check_point.mgmt.cp_mgmt_set_trust module – Configure a Trusted communication between the Management Server and the managed Security Gateway.

Note

This module is part of the check_point.mgmt collection (version 6.7.0).

You might already have this collection installed if you are using the ansible package. It is not included in ansible-core. To check whether it is installed, run ansible-galaxy collection list.

To install it, use: ansible-galaxy collection install check_point.mgmt.

To use it in a playbook, specify: check_point.mgmt.cp_mgmt_set_trust.

New in check_point.mgmt 6.7.0

Synopsis

  • Configure a Trusted communication between the Management Server and the managed Security Gateway.

  • All operations are performed over Web Services API.

  • Available from R82.10 management version.

Parameters

Parameter

Comments

auto_publish_session

boolean

Publish the current session if changes have been performed after task completes.

Choices:

  • false ← (default)

  • true

details_level

string

The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed representation of the object.

Choices:

  • "uid"

  • "standard"

  • "full"

domains_to_process

list / elements=string

Indicates which domains to process the commands on. It cannot be used with the details-level full, must be run from the System Domain only and with ignore-warnings true. Valid values are, CURRENT_DOMAIN, ALL_DOMAINS_ON_THIS_SERVER.

ipv4_address

string

IP address of the object, for establishing trust with dynamic gateways.

name

string

Object name.

one_time_password

string

Shared password to establish SIC between the Security Management and the Security Gateway.

trust_method

string

Establish the trust communication method.

Choices:

  • "one_time_password"

  • "without_password_not_secure"

  • "cloud_token"

trust_settings

dictionary

Settings for the trusted communication establishment.

gateway_mac_address

string

Use the Security Gateway MAC address, relevant for the gateway_mac_address identification-method.

identification_method

string

How to identify the gateway (relevant for Spark DAIP gateways only).

Choices:

  • "gateway_name"

  • "mac_address"

  • "none_not_secure"

  • "ip_address"

initiation_phase

string

Push the certificate to the Security Gateway immediately, or wait for the Security Gateway to pull the certificate. Default value for Spark Gateway is ‘when_gateway_connects’.

Choices:

  • "now"

  • "when_gateway_connects"

version

string

Version of checkpoint. If not given one, the latest version taken.

wait_for_task

boolean

Wait for the task to end. Such as publish task.

Choices:

  • false

  • true ← (default)

wait_for_task_timeout

integer

How many minutes to wait until throwing a timeout error.

Default: 30

Examples

- name: set-trust
  cp_mgmt_set_trust:
    name: gw1
    one_time_password: aaaa

Return Values

Common return values are documented here, the following are the fields unique to this module:

Key

Description

cp_mgmt_set_trust

dictionary

The checkpoint set-trust output.

Returned: always.

Authors

  • Eden Brillant (@chkp-edenbr)