https://community.checkpoint.com/t5/Cloud-Firewall/Amazon-AWS-quot-Auto-Scale-Group-Existing-Centralized-VPC-for/m-p/240909#M5223 <P>Greetings,</P> <P>&nbsp;</P> <P>Im trying to deploy a Check Point Network Security (IaaS) Auto Scaling Group in Amazon AWS, its getting deployed within a inspection VPC, and its going to be east-west (within AWS) inspection only, and the customer already has a Transit Gateway and GWLB deployed.</P> <P>Management has already been moved from on-premise VMWare ESXi to AWS, its currently running on a r6i.xlarge instance, same with the dedicated log server/smart event, has also been moved and is running on a r6i.xlarge instance.</P> <P>&nbsp;</P> <P>Facing some issues when attempting to deploy this auto-scaling group, the "Auto Scale Group - Existing Centralized VPC for Transit Gateway", aka "tgw-gwlb.yaml" cloud formation template enforces the creation of new NAT Gateways and GWLB, and I cant seem to find any way aroud this?</P> <P>&nbsp;</P> <P>Could anyone give me any pointers here? Cant seem to locate any cloud formation or any other AWS templates that would allow me to simply create a Auto-Scaling group and have it attached to existing Transit Gateway and GWLB?</P> <P>Would the easiest way to just have let the template create a TGW and NAT GWs, and simply delete them afterwards? Why are NAT GWs a requirement? Why would those be needed unless you want the auto-scaling group to do north-south traffic?</P> Tue, 11 Feb 2025 14:48:38 GMT RamGuy239 2025-02-11T14:48:38Z https://community.checkpoint.com/t5/Cloud-Firewall/Amazon-AWS-quot-Auto-Scale-Group-Existing-Centralized-VPC-for/m-p/240909#M5223 <P>Greetings,</P> <P>&nbsp;</P> <P>Im trying to deploy a Check Point Network Security (IaaS) Auto Scaling Group in Amazon AWS, its getting deployed within a inspection VPC, and its going to be east-west (within AWS) inspection only, and the customer already has a Transit Gateway and GWLB deployed.</P> <P>Management has already been moved from on-premise VMWare ESXi to AWS, its currently running on a r6i.xlarge instance, same with the dedicated log server/smart event, has also been moved and is running on a r6i.xlarge instance.</P> <P>&nbsp;</P> <P>Facing some issues when attempting to deploy this auto-scaling group, the "Auto Scale Group - Existing Centralized VPC for Transit Gateway", aka "tgw-gwlb.yaml" cloud formation template enforces the creation of new NAT Gateways and GWLB, and I cant seem to find any way aroud this?</P> <P>&nbsp;</P> <P>Could anyone give me any pointers here? Cant seem to locate any cloud formation or any other AWS templates that would allow me to simply create a Auto-Scaling group and have it attached to existing Transit Gateway and GWLB?</P> <P>Would the easiest way to just have let the template create a TGW and NAT GWs, and simply delete them afterwards? Why are NAT GWs a requirement? Why would those be needed unless you want the auto-scaling group to do north-south traffic?</P> Tue, 11 Feb 2025 14:48:38 GMT https://community.checkpoint.com/t5/Cloud-Firewall/Amazon-AWS-quot-Auto-Scale-Group-Existing-Centralized-VPC-for/m-p/240909#M5223 RamGuy239 2025-02-11T14:48:38Z https://community.checkpoint.com/t5/Cloud-Firewall/Amazon-AWS-quot-Auto-Scale-Group-Existing-Centralized-VPC-for/m-p/240954#M5224 <P>Hi,</P> <P>Speaking from experience, the best way is to deploy the template as it is and then remove the components you don't need like NAT GW's , Internet GW's etc.</P> <P>NAT GW's are not a must but they are within our templates for simple deployments.&nbsp;</P> Tue, 11 Feb 2025 20:29:50 GMT https://community.checkpoint.com/t5/Cloud-Firewall/Amazon-AWS-quot-Auto-Scale-Group-Existing-Centralized-VPC-for/m-p/240954#M5224 Nir_Shamir 2025-02-11T20:29:50Z