check_point.mgmt.cp_mgmt_threat_layers 模块 – 管理 THREAT LAYERS 资源模块
注意
此模块是 check_point.mgmt 集合 (版本 6.2.1) 的一部分。
如果您正在使用 ansible 包,则可能已安装此集合。它不包含在 ansible-core 中。要检查它是否已安装,请运行 ansible-galaxy collection list。
要安装它,请使用: ansible-galaxy collection install check_point.mgmt。
要在 playbook 中使用它,请指定: check_point.mgmt.cp_mgmt_threat_layers。
check_point.mgmt 5.0.0 中的新增功能
概要
此资源模块允许添加、删除或修改 CP 威胁层。
此资源模块还负责收集威胁层配置事实
注意
此模块具有相应的 action 插件。
参数
参数 |
注释 |
|---|---|
威胁层选项的字典 |
|
指示是否在新层中包含默认规则。 选项
|
|
如果在任务完成后进行了更改,则发布当前会话。 选项
|
|
对象的颜色。应该是现有颜色之一。 选项
|
|
注释字符串。 |
|
响应中某些字段的详细程度可以从仅显示对象的 UID 值到对象的完全详细表示形式不等。 选项
|
|
忽略错误应用更改。您将无法发布此类更改。如果忽略警告标志被省略 - 警告也将被忽略。 选项
|
|
忽略警告应用更改。 选项
|
|
返回结果的最大数量。 注意,此参数仅对 GATHERED 状态有效,对于 MERGED、REPLACED 和 DELETED 等配置状态,它将不适用。 |
|
对象名称。在域中必须唯一。 |
|
最初跳过的结果数量。 注意,此参数仅对 GATHERED 状态有效,对于 MERGED、REPLACED 和 DELETED 等配置状态,它将不适用。 |
|
按给定字段对结果排序。默认情况下,结果按名称升序排序。此参数仅与获取少量对象相关。 注意,此参数仅对 GATHERED 状态有效,对于 MERGED、REPLACED 和 DELETED 等配置状态,它将不适用。 |
|
按给定字段升序排序结果。 |
|
按给定字段降序排序结果。 |
|
如果设置为 True,往返行程将从响应参数中过滤掉模块参数,这将使用户能够使用结构化的收集数据来触发配置请求。 注意,此参数仅与 GATHERED 状态相关,因为对于 MERGED、REPLACED 和 DELETED 等配置状态,它不会进行任何配置更新,因为它不是模块配置参数。 |
|
标签标识符的集合。 |
|
Checkpoint 版本。如果未指定,则采用最新版本。 |
|
配置应保留的状态 状态 *gathered* 将从设备获取模块 API 配置,并将其转换为模块 argspec 中格式的结构化数据,该值将返回结果中的 *gathered* 键中。 选项
|
示例
# Using MERGED state
# -------------------
- name: To Add Merge Threat-Layers config
cp_mgmt_threat_layers:
state: merged
config:
name: New Layer 1
add_default_rule: true
tags:
- test_threat_layer
color: turquoise
comments: test description
ignore_warnings: false
ignore_errors: false
round_trip: true
# RUN output:
# -----------
# mgmt_threat_layers:
# after:
# color: turquoise
# comments: test description
# icon: ApplicationFirewall/rulebase
# ips-layer: false
# name: New Layer 1
# tags:
# - test_threat_layer
# before: {}
# Using REPLACED state
# --------------------
- name: Replace Threat-layer config
cp_mgmt_threat_layers:
state: replaced
config:
name: New Layer 1
add_default_rule: true
tags:
- test_threat_layer_replaced
color: cyan
comments: REPLACED description
ignore_warnings: false
ignore_errors: false
round_trip: true
# RUN output:
# -----------
# mgmt_threat_layers:
# after:
# color: cyan
# comments: REPLACED description
# icon: ApplicationFirewall/rulebase
# ips-layer: false
# name: New Layer 1
# tags:
# - test_threat_layer_replaced
# before:
# color: turquoise
# comments: test description
# icon: ApplicationFirewall/rulebase
# ips-layer: false
# name: New Layer 1
# tags:
# - test_threat_layer
# Using GATHERED state
# --------------------
# 1. With Round Trip set to True
- name: To Gather threat-layer by Name
cp_mgmt_threat_layers:
config:
name: New Layer 1
round_trip: true
state: gathered
# RUN output:
# -----------
# gathered:
# color: turquoise
# comments: test description
# domain: SMC User
# icon: ApplicationFirewall/rulebase
# ips-layer: false
# name: New Layer 1
# read-only: false
# tags:
# - test_threat_layer
# uid: 4dc060e2-0ed6-48c5-9b0f-3d2fbeb552ba
# 2. With Round Trip set to False which is the default behaviour
- name: To Gather threat-layer by Name
cp_mgmt_threat_layers:
config:
name: New Layer 1
state: gathered
# RUN output:
# -----------
# gathered:
# color: turquoise
# comments: test description
# domain:
# domain-type: domain
# name: SMC User
# uid: 41e821a0-3720-11e3-aa6e-0800200c9fde
# icon: ApplicationFirewall/rulebase
# ips-layer: false
# meta-info:
# creation-time:
# iso-8601: 2022-11-21T07:30+0000
# posix: 1669015820472
# creator: admin
# last-modifier: admin
# last-modify-time:
# iso-8601: 2022-11-21T07:30+0000
# posix: 1669015821024
# lock: unlocked
# validation-state: ok
# name: New Layer 1
# read-only: false
# tags:
# - domain:
# domain-type: domain
# name: SMC User
# uid: 41e821a0-3720-11e3-aa6e-0800200c9fde
# name: test_threat_layer
# type: tag
# uid: 59f23149-ed5e-439f-9012-0cdf222a1c97
# type: threat-layer
# uid: ca196a80-fdc4-4e7b-8b25-e3eed125a25f
# 3. Gather ALL threat-layer config with DESC order filter
- name: To Gather ALL threat-layer and order by Name
cp_mgmt_threat_layers:
config:
order:
- DESC: name
state: gathered
# RUN output:
# -----------
# gathered:
# - color: black
# comments: ''
# domain:
# domain-type: domain
# name: SMC User
# uid: 41e821a0-3720-11e3-aa6e-0800200c9fde
# icon: ApplicationFirewall/sharedrulebase
# ips-layer: true
# meta-info:
# creation-time:
# iso-8601: 2020-01-20T09:43+0000
# posix: 1579513387322
# creator: System
# last-modifier: System
# last-modify-time:
# iso-8601: 2020-01-20T09:43+0000
# posix: 1579513387377
# lock: unlocked
# validation-state: ok
# name: IPS
# read-only: false
# tags: []
# type: threat-layer
# uid: 90678011-1bcb-4296-8154-fa58c23ecf3b
# - color: black
# comments: ''
# domain:
# domain-type: domain
# name: SMC User
# uid: 41e821a0-3720-11e3-aa6e-0800200c9fde
# icon: ApplicationFirewall/rulebase
# ips-layer: false
# meta-info:
# creation-time:
# iso-8601: 2020-01-20T09:43+0000
# posix: 1579513386848
# creator: System
# last-modifier: System
# last-modify-time:
# iso-8601: 2020-01-20T09:43+0000
# posix: 1579513387396
# lock: unlocked
# validation-state: ok
# name: Standard Threat Prevention
# read-only: false
# tags: []
# type: threat-layer
# uid: 0dbe7c44-6d3f-4f28-8f2b-0e6790e57f8a
# Using DELETED state
# -------------------
- name: Delete Threat-layer config by Name and Layer
cp_mgmt_threat_layers:
config:
layer: IPS
name: First threat layer
round_trip: true
state: deleted
# RUN output:
# -----------
# mgmt_threat_layers:
# after: {}
# before:
# action: Optimized
# comments: This is the THREAT RULE
# destination:
# - Any
# destination_negate: false
# enabled: true
# install_on:
# - Policy Targets
# layer: 90678011-1bcb-4296-8154-fa58c23ecf3b
# name: First threat layer
# protected_scope:
# - All_Internet
# protected_scope_negate: false
# service:
# - Any
# service_negate: false
# source:
# - Any
# source_negate: false
# track: None
# track_settings:
# packet_capture: true
返回值
常见的返回值已在 此处 记录,以下是此模块特有的字段
键 |
描述 |
|---|---|
模块执行后的结果配置。 返回:更改时 示例: |
|
模块执行之前的配置。 返回:当状态为 *merged*、*replaced*、*deleted* 时 示例: |
|
从远程设备收集到的网络资源事实,作为结构化数据。 返回:当状态为 *gathered* 时 示例: |