cancel
Showing results for 
Search instead for 
Did you mean: 
Post a Question
Highlighted
Admin
Admin

Ansible Demo with R80.20 Gateways and Management

@Ryan_Darst had originally created an Ansible Demo using R80.10 management and R77.30 gateways in AWS. I upgraded both the management and gateways in this demo to R80.20. This required changing Ryan's original demo a little bit. Herein, I provide the changes I made to make this work.

What this requires:

  • An Amazon Web Services account
  • An R80.20 Manager (I built it in AWS, but I assume you can use an on-premise one as well)
  • Ryan's original demo scripts, which include the instructions for building the demo environment.
  • The attached CheckMates-aws-vpc-create.yml file, which replaces the one included in Ryan's demo.

The complete changes made include:

  • Using R80.20 images for gateways instead of R77.30
  • Changed a few messages to say “CloudGuard” instead of vSEC
  • Using c5 instance types instead of c4 instances
  • Changes to the Security Groups applied to the instances

One change I highly recommend you make to vars_ohio.yml is to use blink_config to provision the Security Gateways. This reduces the amount of time it takes for the gateway instances to become viable. You can use something like the following:

gateway_cluster_member=false&ftw_sic_key=vpn12345&upload_info=true&download_info=true&admin_hash=<password_hash>' ; shutdown -r now;

Replace <password-hash> 

  • Using blink_config to provision the gateways
    • This is actually a change to vars_ohio.yml, replace the config_system line with something like:
    • blink_config -s 'gateway_cluster_member=false&ftw_sic_key=vpn12345&upload_info=true&download_info=true&admin_hash=$1$BW4mjz6R$80jxV2CLBVoFTI06AiQmu.' ; shutdown -r now;

One known issue:

  • At least for me, the CloudGuard autoprovisioning service isn't starting automatically. You can manually "start" it using the command service autoprovision restart from expert mode.