This article describes how to automate your management server using "Ansible".
Ansible (www.ansible.com) is a popular automation tool.
The "Ansible Check Point Management" module lets you automate Check Point management tasks (e.g. add objects, manipulate the Rule Base, install policy) into the Ansible automation platform.
Provide Ansible "playbooks" with simple access to Check Point Management APIs.
The ansible module is written in Python and its source code is available. You are welcome to review code, suggest enhancements or modify it by opening a issue or send a pull request to:
To enable the integration, install the necessary Hotfix, based on your Management Server version:
We recommend that you download the latest Check Point management collection from Ansible Galaxy, available here: https://galaxy.ansible.com/check_point/mgmt
The Ansible inventory (for example /etc/ansible/hosts needs to contain a section similar to this:
Note - The example uses the collection from Ansible Galaxy.
# Check Point Security Management server's IP address
# If the Gaia web portal on your Security Management server is not setup with proper CA certificates that can be verified from the Ansible server, then it is necessary to disable validation of these certificates by using the ansible_httpapi_validate_certs. To do this you need to set ansible_httpapi_validate_certs=False in your inventory.
ansible_user=[Check Point admin username]
ansible_password=[Check Point admin password]
The playbook needs to use "connection httpapi"
# Add or delete host object in Check Point management server
- name: add-host or delete-host
name: My test host
For more information on the community supported Check Point network modules in Ansible, refer to https://docs.ansible.com/ansible/latest/collections/check_point/mgmt/index.html#plugins-in-check-point-mgmt
Latest version of Check Point management collection for Ansible and examples
For more information and installation instructions, refer to the Read Me under: https://galaxy.ansible.com/check_point/mgmt.
The source code an be found in Check Points official GitHub account: https://github.com/CheckPointSW/CheckPointAnsibleMgmtCollection
Use case example in a playbook can be found in Check Points community GitHub account: https://github.com/CheckPointSW-Community/AnsibleFest2020-Demos
|Sensitive fields, such as vpn-community shared-secret, or lsm-gateway sic, cannot be updated via Ansible.