check_point.mgmt.cp_mgmt_access_layers 模块 – 管理访问层资源模块
注意
此模块是 check_point.mgmt 集合(版本 6.2.1)的一部分。
如果您使用的是 ansible 包,您可能已经安装了这个集合。它不包含在 ansible-core 中。要检查是否已安装,请运行 ansible-galaxy collection list。
要安装它,请使用:ansible-galaxy collection install check_point.mgmt。
要在 playbook 中使用它,请指定:check_point.mgmt.cp_mgmt_access_layers。
check_point.mgmt 5.0.0 中的新增功能
概要
此资源模块允许添加、删除或修改 CP 访问层。
此资源模块还负责收集访问层配置事实
注意
此模块具有相应的 操作插件。
参数
参数 |
注释 |
|---|---|
访问层选项的字典 |
|
指示是否在新层中包含清理规则。 选择
|
|
是否在层上启用应用程序和 URL 过滤功能。 选择
|
|
如果任务完成后执行了更改,则发布当前会话。 选择
|
|
对象的颜色。应为现有颜色之一。 选择
|
|
注释字符串。 |
|
是否在层上启用内容感知功能。 选择
|
|
响应中某些字段的详细程度可能有所不同,从仅显示对象的 UID 值到对象的完整详细表示。 选择
|
|
是否使用代理服务器添加的 X-Forward-For HTTP 标头来跟踪原始源 IP。 选择
|
|
是否在层上启用防火墙功能。 选择
|
|
应用更改时忽略错误。您将无法发布此类更改。如果省略了 ignore-warnings 标志,则也会忽略警告。 选择
|
|
应用更改时忽略警告。 选择
|
|
对于与层中任何显式或隐式规则不匹配的流量的默认“捕获所有”操作。 选择
|
|
返回结果的最大数量。 注意,此参数仅对 GATHERED 状态有效,对于诸如 MERGED、REPLACED 和 DELETED 等配置状态,它不适用。 |
|
是否在层上启用移动访问功能。 选择
|
|
对象名称。在域中必须是唯一的。 |
|
最初要跳过的结果数。 注意,此参数仅对 GATHERED 状态有效,对于诸如 MERGED、REPLACED 和 DELETED 等配置状态,它不适用。 |
|
按给定字段对结果进行排序。默认情况下,结果按名称升序排序。此参数仅与获取少量对象相关。 注意,此参数仅对 GATHERED 状态有效,对于诸如 MERGED、REPLACED 和 DELETED 等配置状态,它不适用。 |
|
按给定字段升序对结果进行排序。 |
|
按给定字段降序对结果进行排序。 |
|
如果设置为 True,则往返将从响应参数中筛选出模块参数,这将使用户能够使用结构化的收集数据触发配置请求。 注意,此参数仅与 GATHERED 状态相关,因为对于诸如 MERGED、REPLACED 和 DELETED 等配置状态,它不会进行任何配置更新,因为它不是模块配置参数。 选择
|
|
此层是否共享。 选择
|
|
标签标识符的集合。 |
|
检查点的版本。如果未给定版本,则采用最新版本。 |
|
配置应保留的状态 gathered 状态将从设备获取模块 API 配置,并按照模块参数规范将其转换为结构化数据,该值将返回到结果中的 gathered 键中。 选择
|
示例
# Using MERGED state
# -------------------
- name: Merge Access-layer config
cp_mgmt_access_layers:
state: merged
config:
name: New Layer 1
add_default_rule: true
applications_and_url_filtering: true
content_awareness: true
detect_using_x_forward_for: false
firewall: true
implicit_cleanup_action: drop
mobile_access: true
shared: false
tags:
- test_layer
color: aquamarine
comments: test description
details_level: full
ignore_warnings: false
ignore_errors: false
round_trip: true
# RUN output:
# -----------
# mgmt_access_layers:
# after:
# applications_and_url_filtering: true
# color: aquamarine
# comments: test description
# content_awareness: true
# detect_using_x_forward_for: false
# domain: SMC User
# firewall: true
# icon: ApplicationFirewall/rulebase
# implicit_cleanup_action: drop
# mobile_access: true
# name: New Layer 1
# shared: false
# tags:
# - test_layer
# uid: eb74d7fe-81a6-4e6c-aedb-d2d6599f965e
# before: {}
# Using REPLACED state
# --------------------
- name: Replace Access-layer config
cp_mgmt_access_layers:
state: replaced
config:
name: New Layer 1
add_default_rule: true
applications_and_url_filtering: true
content_awareness: false
detect_using_x_forward_for: false
firewall: true
implicit_cleanup_action: drop
mobile_access: true
shared: true
tags:
- test_layer_replaced
color: cyan
comments: test REPLACE description
details_level: full
ignore_warnings: false
ignore_errors: false
round_trip: true
# RUN output:
# -----------
# mgmt_access_layers:
# after:
# applications_and_url_filtering: true
# color: cyan
# comments: test REPLACE description
# content_awareness: false
# detect_using_x_forward_for: false
# domain: SMC User
# firewall: true
# icon: ApplicationFirewall/sharedrulebase
# implicit_cleanup_action: drop
# mobile_access: true
# name: New Layer 1
# shared: true
# tags:
# - test_layer_replaced
# uid: a4e2bbc1-ec94-4b85-9b00-07ad1279ac12
# before:
# applications_and_url_filtering: true
# color: aquamarine
# comments: test description
# content_awareness: true
# detect_using_x_forward_for: false
# firewall: true
# icon: ApplicationFirewall/rulebase
# implicit_cleanup_action: drop
# mobile_access: true
# name: New Layer 1
# shared: false
# tags:
# - test_layer
# Using GATHERED state
# --------------------
# 1. With Round Trip set to True
- name: Gather Access-layers config by Name
cp_mgmt_access_layers:
state: gathered
config:
name: New Layer 1
round_trip: true
# RUN output:
# -----------
# gathered:
# applications_and_url_filtering: true
# color: aquamarine
# comments: test description
# content_awareness: true
# detect_using_x_forward_for: false
# domain: SMC User
# firewall: true
# icon: ApplicationFirewall/rulebase
# implicit_cleanup_action: drop
# mobile_access: true
# name: New Layer 1
# shared: false
# tags:
# - test_layer
# uid: eb74d7fe-81a6-4e6c-aedb-d2d6599f965e
# 2. With Round Trip set to False which is the default behaviour
- name: Gather Access-layers config by Name
cp_mgmt_access_layers:
state: gathered
config:
name: New Layer 1
# RUN output:
# -----------
# gathered:
# applications_and_url_filtering: true
# color: turquoise
# comments: test description
# content_awareness: true
# detect_using_x_forward_for: false
# domain:
# domain-type: domain
# name: SMC User
# uid: 41e821a0-3720-11e3-aa6e-0800200c9fde
# firewall: true
# icon: ApplicationFirewall/rulebase
# implicit_cleanup_action: drop
# meta-info:
# creation-time:
# iso-8601: 2022-11-21T07:34+0000
# posix: 1669016073937
# creator: admin
# last-modifier: admin
# last-modify-time:
# iso-8601: 2022-11-21T07:34+0000
# posix: 1669016074765
# lock: unlocked
# validation-state: ok
# mobile_access: true
# name: New Layer 1
# read-only: false
# shared: false
# tags:
# - domain:
# domain-type: domain
# name: SMC User
# uid: 41e821a0-3720-11e3-aa6e-0800200c9fde
# name: test_layer
# type: tag
# uid: 22cc8b0d-984f-47de-b1f6-276b3377eb0c
# type: access-layer
# uid: a54e47d3-22fc-4aff-90d9-f644aa4a1522
# 3. Gather ALL threat-layer config with DESC order filter
- name: To Gather ALL access-layer and order by Name
cp_mgmt_access_layers:
config:
order:
- DESC: name
state: gathered
# RUN output:
# -----------
# gathered:
# - domain:
# domain-type: domain
# name: SMC User
# uid: 41e821a0-3720-11e3-aa6e-0800200c9fde
# name: New Layer 1
# type: access-layer
# uid: a54e47d3-22fc-4aff-90d9-f644aa4a1522
# - domain:
# domain-type: domain
# name: SMC User
# uid: 41e821a0-3720-11e3-aa6e-0800200c9fde
# name: Network
# type: access-layer
# uid: 63b7fe60-76d2-4287-bca5-21af87337b0a
# Using DELETED state
# -------------------
- name: Delete Access-layer config by Name
cp_mgmt_access_layers:
state: deleted
config:
name: New Layer 1
# RUN output:
# -----------
# mgmt_access_layers:
# after: {}
# before:
# applications_and_url_filtering: true
# color: cyan
# comments: test REPLACE description
# content_awareness: false
# detect_using_x_forward_for: false
# domain: SMC User
# firewall: true
# icon: ApplicationFirewall/sharedrulebase
# implicit_cleanup_action: drop
# mobile_access: true
# name: New Layer 1
# shared: true
# tags:
# - test_layer_replaced
# uid: a4e2bbc1-ec94-4b85-9b00-07ad1279ac12
返回值
常用返回值记录在此处,以下是此模块特有的字段
键 |
描述 |
|---|---|
模块执行后的最终配置。 返回: 当发生更改时 示例: |
|
模块执行前的配置。 返回: 当状态为 merged, replaced, deleted 时 示例: |
|
从远程设备收集的关于网络资源的结构化数据的事实。 返回: 当状态为 gathered 时 示例: |