Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Jeff_Engel
Employee
Employee
Jump to solution

Build Your Own POC (BYOPoC) - CloudGuard GWLB Reference Architecture

Hi Everyone,

We are starting a new initiative whereby we give everyone(customers, partners, Check Pointers, etc.) the ability to quickly and easily stand up an otherwise complex architecture featuring various CloudGuard products and product integrations using IaC.

In our first installment, we have built out an entire deployment of CloudGuard Network Security integrated with AWS Gateway Load Balancer with an AWS CloudFormation template and provided step-by-step instructions on the process.

This does assume that you have a lab and/or sandbox of some kind in order to build this environment in.

Please let us know what you think.  We have plans to do many of these and keep them updated.

CHECK POINT CLOUDGUARD NETWORK SECURITY - INTEGRATION WITH AWS GATEWAY LOAD BALANCER

CHKP-CGNS-GWLB-WorkshopArchitecture-Workshop+Final.drawio

 

Thanks!

Jeff Engel

CloudMates General 

Cloud Network Security 

(1)
1 Solution

Accepted Solutions
Bryan-Smith
Employee
Employee

@Jeff_Engel - For some reason the Cloud Management Extension (CME) was not running on the manager as well. I had to run the following command to get the gateways to add to the Manager (SMS):

autoprov_cfg init AWS -mn "gwlb-management-server" -tn "gwlb-ASG-configuration" -otp "checkpoint" -ver R80.40 -po "AWS-TGW-ASG" -cn "AWSJAMS" -r "us-east-1" -ak XXXXXXXXXRTXD -sk XXXXXXXXXXXXXXXXXXXX

CME Structure and Configurations (checkpoint.com)

 

Helpful command for seeing CME logs in real-time --> tail -f /var/log/CPcme/cme.log

This probably isn't an issue if you are using R81.10-BYOL-WorkshopVersion AMI which might have the preconfigured CME config. Everything else seems to work great! Thanks for sharing.

 

I attached the Managment Server CFT that ran if it helps. 

 

View solution in original post

0 Kudos
6 Replies
Bryan-Smith
Employee
Employee

@Jeff_Engel one thing to note you have to select an AMI that you are subscribed too. I did not have access to the AWS Jams "...

BYOL-WorkshopVersion" AMI. Just wanted to pass that along. If I come across anything else, I'll post it here. 
0 Kudos
Jeff_Engel
Employee
Employee

Thanks for the feedback @Bryan-Smith!  I will get that added to the documentation.

0 Kudos
Bryan-Smith
Employee
Employee

@Jeff_Engel - For some reason the Cloud Management Extension (CME) was not running on the manager as well. I had to run the following command to get the gateways to add to the Manager (SMS):

autoprov_cfg init AWS -mn "gwlb-management-server" -tn "gwlb-ASG-configuration" -otp "checkpoint" -ver R80.40 -po "AWS-TGW-ASG" -cn "AWSJAMS" -r "us-east-1" -ak XXXXXXXXXRTXD -sk XXXXXXXXXXXXXXXXXXXX

CME Structure and Configurations (checkpoint.com)

 

Helpful command for seeing CME logs in real-time --> tail -f /var/log/CPcme/cme.log

This probably isn't an issue if you are using R81.10-BYOL-WorkshopVersion AMI which might have the preconfigured CME config. Everything else seems to work great! Thanks for sharing.

 

I attached the Managment Server CFT that ran if it helps. 

 

0 Kudos
Jeff_Engel
Employee
Employee

Just to follow up on this, I updated the workshop to support R81.20 and updated the CFT to include new launch templates now being deployed with all of our CFTs which may have resolved this issue as I did not have to do any post setup work to get it functioning.

Tested combinations:

- R81.20 Mgmt with R80.40 Gateways

- R81.20 Mgmt with R81.20 Gateways

0 Kudos
Jeff_Engel
Employee
Employee

Hi Everyone,

Just a heads up that this workshop has been updated to support R81.20.

Please use this CFT to build this environment in your own subscription > CloudGuard/GWLB Workshop CFT

Jeff_Engel
Employee
Employee
0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.