Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Javier_Hijas
Employee Alumnus
Employee Alumnus
Jump to solution

custom-script example for autoprovision of autoscale gateways

This file is to be used as an example for autoscale and VMSS groups that require custom settings on the gateway at provisioning time. These script rely on Check Point API and professional services are usually recommended for complex customizations.

1 Solution

Accepted Solutions
Martin_Valenta
Advisor

no, you should run directly clish -s -c 'set static-route' inside of provisioning script.

View solution in original post

0 Kudos
13 Replies
Carsten_R
Contributor

Hi Javier,

thanks a lot!

So this script is for changing parts of the gateway objects.

Am I'm correct, that if I need to change parts in GAIA, I have to configure a bootstrap file? - like for adding different routes, adding users....?

How can I change or add this bootstrap file to an already existing VMSS? I mean, that future deployed (dynamic) gateways would have this settings?

Javier_Hijas
Employee Alumnus
Employee Alumnus

Hi Carsten! Instead of using the azure bootstrap options, the way for VMSS is to use the same autoprovision configuration file at the Check Point management server. These custom settings are described in the following doc:

https://github.com/CheckPointSW/sddc

HTHs,

0 Kudos
Abhishek_Singh1
Contributor

Hi @Javier_Hijas  , I am working on deploying a VMSS with MTA enabled on the Gateway firewall. Do you have any recommendation or experience with the same?? Any specific flag or setting on the custom script that I can use for the gateways being spinup by the VMSS. 

0 Kudos
Carsten_R
Contributor

Thank you, but how do I use the script?

How looks the CLI syntax?

#> python monitor.pv file.json

...does not work

Carsten_R
Contributor
Hi,
is there no solution or aren't there any examples how to execute the script?
Martin_Valenta
Advisor

Hi Carsten
for each template you can specify custom gateway script, like this:

autoprov-cfg set template -tn <templateName -cg "/home/admin/myscript.sh"
"Intranet": {
"application-control": true,
"custom-gateway-script": "/home/admin/myscript.sh",

and script can look like this:
#!/bin/bash
. /tmp/.CPprofile.sh
cd /home/admin/
echo "Downloanding config file..."
curl_cli -k -O https://10.223.227.31/azure.txt
clish -i -f /home/admin/config-azure.txt

In our case i've use it for rolling out system level settings per our standards and static routes..

Carsten_R
Contributor
Hi Martin,
thanks, but where do I find the "-cg" option?

[...]
[Expert@cpmgmt:0]# autoprov-cfg init Azure -tn "autoprovisioning_template" -h
usage: autoprov-cfg init Azure [-h] -mn MANAGEMENT NAME -tn TEMPLATE NAME -otp
ONE TIME PASSWORD -ver
{R77.30,R80.10,R80.20,R80.30,R80.40} -po POLICY
-cn CONTROLLER NAME -sb SUBSCRIPTION
[-at SERVICE PRINCIPAL CREDENTIALS TENANT]
[-aci SERVICE PRINCIPAL CREDENTIALS CLIENT ID]
[-acs SERVICE PRINCIPAL CREDENTIALS CLIENT SECRET]
[-au AZURE USERNAME] [-ap AZURE PASSWORD]
[...]
0 Kudos
Martin_Valenta
Advisor
Hi, once you do init, you can then do "set template -tn abc -cg /home/script.sh"
0 Kudos
CPk3ra
Contributor

Hi Martin,

 

can you share the script which you are using for adding routes ?

 

thanks.

0 Kudos
Martin_Valenta
Advisor

normally via "set static-route" command, those lines are part of script, which is run on gateway during provisioning.

0 Kudos
CPk3ra
Contributor

Hi Martin,

thank you for reply. So the steps should looks like this:

 

 

1) In /home/admin directory I add a txt file "add_route.txt" with command inside:

set static-route 192.168.0.0/24 nexthop gateway address 10.0.0.1

2) Create a script run.sh

!/bin/bash
. /tmp/.CPprofile.sh
clish -i -f /home/admin/add_route.txt


3) autoprov-cfg set template -tn <templateName> -cg "/home/admin/run.sh

 

This will add a route to the gateway each time scaling occur ? right ?

0 Kudos
Martin_Valenta
Advisor

no, you should run directly clish -s -c 'set static-route' inside of provisioning script.

0 Kudos
CPk3ra
Contributor

it works. thank you Martin 🙂

 

 

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.