When using a custom encryption suite in cp_mgmt_vpn_community_star, it should be possible to set a value of sha512 for data_integrity in ike_phase_1 and ike_phase_2.
It is also visible as an option when configuring via the MDS Smart Console.
If I add sha512 as an option in the choices list in the two links above to cp_mgmt_vpn_community_star.py, everything works and the VPN community star is successfully created.
Ansible Output:
TASK [add-vpn-community-star] ****************************************************************************************************************************************************************************************************************************************************************
fatal: [some-host-name]: FAILED! => {"changed": false, "msg": "value of data_integrity must be one of: aes-xcbc, sha1, sha256, sha384, md5, got: sha512 found in ike_phase_1"}
When using a custom encryption suite in
cp_mgmt_vpn_community_star
, it should be possible to set a value ofsha512
for data_integrity inike_phase_1
andike_phase_2
.This is confirmed in the API documentation at https://sc1.checkpoint.com/documents/latest/APIs/#cli/add-vpn-community-star~v1.9.1%20
However,
sha512
is excluded as an option in https://github.com/CheckPointSW/CheckPointAnsibleMgmtCollection/blob/67b2370821f03c1b93e3c4eef9b6d63b9009f675/plugins/modules/cp_mgmt_vpn_community_star.py#L403 and https://github.com/CheckPointSW/CheckPointAnsibleMgmtCollection/blob/67b2370821f03c1b93e3c4eef9b6d63b9009f675/plugins/modules/cp_mgmt_vpn_community_star.py#L429It is also visible as an option when configuring via the MDS Smart Console.
If I add
sha512
as an option in the choices list in the two links above tocp_mgmt_vpn_community_star.py
, everything works and the VPN community star is successfully created.Ansible Output: