check_point.mgmt.checkpoint_facts
+"""
+
+EXAMPLES = """
+- name: show-tag
+ cp_mgmt_tag_facts:
+ name: f96b37ec-e22e-4945-8bbf-d37b117914e0
+
+- name: show-tags
+ cp_mgmt_tag_facts:
+"""
+
+RETURN = """
+ansible_facts:
+ description: The checkpoint object facts.
+ returned: always.
+ type: dict
+"""
+
+from ansible.module_utils.basic import AnsibleModule
+from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_facts, api_call_facts
+
+
+def main():
+ argument_spec = dict(
+ name=dict(type='str'),
+ details_level=dict(type='str', choices=['uid', 'standard', 'full']),
+ limit=dict(type='int'),
+ offset=dict(type='int'),
+ order=dict(type='list', elements='dict', options=dict(
+ ASC=dict(type='str', choices=['name']),
+ DESC=dict(type='str', choices=['name'])
+ ))
+ )
+ argument_spec.update(checkpoint_argument_spec_for_facts)
+
+ module = AnsibleModule(argument_spec=argument_spec, supports_check_mode=True)
+
+ api_call_object = "tag"
+ api_call_object_plural_version = "tags"
+
+ result = api_call_facts(module, api_call_object, api_call_object_plural_version)
+ module.exit_json(ansible_facts=result)
+
+
+if __name__ == '__main__':
+ main()
diff --git a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_test_sic_status.py b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_test_sic_status.py
new file mode 100644
index 000000000..2eb7dbf0a
--- /dev/null
+++ b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_test_sic_status.py
@@ -0,0 +1,82 @@
+#!/usr/bin/python
+# -*- coding: utf-8 -*-
+#
+# Ansible module to manage CheckPoint Firewall (c) 2019
+#
+# Ansible is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# Ansible is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with Ansible. If not, see <http://www.gnu.org/licenses/>.
+#
+
+from __future__ import (absolute_import, division, print_function)
+
+__metaclass__ = type
+
+ANSIBLE_METADATA = {'metadata_version': '1.1',
+ 'status': ['preview'],
+ 'supported_by': 'community'}
+
+DOCUMENTATION = """
+---
+module: cp_mgmt_test_sic_status
+short_description: Test SIC Status reflects the state of the gateway after it has received the certificate issued by the
+ ICA. If the SIC status is Unknown then there is no connection between the gateway and the Security
+ Management Server. If the SIC status is No Communication, an error message will appear. It may
+ contain specific instructions on how to fix the situation.
+description:
+ - Test SIC Status reflects the state of the gateway after it has received the certificate issued by the ICA. If the SIC status is Unknown then there is
+ no connection between the gateway and the Security Management Server. If the SIC status is No Communication, an error message will appear. It may contain
+ specific instructions on how to fix the situation.
+ - All operations are performed over Web Services API.
+version_added: "3.0.0"
+author: "Eden Brillant (@chkp-edenbr)"
+options:
+ name:
+ description:
+ - Gateway, cluster member or Check Point host name.
+ type: str
+extends_documentation_fragment: check_point.mgmt.checkpoint_commands
+"""
+
+EXAMPLES = """
+- name: test-sic-status
+ cp_mgmt_test_sic_status:
+ name: gw1
+"""
+
+RETURN = """
+cp_mgmt_test_sic_status:
+ description: The checkpoint test-sic-status output.
+ returned: always.
+ type: dict
+"""
+
+from ansible.module_utils.basic import AnsibleModule
+from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_commands, api_command
+
+
+def main():
+ argument_spec = dict(
+ name=dict(type='str')
+ )
+ argument_spec.update(checkpoint_argument_spec_for_commands)
+
+ module = AnsibleModule(argument_spec=argument_spec)
+
+ command = "test-sic-status"
+
+ result = api_command(module, command)
+ module.exit_json(**result)
+
+
+if __name__ == '__main__':
+ main()
diff --git a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_threat_exception.py b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_threat_exception.py
new file mode 100644
index 000000000..b6ea57f63
--- /dev/null
+++ b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_threat_exception.py
@@ -0,0 +1,219 @@
+#!/usr/bin/python
+# -*- coding: utf-8 -*-
+#
+# Ansible module to manage Check Point Firewall (c) 2019
+#
+# Ansible is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# Ansible is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with Ansible. If not, see <http://www.gnu.org/licenses/>.
+#
+
+from __future__ import (absolute_import, division, print_function)
+
+__metaclass__ = type
+
+ANSIBLE_METADATA = {'metadata_version': '1.1',
+ 'status': ['preview'],
+ 'supported_by': 'community'}
+
+DOCUMENTATION = """
+---
+module: cp_mgmt_threat_exception
+short_description: Manages threat-exception objects on Check Point over Web Services API
+description:
+ - Manages threat-exception objects on Check Point devices including creating, updating and removing objects.
+ - All operations are performed over Web Services API.
+version_added: "1.0.0"
+author: "Or Soffer (@chkp-orso)"
+options:
+ name:
+ description:
+ - The name of the exception.
+ type: str
+ required: True
+ position:
+ description:
+ - Position in the rulebase. The use of values "top" and "bottom" may not be idempotent.
+ type: str
+ exception_group_uid:
+ description:
+ - The UID of the exception-group.
+ type: str
+ exception_group_name:
+ description:
+ - The name of the exception-group.
+ type: str
+ layer:
+ description:
+ - Layer that the rule belongs to identified by the name or UID.
+ type: str
+ rule_name:
+ description:
+ - The name of the parent rule.
+ type: str
+ action:
+ description:
+ - Action-the enforced profile.
+ type: str
+ destination:
+ description:
+ - Collection of Network objects identified by the name or UID.
+ type: list
+ elements: str
+ destination_negate:
+ description:
+ - True if negate is set for destination.
+ type: bool
+ enabled:
+ description:
+ - Enable/Disable the rule.
+ type: bool
+ install_on:
+ description:
+ - Which Gateways identified by the name or UID to install the policy on.
+ type: list
+ elements: str
+ protected_scope:
+ description:
+ - Collection of objects defining Protected Scope identified by the name or UID.
+ type: list
+ elements: str
+ protected_scope_negate:
+ description:
+ - True if negate is set for Protected Scope.
+ type: bool
+ protection_or_site:
+ description:
+ - Name of the protection or site.
+ type: list
+ elements: str
+ service:
+ description:
+ - Collection of Network objects identified by the name or UID.
+ type: list
+ elements: str
+ service_negate:
+ description:
+ - True if negate is set for Service.
+ type: bool
+ source:
+ description:
+ - Collection of Network objects identified by the name or UID.
+ type: list
+ elements: str
+ source_negate:
+ description:
+ - True if negate is set for source.
+ type: bool
+ track:
+ description:
+ - Packet tracking.
+ type: str
+ comments:
+ description:
+ - Comments string.
+ type: str
+ details_level:
+ description:
+ - The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed
+ representation of the object.
+ type: str
+ choices: ['uid', 'standard', 'full']
+ ignore_warnings:
+ description:
+ - Apply changes ignoring warnings.
+ type: bool
+ ignore_errors:
+ description:
+ - Apply changes ignoring errors. You won't be able to publish such a changes. If ignore-warnings flag was omitted - warnings will also be ignored.
+ type: bool
+extends_documentation_fragment: check_point.mgmt.checkpoint_objects
+"""
+
+EXAMPLES = """
+- name: add-threat-exception
+ cp_mgmt_threat_exception:
+ layer: New Layer 1
+ name: Exception Rule
+ position: 1
+ protected_scope: All_Internet
+ rule_name: Threat Rule 1
+ state: present
+ track: Log
+
+- name: set-threat-exception
+ cp_mgmt_threat_exception:
+ layer: New Layer 1
+ name: Exception Rule
+ rule_name: Threat Rule 1
+ state: present
+
+- name: delete-threat-exception
+ cp_mgmt_threat_exception:
+ name: Exception Rule
+ layer: New Layer 1
+ rule_name: Threat Rule 1
+ state: absent
+"""
+
+RETURN = """
+cp_mgmt_threat_exception:
+ description: The checkpoint object created or updated.
+ returned: always, except when deleting the object.
+ type: dict
+"""
+
+from ansible.module_utils.basic import AnsibleModule
+from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_objects, api_call, api_call_for_rule
+
+
+def main():
+ argument_spec = dict(
+ name=dict(type='str', required=True),
+ position=dict(type='str'),
+ exception_group_uid=dict(type='str'),
+ exception_group_name=dict(type='str'),
+ layer=dict(type='str'),
+ rule_name=dict(type='str'),
+ action=dict(type='str'),
+ destination=dict(type='list', elements='str'),
+ destination_negate=dict(type='bool'),
+ enabled=dict(type='bool'),
+ install_on=dict(type='list', elements='str'),
+ protected_scope=dict(type='list', elements='str'),
+ protected_scope_negate=dict(type='bool'),
+ protection_or_site=dict(type='list', elements='str'),
+ service=dict(type='list', elements='str'),
+ service_negate=dict(type='bool'),
+ source=dict(type='list', elements='str'),
+ source_negate=dict(type='bool'),
+ track=dict(type='str'),
+ comments=dict(type='str'),
+ details_level=dict(type='str', choices=['uid', 'standard', 'full']),
+ ignore_warnings=dict(type='bool'),
+ ignore_errors=dict(type='bool')
+ )
+ argument_spec.update(checkpoint_argument_spec_for_objects)
+
+ module = AnsibleModule(argument_spec=argument_spec, supports_check_mode=True)
+ api_call_object = 'threat-exception'
+
+ if module.params['position'] is None:
+ result = api_call(module, api_call_object)
+ else:
+ result = api_call_for_rule(module, api_call_object)
+
+ module.exit_json(**result)
+
+
+if __name__ == '__main__':
+ main()
diff --git a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_threat_exception_facts.py b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_threat_exception_facts.py
new file mode 100644
index 000000000..1455df234
--- /dev/null
+++ b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_threat_exception_facts.py
@@ -0,0 +1,223 @@
+#!/usr/bin/python
+# -*- coding: utf-8 -*-
+#
+# Ansible module to manage Check Point Firewall (c) 2019
+#
+# Ansible is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# Ansible is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with Ansible. If not, see <http://www.gnu.org/licenses/>.
+#
+
+from __future__ import (absolute_import, division, print_function)
+
+__metaclass__ = type
+
+ANSIBLE_METADATA = {'metadata_version': '1.1',
+ 'status': ['preview'],
+ 'supported_by': 'community'}
+
+DOCUMENTATION = """
+---
+module: cp_mgmt_threat_exception_facts
+short_description: Get threat-exception objects facts on Check Point over Web Services API
+description:
+ - Get threat-exception objects facts on Check Point devices.
+ - All operations are performed over Web Services API.
+ - This module handles both operations, get a specific object and get several objects,
+ For getting a specific object use the parameter 'name'.
+version_added: "1.0.0"
+author: "Or Soffer (@chkp-orso)"
+options:
+ name:
+ description:
+ - The name of the layer containing the parent threat rule.
+ This parameter is relevant only for getting few objects.
+ type: str
+ exception_group_uid:
+ description:
+ - The UID of the exception-group.
+ type: str
+ exception_group_name:
+ description:
+ - The name of the exception-group.
+ type: str
+ layer:
+ description:
+ - Layer that the rule belongs to identified by the name or UID.
+ type: str
+ rule_name:
+ description:
+ - The name of the parent rule.
+ type: str
+ details_level:
+ description:
+ - The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed
+ representation of the object.
+ type: str
+ choices: ['uid', 'standard', 'full']
+ filter:
+ description:
+ - Search expression to filter the rulebase. The provided text should be exactly the same as it would be given in Smart Console. The logical
+ operators in the expression ('AND', 'OR') should be provided in capital letters. If an operator is not used, the default OR operator applies.
+ type: str
+ filter_settings:
+ description:
+ - Sets filter preferences.
+ type: dict
+ suboptions:
+ search_mode:
+ description:
+ - When set to 'general', both the Full Text Search and Packet Search are enabled. In this mode, Packet Search will not match on 'Any'
+ object, a negated cell or a group-with-exclusion. When the search-mode is set to 'packet', by default, the match on 'Any' object, a negated cell
+ or a group-with-exclusion are enabled. packet-search-settings may be provided to change the default behavior.
+ type: str
+ choices: ['general', 'packet']
+ packet_search_settings:
+ description:
+ - When 'search-mode' is set to 'packet', this object allows to set the packet search preferences.
+ type: dict
+ suboptions:
+ expand_group_members:
+ description:
+ - When true, if the search expression contains a UID or a name of a group object, results will include rules that match on at
+ least one member of the group.
+ type: bool
+ expand_group_with_exclusion_members:
+ description:
+ - When true, if the search expression contains a UID or a name of a group-with-exclusion object, results will include rules that
+ match at least one member of the "include" part and is not a member of the "except" part.
+ type: bool
+ match_on_any:
+ description:
+ - Whether to match on 'Any' object.
+ type: bool
+ match_on_group_with_exclusion:
+ description:
+ - Whether to match on a group-with-exclusion.
+ type: bool
+ match_on_negate:
+ description:
+ - Whether to match on a negated cell.
+ type: bool
+ limit:
+ description:
+ - No more than that many results will be returned.
+ This parameter is relevant only for getting few objects.
+ type: int
+ offset:
+ description:
+ - Skip that many results before beginning to return them.
+ This parameter is relevant only for getting few objects.
+ type: int
+ order:
+ description:
+ - Sorts results by the given field. By default the results are sorted in the ascending order by name.
+ This parameter is relevant only for getting few objects.
+ type: list
+ elements: dict
+ suboptions:
+ ASC:
+ description:
+ - Sorts results by the given field in ascending order.
+ type: str
+ choices: ['name']
+ DESC:
+ description:
+ - Sorts results by the given field in descending order.
+ type: str
+ choices: ['name']
+ package:
+ description:
+ - Name of the package.
+ type: str
+ use_object_dictionary:
+ description:
+ - N/A
+ type: bool
+ dereference_group_members:
+ description:
+ - Indicates whether to dereference "members" field by details level for every object in reply.
+ type: bool
+ show_membership:
+ description:
+ - Indicates whether to calculate and show "groups" field for every object in reply.
+ type: bool
+extends_documentation_fragment: check_point.mgmt.checkpoint_facts
+"""
+
+EXAMPLES = """
+- name: show-threat-exception
+ cp_mgmt_threat_exception_facts:
+ name: Exception Rule
+ layer: New Layer 1
+ rule_name: Threat Rule 1
+
+- name: show-threat-rule-exception-rulebase
+ cp_mgmt_threat_exception_facts:
+ name: Standard Threat Prevention
+ rule_name: Threat Rule 1
+"""
+
+RETURN = """
+ansible_facts:
+ description: The checkpoint object facts.
+ returned: always.
+ type: dict
+"""
+
+from ansible.module_utils.basic import AnsibleModule
+from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_facts, api_call_facts
+
+
+def main():
+ argument_spec = dict(
+ name=dict(type='str'),
+ exception_group_uid=dict(type='str'),
+ exception_group_name=dict(type='str'),
+ layer=dict(type='str'),
+ rule_name=dict(type='str'),
+ details_level=dict(type='str', choices=['uid', 'standard', 'full']),
+ filter=dict(type='str'),
+ filter_settings=dict(type='dict', options=dict(
+ search_mode=dict(type='str', choices=['general', 'packet']),
+ packet_search_settings=dict(type='dict', options=dict(
+ expand_group_members=dict(type='bool'),
+ expand_group_with_exclusion_members=dict(type='bool'),
+ match_on_any=dict(type='bool'),
+ match_on_group_with_exclusion=dict(type='bool'),
+ match_on_negate=dict(type='bool')
+ ))
+ )),
+ limit=dict(type='int'),
+ offset=dict(type='int'),
+ order=dict(type='list', elements='dict', options=dict(
+ ASC=dict(type='str', choices=['name']),
+ DESC=dict(type='str', choices=['name'])
+ )),
+ package=dict(type='str'),
+ use_object_dictionary=dict(type='bool'),
+ dereference_group_members=dict(type='bool'),
+ show_membership=dict(type='bool')
+ )
+ argument_spec.update(checkpoint_argument_spec_for_facts)
+
+ module = AnsibleModule(argument_spec=argument_spec, supports_check_mode=True)
+
+ api_call_object = "threat-exception"
+ api_call_object_plural_version = "threat-rule-exception-rulebase"
+
+ result = api_call_facts(module, api_call_object, api_call_object_plural_version)
+ module.exit_json(ansible_facts=result)
+
+
+if __name__ == '__main__':
+ main()
diff --git a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_threat_indicator.py b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_threat_indicator.py
new file mode 100644
index 000000000..67772aef5
--- /dev/null
+++ b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_threat_indicator.py
@@ -0,0 +1,274 @@
+#!/usr/bin/python
+# -*- coding: utf-8 -*-
+#
+# Ansible module to manage Check Point Firewall (c) 2019
+#
+# Ansible is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# Ansible is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with Ansible. If not, see <http://www.gnu.org/licenses/>.
+#
+
+from __future__ import (absolute_import, division, print_function)
+
+__metaclass__ = type
+
+ANSIBLE_METADATA = {'metadata_version': '1.1',
+ 'status': ['preview'],
+ 'supported_by': 'community'}
+
+DOCUMENTATION = """
+---
+module: cp_mgmt_threat_indicator
+short_description: Manages threat-indicator objects on Check Point over Web Services API
+description:
+ - Manages threat-indicator objects on Check Point devices including creating, updating and removing objects.
+ - All operations are performed over Web Services API.
+version_added: "1.0.0"
+author: "Or Soffer (@chkp-orso)"
+options:
+ name:
+ description:
+ - Object name.
+ type: str
+ required: True
+ observables:
+ description:
+ - The indicator's observables.
+ type: list
+ elements: dict
+ suboptions:
+ name:
+ description:
+ - Object name. Should be unique in the domain.
+ type: str
+ md5:
+ description:
+ - A valid MD5 sequence.
+ type: str
+ url:
+ description:
+ - A valid URL.
+ type: str
+ ip_address:
+ description:
+ - A valid IP-Address.
+ type: str
+ ip_address_first:
+ description:
+ - A valid IP-Address, the beginning of the range. If you configure this parameter with a value, you must also configure the value of the
+ 'ip-address-last' parameter.
+ type: str
+ ip_address_last:
+ description:
+ - A valid IP-Address, the end of the range. If you configure this parameter with a value, you must also configure the value of the
+ 'ip-address-first' parameter.
+ type: str
+ domain:
+ description:
+ - The name of a domain.
+ type: str
+ mail_to:
+ description:
+ - A valid E-Mail address, recipient filed.
+ type: str
+ mail_from:
+ description:
+ - A valid E-Mail address, sender field.
+ type: str
+ mail_cc:
+ description:
+ - A valid E-Mail address, cc field.
+ type: str
+ mail_reply_to:
+ description:
+ - A valid E-Mail address, reply-to field.
+ type: str
+ mail_subject:
+ description:
+ - Subject of E-Mail.
+ type: str
+ confidence:
+ description:
+ - The confidence level the indicator has that a real threat has been uncovered.
+ type: str
+ choices: ['low', 'medium', 'high', 'critical']
+ product:
+ description:
+ - The software blade that processes the observable, AV - AntiVirus, AB - AntiBot.
+ type: str
+ choices: ['AV', 'AB']
+ severity:
+ description:
+ - The severity level of the threat.
+ type: str
+ choices: ['low', 'medium', 'high', 'critical']
+ comments:
+ description:
+ - Comments string.
+ type: str
+ ignore_warnings:
+ description:
+ - Apply changes ignoring warnings.
+ type: bool
+ ignore_errors:
+ description:
+ - Apply changes ignoring errors. You won't be able to publish such a changes. If ignore-warnings flag was omitted - warnings will also be ignored.
+ type: bool
+ observables_raw_data:
+ description:
+ - The contents of a file containing the indicator's observables.
+ type: str
+ action:
+ description:
+ - The indicator's action.
+ type: str
+ choices: ['Inactive', 'Ask', 'Prevent', 'Detect']
+ profile_overrides:
+ description:
+ - Profiles in which to override the indicator's default action.
+ type: list
+ elements: dict
+ suboptions:
+ action:
+ description:
+ - The indicator's action in this profile.
+ type: str
+ choices: ['Inactive', 'Ask', 'Prevent', 'Detect']
+ profile:
+ description:
+ - The profile in which to override the indicator's action.
+ type: str
+ tags:
+ description:
+ - Collection of tag identifiers.
+ type: list
+ elements: str
+ color:
+ description:
+ - Color of the object. Should be one of existing colors.
+ type: str
+ choices: ['aquamarine', 'black', 'blue', 'crete blue', 'burlywood', 'cyan', 'dark green', 'khaki', 'orchid', 'dark orange', 'dark sea green',
+ 'pink', 'turquoise', 'dark blue', 'firebrick', 'brown', 'forest green', 'gold', 'dark gold', 'gray', 'dark gray', 'light green', 'lemon chiffon',
+ 'coral', 'sea green', 'sky blue', 'magenta', 'purple', 'slate blue', 'violet red', 'navy blue', 'olive', 'orange', 'red', 'sienna', 'yellow']
+ comments:
+ description:
+ - Comments string.
+ type: str
+ details_level:
+ description:
+ - The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed
+ representation of the object.
+ type: str
+ choices: ['uid', 'standard', 'full']
+ ignore_warnings:
+ description:
+ - Apply changes ignoring warnings.
+ type: bool
+ ignore_errors:
+ description:
+ - Apply changes ignoring errors. You won't be able to publish such a changes. If ignore-warnings flag was omitted - warnings will also be ignored.
+ type: bool
+extends_documentation_fragment: check_point.mgmt.checkpoint_objects
+"""
+
+EXAMPLES = """
+- name: add-threat-indicator
+ cp_mgmt_threat_indicator:
+ action: ask
+ ignore_warnings: true
+ name: My_Indicator
+ observables:
+ - confidence: medium
+ mail_to: someone@somewhere.com
+ name: My_Observable
+ product: AV
+ severity: low
+ profile_overrides:
+ - action: detect
+ profile: My_Profile
+ state: present
+
+- name: set-threat-indicator
+ cp_mgmt_threat_indicator:
+ action: prevent
+ ignore_warnings: true
+ name: My_Indicator
+ state: present
+
+- name: delete-threat-indicator
+ cp_mgmt_threat_indicator:
+ name: My_Indicator
+ state: absent
+"""
+
+RETURN = """
+cp_mgmt_threat_indicator:
+ description: The checkpoint object created or updated.
+ returned: always, except when deleting the object.
+ type: dict
+"""
+
+from ansible.module_utils.basic import AnsibleModule
+from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_objects, api_call
+
+
+def main():
+ argument_spec = dict(
+ name=dict(type='str', required=True),
+ observables=dict(type='list', elements='dict', options=dict(
+ name=dict(type='str'),
+ md5=dict(type='str'),
+ url=dict(type='str'),
+ ip_address=dict(type='str'),
+ ip_address_first=dict(type='str'),
+ ip_address_last=dict(type='str'),
+ domain=dict(type='str'),
+ mail_to=dict(type='str'),
+ mail_from=dict(type='str'),
+ mail_cc=dict(type='str'),
+ mail_reply_to=dict(type='str'),
+ mail_subject=dict(type='str'),
+ confidence=dict(type='str', choices=['low', 'medium', 'high', 'critical']),
+ product=dict(type='str', choices=['AV', 'AB']),
+ severity=dict(type='str', choices=['low', 'medium', 'high', 'critical']),
+ comments=dict(type='str'),
+ ignore_warnings=dict(type='bool'),
+ ignore_errors=dict(type='bool')
+ )),
+ observables_raw_data=dict(type='str'),
+ action=dict(type='str', choices=['Inactive', 'Ask', 'Prevent', 'Detect']),
+ profile_overrides=dict(type='list', elements='dict', options=dict(
+ action=dict(type='str', choices=['Inactive', 'Ask', 'Prevent', 'Detect']),
+ profile=dict(type='str')
+ )),
+ tags=dict(type='list', elements='str'),
+ color=dict(type='str', choices=['aquamarine', 'black', 'blue', 'crete blue', 'burlywood', 'cyan', 'dark green',
+ 'khaki', 'orchid', 'dark orange', 'dark sea green', 'pink', 'turquoise', 'dark blue', 'firebrick', 'brown',
+ 'forest green', 'gold', 'dark gold', 'gray', 'dark gray', 'light green', 'lemon chiffon', 'coral', 'sea green',
+ 'sky blue', 'magenta', 'purple', 'slate blue', 'violet red', 'navy blue', 'olive', 'orange', 'red', 'sienna',
+ 'yellow']),
+ comments=dict(type='str'),
+ details_level=dict(type='str', choices=['uid', 'standard', 'full']),
+ ignore_warnings=dict(type='bool'),
+ ignore_errors=dict(type='bool')
+ )
+ argument_spec.update(checkpoint_argument_spec_for_objects)
+
+ module = AnsibleModule(argument_spec=argument_spec, supports_check_mode=True)
+ api_call_object = 'threat-indicator'
+
+ result = api_call(module, api_call_object)
+ module.exit_json(**result)
+
+
+if __name__ == '__main__':
+ main()
diff --git a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_threat_indicator_facts.py b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_threat_indicator_facts.py
new file mode 100644
index 000000000..3d441c435
--- /dev/null
+++ b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_threat_indicator_facts.py
@@ -0,0 +1,124 @@
+#!/usr/bin/python
+# -*- coding: utf-8 -*-
+#
+# Ansible module to manage Check Point Firewall (c) 2019
+#
+# Ansible is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# Ansible is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with Ansible. If not, see <http://www.gnu.org/licenses/>.
+#
+
+from __future__ import (absolute_import, division, print_function)
+
+__metaclass__ = type
+
+ANSIBLE_METADATA = {'metadata_version': '1.1',
+ 'status': ['preview'],
+ 'supported_by': 'community'}
+
+DOCUMENTATION = """
+---
+module: cp_mgmt_threat_indicator_facts
+short_description: Get threat-indicator objects facts on Check Point over Web Services API
+description:
+ - Get threat-indicator objects facts on Check Point devices.
+ - All operations are performed over Web Services API.
+ - This module handles both operations, get a specific object and get several objects,
+ For getting a specific object use the parameter 'name'.
+version_added: "1.0.0"
+author: "Or Soffer (@chkp-orso)"
+options:
+ name:
+ description:
+ - Object name.
+ This parameter is relevant only for getting a specific object.
+ type: str
+ details_level:
+ description:
+ - The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed
+ representation of the object.
+ type: str
+ choices: ['uid', 'standard', 'full']
+ limit:
+ description:
+ - No more than that many results will be returned.
+ This parameter is relevant only for getting few objects.
+ type: int
+ offset:
+ description:
+ - Skip that many results before beginning to return them.
+ This parameter is relevant only for getting few objects.
+ type: int
+ order:
+ description:
+ - Sorts results by the given field. By default the results are sorted in the ascending order by name.
+ This parameter is relevant only for getting few objects.
+ type: list
+ elements: dict
+ suboptions:
+ ASC:
+ description:
+ - Sorts results by the given field in ascending order.
+ type: str
+ choices: ['name']
+ DESC:
+ description:
+ - Sorts results by the given field in descending order.
+ type: str
+ choices: ['name']
+extends_documentation_fragment: check_point.mgmt.checkpoint_facts
+"""
+
+EXAMPLES = """
+- name: show-threat-indicator
+ cp_mgmt_threat_indicator_facts:
+ name: My_Indicator
+
+- name: show-threat-indicators
+ cp_mgmt_threat_indicator_facts:
+"""
+
+RETURN = """
+ansible_facts:
+ description: The checkpoint object facts.
+ returned: always.
+ type: dict
+"""
+
+from ansible.module_utils.basic import AnsibleModule
+from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_facts, api_call_facts
+
+
+def main():
+ argument_spec = dict(
+ name=dict(type='str'),
+ details_level=dict(type='str', choices=['uid', 'standard', 'full']),
+ limit=dict(type='int'),
+ offset=dict(type='int'),
+ order=dict(type='list', elements='dict', options=dict(
+ ASC=dict(type='str', choices=['name']),
+ DESC=dict(type='str', choices=['name'])
+ ))
+ )
+ argument_spec.update(checkpoint_argument_spec_for_facts)
+
+ module = AnsibleModule(argument_spec=argument_spec, supports_check_mode=True)
+
+ api_call_object = "threat-indicator"
+ api_call_object_plural_version = "threat-indicators"
+
+ result = api_call_facts(module, api_call_object, api_call_object_plural_version)
+ module.exit_json(ansible_facts=result)
+
+
+if __name__ == '__main__':
+ main()
diff --git a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_threat_layer.py b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_threat_layer.py
new file mode 100644
index 000000000..991b533ef
--- /dev/null
+++ b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_threat_layer.py
@@ -0,0 +1,128 @@
+#!/usr/bin/python
+# -*- coding: utf-8 -*-
+#
+# Ansible module to manage Check Point Firewall (c) 2019
+#
+# Ansible is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# Ansible is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with Ansible. If not, see <http://www.gnu.org/licenses/>.
+#
+
+from __future__ import (absolute_import, division, print_function)
+
+__metaclass__ = type
+
+ANSIBLE_METADATA = {'metadata_version': '1.1',
+ 'status': ['preview'],
+ 'supported_by': 'community'}
+
+DOCUMENTATION = """
+---
+module: cp_mgmt_threat_layer
+short_description: Manages threat-layer objects on Check Point over Web Services API
+description:
+ - Manages threat-layer objects on Check Point devices including creating, updating and removing objects.
+ - All operations are performed over Web Services API.
+version_added: "1.0.0"
+author: "Or Soffer (@chkp-orso)"
+options:
+ name:
+ description:
+ - Object name.
+ type: str
+ required: True
+ add_default_rule:
+ description:
+ - Indicates whether to include a default rule in the new layer.
+ type: bool
+ tags:
+ description:
+ - Collection of tag identifiers.
+ type: list
+ elements: str
+ color:
+ description:
+ - Color of the object. Should be one of existing colors.
+ type: str
+ choices: ['aquamarine', 'black', 'blue', 'crete blue', 'burlywood', 'cyan', 'dark green', 'khaki', 'orchid', 'dark orange', 'dark sea green',
+ 'pink', 'turquoise', 'dark blue', 'firebrick', 'brown', 'forest green', 'gold', 'dark gold', 'gray', 'dark gray', 'light green', 'lemon chiffon',
+ 'coral', 'sea green', 'sky blue', 'magenta', 'purple', 'slate blue', 'violet red', 'navy blue', 'olive', 'orange', 'red', 'sienna', 'yellow']
+ comments:
+ description:
+ - Comments string.
+ type: str
+ details_level:
+ description:
+ - The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed
+ representation of the object.
+ type: str
+ choices: ['uid', 'standard', 'full']
+ ignore_warnings:
+ description:
+ - Apply changes ignoring warnings.
+ type: bool
+ ignore_errors:
+ description:
+ - Apply changes ignoring errors. You won't be able to publish such a changes. If ignore-warnings flag was omitted - warnings will also be ignored.
+ type: bool
+extends_documentation_fragment: check_point.mgmt.checkpoint_objects
+"""
+
+EXAMPLES = """
+- name: add-threat-layer
+ cp_mgmt_threat_layer:
+ name: New Layer 1
+ state: present
+
+- name: delete-threat-layer
+ cp_mgmt_threat_layer:
+ name: New Layer 2
+ state: absent
+"""
+
+RETURN = """
+cp_mgmt_threat_layer:
+ description: The checkpoint object created or updated.
+ returned: always, except when deleting the object.
+ type: dict
+"""
+
+from ansible.module_utils.basic import AnsibleModule
+from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_objects, api_call
+
+
+def main():
+ argument_spec = dict(
+ name=dict(type='str', required=True),
+ add_default_rule=dict(type='bool'),
+ tags=dict(type='list', elements='str'),
+ color=dict(type='str', choices=['aquamarine', 'black', 'blue', 'crete blue', 'burlywood', 'cyan', 'dark green',
+ 'khaki', 'orchid', 'dark orange', 'dark sea green', 'pink', 'turquoise', 'dark blue', 'firebrick', 'brown',
+ 'forest green', 'gold', 'dark gold', 'gray', 'dark gray', 'light green', 'lemon chiffon', 'coral', 'sea green',
+ 'sky blue', 'magenta', 'purple', 'slate blue', 'violet red', 'navy blue', 'olive', 'orange', 'red', 'sienna',
+ 'yellow']),
+ comments=dict(type='str'),
+ details_level=dict(type='str', choices=['uid', 'standard', 'full']),
+ ignore_warnings=dict(type='bool'),
+ ignore_errors=dict(type='bool')
+ )
+ argument_spec.update(checkpoint_argument_spec_for_objects)
+
+ module = AnsibleModule(argument_spec=argument_spec, supports_check_mode=True)
+ api_call_object = 'threat-layer'
+
+ result = api_call(module, api_call_object)
+ module.exit_json(**result)
+
+
+if __name__ == '__main__':
+ main()
diff --git a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_threat_layer_facts.py b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_threat_layer_facts.py
new file mode 100644
index 000000000..c432b56ec
--- /dev/null
+++ b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_threat_layer_facts.py
@@ -0,0 +1,127 @@
+#!/usr/bin/python
+# -*- coding: utf-8 -*-
+#
+# Ansible module to manage Check Point Firewall (c) 2019
+#
+# Ansible is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# Ansible is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with Ansible. If not, see <http://www.gnu.org/licenses/>.
+#
+
+from __future__ import (absolute_import, division, print_function)
+
+__metaclass__ = type
+
+ANSIBLE_METADATA = {'metadata_version': '1.1',
+ 'status': ['preview'],
+ 'supported_by': 'community'}
+
+DOCUMENTATION = """
+---
+module: cp_mgmt_threat_layer_facts
+short_description: Get threat-layer objects facts on Check Point over Web Services API
+description:
+ - Get threat-layer objects facts on Check Point devices.
+ - All operations are performed over Web Services API.
+ - This module handles both operations, get a specific object and get several objects,
+ For getting a specific object use the parameter 'name'.
+version_added: "1.0.0"
+author: "Or Soffer (@chkp-orso)"
+options:
+ name:
+ description:
+ - Object name.
+ This parameter is relevant only for getting a specific object.
+ type: str
+ details_level:
+ description:
+ - The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed
+ representation of the object.
+ type: str
+ choices: ['uid', 'standard', 'full']
+ limit:
+ description:
+ - No more than that many results will be returned.
+ This parameter is relevant only for getting few objects.
+ type: int
+ offset:
+ description:
+ - Skip that many results before beginning to return them.
+ This parameter is relevant only for getting few objects.
+ type: int
+ order:
+ description:
+ - Sorts results by the given field. By default the results are sorted in the ascending order by name.
+ This parameter is relevant only for getting few objects.
+ type: list
+ elements: dict
+ suboptions:
+ ASC:
+ description:
+ - Sorts results by the given field in ascending order.
+ type: str
+ choices: ['name']
+ DESC:
+ description:
+ - Sorts results by the given field in descending order.
+ type: str
+ choices: ['name']
+extends_documentation_fragment: check_point.mgmt.checkpoint_facts
+"""
+
+EXAMPLES = """
+- name: show-threat-layer
+ cp_mgmt_threat_layer_facts:
+ name: New Layer 1
+
+- name: show-threat-layers
+ cp_mgmt_threat_layer_facts:
+ details_level: standard
+ limit: 50
+ offset: 0
+"""
+
+RETURN = """
+ansible_facts:
+ description: The checkpoint object facts.
+ returned: always.
+ type: dict
+"""
+
+from ansible.module_utils.basic import AnsibleModule
+from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_facts, api_call_facts
+
+
+def main():
+ argument_spec = dict(
+ name=dict(type='str'),
+ details_level=dict(type='str', choices=['uid', 'standard', 'full']),
+ limit=dict(type='int'),
+ offset=dict(type='int'),
+ order=dict(type='list', elements='dict', options=dict(
+ ASC=dict(type='str', choices=['name']),
+ DESC=dict(type='str', choices=['name'])
+ ))
+ )
+ argument_spec.update(checkpoint_argument_spec_for_facts)
+
+ module = AnsibleModule(argument_spec=argument_spec, supports_check_mode=True)
+
+ api_call_object = "threat-layer"
+ api_call_object_plural_version = "threat-layers"
+
+ result = api_call_facts(module, api_call_object, api_call_object_plural_version)
+ module.exit_json(ansible_facts=result)
+
+
+if __name__ == '__main__':
+ main()
diff --git a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_threat_profile.py b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_threat_profile.py
new file mode 100644
index 000000000..e41b82c84
--- /dev/null
+++ b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_threat_profile.py
@@ -0,0 +1,406 @@
+#!/usr/bin/python
+# -*- coding: utf-8 -*-
+#
+# Ansible module to manage Check Point Firewall (c) 2019
+#
+# Ansible is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# Ansible is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with Ansible. If not, see <http://www.gnu.org/licenses/>.
+#
+
+from __future__ import (absolute_import, division, print_function)
+
+__metaclass__ = type
+
+ANSIBLE_METADATA = {'metadata_version': '1.1',
+ 'status': ['preview'],
+ 'supported_by': 'community'}
+
+DOCUMENTATION = """
+---
+module: cp_mgmt_threat_profile
+short_description: Manages threat-profile objects on Check Point over Web Services API
+description:
+ - Manages threat-profile objects on Check Point devices including creating, updating and removing objects.
+ - All operations are performed over Web Services API.
+version_added: "1.0.0"
+author: "Or Soffer (@chkp-orso)"
+options:
+ name:
+ description:
+ - Object name.
+ type: str
+ required: True
+ active_protections_performance_impact:
+ description:
+ - Protections with this performance impact only will be activated in the profile.
+ type: str
+ choices: ['high', 'medium', 'low', 'very_low']
+ active_protections_severity:
+ description:
+ - Protections with this severity only will be activated in the profile.
+ type: str
+ choices: ['Critical', 'High', 'Medium or above', 'Low or above']
+ confidence_level_high:
+ description:
+ - Action for protections with high confidence level.
+ type: str
+ choices: ['Inactive', 'Ask', 'Prevent', 'Detect']
+ confidence_level_low:
+ description:
+ - Action for protections with low confidence level.
+ type: str
+ choices: ['Inactive', 'Ask', 'Prevent', 'Detect']
+ confidence_level_medium:
+ description:
+ - Action for protections with medium confidence level.
+ type: str
+ choices: ['Inactive', 'Ask', 'Prevent', 'Detect']
+ indicator_overrides:
+ description:
+ - Indicators whose action will be overridden in this profile.
+ type: list
+ elements: dict
+ suboptions:
+ action:
+ description:
+ - The indicator's action in this profile.
+ type: str
+ choices: ['Inactive', 'Ask', 'Prevent', 'Detect']
+ indicator:
+ description:
+ - The indicator whose action is to be overridden.
+ type: str
+ ips_settings:
+ description:
+ - IPS blade settings.
+ type: dict
+ suboptions:
+ exclude_protection_with_performance_impact:
+ description:
+ - Whether to exclude protections depending on their level of performance impact.
+ type: bool
+ exclude_protection_with_performance_impact_mode:
+ description:
+ - Exclude protections with this level of performance impact.
+ type: str
+ choices: ['very low', 'low or lower', 'medium or lower', 'high or lower']
+ exclude_protection_with_severity:
+ description:
+ - Whether to exclude protections depending on their level of severity.
+ type: bool
+ exclude_protection_with_severity_mode:
+ description:
+ - Exclude protections with this level of severity.
+ type: str
+ choices: ['low or above', 'medium or above', 'high or above', 'critical']
+ newly_updated_protections:
+ description:
+ - Activation of newly updated protections.
+ type: str
+ choices: ['active', 'inactive', 'staging']
+ malicious_mail_policy_settings:
+ description:
+ - Malicious Mail Policy for MTA Gateways.
+ type: dict
+ suboptions:
+ add_customized_text_to_email_body:
+ description:
+ - Add customized text to the malicious email body.
+ type: bool
+ add_email_subject_prefix:
+ description:
+ - Add a prefix to the malicious email subject.
+ type: bool
+ add_x_header_to_email:
+ description:
+ - Add an X-Header to the malicious email.
+ type: bool
+ email_action:
+ description:
+ - Block - block the entire malicious email<br>Allow - pass the malicious email and apply email changes (like, remove attachments and
+ links, add x-header, etc...).
+ type: str
+ choices: ['allow', 'block']
+ email_body_customized_text:
+ description:
+ - Customized text for the malicious email body.<br> Available predefined fields,<br> $verdicts$ - the malicious/error attachments/links verdict.
+ type: str
+ email_subject_prefix_text:
+ description:
+ - Prefix for the malicious email subject.
+ type: str
+ failed_to_scan_attachments_text:
+ description:
+ - Replace attachments that failed to be scanned with this text.<br> Available predefined fields,<br> $filename$ - the malicious file
+ name.<br> $md5$ - MD5 of the malicious file.
+ type: str
+ malicious_attachments_text:
+ description:
+ - Replace malicious attachments with this text.<br> Available predefined fields,<br> $filename$ - the malicious file name.<br> $md5$ -
+ MD5 of the malicious file.
+ type: str
+ malicious_links_text:
+ description:
+ - Replace malicious links with this text.<br> Available predefined fields,<br> $neutralized_url$ - neutralized malicious link.
+ type: str
+ remove_attachments_and_links:
+ description:
+ - Remove attachments and links from the malicious email.
+ type: bool
+ send_copy:
+ description:
+ - Send a copy of the malicious email to the recipient list.
+ type: bool
+ send_copy_list:
+ description:
+ - Recipient list to send a copy of the malicious email.
+ type: list
+ elements: str
+ overrides:
+ description:
+ - Overrides per profile for this protection.
+ type: list
+ elements: dict
+ suboptions:
+ action:
+ description:
+ - Protection action.
+ type: str
+ choices: ['Threat Cloud: Inactive', 'Detect', 'Prevent <br> Core: Drop', 'Inactive', 'Accept']
+ protection:
+ description:
+ - IPS protection identified by name or UID.
+ type: str
+ capture_packets:
+ description:
+ - Capture packets.
+ type: bool
+ track:
+ description:
+ - Tracking method for protection.
+ type: str
+ choices: ['none', 'log', 'alert', 'mail', 'snmp trap', 'user alert', 'user alert 1', 'user alert 2']
+ tags:
+ description:
+ - Collection of tag identifiers.
+ type: list
+ elements: str
+ use_indicators:
+ description:
+ - Indicates whether the profile should make use of indicators.
+ type: bool
+ anti_bot:
+ description:
+ - Is Anti-Bot blade activated.
+ type: bool
+ anti_virus:
+ description:
+ - Is Anti-Virus blade activated.
+ type: bool
+ ips:
+ description:
+ - Is IPS blade activated.
+ type: bool
+ threat_emulation:
+ description:
+ - Is Threat Emulation blade activated.
+ type: bool
+ activate_protections_by_extended_attributes:
+ description:
+ - Activate protections by these extended attributes.
+ type: list
+ elements: dict
+ suboptions:
+ name:
+ description:
+ - IPS tag name.
+ type: str
+ category:
+ description:
+ - IPS tag category name.
+ type: str
+ deactivate_protections_by_extended_attributes:
+ description:
+ - Deactivate protections by these extended attributes.
+ type: list
+ elements: dict
+ suboptions:
+ name:
+ description:
+ - IPS tag name.
+ type: str
+ category:
+ description:
+ - IPS tag category name.
+ type: str
+ use_extended_attributes:
+ description:
+ - Whether to activate/deactivate IPS protections according to the extended attributes.
+ type: bool
+ color:
+ description:
+ - Color of the object. Should be one of existing colors.
+ type: str
+ choices: ['aquamarine', 'black', 'blue', 'crete blue', 'burlywood', 'cyan', 'dark green', 'khaki', 'orchid', 'dark orange', 'dark sea green',
+ 'pink', 'turquoise', 'dark blue', 'firebrick', 'brown', 'forest green', 'gold', 'dark gold', 'gray', 'dark gray', 'light green', 'lemon chiffon',
+ 'coral', 'sea green', 'sky blue', 'magenta', 'purple', 'slate blue', 'violet red', 'navy blue', 'olive', 'orange', 'red', 'sienna', 'yellow']
+ comments:
+ description:
+ - Comments string.
+ type: str
+ details_level:
+ description:
+ - The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed
+ representation of the object.
+ type: str
+ choices: ['uid', 'standard', 'full']
+ ignore_warnings:
+ description:
+ - Apply changes ignoring warnings.
+ type: bool
+ ignore_errors:
+ description:
+ - Apply changes ignoring errors. You won't be able to publish such a changes. If ignore-warnings flag was omitted - warnings will also be ignored.
+ type: bool
+extends_documentation_fragment: check_point.mgmt.checkpoint_objects
+"""
+
+EXAMPLES = """
+- name: add-threat-profile
+ cp_mgmt_threat_profile:
+ active_protections_performance_impact: low
+ active_protections_severity: low or above
+ anti_bot: true
+ anti_virus: true
+ confidence_level_high: prevent
+ confidence_level_medium: prevent
+ ips: true
+ ips_settings:
+ exclude_protection_with_performance_impact: true
+ exclude_protection_with_performance_impact_mode: high or lower
+ newly_updated_protections: staging
+ name: New Profile 1
+ state: present
+ threat_emulation: true
+
+- name: set-threat-profile
+ cp_mgmt_threat_profile:
+ active_protections_performance_impact: low
+ active_protections_severity: low or above
+ anti_bot: true
+ anti_virus: false
+ comments: update recommended profile
+ confidence_level_high: prevent
+ confidence_level_low: prevent
+ confidence_level_medium: prevent
+ ips: false
+ ips_settings:
+ exclude_protection_with_performance_impact: true
+ exclude_protection_with_performance_impact_mode: high or lower
+ newly_updated_protections: active
+ name: New Profile 1
+ state: present
+ threat_emulation: true
+
+- name: delete-threat-profile
+ cp_mgmt_threat_profile:
+ name: New Profile 1
+ state: absent
+"""
+
+RETURN = """
+cp_mgmt_threat_profile:
+ description: The checkpoint object created or updated.
+ returned: always, except when deleting the object.
+ type: dict
+"""
+
+from ansible.module_utils.basic import AnsibleModule
+from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_objects, api_call
+
+
+def main():
+ argument_spec = dict(
+ name=dict(type='str', required=True),
+ active_protections_performance_impact=dict(type='str', choices=['high', 'medium', 'low', 'very_low']),
+ active_protections_severity=dict(type='str', choices=['Critical', 'High', 'Medium or above', 'Low or above']),
+ confidence_level_high=dict(type='str', choices=['Inactive', 'Ask', 'Prevent', 'Detect']),
+ confidence_level_low=dict(type='str', choices=['Inactive', 'Ask', 'Prevent', 'Detect']),
+ confidence_level_medium=dict(type='str', choices=['Inactive', 'Ask', 'Prevent', 'Detect']),
+ indicator_overrides=dict(type='list', elements='dict', options=dict(
+ action=dict(type='str', choices=['Inactive', 'Ask', 'Prevent', 'Detect']),
+ indicator=dict(type='str')
+ )),
+ ips_settings=dict(type='dict', options=dict(
+ exclude_protection_with_performance_impact=dict(type='bool'),
+ exclude_protection_with_performance_impact_mode=dict(type='str', choices=['very low', 'low or lower', 'medium or lower', 'high or lower']),
+ exclude_protection_with_severity=dict(type='bool'),
+ exclude_protection_with_severity_mode=dict(type='str', choices=['low or above', 'medium or above', 'high or above', 'critical']),
+ newly_updated_protections=dict(type='str', choices=['active', 'inactive', 'staging'])
+ )),
+ malicious_mail_policy_settings=dict(type='dict', options=dict(
+ add_customized_text_to_email_body=dict(type='bool'),
+ add_email_subject_prefix=dict(type='bool'),
+ add_x_header_to_email=dict(type='bool'),
+ email_action=dict(type='str', choices=['allow', 'block']),
+ email_body_customized_text=dict(type='str'),
+ email_subject_prefix_text=dict(type='str'),
+ failed_to_scan_attachments_text=dict(type='str'),
+ malicious_attachments_text=dict(type='str'),
+ malicious_links_text=dict(type='str'),
+ remove_attachments_and_links=dict(type='bool'),
+ send_copy=dict(type='bool'),
+ send_copy_list=dict(type='list', elements='str')
+ )),
+ overrides=dict(type='list', elements='dict', options=dict(
+ action=dict(type='str', choices=['Threat Cloud: Inactive', 'Detect', 'Prevent <br> Core: Drop', 'Inactive', 'Accept']),
+ protection=dict(type='str'),
+ capture_packets=dict(type='bool'),
+ track=dict(type='str', choices=['none', 'log', 'alert', 'mail', 'snmp trap', 'user alert', 'user alert 1', 'user alert 2'])
+ )),
+ tags=dict(type='list', elements='str'),
+ use_indicators=dict(type='bool'),
+ anti_bot=dict(type='bool'),
+ anti_virus=dict(type='bool'),
+ ips=dict(type='bool'),
+ threat_emulation=dict(type='bool'),
+ activate_protections_by_extended_attributes=dict(type='list', elements='dict', options=dict(
+ name=dict(type='str'),
+ category=dict(type='str')
+ )),
+ deactivate_protections_by_extended_attributes=dict(type='list', elements='dict', options=dict(
+ name=dict(type='str'),
+ category=dict(type='str')
+ )),
+ use_extended_attributes=dict(type='bool'),
+ color=dict(type='str', choices=['aquamarine', 'black', 'blue', 'crete blue', 'burlywood', 'cyan', 'dark green',
+ 'khaki', 'orchid', 'dark orange', 'dark sea green', 'pink', 'turquoise', 'dark blue', 'firebrick', 'brown',
+ 'forest green', 'gold', 'dark gold', 'gray', 'dark gray', 'light green', 'lemon chiffon', 'coral', 'sea green',
+ 'sky blue', 'magenta', 'purple', 'slate blue', 'violet red', 'navy blue', 'olive', 'orange', 'red', 'sienna',
+ 'yellow']),
+ comments=dict(type='str'),
+ details_level=dict(type='str', choices=['uid', 'standard', 'full']),
+ ignore_warnings=dict(type='bool'),
+ ignore_errors=dict(type='bool')
+ )
+ argument_spec.update(checkpoint_argument_spec_for_objects)
+
+ module = AnsibleModule(argument_spec=argument_spec, supports_check_mode=True)
+ api_call_object = 'threat-profile'
+
+ result = api_call(module, api_call_object)
+ module.exit_json(**result)
+
+
+if __name__ == '__main__':
+ main()
diff --git a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_threat_profile_facts.py b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_threat_profile_facts.py
new file mode 100644
index 000000000..b3fcbaae2
--- /dev/null
+++ b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_threat_profile_facts.py
@@ -0,0 +1,127 @@
+#!/usr/bin/python
+# -*- coding: utf-8 -*-
+#
+# Ansible module to manage Check Point Firewall (c) 2019
+#
+# Ansible is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# Ansible is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with Ansible. If not, see <http://www.gnu.org/licenses/>.
+#
+
+from __future__ import (absolute_import, division, print_function)
+
+__metaclass__ = type
+
+ANSIBLE_METADATA = {'metadata_version': '1.1',
+ 'status': ['preview'],
+ 'supported_by': 'community'}
+
+DOCUMENTATION = """
+---
+module: cp_mgmt_threat_profile_facts
+short_description: Get threat-profile objects facts on Check Point over Web Services API
+description:
+ - Get threat-profile objects facts on Check Point devices.
+ - All operations are performed over Web Services API.
+ - This module handles both operations, get a specific object and get several objects,
+ For getting a specific object use the parameter 'name'.
+version_added: "1.0.0"
+author: "Or Soffer (@chkp-orso)"
+options:
+ name:
+ description:
+ - Object name.
+ This parameter is relevant only for getting a specific object.
+ type: str
+ details_level:
+ description:
+ - The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed
+ representation of the object.
+ type: str
+ choices: ['uid', 'standard', 'full']
+ limit:
+ description:
+ - No more than that many results will be returned.
+ This parameter is relevant only for getting few objects.
+ type: int
+ offset:
+ description:
+ - Skip that many results before beginning to return them.
+ This parameter is relevant only for getting few objects.
+ type: int
+ order:
+ description:
+ - Sorts results by the given field. By default the results are sorted in the ascending order by name.
+ This parameter is relevant only for getting few objects.
+ type: list
+ elements: dict
+ suboptions:
+ ASC:
+ description:
+ - Sorts results by the given field in ascending order.
+ type: str
+ choices: ['name']
+ DESC:
+ description:
+ - Sorts results by the given field in descending order.
+ type: str
+ choices: ['name']
+extends_documentation_fragment: check_point.mgmt.checkpoint_facts
+"""
+
+EXAMPLES = """
+- name: show-threat-profile
+ cp_mgmt_threat_profile_facts:
+ name: Recommended_Profile
+
+- name: show-threat-profiles
+ cp_mgmt_threat_profile_facts:
+ details_level: standard
+ limit: 50
+ offset: 0
+"""
+
+RETURN = """
+ansible_facts:
+ description: The checkpoint object facts.
+ returned: always.
+ type: dict
+"""
+
+from ansible.module_utils.basic import AnsibleModule
+from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_facts, api_call_facts
+
+
+def main():
+ argument_spec = dict(
+ name=dict(type='str'),
+ details_level=dict(type='str', choices=['uid', 'standard', 'full']),
+ limit=dict(type='int'),
+ offset=dict(type='int'),
+ order=dict(type='list', elements='dict', options=dict(
+ ASC=dict(type='str', choices=['name']),
+ DESC=dict(type='str', choices=['name'])
+ ))
+ )
+ argument_spec.update(checkpoint_argument_spec_for_facts)
+
+ module = AnsibleModule(argument_spec=argument_spec, supports_check_mode=True)
+
+ api_call_object = "threat-profile"
+ api_call_object_plural_version = "threat-profiles"
+
+ result = api_call_facts(module, api_call_object, api_call_object_plural_version)
+ module.exit_json(ansible_facts=result)
+
+
+if __name__ == '__main__':
+ main()
diff --git a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_threat_protection_override.py b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_threat_protection_override.py
new file mode 100644
index 000000000..22ce24a22
--- /dev/null
+++ b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_threat_protection_override.py
@@ -0,0 +1,131 @@
+#!/usr/bin/python
+# -*- coding: utf-8 -*-
+#
+# Ansible module to manage Check Point Firewall (c) 2019
+#
+# Ansible is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# Ansible is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with Ansible. If not, see <http://www.gnu.org/licenses/>.
+#
+
+from __future__ import (absolute_import, division, print_function)
+
+__metaclass__ = type
+
+ANSIBLE_METADATA = {'metadata_version': '1.1',
+ 'status': ['preview'],
+ 'supported_by': 'community'}
+
+DOCUMENTATION = """
+---
+module: cp_mgmt_threat_protection_override
+short_description: Edit existing object using object name or uid.
+description:
+ - Edit existing object using object name or uid.
+ - All operations are performed over Web Services API.
+version_added: "1.0.0"
+author: "Or Soffer (@chkp-orso)"
+options:
+ name:
+ description:
+ - Object name.
+ type: str
+ comments:
+ description:
+ - Protection comments.
+ type: str
+ follow_up:
+ description:
+ - Tag the protection with pre-defined follow-up flag.
+ type: bool
+ overrides:
+ description:
+ - Overrides per profile for this protection<br> Note, Remove override for Core protections removes only the action's override. Remove override
+ for Threat Cloud protections removes the action, track and packet captures.
+ type: list
+ elements: dict
+ suboptions:
+ action:
+ description:
+ - Protection action.
+ type: str
+ choices: ['Threat Cloud: Inactive', 'Detect', 'Prevent <br> Core: Drop', 'Inactive', 'Accept']
+ profile:
+ description:
+ - Profile name.
+ type: str
+ capture_packets:
+ description:
+ - Capture packets.
+ type: bool
+ track:
+ description:
+ - Tracking method for protection.
+ type: str
+ choices: ['none', 'log', 'alert', 'mail', 'snmp trap', 'user alert', 'user alert 1', 'user alert 2']
+ details_level:
+ description:
+ - The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed
+ representation of the object.
+ type: str
+ choices: ['uid', 'standard', 'full']
+extends_documentation_fragment: check_point.mgmt.checkpoint_commands
+"""
+
+EXAMPLES = """
+- name: threat_protection_override
+ cp_mgmt_threat_protection_override:
+ name: FTP Commands
+ overrides:
+ - action: inactive
+ capture_packets: true
+ profile: New Profile 1
+ track: None
+ state: present
+"""
+
+RETURN = """
+cp_mgmt_threat_protection_override:
+ description: The checkpoint threat_protection_override output.
+ returned: always.
+ type: dict
+"""
+
+from ansible.module_utils.basic import AnsibleModule
+from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_commands, api_command
+
+
+def main():
+ argument_spec = dict(
+ name=dict(type='str'),
+ comments=dict(type='str'),
+ follow_up=dict(type='bool'),
+ overrides=dict(type='list', elements='dict', options=dict(
+ action=dict(type='str', choices=['Threat Cloud: Inactive', 'Detect', 'Prevent <br> Core: Drop', 'Inactive', 'Accept']),
+ profile=dict(type='str'),
+ capture_packets=dict(type='bool'),
+ track=dict(type='str', choices=['none', 'log', 'alert', 'mail', 'snmp trap', 'user alert', 'user alert 1', 'user alert 2'])
+ )),
+ details_level=dict(type='str', choices=['uid', 'standard', 'full'])
+ )
+ argument_spec.update(checkpoint_argument_spec_for_commands)
+
+ module = AnsibleModule(argument_spec=argument_spec)
+
+ command = "set-threat-protection"
+
+ result = api_command(module, command)
+ module.exit_json(**result)
+
+
+if __name__ == '__main__':
+ main()
diff --git a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_threat_rule.py b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_threat_rule.py
new file mode 100644
index 000000000..a69286364
--- /dev/null
+++ b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_threat_rule.py
@@ -0,0 +1,214 @@
+#!/usr/bin/python
+# -*- coding: utf-8 -*-
+#
+# Ansible module to manage Check Point Firewall (c) 2019
+#
+# Ansible is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# Ansible is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with Ansible. If not, see <http://www.gnu.org/licenses/>.
+#
+
+from __future__ import (absolute_import, division, print_function)
+
+__metaclass__ = type
+
+ANSIBLE_METADATA = {'metadata_version': '1.1',
+ 'status': ['preview'],
+ 'supported_by': 'community'}
+
+DOCUMENTATION = """
+---
+module: cp_mgmt_threat_rule
+short_description: Manages threat-rule objects on Check Point over Web Services API
+description:
+ - Manages threat-rule objects on Check Point devices including creating, updating and removing objects.
+ - All operations are performed over Web Services API.
+version_added: "1.0.0"
+author: "Or Soffer (@chkp-orso)"
+options:
+ position:
+ description:
+ - Position in the rulebase. The use of values "top" and "bottom" may not be idempotent.
+ type: str
+ layer:
+ description:
+ - Layer that the rule belongs to identified by the name or UID.
+ type: str
+ name:
+ description:
+ - Object name.
+ type: str
+ required: True
+ action:
+ description:
+ - Action-the enforced profile.
+ type: str
+ destination:
+ description:
+ - Collection of Network objects identified by the name or UID.
+ type: list
+ elements: str
+ destination_negate:
+ description:
+ - True if negate is set for destination.
+ type: bool
+ enabled:
+ description:
+ - Enable/Disable the rule.
+ type: bool
+ install_on:
+ description:
+ - Which Gateways identified by the name or UID to install the policy on.
+ type: list
+ elements: str
+ protected_scope:
+ description:
+ - Collection of objects defining Protected Scope identified by the name or UID.
+ type: list
+ elements: str
+ protected_scope_negate:
+ description:
+ - True if negate is set for Protected Scope.
+ type: bool
+ service:
+ description:
+ - Collection of Network objects identified by the name or UID.
+ type: list
+ elements: str
+ service_negate:
+ description:
+ - True if negate is set for Service.
+ type: bool
+ source:
+ description:
+ - Collection of Network objects identified by the name or UID.
+ type: list
+ elements: str
+ source_negate:
+ description:
+ - True if negate is set for source.
+ type: bool
+ track:
+ description:
+ - Packet tracking.
+ type: str
+ track_settings:
+ description:
+ - Threat rule track settings.
+ type: dict
+ suboptions:
+ packet_capture:
+ description:
+ - Packet capture.
+ type: bool
+ comments:
+ description:
+ - Comments string.
+ type: str
+ details_level:
+ description:
+ - The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed
+ representation of the object.
+ type: str
+ choices: ['uid', 'standard', 'full']
+ ignore_warnings:
+ description:
+ - Apply changes ignoring warnings.
+ type: bool
+ ignore_errors:
+ description:
+ - Apply changes ignoring errors. You won't be able to publish such a changes. If ignore-warnings flag was omitted - warnings will also be ignored.
+ type: bool
+extends_documentation_fragment: check_point.mgmt.checkpoint_objects
+"""
+
+EXAMPLES = """
+- name: add-threat-rule
+ cp_mgmt_threat_rule:
+ comments: ''
+ install_on: Policy Targets
+ layer: New Layer 1
+ name: First threat rule
+ position: 1
+ protected_scope: All_Internet
+ state: present
+ track: None
+
+- name: set-threat-rule
+ cp_mgmt_threat_rule:
+ action: New Profile 1
+ comments: commnet for the first rule
+ install_on: Policy Targets
+ layer: New Layer 1
+ name: Rule Name
+ position: 1
+ protected_scope: All_Internet
+ state: present
+
+- name: delete-threat-rule
+ cp_mgmt_threat_rule:
+ layer: New Layer 1
+ name: Rule Name
+ state: absent
+"""
+
+RETURN = """
+cp_mgmt_threat_rule:
+ description: The checkpoint object created or updated.
+ returned: always, except when deleting the object.
+ type: dict
+"""
+
+from ansible.module_utils.basic import AnsibleModule
+from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_objects, api_call, api_call_for_rule
+
+
+def main():
+ argument_spec = dict(
+ position=dict(type='str'),
+ layer=dict(type='str'),
+ name=dict(type='str', required=True),
+ action=dict(type='str'),
+ destination=dict(type='list', elements='str'),
+ destination_negate=dict(type='bool'),
+ enabled=dict(type='bool'),
+ install_on=dict(type='list', elements='str'),
+ protected_scope=dict(type='list', elements='str'),
+ protected_scope_negate=dict(type='bool'),
+ service=dict(type='list', elements='str'),
+ service_negate=dict(type='bool'),
+ source=dict(type='list', elements='str'),
+ source_negate=dict(type='bool'),
+ track=dict(type='str'),
+ track_settings=dict(type='dict', options=dict(
+ packet_capture=dict(type='bool')
+ )),
+ comments=dict(type='str'),
+ details_level=dict(type='str', choices=['uid', 'standard', 'full']),
+ ignore_warnings=dict(type='bool'),
+ ignore_errors=dict(type='bool')
+ )
+ argument_spec.update(checkpoint_argument_spec_for_objects)
+
+ module = AnsibleModule(argument_spec=argument_spec, supports_check_mode=True)
+ api_call_object = 'threat-rule'
+
+ if module.params['position'] is None:
+ result = api_call(module, api_call_object)
+ else:
+ result = api_call_for_rule(module, api_call_object)
+
+ module.exit_json(**result)
+
+
+if __name__ == '__main__':
+ main()
diff --git a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_threat_rule_facts.py b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_threat_rule_facts.py
new file mode 100644
index 000000000..683784bc8
--- /dev/null
+++ b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_threat_rule_facts.py
@@ -0,0 +1,210 @@
+#!/usr/bin/python
+# -*- coding: utf-8 -*-
+#
+# Ansible module to manage Check Point Firewall (c) 2019
+#
+# Ansible is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# Ansible is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with Ansible. If not, see <http://www.gnu.org/licenses/>.
+#
+
+from __future__ import (absolute_import, division, print_function)
+
+__metaclass__ = type
+
+ANSIBLE_METADATA = {'metadata_version': '1.1',
+ 'status': ['preview'],
+ 'supported_by': 'community'}
+
+DOCUMENTATION = """
+---
+module: cp_mgmt_threat_rule_facts
+short_description: Get threat-rule objects facts on Check Point over Web Services API
+description:
+ - Get threat-rule objects facts on Check Point devices.
+ - All operations are performed over Web Services API.
+ - This module handles both operations, get a specific object and get several objects,
+ For getting a specific object use the parameter 'name'.
+version_added: "1.0.0"
+author: "Or Soffer (@chkp-orso)"
+options:
+ name:
+ description:
+ - Object name. Should be unique in the domain.
+ type: str
+ layer:
+ description:
+ - Layer that the rule belongs to identified by the name or UID.
+ type: str
+ details_level:
+ description:
+ - The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed
+ representation of the object.
+ type: str
+ choices: ['uid', 'standard', 'full']
+ filter:
+ description:
+ - Search expression to filter the rulebase. The provided text should be exactly the same as it would be given in Smart Console. The logical
+ operators in the expression ('AND', 'OR') should be provided in capital letters. If an operator is not used, the default OR operator applies.
+ type: str
+ filter_settings:
+ description:
+ - Sets filter preferences.
+ type: dict
+ suboptions:
+ search_mode:
+ description:
+ - When set to 'general', both the Full Text Search and Packet Search are enabled. In this mode, Packet Search will not match on 'Any'
+ object, a negated cell or a group-with-exclusion. When the search-mode is set to 'packet', by default, the match on 'Any' object, a negated cell
+ or a group-with-exclusion are enabled. packet-search-settings may be provided to change the default behavior.
+ type: str
+ choices: ['general', 'packet']
+ packet_search_settings:
+ description:
+ - When 'search-mode' is set to 'packet', this object allows to set the packet search preferences.
+ type: dict
+ suboptions:
+ expand_group_members:
+ description:
+ - When true, if the search expression contains a UID or a name of a group object, results will include rules that match on at
+ least one member of the group.
+ type: bool
+ expand_group_with_exclusion_members:
+ description:
+ - When true, if the search expression contains a UID or a name of a group-with-exclusion object, results will include rules that
+ match at least one member of the "include" part and is not a member of the "except" part.
+ type: bool
+ match_on_any:
+ description:
+ - Whether to match on 'Any' object.
+ type: bool
+ match_on_group_with_exclusion:
+ description:
+ - Whether to match on a group-with-exclusion.
+ type: bool
+ match_on_negate:
+ description:
+ - Whether to match on a negated cell.
+ type: bool
+ limit:
+ description:
+ - No more than that many results will be returned.
+ This parameter is relevant only for getting few objects.
+ type: int
+ offset:
+ description:
+ - Skip that many results before beginning to return them.
+ This parameter is relevant only for getting few objects.
+ type: int
+ order:
+ description:
+ - Sorts results by the given field. By default the results are sorted in the ascending order by name.
+ This parameter is relevant only for getting few objects.
+ type: list
+ elements: dict
+ suboptions:
+ ASC:
+ description:
+ - Sorts results by the given field in ascending order.
+ type: str
+ choices: ['name']
+ DESC:
+ description:
+ - Sorts results by the given field in descending order.
+ type: str
+ choices: ['name']
+ package:
+ description:
+ - Name of the package.
+ type: str
+ use_object_dictionary:
+ description:
+ - N/A
+ type: bool
+ dereference_group_members:
+ description:
+ - Indicates whether to dereference "members" field by details level for every object in reply.
+ type: bool
+ show_membership:
+ description:
+ - Indicates whether to calculate and show "groups" field for every object in reply.
+ type: bool
+extends_documentation_fragment: check_point.mgmt.checkpoint_facts
+"""
+
+EXAMPLES = """
+- name: show-threat-rule
+ cp_mgmt_threat_rule_facts:
+ layer: New Layer 1
+ name: Rule Name
+
+- name: show-threat-rulebase
+ cp_mgmt_threat_rule_facts:
+ details_level: standard
+ filter: ''
+ limit: 20
+ name: Threat Prevention
+ offset: 0
+ use_object_dictionary: false
+"""
+
+RETURN = """
+ansible_facts:
+ description: The checkpoint object facts.
+ returned: always.
+ type: dict
+"""
+
+from ansible.module_utils.basic import AnsibleModule
+from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_facts, api_call_facts_for_rule
+
+
+def main():
+ argument_spec = dict(
+ name=dict(type='str'),
+ layer=dict(type='str'),
+ details_level=dict(type='str', choices=['uid', 'standard', 'full']),
+ filter=dict(type='str'),
+ filter_settings=dict(type='dict', options=dict(
+ search_mode=dict(type='str', choices=['general', 'packet']),
+ packet_search_settings=dict(type='dict', options=dict(
+ expand_group_members=dict(type='bool'),
+ expand_group_with_exclusion_members=dict(type='bool'),
+ match_on_any=dict(type='bool'),
+ match_on_group_with_exclusion=dict(type='bool'),
+ match_on_negate=dict(type='bool')
+ ))
+ )),
+ limit=dict(type='int'),
+ offset=dict(type='int'),
+ order=dict(type='list', elements='dict', options=dict(
+ ASC=dict(type='str', choices=['name']),
+ DESC=dict(type='str', choices=['name'])
+ )),
+ package=dict(type='str'),
+ use_object_dictionary=dict(type='bool'),
+ dereference_group_members=dict(type='bool'),
+ show_membership=dict(type='bool')
+ )
+ argument_spec.update(checkpoint_argument_spec_for_facts)
+
+ module = AnsibleModule(argument_spec=argument_spec, supports_check_mode=True)
+
+ api_call_object = "threat-rule"
+ api_call_object_plural_version = "threat-rulebase"
+
+ result = api_call_facts_for_rule(module, api_call_object, api_call_object_plural_version)
+ module.exit_json(ansible_facts=result)
+
+
+if __name__ == '__main__':
+ main()
diff --git a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_time.py b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_time.py
new file mode 100644
index 000000000..aa0af5e9a
--- /dev/null
+++ b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_time.py
@@ -0,0 +1,285 @@
+#!/usr/bin/python
+# -*- coding: utf-8 -*-
+#
+# Ansible module to manage Check Point Firewall (c) 2019
+#
+# Ansible is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# Ansible is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with Ansible. If not, see <http://www.gnu.org/licenses/>.
+#
+
+from __future__ import (absolute_import, division, print_function)
+
+__metaclass__ = type
+
+ANSIBLE_METADATA = {'metadata_version': '1.1',
+ 'status': ['preview'],
+ 'supported_by': 'community'}
+
+DOCUMENTATION = """
+---
+module: cp_mgmt_time
+short_description: Manages time objects on Check Point over Web Services API
+description:
+ - Manages time objects on Check Point devices including creating, updating and removing objects.
+ - All operations are performed over Web Services API.
+version_added: "1.0.0"
+author: "Or Soffer (@chkp-orso)"
+options:
+ name:
+ description:
+ - Object name.
+ type: str
+ required: True
+ end:
+ description:
+ - End time. Note, Each gateway may interpret this time differently according to its time zone.
+ type: dict
+ suboptions:
+ date:
+ description:
+ - Date in format dd-MMM-yyyy.
+ type: str
+ iso_8601:
+ description:
+ - Date and time represented in international ISO 8601 format. Time zone information is ignored.
+ type: str
+ posix:
+ description:
+ - Number of milliseconds that have elapsed since 00,00,00, 1 January 1970.
+ type: int
+ time:
+ description:
+ - Time in format HH,mm.
+ type: str
+ end_never:
+ description:
+ - End never.
+ type: bool
+ hours_ranges:
+ description:
+ - Hours recurrence. Note, Each gateway may interpret this time differently according to its time zone.
+ type: list
+ elements: dict
+ suboptions:
+ enabled:
+ description:
+ - Is hour range enabled.
+ type: bool
+ from:
+ description:
+ - Time in format HH,MM.
+ type: str
+ index:
+ description:
+ - Hour range index.
+ type: int
+ to:
+ description:
+ - Time in format HH,MM.
+ type: str
+ start:
+ description:
+ - Starting time. Note, Each gateway may interpret this time differently according to its time zone.
+ type: dict
+ suboptions:
+ date:
+ description:
+ - Date in format dd-MMM-yyyy.
+ type: str
+ iso_8601:
+ description:
+ - Date and time represented in international ISO 8601 format. Time zone information is ignored.
+ type: str
+ posix:
+ description:
+ - Number of milliseconds that have elapsed since 00,00,00, 1 January 1970.
+ type: int
+ time:
+ description:
+ - Time in format HH,mm.
+ type: str
+ start_now:
+ description:
+ - Start immediately.
+ type: bool
+ tags:
+ description:
+ - Collection of tag identifiers.
+ type: list
+ elements: str
+ recurrence:
+ description:
+ - Days recurrence.
+ type: dict
+ suboptions:
+ days:
+ description:
+ - Valid on specific days. Multiple options, support range of days in months. Example,["1","3","9-20"].
+ type: list
+ elements: str
+ month:
+ description:
+ - Valid on month. Example, "1", "2","12","Any".
+ type: str
+ pattern:
+ description:
+ - Valid on "Daily", "Weekly", "Monthly" base.
+ type: str
+ weekdays:
+ description:
+ - Valid on weekdays. Example, "Sun", "Mon"..."Sat".
+ type: list
+ elements: str
+ color:
+ description:
+ - Color of the object. Should be one of existing colors.
+ type: str
+ choices: ['aquamarine', 'black', 'blue', 'crete blue', 'burlywood', 'cyan', 'dark green', 'khaki', 'orchid', 'dark orange', 'dark sea green',
+ 'pink', 'turquoise', 'dark blue', 'firebrick', 'brown', 'forest green', 'gold', 'dark gold', 'gray', 'dark gray', 'light green', 'lemon chiffon',
+ 'coral', 'sea green', 'sky blue', 'magenta', 'purple', 'slate blue', 'violet red', 'navy blue', 'olive', 'orange', 'red', 'sienna', 'yellow']
+ comments:
+ description:
+ - Comments string.
+ type: str
+ details_level:
+ description:
+ - The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed
+ representation of the object.
+ type: str
+ choices: ['uid', 'standard', 'full']
+ groups:
+ description:
+ - Collection of group identifiers.
+ type: list
+ elements: str
+ ignore_warnings:
+ description:
+ - Apply changes ignoring warnings.
+ type: bool
+ ignore_errors:
+ description:
+ - Apply changes ignoring errors. You won't be able to publish such a changes. If ignore-warnings flag was omitted - warnings will also be ignored.
+ type: bool
+extends_documentation_fragment: check_point.mgmt.checkpoint_objects
+"""
+
+EXAMPLES = """
+- name: add-time
+ cp_mgmt_time:
+ end:
+ date: 24-Nov-2014
+ time: '21:22'
+ end_never: 'false'
+ hours_ranges:
+ - enabled: true
+ from: 00:00
+ index: 1
+ to: 00:00
+ - enabled: false
+ from: 00:00
+ index: 2
+ to: 00:00
+ name: timeObject1
+ recurrence:
+ days:
+ - '1'
+ month: Any
+ pattern: Daily
+ weekdays:
+ - Sun
+ - Mon
+ start_now: 'true'
+ state: present
+
+- name: set-time
+ cp_mgmt_time:
+ hours_ranges:
+ - from: 00:22
+ to: 00:33
+ name: timeObject1
+ recurrence:
+ month: Any
+ pattern: Weekly
+ weekdays:
+ - Fri
+ state: present
+
+- name: delete-time
+ cp_mgmt_time:
+ name: timeObject1
+ state: absent
+"""
+
+RETURN = """
+cp_mgmt_time:
+ description: The checkpoint object created or updated.
+ returned: always, except when deleting the object.
+ type: dict
+"""
+
+from ansible.module_utils.basic import AnsibleModule
+from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_objects, api_call
+
+
+def main():
+ argument_spec = dict(
+ name=dict(type='str', required=True),
+ end=dict(type='dict', options=dict(
+ date=dict(type='str'),
+ iso_8601=dict(type='str'),
+ posix=dict(type='int'),
+ time=dict(type='str')
+ )),
+ end_never=dict(type='bool'),
+ hours_ranges=dict(type='list', elements='dict', options=dict(
+ enabled=dict(type='bool'),
+ index=dict(type='int'),
+ to=dict(type='str')
+ )),
+ start=dict(type='dict', options=dict(
+ date=dict(type='str'),
+ iso_8601=dict(type='str'),
+ posix=dict(type='int'),
+ time=dict(type='str')
+ )),
+ start_now=dict(type='bool'),
+ tags=dict(type='list', elements='str'),
+ recurrence=dict(type='dict', options=dict(
+ days=dict(type='list', elements='str'),
+ month=dict(type='str'),
+ pattern=dict(type='str'),
+ weekdays=dict(type='list', elements='str')
+ )),
+ color=dict(type='str', choices=['aquamarine', 'black', 'blue', 'crete blue', 'burlywood', 'cyan', 'dark green',
+ 'khaki', 'orchid', 'dark orange', 'dark sea green', 'pink', 'turquoise', 'dark blue', 'firebrick', 'brown',
+ 'forest green', 'gold', 'dark gold', 'gray', 'dark gray', 'light green', 'lemon chiffon', 'coral', 'sea green',
+ 'sky blue', 'magenta', 'purple', 'slate blue', 'violet red', 'navy blue', 'olive', 'orange', 'red', 'sienna',
+ 'yellow']),
+ comments=dict(type='str'),
+ details_level=dict(type='str', choices=['uid', 'standard', 'full']),
+ groups=dict(type='list', elements='str'),
+ ignore_warnings=dict(type='bool'),
+ ignore_errors=dict(type='bool')
+ )
+ argument_spec['hours_ranges']['options']['from'] = dict(type='str')
+ argument_spec.update(checkpoint_argument_spec_for_objects)
+
+ module = AnsibleModule(argument_spec=argument_spec, supports_check_mode=True)
+ api_call_object = 'time'
+
+ result = api_call(module, api_call_object)
+ module.exit_json(**result)
+
+
+if __name__ == '__main__':
+ main()
diff --git a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_time_facts.py b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_time_facts.py
new file mode 100644
index 000000000..40eb88026
--- /dev/null
+++ b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_time_facts.py
@@ -0,0 +1,127 @@
+#!/usr/bin/python
+# -*- coding: utf-8 -*-
+#
+# Ansible module to manage Check Point Firewall (c) 2019
+#
+# Ansible is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# Ansible is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with Ansible. If not, see <http://www.gnu.org/licenses/>.
+#
+
+from __future__ import (absolute_import, division, print_function)
+
+__metaclass__ = type
+
+ANSIBLE_METADATA = {'metadata_version': '1.1',
+ 'status': ['preview'],
+ 'supported_by': 'community'}
+
+DOCUMENTATION = """
+---
+module: cp_mgmt_time_facts
+short_description: Get time objects facts on Check Point over Web Services API
+description:
+ - Get time objects facts on Check Point devices.
+ - All operations are performed over Web Services API.
+ - This module handles both operations, get a specific object and get several objects,
+ For getting a specific object use the parameter 'name'.
+version_added: "1.0.0"
+author: "Or Soffer (@chkp-orso)"
+options:
+ name:
+ description:
+ - Object name.
+ This parameter is relevant only for getting a specific object.
+ type: str
+ details_level:
+ description:
+ - The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed
+ representation of the object.
+ type: str
+ choices: ['uid', 'standard', 'full']
+ limit:
+ description:
+ - No more than that many results will be returned.
+ This parameter is relevant only for getting few objects.
+ type: int
+ offset:
+ description:
+ - Skip that many results before beginning to return them.
+ This parameter is relevant only for getting few objects.
+ type: int
+ order:
+ description:
+ - Sorts results by the given field. By default the results are sorted in the ascending order by name.
+ This parameter is relevant only for getting few objects.
+ type: list
+ elements: dict
+ suboptions:
+ ASC:
+ description:
+ - Sorts results by the given field in ascending order.
+ type: str
+ choices: ['name']
+ DESC:
+ description:
+ - Sorts results by the given field in descending order.
+ type: str
+ choices: ['name']
+extends_documentation_fragment: check_point.mgmt.checkpoint_facts
+"""
+
+EXAMPLES = """
+- name: show-time
+ cp_mgmt_time_facts:
+ name: timeObject1
+
+- name: show-times
+ cp_mgmt_time_facts:
+ details_level: standard
+ limit: 50
+ offset: 0
+"""
+
+RETURN = """
+ansible_facts:
+ description: The checkpoint object facts.
+ returned: always.
+ type: dict
+"""
+
+from ansible.module_utils.basic import AnsibleModule
+from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_facts, api_call_facts
+
+
+def main():
+ argument_spec = dict(
+ name=dict(type='str'),
+ details_level=dict(type='str', choices=['uid', 'standard', 'full']),
+ limit=dict(type='int'),
+ offset=dict(type='int'),
+ order=dict(type='list', elements='dict', options=dict(
+ ASC=dict(type='str', choices=['name']),
+ DESC=dict(type='str', choices=['name'])
+ ))
+ )
+ argument_spec.update(checkpoint_argument_spec_for_facts)
+
+ module = AnsibleModule(argument_spec=argument_spec, supports_check_mode=True)
+
+ api_call_object = "time"
+ api_call_object_plural_version = "times"
+
+ result = api_call_facts(module, api_call_object, api_call_object_plural_version)
+ module.exit_json(ansible_facts=result)
+
+
+if __name__ == '__main__':
+ main()
diff --git a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_trusted_client.py b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_trusted_client.py
new file mode 100644
index 000000000..9b885f83a
--- /dev/null
+++ b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_trusted_client.py
@@ -0,0 +1,216 @@
+#!/usr/bin/python
+# -*- coding: utf-8 -*-
+#
+# Ansible module to manage CheckPoint Firewall (c) 2019
+#
+# Ansible is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# Ansible is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with Ansible. If not, see <http://www.gnu.org/licenses/>.
+#
+
+from __future__ import (absolute_import, division, print_function)
+
+__metaclass__ = type
+
+ANSIBLE_METADATA = {'metadata_version': '1.1',
+ 'status': ['preview'],
+ 'supported_by': 'community'}
+
+DOCUMENTATION = """
+---
+module: cp_mgmt_trusted_client
+short_description: Manages trusted-client objects on Checkpoint over Web Services API
+description:
+ - Manages trusted-client objects on Checkpoint devices including creating, updating and removing objects.
+ - All operations are performed over Web Services API.
+version_added: "2.1.0"
+author: "Or Soffer (@chkp-orso)"
+options:
+ name:
+ description:
+ - Object name.
+ type: str
+ required: True
+ ip_address:
+ description:
+ - IPv4 or IPv6 address. If both addresses are required use ipv4-address and ipv6-address fields explicitly.
+ type: str
+ ipv4_address:
+ description:
+ - IPv4 address.
+ type: str
+ ipv6_address:
+ description:
+ - IPv6 address.
+ type: str
+ domains_assignment:
+ description:
+ - Domains to be added to this profile. Use domain name only. See example below, "add-trusted-client (with domain)".
+ type: list
+ elements: str
+ ip_address_first:
+ description:
+ - First IP address in the range. If both IPv4 and IPv6 address ranges are required, use the ipv4-address-first and the ipv6-address-first fields instead.
+ type: str
+ ipv4_address_first:
+ description:
+ - First IPv4 address in the range.
+ type: str
+ ipv6_address_first:
+ description:
+ - First IPv6 address in the range.
+ type: str
+ ip_address_last:
+ description:
+ - Last IP address in the range. If both IPv4 and IPv6 address ranges are required, use the ipv4-address-first and the ipv6-address-first fields instead.
+ type: str
+ ipv4_address_last:
+ description:
+ - Last IPv4 address in the range.
+ type: str
+ ipv6_address_last:
+ description:
+ - Last IPv6 address in the range.
+ type: str
+ mask_length:
+ description:
+ - IPv4 or IPv6 mask length. If both masks are required use mask-length4 and mask-length6 fields explicitly.
+ type: int
+ mask_length4:
+ description:
+ - IPv4 mask length.
+ type: int
+ mask_length6:
+ description:
+ - IPv6 mask length.
+ type: int
+ multi_domain_server_trusted_client:
+ description:
+ - Let this trusted client connect to all Multi-Domain Servers in the deployment.
+ type: bool
+ tags:
+ description:
+ - Collection of tag identifiers.
+ type: list
+ elements: str
+ type:
+ description:
+ - Trusted client type.
+ type: str
+ choices: ['any', 'domain', 'ipv4 address', 'ipv4 address range', 'ipv4 netmask', 'ipv6 address', 'ipv6 address range', 'ipv6 netmask', 'name',
+ 'wild cards (ip only)']
+ wild_card:
+ description:
+ - IP wild card (e.g. 192.0.2.*).
+ type: str
+ color:
+ description:
+ - Color of the object. Should be one of existing colors.
+ type: str
+ choices: ['aquamarine', 'black', 'blue', 'crete blue', 'burlywood', 'cyan', 'dark green', 'khaki', 'orchid', 'dark orange', 'dark sea green',
+ 'pink', 'turquoise', 'dark blue', 'firebrick', 'brown', 'forest green', 'gold', 'dark gold', 'gray', 'dark gray', 'light green', 'lemon chiffon',
+ 'coral', 'sea green', 'sky blue', 'magenta', 'purple', 'slate blue', 'violet red', 'navy blue', 'olive', 'orange', 'red', 'sienna', 'yellow']
+ comments:
+ description:
+ - Comments string.
+ type: str
+ details_level:
+ description:
+ - The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed
+ representation of the object.
+ type: str
+ choices: ['uid', 'standard', 'full']
+ ignore_warnings:
+ description:
+ - Apply changes ignoring warnings.
+ type: bool
+ ignore_errors:
+ description:
+ - Apply changes ignoring errors. You won't be able to publish such a changes. If ignore-warnings flag was omitted - warnings will also be ignored.
+ type: bool
+extends_documentation_fragment: check_point.mgmt.checkpoint_objects
+"""
+
+EXAMPLES = """
+- name: add-trusted-client
+ cp_mgmt_trusted_client:
+ name: my client
+ state: present
+ type: ANY
+
+- name: set-trusted-client
+ cp_mgmt_trusted_client:
+ ip_address: 192.0.2.1
+ mask_length: '24'
+ name: my client
+ state: present
+ type: NETMASK
+
+- name: delete-trusted-client
+ cp_mgmt_trusted_client:
+ name: my client
+ state: absent
+"""
+
+RETURN = """
+cp_mgmt_trusted_client:
+ description: The checkpoint object created or updated.
+ returned: always, except when deleting the object.
+ type: dict
+"""
+
+from ansible.module_utils.basic import AnsibleModule
+from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_objects, api_call
+
+
+def main():
+ argument_spec = dict(
+ name=dict(type='str', required=True),
+ ip_address=dict(type='str'),
+ ipv4_address=dict(type='str'),
+ ipv6_address=dict(type='str'),
+ domains_assignment=dict(type='list', elements='str'),
+ ip_address_first=dict(type='str'),
+ ipv4_address_first=dict(type='str'),
+ ipv6_address_first=dict(type='str'),
+ ip_address_last=dict(type='str'),
+ ipv4_address_last=dict(type='str'),
+ ipv6_address_last=dict(type='str'),
+ mask_length=dict(type='int'),
+ mask_length4=dict(type='int'),
+ mask_length6=dict(type='int'),
+ multi_domain_server_trusted_client=dict(type='bool'),
+ tags=dict(type='list', elements='str'),
+ type=dict(type='str', choices=['any', 'domain', 'ipv4 address', 'ipv4 address range', 'ipv4 netmask',
+ 'ipv6 address', 'ipv6 address range', 'ipv6 netmask', 'name', 'wild cards (ip only)']),
+ wild_card=dict(type='str'),
+ color=dict(type='str', choices=['aquamarine', 'black', 'blue', 'crete blue', 'burlywood', 'cyan', 'dark green',
+ 'khaki', 'orchid', 'dark orange', 'dark sea green', 'pink', 'turquoise', 'dark blue', 'firebrick', 'brown',
+ 'forest green', 'gold', 'dark gold', 'gray', 'dark gray', 'light green', 'lemon chiffon', 'coral', 'sea green',
+ 'sky blue', 'magenta', 'purple', 'slate blue', 'violet red', 'navy blue', 'olive', 'orange', 'red', 'sienna',
+ 'yellow']),
+ comments=dict(type='str'),
+ details_level=dict(type='str', choices=['uid', 'standard', 'full']),
+ ignore_warnings=dict(type='bool'),
+ ignore_errors=dict(type='bool')
+ )
+ argument_spec.update(checkpoint_argument_spec_for_objects)
+
+ module = AnsibleModule(argument_spec=argument_spec, supports_check_mode=True)
+ api_call_object = 'trusted-client'
+
+ result = api_call(module, api_call_object)
+ module.exit_json(**result)
+
+
+if __name__ == '__main__':
+ main()
diff --git a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_trusted_client_facts.py b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_trusted_client_facts.py
new file mode 100644
index 000000000..8991e1125
--- /dev/null
+++ b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_trusted_client_facts.py
@@ -0,0 +1,134 @@
+#!/usr/bin/python
+# -*- coding: utf-8 -*-
+#
+# Ansible module to manage CheckPoint Firewall (c) 2019
+#
+# Ansible is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# Ansible is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with Ansible. If not, see <http://www.gnu.org/licenses/>.
+#
+
+from __future__ import (absolute_import, division, print_function)
+
+__metaclass__ = type
+
+ANSIBLE_METADATA = {'metadata_version': '1.1',
+ 'status': ['preview'],
+ 'supported_by': 'community'}
+
+DOCUMENTATION = """
+---
+module: cp_mgmt_trusted_client_facts
+short_description: Get trusted-client objects facts on Checkpoint over Web Services API
+description:
+ - Get trusted-client objects facts on Checkpoint devices.
+ - All operations are performed over Web Services API.
+ - This module handles both operations, get a specific object and get several objects,
+ For getting a specific object use the parameter 'name'.
+version_added: "2.1.0"
+author: "Or Soffer (@chkp-orso)"
+options:
+ name:
+ description:
+ - Object name.
+ This parameter is relevant only for getting a specific object.
+ type: str
+ details_level:
+ description:
+ - The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed
+ representation of the object.
+ type: str
+ choices: ['uid', 'standard', 'full']
+ filter:
+ description:
+ - Search expression to filter objects by. The provided text should be exactly the same as it would be given in SmartConsole Object Explorer. The
+ logical operators in the expression ('AND', 'OR') should be provided in capital letters. The search involves both a IP search and a textual search in
+ name, comment, tags etc.
+ type: str
+ limit:
+ description:
+ - The maximal number of returned results.
+ This parameter is relevant only for getting few objects.
+ type: int
+ offset:
+ description:
+ - Number of the results to initially skip.
+ This parameter is relevant only for getting few objects.
+ type: int
+ order:
+ description:
+ - Sorts the results by search criteria. Automatically sorts the results by Name, in the ascending order.
+ This parameter is relevant only for getting few objects.
+ type: list
+ elements: dict
+ suboptions:
+ ASC:
+ description:
+ - Sorts results by the given field in ascending order.
+ type: str
+ choices: ['name']
+ DESC:
+ description:
+ - Sorts results by the given field in descending order.
+ type: str
+ choices: ['name']
+extends_documentation_fragment: check_point.mgmt.checkpoint_facts
+"""
+
+EXAMPLES = """
+- name: show-trusted-client
+ cp_mgmt_trusted_client_facts:
+ name: anyHost
+
+- name: show-trusted-clients
+ cp_mgmt_trusted_client_facts:
+ details_level: standard
+ limit: 50
+ offset: 0
+"""
+
+RETURN = """
+ansible_facts:
+ description: The checkpoint object facts.
+ returned: always.
+ type: dict
+"""
+
+from ansible.module_utils.basic import AnsibleModule
+from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_facts, api_call_facts
+
+
+def main():
+ argument_spec = dict(
+ name=dict(type='str'),
+ details_level=dict(type='str', choices=['uid', 'standard', 'full']),
+ filter=dict(type='str'),
+ limit=dict(type='int'),
+ offset=dict(type='int'),
+ order=dict(type='list', elements='dict', options=dict(
+ ASC=dict(type='str', choices=['name']),
+ DESC=dict(type='str', choices=['name'])
+ ))
+ )
+ argument_spec.update(checkpoint_argument_spec_for_facts)
+
+ module = AnsibleModule(argument_spec=argument_spec, supports_check_mode=True)
+
+ api_call_object = "trusted-client"
+ api_call_object_plural_version = "trusted-clients"
+
+ result = api_call_facts(module, api_call_object, api_call_object_plural_version)
+ module.exit_json(ansible_facts=result)
+
+
+if __name__ == '__main__':
+ main()
diff --git a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_uninstall_software_package.py b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_uninstall_software_package.py
new file mode 100644
index 000000000..1ddb16d74
--- /dev/null
+++ b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_uninstall_software_package.py
@@ -0,0 +1,106 @@
+#!/usr/bin/python
+# -*- coding: utf-8 -*-
+#
+# Ansible module to manage CheckPoint Firewall (c) 2019
+#
+# Ansible is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# Ansible is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with Ansible. If not, see <http://www.gnu.org/licenses/>.
+#
+
+from __future__ import (absolute_import, division, print_function)
+
+__metaclass__ = type
+
+ANSIBLE_METADATA = {'metadata_version': '1.1',
+ 'status': ['preview'],
+ 'supported_by': 'community'}
+
+DOCUMENTATION = """
+---
+module: cp_mgmt_uninstall_software_package
+short_description: Uninstalls the software package from target machines.
+description:
+ - Uninstalls the software package from target machines.
+ - All operations are performed over Web Services API.
+version_added: "2.0.0"
+author: "Or Soffer (@chkp-orso)"
+options:
+ name:
+ description:
+ - The name of the software package.
+ type: str
+ targets:
+ description:
+ - On what targets to execute this command. Targets may be identified by their name, or object unique identifier.
+ type: list
+ elements: str
+ cluster_installation_settings:
+ description:
+ - Installation settings for cluster.
+ type: dict
+ suboptions:
+ cluster_delay:
+ description:
+ - The delay between end of installation on one cluster members and start of installation on the next cluster member.
+ type: int
+ cluster_strategy:
+ description:
+ - The cluster installation strategy.
+ type: str
+ concurrency_limit:
+ description:
+ - The number of targets, on which the same package is installed at the same time.
+ type: int
+extends_documentation_fragment: check_point.mgmt.checkpoint_commands
+"""
+
+EXAMPLES = """
+- name: uninstall-software-package
+ cp_mgmt_uninstall_software_package:
+ name: Check_Point_R80_40_JHF_MCD_DEMO_019_MAIN_Bundle_T1_VISIBLE_FULL.tgz
+ targets.1: corporate-gateway
+"""
+
+RETURN = """
+cp_mgmt_uninstall_software_package:
+ description: The checkpoint uninstall-software-package output.
+ returned: always.
+ type: dict
+"""
+
+from ansible.module_utils.basic import AnsibleModule
+from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_commands, api_command
+
+
+def main():
+ argument_spec = dict(
+ name=dict(type='str'),
+ targets=dict(type='list', elements='str'),
+ cluster_installation_settings=dict(type='dict', options=dict(
+ cluster_delay=dict(type='int'),
+ cluster_strategy=dict(type='str')
+ )),
+ concurrency_limit=dict(type='int')
+ )
+ argument_spec.update(checkpoint_argument_spec_for_commands)
+
+ module = AnsibleModule(argument_spec=argument_spec)
+
+ command = "uninstall-software-package"
+
+ result = api_command(module, command)
+ module.exit_json(**result)
+
+
+if __name__ == '__main__':
+ main()
diff --git a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_update_provisioned_satellites.py b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_update_provisioned_satellites.py
new file mode 100644
index 000000000..5202c95b5
--- /dev/null
+++ b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_update_provisioned_satellites.py
@@ -0,0 +1,80 @@
+#!/usr/bin/python
+# -*- coding: utf-8 -*-
+#
+# Ansible module to manage CheckPoint Firewall (c) 2019
+#
+# Ansible is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# Ansible is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with Ansible. If not, see <http://www.gnu.org/licenses/>.
+#
+
+from __future__ import (absolute_import, division, print_function)
+
+__metaclass__ = type
+
+ANSIBLE_METADATA = {'metadata_version': '1.1',
+ 'status': ['preview'],
+ 'supported_by': 'community'}
+
+DOCUMENTATION = """
+---
+module: cp_mgmt_update_provisioned_satellites
+short_description: Executes the update-provisioned-satellites on center gateways of VPN communities.
+description:
+ - Executes the update-provisioned-satellites on center gateways of VPN communities.
+ - All operations are performed over Web Services API.
+version_added: "3.0.0"
+author: "Shiran Golzar (@chkp-shirango)"
+options:
+ vpn_center_gateways:
+ description:
+ - On what targets to execute this command. Targets may be identified by their name, or object unique identifier. The targets should be a
+ corporate gateways.
+ type: list
+ elements: str
+extends_documentation_fragment: check_point.mgmt.checkpoint_commands
+"""
+
+EXAMPLES = """
+- name: update-provisioned-satellites
+ cp_mgmt_update_provisioned_satellites:
+ vpn_center_gateways:
+ - co_gateway
+"""
+
+RETURN = """
+cp_mgmt_update_provisioned_satellites:
+ description: The checkpoint update-provisioned-satellites output.
+ returned: always.
+ type: dict
+"""
+
+from ansible.module_utils.basic import AnsibleModule
+from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_commands, api_command
+
+
+def main():
+ argument_spec = dict(
+ vpn_center_gateways=dict(type='list', elements='str')
+ )
+ argument_spec.update(checkpoint_argument_spec_for_commands)
+
+ module = AnsibleModule(argument_spec=argument_spec)
+
+ command = "update-provisioned-satellites"
+
+ result = api_command(module, command)
+ module.exit_json(**result)
+
+
+if __name__ == '__main__':
+ main()
diff --git a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_verify_policy.py b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_verify_policy.py
new file mode 100644
index 000000000..77a4fc6eb
--- /dev/null
+++ b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_verify_policy.py
@@ -0,0 +1,77 @@
+#!/usr/bin/python
+# -*- coding: utf-8 -*-
+#
+# Ansible module to manage CheckPoint Firewall (c) 2019
+#
+# Ansible is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# Ansible is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with Ansible. If not, see <http://www.gnu.org/licenses/>.
+#
+
+from __future__ import (absolute_import, division, print_function)
+
+__metaclass__ = type
+
+ANSIBLE_METADATA = {'metadata_version': '1.1',
+ 'status': ['preview'],
+ 'supported_by': 'community'}
+
+DOCUMENTATION = """
+---
+module: cp_mgmt_verify_policy
+short_description: Verifies the policy of the selected package.
+description:
+ - Verifies the policy of the selected package.
+ - All operations are performed over Web Services API.
+version_added: "1.0.0"
+author: "Or Soffer (@chkp-orso)"
+options:
+ policy_package:
+ description:
+ - Policy package identified by the name or UID.
+ type: str
+extends_documentation_fragment: check_point.mgmt.checkpoint_commands
+"""
+
+EXAMPLES = """
+- name: verify-policy
+ cp_mgmt_verify_policy:
+ policy_package: standard
+"""
+
+RETURN = """
+cp_mgmt_verify_policy:
+ description: The checkpoint verify-policy output.
+ returned: always.
+ type: dict
+"""
+
+from ansible.module_utils.basic import AnsibleModule
+from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_commands, api_command
+
+
+def main():
+ argument_spec = dict(
+ policy_package=dict(type='str')
+ )
+ argument_spec.update(checkpoint_argument_spec_for_commands)
+
+ module = AnsibleModule(argument_spec=argument_spec)
+
+ command = "verify-policy"
+
+ result = api_command(module, command)
+ module.exit_json(**result)
+
+
+if __name__ == '__main__':
+ main()
diff --git a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_verify_software_package.py b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_verify_software_package.py
new file mode 100644
index 000000000..8f1d83816
--- /dev/null
+++ b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_verify_software_package.py
@@ -0,0 +1,104 @@
+#!/usr/bin/python
+# -*- coding: utf-8 -*-
+#
+# Ansible module to manage CheckPoint Firewall (c) 2019
+#
+# Ansible is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# Ansible is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with Ansible. If not, see <http://www.gnu.org/licenses/>.
+#
+
+from __future__ import (absolute_import, division, print_function)
+
+__metaclass__ = type
+
+ANSIBLE_METADATA = {'metadata_version': '1.1',
+ 'status': ['preview'],
+ 'supported_by': 'community'}
+
+DOCUMENTATION = """
+---
+module: cp_mgmt_verify_software_package
+short_description: Verifies the software package on target machines.
+description:
+ - Verifies the software package on target machines.
+ - All operations are performed over Web Services API.
+version_added: "2.0.0"
+author: "Or Soffer (@chkp-orso)"
+options:
+ name:
+ description:
+ - The name of the software package.
+ type: str
+ targets:
+ description:
+ - On what targets to execute this command. Targets may be identified by their name, or object unique identifier.
+ type: list
+ elements: str
+ concurrency_limit:
+ description:
+ - The number of targets, on which the same package is installed at the same time.
+ type: int
+ download_package:
+ description:
+ - NOTE, Supported from Check Point version R81
+ - Should the package be downloaded before verification.
+ type: bool
+ download_package_from:
+ description:
+ - NOTE, Supported from Check Point version R81
+ - Where is the package located.
+ type: str
+ choices: ['automatic', 'central', 'target-machine']
+extends_documentation_fragment: check_point.mgmt.checkpoint_commands
+"""
+
+EXAMPLES = """
+- name: verify-software-package
+ cp_mgmt_verify_software_package:
+ download_package: 'true'
+ download_package_from: target-machine
+ name: Check_Point_R80_40_JHF_MCD_DEMO_019_MAIN_Bundle_T1_VISIBLE_FULL.tgz
+ targets.1: corporate-gateway
+"""
+
+RETURN = """
+cp_mgmt_verify_software_package:
+ description: The checkpoint verify-software-package output.
+ returned: always.
+ type: dict
+"""
+
+from ansible.module_utils.basic import AnsibleModule
+from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_commands, api_command
+
+
+def main():
+ argument_spec = dict(
+ name=dict(type='str'),
+ targets=dict(type='list', elements='str'),
+ concurrency_limit=dict(type='int'),
+ download_package=dict(type='bool'),
+ download_package_from=dict(type='str', choices=['automatic', 'central', 'target-machine'])
+ )
+ argument_spec.update(checkpoint_argument_spec_for_commands)
+
+ module = AnsibleModule(argument_spec=argument_spec)
+
+ command = "verify-software-package"
+
+ result = api_command(module, command)
+ module.exit_json(**result)
+
+
+if __name__ == '__main__':
+ main()
diff --git a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_vpn_community_meshed.py b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_vpn_community_meshed.py
new file mode 100644
index 000000000..8ccc016e4
--- /dev/null
+++ b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_vpn_community_meshed.py
@@ -0,0 +1,232 @@
+#!/usr/bin/python
+# -*- coding: utf-8 -*-
+#
+# Ansible module to manage Check Point Firewall (c) 2019
+#
+# Ansible is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# Ansible is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with Ansible. If not, see <http://www.gnu.org/licenses/>.
+#
+
+from __future__ import (absolute_import, division, print_function)
+
+__metaclass__ = type
+
+ANSIBLE_METADATA = {'metadata_version': '1.1',
+ 'status': ['preview'],
+ 'supported_by': 'community'}
+
+DOCUMENTATION = """
+---
+module: cp_mgmt_vpn_community_meshed
+short_description: Manages vpn-community-meshed objects on Check Point over Web Services API
+description:
+ - Manages vpn-community-meshed objects on Check Point devices including creating, updating and removing objects.
+ - All operations are performed over Web Services API.
+version_added: "1.0.0"
+author: "Or Soffer (@chkp-orso)"
+options:
+ name:
+ description:
+ - Object name.
+ type: str
+ required: True
+ encryption_method:
+ description:
+ - The encryption method to be used.
+ type: str
+ choices: ['prefer ikev2 but support ikev1', 'ikev2 only', 'ikev1 for ipv4 and ikev2 for ipv6 only']
+ encryption_suite:
+ description:
+ - The encryption suite to be used.
+ type: str
+ choices: ['suite-b-gcm-256', 'custom', 'vpn b', 'vpn a', 'suite-b-gcm-128']
+ gateways:
+ description:
+ - Collection of Gateway objects identified by the name or UID.
+ type: list
+ elements: str
+ ike_phase_1:
+ description:
+ - Ike Phase 1 settings. Only applicable when the encryption-suite is set to [custom].
+ type: dict
+ suboptions:
+ data_integrity:
+ description:
+ - The hash algorithm to be used.
+ type: str
+ choices: ['aes-xcbc', 'sha1', 'sha256', 'sha384', 'md5']
+ diffie_hellman_group:
+ description:
+ - The Diffie-Hellman group to be used.
+ type: str
+ choices: ['group-1', 'group-2', 'group-5', 'group-14', 'group-19', 'group-20']
+ encryption_algorithm:
+ description:
+ - The encryption algorithm to be used.
+ type: str
+ choices: ['cast', 'aes-256', 'des', 'aes-128', '3des']
+ ike_phase_2:
+ description:
+ - Ike Phase 2 settings. Only applicable when the encryption-suite is set to [custom].
+ type: dict
+ suboptions:
+ data_integrity:
+ description:
+ - The hash algorithm to be used.
+ type: str
+ choices: ['aes-xcbc', 'sha1', 'sha256', 'sha384', 'md5']
+ encryption_algorithm:
+ description:
+ - The encryption algorithm to be used.
+ type: str
+ choices: ['cast', 'aes-gcm-256', 'cast-40', 'aes-256', 'des', 'aes-128', '3des', 'des-40cp', 'aes-gcm-128', 'none']
+ shared_secrets:
+ description:
+ - Shared secrets for external gateways.
+ type: list
+ elements: dict
+ suboptions:
+ external_gateway:
+ description:
+ - External gateway identified by the name or UID.
+ type: str
+ shared_secret:
+ description:
+ - Shared secret.
+ type: str
+ tags:
+ description:
+ - Collection of tag identifiers.
+ type: list
+ elements: str
+ use_shared_secret:
+ description:
+ - Indicates whether the shared secret should be used for all external gateways.
+ type: bool
+ color:
+ description:
+ - Color of the object. Should be one of existing colors.
+ type: str
+ choices: ['aquamarine', 'black', 'blue', 'crete blue', 'burlywood', 'cyan', 'dark green', 'khaki', 'orchid', 'dark orange', 'dark sea green',
+ 'pink', 'turquoise', 'dark blue', 'firebrick', 'brown', 'forest green', 'gold', 'dark gold', 'gray', 'dark gray', 'light green', 'lemon chiffon',
+ 'coral', 'sea green', 'sky blue', 'magenta', 'purple', 'slate blue', 'violet red', 'navy blue', 'olive', 'orange', 'red', 'sienna', 'yellow']
+ comments:
+ description:
+ - Comments string.
+ type: str
+ details_level:
+ description:
+ - The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed
+ representation of the object.
+ type: str
+ choices: ['uid', 'standard', 'full']
+ ignore_warnings:
+ description:
+ - Apply changes ignoring warnings.
+ type: bool
+ ignore_errors:
+ description:
+ - Apply changes ignoring errors. You won't be able to publish such a changes. If ignore-warnings flag was omitted - warnings will also be ignored.
+ type: bool
+extends_documentation_fragment: check_point.mgmt.checkpoint_objects
+"""
+
+EXAMPLES = """
+- name: add-vpn-community-meshed
+ cp_mgmt_vpn_community_meshed:
+ encryption_method: prefer ikev2 but support ikev1
+ encryption_suite: custom
+ ike_phase_1:
+ data_integrity: sha1
+ diffie_hellman_group: group 19
+ encryption_algorithm: aes-128
+ ike_phase_2:
+ data_integrity: aes-xcbc
+ encryption_algorithm: aes-gcm-128
+ name: New_VPN_Community_Meshed_1
+ state: present
+
+- name: set-vpn-community-meshed
+ cp_mgmt_vpn_community_meshed:
+ encryption_method: ikev2 only
+ encryption_suite: custom
+ ike_phase_1:
+ data_integrity: sha1
+ diffie_hellman_group: group 19
+ encryption_algorithm: aes-128
+ ike_phase_2:
+ data_integrity: aes-xcbc
+ encryption_algorithm: aes-gcm-128
+ name: New_VPN_Community_Meshed_1
+ state: present
+
+- name: delete-vpn-community-meshed
+ cp_mgmt_vpn_community_meshed:
+ name: New_VPN_Community_Meshed_1
+ state: absent
+"""
+
+RETURN = """
+cp_mgmt_vpn_community_meshed:
+ description: The checkpoint object created or updated.
+ returned: always, except when deleting the object.
+ type: dict
+"""
+
+from ansible.module_utils.basic import AnsibleModule
+from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_objects, api_call
+
+
+def main():
+ argument_spec = dict(
+ name=dict(type='str', required=True),
+ encryption_method=dict(type='str', choices=['prefer ikev2 but support ikev1', 'ikev2 only', 'ikev1 for ipv4 and ikev2 for ipv6 only']),
+ encryption_suite=dict(type='str', choices=['suite-b-gcm-256', 'custom', 'vpn b', 'vpn a', 'suite-b-gcm-128']),
+ gateways=dict(type='list', elements='str'),
+ ike_phase_1=dict(type='dict', options=dict(
+ data_integrity=dict(type='str', choices=['aes-xcbc', 'sha1', 'sha256', 'sha384', 'md5']),
+ diffie_hellman_group=dict(type='str', choices=['group-1', 'group-2', 'group-5', 'group-14', 'group-19', 'group-20']),
+ encryption_algorithm=dict(type='str', choices=['cast', 'aes-256', 'des', 'aes-128', '3des'])
+ )),
+ ike_phase_2=dict(type='dict', options=dict(
+ data_integrity=dict(type='str', choices=['aes-xcbc', 'sha1', 'sha256', 'sha384', 'md5']),
+ encryption_algorithm=dict(type='str', choices=['cast', 'aes-gcm-256', 'cast-40',
+ 'aes-256', 'des', 'aes-128', '3des', 'des-40cp', 'aes-gcm-128', 'none'])
+ )),
+ shared_secrets=dict(type='list', elements='dict', no_log=True, options=dict(
+ external_gateway=dict(type='str'),
+ shared_secret=dict(type='str', no_log=True)
+ )),
+ tags=dict(type='list', elements='str'),
+ use_shared_secret=dict(type='bool'),
+ color=dict(type='str', choices=['aquamarine', 'black', 'blue', 'crete blue', 'burlywood', 'cyan', 'dark green',
+ 'khaki', 'orchid', 'dark orange', 'dark sea green', 'pink', 'turquoise', 'dark blue', 'firebrick', 'brown',
+ 'forest green', 'gold', 'dark gold', 'gray', 'dark gray', 'light green', 'lemon chiffon', 'coral', 'sea green',
+ 'sky blue', 'magenta', 'purple', 'slate blue', 'violet red', 'navy blue', 'olive', 'orange', 'red', 'sienna',
+ 'yellow']),
+ comments=dict(type='str'),
+ details_level=dict(type='str', choices=['uid', 'standard', 'full']),
+ ignore_warnings=dict(type='bool'),
+ ignore_errors=dict(type='bool')
+ )
+ argument_spec.update(checkpoint_argument_spec_for_objects)
+
+ module = AnsibleModule(argument_spec=argument_spec, supports_check_mode=True)
+ api_call_object = 'vpn-community-meshed'
+
+ result = api_call(module, api_call_object)
+ module.exit_json(**result)
+
+
+if __name__ == '__main__':
+ main()
diff --git a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_vpn_community_meshed_facts.py b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_vpn_community_meshed_facts.py
new file mode 100644
index 000000000..9ea3882a7
--- /dev/null
+++ b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_vpn_community_meshed_facts.py
@@ -0,0 +1,127 @@
+#!/usr/bin/python
+# -*- coding: utf-8 -*-
+#
+# Ansible module to manage Check Point Firewall (c) 2019
+#
+# Ansible is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# Ansible is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with Ansible. If not, see <http://www.gnu.org/licenses/>.
+#
+
+from __future__ import (absolute_import, division, print_function)
+
+__metaclass__ = type
+
+ANSIBLE_METADATA = {'metadata_version': '1.1',
+ 'status': ['preview'],
+ 'supported_by': 'community'}
+
+DOCUMENTATION = """
+---
+module: cp_mgmt_vpn_community_meshed_facts
+short_description: Get vpn-community-meshed objects facts on Check Point over Web Services API
+description:
+ - Get vpn-community-meshed objects facts on Check Point devices.
+ - All operations are performed over Web Services API.
+ - This module handles both operations, get a specific object and get several objects,
+ For getting a specific object use the parameter 'name'.
+version_added: "1.0.0"
+author: "Or Soffer (@chkp-orso)"
+options:
+ name:
+ description:
+ - Object name.
+ This parameter is relevant only for getting a specific object.
+ type: str
+ details_level:
+ description:
+ - The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed
+ representation of the object.
+ type: str
+ choices: ['uid', 'standard', 'full']
+ limit:
+ description:
+ - No more than that many results will be returned.
+ This parameter is relevant only for getting few objects.
+ type: int
+ offset:
+ description:
+ - Skip that many results before beginning to return them.
+ This parameter is relevant only for getting few objects.
+ type: int
+ order:
+ description:
+ - Sorts results by the given field. By default the results are sorted in the ascending order by name.
+ This parameter is relevant only for getting few objects.
+ type: list
+ elements: dict
+ suboptions:
+ ASC:
+ description:
+ - Sorts results by the given field in ascending order.
+ type: str
+ choices: ['name']
+ DESC:
+ description:
+ - Sorts results by the given field in descending order.
+ type: str
+ choices: ['name']
+extends_documentation_fragment: check_point.mgmt.checkpoint_facts
+"""
+
+EXAMPLES = """
+- name: show-vpn-community-meshed
+ cp_mgmt_vpn_community_meshed_facts:
+ name: New_VPN_Community_Meshed_1
+
+- name: show-vpn-communities-meshed
+ cp_mgmt_vpn_community_meshed_facts:
+ details_level: full
+ limit: 50
+ offset: 0
+"""
+
+RETURN = """
+ansible_facts:
+ description: The checkpoint object facts.
+ returned: always.
+ type: dict
+"""
+
+from ansible.module_utils.basic import AnsibleModule
+from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_facts, api_call_facts
+
+
+def main():
+ argument_spec = dict(
+ name=dict(type='str'),
+ details_level=dict(type='str', choices=['uid', 'standard', 'full']),
+ limit=dict(type='int'),
+ offset=dict(type='int'),
+ order=dict(type='list', elements='dict', options=dict(
+ ASC=dict(type='str', choices=['name']),
+ DESC=dict(type='str', choices=['name'])
+ ))
+ )
+ argument_spec.update(checkpoint_argument_spec_for_facts)
+
+ module = AnsibleModule(argument_spec=argument_spec, supports_check_mode=True)
+
+ api_call_object = "vpn-community-meshed"
+ api_call_object_plural_version = "vpn-communities-meshed"
+
+ result = api_call_facts(module, api_call_object, api_call_object_plural_version)
+ module.exit_json(ansible_facts=result)
+
+
+if __name__ == '__main__':
+ main()
diff --git a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_vpn_community_star.py b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_vpn_community_star.py
new file mode 100644
index 000000000..0073a60de
--- /dev/null
+++ b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_vpn_community_star.py
@@ -0,0 +1,244 @@
+#!/usr/bin/python
+# -*- coding: utf-8 -*-
+#
+# Ansible module to manage Check Point Firewall (c) 2019
+#
+# Ansible is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# Ansible is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with Ansible. If not, see <http://www.gnu.org/licenses/>.
+#
+
+from __future__ import (absolute_import, division, print_function)
+
+__metaclass__ = type
+
+ANSIBLE_METADATA = {'metadata_version': '1.1',
+ 'status': ['preview'],
+ 'supported_by': 'community'}
+
+DOCUMENTATION = """
+---
+module: cp_mgmt_vpn_community_star
+short_description: Manages vpn-community-star objects on Check Point over Web Services API
+description:
+ - Manages vpn-community-star objects on Check Point devices including creating, updating and removing objects.
+ - All operations are performed over Web Services API.
+version_added: "1.0.0"
+author: "Or Soffer (@chkp-orso)"
+options:
+ name:
+ description:
+ - Object name.
+ type: str
+ required: True
+ center_gateways:
+ description:
+ - Collection of Gateway objects representing center gateways identified by the name or UID.
+ type: list
+ elements: str
+ encryption_method:
+ description:
+ - The encryption method to be used.
+ type: str
+ choices: ['prefer ikev2 but support ikev1', 'ikev2 only', 'ikev1 for ipv4 and ikev2 for ipv6 only']
+ encryption_suite:
+ description:
+ - The encryption suite to be used.
+ type: str
+ choices: ['suite-b-gcm-256', 'custom', 'vpn b', 'vpn a', 'suite-b-gcm-128']
+ ike_phase_1:
+ description:
+ - Ike Phase 1 settings. Only applicable when the encryption-suite is set to [custom].
+ type: dict
+ suboptions:
+ data_integrity:
+ description:
+ - The hash algorithm to be used.
+ type: str
+ choices: ['aes-xcbc', 'sha1', 'sha256', 'sha384', 'md5']
+ diffie_hellman_group:
+ description:
+ - The Diffie-Hellman group to be used.
+ type: str
+ choices: ['group-1', 'group-2', 'group-5', 'group-14', 'group-19', 'group-20']
+ encryption_algorithm:
+ description:
+ - The encryption algorithm to be used.
+ type: str
+ choices: ['cast', 'aes-256', 'des', 'aes-128', '3des']
+ ike_phase_2:
+ description:
+ - Ike Phase 2 settings. Only applicable when the encryption-suite is set to [custom].
+ type: dict
+ suboptions:
+ data_integrity:
+ description:
+ - The hash algorithm to be used.
+ type: str
+ choices: ['aes-xcbc', 'sha1', 'sha256', 'sha384', 'md5']
+ encryption_algorithm:
+ description:
+ - The encryption algorithm to be used.
+ type: str
+ choices: ['cast', 'aes-gcm-256', 'cast-40', 'aes-256', 'des', 'aes-128', '3des', 'des-40cp', 'aes-gcm-128', 'none']
+ mesh_center_gateways:
+ description:
+ - Indicates whether the meshed community is in center.
+ type: bool
+ satellite_gateways:
+ description:
+ - Collection of Gateway objects representing satellite gateways identified by the name or UID.
+ type: list
+ elements: str
+ shared_secrets:
+ description:
+ - Shared secrets for external gateways.
+ type: list
+ elements: dict
+ suboptions:
+ external_gateway:
+ description:
+ - External gateway identified by the name or UID.
+ type: str
+ shared_secret:
+ description:
+ - Shared secret.
+ type: str
+ tags:
+ description:
+ - Collection of tag identifiers.
+ type: list
+ elements: str
+ use_shared_secret:
+ description:
+ - Indicates whether the shared secret should be used for all external gateways.
+ type: bool
+ color:
+ description:
+ - Color of the object. Should be one of existing colors.
+ type: str
+ choices: ['aquamarine', 'black', 'blue', 'crete blue', 'burlywood', 'cyan', 'dark green', 'khaki', 'orchid', 'dark orange', 'dark sea green',
+ 'pink', 'turquoise', 'dark blue', 'firebrick', 'brown', 'forest green', 'gold', 'dark gold', 'gray', 'dark gray', 'light green', 'lemon chiffon',
+ 'coral', 'sea green', 'sky blue', 'magenta', 'purple', 'slate blue', 'violet red', 'navy blue', 'olive', 'orange', 'red', 'sienna', 'yellow']
+ comments:
+ description:
+ - Comments string.
+ type: str
+ details_level:
+ description:
+ - The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed
+ representation of the object.
+ type: str
+ choices: ['uid', 'standard', 'full']
+ ignore_warnings:
+ description:
+ - Apply changes ignoring warnings.
+ type: bool
+ ignore_errors:
+ description:
+ - Apply changes ignoring errors. You won't be able to publish such a changes. If ignore-warnings flag was omitted - warnings will also be ignored.
+ type: bool
+extends_documentation_fragment: check_point.mgmt.checkpoint_objects
+"""
+
+EXAMPLES = """
+- name: add-vpn-community-star
+ cp_mgmt_vpn_community_star:
+ center_gateways: Second_Security_Gateway
+ encryption_method: prefer ikev2 but support ikev1
+ encryption_suite: custom
+ ike_phase_1:
+ data_integrity: sha1
+ diffie_hellman_group: group 19
+ encryption_algorithm: aes-128
+ ike_phase_2:
+ data_integrity: aes-xcbc
+ encryption_algorithm: aes-gcm-128
+ name: New_VPN_Community_Star_1
+ state: present
+
+- name: set-vpn-community-star
+ cp_mgmt_vpn_community_star:
+ encryption_method: ikev2 only
+ encryption_suite: custom
+ ike_phase_1:
+ data_integrity: sha1
+ diffie_hellman_group: group 19
+ encryption_algorithm: aes-128
+ ike_phase_2:
+ data_integrity: aes-xcbc
+ encryption_algorithm: aes-gcm-128
+ name: New_VPN_Community_Star_1
+ state: present
+
+- name: delete-vpn-community-star
+ cp_mgmt_vpn_community_star:
+ name: New_VPN_Community_Star_1
+ state: absent
+"""
+
+RETURN = """
+cp_mgmt_vpn_community_star:
+ description: The checkpoint object created or updated.
+ returned: always, except when deleting the object.
+ type: dict
+"""
+
+from ansible.module_utils.basic import AnsibleModule
+from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_objects, api_call
+
+
+def main():
+ argument_spec = dict(
+ name=dict(type='str', required=True),
+ center_gateways=dict(type='list', elements='str'),
+ encryption_method=dict(type='str', choices=['prefer ikev2 but support ikev1', 'ikev2 only', 'ikev1 for ipv4 and ikev2 for ipv6 only']),
+ encryption_suite=dict(type='str', choices=['suite-b-gcm-256', 'custom', 'vpn b', 'vpn a', 'suite-b-gcm-128']),
+ ike_phase_1=dict(type='dict', options=dict(
+ data_integrity=dict(type='str', choices=['aes-xcbc', 'sha1', 'sha256', 'sha384', 'md5']),
+ diffie_hellman_group=dict(type='str', choices=['group-1', 'group-2', 'group-5', 'group-14', 'group-19', 'group-20']),
+ encryption_algorithm=dict(type='str', choices=['cast', 'aes-256', 'des', 'aes-128', '3des'])
+ )),
+ ike_phase_2=dict(type='dict', options=dict(
+ data_integrity=dict(type='str', choices=['aes-xcbc', 'sha1', 'sha256', 'sha384', 'md5']),
+ encryption_algorithm=dict(type='str', choices=['cast', 'aes-gcm-256', 'cast-40',
+ 'aes-256', 'des', 'aes-128', '3des', 'des-40cp', 'aes-gcm-128', 'none'])
+ )),
+ mesh_center_gateways=dict(type='bool'),
+ satellite_gateways=dict(type='list', elements='str'),
+ shared_secrets=dict(type='list', elements='dict', no_log=True, options=dict(
+ external_gateway=dict(type='str'),
+ shared_secret=dict(type='str', no_log=True)
+ )),
+ tags=dict(type='list', elements='str'),
+ use_shared_secret=dict(type='bool'),
+ color=dict(type='str', choices=['aquamarine', 'black', 'blue', 'crete blue', 'burlywood', 'cyan', 'dark green',
+ 'khaki', 'orchid', 'dark orange', 'dark sea green', 'pink', 'turquoise', 'dark blue', 'firebrick', 'brown',
+ 'forest green', 'gold', 'dark gold', 'gray', 'dark gray', 'light green', 'lemon chiffon', 'coral', 'sea green',
+ 'sky blue', 'magenta', 'purple', 'slate blue', 'violet red', 'navy blue', 'olive', 'orange', 'red', 'sienna',
+ 'yellow']),
+ comments=dict(type='str'),
+ details_level=dict(type='str', choices=['uid', 'standard', 'full']),
+ ignore_warnings=dict(type='bool'),
+ ignore_errors=dict(type='bool')
+ )
+ argument_spec.update(checkpoint_argument_spec_for_objects)
+
+ module = AnsibleModule(argument_spec=argument_spec, supports_check_mode=True)
+ api_call_object = 'vpn-community-star'
+
+ result = api_call(module, api_call_object)
+ module.exit_json(**result)
+
+
+if __name__ == '__main__':
+ main()
diff --git a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_vpn_community_star_facts.py b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_vpn_community_star_facts.py
new file mode 100644
index 000000000..09fbd90a6
--- /dev/null
+++ b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_vpn_community_star_facts.py
@@ -0,0 +1,127 @@
+#!/usr/bin/python
+# -*- coding: utf-8 -*-
+#
+# Ansible module to manage Check Point Firewall (c) 2019
+#
+# Ansible is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# Ansible is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with Ansible. If not, see <http://www.gnu.org/licenses/>.
+#
+
+from __future__ import (absolute_import, division, print_function)
+
+__metaclass__ = type
+
+ANSIBLE_METADATA = {'metadata_version': '1.1',
+ 'status': ['preview'],
+ 'supported_by': 'community'}
+
+DOCUMENTATION = """
+---
+module: cp_mgmt_vpn_community_star_facts
+short_description: Get vpn-community-star objects facts on Check Point over Web Services API
+description:
+ - Get vpn-community-star objects facts on Check Point devices.
+ - All operations are performed over Web Services API.
+ - This module handles both operations, get a specific object and get several objects,
+ For getting a specific object use the parameter 'name'.
+version_added: "1.0.0"
+author: "Or Soffer (@chkp-orso)"
+options:
+ name:
+ description:
+ - Object name.
+ This parameter is relevant only for getting a specific object.
+ type: str
+ details_level:
+ description:
+ - The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed
+ representation of the object.
+ type: str
+ choices: ['uid', 'standard', 'full']
+ limit:
+ description:
+ - No more than that many results will be returned.
+ This parameter is relevant only for getting few objects.
+ type: int
+ offset:
+ description:
+ - Skip that many results before beginning to return them.
+ This parameter is relevant only for getting few objects.
+ type: int
+ order:
+ description:
+ - Sorts results by the given field. By default the results are sorted in the ascending order by name.
+ This parameter is relevant only for getting few objects.
+ type: list
+ elements: dict
+ suboptions:
+ ASC:
+ description:
+ - Sorts results by the given field in ascending order.
+ type: str
+ choices: ['name']
+ DESC:
+ description:
+ - Sorts results by the given field in descending order.
+ type: str
+ choices: ['name']
+extends_documentation_fragment: check_point.mgmt.checkpoint_facts
+"""
+
+EXAMPLES = """
+- name: show-vpn-community-star
+ cp_mgmt_vpn_community_star_facts:
+ name: New_VPN_Community_Meshed_1
+
+- name: show-vpn-communities-star
+ cp_mgmt_vpn_community_star_facts:
+ details_level: full
+ limit: 50
+ offset: 0
+"""
+
+RETURN = """
+ansible_facts:
+ description: The checkpoint object facts.
+ returned: always.
+ type: dict
+"""
+
+from ansible.module_utils.basic import AnsibleModule
+from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_facts, api_call_facts
+
+
+def main():
+ argument_spec = dict(
+ name=dict(type='str'),
+ details_level=dict(type='str', choices=['uid', 'standard', 'full']),
+ limit=dict(type='int'),
+ offset=dict(type='int'),
+ order=dict(type='list', elements='dict', options=dict(
+ ASC=dict(type='str', choices=['name']),
+ DESC=dict(type='str', choices=['name'])
+ ))
+ )
+ argument_spec.update(checkpoint_argument_spec_for_facts)
+
+ module = AnsibleModule(argument_spec=argument_spec, supports_check_mode=True)
+
+ api_call_object = "vpn-community-star"
+ api_call_object_plural_version = "vpn-communities-star"
+
+ result = api_call_facts(module, api_call_object, api_call_object_plural_version)
+ module.exit_json(ansible_facts=result)
+
+
+if __name__ == '__main__':
+ main()
diff --git a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_wildcard.py b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_wildcard.py
new file mode 100644
index 000000000..54739fdfe
--- /dev/null
+++ b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_wildcard.py
@@ -0,0 +1,159 @@
+#!/usr/bin/python
+# -*- coding: utf-8 -*-
+#
+# Ansible module to manage Check Point Firewall (c) 2019
+#
+# Ansible is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# Ansible is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with Ansible. If not, see <http://www.gnu.org/licenses/>.
+#
+
+from __future__ import (absolute_import, division, print_function)
+
+__metaclass__ = type
+
+ANSIBLE_METADATA = {'metadata_version': '1.1',
+ 'status': ['preview'],
+ 'supported_by': 'community'}
+
+DOCUMENTATION = """
+---
+module: cp_mgmt_wildcard
+short_description: Manages wildcard objects on Check Point over Web Services API
+description:
+ - Manages wildcard objects on Check Point devices including creating, updating and removing objects.
+ - All operations are performed over Web Services API.
+version_added: "1.0.0"
+author: "Or Soffer (@chkp-orso)"
+options:
+ name:
+ description:
+ - Object name.
+ type: str
+ required: True
+ ipv4_address:
+ description:
+ - IPv4 address.
+ type: str
+ ipv4_mask_wildcard:
+ description:
+ - IPv4 mask wildcard.
+ type: str
+ ipv6_address:
+ description:
+ - IPv6 address.
+ type: str
+ ipv6_mask_wildcard:
+ description:
+ - IPv6 mask wildcard.
+ type: str
+ tags:
+ description:
+ - Collection of tag identifiers.
+ type: list
+ elements: str
+ color:
+ description:
+ - Color of the object. Should be one of existing colors.
+ type: str
+ choices: ['aquamarine', 'black', 'blue', 'crete blue', 'burlywood', 'cyan', 'dark green', 'khaki', 'orchid', 'dark orange', 'dark sea green',
+ 'pink', 'turquoise', 'dark blue', 'firebrick', 'brown', 'forest green', 'gold', 'dark gold', 'gray', 'dark gray', 'light green', 'lemon chiffon',
+ 'coral', 'sea green', 'sky blue', 'magenta', 'purple', 'slate blue', 'violet red', 'navy blue', 'olive', 'orange', 'red', 'sienna', 'yellow']
+ comments:
+ description:
+ - Comments string.
+ type: str
+ details_level:
+ description:
+ - The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed
+ representation of the object.
+ type: str
+ choices: ['uid', 'standard', 'full']
+ groups:
+ description:
+ - Collection of group identifiers.
+ type: list
+ elements: str
+ ignore_warnings:
+ description:
+ - Apply changes ignoring warnings.
+ type: bool
+ ignore_errors:
+ description:
+ - Apply changes ignoring errors. You won't be able to publish such a changes. If ignore-warnings flag was omitted - warnings will also be ignored.
+ type: bool
+extends_documentation_fragment: check_point.mgmt.checkpoint_objects
+"""
+
+EXAMPLES = """
+- name: add-wildcard
+ cp_mgmt_wildcard:
+ ipv4_address: 192.168.2.1
+ ipv4_mask_wildcard: 0.0.0.128
+ name: New Wildcard 1
+ state: present
+
+- name: set-wildcard
+ cp_mgmt_wildcard:
+ color: green
+ ipv6_address: 2001:db8::1111
+ ipv6_mask_wildcard: ffff:ffff::f0f0
+ name: New Wildcard 1
+ state: present
+
+- name: delete-wildcard
+ cp_mgmt_wildcard:
+ name: New Wildcard 1
+ state: absent
+"""
+
+RETURN = """
+cp_mgmt_wildcard:
+ description: The checkpoint object created or updated.
+ returned: always, except when deleting the object.
+ type: dict
+"""
+
+from ansible.module_utils.basic import AnsibleModule
+from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_objects, api_call
+
+
+def main():
+ argument_spec = dict(
+ name=dict(type='str', required=True),
+ ipv4_address=dict(type='str'),
+ ipv4_mask_wildcard=dict(type='str'),
+ ipv6_address=dict(type='str'),
+ ipv6_mask_wildcard=dict(type='str'),
+ tags=dict(type='list', elements='str'),
+ color=dict(type='str', choices=['aquamarine', 'black', 'blue', 'crete blue', 'burlywood', 'cyan', 'dark green',
+ 'khaki', 'orchid', 'dark orange', 'dark sea green', 'pink', 'turquoise', 'dark blue', 'firebrick', 'brown',
+ 'forest green', 'gold', 'dark gold', 'gray', 'dark gray', 'light green', 'lemon chiffon', 'coral', 'sea green',
+ 'sky blue', 'magenta', 'purple', 'slate blue', 'violet red', 'navy blue', 'olive', 'orange', 'red', 'sienna',
+ 'yellow']),
+ comments=dict(type='str'),
+ details_level=dict(type='str', choices=['uid', 'standard', 'full']),
+ groups=dict(type='list', elements='str'),
+ ignore_warnings=dict(type='bool'),
+ ignore_errors=dict(type='bool')
+ )
+ argument_spec.update(checkpoint_argument_spec_for_objects)
+
+ module = AnsibleModule(argument_spec=argument_spec, supports_check_mode=True)
+ api_call_object = 'wildcard'
+
+ result = api_call(module, api_call_object)
+ module.exit_json(**result)
+
+
+if __name__ == '__main__':
+ main()
diff --git a/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_wildcard_facts.py b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_wildcard_facts.py
new file mode 100644
index 000000000..474776b4f
--- /dev/null
+++ b/ansible_collections/check_point/mgmt/plugins/modules/cp_mgmt_wildcard_facts.py
@@ -0,0 +1,127 @@
+#!/usr/bin/python
+# -*- coding: utf-8 -*-
+#
+# Ansible module to manage Check Point Firewall (c) 2019
+#
+# Ansible is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# Ansible is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with Ansible. If not, see <http://www.gnu.org/licenses/>.
+#
+
+from __future__ import (absolute_import, division, print_function)
+
+__metaclass__ = type
+
+ANSIBLE_METADATA = {'metadata_version': '1.1',
+ 'status': ['preview'],
+ 'supported_by': 'community'}
+
+DOCUMENTATION = """
+---
+module: cp_mgmt_wildcard_facts
+short_description: Get wildcard objects facts on Check Point over Web Services API
+description:
+ - Get wildcard objects facts on Check Point devices.
+ - All operations are performed over Web Services API.
+ - This module handles both operations, get a specific object and get several objects,
+ For getting a specific object use the parameter 'name'.
+version_added: "1.0.0"
+author: "Or Soffer (@chkp-orso)"
+options:
+ name:
+ description:
+ - Object name.
+ This parameter is relevant only for getting a specific object.
+ type: str
+ details_level:
+ description:
+ - The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed
+ representation of the object.
+ type: str
+ choices: ['uid', 'standard', 'full']
+ limit:
+ description:
+ - No more than that many results will be returned.
+ This parameter is relevant only for getting few objects.
+ type: int
+ offset:
+ description:
+ - Skip that many results before beginning to return them.
+ This parameter is relevant only for getting few objects.
+ type: int
+ order:
+ description:
+ - Sorts results by the given field. By default the results are sorted in the ascending order by name.
+ This parameter is relevant only for getting few objects.
+ type: list
+ elements: dict
+ suboptions:
+ ASC:
+ description:
+ - Sorts results by the given field in ascending order.
+ type: str
+ choices: ['name']
+ DESC:
+ description:
+ - Sorts results by the given field in descending order.
+ type: str
+ choices: ['name']
+extends_documentation_fragment: check_point.mgmt.checkpoint_facts
+"""
+
+EXAMPLES = """
+- name: show-wildcard
+ cp_mgmt_wildcard_facts:
+ name: New Wildcard 1
+
+- name: show-wildcards
+ cp_mgmt_wildcard_facts:
+ details_level: standard
+ limit: 50
+ offset: 0
+"""
+
+RETURN = """
+ansible_facts:
+ description: The checkpoint object facts.
+ returned: always.
+ type: dict
+"""
+
+from ansible.module_utils.basic import AnsibleModule
+from ansible_collections.check_point.mgmt.plugins.module_utils.checkpoint import checkpoint_argument_spec_for_facts, api_call_facts
+
+
+def main():
+ argument_spec = dict(
+ name=dict(type='str'),
+ details_level=dict(type='str', choices=['uid', 'standard', 'full']),
+ limit=dict(type='int'),
+ offset=dict(type='int'),
+ order=dict(type='list', elements='dict', options=dict(
+ ASC=dict(type='str', choices=['name']),
+ DESC=dict(type='str', choices=['name'])
+ ))
+ )
+ argument_spec.update(checkpoint_argument_spec_for_facts)
+
+ module = AnsibleModule(argument_spec=argument_spec, supports_check_mode=True)
+
+ api_call_object = "wildcard"
+ api_call_object_plural_version = "wildcards"
+
+ result = api_call_facts(module, api_call_object, api_call_object_plural_version)
+ module.exit_json(ansible_facts=result)
+
+
+if __name__ == '__main__':
+ main()