https://community.checkpoint.com/t5/Cloud-Firewall/GCP-terraform-unable-to-deploy-cluster-sic/m-p/188223#M2 <P>Hi&nbsp;<a href="https://community.checkpoint.com/t5/user/viewprofilepage/user-id/81338">@oshrio</a>&nbsp;,</P> <P>Can you share which machine type you use? The default,&nbsp;<SPAN>n1-standard-4,&nbsp; is not supported in me-west1-a zone (according to this documentation <A href="https://cloud.google.com/compute/docs/regions-zones#:~:text=Bridge%2C%20Broadwell%2C%20Skylake-,me%2Dwest1%2Da,-Tel%20Aviv%2C%20Israel)" target="_blank">https://cloud.google.com/compute/docs/regions-zones#:~:text=Bridge%2C%20Broadwell%2C%20Skylake-,me%2Dwest1%2Da,-Tel%20Aviv%2C%20Israel)</A></SPAN></P> <P><SPAN>In addition, for 6 internal NICs you should use a&nbsp;<SPAN>machine type</SPAN> with at least 32GB (<SPAN>8 vCPU, 4 core</SPAN>).</SPAN></P> <P><SPAN>For example, for E2 series you should choose the "<SPAN>e2-standard-8 (8 vCPU, 4 core, 32 GB memory)" machine type.</SPAN></SPAN></P> <P>&nbsp;</P> <P><SPAN>Thanks,</SPAN></P> <P><SPAN>Olga</SPAN></P> Tue, 01 Aug 2023 08:40:35 GMT Olga-Miro 2023-08-01T08:40:35Z https://community.checkpoint.com/t5/Cloud-Firewall/GCP-terraform-unable-to-deploy-cluster-sic/m-p/188057#M1 <P>Hello,</P><P>I'm using the TF code to deploy cluster.&nbsp;</P><P>When the GW is coming up I can view the Wizard&nbsp;@ GW (also sic key is not configured), looks like it didn't get all the parameters from the startup script.</P><P>When the GW is starting up I can see in the console log this message:</P><PRE>FW-1: loading tp_conf_service FireWall-1: Starting fwd FireWall-1: Starting CPU Spike Detective WARNING: /etc/modprobe.conf line 6: ignoring bad line starting with 'options' WARNING: /etc/modprobe.conf line 7: ignoring bad line starting with 'virtio_net' WARNING: /etc/modprobe.conf line 8: ignoring bad line starting with 'rxmrg=0' SecureXL disabled, cannot use affinity commands sim_register_adp_service: SecureXL device 0 assigned client ID 0 SecureXL device is enabled. sxl_dev_id=0 fw_register_adp_service: FW assigned client ID 1 fw_register_adp_service: FW registered successfully with ADP driver. vsid 0 SecureXL device is enabled. sxl_dev_id=0 fw_register_adp_service: already registered FireWall-1: Fetching policy Installing Security Policy InitialPolicy on all.all@checkpoint-ha-a-02 Fetching Security Policy from localhost succeeded HA not installed"<BR /><BR />##########################################<BR />startup script:<BR /><SPAN> - python3 /etc/cloud_config.py generatePassword=\"true\" allowUploadDownload=\"true\" templateName=\"cluster_tf\" templateVersion=\"20230109\" mgmtNIC="XX" hasInternet=\"true\" config_url=\"https://runtimeconfig.googleapis.com/v1beta1/projects/kuku-net-0/configs/checkpoint-ha-a-02-config\" config_path=\"projects/kuku-net-0/configs/checkpoint-ha-a-02-config\" installationType="XClusterX" enableMonitoring=\"true\" primary_cluster_address_name=\"1.1.1.8\" secondary_cluster_address_name=\"1.1.1.2\" shell=\"/bin/bash\" computed_sic_key=\"12345678987654321\" sicKey=\"12345678987654321\" managementGUIClientNetwork=\"100.64.0.0/24\" managementNetwork=\"100.64.0.0/24\" numAdditionalNICs=\"6\" smart1CloudToken="XXXX" name=\"checkpoint-ha-a-02\" zone=\"me-west1-a\" region=\"me-west1\"</SPAN></PRE><P>&nbsp;</P> Mon, 31 Jul 2023 07:38:40 GMT https://community.checkpoint.com/t5/Cloud-Firewall/GCP-terraform-unable-to-deploy-cluster-sic/m-p/188057#M1 oshrio 2023-07-31T07:38:40Z https://community.checkpoint.com/t5/Cloud-Firewall/GCP-terraform-unable-to-deploy-cluster-sic/m-p/188223#M2 <P>Hi&nbsp;<a href="https://community.checkpoint.com/t5/user/viewprofilepage/user-id/81338">@oshrio</a>&nbsp;,</P> <P>Can you share which machine type you use? The default,&nbsp;<SPAN>n1-standard-4,&nbsp; is not supported in me-west1-a zone (according to this documentation <A href="https://cloud.google.com/compute/docs/regions-zones#:~:text=Bridge%2C%20Broadwell%2C%20Skylake-,me%2Dwest1%2Da,-Tel%20Aviv%2C%20Israel)" target="_blank">https://cloud.google.com/compute/docs/regions-zones#:~:text=Bridge%2C%20Broadwell%2C%20Skylake-,me%2Dwest1%2Da,-Tel%20Aviv%2C%20Israel)</A></SPAN></P> <P><SPAN>In addition, for 6 internal NICs you should use a&nbsp;<SPAN>machine type</SPAN> with at least 32GB (<SPAN>8 vCPU, 4 core</SPAN>).</SPAN></P> <P><SPAN>For example, for E2 series you should choose the "<SPAN>e2-standard-8 (8 vCPU, 4 core, 32 GB memory)" machine type.</SPAN></SPAN></P> <P>&nbsp;</P> <P><SPAN>Thanks,</SPAN></P> <P><SPAN>Olga</SPAN></P> Tue, 01 Aug 2023 08:40:35 GMT https://community.checkpoint.com/t5/Cloud-Firewall/GCP-terraform-unable-to-deploy-cluster-sic/m-p/188223#M2 Olga-Miro 2023-08-01T08:40:35Z https://community.checkpoint.com/t5/Cloud-Firewall/GCP-terraform-unable-to-deploy-cluster-sic/m-p/188224#M3 <P>Hi&nbsp;<a href="https://community.checkpoint.com/t5/user/viewprofilepage/user-id/83218">@Olga-Miro</a>&nbsp; Thanks for quick reply.</P><P>Yesterday I succeded to change the vm machine to:&nbsp;</P><P>variable "machine_type" {<BR />type = string<BR />default = "n2-custom-8-16384"<BR />}</P><P>and now the GW is up and running.</P><P>thanks again.</P> Tue, 01 Aug 2023 08:46:08 GMT https://community.checkpoint.com/t5/Cloud-Firewall/GCP-terraform-unable-to-deploy-cluster-sic/m-p/188224#M3 oshrio 2023-08-01T08:46:08Z https://community.checkpoint.com/t5/Cloud-Firewall/GCP-terraform-unable-to-deploy-cluster-sic/m-p/188299#M4 <P>Great job!</P> Tue, 01 Aug 2023 16:25:25 GMT https://community.checkpoint.com/t5/Cloud-Firewall/GCP-terraform-unable-to-deploy-cluster-sic/m-p/188299#M4 the_rock 2023-08-01T16:25:25Z