Support Center > Search Results > SecureKnowledge Details
Automate your management server using "Ansible" Technical Level
Solution

This article describes how to automate your management server using "Ansible".

Ansible (www.ansible.com) is a popular automation tool.

The "Ansible Check Point Management" module lets you automate Check Point management tasks (e.g. add objects, manipulate the Rule Base, install policy) into the Ansible automation platform.


Description

Provide Ansible "playbooks" with simple access to Check Point Management APIs.

The ansible module is written in Python and its source code is available. You are welcome to review code, suggest enhancements or modify it by opening a issue or send a pull request to:
https://github.com/CheckPointSW/CheckPointAnsibleMgmtCollection

Instructions

To enable the integration, install the necessary Hotfix, based on your Management Server version:

Management Server Version Hotfix information
R80.10

Available from R80.10 JHF take 270

R80.20

Available from R80.20 JHF take 134

R80.30 Available from R80.30 JHF take 135
R80.40 and later Integrated. No JHF installation required.

 

Usage

We recommend that you download the latest Check Point management collection from Ansible Galaxy, available here: https://galaxy.ansible.com/check_point/mgmt

The Ansible inventory (for example /etc/ansible/hosts needs to contain a section similar to this:
Note - The example uses the collection from Ansible Galaxy.

[checkpoint]
# Check Point Security Management server's IP address
172.27.254.10

[checkpoint:vars]
# If the Gaia web portal on your Security Management server is not setup with proper CA certificates that can be verified from the Ansible server, then it is necessary to disable validation of these certificates by using the ansible_httpapi_validate_certs. To do this you need to set ansible_httpapi_validate_certs=False in your inventory.


ansible_httpapi_validate_certs=False
ansible_httpapi_use_ssl=True
ansible_network_os=check_point.mgmt.checkpoint
ansible_user=[Check Point admin username]
ansible_password=[Check Point admin password]


The playbook needs to use "connection httpapi"

---
hosts: 172.27.254.10
connection: httpapi

# Add or delete host object in Check Point management server
- name: add-host or delete-host
    check_point.mgmt.cp_mgmt_host:
      color: red
      name: My test host
      ip_address: 192.168.1.1

For more information on the community supported Check Point network modules in Ansible, refer to https://docs.ansible.com/ansible/latest/collections/check_point/mgmt/index.html#plugins-in-check-point-mgmt

Latest version of Check Point management collection for Ansible and examples

For more information and installation instructions, refer to the Read Me under: https://galaxy.ansible.com/check_point/mgmt.
The source code an be found in Check Points official GitHub account: https://github.com/CheckPointSW/CheckPointAnsibleMgmtCollection

Use case example in a playbook can be found in Check Points community GitHub account: https://github.com/CheckPointSW-Community/AnsibleFest2020-Demos


Give us Feedback
Please rate this document
[1=Worst,5=Best]
Comment