Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Marcel_M
Contributor

azure terraform standalone deployment

Hello,

I would like to deploy standalone Check Point cloud guard iaas standalone firewall with terraform.

In the official github of check point I just found vmss and ha deployments:

CloudGuardIaaS/terraform/azure at master · CheckPointSW/CloudGuardIaaS (github.com)

 

Has anyone a stanalone terraform script and can share it? 

Or can someone of Check Point maybe upload a stanalone terraform file ?

Some help here would be very nice.

10 Replies
_Val_
Admin
Admin

@Shay_Levin anything you can think of?

0 Kudos
Shay_Levin
Admin
Admin

Hi, 

We don't have one yet, but i will work on it.

Can't commit to a delivery date, I will publish it by the end of the month.

(1)
Shay_Levin
Admin
Admin

Hi Marcel, 

As I promised, the terraform for standalone/gateway is ready and attached to this reply.

It will be added to the official GitHub once it would be verified by R&D.

Just change the credentials in the terraform.tfstate file and give it a try.

 

 

Marcel_M
Contributor

Great thank you very much @Shay_Levin . I will try it and let you know how it worked.

THX alot

0 Kudos
Marcel_M
Contributor

Hi,

I added the following lines, to accept the Marketplace agreement, without the deployment failed:

resource "azurerm_marketplace_agreement" "checkpoint" {
  publisher = "checkpoint"
  offer     = "check-point-cg-r8040"
  plan      = "sg-byol"
}

resource "azurerm_virtual_machine" "sg-vm-instance" {
  depends_on = [
    azurerm_marketplace_agreement.checkpoint,
    azurerm_network_interface.nic1,
Marcel_M
Contributor

also 

 

  enable_ip_forwarding          = true
Brede_Jensen
Explorer
Explorer

I am not able to get this deployment of a singel gateway to work.

Error: Unsupported attribute

  on modules/vnet/main.tf line 48, in resource "azurerm_route_table" "frontend":

  48:     address_prefix = azurerm_subnet.subnet[0].address_prefix

This object has no argument, nested block, or exported attribute named "address_prefix". Did you mean "address_prefixes"?

 

And there is no new update in the official github of check point

Is there planed to add a update that will work on R81.10 deployment ?

0 Kudos
Dmitrytc
Employee
Employee

Hi @Brede_Jensen ,

I managed to get the attached template working by the versions.tf that we support currently (Can be obtained from GitHub as well):

terraform {
  required_version = ">= 0.14.3"
  required_providers {
    azurerm = {
      source  = "hashicorp/azurerm"
      version = "~> 2.92.0"
    }
    random = {
      version = "~> 2.2.1"
    }
  }
}

After changing the file as above, run the terraform init -upgrade command.

We plan to release in the near future a single gateway template, and the supported versions will be the same as the rest of the templates. 

Best regards,

Dima.

 

 

Daniel_Kavan
Advisor
Advisor

Thanks, I was under the impression you couldn't have a consolidated standalone (manager & gw) on the cloud.

0 Kudos
the_rock
Legend
Legend

Its is definitely supported. I would not recommend it personally.

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.