- CheckMates
- :
- Products
- :
- CloudMates Products
- :
- Cloud Network Security
- :
- Discussion
- :
- CloudGuard ASG AWS Gateway LB Transit GW - AWS CFT...
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Are you a member of CheckMates?
×- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
CloudGuard ASG AWS Gateway LB Transit GW - AWS CFT Error when launching stack with R80.40 for ASG SG
Hello everyone,
I am developing a lab to create Security Gateways with the AWS CFT for CloudGuard ASG Security Gateways AWS Gateway LB and Transit GW with a Mananagement Server.
I am choosing R80.40-BYOL for my ASG Security Gateways and R81.10-BYOL for the Management Server.
The goal is to create the environment with my Management Server and ASG Gateways to upgrade them both to R81.20.
This will then become a production activity with a customer.
I am using an AWS CFT yaml that I see from the workshop:
Check Point CloudGuard Network Security - Integration with AWS Gateway Load Balancer
YAML template is:
https://gwlb.s3.us-east-2.amazonaws.com/CGNS-GWLB-WS.yaml
The problem is, when I launch the stack with those values I mentioned (80.40-BYOL for my ASG Security Gateways and R81.10-BYOL for the Management Server.) the stack fails and the resources deletes due to a rollback action for CFT.
The error mentions something related to the stack failing due to a missing AMI resource:
In the AWS account subscriptions, I have Check Point products for Security Gateway and Management Server:
Is it possible that my deployment is failing because R80.40 is no longer available in the AMI repositories for these VMs for Security Gateways?
I know that R80.40 is out of support, I guess that is why it is failing but I would like to know if someone could give me some idea to investigate further.
Greetings to all!
- Labels:
-
AWS
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi Israelsc,
To my knowledge all our modern templates won't let you deploy R80.40 as it was removed from our templates.
I would also like to point out you are trying to deploy an ASG using a GWLB (Gateway load balancer) template, so that won't help you with the replication either.
The only path I can think of trying to execute such an environment is by going to EC2 > AMI in the AWS portal and searching for "R80.40" in the search bar under "public images" which will find you R80.40 images. However this will not deploy a ASG automatically and you will have to play around to make it work. (Unfortunately this is a bit outside of the scope to provide further steps)
BR,
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi Israelsc,
Your assumptions are correct, the deployment fails because R80.40 is no longer supported.
You can search for R80.40 AMI under "public images", and then insert the AMI ID in the dedicated field in the CFT ("ImageId"). That way the CFT won't search for the AMI dynamically, but will have it hard-coded.
Let me know if you need help with the CFT modification.
Best regards,
Noam Cohen
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hello @noamcoh
Thank you very much for your comments.
It makes a lot of sense to me what you comment, maybe “harcoding” the AMI ID of R80.40 in the CFT can solve the problem when trying to launch the template.
I review in the AWS Marketplace and I see this information for the AMI:
Ami Id: ami-03a6e51a7f4357779
Ami Alias: /aws/service/marketplace/prod-sip6fjeetm76y/r80.40-294.1564
Product Code: 263gtcd87e2xefwbacsdwvorx
I don't see the “ImageId” parameter in the CFT
Sorry for the inconvenience, could you help me with the modification of the CFT or guide me how to do it?
This is the base CFT: https://gwlb.s3.us-east-2.amazonaws.com/CGNS-GWLB-WS.yaml
This was extracted from the workshop: Check Point CloudGuard Network Security - Integration with AWS Gateway Load Balancer
If you could share with me some email or some way to contact you, that would be great!
Greetings!
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi Israelsc,
I sent you a private message with email to contact us.
Thanks,
Noam
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hello @noamcoh
Thank you very much I replied to your private message and I have sent you an email.
I hope you could please help me, I would appreciate it very much.
Greetings!