VVLtccMz

· 5 years ago · Dec 18, 2020, 11:16 PM
1- name: Build Ansible demo policy automation_policy on Check Point management server
2  hosts: chkp-mgmt
3  connection: httpapi
4  vars:
5      # Credentials for cp_mgmt* modules and Settings for the Check Point httpapi plugin that provides methods to connect to Checkpoint devices over a HTTP(S)-based api.
6      ansible_httpapi_validate_certs: False
7      ansible_network_os: check_point.mgmt.checkpoint #Using Galaxy https://galaxy.ansible.com/check_point collection
8      ansible_checkpoint_domain: SMC User # Default domain for a SMS (SmartCenter)
9      ansible_user: admin # Change to your Check Point management admin user
10      ansible_ssh_pass: ******* # Change to your Check Point management admin password
11      #ansible_api_key: xxxxxxxxxx # Optionally you can use API key instead of username and password
12  gather_facts: no
13  tasks:
14
15    - name: Add or delete policy package
16      check_point.mgmt.cp_mgmt_package:
17        state: present
18        access: true
19        color: blue
20        comments: Policy automated through ansible
21        name: automation_test_policy
22
23    - name: Create network objects {{ item.name }}
24      check_point.mgmt.cp_mgmt_network:
25        name: "{{ item.name }}"
26        state: present
27        subnet: "{{ item.subnet }}"
28        subnet_mask: "{{ item.mask }}"
29        color: "{{ item.color }}"
30        comments: lalalala
31      with_items:
32        - { name: lalala, subnet: 10.10.10.0, mask: 255.255.255.0, color: blue }
33        - { name: lalala123, subnet: 10.11.10.0, mask: 255.255.255.0, color: red }
34        - { name: lalala141414, subnet: 10.10.20.0, mask: 255.255.255.0, color: yellow }
35        - { name: fuckoff, subnet: 10.220.10.0, mask: 255.255.255.0, color: "violet red" }
36
37        #- name: show-access-rule
38        #check_point.mgmt.cp_mgmt_access_rule_facts:
39        #layer: automation_test_policy Network
40        #name: "{{ testing1 }}"
41        #show_hits: yes
42
43        #- debug:
44            # msg: {{ testing1 }}
45
46    - name: Create access rule {{ item.name }}
47      check_point.mgmt.cp_mgmt_access_rule:
48        layer:  automation_test_policy Network
49        name: "{{ item.name }}"
50        position: "{{ item.position }}"
51        source: "{{ item.src_object }}"
52        destination: "{{ item.dst_object}}"
53        action: Accept
54        service: "{{ item.service }}"
55        state: present
56        track:
57          type: log
58      with_items:
59        - { name: rule 4, position: 1, src_object: lalala, dst_object: fuckoff, service: "smtp, ssh, http, https" }
60        - { name: rule 1, position: 2, src_object: lalala123, dst_object: fuckoff,  service: "smtp, ssh, http, https" }
61        - { name: "Cleanup rule", position: 11, src_object: any, dst_object: any,  service: any }
62
63    - name: publish
64      cp_mgmt_publish:
65