Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Employee+
Employee+

custom-script example for autoprovision of autoscale gateways

Jump to solution

This file is to be used as an example for autoscale and VMSS groups that require custom settings on the gateway at provisioning time. These script rely on Check Point API and professional services are usually recommended for complex customizations.

1 Solution

Accepted Solutions

no, you should run directly clish -s -c 'set static-route' inside of provisioning script.

View solution in original post

0 Kudos
Reply
13 Replies
Contributor

Hi Javier,

thanks a lot!

So this script is for changing parts of the gateway objects.

Am I'm correct, that if I need to change parts in GAIA, I have to configure a bootstrap file? - like for adding different routes, adding users....?

How can I change or add this bootstrap file to an already existing VMSS? I mean, that future deployed (dynamic) gateways would have this settings?

Employee+
Employee+

Hi Carsten! Instead of using the azure bootstrap options, the way for VMSS is to use the same autoprovision configuration file at the Check Point management server. These custom settings are described in the following doc:

https://github.com/CheckPointSW/sddc

HTHs,

0 Kudos
Reply
Contributor

Hi @Javier_Hijas  , I am working on deploying a VMSS with MTA enabled on the Gateway firewall. Do you have any recommendation or experience with the same?? Any specific flag or setting on the custom script that I can use for the gateways being spinup by the VMSS. 

0 Kudos
Reply
Contributor

Thank you, but how do I use the script?

How looks the CLI syntax?

#> python monitor.pv file.json

...does not work

Contributor
Hi,
is there no solution or aren't there any examples how to execute the script?

Hi Carsten
for each template you can specify custom gateway script, like this:

autoprov-cfg set template -tn <templateName -cg "/home/admin/myscript.sh"
"Intranet": {
"application-control": true,
"custom-gateway-script": "/home/admin/myscript.sh",

and script can look like this:
#!/bin/bash
. /tmp/.CPprofile.sh
cd /home/admin/
echo "Downloanding config file..."
curl_cli -k -O https://10.223.227.31/azure.txt
clish -i -f /home/admin/config-azure.txt

In our case i've use it for rolling out system level settings per our standards and static routes..

Contributor
Hi Martin,
thanks, but where do I find the "-cg" option?

[...]
[Expert@cpmgmt:0]# autoprov-cfg init Azure -tn "autoprovisioning_template" -h
usage: autoprov-cfg init Azure [-h] -mn MANAGEMENT NAME -tn TEMPLATE NAME -otp
ONE TIME PASSWORD -ver
{R77.30,R80.10,R80.20,R80.30,R80.40} -po POLICY
-cn CONTROLLER NAME -sb SUBSCRIPTION
[-at SERVICE PRINCIPAL CREDENTIALS TENANT]
[-aci SERVICE PRINCIPAL CREDENTIALS CLIENT ID]
[-acs SERVICE PRINCIPAL CREDENTIALS CLIENT SECRET]
[-au AZURE USERNAME] [-ap AZURE PASSWORD]
[...]
0 Kudos
Reply
Hi, once you do init, you can then do "set template -tn abc -cg /home/script.sh"
0 Kudos
Reply
Explorer

Hi Martin,

 

can you share the script which you are using for adding routes ?

 

thanks.

0 Kudos
Reply

normally via "set static-route" command, those lines are part of script, which is run on gateway during provisioning.

0 Kudos
Reply
Explorer

Hi Martin,

thank you for reply. So the steps should looks like this:

 

 

1) In /home/admin directory I add a txt file "add_route.txt" with command inside:

set static-route 192.168.0.0/24 nexthop gateway address 10.0.0.1

2) Create a script run.sh

!/bin/bash
. /tmp/.CPprofile.sh
clish -i -f /home/admin/add_route.txt


3) autoprov-cfg set template -tn <templateName> -cg "/home/admin/run.sh

 

This will add a route to the gateway each time scaling occur ? right ?

0 Kudos
Reply

no, you should run directly clish -s -c 'set static-route' inside of provisioning script.

View solution in original post

0 Kudos
Reply
Explorer

it works. thank you Martin 🙂

 

 

0 Kudos
Reply