check_point.mgmt.cp_mgmt_set_compliance_settings module – Edit existing Compliance Settings.

Note

This module is part of the check_point.mgmt collection (version 6.7.0).

You might already have this collection installed if you are using the ansible package. It is not included in ansible-core. To check whether it is installed, run ansible-galaxy collection list.

To install it, use: ansible-galaxy collection install check_point.mgmt.

To use it in a playbook, specify: check_point.mgmt.cp_mgmt_set_compliance_settings.

New in check_point.mgmt 6.7.0

Synopsis

  • Edit existing Compliance Settings.

  • All operations are performed over Web Services API.

  • Available from R82.10 management version.

Parameters

Parameter

Comments

auto_publish_session

boolean

Publish the current session if changes have been performed after task completes.

Choices:

  • false ← (default)

  • true

automatic_scan_scheduler

dictionary

Schedule for an automatic full Compliance scan.

scan_day

string

The scheduled day of the week for the Compliance scan. The default value is ‘every_day’.

Choices:

  • "sunday"

  • "monday"

  • "tuesday"

  • "wednesday"

  • "thursday"

  • "friday"

  • "saturday"

  • "every_day"

scan_time

string

The scheduled time of day for the Compliance scan in format, “HH:mm:ss”.

The default value is “23:59:59”.

scheduled_scan_on

boolean

Enables or disables the scheduled scan. The default value is true.

Choices:

  • false

  • true

enable_email_alerts

boolean

Enables or disables sending email alerts to SmartEvent (only for alerts). The default value is true.

Choices:

  • false

  • true

enable_smart_event_logs

boolean

Enables or disables sending logs to SmartEvent. The default value is true.

Choices:

  • false

  • true

initialize_best_practices

boolean

If true, creates all the default Best Practices again.

After the first scan completes, the value of this parameter is automatically set to false.

The default value is true for initial setup and false after first scan.

Choices:

  • false

  • true

partial_scan_delay

integer

Controls when the partial scan starts after publishing a session. The partial scan checks only the relevant firewall best practices.

If the value is < 0, the partial scan is disabled.

If the value is 0, the partial scan starts immediately after publishing.

If the value is > 0, the partial scan is delayed by the specified number of seconds after publishing.

The default value is ‘0’.

version

string

Version of checkpoint. If not given one, the latest version taken.

wait_for_task

boolean

Wait for the task to end. Such as publish task.

Choices:

  • false

  • true ← (default)

wait_for_task_timeout

integer

How many minutes to wait until throwing a timeout error.

Default: 30

Examples

- name: set-compliance-settings
  cp_mgmt_set_compliance_settings:
    automatic_scan_scheduler:
      scan_day: sunday
      scan_time: 08:00:00
      scheduled_scan_on: false
    partial_scan_delay: -1

Return Values

Common return values are documented here, the following are the fields unique to this module:

Key

Description

cp_mgmt_set_compliance_settings

dictionary

The checkpoint set-compliance-settings output.

Returned: always.

Authors

  • Eden Brillant (@chkp-edenbr)