Create a Post
johnnyringo
Advisor

High Availability Cluster Launch in GCP without using Wizard?

Jump to solution

We're currently deploying a new CheckPoint R80.40 HA cluster each time we add a new GCP region, which is every 1-2 months.  I've noticed even after 3 years, the wizard is still a bit buggy/error prone.  I particular, it requires removing the default IP addresses from each interface, otherwise new networks will be created even when a pre-existing network has been selected:

gcp_existing_vpcnetworks.png

Also, if more networks existing in the project than are selected, there will be an error and all 6 internal interfaces must have networks defined even if only 1 is used:

gcp_single_internal_network.png

Is it possible to deploy the clusters/gateways via CLI, YAML file, or Terraform?  I'm trying to see if we can smooth out the process 

0 Kudos
1 Solution

Accepted Solutions
Nir_Shamir
Employee
Employee
0 Kudos
(1)
4 Replies
PhoneBoy
Admin
Admin

Not aware of a way to do this beyond the template in the GCP portal.
Have you reported the various issues with the template to TAC?
Also, have you tried R81.10, which is the current widely recommended version?

0 Kudos
johnnyringo
Advisor

Yeah, I can file a ticket but up to this point TAC has told us they can't support cloud deployments, even though we have Diamond support.  As you can probably guess, we were not happy this this response and have decided to look at other vendors.

I did a PoC for R81 last year and it was basically unusable.  We're currently standardized on R80.40 and the migration to R81 will likely not be until next year.  As you probably know, upgrading existing clusters is non-trivial as it requires them to be deleted and re-created, which means 1-2 hours downtime.  

0 Kudos
Nir_Shamir
Employee
Employee

Hi,

 

you can found Terraform templates here:

https://github.com/CheckPointSW/CloudGuardIaaS/tree/master/terraform/gcp

 

0 Kudos
(1)
johnnyringo
Advisor

Oh wow thanks!  Works great except it's not clear what to set 'image_name' to.  This is what worked for me for R80.40 HA BYOL:

image_name = "check-point-r8040-gw-byol-cluster-294-904-v20210715"
 
0 Kudos