This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Cortez009
Participant
‎2025-07-05 06:27 AM
Jump to solution

Check point in Azure Virtual WAN upgrade

Hello. 

We have deployed the Check point in Virtual Wan managed application in Azure. This has deployed 2 NVAs with version R2. There is no way to configure the SKU, just the scale set number. So no way to configure the disk size. 

By default the partition layout provides 49gb and these are split between logs and root with 16gb unallocated. The logs partition is 10gb and 85% used. 

So how do we install hot fixes or patch upgrades on a system with not enough space out of a the box?

Do we need to deploy new Managed application with side by side on a newer version and change routing intent to use it? 

Microsoft have no access to the Managed Application. I have no access to see the NVAs in Azure so can't add disk space and boot into maintenance mode etc to increase the disk size. 

A bit stuck. Please help. 

Thanks in advance 

 

0 Kudos
1 Solution

Accepted Solutions
Cortez009
Participant
‎2025-07-08 08:48 AM
In response to Amir_Senn
Jump to solution

Understood — so just to confirm, it was Microsoft who approved the deployment of the Check Point image as a Managed Application in vWAN, despite the small disk size and the fact that neither the customer, Check Point, nor Microsoft has the ability to modify it to increase the disk size?

View solution in original post

0 Kudos
11 Replies
_Val_
Admin
Admin
‎2025-07-06 11:37 PM
Jump to solution

@Shay_Levin can you please advise?

0 Kudos
joerivang
Contributor
‎2025-07-07 01:07 AM
Jump to solution

I believe you need to trigger a scale out, then it will automatically scale in a new firewall with the latest version.

I believe its not recommended to do jhf upgrades on scalesets like you do on physical appliances or other deployment types.

0 Kudos
Cortez009
Participant
‎2025-07-07 02:46 AM
In response to joerivang
Jump to solution

Hi,

Thanks for you reply. 

So I have a few questions then please

1. How do we trigger a scale out, there doesn't seem to be a setting within Azure to perform this?

2. Even if we scale out how will the image be any different to what we have, we are already on R82

3. There is a reimage button in Azure Portal but I how do we know which image it will use, I presume it will be the same as what is already configured. 

Our issue here is not so much the Major releases but the version upgrades. We can't operate our firewalls in BAU without performing these hotfixes on a regular basis and with the current image provided by the Azure Marketplace we are unable to do this. 

Any further information how this is meant to work would be appreciated. 

0 Kudos
Amir_Senn
Employee
Employee
‎2025-07-07 09:02 AM
Jump to solution

Hi,

You need to perform side by side upgrade:

https://sc1.checkpoint.com/documents/IaaS/WebAdminGuides/EN/CP_CloudGuard_Network_for_Azure_vWAN/Con...

 

Kind regards, Amir Senn
0 Kudos
Cortez009
Participant
‎2025-07-07 10:43 AM
In response to Amir_Senn
Jump to solution

Thanks Amir for your response.

I have read that link before and yes I understand that to roll out a major release we would need to do it side by side and change routing intent however does the same apply to Hot fixes?

We are currently on R82 so there is no need to upgrade the version but we need a Jumbo Hotfix to comply with our security team and there is no space in /var/log to do this. 

These hotfixes come out every few months so how can we remain compliant on these patch versions?

0 Kudos
Amir_Senn
Employee
Employee
‎2025-07-08 01:05 AM
In response to Cortez009
Jump to solution

At the moment this is due to limitations from Microsoft.

Once this will be solved we'll be working on it. I believe we'll have this in the future.

Kind regards, Amir Senn
0 Kudos
Cortez009
Participant
‎2025-07-08 02:58 AM
In response to Amir_Senn
Jump to solution

Hi Amir,

Sorry but how is it a Microsoft limitation? The issue is the Image which is too small, or am I missing something?

If the image was big enough out of the gate, we would have enough space to deploy hotfixes. 

Thanks,

0 Kudos
Jeff_Engel
Employee
Employee
‎2025-07-08 06:57 AM
In response to Cortez009
Jump to solution

Hi @Cortez009 , I am checking with RnD on this.

0 Kudos
Cortez009
Participant
‎2025-07-08 08:48 AM
In response to Jeff_Engel
Jump to solution

thanks Jeff

0 Kudos
Amir_Senn
Employee
Employee
‎2025-07-08 06:57 AM
In response to Cortez009
Jump to solution

Unlike other solution, this is managed by Azure. If this was solely by CP I would say that you can use SK for adding more storage.

Kind regards, Amir Senn
0 Kudos
Cortez009
Participant
‎2025-07-08 08:48 AM
In response to Amir_Senn
Jump to solution

Understood — so just to confirm, it was Microsoft who approved the deployment of the Check Point image as a Managed Application in vWAN, despite the small disk size and the fact that neither the customer, Check Point, nor Microsoft has the ability to modify it to increase the disk size?

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
UPCOMING CLOUDMATES EVENTS
    All CloudMates Events