W3cubDocs

/Ansible

check_point.mgmt.cp_mgmt_set_app_control_advanced_settings module – Edit Application Control & URL Filtering Blades’ Settings.

Note

This module is part of the check_point.mgmt collection (version 6.4.1).

You might already have this collection installed if you are using the ansible package. It is not included in ansible-core. To check whether it is installed, run ansible-galaxy collection list.

To install it, use: ansible-galaxy collection install check_point.mgmt.

To use it in a playbook, specify: check_point.mgmt.cp_mgmt_set_app_control_advanced_settings.

New in check_point.mgmt 6.0.0

Synopsis
Parameters
Examples
Return Values

Synopsis

Edit Application Control & URL Filtering Blades’ Settings.
All operations are performed over Web Services API.
Available from R82 management version.

Parameters

Parameter	Comments
auto_publish_session boolean	Publish the current session if changes have been performed after task completes. Choices: `false` ← (default) `true`
block_request_when_web_service_is_unavailable boolean	Block requests when the web service is unavailable. When selected, requests are blocked when there is no connectivity to the Check Point Online Web Service. When cleared, requests are allowed when there is no connectivity. This property is not available in the Global domain of an MDS machine. Choices: `false` `true`
categorize_social_network_widgets boolean	When selected, the Security Gateway connects to the Check Point Online Web Service to identify social networking widgets that it does not recognize. When cleared or there is no connectivity between the Security Gateway and the Check Point Online Web, the unknown widget is treated as Web Browsing traffic. This property is not available in the Global domain of an MDS machine. Choices: `false` `true`
custom_categorization_settings dictionary	Website categorization mode - select the mode that is used for website categorization. This property is not available in the Global domain of an MDS machine.
social_network_widgets_mode string	Hold - Requests are blocked until categorization is complete. Background - Requests are allowed until categorization is complete. This property is not available in the Global domain of an MDS machine. Choices: `"hold"` `"background"`
url_filtering_mode string	Hold - Requests are blocked until categorization is complete. Background - Requests are allowed until categorization is complete. This property is not available in the Global domain of an MDS machine. Choices: `"hold"` `"background"`
domain_level_permission boolean	Allows the editing of applications, categories, and services. This property is used only in the Global Domain of an MDS machine. Choices: `false` `true`
enable_web_browsing boolean	If you do not enable URL Filtering on the Security Gateway, you can use a generic Web browser application called Web Browsing in the rule. This application includes all HTTP traffic that is not a defined application Application and URL Filtering assigns Web Browsing as the default application for all HTTP traffic that does not match an application in the Application and URL Filtering Database. This property is not available in the Global domain of an MDS machine. Choices: `false` `true`
httpi_non_standard_ports boolean	Enable HTTP inspection on non standard ports for application and URL filtering. This property is not available in the Global domain of an MDS machine. Choices: `false` `true`
internal_error_fail_mode string	In case of internal system error, allow or block all connections. This property is not available in the Global domain of an MDS machine. Choices: `"allow connections"` `"block connections"`
match_application_on_any_port boolean	Match Web application on ‘Any’ port when used in Block rule - By default this is set to true. and so applications are matched on all services when used in a Block rule. Choices: `false` `true`
url_filtering_settings dictionary	In this section user can enable URL Filtering features. This property is not available in the Global domain of an MDS machine.
categorize_cached_and_translated_pages boolean	Select this option to assign categories to cached search engine results and translated pages. When this option is selected, Application and URL Filtering assigns categories based on the original Web site instead of the ‘search engine pages’ category. This property is not available in the Global domain of an MDS machine. Choices: `false` `true`
categorize_https_websites boolean	This option lets Application and URL Filtering assign categories to HTTPS sites without activating HTTPS inspection. It assigns a site category based on its domain name and whether the site has a valid certificate. If the server certificate is, Trusted - Application and URL Filtering gets the domain name from the certificate and uses it to categorize the site. Not Trusted - Application and URL Filtering assigns a category based on the IP address. This property is not available in the Global domain of an MDS machine. Choices: `false` `true`
enforce_safe_search boolean	Select this option to require use of the safe search feature in search engines. When activated, the URL Filtering Policy uses the strictest available safe search option for the specified search engine. This option overrides user specified search engine options to block offensive material in search results. This property is not available in the Global domain of an MDS machine. Choices: `false` `true`
version string	Version of checkpoint. If not given one, the latest version taken.
wait_for_task boolean	Wait for the task to end. Such as publish task. Choices: `false` `true` ← (default)
wait_for_task_timeout integer	How many minutes to wait until throwing a timeout error. Default: `30`
web_browsing_services list / elements=string	Web browsing services are the services that match a Web-based custom Application/Site.
website_categorization_mode string	Hold - Requests are blocked until categorization is complete. Background - Requests are allowed until categorization is complete. Custom - configure different settings depending on the service. Lets you set different modes for URL Filtering and Social Networking Widgets. This property is not available in the Global domain of an MDS machine. Choices: `"hold"` `"background"` `"custom"`

Examples

- name: set-app-control-advanced-settings
  cp_mgmt_set_app_control_advanced_settings:
    block_request_when_web_service_is_unavailable: 'true'
    categorize_social_network_widgets: 'true'
    custom_categorization_settings:
      social_network_widgets_mode: background
      url_filtering_mode: hold
    enable_web_browsing: 'true'
    httpi_non_standard_ports: 'true'
    internal_error_fail_mode: block connections
    match_application_on_any_port: 'true'
    url_filtering_settings:
      categorize_cached_and_translated_pages: 'false'
      categorize_https_websites: 'true'
      enforce_safe_search: 'true'
    web_browsing_services:
      - AH
    website_categorization_mode: custom

Return Values

Common return values are documented here, the following are the fields unique to this module:

Key	Description
cp_mgmt_set_app_control_advanced_settings dictionary	The checkpoint set-app-control-advanced-settings output. Returned: always.

Authors

Eden Brillant (@chkp-edenbr)

Collection links

© 2012–2018 Michael DeHaan
© 2018–2025 Red Hat, Inc.
Licensed under the GNU General Public License version 3.
https://docs.ansible.com/ansible/latest/collections/check_point/mgmt/cp_mgmt_set_app_control_advanced_settings_module.html