check_point.mgmt.cp_mgmt_access_layers 模块 – 管理 ACCESS LAYERS 资源模块

注意

此模块是 check_point.mgmt 集合 (版本 6.2.1) 的一部分。

如果您使用的是 ansible 包,则可能已安装此集合。它不包含在 ansible-core 中。要检查它是否已安装,请运行 ansible-galaxy collection list

要安装它,请使用:ansible-galaxy collection install check_point.mgmt

要在剧本中使用它,请指定:check_point.mgmt.cp_mgmt_access_layers

check_point.mgmt 5.0.0 中的新增功能

概要

  • 此资源模块允许添加、删除或修改 CP 接入层。

  • 此资源模块还负责收集接入层配置信息。

注意

此模块具有相应的 action 插件

参数

参数

注释

config

字典

ACCESS LAYERS 选项的字典

add_default_rule

布尔值

指示是否在新层中包含清理规则。

选项

  • false

  • true

applications_and_url_filtering

布尔值

是否在层上启用应用程序和 URL 过滤刀片。

选项

  • false

  • true

auto_publish_session

布尔值

如果任务完成后已执行更改,则发布当前会话。

选项

  • false

  • true

color

字符串

对象的颜色。应该是现有颜色之一。

选项

  • "aquamarine"

  • "black"

  • "blue"

  • "crete blue"

  • "burlywood"

  • "cyan"

  • "dark green"

  • "khaki"

  • "orchid"

  • "dark orange"

  • "dark sea green"

  • "pink"

  • "turquoise"

  • "dark blue"

  • "firebrick"

  • "brown"

  • "forest green"

  • "gold"

  • "dark gold"

  • "gray"

  • "dark gray"

  • "light green"

  • "lemon chiffon"

  • "coral"

  • "sea green"

  • "sky blue"

  • "magenta"

  • "purple"

  • "slate blue"

  • "violet red"

  • "navy blue"

  • "olive"

  • "orange"

  • "red"

  • "sienna"

  • "yellow"

comments

字符串

注释字符串。

content_awareness

布尔值

是否在层上启用内容感知刀片。

选项

  • false

  • true

details_level

字符串

响应中某些字段的详细程度可以从仅显示对象的 UID 值到对象的完全详细表示形式不等。

选项

  • "uid"

  • "standard"

  • "full"

detect_using_x_forward_for

布尔值

是否使用 X-Forward-For HTTP 头,该头由代理服务器添加以跟踪原始源 IP。

选项

  • false

  • true

firewall

布尔值

是否在层上启用防火墙刀片。

选项

  • false

  • true

ignore_errors

布尔值

忽略错误应用更改。您将无法发布此类更改。如果忽略警告标志被省略 - 警告也将被忽略。

选项

  • false

  • true

ignore_warnings

布尔值

忽略警告应用更改。

选项

  • false

  • true

implicit_cleanup_action

字符串

对于与层中任何显式或隐式规则不匹配的流量的默认“全部捕获”操作。

选项

  • "drop"

  • "accept"

limit

整数

返回结果的最大数量。

注意,此参数仅对于 GATHERED 状态有效,对于 MERGED、REPLACED 和 DELETED 等配置状态,它将不适用。

mobile_access

布尔值

是否在层上启用移动访问刀片。

选项

  • false

  • true

name

字符串

对象名称。在域中必须唯一。

offset

整数

最初跳过的结果数。

注意,此参数仅对于 GATHERED 状态有效,对于 MERGED、REPLACED 和 DELETED 等配置状态,它将不适用。

order

列表 / 元素=字典

按给定字段对结果进行排序。默认情况下,结果按名称升序排序。此参数仅与获取少量对象相关。

注意,此参数仅对于 GATHERED 状态有效,对于 MERGED、REPLACED 和 DELETED 等配置状态,它将不适用。

ASC

字符串

按给定字段升序排序结果。

DESC

字符串

按给定字段降序排序结果。

round_trip

布尔值

如果设置为 True,往返行程将从响应参数中过滤掉模块参数,这将使用户能够使用结构化的收集数据来触发配置请求。

注意,此参数仅与 GATHERED 状态相关,因为对于 MERGED、REPLACED 和 DELETED 等配置状态,它不会进行任何配置更新,因为它不是模块配置参数。

选项

  • false

  • true

shared

布尔值

此层是否共享。

选项

  • false

  • true

tags

列表 / 元素=字符串

标签标识符的集合。

version

字符串

检查点版本。如果没有给出,则采用最新版本。

state

字符串

配置应保留的状态

状态 *gathered* 将从设备获取模块 API 配置,并将其转换为模块 argspec 中的结构化数据格式,并将值返回到结果中的 *gathered* 键中。

选项

  • "merged"

  • "replaced"

  • "gathered"

  • "deleted"

示例

# Using MERGED state
# -------------------

- name: Merge Access-layer config
  cp_mgmt_access_layers:
    state: merged
    config:
      name: New Layer 1
      add_default_rule: true
      applications_and_url_filtering: true
      content_awareness: true
      detect_using_x_forward_for: false
      firewall: true
      implicit_cleanup_action: drop
      mobile_access: true
      shared: false
      tags:
      - test_layer
      color: aquamarine
      comments: test description
      details_level: full
      ignore_warnings: false
      ignore_errors: false
      round_trip: true

# RUN output:
# -----------

# mgmt_access_layers:
#   after:
#     applications_and_url_filtering: true
#     color: aquamarine
#     comments: test description
#     content_awareness: true
#     detect_using_x_forward_for: false
#     domain: SMC User
#     firewall: true
#     icon: ApplicationFirewall/rulebase
#     implicit_cleanup_action: drop
#     mobile_access: true
#     name: New Layer 1
#     shared: false
#     tags:
#     - test_layer
#     uid: eb74d7fe-81a6-4e6c-aedb-d2d6599f965e
#   before: {}

# Using REPLACED state
# --------------------

- name: Replace Access-layer config
  cp_mgmt_access_layers:
    state: replaced
    config:
      name: New Layer 1
      add_default_rule: true
      applications_and_url_filtering: true
      content_awareness: false
      detect_using_x_forward_for: false
      firewall: true
      implicit_cleanup_action: drop
      mobile_access: true
      shared: true
      tags:
      - test_layer_replaced
      color: cyan
      comments: test REPLACE description
      details_level: full
      ignore_warnings: false
      ignore_errors: false
      round_trip: true

# RUN output:
# -----------

# mgmt_access_layers:
#   after:
#     applications_and_url_filtering: true
#     color: cyan
#     comments: test REPLACE description
#     content_awareness: false
#     detect_using_x_forward_for: false
#     domain: SMC User
#     firewall: true
#     icon: ApplicationFirewall/sharedrulebase
#     implicit_cleanup_action: drop
#     mobile_access: true
#     name: New Layer 1
#     shared: true
#     tags:
#     - test_layer_replaced
#     uid: a4e2bbc1-ec94-4b85-9b00-07ad1279ac12
#   before:
#     applications_and_url_filtering: true
#     color: aquamarine
#     comments: test description
#     content_awareness: true
#     detect_using_x_forward_for: false
#     firewall: true
#     icon: ApplicationFirewall/rulebase
#     implicit_cleanup_action: drop
#     mobile_access: true
#     name: New Layer 1
#     shared: false
#     tags:
#     - test_layer

# Using GATHERED state
# --------------------

# 1. With Round Trip set to True

- name: Gather Access-layers config by Name
  cp_mgmt_access_layers:
    state: gathered
    config:
      name: New Layer 1
      round_trip: true

# RUN output:
# -----------

# gathered:
#   applications_and_url_filtering: true
#   color: aquamarine
#   comments: test description
#   content_awareness: true
#   detect_using_x_forward_for: false
#   domain: SMC User
#   firewall: true
#   icon: ApplicationFirewall/rulebase
#   implicit_cleanup_action: drop
#   mobile_access: true
#   name: New Layer 1
#   shared: false
#   tags:
#   - test_layer
#   uid: eb74d7fe-81a6-4e6c-aedb-d2d6599f965e

# 2. With Round Trip set to False which is the default behaviour

- name: Gather Access-layers config by Name
  cp_mgmt_access_layers:
    state: gathered
    config:
      name: New Layer 1

# RUN output:
# -----------

# gathered:
#   applications_and_url_filtering: true
#   color: turquoise
#   comments: test description
#   content_awareness: true
#   detect_using_x_forward_for: false
#   domain:
#     domain-type: domain
#     name: SMC User
#     uid: 41e821a0-3720-11e3-aa6e-0800200c9fde
#   firewall: true
#   icon: ApplicationFirewall/rulebase
#   implicit_cleanup_action: drop
#   meta-info:
#     creation-time:
#       iso-8601: 2022-11-21T07:34+0000
#       posix: 1669016073937
#     creator: admin
#     last-modifier: admin
#     last-modify-time:
#       iso-8601: 2022-11-21T07:34+0000
#       posix: 1669016074765
#     lock: unlocked
#     validation-state: ok
#   mobile_access: true
#   name: New Layer 1
#   read-only: false
#   shared: false
#   tags:
#   - domain:
#       domain-type: domain
#       name: SMC User
#       uid: 41e821a0-3720-11e3-aa6e-0800200c9fde
#     name: test_layer
#     type: tag
#     uid: 22cc8b0d-984f-47de-b1f6-276b3377eb0c
#   type: access-layer
#   uid: a54e47d3-22fc-4aff-90d9-f644aa4a1522

# 3. Gather ALL threat-layer config with DESC order filter

- name: To Gather ALL access-layer and order by Name
  cp_mgmt_access_layers:
    config:
      order:
        - DESC: name
    state: gathered

# RUN output:
# -----------

# gathered:
#   - domain:
#       domain-type: domain
#       name: SMC User
#       uid: 41e821a0-3720-11e3-aa6e-0800200c9fde
#     name: New Layer 1
#     type: access-layer
#     uid: a54e47d3-22fc-4aff-90d9-f644aa4a1522
#   - domain:
#       domain-type: domain
#       name: SMC User
#       uid: 41e821a0-3720-11e3-aa6e-0800200c9fde
#     name: Network
#     type: access-layer
#     uid: 63b7fe60-76d2-4287-bca5-21af87337b0a

# Using DELETED state
# -------------------

- name: Delete Access-layer config by Name
  cp_mgmt_access_layers:
    state: deleted
    config:
      name: New Layer 1

# RUN output:
# -----------

# mgmt_access_layers:
#   after: {}
#   before:
#     applications_and_url_filtering: true
#     color: cyan
#     comments: test REPLACE description
#     content_awareness: false
#     detect_using_x_forward_for: false
#     domain: SMC User
#     firewall: true
#     icon: ApplicationFirewall/sharedrulebase
#     implicit_cleanup_action: drop
#     mobile_access: true
#     name: New Layer 1
#     shared: true
#     tags:
#     - test_layer_replaced
#     uid: a4e2bbc1-ec94-4b85-9b00-07ad1279ac12

返回值

常见的返回值已在 此处 文档化,以下是此模块特有的字段

描述

after

字典

模块执行后的最终配置。

返回: 当发生更改时

示例: "This output will always be in the same format as the module argspec.\n"

before

字典

模块执行前的配置。

返回: 当 state 为 mergedreplaceddeleted

示例: "This output will always be in the same format as the module argspec.\n"

gathered

字典

从远程设备收集到的关于网络资源的结构化数据事实。

返回: 当 state 为 gathered

示例: "This output will always be in the same format as the module argspec.\n"

作者