cancel
Showing results for 
Search instead for 
Did you mean: 
Create a Post
Employee+
Employee+

custom-script example for autoprovision of autoscale gateways

This file is to be used as an example for autoscale and VMSS groups that require custom settings on the gateway at provisioning time. These script rely on Check Point API and professional services are usually recommended for complex customizations.

8 Replies
Carsten_R
Nickel

Re: custom-script example for autoprovision of autoscale gateways

Hi Javier,

thanks a lot!

So this script is for changing parts of the gateway objects.

Am I'm correct, that if I need to change parts in GAIA, I have to configure a bootstrap file? - like for adding different routes, adding users....?

How can I change or add this bootstrap file to an already existing VMSS? I mean, that future deployed (dynamic) gateways would have this settings?

Employee+
Employee+

Re: custom-script example for autoprovision of autoscale gateways

Hi Carsten! Instead of using the azure bootstrap options, the way for VMSS is to use the same autoprovision configuration file at the Check Point management server. These custom settings are described in the following doc:

https://github.com/CheckPointSW/sddc

HTHs,

0 Kudos

Re: custom-script example for autoprovision of autoscale gateways

Hi @Javier_Hijas  , I am working on deploying a VMSS with MTA enabled on the Gateway firewall. Do you have any recommendation or experience with the same?? Any specific flag or setting on the custom script that I can use for the gateways being spinup by the VMSS. 

0 Kudos
Highlighted
Carsten_R
Nickel

Re: custom-script example for autoprovision of autoscale gateways

Thank you, but how do I use the script?

How looks the CLI syntax?

#> python monitor.pv file.json

...does not work

Carsten_R
Nickel

Re: custom-script example for autoprovision of autoscale gateways

Hi,
is there no solution or aren't there any examples how to execute the script?

Re: custom-script example for autoprovision of autoscale gateways

Hi Carsten
for each template you can specify custom gateway script, like this:

autoprov-cfg set template -tn <templateName -cg "/home/admin/myscript.sh"
"Intranet": {
"application-control": true,
"custom-gateway-script": "/home/admin/myscript.sh",

and script can look like this:
#!/bin/bash
. /tmp/.CPprofile.sh
cd /home/admin/
echo "Downloanding config file..."
curl_cli -k -O https://10.223.227.31/azure.txt
clish -i -f /home/admin/config-azure.txt

In our case i've use it for rolling out system level settings per our standards and static routes..

Carsten_R
Nickel

Re: custom-script example for autoprovision of autoscale gateways

Hi Martin,
thanks, but where do I find the "-cg" option?

[...]
[Expert@cpmgmt:0]# autoprov-cfg init Azure -tn "autoprovisioning_template" -h
usage: autoprov-cfg init Azure [-h] -mn MANAGEMENT NAME -tn TEMPLATE NAME -otp
ONE TIME PASSWORD -ver
{R77.30,R80.10,R80.20,R80.30,R80.40} -po POLICY
-cn CONTROLLER NAME -sb SUBSCRIPTION
[-at SERVICE PRINCIPAL CREDENTIALS TENANT]
[-aci SERVICE PRINCIPAL CREDENTIALS CLIENT ID]
[-acs SERVICE PRINCIPAL CREDENTIALS CLIENT SECRET]
[-au AZURE USERNAME] [-ap AZURE PASSWORD]
[...]
0 Kudos

Re: custom-script example for autoprovision of autoscale gateways

Hi, once you do init, you can then do "set template -tn abc -cg /home/script.sh"
0 Kudos