» checkpoint_management_service_udp

This resource allows you to add/update/delete Check Point Service Udp.

» Example Usage

resource "checkpoint_management_service_udp" "example" {
  name = "New_UDP_Service_1"
  port = 5669
  keep_connections_open_after_policy_installation = false
  session_timeout = 0
  match_for_any = true
  sync_connections_on_cluster = true
  aggressive_aging = {
    enable = true
    timeout = 360
    use_default_timeout = false
  accept_replies = false

» Argument Reference

The following arguments are supported:

  • name - (Required) Object name. Should be unique in the domain.
  • accept_replies - (Optional) N/A.
  • aggressive_aging - (Optional) Sets short (aggressive) timeouts for idle connections. Aggressive Aging blocks are documented below.
  • keep_connections_open_after_policy_installation - (Optional) Keep connections open after policy has been installed even if they are not allowed under the new policy. This overrides the settings in the Connection Persistence page. If you change this property, the change will not affect open connections, but only future connections.
  • match_by_protocol_signature - (Optional) A value of true enables matching by the selected protocol's signature - the signature identifies the protocol as genuine. Select this option to limit the port to the specified protocol. If the selected protocol does not support matching by signature, this field cannot be set to true.
  • match_for_any - (Optional) Indicates whether this service is used when 'Any' is set as the rule's service and there are several service objects with the same source port and protocol.
  • override_default_settings - (Optional) Indicates whether this service is a Data Domain service which has been overridden.
  • port - (Optional) The number of the port used to provide this service. To specify a port range, place a hyphen between the lowest and highest port numbers, for example 44-55.
  • protocol - (Optional) Select the protocol type associated with the service, and by implication, the management server (if any) that enforces Content Security and Authentication for the service. Selecting a Protocol Type invokes the specific protocol handlers for each protocol type, thus enabling higher level of security by parsing the protocol, and higher level of connectivity by tracking dynamic actions (such as opening of ports).
  • session_timeout - (Optional) Time (in seconds) before the session times out.
  • source_port - (Optional) Port number for the client side service. If specified, only those Source port Numbers will be Accepted, Dropped, or Rejected during packet inspection. Otherwise, the source port is not inspected.
  • sync_connections_on_cluster - (Optional)Enables state-synchronized High Availability or Load Sharing on a ClusterXL or OPSEC-certified cluster.
  • use_default_session_timeout - (Optional) Use default virtual session timeout.
  • ignore_warnings - (Optional) Apply changes ignoring warnings.
  • ignore_errors - (Optional) Apply changes ignoring errors. You won't be able to publish such a changes. If ignore-warnings flag was omitted - warnings will also be ignored.
  • color - (Optional) Color of the object. Should be one of existing colors.
  • comments - (Optional) Comments string.
  • tags - (Optional) Collection of tag identifiers.

aggressive_aging supports the following: