@Ryan_Darst had originally created an Ansible Demo using R80.10 management and R77.30 gateways in AWS. I upgraded both the management and gateways in this demo to R80.20. This required changing Ryan's original demo a little bit. Herein, I provide the changes I made to make this work.

What this requires:

• An Amazon Web Services account
• An R80.20 Manager (I built it in AWS, but I assume you can use an on-premise one as well)
• Ryan's original demo scripts, which include the instructions for building the demo environment.
• The attached CheckMates-aws-vpc-create.yml file, which replaces the one included in Ryan's demo.

The complete changes made include:

• Using R80.20 images for gateways instead of R77.30
• Changed a few messages to say “CloudGuard” instead of vSEC
• Using c5 instance types instead of c4 instances
• Changes to the Security Groups applied to the instances

One change I highly recommend you make to vars_ohio.yml is to use blink_config to provision the Security Gateways. This reduces the amount of time it takes for the gateway instances to become viable. You can use something like the following:

gateway_cluster_member=false&ftw_sic_key=vpn12345&upload_info=true&download_info=true&admin_hash=<password_hash>' ; shutdown -r now;

Replace <password-hash> 

• Using blink_config to provision the gateways
  • This is actually a change to vars_ohio.yml, replace the config_system line with something like:
  • blink_config -s 'gateway_cluster_member=false&ftw_sic_key=vpn12345&upload_info=true&download_info=true&admin_hash=$1$BW4mjz6R$80jxV2CLBVoFTI06AiQmu.' ; shutdown -r now;

One known issue:

• At least for me, the CloudGuard autoprovisioning service isn't starting automatically. You can manually "start" it using the command service autoprovision restart from expert mode.