This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
johnnyringo
Advisor
‎2022-07-07 11:09 AM
Jump to solution

High Availability Cluster Launch in GCP without using Wizard?

We're currently deploying a new CheckPoint R80.40 HA cluster each time we add a new GCP region, which is every 1-2 months.  I've noticed even after 3 years, the wizard is still a bit buggy/error prone.  I particular, it requires removing the default IP addresses from each interface, otherwise new networks will be created even when a pre-existing network has been selected:

gcp_existing_vpcnetworks.png

Also, if more networks existing in the project than are selected, there will be an error and all 6 internal interfaces must have networks defined even if only 1 is used:

gcp_single_internal_network.png

Is it possible to deploy the clusters/gateways via CLI, YAML file, or Terraform?  I'm trying to see if we can smooth out the process 

0 Kudos
1 Solution

Accepted Solutions
Nir_Shamir
Employee Employee
Employee
‎2022-07-09 10:12 PM
Jump to solution

Hi,

 

you can found Terraform templates here:

https://github.com/CheckPointSW/CloudGuardIaaS/tree/master/terraform/gcp

 

View solution in original post

0 Kudos
(1)
4 Replies
PhoneBoy
Admin
Admin
‎2022-07-07 11:56 AM
Jump to solution

Not aware of a way to do this beyond the template in the GCP portal.
Have you reported the various issues with the template to TAC?
Also, have you tried R81.10, which is the current widely recommended version?

0 Kudos
johnnyringo
Advisor
‎2022-07-07 12:01 PM
In response to PhoneBoy
Jump to solution

Yeah, I can file a ticket but up to this point TAC has told us they can't support cloud deployments, even though we have Diamond support.  As you can probably guess, we were not happy this this response and have decided to look at other vendors.

I did a PoC for R81 last year and it was basically unusable.  We're currently standardized on R80.40 and the migration to R81 will likely not be until next year.  As you probably know, upgrading existing clusters is non-trivial as it requires them to be deleted and re-created, which means 1-2 hours downtime.  

0 Kudos
Nir_Shamir
Employee Employee
Employee
‎2022-07-09 10:12 PM
Jump to solution

Hi,

 

you can found Terraform templates here:

https://github.com/CheckPointSW/CloudGuardIaaS/tree/master/terraform/gcp

 

0 Kudos
(1)
johnnyringo
Advisor
‎2022-07-12 03:58 PM
In response to Nir_Shamir
Jump to solution

Oh wow thanks!  Works great except it's not clear what to set 'image_name' to.  This is what worked for me for R80.40 HA BYOL:

image_name = "check-point-r8040-gw-byol-cluster-294-904-v20210715"
 
0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
UPCOMING CLOUDMATES EVENTS
    All CloudMates Events