This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Jeff_Engel
Employee
Employee
‎2022-10-24 09:54 AM
Jump to solution

Build Your Own POC (BYOPoC) - CloudGuard GWLB Reference Architecture

Hi Everyone,

We are starting a new initiative whereby we give everyone(customers, partners, Check Pointers, etc.) the ability to quickly and easily stand up an otherwise complex architecture featuring various CloudGuard products and product integrations using IaC.

In our first installment, we have built out an entire deployment of CloudGuard Network Security integrated with AWS Gateway Load Balancer with an AWS CloudFormation template and provided step-by-step instructions on the process.

This does assume that you have a lab and/or sandbox of some kind in order to build this environment in.

Please let us know what you think.  We have plans to do many of these and keep them updated.

CHECK POINT CLOUDGUARD NETWORK SECURITY - INTEGRATION WITH AWS GATEWAY LOAD BALANCER

CHKP-CGNS-GWLB-WorkshopArchitecture-Workshop+Final.drawio

 

Thanks!

Jeff Engel

CloudMates General 

Cloud Network Security 

CloudMates General
CloudMates General
Cloud Network Security
Cloud Network Security
(1)
1 Solution

Accepted Solutions
Bryan-Smith
Employee
Employee
‎2022-10-26 07:17 AM
In response to Jeff_Engel
Jump to solution

@Jeff_Engel - For some reason the Cloud Management Extension (CME) was not running on the manager as well. I had to run the following command to get the gateways to add to the Manager (SMS):

autoprov_cfg init AWS -mn "gwlb-management-server" -tn "gwlb-ASG-configuration" -otp "checkpoint" -ver R80.40 -po "AWS-TGW-ASG" -cn "AWSJAMS" -r "us-east-1" -ak XXXXXXXXXRTXD -sk XXXXXXXXXXXXXXXXXXXX

CME Structure and Configurations (checkpoint.com)

 

Helpful command for seeing CME logs in real-time --> tail -f /var/log/CPcme/cme.log

This probably isn't an issue if you are using R81.10-BYOL-WorkshopVersion AMI which might have the preconfigured CME config. Everything else seems to work great! Thanks for sharing.

 

I attached the Managment Server CFT that ran if it helps. 

 

View solution in original post

Preview file
26 KB
0 Kudos
6 Replies
Bryan-Smith
Employee
Employee
‎2022-10-25 09:55 AM
Jump to solution

@Jeff_Engel one thing to note you have to select an AMI that you are subscribed too. I did not have access to the AWS Jams "...

BYOL-WorkshopVersion" AMI. Just wanted to pass that along. If I come across anything else, I'll post it here. 
0 Kudos
Jeff_Engel
Employee
Employee
‎2022-10-25 09:40 PM
In response to Bryan-Smith
Jump to solution

Thanks for the feedback @Bryan-Smith!  I will get that added to the documentation.

0 Kudos
Bryan-Smith
Employee
Employee
‎2022-10-26 07:17 AM
In response to Jeff_Engel
Jump to solution

@Jeff_Engel - For some reason the Cloud Management Extension (CME) was not running on the manager as well. I had to run the following command to get the gateways to add to the Manager (SMS):

autoprov_cfg init AWS -mn "gwlb-management-server" -tn "gwlb-ASG-configuration" -otp "checkpoint" -ver R80.40 -po "AWS-TGW-ASG" -cn "AWSJAMS" -r "us-east-1" -ak XXXXXXXXXRTXD -sk XXXXXXXXXXXXXXXXXXXX

CME Structure and Configurations (checkpoint.com)

 

Helpful command for seeing CME logs in real-time --> tail -f /var/log/CPcme/cme.log

This probably isn't an issue if you are using R81.10-BYOL-WorkshopVersion AMI which might have the preconfigured CME config. Everything else seems to work great! Thanks for sharing.

 

I attached the Managment Server CFT that ran if it helps. 

 

Preview file
26 KB
0 Kudos
Jeff_Engel
Employee
Employee
‎2023-02-16 04:57 PM
In response to Bryan-Smith
Jump to solution

Just to follow up on this, I updated the workshop to support R81.20 and updated the CFT to include new launch templates now being deployed with all of our CFTs which may have resolved this issue as I did not have to do any post setup work to get it functioning.

Tested combinations:

- R81.20 Mgmt with R80.40 Gateways

- R81.20 Mgmt with R81.20 Gateways

0 Kudos
Jeff_Engel
Employee
Employee
‎2023-02-16 04:54 PM
Jump to solution

Hi Everyone,

Just a heads up that this workshop has been updated to support R81.20.

Please use this CFT to build this environment in your own subscription > CloudGuard/GWLB Workshop CFT

Jeff_Engel
Employee
Employee
‎2023-02-16 05:13 PM
In response to Jeff_Engel
Jump to solution

Also a reminder that you will need to subscribe to the following Check Point software listings(depending on desired deployment) within the AWS marketplace before running the CFT.

Check Point Security Management - BYOL

Check Point Security Management - PAYG

Check Point Security Gateways - R80.40 for Gateway Load Balancer - BYOL

Check Point Security Gateways - R80.40 for Gateway Load Balancer - PAYG

Check Point Security Gateways - R81.20 - BYOL

Check Point Security Gateways - R81.20 - PAYG

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
UPCOMING CLOUDMATES EVENTS
    All CloudMates Events