From 274b82aa9c5e5c993e1317a6e699f5c3c8d50fe8 Mon Sep 17 00:00:00 2001 From: chkp-yizhako <143494787+chkp-yizhako@users.noreply.github.com> Date: Tue, 10 Sep 2024 14:53:22 +0300 Subject: [PATCH] Add support to CME API v1.2 (#177) --- checkpoint/cme_utils.go | 2 +- ...heckpoint_management_cme_accounts_azure.go | 7 ++ ...oint_management_cme_accounts_azure_test.go | 4 ++ ...kpoint_management_cme_gw_configurations.go | 25 +++++++ ...nt_management_cme_gw_configurations_aws.go | 29 ++++++++ ...nagement_cme_gw_configurations_aws_test.go | 6 ++ ..._management_cme_gw_configurations_azure.go | 36 ++++++++++ ...gement_cme_gw_configurations_azure_test.go | 8 +++ ...nt_management_cme_gw_configurations_gcp.go | 29 ++++++++ ...nagement_cme_gw_configurations_gcp_test.go | 6 ++ ...heckpoint_management_cme_accounts_azure.go | 13 ++++ ...oint_management_cme_accounts_azure_test.go | 15 +++-- ...nt_management_cme_gw_configurations_aws.go | 53 +++++++++++++++ ...nagement_cme_gw_configurations_aws_test.go | 30 +++++++-- ..._management_cme_gw_configurations_azure.go | 66 +++++++++++++++++++ ...gement_cme_gw_configurations_azure_test.go | 37 +++++++++-- ...nt_management_cme_gw_configurations_gcp.go | 53 +++++++++++++++ ...nagement_cme_gw_configurations_gcp_test.go | 31 +++++++-- ...oint_management_cme_accounts.html.markdown | 4 +- ..._management_cme_accounts_aws.html.markdown | 4 +- ...anagement_cme_accounts_azure.html.markdown | 5 +- ..._management_cme_accounts_gcp.html.markdown | 4 +- ..._management_cme_api_versions.html.markdown | 4 +- ...t_management_cme_delay_cycle.html.markdown | 4 +- ...gement_cme_gw_configurations.html.markdown | 8 ++- ...nt_cme_gw_configurations_aws.html.markdown | 8 ++- ..._cme_gw_configurations_azure.html.markdown | 9 ++- ...nt_cme_gw_configurations_gcp.html.markdown | 8 ++- ...nt_management_cme_management.html.markdown | 4 +- ...point_management_cme_version.html.markdown | 4 +- website/docs/index.html.markdown | 16 +++++ ..._management_cme_accounts_aws.html.markdown | 4 +- ...anagement_cme_accounts_azure.html.markdown | 6 +- ..._management_cme_accounts_gcp.html.markdown | 4 +- ...t_management_cme_delay_cycle.html.markdown | 4 +- ...nt_cme_gw_configurations_aws.html.markdown | 14 +++- ..._cme_gw_configurations_azure.html.markdown | 15 ++++- ...nt_cme_gw_configurations_gcp.html.markdown | 12 +++- ...nt_management_cme_management.html.markdown | 4 +- 39 files changed, 514 insertions(+), 81 deletions(-) diff --git a/checkpoint/cme_utils.go b/checkpoint/cme_utils.go index 7eaa3f29..474a8d38 100755 --- a/checkpoint/cme_utils.go +++ b/checkpoint/cme_utils.go @@ -6,7 +6,7 @@ import ( ) const ( - CmeApiVersion = "v1.1" + CmeApiVersion = "v1.2" CmeApiPath = "cme-api/" + CmeApiVersion ) diff --git a/checkpoint/data_source_checkpoint_management_cme_accounts_azure.go b/checkpoint/data_source_checkpoint_management_cme_accounts_azure.go index 1ec26c84..2bd7890d 100644 --- a/checkpoint/data_source_checkpoint_management_cme_accounts_azure.go +++ b/checkpoint/data_source_checkpoint_management_cme_accounts_azure.go @@ -60,6 +60,11 @@ func dataSourceManagementCMEAccountsAzure() *schema.Resource { Type: schema.TypeString, }, }, + "environment": { + Type: schema.TypeString, + Computed: true, + Description: "The Azure account environment.", + }, }, } } @@ -108,5 +113,7 @@ func dataSourceManagementCMEAccountsAzureRead(d *schema.ResourceData, m interfac _ = d.Set("gw_configurations", AzureAccount["gw_configurations"]) + _ = d.Set("environment", AzureAccount["environment"]) + return nil } diff --git a/checkpoint/data_source_checkpoint_management_cme_accounts_azure_test.go b/checkpoint/data_source_checkpoint_management_cme_accounts_azure_test.go index 7cb743d0..8d9ea5e0 100644 --- a/checkpoint/data_source_checkpoint_management_cme_accounts_azure_test.go +++ b/checkpoint/data_source_checkpoint_management_cme_accounts_azure_test.go @@ -29,6 +29,9 @@ func TestAccDataSourceCheckpointManagementCMEAccountsAzure_basic(t *testing.T) { resource.TestCheckResourceAttrPair(dataSourceName, "name", resourceName, "name"), resource.TestCheckResourceAttrPair(dataSourceName, "directory_id", resourceName, "directory_id"), resource.TestCheckResourceAttrPair(dataSourceName, "subscription", resourceName, "subscription"), + resource.TestCheckResourceAttrPair(dataSourceName, "application_id", resourceName, "application_id"), + resource.TestCheckResourceAttrPair(dataSourceName, "environment", resourceName, "environment"), + ), }, }, @@ -43,6 +46,7 @@ resource "checkpoint_management_cme_accounts_azure" "test" { application_id = "46707d92-02f4-4817-8116-a4c3b23e6266" client_secret = "mySecret" subscription = "46707d92-02f4-4817-8116-a4c3b23e6267" + environment = "AzureCloud" } data "checkpoint_management_cme_accounts_azure" "data_test"{ diff --git a/checkpoint/data_source_checkpoint_management_cme_gw_configurations.go b/checkpoint/data_source_checkpoint_management_cme_gw_configurations.go index 6ee6ff6d..803c06c6 100755 --- a/checkpoint/data_source_checkpoint_management_cme_gw_configurations.go +++ b/checkpoint/data_source_checkpoint_management_cme_gw_configurations.go @@ -38,6 +38,27 @@ func dataSourceManagementCMEGWConfigurations() *schema.Resource { Computed: true, Description: "Configuration policy.", }, + "section_name": { + Type: schema.TypeString, + Computed: true, + Description: "Name of a rule section in the Access and NAT layers in the policy, where to insert the automatically generated rules.", + }, + "x_forwarded_for": { + Type: schema.TypeBool, + Computed: true, + Description: "Enable XFF headers in HTTP / HTTPS requests.", + }, + "color": { + Type: schema.TypeString, + Computed: true, + Description: "Color of the gateways objects in SmartConsole.", + }, + "communication_with_servers_behind_nat": { + Type: schema.TypeString, + Computed: true, + Description: "Gateway behind NAT communications settings with the Check Point Servers" + + "(Management, Multi-Domain, Log Servers).", + }, "related_account": { Type: schema.TypeString, Computed: true, @@ -202,6 +223,10 @@ func dataSourceManagementCMEGWConfigurationsRead(d *schema.ResourceData, m inter tempObject["sic_key"] = singleGWConfiguration["sic_key"] tempObject["policy"] = singleGWConfiguration["policy"] tempObject["related_account"] = singleGWConfiguration["related_account"] + tempObject["section_name"] = singleGWConfiguration["section_name"] + tempObject["x_forwarded_for"] = singleGWConfiguration["x_forwarded_for"] + tempObject["color"] = singleGWConfiguration["color"] + tempObject["communication_with_servers_behind_nat"] = singleGWConfiguration["communication-with-servers-behind-nat"] var bladesListToReturn []map[string]interface{} bladesMapToAdd := make(map[string]interface{}) diff --git a/checkpoint/data_source_checkpoint_management_cme_gw_configurations_aws.go b/checkpoint/data_source_checkpoint_management_cme_gw_configurations_aws.go index 1607f35f..3a245144 100644 --- a/checkpoint/data_source_checkpoint_management_cme_gw_configurations_aws.go +++ b/checkpoint/data_source_checkpoint_management_cme_gw_configurations_aws.go @@ -38,6 +38,27 @@ func dataSourceManagementCMEGWConfigurationsAWS() *schema.Resource { Computed: true, Description: "Related account name (aws/azure/gcp accounts)", }, + "section_name": { + Type: schema.TypeString, + Computed: true, + Description: "Name of a rule section in the Access and NAT layers in the policy, where to insert the automatically generated rules.", + }, + "x_forwarded_for": { + Type: schema.TypeBool, + Computed: true, + Description: "Enable XFF headers in HTTP / HTTPS requests.", + }, + "color": { + Type: schema.TypeString, + Computed: true, + Description: "Color of the gateways objects in SmartConsole.", + }, + "communication_with_servers_behind_nat": { + Type: schema.TypeString, + Computed: true, + Description: "Gateway behind NAT communications settings with the Check Point Servers" + + "(Management, Multi-Domain, Log Servers).", + }, "blades": { Type: schema.TypeList, MaxItems: 1, @@ -307,5 +328,13 @@ func dataSourceManagementCMEGWConfigurationsAWSRead(d *schema.ResourceData, m in _ = d.Set("send_alerts_to_server", AWSGWConfiguration["send-alerts-to-server"]) + _ = d.Set("section_name", AWSGWConfiguration["section_name"]) + + _ = d.Set("x_forwarded_for", AWSGWConfiguration["x_forwarded_for"]) + + _ = d.Set("color", AWSGWConfiguration["color"]) + + _ = d.Set("communication_with_servers_behind_nat", AWSGWConfiguration["communication-with-servers-behind-nat"]) + return nil } diff --git a/checkpoint/data_source_checkpoint_management_cme_gw_configurations_aws_test.go b/checkpoint/data_source_checkpoint_management_cme_gw_configurations_aws_test.go index 3d7b20b4..194c1ee6 100644 --- a/checkpoint/data_source_checkpoint_management_cme_gw_configurations_aws_test.go +++ b/checkpoint/data_source_checkpoint_management_cme_gw_configurations_aws_test.go @@ -30,6 +30,9 @@ func TestAccDataSourceCheckpointManagementCMEGWConfigurationsAWS_basic(t *testin resource.TestCheckResourceAttrPair(dataSourceName, "name", resourceName, "name"), resource.TestCheckResourceAttrPair(dataSourceName, "related_account", resourceName, "related_account"), resource.TestCheckResourceAttrPair(dataSourceName, "version", resourceName, "version"), + resource.TestCheckResourceAttrPair(dataSourceName, "color", resourceName, "color"), + resource.TestCheckResourceAttrPair(dataSourceName, "x_forwarded_for", resourceName, "x_forwarded_for"), + resource.TestCheckResourceAttrPair(dataSourceName, "communication_with_servers_behind_nat", resourceName, "communication_with_servers_behind_nat"), ), }, }, @@ -50,6 +53,9 @@ resource "checkpoint_management_cme_gw_configurations_aws" "test" { version = "R81" base64_sic_key = "MTIzNDU2Nzg=" policy = "Standard" + x_forwarded_for = true + color = "black" + communication_with_servers_behind_nat = "translated-ip-only" blades { ips = false anti_bot = false diff --git a/checkpoint/data_source_checkpoint_management_cme_gw_configurations_azure.go b/checkpoint/data_source_checkpoint_management_cme_gw_configurations_azure.go index 42634902..9af782dd 100644 --- a/checkpoint/data_source_checkpoint_management_cme_gw_configurations_azure.go +++ b/checkpoint/data_source_checkpoint_management_cme_gw_configurations_azure.go @@ -157,6 +157,32 @@ func dataSourceManagementCMEGWConfigurationsAzure() *schema.Resource { Type: schema.TypeString, }, }, + "ipv6": { + Type: schema.TypeBool, + Computed: true, + Description: "Indicates if the GW is configured to support IPv6.", + }, + "section_name": { + Type: schema.TypeString, + Computed: true, + Description: "Name of a rule section in the Access and NAT layers in the policy, where to insert the automatically generated rules.", + }, + "x_forwarded_for": { + Type: schema.TypeBool, + Computed: true, + Description: "Enable XFF headers in HTTP / HTTPS requests.", + }, + "color": { + Type: schema.TypeString, + Computed: true, + Description: "Color of the gateways objects in SmartConsole.", + }, + "communication_with_servers_behind_nat": { + Type: schema.TypeString, + Computed: true, + Description: "Gateway behind NAT communications settings with the Check Point Servers" + + "(Management, Multi-Domain, Log Servers).", + }, }, } } @@ -258,5 +284,15 @@ func dataSourceManagementCMEGWConfigurationsAzureRead(d *schema.ResourceData, m _ = d.Set("send_alerts_to_server", AzureGWConfiguration["send-alerts-to-server"]) + _ = d.Set("ipv6", AzureGWConfiguration["ipv6"]) + + _ = d.Set("section_name", AzureGWConfiguration["section_name"]) + + _ = d.Set("x_forwarded_for", AzureGWConfiguration["x_forwarded_for"]) + + _ = d.Set("color", AzureGWConfiguration["color"]) + + _ = d.Set("communication_with_servers_behind_nat", AzureGWConfiguration["communication-with-servers-behind-nat"]) + return nil } diff --git a/checkpoint/data_source_checkpoint_management_cme_gw_configurations_azure_test.go b/checkpoint/data_source_checkpoint_management_cme_gw_configurations_azure_test.go index 5d6a23d3..f32f6dcb 100644 --- a/checkpoint/data_source_checkpoint_management_cme_gw_configurations_azure_test.go +++ b/checkpoint/data_source_checkpoint_management_cme_gw_configurations_azure_test.go @@ -30,6 +30,10 @@ func TestAccDataSourceCheckpointManagementCMEGWConfigurationsAzure_basic(t *test resource.TestCheckResourceAttrPair(dataSourceName, "name", resourceName, "name"), resource.TestCheckResourceAttrPair(dataSourceName, "related_account", resourceName, "related_account"), resource.TestCheckResourceAttrPair(dataSourceName, "version", resourceName, "version"), + resource.TestCheckResourceAttrPair(dataSourceName, "ipv6", resourceName, "ipv6"), + resource.TestCheckResourceAttrPair(dataSourceName, "color", resourceName, "color"), + resource.TestCheckResourceAttrPair(dataSourceName, "x_forwarded_for", resourceName, "x_forwarded_for"), + resource.TestCheckResourceAttrPair(dataSourceName, "communication_with_servers_behind_nat", resourceName, "communication_with_servers_behind_nat"), ), }, }, @@ -52,6 +56,10 @@ resource "checkpoint_management_cme_gw_configurations_azure" "test" { version = "R81" base64_sic_key = "MTIzNDU2Nzg=" policy = "Standard" + ipv6 = true + x_forwarded_for = true + color = "black" + communication_with_servers_behind_nat = "translated-ip-only" blades { ips = false anti_bot = false diff --git a/checkpoint/data_source_checkpoint_management_cme_gw_configurations_gcp.go b/checkpoint/data_source_checkpoint_management_cme_gw_configurations_gcp.go index 81104b23..9c021dd9 100644 --- a/checkpoint/data_source_checkpoint_management_cme_gw_configurations_gcp.go +++ b/checkpoint/data_source_checkpoint_management_cme_gw_configurations_gcp.go @@ -37,6 +37,27 @@ func dataSourceManagementCMEGWConfigurationsGCP() *schema.Resource { Computed: true, Description: "Related account name (aws/azure/gcp accounts)", }, + "section_name": { + Type: schema.TypeString, + Computed: true, + Description: "Name of a rule section in the Access and NAT layers in the policy, where to insert the automatically generated rules.", + }, + "x_forwarded_for": { + Type: schema.TypeBool, + Computed: true, + Description: "Enable XFF headers in HTTP / HTTPS requests.", + }, + "color": { + Type: schema.TypeString, + Computed: true, + Description: "Color of the gateways objects in SmartConsole.", + }, + "communication_with_servers_behind_nat": { + Type: schema.TypeString, + Computed: true, + Description: "Gateway behind NAT communications settings with the Check Point Servers" + + "(Management, Multi-Domain, Log Servers).", + }, "blades": { Type: schema.TypeList, MaxItems: 1, @@ -258,5 +279,13 @@ func dataSourceManagementCMEGWConfigurationsGCPRead(d *schema.ResourceData, m in _ = d.Set("send_alerts_to_server", GCPGWConfiguration["send-alerts-to-server"]) + _ = d.Set("section_name", GCPGWConfiguration["section_name"]) + + _ = d.Set("x_forwarded_for", GCPGWConfiguration["x_forwarded_for"]) + + _ = d.Set("color", GCPGWConfiguration["color"]) + + _ = d.Set("communication_with_servers_behind_nat", GCPGWConfiguration["communication-with-servers-behind-nat"]) + return nil } diff --git a/checkpoint/data_source_checkpoint_management_cme_gw_configurations_gcp_test.go b/checkpoint/data_source_checkpoint_management_cme_gw_configurations_gcp_test.go index 98025971..c7001ecc 100644 --- a/checkpoint/data_source_checkpoint_management_cme_gw_configurations_gcp_test.go +++ b/checkpoint/data_source_checkpoint_management_cme_gw_configurations_gcp_test.go @@ -30,6 +30,9 @@ func TestAccDataSourceCheckpointManagementCMEGWConfigurationsGCP_basic(t *testin resource.TestCheckResourceAttrPair(dataSourceName, "name", resourceName, "name"), resource.TestCheckResourceAttrPair(dataSourceName, "related_account", resourceName, "related_account"), resource.TestCheckResourceAttrPair(dataSourceName, "version", resourceName, "version"), + resource.TestCheckResourceAttrPair(dataSourceName, "color", resourceName, "color"), + resource.TestCheckResourceAttrPair(dataSourceName, "x_forwarded_for", resourceName, "x_forwarded_for"), + resource.TestCheckResourceAttrPair(dataSourceName, "communication_with_servers_behind_nat", resourceName, "communication_with_servers_behind_nat"), ), }, }, @@ -50,6 +53,9 @@ resource "checkpoint_management_cme_gw_configurations_gcp" "test" { version = "R81" base64_sic_key = "MTIzNDU2Nzg=" policy = "Standard" + x_forwarded_for = true + color = "black" + communication_with_servers_behind_nat = "translated-ip-only" blades { ips = false anti_bot = false diff --git a/checkpoint/resource_checkpoint_management_cme_accounts_azure.go b/checkpoint/resource_checkpoint_management_cme_accounts_azure.go index 4ec4fc48..00ec92f7 100755 --- a/checkpoint/resource_checkpoint_management_cme_accounts_azure.go +++ b/checkpoint/resource_checkpoint_management_cme_accounts_azure.go @@ -68,6 +68,11 @@ func resourceManagementCMEAccountsAzure() *schema.Resource { Type: schema.TypeString, }, }, + "environment": { + Type: schema.TypeString, + Optional: true, + Description: "The Azure account environment.", + }, }, } } @@ -144,6 +149,8 @@ func readManagementCMEAccountsAzure(d *schema.ResourceData, m interface{}) error _ = d.Set("gw_configurations", AzureAccount["gw_configurations"]) + _ = d.Set("environment", AzureAccount["environment"]) + return nil } @@ -172,6 +179,9 @@ func createManagementCMEAccountsAzure(d *schema.ResourceData, m interface{}) err if v, ok := d.GetOk("name"); ok { payload["name"] = v.(string) } + if v, ok := d.GetOk("environment"); ok { + payload["environment"] = v.(string) + } log.Println("Create cme Azure account - name = ", payload["name"]) url := CmeApiPath + "/accounts/azure" @@ -214,6 +224,9 @@ func updateManagementCMEAccountsAzure(d *schema.ResourceData, m interface{}) err if d.HasChange("domain") { payload["domain"] = d.Get("domain") } + if d.HasChange("environment") { + payload["environment"] = d.Get("environment") + } var name string diff --git a/checkpoint/resource_checkpoint_management_cme_accounts_azure_test.go b/checkpoint/resource_checkpoint_management_cme_accounts_azure_test.go index 60af36b1..d65957eb 100644 --- a/checkpoint/resource_checkpoint_management_cme_accounts_azure_test.go +++ b/checkpoint/resource_checkpoint_management_cme_accounts_azure_test.go @@ -17,6 +17,7 @@ func TestAccCheckpointManagementCMEAccountsAzure_basic(t *testing.T) { applicationId := "46707d92-02f4-4817-8116-a4c3b23e6266" clientSecret := "mySecret" subscription := "46707d92-02f4-4817-8116-a4c3b23e6267" + environment := "AzureCloud" context := os.Getenv("CHECKPOINT_CONTEXT") if context == "" { @@ -31,11 +32,11 @@ func TestAccCheckpointManagementCMEAccountsAzure_basic(t *testing.T) { CheckDestroy: testAccCheckpointManagementCMEAccountAzureDestroy, Steps: []resource.TestStep{ { - Config: testAccManagementCMEAccountsAzureConfig(accountName, directoryId, applicationId, clientSecret, subscription), + Config: testAccManagementCMEAccountsAzureConfig(accountName, directoryId, applicationId, clientSecret, subscription, environment), Check: resource.ComposeTestCheckFunc( testAccCheckCheckpointManagementCMEAccountsAzureExists(resourceName, &azureAccount), testAccCheckCheckpointManagementCMEAccountsAzureAttributes(&azureAccount, accountName, directoryId, applicationId, - subscription, 3), + subscription, 3, environment), ), }, }, @@ -63,7 +64,7 @@ func testAccCheckpointManagementCMEAccountAzureDestroy(s *terraform.State) error return nil } -func testAccManagementCMEAccountsAzureConfig(accountName string, directoryId string, applicationId string, clientSecret string, subscription string) string { +func testAccManagementCMEAccountsAzureConfig(accountName string, directoryId string, applicationId string, clientSecret string, subscription string, environment string) string { return fmt.Sprintf(` resource "checkpoint_management_cme_accounts_azure" "test" { name = "%s" @@ -71,8 +72,9 @@ resource "checkpoint_management_cme_accounts_azure" "test" { application_id = "%s" client_secret = "%s" subscription = "%s" + environment = "%s" } -`, accountName, directoryId, applicationId, clientSecret, subscription) +`, accountName, directoryId, applicationId, clientSecret, subscription, environment) } func testAccCheckCheckpointManagementCMEAccountsAzureExists(resourceTfName string, res *map[string]interface{}) resource.TestCheckFunc { @@ -103,7 +105,7 @@ func testAccCheckCheckpointManagementCMEAccountsAzureExists(resourceTfName strin } func testAccCheckCheckpointManagementCMEAccountsAzureAttributes(azureAccount *map[string]interface{}, name string, - directoryId string, applicationId string, subscription string, expectedDeletionTolerance int) resource.TestCheckFunc { + directoryId string, applicationId string, subscription string, expectedDeletionTolerance int, environment string) resource.TestCheckFunc { return func(s *terraform.State) error { account := (*azureAccount)["result"].(map[string]interface{}) if account["name"] != name { @@ -122,6 +124,9 @@ func testAccCheckCheckpointManagementCMEAccountsAzureAttributes(azureAccount *ma if deletionTolerance != expectedDeletionTolerance { return fmt.Errorf("deletion_tolerance is %d, expected %d", deletionTolerance, expectedDeletionTolerance) } + if account["environment"] != environment { + return fmt.Errorf("environment is %s, expected %s", account["environment"], environment) + } return nil } } diff --git a/checkpoint/resource_checkpoint_management_cme_gw_configurations_aws.go b/checkpoint/resource_checkpoint_management_cme_gw_configurations_aws.go index 67df3add..777f7318 100644 --- a/checkpoint/resource_checkpoint_management_cme_gw_configurations_aws.go +++ b/checkpoint/resource_checkpoint_management_cme_gw_configurations_aws.go @@ -45,6 +45,27 @@ func resourceManagementCMEGWConfigurationsAWS() *schema.Resource { Required: true, Description: "The CME account to associate with the GW Configuration.", }, + "section_name": { + Type: schema.TypeString, + Optional: true, + Description: "Name of a rule section in the Access and NAT layers in the policy, where to insert the automatically generated rules.", + }, + "x_forwarded_for": { + Type: schema.TypeBool, + Optional: true, + Description: "Enable XFF headers in HTTP / HTTPS requests.", + }, + "color": { + Type: schema.TypeString, + Optional: true, + Description: "Color of the gateways objects in SmartConsole.", + }, + "communication_with_servers_behind_nat": { + Type: schema.TypeString, + Optional: true, + Description: "Gateway behind NAT communications settings with the Check Point Servers" + + "(Management, Multi-Domain, Log Servers).", + }, "blades": { Type: schema.TypeList, MaxItems: 1, @@ -313,6 +334,14 @@ func readManagementCMEGWConfigurationsAWS(d *schema.ResourceData, m interface{}) _ = d.Set("send_alerts_to_server", AWSGWConfiguration["send-alerts-to-server"]) + _ = d.Set("section_name", AWSGWConfiguration["section_name"]) + + _ = d.Set("x_forwarded_for", AWSGWConfiguration["x_forwarded_for"]) + + _ = d.Set("color", AWSGWConfiguration["color"]) + + _ = d.Set("communication_with_servers_behind_nat", AWSGWConfiguration["communication-with-servers-behind-nat"]) + return nil } @@ -333,6 +362,18 @@ func createManagementCMEGWConfigurationsAWS(d *schema.ResourceData, m interface{ if v, ok := d.GetOk("related_account"); ok { payload["related_account"] = v.(string) } + if v, ok := d.GetOk("section_name"); ok { + payload["section_name"] = v.(string) + } + if v, ok := d.GetOk("x_forwarded_for"); ok { + payload["x_forwarded_for"] = v.(bool) + } + if v, ok := d.GetOk("color"); ok { + payload["color"] = v.(string) + } + if v, ok := d.GetOk("communication_with_servers_behind_nat"); ok { + payload["communication_with_servers_behind_nat"] = v.(string) + } if v, ok := d.GetOk("repository_gateway_scripts"); ok { scriptsList := v.([]interface{}) if len(scriptsList) > 0 { @@ -461,6 +502,18 @@ func updateManagementCMEGWConfigurationsAWS(d *schema.ResourceData, m interface{ if d.HasChange("related_account") { payload["related_account"] = d.Get("related_account") } + if d.HasChange("section_name") { + payload["section_name"] = d.Get("section_name") + } + if d.HasChange("x_forwarded_for") { + payload["x_forwarded_for"] = d.Get("x_forwarded_for") + } + if d.HasChange("color") { + payload["color"] = d.Get("color") + } + if d.HasChange("communication_with_servers_behind_nat") { + payload["communication_with_servers_behind_nat"] = d.Get("communication_with_servers_behind_nat") + } if d.HasChange("repository_gateway_scripts") { if v, ok := d.GetOk("repository_gateway_scripts"); ok { scriptsList := v.([]interface{}) diff --git a/checkpoint/resource_checkpoint_management_cme_gw_configurations_aws_test.go b/checkpoint/resource_checkpoint_management_cme_gw_configurations_aws_test.go index 01058cb6..c91177cd 100644 --- a/checkpoint/resource_checkpoint_management_cme_gw_configurations_aws_test.go +++ b/checkpoint/resource_checkpoint_management_cme_gw_configurations_aws_test.go @@ -17,6 +17,10 @@ func TestAccCheckpointManagementCMEGWConfigurationsAWS_basic(t *testing.T) { gwConfigurationVersion := "R81" gwConfigurationBase64SIC := "MTIzNDU2Nzg=" gwConfigurationPolicy := "Standard" + gwConfigurationXForwardedFor := true + gwConfigurationColor := "black" + gwConfigurationCommunicationWithServersBehindNAT := "translated-ip-only" + context := os.Getenv("CHECKPOINT_CONTEXT") if context == "" { @@ -32,11 +36,13 @@ func TestAccCheckpointManagementCMEGWConfigurationsAWS_basic(t *testing.T) { Steps: []resource.TestStep{ { Config: testAccManagementCMEGWConfigurationsAWSConfig(accountName, gwConfigurationName, gwConfigurationVersion, - gwConfigurationBase64SIC, gwConfigurationPolicy), + gwConfigurationBase64SIC, gwConfigurationPolicy, gwConfigurationXForwardedFor, gwConfigurationColor, + gwConfigurationCommunicationWithServersBehindNAT), Check: resource.ComposeTestCheckFunc( testAccCheckCheckpointManagementCMEGWConfigurationsAWSExists(resourceName, &awsGWConfiguration), testAccCheckCheckpointManagementCMEGWConfigurationsAWSAttributes(&awsGWConfiguration, gwConfigurationName, accountName, gwConfigurationVersion, - gwConfigurationPolicy, true, true), + gwConfigurationPolicy, true, true, gwConfigurationXForwardedFor, + gwConfigurationColor, gwConfigurationCommunicationWithServersBehindNAT), ), }, }, @@ -65,7 +71,8 @@ func testAccCheckpointManagementCMEGWConfigurationsAWSDestroy(s *terraform.State } func testAccManagementCMEGWConfigurationsAWSConfig(accountName string, gwConfigurationName string, gwConfigurationVersion string, - gwConfigurationBase64SIC string, gwConfigurationPolicy string) string { + gwConfigurationBase64SIC string, gwConfigurationPolicy string, gwConfigurationXForwardedFor bool, gwConfigurationColor string, + gwConfigurationCommunicationWithServersBehindNAT string) string { return fmt.Sprintf(` resource "checkpoint_management_cme_accounts_aws" "account_test" { name = "%s" @@ -79,6 +86,9 @@ resource "checkpoint_management_cme_gw_configurations_aws" "gw_configuration_tes version = "%s" base64_sic_key = "%s" policy = "%s" + x_forwarded_for = %t + color = "%s" + communication_with_servers_behind_nat = "%s" blades { ips = true anti_bot = true @@ -94,7 +104,8 @@ resource "checkpoint_management_cme_gw_configurations_aws" "gw_configuration_tes vpn = false } } -`, accountName, gwConfigurationName, gwConfigurationVersion, gwConfigurationBase64SIC, gwConfigurationPolicy) +`, accountName, gwConfigurationName, gwConfigurationVersion, gwConfigurationBase64SIC, gwConfigurationPolicy, gwConfigurationXForwardedFor, + gwConfigurationColor, gwConfigurationCommunicationWithServersBehindNAT) } func testAccCheckCheckpointManagementCMEGWConfigurationsAWSExists(resourceTfName string, res *map[string]interface{}) resource.TestCheckFunc { @@ -126,7 +137,7 @@ func testAccCheckCheckpointManagementCMEGWConfigurationsAWSExists(resourceTfName func testAccCheckCheckpointManagementCMEGWConfigurationsAWSAttributes(awsGWConfiguration *map[string]interface{}, gwConfigurationName string, accountName string, gwConfigurationVersion string, gwConfigurationPolicyName string, ipsFlag bool, - antiBotFlag bool) resource.TestCheckFunc { + antiBotFlag bool, gwConfigurationXForwardedFor bool, gwConfigurationColor string, gwConfigurationCommunicationWithServersBehindNAT string) resource.TestCheckFunc { return func(s *terraform.State) error { gwConfiguration := (*awsGWConfiguration)["result"].(map[string]interface{}) if gwConfiguration["name"] != gwConfigurationName { @@ -150,6 +161,15 @@ func testAccCheckCheckpointManagementCMEGWConfigurationsAWSAttributes(awsGWConfi if antiBot != antiBotFlag { return fmt.Errorf("anti bot is %t, expected %t", antiBot, antiBotFlag) } + if gwConfiguration["x_forwarded_for"] != gwConfigurationXForwardedFor { + return fmt.Errorf("x_forwarded_for is %t, expected %t", gwConfiguration["x_forwarded_for"], gwConfigurationXForwardedFor) + } + if gwConfiguration["color"] != gwConfigurationColor { + return fmt.Errorf("color is %s, expected %s", gwConfiguration["color"], gwConfigurationColor) + } + if gwConfiguration["communication_with_servers_behind_nat"] != gwConfigurationCommunicationWithServersBehindNAT { + return fmt.Errorf("communication_with_servers_behind_nat is %s, expected %s", gwConfiguration["communication_with_servers_behind_nat"], gwConfigurationCommunicationWithServersBehindNAT) + } return nil } } diff --git a/checkpoint/resource_checkpoint_management_cme_gw_configurations_azure.go b/checkpoint/resource_checkpoint_management_cme_gw_configurations_azure.go index 94da9767..e0f8373c 100644 --- a/checkpoint/resource_checkpoint_management_cme_gw_configurations_azure.go +++ b/checkpoint/resource_checkpoint_management_cme_gw_configurations_azure.go @@ -44,6 +44,27 @@ func resourceManagementCMEGWConfigurationsAzure() *schema.Resource { Required: true, Description: "The CME account to associate with the GW Configuration.", }, + "section_name": { + Type: schema.TypeString, + Optional: true, + Description: "Name of a rule section in the Access and NAT layers in the policy, where to insert the automatically generated rules.", + }, + "x_forwarded_for": { + Type: schema.TypeBool, + Optional: true, + Description: "Enable XFF headers in HTTP / HTTPS requests.", + }, + "color": { + Type: schema.TypeString, + Optional: true, + Description: "Color of the gateways objects in SmartConsole.", + }, + "communication_with_servers_behind_nat": { + Type: schema.TypeString, + Optional: true, + Description: "Gateway behind NAT communications settings with the Check Point Servers" + + "(Management, Multi-Domain, Log Servers).", + }, "blades": { Type: schema.TypeList, MaxItems: 1, @@ -164,6 +185,11 @@ func resourceManagementCMEGWConfigurationsAzure() *schema.Resource { Type: schema.TypeString, }, }, + "ipv6": { + Type: schema.TypeBool, + Optional: true, + Description: "Indicates if the GW is configured to support IPv6.", + }, }, } } @@ -264,6 +290,16 @@ func readManagementCMEGWConfigurationsAzure(d *schema.ResourceData, m interface{ _ = d.Set("send_alerts_to_server", AzureGWConfiguration["send-alerts-to-server"]) + _ = d.Set("ipv6", AzureGWConfiguration["ipv6"]) + + _ = d.Set("section_name", AzureGWConfiguration["section_name"]) + + _ = d.Set("x_forwarded_for", AzureGWConfiguration["x_forwarded_for"]) + + _ = d.Set("color", AzureGWConfiguration["color"]) + + _ = d.Set("communication_with_servers_behind_nat", AzureGWConfiguration["communication-with-servers-behind-nat"]) + return nil } @@ -284,6 +320,21 @@ func createManagementCMEGWConfigurationsAzure(d *schema.ResourceData, m interfac if v, ok := d.GetOk("related_account"); ok { payload["related_account"] = v.(string) } + if v, ok := d.GetOk("ipv6"); ok { + payload["ipv6"] = v.(bool) + } + if v, ok := d.GetOk("section_name"); ok { + payload["section_name"] = v.(string) + } + if v, ok := d.GetOk("x_forwarded_for"); ok { + payload["x_forwarded_for"] = v.(bool) + } + if v, ok := d.GetOk("color"); ok { + payload["color"] = v.(string) + } + if v, ok := d.GetOk("communication_with_servers_behind_nat"); ok { + payload["communication_with_servers_behind_nat"] = v.(string) + } if v, ok := d.GetOk("repository_gateway_scripts"); ok { scriptsList := v.([]interface{}) if len(scriptsList) > 0 { @@ -398,6 +449,21 @@ func updateManagementCMEGWConfigurationsAzure(d *schema.ResourceData, m interfac if d.HasChange("related_account") { payload["related_account"] = d.Get("related_account") } + if d.HasChange("ipv6") { + payload["ipv6"] = d.Get("ipv6") + } + if d.HasChange("section_name") { + payload["section_name"] = d.Get("section_name") + } + if d.HasChange("x_forwarded_for") { + payload["x_forwarded_for"] = d.Get("x_forwarded_for") + } + if d.HasChange("color") { + payload["color"] = d.Get("color") + } + if d.HasChange("communication_with_servers_behind_nat") { + payload["communication_with_servers_behind_nat"] = d.Get("communication_with_servers_behind_nat") + } if d.HasChange("repository_gateway_scripts") { if v, ok := d.GetOk("repository_gateway_scripts"); ok { scriptsList := v.([]interface{}) diff --git a/checkpoint/resource_checkpoint_management_cme_gw_configurations_azure_test.go b/checkpoint/resource_checkpoint_management_cme_gw_configurations_azure_test.go index 0aa9d9ee..7f267000 100644 --- a/checkpoint/resource_checkpoint_management_cme_gw_configurations_azure_test.go +++ b/checkpoint/resource_checkpoint_management_cme_gw_configurations_azure_test.go @@ -17,6 +17,12 @@ func TestAccCheckpointManagementCMEGWConfigurationsAzure_basic(t *testing.T) { gwConfigurationVersion := "R81.10" gwConfigurationBase64SIC := "MTIzNDU2Nzg=" gwConfigurationPolicy := "Standard" + gwConfigurationIpv6 := true + gwConfigurationColor := "black" + gwConfigurationXForwardedFor := true + gwConfigurationCommunicationWithServersBehindNAT := "translated-ip-only" + + context := os.Getenv("CHECKPOINT_CONTEXT") if context == "" { @@ -32,11 +38,13 @@ func TestAccCheckpointManagementCMEGWConfigurationsAzure_basic(t *testing.T) { Steps: []resource.TestStep{ { Config: testAccManagementCMEGWConfigurationsAzureConfig(accountName, gwConfigurationName, gwConfigurationVersion, - gwConfigurationBase64SIC, gwConfigurationPolicy), + gwConfigurationBase64SIC, gwConfigurationPolicy, gwConfigurationIpv6, gwConfigurationXForwardedFor, + gwConfigurationColor, gwConfigurationCommunicationWithServersBehindNAT), Check: resource.ComposeTestCheckFunc( testAccCheckCheckpointManagementCMEGWConfigurationsAzureExists(resourceName, &azureGWConfiguration), testAccCheckCheckpointManagementCMEGWConfigurationsAzureAttributes(&azureGWConfiguration, gwConfigurationName, accountName, gwConfigurationVersion, - gwConfigurationPolicy, true, true), + gwConfigurationPolicy, true, true, gwConfigurationIpv6, gwConfigurationXForwardedFor, + gwConfigurationColor, gwConfigurationCommunicationWithServersBehindNAT), ), }, }, @@ -65,7 +73,8 @@ func testAccCheckpointManagementCMEGWConfigurationsAzureDestroy(s *terraform.Sta } func testAccManagementCMEGWConfigurationsAzureConfig(accountName string, gwConfigurationName string, gwConfigurationVersion string, - gwConfigurationBase64SIC string, gwConfigurationPolicy string) string { + gwConfigurationBase64SIC string, gwConfigurationPolicy string, gwConfigurationIpv6 bool, gwConfigurationXForwardedFor bool, + gwConfigurationColor string, gwConfigurationCommunicationWithServersBehindNAT string) string { return fmt.Sprintf(` resource "checkpoint_management_cme_accounts_azure" "account_test" { name = "%s" @@ -95,8 +104,13 @@ resource "checkpoint_management_cme_gw_configurations_azure" "gw_configuration_t url_filtering = false vpn = false } + ipv6 = %t + x_forwarded_for = %t + color = "%s" + communication_with_servers_behind_nat = "%s" } -`, accountName, gwConfigurationName, gwConfigurationVersion, gwConfigurationBase64SIC, gwConfigurationPolicy) +`, accountName, gwConfigurationName, gwConfigurationVersion, gwConfigurationBase64SIC, gwConfigurationPolicy, gwConfigurationIpv6, gwConfigurationXForwardedFor, + gwConfigurationColor, gwConfigurationCommunicationWithServersBehindNAT) } func testAccCheckCheckpointManagementCMEGWConfigurationsAzureExists(resourceTfName string, res *map[string]interface{}) resource.TestCheckFunc { @@ -128,7 +142,8 @@ func testAccCheckCheckpointManagementCMEGWConfigurationsAzureExists(resourceTfNa func testAccCheckCheckpointManagementCMEGWConfigurationsAzureAttributes(azureGWConfiguration *map[string]interface{}, gwConfigurationName string, accountName string, gwConfigurationVersion string, gwConfigurationPolicyName string, httpsInspectionFlag bool, - applicationControlFlag bool) resource.TestCheckFunc { + applicationControlFlag bool, gwConfigurationIpv6 bool, gwConfigurationXForwardedFor bool, + gwConfigurationColor string, gwConfigurationCommunicationWithServersBehindNAT string) resource.TestCheckFunc { return func(s *terraform.State) error { gwConfiguration := (*azureGWConfiguration)["result"].(map[string]interface{}) if gwConfiguration["name"] != gwConfigurationName { @@ -152,6 +167,18 @@ func testAccCheckCheckpointManagementCMEGWConfigurationsAzureAttributes(azureGWC if applicationControl != applicationControlFlag { return fmt.Errorf("application control is %t, expected %t", applicationControl, applicationControlFlag) } + if gwConfiguration["ipv6"] != gwConfigurationIpv6 { + return fmt.Errorf("ipv6 is %t, expected %t", gwConfiguration["ipv6"], gwConfigurationIpv6) + } + if gwConfiguration["x_forwarded_for"] != gwConfigurationXForwardedFor { + return fmt.Errorf("x_forwarded_for is %t, expected %t", gwConfiguration["x_forwarded_for"], gwConfigurationXForwardedFor) + } + if gwConfiguration["color"] != gwConfigurationColor { + return fmt.Errorf("color is %s, expected %s", gwConfiguration["color"], gwConfigurationColor) + } + if gwConfiguration["communication_with_servers_behind_nat"] != gwConfigurationCommunicationWithServersBehindNAT { + return fmt.Errorf("communication_with_servers_behind_nat is %s, expected %s", gwConfiguration["communication_with_servers_behind_nat"], gwConfigurationCommunicationWithServersBehindNAT) + } return nil } } diff --git a/checkpoint/resource_checkpoint_management_cme_gw_configurations_gcp.go b/checkpoint/resource_checkpoint_management_cme_gw_configurations_gcp.go index f1bdb7b5..a65a116f 100644 --- a/checkpoint/resource_checkpoint_management_cme_gw_configurations_gcp.go +++ b/checkpoint/resource_checkpoint_management_cme_gw_configurations_gcp.go @@ -44,6 +44,27 @@ func resourceManagementCMEGWConfigurationsGCP() *schema.Resource { Required: true, Description: "The CME account to associate with the GW Configuration.", }, + "section_name": { + Type: schema.TypeString, + Optional: true, + Description: "Name of a rule section in the Access and NAT layers in the policy, where to insert the automatically generated rules.", + }, + "x_forwarded_for": { + Type: schema.TypeBool, + Optional: true, + Description: "Enable XFF headers in HTTP / HTTPS requests.", + }, + "color": { + Type: schema.TypeString, + Optional: true, + Description: "Color of the gateways objects in SmartConsole.", + }, + "communication_with_servers_behind_nat": { + Type: schema.TypeString, + Optional: true, + Description: "Gateway behind NAT communications settings with the Check Point Servers" + + "(Management, Multi-Domain, Log Servers).", + }, "blades": { Type: schema.TypeList, MaxItems: 1, @@ -264,6 +285,14 @@ func readManagementCMEGWConfigurationsGCP(d *schema.ResourceData, m interface{}) _ = d.Set("send_alerts_to_server", GCPGWConfiguration["send-alerts-to-server"]) + _ = d.Set("section_name", GCPGWConfiguration["section_name"]) + + _ = d.Set("x_forwarded_for", GCPGWConfiguration["x_forwarded_for"]) + + _ = d.Set("color", GCPGWConfiguration["color"]) + + _ = d.Set("communication_with_servers_behind_nat", GCPGWConfiguration["communication-with-servers-behind-nat"]) + return nil } @@ -284,6 +313,18 @@ func createManagementCMEGWConfigurationsGCP(d *schema.ResourceData, m interface{ if v, ok := d.GetOk("related_account"); ok { payload["related_account"] = v.(string) } + if v, ok := d.GetOk("section_name"); ok { + payload["section_name"] = v.(string) + } + if v, ok := d.GetOk("x_forwarded_for"); ok { + payload["x_forwarded_for"] = v.(bool) + } + if v, ok := d.GetOk("color"); ok { + payload["color"] = v.(string) + } + if v, ok := d.GetOk("communication_with_servers_behind_nat"); ok { + payload["communication_with_servers_behind_nat"] = v.(string) + } if v, ok := d.GetOk("repository_gateway_scripts"); ok { scriptsList := v.([]interface{}) if len(scriptsList) > 0 { @@ -398,6 +439,18 @@ func updateManagementCMEGWConfigurationsGCP(d *schema.ResourceData, m interface{ if d.HasChange("related_account") { payload["related_account"] = d.Get("related_account") } + if d.HasChange("section_name") { + payload["section_name"] = d.Get("section_name") + } + if d.HasChange("x_forwarded_for") { + payload["x_forwarded_for"] = d.Get("x_forwarded_for") + } + if d.HasChange("color") { + payload["color"] = d.Get("color") + } + if d.HasChange("communication_with_servers_behind_nat") { + payload["communication_with_servers_behind_nat"] = d.Get("communication_with_servers_behind_nat") + } if d.HasChange("repository_gateway_scripts") { if v, ok := d.GetOk("repository_gateway_scripts"); ok { scriptsList := v.([]interface{}) diff --git a/checkpoint/resource_checkpoint_management_cme_gw_configurations_gcp_test.go b/checkpoint/resource_checkpoint_management_cme_gw_configurations_gcp_test.go index 8e1c0a9c..e98831e4 100644 --- a/checkpoint/resource_checkpoint_management_cme_gw_configurations_gcp_test.go +++ b/checkpoint/resource_checkpoint_management_cme_gw_configurations_gcp_test.go @@ -17,6 +17,10 @@ func TestAccCheckpointManagementCMEGWConfigurationsGCP_basic(t *testing.T) { gwConfigurationVersion := "R81.20" gwConfigurationBase64SIC := "MTIzNDU2Nzg=" gwConfigurationPolicy := "Standard" + gwConfigurationColor := "blue" + gwConfigurationXForwardedFor := true + gwConfigurationCommunicationWithServersBehindNAT := "translated-ip-only" + context := os.Getenv("CHECKPOINT_CONTEXT") if context == "" { @@ -32,11 +36,13 @@ func TestAccCheckpointManagementCMEGWConfigurationsGCP_basic(t *testing.T) { Steps: []resource.TestStep{ { Config: testAccManagementCMEGWConfigurationsGCPConfig(accountName, gwConfigurationName, gwConfigurationVersion, - gwConfigurationBase64SIC, gwConfigurationPolicy), + gwConfigurationBase64SIC, gwConfigurationPolicy, gwConfigurationXForwardedFor, + gwConfigurationColor, gwConfigurationCommunicationWithServersBehindNAT), Check: resource.ComposeTestCheckFunc( testAccCheckCheckpointManagementCMEGWConfigurationsGCPExists(resourceName, &gcpGWConfiguration), testAccCheckCheckpointManagementCMEGWConfigurationsGCPAttributes(&gcpGWConfiguration, gwConfigurationName, accountName, gwConfigurationVersion, - gwConfigurationPolicy, true, true), + gwConfigurationPolicy, true, true, gwConfigurationXForwardedFor, + gwConfigurationColor, gwConfigurationCommunicationWithServersBehindNAT), ), }, }, @@ -65,7 +71,8 @@ func testAccCheckpointManagementCMEGWConfigurationsGCPDestroy(s *terraform.State } func testAccManagementCMEGWConfigurationsGCPConfig(accountName string, gwConfigurationName string, gwConfigurationVersion string, - gwConfigurationBase64SIC string, gwConfigurationPolicy string) string { + gwConfigurationBase64SIC string, gwConfigurationPolicy string, gwConfigurationXForwardedFor bool, + gwConfigurationColor string, gwConfigurationCommunicationWithServersBehindNAT string) string { return fmt.Sprintf(` resource "checkpoint_management_cme_accounts_gcp" "account_test" { name = "%s" @@ -79,6 +86,9 @@ resource "checkpoint_management_cme_gw_configurations_gcp" "gw_configuration_tes version = "%s" base64_sic_key = "%s" policy = "%s" + x_forwarded_for = %t + color = "%s" + communication_with_servers_behind_nat = "%s" blades { content_awareness = true identity_awareness = true @@ -94,7 +104,8 @@ resource "checkpoint_management_cme_gw_configurations_gcp" "gw_configuration_tes vpn = false } } -`, accountName, gwConfigurationName, gwConfigurationVersion, gwConfigurationBase64SIC, gwConfigurationPolicy) +`, accountName, gwConfigurationName, gwConfigurationVersion, gwConfigurationBase64SIC, gwConfigurationPolicy, gwConfigurationXForwardedFor, + gwConfigurationColor, gwConfigurationCommunicationWithServersBehindNAT) } func testAccCheckCheckpointManagementCMEGWConfigurationsGCPExists(resourceTfName string, res *map[string]interface{}) resource.TestCheckFunc { @@ -126,7 +137,8 @@ func testAccCheckCheckpointManagementCMEGWConfigurationsGCPExists(resourceTfName func testAccCheckCheckpointManagementCMEGWConfigurationsGCPAttributes(gcpGWConfiguration *map[string]interface{}, gwConfigurationName string, accountName string, gwConfigurationVersion string, gwConfigurationPolicyName string, contentAwarenessFlag bool, - identityAwarenessFlag bool) resource.TestCheckFunc { + identityAwarenessFlag bool, gwConfigurationXForwardedFor bool, gwConfigurationColor string, + gwConfigurationCommunicationWithServersBehindNAT string) resource.TestCheckFunc { return func(s *terraform.State) error { gwConfiguration := (*gcpGWConfiguration)["result"].(map[string]interface{}) if gwConfiguration["name"] != gwConfigurationName { @@ -150,6 +162,15 @@ func testAccCheckCheckpointManagementCMEGWConfigurationsGCPAttributes(gcpGWConfi if identityAwareness != identityAwarenessFlag { return fmt.Errorf("identity awareness is %t, expected %t", identityAwareness, identityAwarenessFlag) } + if gwConfiguration["x_forwarded_for"] != gwConfigurationXForwardedFor { + return fmt.Errorf("x_forwarded_for is %t, expected %t", gwConfiguration["x_forwarded_for"], gwConfigurationXForwardedFor) + } + if gwConfiguration["color"] != gwConfigurationColor { + return fmt.Errorf("color is %s, expected %s", gwConfiguration["color"], gwConfigurationColor) + } + if gwConfiguration["communication_with_servers_behind_nat"] != gwConfigurationCommunicationWithServersBehindNAT { + return fmt.Errorf("communication_with_servers_behind_nat is %s, expected %s", gwConfiguration["communication_with_servers_behind_nat"], gwConfigurationCommunicationWithServersBehindNAT) + } return nil } } diff --git a/website/docs/d/checkpoint_management_cme_accounts.html.markdown b/website/docs/d/checkpoint_management_cme_accounts.html.markdown index 0b189ad7..916cdf0b 100644 --- a/website/docs/d/checkpoint_management_cme_accounts.html.markdown +++ b/website/docs/d/checkpoint_management_cme_accounts.html.markdown @@ -9,10 +9,8 @@ description: |- Use this data source to get information on all Check Point CME A Use this data source to get information on all Check Point CME Accounts. -Available in: +For details about the compatibility between the Terraform Release version and the CME API version, please refer to the section [Compatibility with CME](../index.html.markdown#compatibility-with-cme). -- Check Point Security Management/Multi-Domain Security Management Server R81.10 and higher. -- CME Take 255 and higher. ## Example Usage diff --git a/website/docs/d/checkpoint_management_cme_accounts_aws.html.markdown b/website/docs/d/checkpoint_management_cme_accounts_aws.html.markdown index 5966a4bf..ab04baef 100644 --- a/website/docs/d/checkpoint_management_cme_accounts_aws.html.markdown +++ b/website/docs/d/checkpoint_management_cme_accounts_aws.html.markdown @@ -9,10 +9,8 @@ description: |- Use this data source to get information on an existing Check Poi Use this data source to get information on an existing Check Point CME AWS Account. -Available in: +For details about the compatibility between the Terraform Release version and the CME API version, please refer to the section [Compatibility with CME](../index.html.markdown#compatibility-with-cme). -- Check Point Security Management/Multi-Domain Security Management Server R81.10 and higher. -- CME Take 255 and higher. ## Example Usage diff --git a/website/docs/d/checkpoint_management_cme_accounts_azure.html.markdown b/website/docs/d/checkpoint_management_cme_accounts_azure.html.markdown index 9e6cf60d..df03bcf6 100644 --- a/website/docs/d/checkpoint_management_cme_accounts_azure.html.markdown +++ b/website/docs/d/checkpoint_management_cme_accounts_azure.html.markdown @@ -9,10 +9,8 @@ description: |- Use this data source to get information on an existing Check Poi Use this data source to get information on an existing Check Point CME Azure Account. -Available in: +For details about the compatibility between the Terraform Release version and the CME API version, please refer to the section [Compatibility with CME](../index.html.markdown#compatibility-with-cme). -- Check Point Security Management/Multi-Domain Security Management Server R81.10 and higher. -- CME Take 255 and higher. ## Example Usage @@ -34,5 +32,6 @@ These arguments are supported: * `deletion_tolerance` - The number of CME cycles to wait when the cloud provider does not return a Gateway until its deletion. * `domain` - The account's domain name in Multi-Domain Security Management Server environment. +* `environmnet` - The Azure environmnet. * `platform` - The platform of the account. * `gw_configurations` - A list of Gateway configurations attached to the account. diff --git a/website/docs/d/checkpoint_management_cme_accounts_gcp.html.markdown b/website/docs/d/checkpoint_management_cme_accounts_gcp.html.markdown index d26e2f47..dc8b3753 100644 --- a/website/docs/d/checkpoint_management_cme_accounts_gcp.html.markdown +++ b/website/docs/d/checkpoint_management_cme_accounts_gcp.html.markdown @@ -9,10 +9,8 @@ description: |- Use this data source to get information on an existing Check Poi Use this data source to get information on an existing Check Point CME GCP Account. -Available in: +For details about the compatibility between the Terraform Release version and the CME API version, please refer to the section [Compatibility with CME](../index.html.markdown#compatibility-with-cme). -- Check Point Security Management/Multi-Domain Security Management Server R81.10 and higher. -- CME Take 255 and higher. ## Example Usage diff --git a/website/docs/d/checkpoint_management_cme_api_versions.html.markdown b/website/docs/d/checkpoint_management_cme_api_versions.html.markdown index 7a55c01b..366e805d 100644 --- a/website/docs/d/checkpoint_management_cme_api_versions.html.markdown +++ b/website/docs/d/checkpoint_management_cme_api_versions.html.markdown @@ -9,10 +9,8 @@ description: |- Use this data source to get information on existing Check Point Use this data source to get information on existing Check Point CME API versions. -Available in: +For details about the compatibility between the Terraform Release version and the CME API version, please refer to the section [Compatibility with CME](../index.html.markdown#compatibility-with-cme). -- Check Point Security Management/Multi-Domain Security Management Server R81.10 and higher. -- CME Take 255 and higher. ## Example Usage diff --git a/website/docs/d/checkpoint_management_cme_delay_cycle.html.markdown b/website/docs/d/checkpoint_management_cme_delay_cycle.html.markdown index 3154e7cb..d974ec2c 100644 --- a/website/docs/d/checkpoint_management_cme_delay_cycle.html.markdown +++ b/website/docs/d/checkpoint_management_cme_delay_cycle.html.markdown @@ -9,10 +9,8 @@ description: |- Use this data source to get information on existing Check Point Use this data source to get information on existing Check Point CME Delay Cycle. -Available in: +For details about the compatibility between the Terraform Release version and the CME API version, please refer to the section [Compatibility with CME](../index.html.markdown#compatibility-with-cme). -- Check Point Security Management/Multi-Domain Security Management Server R81.10 and higher. -- CME Take 255 and higher. ## Example Usage diff --git a/website/docs/d/checkpoint_management_cme_gw_configurations.html.markdown b/website/docs/d/checkpoint_management_cme_gw_configurations.html.markdown index 6e9dd460..01325e39 100644 --- a/website/docs/d/checkpoint_management_cme_gw_configurations.html.markdown +++ b/website/docs/d/checkpoint_management_cme_gw_configurations.html.markdown @@ -9,10 +9,8 @@ description: |- Use this data source to get information on all Check Point CME G Use this data source to get information on all Check Point CME Gateway Configurations. -Available in: +For details about the compatibility between the Terraform Release version and the CME API version, please refer to the section [Compatibility with CME](../index.html.markdown#compatibility-with-cme). -- Check Point Security Management/Multi-Domain Security Management Server R81.10 and higher. -- CME Take 255 and higher. ## Example Usage @@ -53,3 +51,7 @@ These arguments are supported: * `send_logs_to_backup_server` - Comma-separated list of Backup Log Servers names to which logs are sent if the Primary Log Servers are unavailable. * `send_alerts_to_server` - Comma-separated list of Alert Log Servers names to which alerts are sent. + * `section_name` - Name of a rule section in the Access and NAT layers in the policy, where to insert the automatically generated rules. + * `x_forwarded_for` - Enable XFF headers in HTTP / HTTPS requests. + * `color` - Color of the gateways objects in SmartConsole. + * `communication_with_servers_behind_nat` - Gateway behind NAT communications settings with the Check Point Servers(Management, Multi-Domain, Log Servers). \ No newline at end of file diff --git a/website/docs/d/checkpoint_management_cme_gw_configurations_aws.html.markdown b/website/docs/d/checkpoint_management_cme_gw_configurations_aws.html.markdown index 7f6c5b4f..8c87627a 100644 --- a/website/docs/d/checkpoint_management_cme_gw_configurations_aws.html.markdown +++ b/website/docs/d/checkpoint_management_cme_gw_configurations_aws.html.markdown @@ -9,10 +9,8 @@ description: |- Use this data source to get information on an existing Check Poi Use this data source to get information on an existing Check Point CME AWS Gateway Configurations. -Available in: +For details about the compatibility between the Terraform Release version and the CME API version, please refer to the section [Compatibility with CME](../index.html.markdown#compatibility-with-cme). -- Check Point Security Management/Multi-Domain Security Management Server R81.10 and higher. -- CME Take 255 and higher. ## Example Usage @@ -60,3 +58,7 @@ These arguments are supported: * `send_logs_to_backup_server` - Comma-separated list of Backup Log Servers names to which logs are sent if the Primary Log Servers are unavailable. * `send_alerts_to_server` - Comma-separated list of Alert Log Servers names to which alerts are sent. +* `section_name` - Name of a rule section in the Access and NAT layers in the policy, where to insert the automatically generated rules. +* `x_forwarded_for` - Enable XFF headers in HTTP / HTTPS requests. +* `color` - Color of the gateways objects in SmartConsole. +* `communication_with_servers_behind_nat` - Gateway behind NAT communications settings with the Check Point Servers(Management, Multi-Domain, Log Servers). \ No newline at end of file diff --git a/website/docs/d/checkpoint_management_cme_gw_configurations_azure.html.markdown b/website/docs/d/checkpoint_management_cme_gw_configurations_azure.html.markdown index ecef1275..491693c5 100644 --- a/website/docs/d/checkpoint_management_cme_gw_configurations_azure.html.markdown +++ b/website/docs/d/checkpoint_management_cme_gw_configurations_azure.html.markdown @@ -9,10 +9,8 @@ description: |- Use this data source to get information on an existing Check Poi Use this data source to get information on an existing Check Point CME Azure Gateway Configurations. -Available in: +For details about the compatibility between the Terraform Release version and the CME API version, please refer to the section [Compatibility with CME](../index.html.markdown#compatibility-with-cme). -- Check Point Security Management/Multi-Domain Security Management Server R81.10 and higher. -- CME Take 255 and higher. ## Example Usage @@ -53,3 +51,8 @@ These arguments are supported: * `send_logs_to_backup_server` - Comma-separated list of Backup Log Servers names to which logs are sent if the Primary Log Servers are unavailable. * `send_alerts_to_server` - Comma-separated list of Alert Log Servers names to which alerts are sent. +* `section_name` - Name of a rule section in the Access and NAT layers in the policy, where to insert the automatically generated rules. +* `x_forwarded_for` - Enable XFF headers in HTTP / HTTPS requests. +* `color` - Color of the gateways objects in SmartConsole. +* `ipv6` - Enable IPv6 for Azure VMSS. +* `communication_with_servers_behind_nat` - Gateway behind NAT communications settings with the Check Point Servers(Management, Multi-Domain, Log Servers). \ No newline at end of file diff --git a/website/docs/d/checkpoint_management_cme_gw_configurations_gcp.html.markdown b/website/docs/d/checkpoint_management_cme_gw_configurations_gcp.html.markdown index d748268e..1405a6a0 100644 --- a/website/docs/d/checkpoint_management_cme_gw_configurations_gcp.html.markdown +++ b/website/docs/d/checkpoint_management_cme_gw_configurations_gcp.html.markdown @@ -9,10 +9,8 @@ description: |- Use this data source to get information on an existing Check Poi Use this data source to get information on an existing Check Point CME GCP Gateway Configurations. -Available in: +For details about the compatibility between the Terraform Release version and the CME API version, please refer to the section [Compatibility with CME](../index.html.markdown#compatibility-with-cme). -- Check Point Security Management/Multi-Domain Security Management Server R81.10 and higher. -- CME Take 255 and higher. ## Example Usage @@ -53,3 +51,7 @@ These arguments are supported: * `send_logs_to_backup_server` - Comma-separated list of Backup Log Servers names to which logs are sent if the Primary Log Servers are unavailable. * `send_alerts_to_server` - Comma-separated list of Alert Log Servers names to which alerts are sent. +* `section_name` - Name of a rule section in the Access and NAT layers in the policy, where to insert the automatically generated rules. +* `x_forwarded_for` - Enable XFF headers in HTTP / HTTPS requests. +* `color` - Color of the gateways objects in SmartConsole. +* `communication_with_servers_behind_nat` - Gateway behind NAT communications settings with the Check Point Servers(Management, Multi-Domain, Log Servers). \ No newline at end of file diff --git a/website/docs/d/checkpoint_management_cme_management.html.markdown b/website/docs/d/checkpoint_management_cme_management.html.markdown index 4265291b..c3192fa3 100644 --- a/website/docs/d/checkpoint_management_cme_management.html.markdown +++ b/website/docs/d/checkpoint_management_cme_management.html.markdown @@ -9,10 +9,8 @@ description: |- Use this data source to get information on existing Check Point Use this data source to get information on existing Check Point CME Management. -Available in: +For details about the compatibility between the Terraform Release version and the CME API version, please refer to the section [Compatibility with CME](../index.html.markdown#compatibility-with-cme). -- Check Point Security Management/Multi-Domain Security Management Server R81.10 and higher. -- CME Take 255 and higher. ## Example Usage diff --git a/website/docs/d/checkpoint_management_cme_version.html.markdown b/website/docs/d/checkpoint_management_cme_version.html.markdown index a1f15602..c255355d 100644 --- a/website/docs/d/checkpoint_management_cme_version.html.markdown +++ b/website/docs/d/checkpoint_management_cme_version.html.markdown @@ -9,10 +9,8 @@ description: |- Use this data source to get information on existing Check Point Use this data source to get information on existing Check Point CME version. -Available in: +For details about the compatibility between the Terraform Release version and the CME API version, please refer to the section [Compatibility with CME](../index.html.markdown#compatibility-with-cme). -- Check Point Security Management/Multi-Domain Security Management Server R81.10 and higher. -- CME Take 255 and higher. ## Example Usage diff --git a/website/docs/index.html.markdown b/website/docs/index.html.markdown index 7d7de24c..ef259689 100644 --- a/website/docs/index.html.markdown +++ b/website/docs/index.html.markdown @@ -391,6 +391,22 @@ $ terraform import checkpoint_management_host.host 9423d36f-2d66-4754-b9e2-e7f44 For more information about `terraform import` command, please refer [here](https://www.terraform.io/docs/import/usage.html). +## Compatibility with CME +Check Point Provider supports configuring objects in CME configuration file starting from Security Management/Multi-Domain Security Management Server version R81.10 and higher. + +The table below shows the compatibility between the Terraform Release version and the CME API version: + +| Terraform Release version | CME API version | CME Take | +|---------------------------|-----------------|----------------| +| v2.8.0 | v1.2 | 279 and higher | +| v2.7.0 | v1.1 | 255 and higher | + + +-> **Note:** When you install or upgrade the Terraform Release version, make sure to also upgrade CME to the corresponding CME Take to properly configure CME resources. + + +For details about upgrading CME, please refer to the documentation [here](https://sc1.checkpoint.com/documents/IaaS/WebAdminGuides/EN/CP_CME/Content/Topics-CME/Installing_and_Updating_CME.htm?tocpath=_____4). + ## Tips & Best Practices This section describes best practices for working with the Check Point provider. diff --git a/website/docs/r/checkpoint_management_cme_accounts_aws.html.markdown b/website/docs/r/checkpoint_management_cme_accounts_aws.html.markdown index c5bf6efe..a9ec455d 100644 --- a/website/docs/r/checkpoint_management_cme_accounts_aws.html.markdown +++ b/website/docs/r/checkpoint_management_cme_accounts_aws.html.markdown @@ -9,10 +9,8 @@ description: |- This resource allows you to add/update/delete Check Point CME AW This resource allows you to add/update/delete Check Point CME AWS Account. -Available in: +For details about the compatibility between the Terraform Release version and the CME API version, please refer to the section [Compatibility with CME](../index.html.markdown#compatibility-with-cme). -- Check Point Security Management/Multi-Domain Security Management Server R81.10 and higher. -- CME Take 255 and higher. ## Example Usage diff --git a/website/docs/r/checkpoint_management_cme_accounts_azure.html.markdown b/website/docs/r/checkpoint_management_cme_accounts_azure.html.markdown index 34a5be5d..47a9bf7d 100644 --- a/website/docs/r/checkpoint_management_cme_accounts_azure.html.markdown +++ b/website/docs/r/checkpoint_management_cme_accounts_azure.html.markdown @@ -9,10 +9,8 @@ description: |- This resource allows you to add/update/delete Check Point CME Az This resource allows you to add/update/delete Check Point CME Azure Account. -Available in: +For details about the compatibility between the Terraform Release version and the CME API version, please refer to the section [Compatibility with CME](../index.html.markdown#compatibility-with-cme). -- Check Point Security Management/Multi-Domain Security Management Server R81.10 and higher. -- CME Take 255 and higher. ## Example Usage @@ -23,6 +21,7 @@ resource "checkpoint_management_cme_accounts_azure" "azure_account" { application_id = "abcd1234-ab12-cd34-ef56-abcdef123456" client_secret = "mySecret" subscription = "abcd1234-ab12-cd34-ef56-abcdef123456" + environmnet = "AzureCloud" } ``` @@ -38,6 +37,7 @@ These arguments are supported: * `deletion_tolerance` - (Optional) The number of CME cycles to wait when the cloud provider does not return a Gateway until its deletion. * `domain` - (Optional) The account's domain name in Multi-Domain Security Management Server environment. +* `environment` - (Optional) The Azure environmnet. ## Limitations diff --git a/website/docs/r/checkpoint_management_cme_accounts_gcp.html.markdown b/website/docs/r/checkpoint_management_cme_accounts_gcp.html.markdown index c38a297b..075f7516 100644 --- a/website/docs/r/checkpoint_management_cme_accounts_gcp.html.markdown +++ b/website/docs/r/checkpoint_management_cme_accounts_gcp.html.markdown @@ -9,10 +9,8 @@ description: |- This resource allows you to add/update/delete Check Point CME GC This resource allows you to add/update/delete Check Point CME GCP Account. -Available in: +For details about the compatibility between the Terraform Release version and the CME API version, please refer to the section [Compatibility with CME](../index.html.markdown#compatibility-with-cme). -- Check Point Security Management/Multi-Domain Security Management Server R81.10 and higher. -- CME Take 255 and higher. ## Example Usage diff --git a/website/docs/r/checkpoint_management_cme_delay_cycle.html.markdown b/website/docs/r/checkpoint_management_cme_delay_cycle.html.markdown index 9080eb5d..5f283de9 100644 --- a/website/docs/r/checkpoint_management_cme_delay_cycle.html.markdown +++ b/website/docs/r/checkpoint_management_cme_delay_cycle.html.markdown @@ -9,10 +9,8 @@ description: |- This resource allows you to update an existing Check Point CME D This resource allows you to update an existing Check Point CME Delay Cycle. -Available in: +For details about the compatibility between the Terraform Release version and the CME API version, please refer to the section [Compatibility with CME](../index.html.markdown#compatibility-with-cme). -- Check Point Security Management/Multi-Domain Security Management Server R81.10 and higher. -- CME Take 255 and higher. ## Example Usage diff --git a/website/docs/r/checkpoint_management_cme_gw_configurations_aws.html.markdown b/website/docs/r/checkpoint_management_cme_gw_configurations_aws.html.markdown index f516bfb4..c18e824f 100644 --- a/website/docs/r/checkpoint_management_cme_gw_configurations_aws.html.markdown +++ b/website/docs/r/checkpoint_management_cme_gw_configurations_aws.html.markdown @@ -9,10 +9,8 @@ description: |- This resource allows you to add/update/delete Check Point CME AW This resource allows you to add/update/delete Check Point CME AWS Gateway Configurations. -Available in: +For details about the compatibility between the Terraform Release version and the CME API version, please refer to the section [Compatibility with CME](../index.html.markdown#compatibility-with-cme). -- Check Point Security Management/Multi-Domain Security Management Server R81.10 and higher. -- CME Take 255 and higher. ## Example Usage @@ -28,6 +26,10 @@ resource "checkpoint_management_cme_gw_configurations_aws" "gw_config_aws" { send_logs_to_server = ["PLS_A"] send_logs_to_backup_server = ["BLS_B"] send_alerts_to_server = ["ALS_C"] + section_name = "my_section" + x_forwarded_for = true + color = "blue" + communication_with_servers_behind_nat = "translated-ip-only" repository_gateway_scripts { name = "myScript" parameters = "ls -l" @@ -90,3 +92,9 @@ These arguments are supported: * `send_logs_to_backup_server` - (Optional) Comma-separated list of Backup Log Servers names to which logs are sent if the Primary Log Servers are unavailable. * `send_alerts_to_server` - (Optional) Comma-separated list of Alert Log Servers names to which alerts are sent. +* `section_name` - (Optional) Name of a rule section in the Access and NAT layers in the policy, where to insert the automatically generated rules. +* `x_forwarded_for` - (Optional) Enable XFF headers in HTTP / HTTPS requests. +* `color` - (Optional) Color of the gateways objects in SmartConsole. +* `communication_with_servers_behind_nat` - (Optional) Gateway behind NAT communications settings with the Check Point Servers(Management, Multi-Domain, Log Servers). + + diff --git a/website/docs/r/checkpoint_management_cme_gw_configurations_azure.html.markdown b/website/docs/r/checkpoint_management_cme_gw_configurations_azure.html.markdown index ae6c624b..7e6f8eaf 100644 --- a/website/docs/r/checkpoint_management_cme_gw_configurations_azure.html.markdown +++ b/website/docs/r/checkpoint_management_cme_gw_configurations_azure.html.markdown @@ -9,10 +9,8 @@ description: |- This resource allows you to add/update/delete Check Point CME Az This resource allows you to add/update/delete Check Point CME Azure Gateway Configurations. -Available in: +For details about the compatibility between the Terraform Release version and the CME API version, please refer to the section [Compatibility with CME](../index.html.markdown#compatibility-with-cme). -- Check Point Security Management/Multi-Domain Security Management Server R81.10 and higher. -- CME Take 255 and higher. ## Example Usage @@ -26,6 +24,12 @@ resource "checkpoint_management_cme_gw_configurations_azure" "gw_config_azure" { send_logs_to_server = ["PLS_A"] send_logs_to_backup_server = ["BLS_B"] send_alerts_to_server = ["ALS_C"] + section_name = "my_section" + x_forwarded_for = true + color = "blue" + ipv6 = true + communication_with_servers_behind_nat = "translated-ip-only" + repository_gateway_scripts { name = "myScript" parameters = "ls -l" @@ -78,3 +82,8 @@ These arguments are supported: * `send_logs_to_backup_server` - (Optional) Comma-separated list of Backup Log Servers names to which logs are sent if the Primary Log Servers are unavailable. * `send_alerts_to_server` - (Optional) Comma-separated list of Alert Log Servers names to which alerts are sent. +* `section_name` - (Optional) Name of a rule section in the Access and NAT layers in the policy, where to insert the automatically generated rules. +* `x_forwarded_for` - (Optional) Enable XFF headers in HTTP / HTTPS requests. +* `color` - (Optional) Color of the gateways objects in SmartConsole. +* `ipv6` - (Optional) Enable IPv6 for Azure VMSS. +* `communication_with_servers_behind_nat` - (Optional) Gateway behind NAT communications settings with the Check Point Servers(Management, Multi-Domain, Log Servers). \ No newline at end of file diff --git a/website/docs/r/checkpoint_management_cme_gw_configurations_gcp.html.markdown b/website/docs/r/checkpoint_management_cme_gw_configurations_gcp.html.markdown index 72b0bc13..6e5365c7 100644 --- a/website/docs/r/checkpoint_management_cme_gw_configurations_gcp.html.markdown +++ b/website/docs/r/checkpoint_management_cme_gw_configurations_gcp.html.markdown @@ -9,10 +9,8 @@ description: |- This resource allows you to add/update/delete Check Point CME GC This resource allows you to add/update/delete Check Point CME GCP Gateway Configurations. -Available in: +For details about the compatibility between the Terraform Release version and the CME API version, please refer to the section [Compatibility with CME](../index.html.markdown#compatibility-with-cme). -- Check Point Security Management/Multi-Domain Security Management Server R81.10 and higher. -- CME Take 255 and higher. ## Example Usage @@ -26,6 +24,10 @@ resource "checkpoint_management_cme_gw_configurations_gcp" "gw_config_gcp" { send_logs_to_server = ["PLS_A"] send_logs_to_backup_server = ["BLS_B"] send_alerts_to_server = ["ALS_C"] + section_name = "my_section" + x_forwarded_for = true + color = "blue" + communication_with_servers_behind_nat = "translated-ip-only" repository_gateway_scripts { name = "myScript" parameters = "ls -l" @@ -78,3 +80,7 @@ These arguments are supported: * `send_logs_to_backup_server` - (Optional) Comma-separated list of Backup Log Servers names to which logs are sent if the Primary Log Servers are unavailable. * `send_alerts_to_server` - (Optional) Comma-separated list of Alert Log Servers names to which alerts are sent. +* `section_name` - (Optional) Name of a rule section in the Access and NAT layers in the policy, where to insert the automatically generated rules. +* `x_forwarded_for` - (Optional) Enable XFF headers in HTTP / HTTPS requests. +* `color` - (Optional) Color of the gateways objects in SmartConsole. +* `communication_with_servers_behind_nat` - (Optional) Gateway behind NAT communications settings with the Check Point Servers(Management, Multi-Domain, Log Servers). \ No newline at end of file diff --git a/website/docs/r/checkpoint_management_cme_management.html.markdown b/website/docs/r/checkpoint_management_cme_management.html.markdown index a477e58e..9c566182 100644 --- a/website/docs/r/checkpoint_management_cme_management.html.markdown +++ b/website/docs/r/checkpoint_management_cme_management.html.markdown @@ -9,10 +9,8 @@ description: |- This resource allows you to update an existing Check Point CME M This resource allows you to update an existing Check Point CME Management. -Available in: +For details about the compatibility between the Terraform Release version and the CME API version, please refer to the section [Compatibility with CME](../index.html.markdown#compatibility-with-cme). -- Check Point Security Management/Multi-Domain Security Management Server R81.10 and higher. -- CME Take 255 and higher. ## Example Usage