This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Gustavo_Coronel
Employee
Employee
‎2024-01-16 07:49 PM
Jump to solution

Public Cloud Sample Terraform Labs

I will be placing my collection of terraform labs in this space for anyone that wishes to download and use them.

Azure and AWS labs will be uploaded first. GCP and OCI will be coming a bit later.

Feel free to check the space from time to time for newer updated versions, as I may add new functionality, correct issues, or upload updated instructions on how to use the labs over time.

NOTE: These are NOT "official" Check Point Labs and are NOT supported by TAC. These are not meant to be used as part of a production environment. They are meant for practicing and learning to use, patch, upgrade and connect CloudGuard solutions in Public Cloud.

I will be the primary point of support. Please let me know about any errors or issues you find as the code may run a bit different depending on the environment and the limitations of the credentials being used.

Gustavo (Gus) Coronel

2 Solutions

Accepted Solutions
Sunny_Gill
Employee
Employee
‎2024-01-17 02:55 AM
Jump to solution

Looking forward to it! Do you happen to know how in terraform we can get the gateway to automatically connect to a Smart-1 Cloud tenant? Stuggling to find any reference

View solution in original post

0 Kudos
Gustavo_Coronel
Employee
Employee
‎2024-03-04 03:37 PM
In response to Antonio_Opromol
Jump to solution

Hi Antonio,
 
The single gateway terraform playbooks do Not configure port 8117 on the gateways. 
Only the HA cluster and VMSS playbooks do. 
Yes. There is a terraform playbook that deploys HA clusters.
The health check parameter is not built into the image, it is configured by the cloud init part of the deployment. 
Do not try to build a cluster by deploying single gateways. Use the HA cluster playbooks instead. 
I know I am a bit late in uploading my labs, but you do not need my "lab" playbooks if all you are doing is deploying an HA cluster. The official Check Point Terraform playbooks are here: https://github.com/CheckPointSW/CloudGuardIaaS/tree/master/terraform/azure
Gus

View solution in original post

0 Kudos
6 Replies
Sunny_Gill
Employee
Employee
‎2024-01-17 02:55 AM
Jump to solution

Looking forward to it! Do you happen to know how in terraform we can get the gateway to automatically connect to a Smart-1 Cloud tenant? Stuggling to find any reference

0 Kudos
Rivka-Strilitz
Employee
Employee
‎2024-01-20 11:56 PM
In response to Sunny_Gill
Jump to solution

You can input the S1C token to enable S1C functionality, but it won't automatically establish a connection to a gateway in the Infinity Portal.
If you're interested in autoscaling gateways, you can utilize CME for that purpose 

0 Kudos
cdav
Contributor
‎2024-03-28 05:50 AM
In response to Sunny_Gill
Jump to solution

I am also interested in the answer to this - assuming its for auto scaled gateways connecting to infinity/smart1

0 Kudos
Antonio_Opromol
Contributor
‎2024-02-29 07:19 AM
Jump to solution

Hi Gustavo, when I deploy the CloudGuard Cluster HA solution with Terraform in manner identical to yours, the GWs don't respond to internal and external LB probes because the parameter cloud_balancer_port=8117" is not present in default $FWDIR/boot/modules/fwkern.conf.

I suppose that the Azure image for Cluster HA has already this parameter by default.

Is it possible to install from the Azure image for Cluster HA also from Terraform or I can only use the single gateway templates and the adjust the parameter? Is there a way to automate in Terraform this change during provisioning of the two GWs?

Gustavo_Coronel
Employee
Employee
‎2024-03-04 03:37 PM
In response to Antonio_Opromol
Jump to solution

Hi Antonio,
 
The single gateway terraform playbooks do Not configure port 8117 on the gateways. 
Only the HA cluster and VMSS playbooks do. 
Yes. There is a terraform playbook that deploys HA clusters.
The health check parameter is not built into the image, it is configured by the cloud init part of the deployment. 
Do not try to build a cluster by deploying single gateways. Use the HA cluster playbooks instead. 
I know I am a bit late in uploading my labs, but you do not need my "lab" playbooks if all you are doing is deploying an HA cluster. The official Check Point Terraform playbooks are here: https://github.com/CheckPointSW/CloudGuardIaaS/tree/master/terraform/azure
Gus
0 Kudos
Antonio_Opromol
Contributor
‎2024-03-05 12:55 AM
In response to Gustavo_Coronel
Jump to solution

Thanks Gustavo for your answer, but my code is identical to the HA cluster playbook (I've copied the code from the public github repository) and installation_type is "cluster" and not single gateway, the only difference is that I'm using version r81.20 and not 81.10. The cluster goes up and after the deployment, if I loog on the two cluster members at the file $FWDIR/boot/modules/fwkern.conf , there is only the entry cloud_balancer_ip1=0xa83f8110 and is missing the entry cloud_balancer_port=8117.

Than I've found a solution sk171584 that is not recently but give an answer that I've follow, but if in you case works well, probally is the version of the images? 

Thanks for your precious time.

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
UPCOMING CLOUDMATES EVENTS
    All CloudMates Events