diff --git a/azure/templates/marketplace-gateway-load-balancer/createUiDefinition.json b/azure/templates/marketplace-gateway-load-balancer/createUiDefinition.json
index f4d31992..54fd25cc 100644
--- a/azure/templates/marketplace-gateway-load-balancer/createUiDefinition.json
+++ b/azure/templates/marketplace-gateway-load-balancer/createUiDefinition.json
@@ -1120,7 +1120,7 @@
}
},
{
- "visible": "[bool(basics('auth').sshPublicKey)]",
+ "visible": "[bool(basics('auth').sshPublicKey)]",
"name": "EnableSerialConsolePassword",
"type": "Microsoft.Common.OptionsGroup",
"label": "Enable Serial console password",
@@ -1160,14 +1160,14 @@
{
"name": "MaintenanceModeInfoBox",
"type": "Microsoft.Common.InfoBox",
- "visible": "[and(bool(basics('auth').password), not(contains('R80.40 R81 R81.10', steps('chkp').cloudGuardVersion)))]",
+ "visible": "[and(bool(basics('auth').password), not(contains('R81.10', steps('chkp').cloudGuardVersion)))]",
"options": {
"icon": "Info",
"text": "Check Point recommends setting a maintenance-mode password for recovery purposes."
}
},
{
- "visible": "[not(contains('R80.40 R81 R81.10', steps('chkp').cloudGuardVersion))]",
+ "visible": "[not(contains('R81.10', steps('chkp').cloudGuardVersion))]",
"name": "EnableMaintenanceMode",
"type": "Microsoft.Common.OptionsGroup",
"label": "Enable Maintenance Mode",
@@ -1187,7 +1187,7 @@
}
},
{
- "visible": "[and(not(contains('R80.40 R81 R81.10', steps('chkp').cloudGuardVersion)), steps('chkp').EnableMaintenanceMode)]",
+ "visible": "[and(not(contains('R81.10', steps('chkp').cloudGuardVersion)), steps('chkp').EnableMaintenanceMode)]",
"name": "MaintenanceModePassword",
"type": "Microsoft.Common.PasswordBox",
"defaultValue": "",
@@ -1244,7 +1244,7 @@
"type": "Microsoft.Common.OptionsGroup",
"label": "VM disk type",
"toolTip": "Type of CloudGuard disk.",
- "visible": "[not(contains('R80.40 R81 R81.10' , steps('chkp').cloudGuardVersion))]",
+ "visible": "[not(contains('R81.10' , steps('chkp').cloudGuardVersion))]",
"defaultValue": "Premium",
"constraints": {
"allowedValues": [
@@ -1264,7 +1264,7 @@
"type": "Microsoft.Common.OptionsGroup",
"label": "VM disk type",
"toolTip": "Type of CloudGuard disk.",
- "visible": "[contains('R80.40 R81 R81.10' , steps('chkp').cloudGuardVersion)]",
+ "visible": "[contains('R81.10' , steps('chkp').cloudGuardVersion)]",
"defaultValue": "Standard",
"constraints": {
"allowedValues": [
@@ -1289,7 +1289,7 @@
"regex": "^([0-9]|[1-9][0-9]|[1-9][0-9][0-9]|[1-2][0-9][0-9][0-9]|3[0-8][0-9][0-9]|399[0-5])$",
"validationMessage": "Select a number between 0 and 3995"
},
- "visible": "[not(contains('R80.40 R81 R81.10 R81.20', steps('chkp').cloudGuardVersion))]"
+ "visible": "[not(contains('R81.10 R81.20', steps('chkp').cloudGuardVersion))]"
},
{
"name": "useCustomImageUri",
@@ -1494,7 +1494,7 @@
"bootstrapScript": "[steps('chkp').bootstrapScript]",
"allowDownloadFromUploadToCheckPoint": "[coalesce(steps('chkp').allowUploadDownload, 'true')]",
"additionalDiskSizeGB": "[int(steps('chkp').additionalDiskSizeGB)]",
- "diskType": "[if(contains('R80.40 R81 R81.10' , steps('chkp').cloudGuardVersion) , steps('chkp').VMDiskTypeOldVersions , steps('chkp').VMDiskType)]",
+ "diskType": "[if(contains('R81.10' , steps('chkp').cloudGuardVersion) , steps('chkp').VMDiskTypeOldVersions , steps('chkp').VMDiskType)]",
"sourceImageVhdUri": "[coalesce(steps('chkp').sourceImageVhdUri, 'noCustomUri')]",
"virtualNetworkName": "[steps('network').virtualNetwork.name]",
"virtualNetworkAddressPrefix": "[steps('network').virtualNetwork.addressPrefix]",
@@ -1513,4 +1513,4 @@
"MaintenanceModePasswordHash": "[steps('chkp').MaintenanceModePassword]"
}
}
-}
+}
\ No newline at end of file
diff --git a/azure/templates/marketplace-gateway-load-balancer/mainTemplate.json b/azure/templates/marketplace-gateway-load-balancer/mainTemplate.json
index f67243e6..f9db5e37 100644
--- a/azure/templates/marketplace-gateway-load-balancer/mainTemplate.json
+++ b/azure/templates/marketplace-gateway-load-balancer/mainTemplate.json
@@ -401,20 +401,20 @@
"metadata": {
"description": "Add Storage Account IP rules that allow access to the Serial Console only for IPs based on their geographic location, based on https://learn.microsoft.com/en-us/troubleshoot/azure/virtual-machines/serial-console-linux#use-serial-console-with-custom-boot-diagnostics-storage-account-firewall-enabled"
},
- "defaultValue" : false
+ "defaultValue": false
},
- "storageAccountAdditionalIps":{
+ "storageAccountAdditionalIps": {
"type": "array",
"metadata": {
"description": "IPs/CIDRs that are allowed access to the Storage Account"
},
- "defaultValue" : []
+ "defaultValue": []
}
},
"variables": {
"resourceGroup": "[resourceGroup()]",
"templateName": "gwlb",
- "templateVersion": "20230910",
+ "templateVersion": "20240716",
"location": "[parameters('location')]",
"offers": {
"R81.10 - Bring Your Own License": "BYOL",
@@ -435,58 +435,209 @@
},
"osVersion": "[variables('osVersions')[parameters('cloudGuardVersion')]]",
"SerialConsoleGeographies": {
- "eastasia" : ["20.205.69.28", "20.195.85.180"],
- "southeastasia" : ["20.205.69.28", "20.195.85.180"],
- "australiacentral" : ["20.53.53.224", "20.70.222.112"],
- "australiacentral2" : ["20.53.53.224", "20.70.222.112"],
- "australiaeast" : ["20.53.53.224", "20.70.222.112"],
- "australiasoutheast" : ["20.53.53.224", "20.70.222.112"],
- "brazilsouth" : ["91.234.136.63", "20.206.0.194"],
- "brazilsoutheast" : ["91.234.136.63", "20.206.0.194"],
- "canadacentral" : ["52.228.86.177", "52.242.40.90"],
- "canadaeast" : ["52.228.86.177", "52.242.40.90"],
- "northeurope" : ["52.146.139.220", "20.105.209.72"],
- "westeurope" : ["52.146.139.220", "20.105.209.72"],
- "francecentral" : ["20.111.0.244", "52.136.191.10"],
- "francesouth" : ["20.111.0.244", "52.136.191.10"],
- "germanynorth" : ["51.116.75.88", "20.52.95.48"],
- "germanywestcentral" : ["51.116.75.88", "20.52.95.48"],
- "centralindia" : ["20.192.168.150", "20.192.153.104"],
- "southindia" : ["20.192.168.150", "20.192.153.104"],
- "westindia" : ["20.192.168.150", "20.192.153.104"],
- "japaneast" : ["20.43.70.205", "20.189.228.222"],
- "japanwest" : ["20.43.70.205", "20.189.228.222"],
- "koreacentral" : ["20.200.196.96", "52.147.119.29"],
- "koreasouth" : ["20.200.196.96", "52.147.119.29"],
- "norwaywest" : ["20.100.1.184", "51.13.138.76"],
- "norwayeast" : ["20.100.1.184", "51.13.138.76"],
- "switzerlandnorth" : ["20.208.4.98", "51.107.251.190"],
- "switzerlandwest" : ["20.208.4.98", "51.107.251.190"],
- "uaecentral" : ["20.45.95.66", "20.38.141.5"],
- "uaenorth" : ["20.45.95.66", "20.38.141.5"],
- "uksouth" : ["20.90.132.144", "20.58.68.62"],
- "ukwest" : ["20.90.132.144", "20.58.68.62"],
- "swedencentral" : ["51.12.72.223", "51.12.22.174"],
- "swedensouth" : ["51.12.72.223", "51.12.22.174"],
- "centralus" : ["20.98.146.84", "20.98.194.64", "20.69.5.162", "20.83.222.102"],
- "eastus2" : ["20.98.146.84", "20.98.194.64", "20.69.5.162", "20.83.222.102"],
- "eastus" : ["20.98.146.84", "20.98.194.64", "20.69.5.162", "20.83.222.102"],
- "northcentralus" : ["20.98.146.84", "20.98.194.64", "20.69.5.162", "20.83.222.102"],
- "southcentralus" : ["20.98.146.84", "20.98.194.64", "20.69.5.162", "20.83.222.102"],
- "westus2" : ["20.98.146.84", "20.98.194.64", "20.69.5.162", "20.83.222.102"],
- "westus3" : ["20.98.146.84", "20.98.194.64", "20.69.5.162", "20.83.222.102"],
- "westcentralus" : ["20.98.146.84", "20.98.194.64", "20.69.5.162", "20.83.222.102"],
- "westus" : ["20.98.146.84", "20.98.194.64", "20.69.5.162", "20.83.222.102"],
- "eastus2euap" : ["20.45.242.18", "20.51.21.252"],
- "centraluseuap" : ["20.45.242.18", "20.51.21.252"]},
+ "eastasia": [
+ "20.205.69.28",
+ "20.195.85.180"
+ ],
+ "southeastasia": [
+ "20.205.69.28",
+ "20.195.85.180"
+ ],
+ "australiacentral": [
+ "20.53.53.224",
+ "20.70.222.112"
+ ],
+ "australiacentral2": [
+ "20.53.53.224",
+ "20.70.222.112"
+ ],
+ "australiaeast": [
+ "20.53.53.224",
+ "20.70.222.112"
+ ],
+ "australiasoutheast": [
+ "20.53.53.224",
+ "20.70.222.112"
+ ],
+ "brazilsouth": [
+ "91.234.136.63",
+ "20.206.0.194"
+ ],
+ "brazilsoutheast": [
+ "91.234.136.63",
+ "20.206.0.194"
+ ],
+ "canadacentral": [
+ "52.228.86.177",
+ "52.242.40.90"
+ ],
+ "canadaeast": [
+ "52.228.86.177",
+ "52.242.40.90"
+ ],
+ "northeurope": [
+ "52.146.139.220",
+ "20.105.209.72"
+ ],
+ "westeurope": [
+ "52.146.139.220",
+ "20.105.209.72"
+ ],
+ "francecentral": [
+ "20.111.0.244",
+ "52.136.191.10"
+ ],
+ "francesouth": [
+ "20.111.0.244",
+ "52.136.191.10"
+ ],
+ "germanynorth": [
+ "51.116.75.88",
+ "20.52.95.48"
+ ],
+ "germanywestcentral": [
+ "51.116.75.88",
+ "20.52.95.48"
+ ],
+ "centralindia": [
+ "20.192.168.150",
+ "20.192.153.104"
+ ],
+ "southindia": [
+ "20.192.168.150",
+ "20.192.153.104"
+ ],
+ "westindia": [
+ "20.192.168.150",
+ "20.192.153.104"
+ ],
+ "japaneast": [
+ "20.43.70.205",
+ "20.189.228.222"
+ ],
+ "japanwest": [
+ "20.43.70.205",
+ "20.189.228.222"
+ ],
+ "koreacentral": [
+ "20.200.196.96",
+ "52.147.119.29"
+ ],
+ "koreasouth": [
+ "20.200.196.96",
+ "52.147.119.29"
+ ],
+ "norwaywest": [
+ "20.100.1.184",
+ "51.13.138.76"
+ ],
+ "norwayeast": [
+ "20.100.1.184",
+ "51.13.138.76"
+ ],
+ "switzerlandnorth": [
+ "20.208.4.98",
+ "51.107.251.190"
+ ],
+ "switzerlandwest": [
+ "20.208.4.98",
+ "51.107.251.190"
+ ],
+ "uaecentral": [
+ "20.45.95.66",
+ "20.38.141.5"
+ ],
+ "uaenorth": [
+ "20.45.95.66",
+ "20.38.141.5"
+ ],
+ "uksouth": [
+ "20.90.132.144",
+ "20.58.68.62"
+ ],
+ "ukwest": [
+ "20.90.132.144",
+ "20.58.68.62"
+ ],
+ "swedencentral": [
+ "51.12.72.223",
+ "51.12.22.174"
+ ],
+ "swedensouth": [
+ "51.12.72.223",
+ "51.12.22.174"
+ ],
+ "centralus": [
+ "20.98.146.84",
+ "20.98.194.64",
+ "20.69.5.162",
+ "20.83.222.102"
+ ],
+ "eastus2": [
+ "20.98.146.84",
+ "20.98.194.64",
+ "20.69.5.162",
+ "20.83.222.102"
+ ],
+ "eastus": [
+ "20.98.146.84",
+ "20.98.194.64",
+ "20.69.5.162",
+ "20.83.222.102"
+ ],
+ "northcentralus": [
+ "20.98.146.84",
+ "20.98.194.64",
+ "20.69.5.162",
+ "20.83.222.102"
+ ],
+ "southcentralus": [
+ "20.98.146.84",
+ "20.98.194.64",
+ "20.69.5.162",
+ "20.83.222.102"
+ ],
+ "westus2": [
+ "20.98.146.84",
+ "20.98.194.64",
+ "20.69.5.162",
+ "20.83.222.102"
+ ],
+ "westus3": [
+ "20.98.146.84",
+ "20.98.194.64",
+ "20.69.5.162",
+ "20.83.222.102"
+ ],
+ "westcentralus": [
+ "20.98.146.84",
+ "20.98.194.64",
+ "20.69.5.162",
+ "20.83.222.102"
+ ],
+ "westus": [
+ "20.98.146.84",
+ "20.98.194.64",
+ "20.69.5.162",
+ "20.83.222.102"
+ ],
+ "eastus2euap": [
+ "20.45.242.18",
+ "20.51.21.252"
+ ],
+ "centraluseuap": [
+ "20.45.242.18",
+ "20.51.21.252"
+ ]
+ },
"serialConsoleIps": "[if(contains(variables('serialConsoleGeographies'),variables('location')),variables('serialConsoleGeographies')[variables('location')],createArray())]",
- "storageAccountIps" : "[concat(variables('SerialConsoleIps'),parameters('storageAccountAdditionalIps'))]",
+ "storageAccountIps": "[concat(variables('SerialConsoleIps'),parameters('storageAccountAdditionalIps'))]",
"isBlink": true,
"subnet1Name": "[parameters('subnet1Name')]",
"storageAccountName": "[concat('bootdiag', uniqueString(variables('resourceGroup').id, deployment().name))]",
"storageAccountType": "Standard_LRS",
"diskSize100GB": 100,
- "additionalDiskSizeGB": "[if(contains('R8040 R81 R8110 R8120', variables('osVersion')), 0, parameters('additionalDiskSizeGB'))]",
+ "additionalDiskSizeGB": "[if(contains('R8110 R8120', variables('osVersion')), 0, parameters('additionalDiskSizeGB'))]",
"diskSizeGB": "[add(variables('additionalDiskSizeGB'), variables('diskSize100GB'))]",
"customData": "[concat('#!/usr/bin/python3 /etc/cloud_config.py\n', '\n', 'installationType=\"', variables('installationType'), '\"', '\n', 'allowUploadDownload=\"', variables('allowUploadDownload'), '\"', '\n', 'osVersion=\"', variables('osVersion'), '\"', '\n', 'templateName=\"', variables('templateName'), '\"', '\n', 'isBlink=\"', variables('isBlink'), '\"', '\n', 'templateVersion=\"', variables('templateVersion'), '\"', '\n', 'bootstrapScript64=\"', variables('bootstrapScript64'), '\"', '\n', 'location=\"', variables('location'), '\"', '\n', 'sicKey=\"', variables('sicKey'), '\"', '\n', 'customMetrics=\"', variables('customMetrics'), '\"', '\n', 'adminShell=\"', parameters('adminShell'), '\"', '\n', 'MaintenanceModePassword=\"', parameters('MaintenanceModePasswordHash'), '\"', '\n', 'passwordHash=\"', parameters('SerialConsolePasswordHash'), '\"', '\n')]",
"imageOffer": "[concat('check-point-cg-', toLower(variables('osVersion')))]",
@@ -640,7 +791,9 @@
"customMetrics": "[parameters('customMetrics')]",
"monitoringMetricsPublisher": "[concat('/subscriptions/', parameters('subscriptionId'), '/providers/Microsoft.Authorization/roleDefinitions/', '3913510d-42f4-4e42-8a64-420c390055eb')]",
"identity": "[json('{\"type\": \"SystemAssigned\"}')]",
- "NewNsgReference": {"id": "[resourceId(variables('vnetRGName'),'Microsoft.Network/networkSecurityGroups', parameters('NewNsgName'))]"}
+ "NewNsgReference": {
+ "id": "[resourceId(variables('vnetRGName'),'Microsoft.Network/networkSecurityGroups', parameters('NewNsgName'))]"
+ }
},
"resources": [
{
@@ -705,8 +858,7 @@
"deployNsg": {
"value": "[parameters('deployNewNSG')]"
},
- "NewNsgName":
- {
+ "NewNsgName": {
"value": "[parameters('NewNsgName')]"
},
"deployRouteTable": {
@@ -749,8 +901,7 @@
"deployNsg": {
"value": "[parameters('deployNewNSG')]"
},
- "NewNsgName":
- {
+ "NewNsgName": {
"value": "[parameters('NewNsgName')]"
},
"tagsByResource": {
diff --git a/azure/templates/marketplace-ha/createUiDefinition.json b/azure/templates/marketplace-ha/createUiDefinition.json
index 76eaa532..a547363d 100644
--- a/azure/templates/marketplace-ha/createUiDefinition.json
+++ b/azure/templates/marketplace-ha/createUiDefinition.json
@@ -69,725 +69,39 @@
"constraints": {
"allowedValues": [
{
- "label": "R80.40",
- "value": "R80.40"
- },
- {
- "label": "R81",
- "value": "R81"
- },
- {
- "label": "R81.10",
- "value": "R81.10"
- },
- {
- "label": "R81.20",
- "value": "R81.20"
- }
- ]
- }
- },
- {
- "name": "R80Offer",
- "type": "Microsoft.Common.DropDown",
- "label": "License type",
- "toolTip": "The type of license.",
- "defaultValue": "Bring Your Own License",
- "visible": true,
- "constraints": {
- "allowedValues": [
- {
- "label": "Bring Your Own License",
- "value": "Bring Your Own License"
- },
- {
- "label": "Pay As You Go (NGTP)",
- "value": "Pay As You Go (NGTP)"
- },
- {
- "label": "Pay As You Go (NGTX)",
- "value": "Pay As You Go (NGTX)"
- }
- ]
- }
- },
- {
- "name": "R8040vmSizeUiBYOL",
- "type": "Microsoft.Compute.SizeSelector",
- "visible": "[and(equals(steps('chkp').cloudGuardVersion, 'R80.40'), contains(steps('chkp').R80Offer, 'Bring Your Own License'))]",
- "label": "Virtual machine size",
- "toolTip": "The VM size of the Security Gateway",
- "recommendedSizes": [
- "Standard_D3_v2",
- "Standard_DS3_v2"
- ],
- "constraints": {
- "allowedSizes": [
- "Standard_D4_v4",
- "Standard_D8_v4",
- "Standard_D16_v4",
- "Standard_D32_v4",
- "Standard_D48_v4",
- "Standard_D64_v4",
- "Standard_D4s_v4",
- "Standard_D8s_v4",
- "Standard_D16s_v4",
- "Standard_D32s_v4",
- "Standard_D48s_v4",
- "Standard_D64s_v4",
- "Standard_D2_v5",
- "Standard_D4_v5",
- "Standard_D8_v5",
- "Standard_D16_v5",
- "Standard_D32_v5",
- "Standard_D2s_v5",
- "Standard_D4s_v5",
- "Standard_D8s_v5",
- "Standard_D16s_v5",
- "Standard_D2d_v5",
- "Standard_D4d_v5",
- "Standard_D8d_v5",
- "Standard_D16d_v5",
- "Standard_D32d_v5",
- "Standard_D2ds_v5",
- "Standard_D4ds_v5",
- "Standard_D8ds_v5",
- "Standard_D16ds_v5",
- "Standard_D32ds_v5",
- "Standard_DS2_v2",
- "Standard_DS3_v2",
- "Standard_DS4_v2",
- "Standard_DS5_v2",
- "Standard_F2s",
- "Standard_F4s",
- "Standard_F8s",
- "Standard_F16s",
- "Standard_D4s_v3",
- "Standard_D8s_v3",
- "Standard_D16s_v3",
- "Standard_D32s_v3",
- "Standard_D64s_v3",
- "Standard_E4s_v3",
- "Standard_E8s_v3",
- "Standard_E16s_v3",
- "Standard_E20s_v3",
- "Standard_E32s_v3",
- "Standard_E64s_v3",
- "Standard_E64is_v3",
- "Standard_F4s_v2",
- "Standard_F8s_v2",
- "Standard_F16s_v2",
- "Standard_F32s_v2",
- "Standard_F64s_v2",
- "Standard_M8ms",
- "Standard_M16ms",
- "Standard_M32ms",
- "Standard_M64ms",
- "Standard_M64s",
- "Standard_D2_v2",
- "Standard_D3_v2",
- "Standard_D4_v2",
- "Standard_D5_v2",
- "Standard_D11_v2",
- "Standard_D12_v2",
- "Standard_D13_v2",
- "Standard_D14_v2",
- "Standard_D15_v2",
- "Standard_F2",
- "Standard_F4",
- "Standard_F8",
- "Standard_F16",
- "Standard_D4_v3",
- "Standard_D8_v3",
- "Standard_D16_v3",
- "Standard_D32_v3",
- "Standard_D64_v3",
- "Standard_E4_v3",
- "Standard_E8_v3",
- "Standard_E16_v3",
- "Standard_E20_v3",
- "Standard_E32_v3",
- "Standard_E64_v3",
- "Standard_E64i_v3",
- "Standard_DS11_v2",
- "Standard_DS12_v2",
- "Standard_DS13_v2",
- "Standard_DS14_v2",
- "Standard_DS15_v2"
- ]
- },
- "osPlatform": "Linux",
- "imageReference": {
- "publisher": "checkpoint",
- "offer": "check-point-cg-r8040",
- "sku": "sg-byol"
- },
- "count": 2
- },
- {
- "name": "R8040vmSizeUiNGTP",
- "type": "Microsoft.Compute.SizeSelector",
- "visible": "[and(equals(steps('chkp').cloudGuardVersion, 'R80.40'), contains(steps('chkp').R80Offer, '(NGTP)'))]",
- "label": "Virtual machine size",
- "toolTip": "The VM size of the Security Gateway",
- "recommendedSizes": [
- "Standard_D3_v2",
- "Standard_DS3_v2"
- ],
- "constraints": {
- "allowedSizes": [
- "Standard_D4_v4",
- "Standard_D8_v4",
- "Standard_D16_v4",
- "Standard_D32_v4",
- "Standard_D48_v4",
- "Standard_D64_v4",
- "Standard_D4s_v4",
- "Standard_D8s_v4",
- "Standard_D16s_v4",
- "Standard_D32s_v4",
- "Standard_D48s_v4",
- "Standard_D64s_v4",
- "Standard_D2_v5",
- "Standard_D4_v5",
- "Standard_D8_v5",
- "Standard_D16_v5",
- "Standard_D32_v5",
- "Standard_D2s_v5",
- "Standard_D4s_v5",
- "Standard_D8s_v5",
- "Standard_D16s_v5",
- "Standard_D2d_v5",
- "Standard_D4d_v5",
- "Standard_D8d_v5",
- "Standard_D16d_v5",
- "Standard_D32d_v5",
- "Standard_D2ds_v5",
- "Standard_D4ds_v5",
- "Standard_D8ds_v5",
- "Standard_D16ds_v5",
- "Standard_D32ds_v5",
- "Standard_DS2_v2",
- "Standard_DS3_v2",
- "Standard_DS4_v2",
- "Standard_DS5_v2",
- "Standard_F2s",
- "Standard_F4s",
- "Standard_F8s",
- "Standard_F16s",
- "Standard_D4s_v3",
- "Standard_D8s_v3",
- "Standard_D16s_v3",
- "Standard_D32s_v3",
- "Standard_D64s_v3",
- "Standard_E4s_v3",
- "Standard_E8s_v3",
- "Standard_E16s_v3",
- "Standard_E20s_v3",
- "Standard_E32s_v3",
- "Standard_E64s_v3",
- "Standard_E64is_v3",
- "Standard_F4s_v2",
- "Standard_F8s_v2",
- "Standard_F16s_v2",
- "Standard_F32s_v2",
- "Standard_F64s_v2",
- "Standard_M8ms",
- "Standard_M16ms",
- "Standard_M32ms",
- "Standard_M64ms",
- "Standard_M64s",
- "Standard_D2_v2",
- "Standard_D3_v2",
- "Standard_D4_v2",
- "Standard_D5_v2",
- "Standard_D11_v2",
- "Standard_D12_v2",
- "Standard_D13_v2",
- "Standard_D14_v2",
- "Standard_D15_v2",
- "Standard_F2",
- "Standard_F4",
- "Standard_F8",
- "Standard_F16",
- "Standard_D4_v3",
- "Standard_D8_v3",
- "Standard_D16_v3",
- "Standard_D32_v3",
- "Standard_D64_v3",
- "Standard_E4_v3",
- "Standard_E8_v3",
- "Standard_E16_v3",
- "Standard_E20_v3",
- "Standard_E32_v3",
- "Standard_E64_v3",
- "Standard_E64i_v3",
- "Standard_DS11_v2",
- "Standard_DS12_v2",
- "Standard_DS13_v2",
- "Standard_DS14_v2",
- "Standard_DS15_v2"
- ]
- },
- "osPlatform": "Linux",
- "imageReference": {
- "publisher": "checkpoint",
- "offer": "check-point-cg-r8040",
- "sku": "sg-ngtp"
- },
- "count": 2
- },
- {
- "name": "R8040vmSizeUiNGTX",
- "type": "Microsoft.Compute.SizeSelector",
- "visible": "[and(equals(steps('chkp').cloudGuardVersion, 'R80.40'), contains(steps('chkp').R80Offer, '(NGTX)'))]",
- "label": "Virtual machine size",
- "toolTip": "The VM size of the Security Gateway",
- "recommendedSizes": [
- "Standard_D3_v2",
- "Standard_DS3_v2"
- ],
- "constraints": {
- "allowedSizes": [
- "Standard_D4_v4",
- "Standard_D8_v4",
- "Standard_D16_v4",
- "Standard_D32_v4",
- "Standard_D48_v4",
- "Standard_D64_v4",
- "Standard_D4s_v4",
- "Standard_D8s_v4",
- "Standard_D16s_v4",
- "Standard_D32s_v4",
- "Standard_D48s_v4",
- "Standard_D64s_v4",
- "Standard_D2_v5",
- "Standard_D4_v5",
- "Standard_D8_v5",
- "Standard_D16_v5",
- "Standard_D32_v5",
- "Standard_D2s_v5",
- "Standard_D4s_v5",
- "Standard_D8s_v5",
- "Standard_D16s_v5",
- "Standard_D2d_v5",
- "Standard_D4d_v5",
- "Standard_D8d_v5",
- "Standard_D16d_v5",
- "Standard_D32d_v5",
- "Standard_D2ds_v5",
- "Standard_D4ds_v5",
- "Standard_D8ds_v5",
- "Standard_D16ds_v5",
- "Standard_D32ds_v5",
- "Standard_DS2_v2",
- "Standard_DS3_v2",
- "Standard_DS4_v2",
- "Standard_DS5_v2",
- "Standard_F2s",
- "Standard_F4s",
- "Standard_F8s",
- "Standard_F16s",
- "Standard_D4s_v3",
- "Standard_D8s_v3",
- "Standard_D16s_v3",
- "Standard_D32s_v3",
- "Standard_D64s_v3",
- "Standard_E4s_v3",
- "Standard_E8s_v3",
- "Standard_E16s_v3",
- "Standard_E20s_v3",
- "Standard_E32s_v3",
- "Standard_E64s_v3",
- "Standard_E64is_v3",
- "Standard_F4s_v2",
- "Standard_F8s_v2",
- "Standard_F16s_v2",
- "Standard_F32s_v2",
- "Standard_F64s_v2",
- "Standard_M8ms",
- "Standard_M16ms",
- "Standard_M32ms",
- "Standard_M64ms",
- "Standard_M64s",
- "Standard_D2_v2",
- "Standard_D3_v2",
- "Standard_D4_v2",
- "Standard_D5_v2",
- "Standard_D11_v2",
- "Standard_D12_v2",
- "Standard_D13_v2",
- "Standard_D14_v2",
- "Standard_D15_v2",
- "Standard_F2",
- "Standard_F4",
- "Standard_F8",
- "Standard_F16",
- "Standard_D4_v3",
- "Standard_D8_v3",
- "Standard_D16_v3",
- "Standard_D32_v3",
- "Standard_D64_v3",
- "Standard_E4_v3",
- "Standard_E8_v3",
- "Standard_E16_v3",
- "Standard_E20_v3",
- "Standard_E32_v3",
- "Standard_E64_v3",
- "Standard_E64i_v3",
- "Standard_DS11_v2",
- "Standard_DS12_v2",
- "Standard_DS13_v2",
- "Standard_DS14_v2",
- "Standard_DS15_v2"
- ]
- },
- "osPlatform": "Linux",
- "imageReference": {
- "publisher": "checkpoint",
- "offer": "check-point-cg-r8040",
- "sku": "sg-ngtx"
- },
- "count": 2
- },
- {
- "name": "R81vmSizeUiBYOL",
- "type": "Microsoft.Compute.SizeSelector",
- "visible": "[and(equals(steps('chkp').cloudGuardVersion, 'R81'), contains(steps('chkp').R80Offer, 'Bring Your Own License'))]",
- "label": "Virtual machine size",
- "toolTip": "The VM size of the Security Gateway",
- "recommendedSizes": [
- "Standard_D3_v2",
- "Standard_DS3_v2"
- ],
- "constraints": {
- "allowedSizes": [
- "Standard_D4_v4",
- "Standard_D8_v4",
- "Standard_D16_v4",
- "Standard_D32_v4",
- "Standard_D48_v4",
- "Standard_D64_v4",
- "Standard_D4s_v4",
- "Standard_D8s_v4",
- "Standard_D16s_v4",
- "Standard_D32s_v4",
- "Standard_D48s_v4",
- "Standard_D64s_v4",
- "Standard_D2_v5",
- "Standard_D4_v5",
- "Standard_D8_v5",
- "Standard_D16_v5",
- "Standard_D32_v5",
- "Standard_D2s_v5",
- "Standard_D4s_v5",
- "Standard_D8s_v5",
- "Standard_D16s_v5",
- "Standard_D2d_v5",
- "Standard_D4d_v5",
- "Standard_D8d_v5",
- "Standard_D16d_v5",
- "Standard_D32d_v5",
- "Standard_D2ds_v5",
- "Standard_D4ds_v5",
- "Standard_D8ds_v5",
- "Standard_D16ds_v5",
- "Standard_D32ds_v5",
- "Standard_DS2_v2",
- "Standard_DS3_v2",
- "Standard_DS4_v2",
- "Standard_DS5_v2",
- "Standard_F2s",
- "Standard_F4s",
- "Standard_F8s",
- "Standard_F16s",
- "Standard_D4s_v3",
- "Standard_D8s_v3",
- "Standard_D16s_v3",
- "Standard_D32s_v3",
- "Standard_D64s_v3",
- "Standard_E4s_v3",
- "Standard_E8s_v3",
- "Standard_E16s_v3",
- "Standard_E20s_v3",
- "Standard_E32s_v3",
- "Standard_E64s_v3",
- "Standard_E64is_v3",
- "Standard_F4s_v2",
- "Standard_F8s_v2",
- "Standard_F16s_v2",
- "Standard_F32s_v2",
- "Standard_F64s_v2",
- "Standard_M8ms",
- "Standard_M16ms",
- "Standard_M32ms",
- "Standard_M64ms",
- "Standard_M64s",
- "Standard_D2_v2",
- "Standard_D3_v2",
- "Standard_D4_v2",
- "Standard_D5_v2",
- "Standard_D11_v2",
- "Standard_D12_v2",
- "Standard_D13_v2",
- "Standard_D14_v2",
- "Standard_D15_v2",
- "Standard_F2",
- "Standard_F4",
- "Standard_F8",
- "Standard_F16",
- "Standard_D4_v3",
- "Standard_D8_v3",
- "Standard_D16_v3",
- "Standard_D32_v3",
- "Standard_D64_v3",
- "Standard_E4_v3",
- "Standard_E8_v3",
- "Standard_E16_v3",
- "Standard_E20_v3",
- "Standard_E32_v3",
- "Standard_E64_v3",
- "Standard_E64i_v3",
- "Standard_DS11_v2",
- "Standard_DS12_v2",
- "Standard_DS13_v2",
- "Standard_DS14_v2",
- "Standard_DS15_v2"
- ]
- },
- "osPlatform": "Linux",
- "imageReference": {
- "publisher": "checkpoint",
- "offer": "check-point-cg-r81",
- "sku": "sg-byol"
- },
- "count": 2
- },
- {
- "name": "R81vmSizeUiNGTP",
- "type": "Microsoft.Compute.SizeSelector",
- "visible": "[and(equals(steps('chkp').cloudGuardVersion, 'R81'), contains(steps('chkp').R80Offer, '(NGTP)'))]",
- "label": "Virtual machine size",
- "toolTip": "The VM size of the Security Gateway",
- "recommendedSizes": [
- "Standard_D3_v2",
- "Standard_DS3_v2"
- ],
- "constraints": {
- "allowedSizes": [
- "Standard_D4_v4",
- "Standard_D8_v4",
- "Standard_D16_v4",
- "Standard_D32_v4",
- "Standard_D48_v4",
- "Standard_D64_v4",
- "Standard_D4s_v4",
- "Standard_D8s_v4",
- "Standard_D16s_v4",
- "Standard_D32s_v4",
- "Standard_D48s_v4",
- "Standard_D64s_v4",
- "Standard_D2_v5",
- "Standard_D4_v5",
- "Standard_D8_v5",
- "Standard_D16_v5",
- "Standard_D32_v5",
- "Standard_D2s_v5",
- "Standard_D4s_v5",
- "Standard_D8s_v5",
- "Standard_D16s_v5",
- "Standard_D2d_v5",
- "Standard_D4d_v5",
- "Standard_D8d_v5",
- "Standard_D16d_v5",
- "Standard_D32d_v5",
- "Standard_D2ds_v5",
- "Standard_D4ds_v5",
- "Standard_D8ds_v5",
- "Standard_D16ds_v5",
- "Standard_D32ds_v5",
- "Standard_DS2_v2",
- "Standard_DS3_v2",
- "Standard_DS4_v2",
- "Standard_DS5_v2",
- "Standard_F2s",
- "Standard_F4s",
- "Standard_F8s",
- "Standard_F16s",
- "Standard_D4s_v3",
- "Standard_D8s_v3",
- "Standard_D16s_v3",
- "Standard_D32s_v3",
- "Standard_D64s_v3",
- "Standard_E4s_v3",
- "Standard_E8s_v3",
- "Standard_E16s_v3",
- "Standard_E20s_v3",
- "Standard_E32s_v3",
- "Standard_E64s_v3",
- "Standard_E64is_v3",
- "Standard_F4s_v2",
- "Standard_F8s_v2",
- "Standard_F16s_v2",
- "Standard_F32s_v2",
- "Standard_F64s_v2",
- "Standard_M8ms",
- "Standard_M16ms",
- "Standard_M32ms",
- "Standard_M64ms",
- "Standard_M64s",
- "Standard_D2_v2",
- "Standard_D3_v2",
- "Standard_D4_v2",
- "Standard_D5_v2",
- "Standard_D11_v2",
- "Standard_D12_v2",
- "Standard_D13_v2",
- "Standard_D14_v2",
- "Standard_D15_v2",
- "Standard_F2",
- "Standard_F4",
- "Standard_F8",
- "Standard_F16",
- "Standard_D4_v3",
- "Standard_D8_v3",
- "Standard_D16_v3",
- "Standard_D32_v3",
- "Standard_D64_v3",
- "Standard_E4_v3",
- "Standard_E8_v3",
- "Standard_E16_v3",
- "Standard_E20_v3",
- "Standard_E32_v3",
- "Standard_E64_v3",
- "Standard_E64i_v3",
- "Standard_DS11_v2",
- "Standard_DS12_v2",
- "Standard_DS13_v2",
- "Standard_DS14_v2",
- "Standard_DS15_v2"
+ "label": "R81.10",
+ "value": "R81.10"
+ },
+ {
+ "label": "R81.20",
+ "value": "R81.20"
+ }
]
- },
- "osPlatform": "Linux",
- "imageReference": {
- "publisher": "checkpoint",
- "offer": "check-point-cg-r81",
- "sku": "sg-ngtp"
- },
- "count": 2
+ }
},
{
- "name": "R81vmSizeUiNGTX",
- "type": "Microsoft.Compute.SizeSelector",
- "visible": "[and(equals(steps('chkp').cloudGuardVersion, 'R81'), contains(steps('chkp').R80Offer, '(NGTX)'))]",
- "label": "Virtual machine size",
- "toolTip": "The VM size of the Security Gateway",
- "recommendedSizes": [
- "Standard_D3_v2",
- "Standard_DS3_v2"
- ],
+ "name": "R80Offer",
+ "type": "Microsoft.Common.DropDown",
+ "label": "License type",
+ "toolTip": "The type of license.",
+ "defaultValue": "Bring Your Own License",
+ "visible": true,
"constraints": {
- "allowedSizes": [
- "Standard_D4_v4",
- "Standard_D8_v4",
- "Standard_D16_v4",
- "Standard_D32_v4",
- "Standard_D48_v4",
- "Standard_D64_v4",
- "Standard_D4s_v4",
- "Standard_D8s_v4",
- "Standard_D16s_v4",
- "Standard_D32s_v4",
- "Standard_D48s_v4",
- "Standard_D64s_v4",
- "Standard_D2_v5",
- "Standard_D4_v5",
- "Standard_D8_v5",
- "Standard_D16_v5",
- "Standard_D32_v5",
- "Standard_D2s_v5",
- "Standard_D4s_v5",
- "Standard_D8s_v5",
- "Standard_D16s_v5",
- "Standard_D2d_v5",
- "Standard_D4d_v5",
- "Standard_D8d_v5",
- "Standard_D16d_v5",
- "Standard_D32d_v5",
- "Standard_D2ds_v5",
- "Standard_D4ds_v5",
- "Standard_D8ds_v5",
- "Standard_D16ds_v5",
- "Standard_D32ds_v5",
- "Standard_DS2_v2",
- "Standard_DS3_v2",
- "Standard_DS4_v2",
- "Standard_DS5_v2",
- "Standard_F2s",
- "Standard_F4s",
- "Standard_F8s",
- "Standard_F16s",
- "Standard_D4s_v3",
- "Standard_D8s_v3",
- "Standard_D16s_v3",
- "Standard_D32s_v3",
- "Standard_D64s_v3",
- "Standard_E4s_v3",
- "Standard_E8s_v3",
- "Standard_E16s_v3",
- "Standard_E20s_v3",
- "Standard_E32s_v3",
- "Standard_E64s_v3",
- "Standard_E64is_v3",
- "Standard_F4s_v2",
- "Standard_F8s_v2",
- "Standard_F16s_v2",
- "Standard_F32s_v2",
- "Standard_F64s_v2",
- "Standard_M8ms",
- "Standard_M16ms",
- "Standard_M32ms",
- "Standard_M64ms",
- "Standard_M64s",
- "Standard_D2_v2",
- "Standard_D3_v2",
- "Standard_D4_v2",
- "Standard_D5_v2",
- "Standard_D11_v2",
- "Standard_D12_v2",
- "Standard_D13_v2",
- "Standard_D14_v2",
- "Standard_D15_v2",
- "Standard_F2",
- "Standard_F4",
- "Standard_F8",
- "Standard_F16",
- "Standard_D4_v3",
- "Standard_D8_v3",
- "Standard_D16_v3",
- "Standard_D32_v3",
- "Standard_D64_v3",
- "Standard_E4_v3",
- "Standard_E8_v3",
- "Standard_E16_v3",
- "Standard_E20_v3",
- "Standard_E32_v3",
- "Standard_E64_v3",
- "Standard_E64i_v3",
- "Standard_DS11_v2",
- "Standard_DS12_v2",
- "Standard_DS13_v2",
- "Standard_DS14_v2",
- "Standard_DS15_v2"
+ "allowedValues": [
+ {
+ "label": "Bring Your Own License",
+ "value": "Bring Your Own License"
+ },
+ {
+ "label": "Pay As You Go (NGTP)",
+ "value": "Pay As You Go (NGTP)"
+ },
+ {
+ "label": "Pay As You Go (NGTX)",
+ "value": "Pay As You Go (NGTX)"
+ }
]
- },
- "osPlatform": "Linux",
- "imageReference": {
- "publisher": "checkpoint",
- "offer": "check-point-cg-r81",
- "sku": "sg-ngtx"
- },
- "count": 2
+ }
},
{
"name": "R8110vmSizeUiBYOL",
@@ -1522,7 +836,7 @@
}
},
{
- "visible": "[bool(basics('auth').sshPublicKey)]",
+ "visible": "[bool(basics('auth').sshPublicKey)]",
"name": "EnableSerialConsolePassword",
"type": "Microsoft.Common.OptionsGroup",
"label": "Enable Serial console password",
@@ -1562,14 +876,14 @@
{
"name": "MaintenanceModeInfoBox",
"type": "Microsoft.Common.InfoBox",
- "visible": "[and(bool(basics('auth').password), not(contains('R80.40 R81 R81.10', steps('chkp').cloudGuardVersion)))]",
+ "visible": "[and(bool(basics('auth').password), not(contains('R81.10', steps('chkp').cloudGuardVersion)))]",
"options": {
"icon": "Info",
"text": "Check Point recommends setting a maintenance-mode password for recovery purposes."
}
},
{
- "visible": "[not(contains('R80.40 R81 R81.10', steps('chkp').cloudGuardVersion))]",
+ "visible": "[not(contains('R81.10', steps('chkp').cloudGuardVersion))]",
"name": "EnableMaintenanceMode",
"type": "Microsoft.Common.OptionsGroup",
"label": "Enable Maintenance Mode",
@@ -1589,7 +903,7 @@
}
},
{
- "visible": "[and(not(contains('R80.40 R81 R81.10', steps('chkp').cloudGuardVersion)), steps('chkp').EnableMaintenanceMode)]",
+ "visible": "[and(not(contains('R81.10', steps('chkp').cloudGuardVersion)), steps('chkp').EnableMaintenanceMode)]",
"name": "MaintenanceModePassword",
"type": "Microsoft.Common.PasswordBox",
"defaultValue": "",
@@ -1686,7 +1000,7 @@
"type": "Microsoft.Common.OptionsGroup",
"label": "VM disk type",
"toolTip": "Type of CloudGuard disk.",
- "visible": "[not(contains('R80.40 R81 R81.10' , steps('chkp').cloudGuardVersion))]",
+ "visible": "[not(contains('R81.10' , steps('chkp').cloudGuardVersion))]",
"defaultValue": "Premium",
"constraints": {
"allowedValues": [
@@ -1706,7 +1020,7 @@
"type": "Microsoft.Common.OptionsGroup",
"label": "VM disk type",
"toolTip": "Type of CloudGuard disk.",
- "visible": "[contains('R80.40 R81 R81.10' , steps('chkp').cloudGuardVersion)]",
+ "visible": "[contains('R81.10' , steps('chkp').cloudGuardVersion)]",
"defaultValue": "Standard",
"constraints": {
"allowedValues": [
@@ -1885,7 +1199,7 @@
"label": "Quick connect to Smart-1 Cloud",
"defaultValue": "Yes",
"toolTip": "Automatically connect this Cluster to Smart-1 Cloud - Check Point's Security Management as a Service",
- "constraints": {
+ "constraints": {
"allowedValues": [
{
"label": "Yes",
@@ -1924,16 +1238,16 @@
"visible": "[equals(steps('chkp').allowSmart1CloudConnection, 'yes')]"
},
{
- "name": "Smart1CloudTokenB",
- "type": "Microsoft.Common.TextBox",
- "label": "Smart-1 Cloud Token Member B",
- "toolTip": "Paste here the token copied from the Connect Gateway (Member B) screen in Smart-1 Cloud portal",
- "constraints": {
- "required": true,
- "regex": "[\\S\\s]{5,}",
- "validationMessage": "Smart1Cloud Token Should contain at lease 5 characters"
- },
- "visible": "[equals(steps('chkp').allowSmart1CloudConnection, 'yes')]"
+ "name": "Smart1CloudTokenB",
+ "type": "Microsoft.Common.TextBox",
+ "label": "Smart-1 Cloud Token Member B",
+ "toolTip": "Paste here the token copied from the Connect Gateway (Member B) screen in Smart-1 Cloud portal",
+ "constraints": {
+ "required": true,
+ "regex": "[\\S\\s]{5,}",
+ "validationMessage": "Smart1Cloud Token Should contain at lease 5 characters"
+ },
+ "visible": "[equals(steps('chkp').allowSmart1CloudConnection, 'yes')]"
}
]
},
@@ -2295,7 +1609,7 @@
"authenticationType": "[basics('auth').authenticationType]",
"sshPublicKey": "[basics('auth').sshPublicKey]",
"vmName": "[basics('clusterObjectNameUi')]",
- "vmSize": "[coalesce(steps('chkp').R8040vmSizeUiBYOL, steps('chkp').R8040vmSizeUiNGTP, steps('chkp').R8040vmSizeUiNGTX, steps('chkp').R81vmSizeUiBYOL, steps('chkp').R81vmSizeUiNGTP, steps('chkp').R81vmSizeUiNGTX, steps('chkp').R8110vmSizeUiBYOL, steps('chkp').R8110vmSizeUiNGTP, steps('chkp').R8110vmSizeUiNGTX, steps('chkp').R8120vmSizeUiBYOL, steps('chkp').R8120vmSizeUiNGTP, steps('chkp').R8120vmSizeUiNGTX)]",
+ "vmSize": "[coalesce(steps('chkp').R8110vmSizeUiBYOL, steps('chkp').R8110vmSizeUiNGTP, steps('chkp').R8110vmSizeUiNGTX, steps('chkp').R8120vmSizeUiBYOL, steps('chkp').R8120vmSizeUiNGTP, steps('chkp').R8120vmSizeUiNGTX)]",
"sicKey": "[steps('chkp').sicKeyUi]",
"virtualNetworkName": "[steps('network').virtualNetwork.name]",
"virtualNetworkAddressPrefixes": "[steps('network').virtualNetwork.addressPrefixes]",
@@ -2310,7 +1624,7 @@
"bootstrapScript": "[steps('chkp').bootstrapScript]",
"allowDownloadFromUploadToCheckPoint": "[coalesce(steps('chkp').allowUploadDownload, 'true')]",
"additionalDiskSizeGB": "[int(steps('chkp').additionalDiskSizeGB)]",
- "diskType": "[if(contains('R80.40 R81 R81.10' , steps('chkp').cloudGuardVersion) , steps('chkp').VMDiskTypeOldVersions , steps('chkp').VMDiskType)]",
+ "diskType": "[if(contains('R81.10' , steps('chkp').cloudGuardVersion) , steps('chkp').VMDiskTypeOldVersions , steps('chkp').VMDiskType)]",
"managedSystemAssigned": "[steps('chkp').managedSystemAssigned]",
"sourceImageVhdUri": "[coalesce(steps('chkp').sourceImageVhdUri, 'noCustomUri')]",
"availabilityOptions": "[steps('chkp').availabilityOptions]",
diff --git a/azure/templates/marketplace-ha/mainTemplate.json b/azure/templates/marketplace-ha/mainTemplate.json
index 9d5b71dc..77c7fbf3 100644
--- a/azure/templates/marketplace-ha/mainTemplate.json
+++ b/azure/templates/marketplace-ha/mainTemplate.json
@@ -12,12 +12,6 @@
"cloudGuardVersion": {
"type": "string",
"allowedValues": [
- "R80.40 - Bring Your Own License",
- "R80.40 - Pay As You Go (NGTP)",
- "R80.40 - Pay As You Go (NGTX)",
- "R81 - Bring Your Own License",
- "R81 - Pay As You Go (NGTP)",
- "R81 - Pay As You Go (NGTX)",
"R81.10 - Bring Your Own License",
"R81.10 - Pay As You Go (NGTP)",
"R81.10 - Pay As You Go (NGTX)",
@@ -349,32 +343,25 @@
"metadata": {
"description": "Add Storage Account IP rules that allow access to the Serial Console only for IPs based on their geographic location, based on https://learn.microsoft.com/en-us/troubleshoot/azure/virtual-machines/serial-console-linux#use-serial-console-with-custom-boot-diagnostics-storage-account-firewall-enabled, based on https://learn.microsoft.com/en-us/troubleshoot/azure/virtual-machines/serial-console-linux#use-serial-console-with-custom-boot-diagnostics-storage-account-firewall-enabled"
},
- "defaultValue" : false
+ "defaultValue": false
},
- "storageAccountAdditionalIps":{
+ "storageAccountAdditionalIps": {
"type": "array",
"metadata": {
"description": "IPs/CIDRs that are allowed access to the Storage Account"
},
- "defaultValue" : []
+ "defaultValue": []
}
-
},
"variables": {
"VIPs_Number": "[int(parameters('VipsNumber'))]",
"Vip_Names": "[split(parameters('VipNames'), ',')]",
"templateName": "ha",
- "templateVersion": "20230910",
+ "templateVersion": "20240716",
"location": "[parameters('location')]",
"elbPublicIPName": "frontend-lb-address",
"haPublicIPName": "[parameters('vmName')]",
"offers": {
- "R80.40 - Bring Your Own License": "BYOL",
- "R80.40 - Pay As You Go (NGTP)": "NGTP",
- "R80.40 - Pay As You Go (NGTX)": "NGTX",
- "R81 - Bring Your Own License": "BYOL",
- "R81 - Pay As You Go (NGTP)": "NGTP",
- "R81 - Pay As You Go (NGTX)": "NGTX",
"R81.10 - Bring Your Own License": "BYOL",
"R81.10 - Pay As You Go (NGTP)": "NGTP",
"R81.10 - Pay As You Go (NGTX)": "NGTX",
@@ -384,12 +371,6 @@
},
"offer": "[variables('offers')[parameters('cloudGuardVersion')]]",
"osVersions": {
- "R80.40 - Bring Your Own License": "R8040",
- "R80.40 - Pay As You Go (NGTP)": "R8040",
- "R80.40 - Pay As You Go (NGTX)": "R8040",
- "R81 - Bring Your Own License": "R81",
- "R81 - Pay As You Go (NGTP)": "R81",
- "R81 - Pay As You Go (NGTX)": "R81",
"R81.10 - Bring Your Own License": "R8110",
"R81.10 - Pay As You Go (NGTP)": "R8110",
"R81.10 - Pay As You Go (NGTX)": "R8110",
@@ -399,52 +380,203 @@
},
"osVersion": "[variables('osVersions')[parameters('cloudGuardVersion')]]",
"SerialConsoleGeographies": {
- "eastasia" : ["20.205.69.28", "20.195.85.180"],
- "southeastasia" : ["20.205.69.28", "20.195.85.180"],
- "australiacentral" : ["20.53.53.224", "20.70.222.112"],
- "australiacentral2" : ["20.53.53.224", "20.70.222.112"],
- "australiaeast" : ["20.53.53.224", "20.70.222.112"],
- "australiasoutheast" : ["20.53.53.224", "20.70.222.112"],
- "brazilsouth" : ["91.234.136.63", "20.206.0.194"],
- "brazilsoutheast" : ["91.234.136.63", "20.206.0.194"],
- "canadacentral" : ["52.228.86.177", "52.242.40.90"],
- "canadaeast" : ["52.228.86.177", "52.242.40.90"],
- "northeurope" : ["52.146.139.220", "20.105.209.72"],
- "westeurope" : ["52.146.139.220", "20.105.209.72"],
- "francecentral" : ["20.111.0.244", "52.136.191.10"],
- "francesouth" : ["20.111.0.244", "52.136.191.10"],
- "germanynorth" : ["51.116.75.88", "20.52.95.48"],
- "germanywestcentral" : ["51.116.75.88", "20.52.95.48"],
- "centralindia" : ["20.192.168.150", "20.192.153.104"],
- "southindia" : ["20.192.168.150", "20.192.153.104"],
- "westindia" : ["20.192.168.150", "20.192.153.104"],
- "japaneast" : ["20.43.70.205", "20.189.228.222"],
- "japanwest" : ["20.43.70.205", "20.189.228.222"],
- "koreacentral" : ["20.200.196.96", "52.147.119.29"],
- "koreasouth" : ["20.200.196.96", "52.147.119.29"],
- "norwaywest" : ["20.100.1.184", "51.13.138.76"],
- "norwayeast" : ["20.100.1.184", "51.13.138.76"],
- "switzerlandnorth" : ["20.208.4.98", "51.107.251.190"],
- "switzerlandwest" : ["20.208.4.98", "51.107.251.190"],
- "uaecentral" : ["20.45.95.66", "20.38.141.5"],
- "uaenorth" : ["20.45.95.66", "20.38.141.5"],
- "uksouth" : ["20.90.132.144", "20.58.68.62"],
- "ukwest" : ["20.90.132.144", "20.58.68.62"],
- "swedencentral" : ["51.12.72.223", "51.12.22.174"],
- "swedensouth" : ["51.12.72.223", "51.12.22.174"],
- "centralus" : ["20.98.146.84", "20.98.194.64", "20.69.5.162", "20.83.222.102"],
- "eastus2" : ["20.98.146.84", "20.98.194.64", "20.69.5.162", "20.83.222.102"],
- "eastus" : ["20.98.146.84", "20.98.194.64", "20.69.5.162", "20.83.222.102"],
- "northcentralus" : ["20.98.146.84", "20.98.194.64", "20.69.5.162", "20.83.222.102"],
- "southcentralus" : ["20.98.146.84", "20.98.194.64", "20.69.5.162", "20.83.222.102"],
- "westus2" : ["20.98.146.84", "20.98.194.64", "20.69.5.162", "20.83.222.102"],
- "westus3" : ["20.98.146.84", "20.98.194.64", "20.69.5.162", "20.83.222.102"],
- "westcentralus" : ["20.98.146.84", "20.98.194.64", "20.69.5.162", "20.83.222.102"],
- "westus" : ["20.98.146.84", "20.98.194.64", "20.69.5.162", "20.83.222.102"],
- "eastus2euap" : ["20.45.242.18", "20.51.21.252"],
- "centraluseuap" : ["20.45.242.18", "20.51.21.252"]},
+ "eastasia": [
+ "20.205.69.28",
+ "20.195.85.180"
+ ],
+ "southeastasia": [
+ "20.205.69.28",
+ "20.195.85.180"
+ ],
+ "australiacentral": [
+ "20.53.53.224",
+ "20.70.222.112"
+ ],
+ "australiacentral2": [
+ "20.53.53.224",
+ "20.70.222.112"
+ ],
+ "australiaeast": [
+ "20.53.53.224",
+ "20.70.222.112"
+ ],
+ "australiasoutheast": [
+ "20.53.53.224",
+ "20.70.222.112"
+ ],
+ "brazilsouth": [
+ "91.234.136.63",
+ "20.206.0.194"
+ ],
+ "brazilsoutheast": [
+ "91.234.136.63",
+ "20.206.0.194"
+ ],
+ "canadacentral": [
+ "52.228.86.177",
+ "52.242.40.90"
+ ],
+ "canadaeast": [
+ "52.228.86.177",
+ "52.242.40.90"
+ ],
+ "northeurope": [
+ "52.146.139.220",
+ "20.105.209.72"
+ ],
+ "westeurope": [
+ "52.146.139.220",
+ "20.105.209.72"
+ ],
+ "francecentral": [
+ "20.111.0.244",
+ "52.136.191.10"
+ ],
+ "francesouth": [
+ "20.111.0.244",
+ "52.136.191.10"
+ ],
+ "germanynorth": [
+ "51.116.75.88",
+ "20.52.95.48"
+ ],
+ "germanywestcentral": [
+ "51.116.75.88",
+ "20.52.95.48"
+ ],
+ "centralindia": [
+ "20.192.168.150",
+ "20.192.153.104"
+ ],
+ "southindia": [
+ "20.192.168.150",
+ "20.192.153.104"
+ ],
+ "westindia": [
+ "20.192.168.150",
+ "20.192.153.104"
+ ],
+ "japaneast": [
+ "20.43.70.205",
+ "20.189.228.222"
+ ],
+ "japanwest": [
+ "20.43.70.205",
+ "20.189.228.222"
+ ],
+ "koreacentral": [
+ "20.200.196.96",
+ "52.147.119.29"
+ ],
+ "koreasouth": [
+ "20.200.196.96",
+ "52.147.119.29"
+ ],
+ "norwaywest": [
+ "20.100.1.184",
+ "51.13.138.76"
+ ],
+ "norwayeast": [
+ "20.100.1.184",
+ "51.13.138.76"
+ ],
+ "switzerlandnorth": [
+ "20.208.4.98",
+ "51.107.251.190"
+ ],
+ "switzerlandwest": [
+ "20.208.4.98",
+ "51.107.251.190"
+ ],
+ "uaecentral": [
+ "20.45.95.66",
+ "20.38.141.5"
+ ],
+ "uaenorth": [
+ "20.45.95.66",
+ "20.38.141.5"
+ ],
+ "uksouth": [
+ "20.90.132.144",
+ "20.58.68.62"
+ ],
+ "ukwest": [
+ "20.90.132.144",
+ "20.58.68.62"
+ ],
+ "swedencentral": [
+ "51.12.72.223",
+ "51.12.22.174"
+ ],
+ "swedensouth": [
+ "51.12.72.223",
+ "51.12.22.174"
+ ],
+ "centralus": [
+ "20.98.146.84",
+ "20.98.194.64",
+ "20.69.5.162",
+ "20.83.222.102"
+ ],
+ "eastus2": [
+ "20.98.146.84",
+ "20.98.194.64",
+ "20.69.5.162",
+ "20.83.222.102"
+ ],
+ "eastus": [
+ "20.98.146.84",
+ "20.98.194.64",
+ "20.69.5.162",
+ "20.83.222.102"
+ ],
+ "northcentralus": [
+ "20.98.146.84",
+ "20.98.194.64",
+ "20.69.5.162",
+ "20.83.222.102"
+ ],
+ "southcentralus": [
+ "20.98.146.84",
+ "20.98.194.64",
+ "20.69.5.162",
+ "20.83.222.102"
+ ],
+ "westus2": [
+ "20.98.146.84",
+ "20.98.194.64",
+ "20.69.5.162",
+ "20.83.222.102"
+ ],
+ "westus3": [
+ "20.98.146.84",
+ "20.98.194.64",
+ "20.69.5.162",
+ "20.83.222.102"
+ ],
+ "westcentralus": [
+ "20.98.146.84",
+ "20.98.194.64",
+ "20.69.5.162",
+ "20.83.222.102"
+ ],
+ "westus": [
+ "20.98.146.84",
+ "20.98.194.64",
+ "20.69.5.162",
+ "20.83.222.102"
+ ],
+ "eastus2euap": [
+ "20.45.242.18",
+ "20.51.21.252"
+ ],
+ "centraluseuap": [
+ "20.45.242.18",
+ "20.51.21.252"
+ ]
+ },
"serialConsoleIps": "[if(contains(variables('serialConsoleGeographies'),variables('location')),variables('serialConsoleGeographies')[variables('location')],createArray())]",
- "storageAccountIps" : "[concat(variables('SerialConsoleIps'),parameters('storageAccountAdditionalIps'))]",
+ "storageAccountIps": "[concat(variables('SerialConsoleIps'),parameters('storageAccountAdditionalIps'))]",
"isBlink": true,
"storageAccountName": "[concat('bootdiag', uniqueString(resourceGroup().id, deployment().name))]",
"storageAccountType": "Standard_LRS",
@@ -609,50 +741,52 @@
"publicIPPrefixProperty": {
"Id": "[variables('usepublicIPPrefix')]"
},
- "tokens":[
+ "tokens": [
"[parameters('smart1CloudTokenA')]",
"[parameters('smart1CloudTokenB')]"
],
"prefixDependsOn": "[if(equals(parameters('publicIPPrefix'), 'yes'), if(equals(parameters('createNewIPPrefix'), 'yes'), variables('publicIPNewPrefixId'), variables('ipNewPrefixId')), variables('ipNewPrefixId'))]",
"deployNewVnet": "[equals(parameters('vnetNewOrExisting'), 'new')]",
"vnetRGName": "[if(variables('deployNewVnet'), resourceGroup().name, parameters('virtualNetworkExistingRGName'))]",
- "NewNsgReference": {"id": "[resourceId('Microsoft.Network/networkSecurityGroups', parameters('NewNsgName'))]"},
- "DefaultIpAddresses":
- [{
- "name": "member-ip",
- "properties": {
- "primary": true,
- "privateIPAddress": "[variables('externalPrivateAddresses')[0]]",
- "privateIPAllocationMethod": "Static",
- "PublicIpAddress": {
- "Id": "[variables('gwPublicIPIds')[0]]"
- },
- "subnet": {
- "id": "[resourceId(variables('vnetRGName'), 'Microsoft.Network/virtualNetworks/subnets', parameters('virtualNetworkName'), parameters('subnet1Name'))]"
- },
- "loadBalancerBackendAddressPools": [
- {
- "id": "[variables('elbBEAddressPoolID')]"
- }
- ]
- }
+ "NewNsgReference": {
+ "id": "[resourceId('Microsoft.Network/networkSecurityGroups', parameters('NewNsgName'))]"
},
- {
- "name": "cluster-vip",
- "properties": {
- "primary": false,
- "privateIPAddress": "[variables('externalPrivateAddresses')[2]]",
- "privateIPAllocationMethod": "Static",
- "PublicIpAddress": {
- "Id": "[variables('haPublicIPId')]"
- },
- "subnet": {
- "id": "[resourceId(variables('vnetRGName'), 'Microsoft.Network/virtualNetworks/subnets', parameters('virtualNetworkName'), parameters('subnet1Name'))]"
+ "DefaultIpAddresses": [
+ {
+ "name": "member-ip",
+ "properties": {
+ "primary": true,
+ "privateIPAddress": "[variables('externalPrivateAddresses')[0]]",
+ "privateIPAllocationMethod": "Static",
+ "PublicIpAddress": {
+ "Id": "[variables('gwPublicIPIds')[0]]"
+ },
+ "subnet": {
+ "id": "[resourceId(variables('vnetRGName'), 'Microsoft.Network/virtualNetworks/subnets', parameters('virtualNetworkName'), parameters('subnet1Name'))]"
+ },
+ "loadBalancerBackendAddressPools": [
+ {
+ "id": "[variables('elbBEAddressPoolID')]"
+ }
+ ]
+ }
+ },
+ {
+ "name": "cluster-vip",
+ "properties": {
+ "primary": false,
+ "privateIPAddress": "[variables('externalPrivateAddresses')[2]]",
+ "privateIPAllocationMethod": "Static",
+ "PublicIpAddress": {
+ "Id": "[variables('haPublicIPId')]"
+ },
+ "subnet": {
+ "id": "[resourceId(variables('vnetRGName'), 'Microsoft.Network/virtualNetworks/subnets', parameters('virtualNetworkName'), parameters('subnet1Name'))]"
+ }
}
}
- }],
- "copy":
- [
+ ],
+ "copy": [
{
"name": "externalPrivateAddresses",
"count": "[add(variables('VIPs_Number'),2)]",
@@ -787,8 +921,7 @@
"deployNsg": {
"value": "[parameters('deployNewNSG')]"
},
- "NewNsgName":
- {
+ "NewNsgName": {
"value": "[parameters('NewNsgName')]"
},
"tagsByResource": {
@@ -821,8 +954,7 @@
"deployNsg": {
"value": "[parameters('deployNewNSG')]"
},
- "NewNsgName":
- {
+ "NewNsgName": {
"value": "[parameters('NewNsgName')]"
},
"tagsByResource": {
@@ -1187,7 +1319,9 @@
},
{
"condition": "[and(equals(parameters('managedSystemAssigned'), 'yes'), not(parameters('deployNewNSG')))]",
- "dependsOn": ["[resourceId('Microsoft.Compute/virtualMachines/', concat(parameters('vmName'), '1'))]"],
+ "dependsOn": [
+ "[resourceId('Microsoft.Compute/virtualMachines/', concat(parameters('vmName'), '1'))]"
+ ],
"name": "[concat('ExistingNsgRoleAssignment', copyIndex())]",
"copy": {
"name": "ExistingNsgRoleAssignmentCopy",
@@ -1316,4 +1450,4 @@
"value": "[reference(variables('gwPublicIPIds')[1]).dnsSettings.fqdn]"
}
}
-}
+}
\ No newline at end of file
diff --git a/azure/templates/marketplace-management/createUiDefinition.json b/azure/templates/marketplace-management/createUiDefinition.json
index f37324f0..83dcc85d 100644
--- a/azure/templates/marketplace-management/createUiDefinition.json
+++ b/azure/templates/marketplace-management/createUiDefinition.json
@@ -68,14 +68,6 @@
"toolTip": "The version of Check Point CloudGuard.",
"constraints": {
"allowedValues": [
- {
- "label": "R80.40",
- "value": "R80.40"
- },
- {
- "label": "R81",
- "value": "R81"
- },
{
"label": "R81.10",
"value": "R81.10"
@@ -107,122 +99,6 @@
]
}
},
- {
- "name": "R8040vmSizeUiBYOL",
- "type": "Microsoft.Compute.SizeSelector",
- "visible": "[and(equals(steps('chkp').cloudGuardVersion, 'R80.40'), contains(steps('chkp').R80Offer, 'Bring Your Own License'))]",
- "label": "Virtual machine size",
- "toolTip": "The VM size of the Management",
- "recommendedSizes": [
- "Standard_D3_v2",
- "Standard_DS3_v2"
- ],
- "constraints": {
- "excludedSizes": [
- "Standard_A1_v2",
- "Standard_D1_v2",
- "Standard_DS1_v2",
- "Standard_F1",
- "Standard_F1s",
- "Standard_G1",
- "Standard_GS1"
- ]
- },
- "osPlatform": "Linux",
- "imageReference": {
- "publisher": "checkpoint",
- "offer": "check-point-cg-r8040",
- "sku": "mgmt-byol"
- },
- "count": 1
- },
- {
- "name": "R8040vmSizeUiMGMT25",
- "type": "Microsoft.Compute.SizeSelector",
- "visible": "[and(equals(steps('chkp').cloudGuardVersion, 'R80.40'), contains(steps('chkp').R80Offer, '(MGMT25)'))]",
- "label": "Virtual machine size",
- "toolTip": "The VM size of the Management",
- "recommendedSizes": [
- "Standard_D3_v2",
- "Standard_DS3_v2"
- ],
- "constraints": {
- "excludedSizes": [
- "Standard_A1_v2",
- "Standard_D1_v2",
- "Standard_DS1_v2",
- "Standard_F1",
- "Standard_F1s",
- "Standard_G1",
- "Standard_GS1"
- ]
- },
- "osPlatform": "Linux",
- "imageReference": {
- "publisher": "checkpoint",
- "offer": "check-point-cg-r8040",
- "sku": "mgmt-25"
- },
- "count": 1
- },
- {
- "name": "R81vmSizeUiBYOL",
- "type": "Microsoft.Compute.SizeSelector",
- "visible": "[and(equals(steps('chkp').cloudGuardVersion, 'R81'), contains(steps('chkp').R80Offer, 'Bring Your Own License'))]",
- "label": "Virtual machine size",
- "toolTip": "The VM size of the Management",
- "recommendedSizes": [
- "Standard_D3_v2",
- "Standard_DS3_v2"
- ],
- "constraints": {
- "excludedSizes": [
- "Standard_A1_v2",
- "Standard_D1_v2",
- "Standard_DS1_v2",
- "Standard_F1",
- "Standard_F1s",
- "Standard_G1",
- "Standard_GS1"
- ]
- },
- "osPlatform": "Linux",
- "imageReference": {
- "publisher": "checkpoint",
- "offer": "check-point-cg-r81",
- "sku": "mgmt-byol"
- },
- "count": 1
- },
- {
- "name": "R81vmSizeUiMGMT25",
- "type": "Microsoft.Compute.SizeSelector",
- "visible": "[and(equals(steps('chkp').cloudGuardVersion, 'R81'), contains(steps('chkp').R80Offer, '(MGMT25)'))]",
- "label": "Virtual machine size",
- "toolTip": "The VM size of the Management",
- "recommendedSizes": [
- "Standard_D3_v2",
- "Standard_DS3_v2"
- ],
- "constraints": {
- "excludedSizes": [
- "Standard_A1_v2",
- "Standard_D1_v2",
- "Standard_DS1_v2",
- "Standard_F1",
- "Standard_F1s",
- "Standard_G1",
- "Standard_GS1"
- ]
- },
- "osPlatform": "Linux",
- "imageReference": {
- "publisher": "checkpoint",
- "offer": "check-point-cg-r81",
- "sku": "mgmt-25"
- },
- "count": 1
- },
{
"name": "R8110vmSizeUiBYOL",
"type": "Microsoft.Compute.SizeSelector",
@@ -349,7 +225,7 @@
}
},
{
- "visible": "[bool(basics('auth').sshPublicKey)]",
+ "visible": "[bool(basics('auth').sshPublicKey)]",
"name": "EnableSerialConsolePassword",
"type": "Microsoft.Common.OptionsGroup",
"label": "Enable Serial console password",
@@ -389,14 +265,14 @@
{
"name": "MaintenanceModeInfoBox",
"type": "Microsoft.Common.InfoBox",
- "visible": "[and(bool(basics('auth').password), not(contains('R80.40 R81 R81.10', steps('chkp').cloudGuardVersion)))]",
+ "visible": "[and(bool(basics('auth').password), not(contains('R81.10', steps('chkp').cloudGuardVersion)))]",
"options": {
"icon": "Info",
"text": "Check Point recommends setting a maintenance-mode password for recovery purposes."
}
},
{
- "visible": "[not(contains('R80.40 R81 R81.10', steps('chkp').cloudGuardVersion))]",
+ "visible": "[not(contains('R81.10', steps('chkp').cloudGuardVersion))]",
"name": "EnableMaintenanceMode",
"type": "Microsoft.Common.OptionsGroup",
"label": "Enable Maintenance Mode",
@@ -416,7 +292,7 @@
}
},
{
- "visible": "[and(not(contains('R80.40 R81 R81.10', steps('chkp').cloudGuardVersion)), steps('chkp').EnableMaintenanceMode)]",
+ "visible": "[and(not(contains('R81.10', steps('chkp').cloudGuardVersion)), steps('chkp').EnableMaintenanceMode)]",
"name": "MaintenanceModePassword",
"type": "Microsoft.Common.PasswordBox",
"defaultValue": "",
@@ -512,7 +388,7 @@
"type": "Microsoft.Common.OptionsGroup",
"label": "VM disk type",
"toolTip": "Type of CloudGuard disk.",
- "visible": "[not(contains('R80.40 R81 R81.10' , steps('chkp').cloudGuardVersion))]",
+ "visible": "[not(contains('R81.10' , steps('chkp').cloudGuardVersion))]",
"defaultValue": "Premium",
"constraints": {
"allowedValues": [
@@ -532,7 +408,7 @@
"type": "Microsoft.Common.OptionsGroup",
"label": "VM disk type",
"toolTip": "Type of CloudGuard disk.",
- "visible": "[contains('R80.40 R81 R81.10' , steps('chkp').cloudGuardVersion)]",
+ "visible": "[contains('R81.10' , steps('chkp').cloudGuardVersion)]",
"defaultValue": "Standard",
"constraints": {
"allowedValues": [
@@ -569,7 +445,7 @@
}
]
},
- "visible": "[not(or(equals(steps('chkp').cloudGuardVersion, 'R81'), equals(steps('chkp').cloudGuardVersion, 'R80.40'))))]"
+ "visible": true
},
{
"visible": "[equals(steps('chkp').installationType, 'management')]",
@@ -797,7 +673,7 @@
"authenticationType": "[basics('auth').authenticationType]",
"sshPublicKey": "[basics('auth').sshPublicKey]",
"vmName": "[basics('gatewayNameUi')]",
- "vmSize": "[coalesce(steps('chkp').R8040vmSizeUiBYOL, steps('chkp').R8040vmSizeUiMGMT25, steps('chkp').R81vmSizeUiBYOL, steps('chkp').R81vmSizeUiMGMT25, steps('chkp').R8110vmSizeUiBYOL, steps('chkp').R8110vmSizeUiMGMT25, steps('chkp').R8120vmSizeUiBYOL, steps('chkp').R8120vmSizeUiMGMT25)]",
+ "vmSize": "[coalesce(steps('chkp').R8110vmSizeUiBYOL, steps('chkp').R8110vmSizeUiMGMT25, steps('chkp').R8120vmSizeUiBYOL, steps('chkp').R8120vmSizeUiMGMT25)]",
"virtualNetworkName": "[steps('network').virtualNetwork.name]",
"virtualNetworkAddressPrefix": "[steps('network').virtualNetwork.addressPrefix]",
"Subnet1Name": "[steps('network').virtualNetwork.subnets.subnet1.name]",
@@ -810,7 +686,7 @@
"bootstrapScript": "[steps('chkp').bootstrapScript]",
"allowDownloadFromUploadToCheckPoint": "[coalesce(steps('chkp').allowUploadDownload, 'true')]",
"additionalDiskSizeGB": "[int(steps('chkp').additionalDiskSizeGB)]",
- "diskType": "[if(contains('R80.40 R81 R81.10' , steps('chkp').cloudGuardVersion) , steps('chkp').VMDiskTypeOldVersions , steps('chkp').VMDiskType)]",
+ "diskType": "[if(contains('R81.10' , steps('chkp').cloudGuardVersion) , steps('chkp').VMDiskTypeOldVersions , steps('chkp').VMDiskType)]",
"sourceImageVhdUri": "[coalesce(steps('chkp').sourceImageVhdUri, 'noCustomUri')]",
"enableApi": "[steps('chkp').enableApi]",
"adminShell": "[steps('chkp').adminShell]",
diff --git a/azure/templates/marketplace-management/mainTemplate.json b/azure/templates/marketplace-management/mainTemplate.json
index eca6b692..409cb73f 100644
--- a/azure/templates/marketplace-management/mainTemplate.json
+++ b/azure/templates/marketplace-management/mainTemplate.json
@@ -12,10 +12,6 @@
"cloudGuardVersion": {
"type": "string",
"allowedValues": [
- "R80.40 - Bring Your Own License",
- "R80.40 - Pay As You Go (MGMT25)",
- "R81 - Bring Your Own License",
- "R81 - Pay As You Go (MGMT25)",
"R81.10 - Bring Your Own License",
"R81.10 - Pay As You Go (MGMT25)",
"R81.20 - Bring Your Own License",
@@ -261,26 +257,21 @@
"metadata": {
"description": "Add Storage Account IP rules that allow access to the Serial Console only for IPs based on their geographic location, based on https://learn.microsoft.com/en-us/troubleshoot/azure/virtual-machines/serial-console-linux#use-serial-console-with-custom-boot-diagnostics-storage-account-firewall-enabled"
},
- "defaultValue" : false
+ "defaultValue": false
},
- "storageAccountAdditionalIps":{
+ "storageAccountAdditionalIps": {
"type": "array",
"metadata": {
"description": "IPs/CIDRs that are allowed access to the Storage Account"
},
- "defaultValue" : []
+ "defaultValue": []
}
-
},
"variables": {
"templateName": "management",
- "templateVersion": "20230910",
+ "templateVersion": "20240716",
"location": "[parameters('location')]",
"offers": {
- "R80.40 - Bring Your Own License": "BYOL",
- "R80.40 - Pay As You Go (MGMT25)": "MGMT25",
- "R81 - Bring Your Own License": "BYOL",
- "R81 - Pay As You Go (MGMT25)": "MGMT25",
"R81.10 - Bring Your Own License": "BYOL",
"R81.10 - Pay As You Go (MGMT25)": "MGMT25",
"R81.20 - Bring Your Own License": "BYOL",
@@ -288,10 +279,6 @@
},
"offer": "[variables('offers')[parameters('cloudGuardVersion')]]",
"osVersions": {
- "R80.40 - Bring Your Own License": "R8040",
- "R80.40 - Pay As You Go (MGMT25)": "R8040",
- "R81 - Bring Your Own License": "R81",
- "R81 - Pay As You Go (MGMT25)": "R81",
"R81.10 - Bring Your Own License": "R8110",
"R81.10 - Pay As You Go (MGMT25)": "R8110",
"R81.20 - Bring Your Own License": "R8120",
@@ -299,52 +286,203 @@
},
"osVersion": "[variables('osVersions')[parameters('cloudGuardVersion')]]",
"SerialConsoleGeographies": {
- "eastasia" : ["20.205.69.28", "20.195.85.180"],
- "southeastasia" : ["20.205.69.28", "20.195.85.180"],
- "australiacentral" : ["20.53.53.224", "20.70.222.112"],
- "australiacentral2" : ["20.53.53.224", "20.70.222.112"],
- "australiaeast" : ["20.53.53.224", "20.70.222.112"],
- "australiasoutheast" : ["20.53.53.224", "20.70.222.112"],
- "brazilsouth" : ["91.234.136.63", "20.206.0.194"],
- "brazilsoutheast" : ["91.234.136.63", "20.206.0.194"],
- "canadacentral" : ["52.228.86.177", "52.242.40.90"],
- "canadaeast" : ["52.228.86.177", "52.242.40.90"],
- "northeurope" : ["52.146.139.220", "20.105.209.72"],
- "westeurope" : ["52.146.139.220", "20.105.209.72"],
- "francecentral" : ["20.111.0.244", "52.136.191.10"],
- "francesouth" : ["20.111.0.244", "52.136.191.10"],
- "germanynorth" : ["51.116.75.88", "20.52.95.48"],
- "germanywestcentral" : ["51.116.75.88", "20.52.95.48"],
- "centralindia" : ["20.192.168.150", "20.192.153.104"],
- "southindia" : ["20.192.168.150", "20.192.153.104"],
- "westindia" : ["20.192.168.150", "20.192.153.104"],
- "japaneast" : ["20.43.70.205", "20.189.228.222"],
- "japanwest" : ["20.43.70.205", "20.189.228.222"],
- "koreacentral" : ["20.200.196.96", "52.147.119.29"],
- "koreasouth" : ["20.200.196.96", "52.147.119.29"],
- "norwaywest" : ["20.100.1.184", "51.13.138.76"],
- "norwayeast" : ["20.100.1.184", "51.13.138.76"],
- "switzerlandnorth" : ["20.208.4.98", "51.107.251.190"],
- "switzerlandwest" : ["20.208.4.98", "51.107.251.190"],
- "uaecentral" : ["20.45.95.66", "20.38.141.5"],
- "uaenorth" : ["20.45.95.66", "20.38.141.5"],
- "uksouth" : ["20.90.132.144", "20.58.68.62"],
- "ukwest" : ["20.90.132.144", "20.58.68.62"],
- "swedencentral" : ["51.12.72.223", "51.12.22.174"],
- "swedensouth" : ["51.12.72.223", "51.12.22.174"],
- "centralus" : ["20.98.146.84", "20.98.194.64", "20.69.5.162", "20.83.222.102"],
- "eastus2" : ["20.98.146.84", "20.98.194.64", "20.69.5.162", "20.83.222.102"],
- "eastus" : ["20.98.146.84", "20.98.194.64", "20.69.5.162", "20.83.222.102"],
- "northcentralus" : ["20.98.146.84", "20.98.194.64", "20.69.5.162", "20.83.222.102"],
- "southcentralus" : ["20.98.146.84", "20.98.194.64", "20.69.5.162", "20.83.222.102"],
- "westus2" : ["20.98.146.84", "20.98.194.64", "20.69.5.162", "20.83.222.102"],
- "westus3" : ["20.98.146.84", "20.98.194.64", "20.69.5.162", "20.83.222.102"],
- "westcentralus" : ["20.98.146.84", "20.98.194.64", "20.69.5.162", "20.83.222.102"],
- "westus" : ["20.98.146.84", "20.98.194.64", "20.69.5.162", "20.83.222.102"],
- "eastus2euap" : ["20.45.242.18", "20.51.21.252"],
- "centraluseuap" : ["20.45.242.18", "20.51.21.252"]},
+ "eastasia": [
+ "20.205.69.28",
+ "20.195.85.180"
+ ],
+ "southeastasia": [
+ "20.205.69.28",
+ "20.195.85.180"
+ ],
+ "australiacentral": [
+ "20.53.53.224",
+ "20.70.222.112"
+ ],
+ "australiacentral2": [
+ "20.53.53.224",
+ "20.70.222.112"
+ ],
+ "australiaeast": [
+ "20.53.53.224",
+ "20.70.222.112"
+ ],
+ "australiasoutheast": [
+ "20.53.53.224",
+ "20.70.222.112"
+ ],
+ "brazilsouth": [
+ "91.234.136.63",
+ "20.206.0.194"
+ ],
+ "brazilsoutheast": [
+ "91.234.136.63",
+ "20.206.0.194"
+ ],
+ "canadacentral": [
+ "52.228.86.177",
+ "52.242.40.90"
+ ],
+ "canadaeast": [
+ "52.228.86.177",
+ "52.242.40.90"
+ ],
+ "northeurope": [
+ "52.146.139.220",
+ "20.105.209.72"
+ ],
+ "westeurope": [
+ "52.146.139.220",
+ "20.105.209.72"
+ ],
+ "francecentral": [
+ "20.111.0.244",
+ "52.136.191.10"
+ ],
+ "francesouth": [
+ "20.111.0.244",
+ "52.136.191.10"
+ ],
+ "germanynorth": [
+ "51.116.75.88",
+ "20.52.95.48"
+ ],
+ "germanywestcentral": [
+ "51.116.75.88",
+ "20.52.95.48"
+ ],
+ "centralindia": [
+ "20.192.168.150",
+ "20.192.153.104"
+ ],
+ "southindia": [
+ "20.192.168.150",
+ "20.192.153.104"
+ ],
+ "westindia": [
+ "20.192.168.150",
+ "20.192.153.104"
+ ],
+ "japaneast": [
+ "20.43.70.205",
+ "20.189.228.222"
+ ],
+ "japanwest": [
+ "20.43.70.205",
+ "20.189.228.222"
+ ],
+ "koreacentral": [
+ "20.200.196.96",
+ "52.147.119.29"
+ ],
+ "koreasouth": [
+ "20.200.196.96",
+ "52.147.119.29"
+ ],
+ "norwaywest": [
+ "20.100.1.184",
+ "51.13.138.76"
+ ],
+ "norwayeast": [
+ "20.100.1.184",
+ "51.13.138.76"
+ ],
+ "switzerlandnorth": [
+ "20.208.4.98",
+ "51.107.251.190"
+ ],
+ "switzerlandwest": [
+ "20.208.4.98",
+ "51.107.251.190"
+ ],
+ "uaecentral": [
+ "20.45.95.66",
+ "20.38.141.5"
+ ],
+ "uaenorth": [
+ "20.45.95.66",
+ "20.38.141.5"
+ ],
+ "uksouth": [
+ "20.90.132.144",
+ "20.58.68.62"
+ ],
+ "ukwest": [
+ "20.90.132.144",
+ "20.58.68.62"
+ ],
+ "swedencentral": [
+ "51.12.72.223",
+ "51.12.22.174"
+ ],
+ "swedensouth": [
+ "51.12.72.223",
+ "51.12.22.174"
+ ],
+ "centralus": [
+ "20.98.146.84",
+ "20.98.194.64",
+ "20.69.5.162",
+ "20.83.222.102"
+ ],
+ "eastus2": [
+ "20.98.146.84",
+ "20.98.194.64",
+ "20.69.5.162",
+ "20.83.222.102"
+ ],
+ "eastus": [
+ "20.98.146.84",
+ "20.98.194.64",
+ "20.69.5.162",
+ "20.83.222.102"
+ ],
+ "northcentralus": [
+ "20.98.146.84",
+ "20.98.194.64",
+ "20.69.5.162",
+ "20.83.222.102"
+ ],
+ "southcentralus": [
+ "20.98.146.84",
+ "20.98.194.64",
+ "20.69.5.162",
+ "20.83.222.102"
+ ],
+ "westus2": [
+ "20.98.146.84",
+ "20.98.194.64",
+ "20.69.5.162",
+ "20.83.222.102"
+ ],
+ "westus3": [
+ "20.98.146.84",
+ "20.98.194.64",
+ "20.69.5.162",
+ "20.83.222.102"
+ ],
+ "westcentralus": [
+ "20.98.146.84",
+ "20.98.194.64",
+ "20.69.5.162",
+ "20.83.222.102"
+ ],
+ "westus": [
+ "20.98.146.84",
+ "20.98.194.64",
+ "20.69.5.162",
+ "20.83.222.102"
+ ],
+ "eastus2euap": [
+ "20.45.242.18",
+ "20.51.21.252"
+ ],
+ "centraluseuap": [
+ "20.45.242.18",
+ "20.51.21.252"
+ ]
+ },
"serialConsoleIps": "[if(contains(variables('serialConsoleGeographies'),variables('location')),variables('serialConsoleGeographies')[variables('location')],createArray())]",
- "storageAccountIps" : "[concat(variables('SerialConsoleIps'),parameters('storageAccountAdditionalIps'))]",
+ "storageAccountIps": "[concat(variables('SerialConsoleIps'),parameters('storageAccountAdditionalIps'))]",
"isBlink": "[bool('false')]",
"storageAccountName": "[concat('bootdiag', uniqueString(resourceGroup().id, deployment().name))]",
"storageAccountType": "Standard_LRS",
@@ -409,7 +547,9 @@
"managementGUIClientNetwork": "[parameters('managementGUIClientNetwork')]",
"deployNewVnet": "[equals(parameters('vnetNewOrExisting'), 'new')]",
"vnetRGName": "[if(variables('deployNewVnet'), resourceGroup().name, parameters('virtualNetworkExistingRGName'))]",
- "NewNsgReference": {"id": "[resourceId('Microsoft.Network/networkSecurityGroups', parameters('NewNsgName'))]"}
+ "NewNsgReference": {
+ "id": "[resourceId('Microsoft.Network/networkSecurityGroups', parameters('NewNsgName'))]"
+ }
},
"resources": [
{
@@ -476,8 +616,7 @@
"deployNsg": {
"value": false
},
- "NewNsgName":
- {
+ "NewNsgName": {
"value": "[parameters('NewNsgName')]"
},
"tagsByResource": {
@@ -513,8 +652,7 @@
"deployNsg": {
"value": false
},
- "NewNsgName":
- {
+ "NewNsgName": {
"value": "[parameters('NewNsgName')]"
},
"tagsByResource": {
diff --git a/azure/templates/marketplace-mds/createUiDefinition.json b/azure/templates/marketplace-mds/createUiDefinition.json
index 4e99694b..52056087 100644
--- a/azure/templates/marketplace-mds/createUiDefinition.json
+++ b/azure/templates/marketplace-mds/createUiDefinition.json
@@ -68,14 +68,6 @@
"toolTip": "The version of Check Point CloudGuard.",
"constraints": {
"allowedValues": [
- {
- "label": "R80.40",
- "value": "R80.40"
- },
- {
- "label": "R81",
- "value": "R81"
- },
{
"label": "R81.10",
"value": "R81.10"
@@ -103,64 +95,6 @@
]
}
},
- {
- "name": "R8040vmSizeUiBYOL",
- "type": "Microsoft.Compute.SizeSelector",
- "visible": "[and(equals(steps('chkp').cloudGuardVersion, 'R80.40'), contains(steps('chkp').R80Offer, 'Bring Your Own License'))]",
- "label": "Virtual machine size",
- "toolTip": "The VM size. Minimum of 16 cores and 64 GB RAM is required.",
- "recommendedSizes": [
- "Standard_DS5_v2",
- "Standard_DS15_v2"
- ],
- "constraints": {
- "excludedSizes": [
- "Standard_A1_v2",
- "Standard_D1_v2",
- "Standard_DS1_v2",
- "Standard_F1",
- "Standard_F1s",
- "Standard_G1",
- "Standard_GS1"
- ]
- },
- "osPlatform": "Linux",
- "imageReference": {
- "publisher": "checkpoint",
- "offer": "check-point-cg-r8040",
- "sku": "mgmt-byol"
- },
- "count": 1
- },
- {
- "name": "R81vmSizeUiBYOL",
- "type": "Microsoft.Compute.SizeSelector",
- "visible": "[and(equals(steps('chkp').cloudGuardVersion, 'R81'), contains(steps('chkp').R80Offer, 'Bring Your Own License'))]",
- "label": "Virtual machine size",
- "toolTip": "The VM size. Minimum of 16 cores and 64 GB RAM is required.",
- "recommendedSizes": [
- "Standard_DS5_v2",
- "Standard_DS15_v2"
- ],
- "constraints": {
- "excludedSizes": [
- "Standard_A1_v2",
- "Standard_D1_v2",
- "Standard_DS1_v2",
- "Standard_F1",
- "Standard_F1s",
- "Standard_G1",
- "Standard_GS1"
- ]
- },
- "osPlatform": "Linux",
- "imageReference": {
- "publisher": "checkpoint",
- "offer": "check-point-cg-r81",
- "sku": "mgmt-byol"
- },
- "count": 1
- },
{
"name": "R8110vmSizeUiBYOL",
"type": "Microsoft.Compute.SizeSelector",
@@ -252,7 +186,7 @@
}
},
{
- "visible": "[bool(basics('auth').sshPublicKey)]",
+ "visible": "[bool(basics('auth').sshPublicKey)]",
"name": "EnableSerialConsolePassword",
"type": "Microsoft.Common.OptionsGroup",
"label": "Enable Serial console password",
@@ -292,14 +226,14 @@
{
"name": "MaintenanceModeInfoBox",
"type": "Microsoft.Common.InfoBox",
- "visible": "[and(bool(basics('auth').password), not(contains('R80.40 R81 R81.10', steps('chkp').cloudGuardVersion)))]",
+ "visible": "[and(bool(basics('auth').password), not(contains('R81.10', steps('chkp').cloudGuardVersion)))]",
"options": {
"icon": "Info",
"text": "Check Point recommends setting a maintenance-mode password for recovery purposes."
}
},
{
- "visible": "[not(contains('R80.40 R81 R81.10', steps('chkp').cloudGuardVersion))]",
+ "visible": "[not(contains('R81.10', steps('chkp').cloudGuardVersion))]",
"name": "EnableMaintenanceMode",
"type": "Microsoft.Common.OptionsGroup",
"label": "Enable Maintenance Mode",
@@ -319,7 +253,7 @@
}
},
{
- "visible": "[and(not(contains('R80.40 R81 R81.10', steps('chkp').cloudGuardVersion)), steps('chkp').EnableMaintenanceMode)]",
+ "visible": "[and(not(contains('R81.10', steps('chkp').cloudGuardVersion)), steps('chkp').EnableMaintenanceMode)]",
"name": "MaintenanceModePassword",
"type": "Microsoft.Common.PasswordBox",
"defaultValue": "",
@@ -456,7 +390,7 @@
"type": "Microsoft.Common.OptionsGroup",
"label": "VM disk type",
"toolTip": "Type of CloudGuard disk.",
- "visible": "[not(contains('R80.40 R81 R81.10' , steps('chkp').cloudGuardVersion))]",
+ "visible": "[not(contains('R81.10' , steps('chkp').cloudGuardVersion))]",
"defaultValue": "Premium",
"constraints": {
"allowedValues": [
@@ -476,7 +410,7 @@
"type": "Microsoft.Common.OptionsGroup",
"label": "VM disk type",
"toolTip": "Type of CloudGuard disk.",
- "visible": "[contains('R80.40 R81 R81.10' , steps('chkp').cloudGuardVersion)]",
+ "visible": "[contains('R81.10' , steps('chkp').cloudGuardVersion)]",
"defaultValue": "Standard",
"constraints": {
"allowedValues": [
@@ -674,7 +608,7 @@
"authenticationType": "[basics('auth').authenticationType]",
"sshPublicKey": "[basics('auth').sshPublicKey]",
"vmName": "[basics('gatewayNameUi')]",
- "vmSize": "[coalesce(steps('chkp').R8040vmSizeUiBYOL, steps('chkp').R81vmSizeUiBYOL, steps('chkp').R8110vmSizeUiBYOL, steps('chkp').R8120vmSizeUiBYOL)]",
+ "vmSize": "[coalesce(steps('chkp').R8110vmSizeUiBYOL, steps('chkp').R8120vmSizeUiBYOL)]",
"virtualNetworkName": "[steps('network').virtualNetwork.name]",
"virtualNetworkAddressPrefix": "[steps('network').virtualNetwork.addressPrefix]",
"Subnet1Name": "[steps('network').virtualNetwork.subnets.subnet1.name]",
@@ -688,7 +622,7 @@
"bootstrapScript": "[steps('chkp').bootstrapScript]",
"allowDownloadFromUploadToCheckPoint": "[coalesce(steps('chkp').allowUploadDownload, 'true')]",
"additionalDiskSizeGB": "[int(steps('chkp').additionalDiskSizeGB)]",
- "diskType": "[if(contains('R80.40 R81 R81.10' , steps('chkp').cloudGuardVersion) , steps('chkp').VMDiskTypeOldVersions , steps('chkp').VMDiskType)]",
+ "diskType": "[if(contains('R81.10' , steps('chkp').cloudGuardVersion) , steps('chkp').VMDiskTypeOldVersions , steps('chkp').VMDiskType)]",
"sourceImageVhdUri": "[coalesce(steps('chkp').sourceImageVhdUri, 'noCustomUri')]",
"adminShell": "[steps('chkp').adminShell]",
"tagsByResource": "[steps('tags').tagsByResource]",
diff --git a/azure/templates/marketplace-mds/mainTemplate.json b/azure/templates/marketplace-mds/mainTemplate.json
index 6aa02a7b..91f313fc 100644
--- a/azure/templates/marketplace-mds/mainTemplate.json
+++ b/azure/templates/marketplace-mds/mainTemplate.json
@@ -12,8 +12,6 @@
"cloudGuardVersion": {
"type": "string",
"allowedValues": [
- "R80.40 - Bring Your Own License",
- "R81 - Bring Your Own License",
"R81.10 - Bring Your Own License",
"R81.20 - Bring Your Own License"
],
@@ -252,84 +250,230 @@
"metadata": {
"description": "Add Storage Account IP rules that allow access to the Serial Console only for IPs based on their geographic location, based on https://learn.microsoft.com/en-us/troubleshoot/azure/virtual-machines/serial-console-linux#use-serial-console-with-custom-boot-diagnostics-storage-account-firewall-enabled"
},
- "defaultValue" : false
+ "defaultValue": false
},
- "storageAccountAdditionalIps":{
+ "storageAccountAdditionalIps": {
"type": "array",
"metadata": {
"description": "IPs/CIDRs that are allowed access to the Storage Account"
},
- "defaultValue" : []
+ "defaultValue": []
}
-
},
"variables": {
"templateName": "mds",
- "templateVersion": "20230910",
+ "templateVersion": "20240716",
"location": "[parameters('location')]",
"offers": {
- "R80.40 - Bring Your Own License": "BYOL",
- "R81 - Bring Your Own License": "BYOL",
"R81.10 - Bring Your Own License": "BYOL",
"R81.20 - Bring Your Own License": "BYOL"
},
"offer": "[variables('offers')[parameters('cloudGuardVersion')]]",
"osVersions": {
- "R80.40 - Bring Your Own License": "R8040",
- "R81 - Bring Your Own License": "R81",
"R81.10 - Bring Your Own License": "R8110",
"R81.20 - Bring Your Own License": "R8120"
},
"osVersion": "[variables('osVersions')[parameters('cloudGuardVersion')]]",
"serialConsoleGeographies": {
- "astasia" : ["20.205.69.28"],
- "southeastasia" : ["20.205.69.28", "20.195.85.180"],
- "eastasia" : ["20.195.85.180"],
- "australiacentral" : ["20.53.53.224", "20.70.222.112"],
- "australiacentral2" : ["20.53.53.224", "20.70.222.112"],
- "australiaeast" : ["20.53.53.224", "20.70.222.112"],
- "australiasoutheast" : ["20.53.53.224", "20.70.222.112"],
- "brazilsouth" : ["91.234.136.63", "20.206.0.194"],
- "brazilsoutheast" : ["91.234.136.63", "20.206.0.194"],
- "canadacentral" : ["52.228.86.177", "52.242.40.90"],
- "canadaeast" : ["52.228.86.177", "52.242.40.90"],
- "northeurope" : ["52.146.139.220", "20.105.209.72"],
- "westeurope" : ["52.146.139.220", "20.105.209.72"],
- "francecentral" : ["20.111.0.244", "52.136.191.10"],
- "francesouth" : ["20.111.0.244", "52.136.191.10"],
- "germanynorth" : ["51.116.75.88", "20.52.95.48"],
- "germanywestcentral" : ["51.116.75.88", "20.52.95.48"],
- "centralindia" : ["20.192.168.150", "20.192.153.104"],
- "southindia" : ["20.192.168.150", "20.192.153.104"],
- "westindia" : ["20.192.168.150", "20.192.153.104"],
- "japaneast" : ["20.43.70.205", "20.189.228.222"],
- "japanwest" : ["20.43.70.205", "20.189.228.222"],
- "koreacentral" : ["20.200.196.96", "52.147.119.29"],
- "koreasouth" : ["20.200.196.96", "52.147.119.29"],
- "norwaywest" : ["20.100.1.184", "51.13.138.76"],
- "norwayeast" : ["20.100.1.184", "51.13.138.76"],
- "switzerlandnorth" : ["20.208.4.98", "51.107.251.190"],
- "switzerlandwest" : ["20.208.4.98", "51.107.251.190"],
- "uaecentral" : ["20.45.95.66", "20.38.141.5"],
- "uaenorth" : ["20.45.95.66", "20.38.141.5"],
- "uksouth" : ["20.90.132.144", "20.58.68.62"],
- "ukwest" : ["20.90.132.144", "20.58.68.62"],
- "swedencentral" : ["51.12.72.223", "51.12.22.174"],
- "swedensouth" : ["51.12.72.223", "51.12.22.174"],
- "centralus" : ["20.98.146.84", "20.98.194.64", "20.69.5.162", "20.83.222.102"],
- "eastus2" : ["20.98.146.84", "20.98.194.64", "20.69.5.162", "20.83.222.102"],
- "eastus" : ["20.98.146.84", "20.98.194.64", "20.69.5.162", "20.83.222.102"],
- "northcentralus" : ["20.98.146.84", "20.98.194.64", "20.69.5.162", "20.83.222.102"],
- "southcentralus" : ["20.98.146.84", "20.98.194.64", "20.69.5.162", "20.83.222.102"],
- "westus2" : ["20.98.146.84", "20.98.194.64", "20.69.5.162", "20.83.222.102"],
- "westus3" : ["20.98.146.84", "20.98.194.64", "20.69.5.162", "20.83.222.102"],
- "westcentralus" : ["20.98.146.84", "20.98.194.64", "20.69.5.162", "20.83.222.102"],
- "westus" : ["20.98.146.84", "20.98.194.64", "20.69.5.162", "20.83.222.102"],
- "eastus2euap" : ["20.45.242.18", "20.51.21.252"],
- "centraluseuap" : ["20.45.242.18", "20.51.21.252"]
+ "astasia": [
+ "20.205.69.28"
+ ],
+ "southeastasia": [
+ "20.205.69.28",
+ "20.195.85.180"
+ ],
+ "eastasia": [
+ "20.195.85.180"
+ ],
+ "australiacentral": [
+ "20.53.53.224",
+ "20.70.222.112"
+ ],
+ "australiacentral2": [
+ "20.53.53.224",
+ "20.70.222.112"
+ ],
+ "australiaeast": [
+ "20.53.53.224",
+ "20.70.222.112"
+ ],
+ "australiasoutheast": [
+ "20.53.53.224",
+ "20.70.222.112"
+ ],
+ "brazilsouth": [
+ "91.234.136.63",
+ "20.206.0.194"
+ ],
+ "brazilsoutheast": [
+ "91.234.136.63",
+ "20.206.0.194"
+ ],
+ "canadacentral": [
+ "52.228.86.177",
+ "52.242.40.90"
+ ],
+ "canadaeast": [
+ "52.228.86.177",
+ "52.242.40.90"
+ ],
+ "northeurope": [
+ "52.146.139.220",
+ "20.105.209.72"
+ ],
+ "westeurope": [
+ "52.146.139.220",
+ "20.105.209.72"
+ ],
+ "francecentral": [
+ "20.111.0.244",
+ "52.136.191.10"
+ ],
+ "francesouth": [
+ "20.111.0.244",
+ "52.136.191.10"
+ ],
+ "germanynorth": [
+ "51.116.75.88",
+ "20.52.95.48"
+ ],
+ "germanywestcentral": [
+ "51.116.75.88",
+ "20.52.95.48"
+ ],
+ "centralindia": [
+ "20.192.168.150",
+ "20.192.153.104"
+ ],
+ "southindia": [
+ "20.192.168.150",
+ "20.192.153.104"
+ ],
+ "westindia": [
+ "20.192.168.150",
+ "20.192.153.104"
+ ],
+ "japaneast": [
+ "20.43.70.205",
+ "20.189.228.222"
+ ],
+ "japanwest": [
+ "20.43.70.205",
+ "20.189.228.222"
+ ],
+ "koreacentral": [
+ "20.200.196.96",
+ "52.147.119.29"
+ ],
+ "koreasouth": [
+ "20.200.196.96",
+ "52.147.119.29"
+ ],
+ "norwaywest": [
+ "20.100.1.184",
+ "51.13.138.76"
+ ],
+ "norwayeast": [
+ "20.100.1.184",
+ "51.13.138.76"
+ ],
+ "switzerlandnorth": [
+ "20.208.4.98",
+ "51.107.251.190"
+ ],
+ "switzerlandwest": [
+ "20.208.4.98",
+ "51.107.251.190"
+ ],
+ "uaecentral": [
+ "20.45.95.66",
+ "20.38.141.5"
+ ],
+ "uaenorth": [
+ "20.45.95.66",
+ "20.38.141.5"
+ ],
+ "uksouth": [
+ "20.90.132.144",
+ "20.58.68.62"
+ ],
+ "ukwest": [
+ "20.90.132.144",
+ "20.58.68.62"
+ ],
+ "swedencentral": [
+ "51.12.72.223",
+ "51.12.22.174"
+ ],
+ "swedensouth": [
+ "51.12.72.223",
+ "51.12.22.174"
+ ],
+ "centralus": [
+ "20.98.146.84",
+ "20.98.194.64",
+ "20.69.5.162",
+ "20.83.222.102"
+ ],
+ "eastus2": [
+ "20.98.146.84",
+ "20.98.194.64",
+ "20.69.5.162",
+ "20.83.222.102"
+ ],
+ "eastus": [
+ "20.98.146.84",
+ "20.98.194.64",
+ "20.69.5.162",
+ "20.83.222.102"
+ ],
+ "northcentralus": [
+ "20.98.146.84",
+ "20.98.194.64",
+ "20.69.5.162",
+ "20.83.222.102"
+ ],
+ "southcentralus": [
+ "20.98.146.84",
+ "20.98.194.64",
+ "20.69.5.162",
+ "20.83.222.102"
+ ],
+ "westus2": [
+ "20.98.146.84",
+ "20.98.194.64",
+ "20.69.5.162",
+ "20.83.222.102"
+ ],
+ "westus3": [
+ "20.98.146.84",
+ "20.98.194.64",
+ "20.69.5.162",
+ "20.83.222.102"
+ ],
+ "westcentralus": [
+ "20.98.146.84",
+ "20.98.194.64",
+ "20.69.5.162",
+ "20.83.222.102"
+ ],
+ "westus": [
+ "20.98.146.84",
+ "20.98.194.64",
+ "20.69.5.162",
+ "20.83.222.102"
+ ],
+ "eastus2euap": [
+ "20.45.242.18",
+ "20.51.21.252"
+ ],
+ "centraluseuap": [
+ "20.45.242.18",
+ "20.51.21.252"
+ ]
},
"serialConsoleIps": "[if(contains(variables('serialConsoleGeographies'),variables('location')),variables('serialConsoleGeographies')[variables('location')],createArray())]",
- "storageAccountIps" : "[concat(variables('SerialConsoleIps'),parameters('storageAccountAdditionalIps'))]",
+ "storageAccountIps": "[concat(variables('SerialConsoleIps'),parameters('storageAccountAdditionalIps'))]",
"isBlink": "[bool('false')]",
"primary": "[equals(parameters('installationType'), 'mds-primary')]",
"secondary": "[equals(parameters('installationType'), 'mds-secondary')]",
@@ -386,7 +530,9 @@
"managementGUIClientNetwork": "[parameters('managementGUIClientNetwork')]",
"deployNewVnet": "[equals(parameters('vnetNewOrExisting'), 'new')]",
"vnetRGName": "[if(variables('deployNewVnet'), resourceGroup().name, parameters('virtualNetworkExistingRGName'))]",
- "NewNsgReference": {"id": "[resourceId('Microsoft.Network/networkSecurityGroups', parameters('NewNsgName'))]"}
+ "NewNsgReference": {
+ "id": "[resourceId('Microsoft.Network/networkSecurityGroups', parameters('NewNsgName'))]"
+ }
},
"resources": [
{
@@ -456,8 +602,7 @@
"deployNsg": {
"value": false
},
- "NewNsgName":
- {
+ "NewNsgName": {
"value": "[parameters('NewNsgName')]"
}
}
@@ -493,8 +638,7 @@
"deployNsg": {
"value": false
},
- "NewNsgName":
- {
+ "NewNsgName": {
"value": "[parameters('NewNsgName')]"
}
}
diff --git a/azure/templates/marketplace-single/createUiDefinition.json b/azure/templates/marketplace-single/createUiDefinition.json
index 18b5112a..b02e4ffd 100644
--- a/azure/templates/marketplace-single/createUiDefinition.json
+++ b/azure/templates/marketplace-single/createUiDefinition.json
@@ -69,725 +69,39 @@
"constraints": {
"allowedValues": [
{
- "label": "R80.40",
- "value": "R80.40"
- },
- {
- "label": "R81",
- "value": "R81"
- },
- {
- "label": "R81.10",
- "value": "R81.10"
- },
- {
- "label": "R81.20",
- "value": "R81.20"
- }
- ]
- }
- },
- {
- "name": "R80Offer",
- "type": "Microsoft.Common.DropDown",
- "label": "License type",
- "toolTip": "The type of license.",
- "defaultValue": "Bring Your Own License",
- "visible": true,
- "constraints": {
- "allowedValues": [
- {
- "label": "Bring Your Own License",
- "value": "Bring Your Own License"
- },
- {
- "label": "Pay As You Go (NGTP)",
- "value": "Pay As You Go (NGTP)"
- },
- {
- "label": "Pay As You Go (NGTX)",
- "value": "Pay As You Go (NGTX)"
- }
- ]
- }
- },
- {
- "name": "R8040vmSizeUiBYOL",
- "type": "Microsoft.Compute.SizeSelector",
- "visible": "[and(equals(steps('chkp').cloudGuardVersion, 'R80.40'), contains(steps('chkp').R80Offer, 'Bring Your Own License'))]",
- "label": "Virtual machine size",
- "toolTip": "The VM size of the Security Gateway",
- "recommendedSizes": [
- "Standard_D3_v2",
- "Standard_DS3_v2"
- ],
- "constraints": {
- "allowedSizes": [
- "Standard_D4_v4",
- "Standard_D8_v4",
- "Standard_D16_v4",
- "Standard_D32_v4",
- "Standard_D48_v4",
- "Standard_D64_v4",
- "Standard_D4s_v4",
- "Standard_D8s_v4",
- "Standard_D16s_v4",
- "Standard_D32s_v4",
- "Standard_D48s_v4",
- "Standard_D64s_v4",
- "Standard_D2_v5",
- "Standard_D4_v5",
- "Standard_D8_v5",
- "Standard_D16_v5",
- "Standard_D32_v5",
- "Standard_D2s_v5",
- "Standard_D4s_v5",
- "Standard_D8s_v5",
- "Standard_D16s_v5",
- "Standard_D2d_v5",
- "Standard_D4d_v5",
- "Standard_D8d_v5",
- "Standard_D16d_v5",
- "Standard_D32d_v5",
- "Standard_D2ds_v5",
- "Standard_D4ds_v5",
- "Standard_D8ds_v5",
- "Standard_D16ds_v5",
- "Standard_D32ds_v5",
- "Standard_DS2_v2",
- "Standard_DS3_v2",
- "Standard_DS4_v2",
- "Standard_DS5_v2",
- "Standard_F2s",
- "Standard_F4s",
- "Standard_F8s",
- "Standard_F16s",
- "Standard_D4s_v3",
- "Standard_D8s_v3",
- "Standard_D16s_v3",
- "Standard_D32s_v3",
- "Standard_D64s_v3",
- "Standard_E4s_v3",
- "Standard_E8s_v3",
- "Standard_E16s_v3",
- "Standard_E20s_v3",
- "Standard_E32s_v3",
- "Standard_E64s_v3",
- "Standard_E64is_v3",
- "Standard_F4s_v2",
- "Standard_F8s_v2",
- "Standard_F16s_v2",
- "Standard_F32s_v2",
- "Standard_F64s_v2",
- "Standard_M8ms",
- "Standard_M16ms",
- "Standard_M32ms",
- "Standard_M64ms",
- "Standard_M64s",
- "Standard_D2_v2",
- "Standard_D3_v2",
- "Standard_D4_v2",
- "Standard_D5_v2",
- "Standard_D11_v2",
- "Standard_D12_v2",
- "Standard_D13_v2",
- "Standard_D14_v2",
- "Standard_D15_v2",
- "Standard_F2",
- "Standard_F4",
- "Standard_F8",
- "Standard_F16",
- "Standard_D4_v3",
- "Standard_D8_v3",
- "Standard_D16_v3",
- "Standard_D32_v3",
- "Standard_D64_v3",
- "Standard_E4_v3",
- "Standard_E8_v3",
- "Standard_E16_v3",
- "Standard_E20_v3",
- "Standard_E32_v3",
- "Standard_E64_v3",
- "Standard_E64i_v3",
- "Standard_DS11_v2",
- "Standard_DS12_v2",
- "Standard_DS13_v2",
- "Standard_DS14_v2",
- "Standard_DS15_v2"
- ]
- },
- "osPlatform": "Linux",
- "imageReference": {
- "publisher": "checkpoint",
- "offer": "check-point-cg-r8040",
- "sku": "sg-byol"
- },
- "count": 1
- },
- {
- "name": "R8040vmSizeUiNGTP",
- "type": "Microsoft.Compute.SizeSelector",
- "visible": "[and(equals(steps('chkp').cloudGuardVersion, 'R80.40'), contains(steps('chkp').R80Offer, '(NGTP)'))]",
- "label": "Virtual machine size",
- "toolTip": "The VM size of the Security Gateway",
- "recommendedSizes": [
- "Standard_D3_v2",
- "Standard_DS3_v2"
- ],
- "constraints": {
- "allowedSizes": [
- "Standard_D4_v4",
- "Standard_D8_v4",
- "Standard_D16_v4",
- "Standard_D32_v4",
- "Standard_D48_v4",
- "Standard_D64_v4",
- "Standard_D4s_v4",
- "Standard_D8s_v4",
- "Standard_D16s_v4",
- "Standard_D32s_v4",
- "Standard_D48s_v4",
- "Standard_D64s_v4",
- "Standard_D2_v5",
- "Standard_D4_v5",
- "Standard_D8_v5",
- "Standard_D16_v5",
- "Standard_D32_v5",
- "Standard_D2s_v5",
- "Standard_D4s_v5",
- "Standard_D8s_v5",
- "Standard_D16s_v5",
- "Standard_D2d_v5",
- "Standard_D4d_v5",
- "Standard_D8d_v5",
- "Standard_D16d_v5",
- "Standard_D32d_v5",
- "Standard_D2ds_v5",
- "Standard_D4ds_v5",
- "Standard_D8ds_v5",
- "Standard_D16ds_v5",
- "Standard_D32ds_v5",
- "Standard_DS2_v2",
- "Standard_DS3_v2",
- "Standard_DS4_v2",
- "Standard_DS5_v2",
- "Standard_F2s",
- "Standard_F4s",
- "Standard_F8s",
- "Standard_F16s",
- "Standard_D4s_v3",
- "Standard_D8s_v3",
- "Standard_D16s_v3",
- "Standard_D32s_v3",
- "Standard_D64s_v3",
- "Standard_E4s_v3",
- "Standard_E8s_v3",
- "Standard_E16s_v3",
- "Standard_E20s_v3",
- "Standard_E32s_v3",
- "Standard_E64s_v3",
- "Standard_E64is_v3",
- "Standard_F4s_v2",
- "Standard_F8s_v2",
- "Standard_F16s_v2",
- "Standard_F32s_v2",
- "Standard_F64s_v2",
- "Standard_M8ms",
- "Standard_M16ms",
- "Standard_M32ms",
- "Standard_M64ms",
- "Standard_M64s",
- "Standard_D2_v2",
- "Standard_D3_v2",
- "Standard_D4_v2",
- "Standard_D5_v2",
- "Standard_D11_v2",
- "Standard_D12_v2",
- "Standard_D13_v2",
- "Standard_D14_v2",
- "Standard_D15_v2",
- "Standard_F2",
- "Standard_F4",
- "Standard_F8",
- "Standard_F16",
- "Standard_D4_v3",
- "Standard_D8_v3",
- "Standard_D16_v3",
- "Standard_D32_v3",
- "Standard_D64_v3",
- "Standard_E4_v3",
- "Standard_E8_v3",
- "Standard_E16_v3",
- "Standard_E20_v3",
- "Standard_E32_v3",
- "Standard_E64_v3",
- "Standard_E64i_v3",
- "Standard_DS11_v2",
- "Standard_DS12_v2",
- "Standard_DS13_v2",
- "Standard_DS14_v2",
- "Standard_DS15_v2"
- ]
- },
- "osPlatform": "Linux",
- "imageReference": {
- "publisher": "checkpoint",
- "offer": "check-point-cg-r8040",
- "sku": "sg-ngtp"
- },
- "count": 1
- },
- {
- "name": "R8040vmSizeUiNGTX",
- "type": "Microsoft.Compute.SizeSelector",
- "visible": "[and(equals(steps('chkp').cloudGuardVersion, 'R80.40'), contains(steps('chkp').R80Offer, '(NGTX)'))]",
- "label": "Virtual machine size",
- "toolTip": "The VM size of the Security Gateway",
- "recommendedSizes": [
- "Standard_D3_v2",
- "Standard_DS3_v2"
- ],
- "constraints": {
- "allowedSizes": [
- "Standard_D4_v4",
- "Standard_D8_v4",
- "Standard_D16_v4",
- "Standard_D32_v4",
- "Standard_D48_v4",
- "Standard_D64_v4",
- "Standard_D4s_v4",
- "Standard_D8s_v4",
- "Standard_D16s_v4",
- "Standard_D32s_v4",
- "Standard_D48s_v4",
- "Standard_D64s_v4",
- "Standard_D2_v5",
- "Standard_D4_v5",
- "Standard_D8_v5",
- "Standard_D16_v5",
- "Standard_D32_v5",
- "Standard_D2s_v5",
- "Standard_D4s_v5",
- "Standard_D8s_v5",
- "Standard_D16s_v5",
- "Standard_D2d_v5",
- "Standard_D4d_v5",
- "Standard_D8d_v5",
- "Standard_D16d_v5",
- "Standard_D32d_v5",
- "Standard_D2ds_v5",
- "Standard_D4ds_v5",
- "Standard_D8ds_v5",
- "Standard_D16ds_v5",
- "Standard_D32ds_v5",
- "Standard_DS2_v2",
- "Standard_DS3_v2",
- "Standard_DS4_v2",
- "Standard_DS5_v2",
- "Standard_F2s",
- "Standard_F4s",
- "Standard_F8s",
- "Standard_F16s",
- "Standard_D4s_v3",
- "Standard_D8s_v3",
- "Standard_D16s_v3",
- "Standard_D32s_v3",
- "Standard_D64s_v3",
- "Standard_E4s_v3",
- "Standard_E8s_v3",
- "Standard_E16s_v3",
- "Standard_E20s_v3",
- "Standard_E32s_v3",
- "Standard_E64s_v3",
- "Standard_E64is_v3",
- "Standard_F4s_v2",
- "Standard_F8s_v2",
- "Standard_F16s_v2",
- "Standard_F32s_v2",
- "Standard_F64s_v2",
- "Standard_M8ms",
- "Standard_M16ms",
- "Standard_M32ms",
- "Standard_M64ms",
- "Standard_M64s",
- "Standard_D2_v2",
- "Standard_D3_v2",
- "Standard_D4_v2",
- "Standard_D5_v2",
- "Standard_D11_v2",
- "Standard_D12_v2",
- "Standard_D13_v2",
- "Standard_D14_v2",
- "Standard_D15_v2",
- "Standard_F2",
- "Standard_F4",
- "Standard_F8",
- "Standard_F16",
- "Standard_D4_v3",
- "Standard_D8_v3",
- "Standard_D16_v3",
- "Standard_D32_v3",
- "Standard_D64_v3",
- "Standard_E4_v3",
- "Standard_E8_v3",
- "Standard_E16_v3",
- "Standard_E20_v3",
- "Standard_E32_v3",
- "Standard_E64_v3",
- "Standard_E64i_v3",
- "Standard_DS11_v2",
- "Standard_DS12_v2",
- "Standard_DS13_v2",
- "Standard_DS14_v2",
- "Standard_DS15_v2"
- ]
- },
- "osPlatform": "Linux",
- "imageReference": {
- "publisher": "checkpoint",
- "offer": "check-point-cg-r8040",
- "sku": "sg-ngtx"
- },
- "count": 1
- },
- {
- "name": "R81vmSizeUiBYOL",
- "type": "Microsoft.Compute.SizeSelector",
- "visible": "[and(equals(steps('chkp').cloudGuardVersion, 'R81'), contains(steps('chkp').R80Offer, 'Bring Your Own License'))]",
- "label": "Virtual machine size",
- "toolTip": "The VM size of the Security Gateway",
- "recommendedSizes": [
- "Standard_D3_v2",
- "Standard_DS3_v2"
- ],
- "constraints": {
- "allowedSizes": [
- "Standard_D4_v4",
- "Standard_D8_v4",
- "Standard_D16_v4",
- "Standard_D32_v4",
- "Standard_D48_v4",
- "Standard_D64_v4",
- "Standard_D4s_v4",
- "Standard_D8s_v4",
- "Standard_D16s_v4",
- "Standard_D32s_v4",
- "Standard_D48s_v4",
- "Standard_D64s_v4",
- "Standard_D2_v5",
- "Standard_D4_v5",
- "Standard_D8_v5",
- "Standard_D16_v5",
- "Standard_D32_v5",
- "Standard_D2s_v5",
- "Standard_D4s_v5",
- "Standard_D8s_v5",
- "Standard_D16s_v5",
- "Standard_D2d_v5",
- "Standard_D4d_v5",
- "Standard_D8d_v5",
- "Standard_D16d_v5",
- "Standard_D32d_v5",
- "Standard_D2ds_v5",
- "Standard_D4ds_v5",
- "Standard_D8ds_v5",
- "Standard_D16ds_v5",
- "Standard_D32ds_v5",
- "Standard_DS2_v2",
- "Standard_DS3_v2",
- "Standard_DS4_v2",
- "Standard_DS5_v2",
- "Standard_F2s",
- "Standard_F4s",
- "Standard_F8s",
- "Standard_F16s",
- "Standard_D4s_v3",
- "Standard_D8s_v3",
- "Standard_D16s_v3",
- "Standard_D32s_v3",
- "Standard_D64s_v3",
- "Standard_E4s_v3",
- "Standard_E8s_v3",
- "Standard_E16s_v3",
- "Standard_E20s_v3",
- "Standard_E32s_v3",
- "Standard_E64s_v3",
- "Standard_E64is_v3",
- "Standard_F4s_v2",
- "Standard_F8s_v2",
- "Standard_F16s_v2",
- "Standard_F32s_v2",
- "Standard_F64s_v2",
- "Standard_M8ms",
- "Standard_M16ms",
- "Standard_M32ms",
- "Standard_M64ms",
- "Standard_M64s",
- "Standard_D2_v2",
- "Standard_D3_v2",
- "Standard_D4_v2",
- "Standard_D5_v2",
- "Standard_D11_v2",
- "Standard_D12_v2",
- "Standard_D13_v2",
- "Standard_D14_v2",
- "Standard_D15_v2",
- "Standard_F2",
- "Standard_F4",
- "Standard_F8",
- "Standard_F16",
- "Standard_D4_v3",
- "Standard_D8_v3",
- "Standard_D16_v3",
- "Standard_D32_v3",
- "Standard_D64_v3",
- "Standard_E4_v3",
- "Standard_E8_v3",
- "Standard_E16_v3",
- "Standard_E20_v3",
- "Standard_E32_v3",
- "Standard_E64_v3",
- "Standard_E64i_v3",
- "Standard_DS11_v2",
- "Standard_DS12_v2",
- "Standard_DS13_v2",
- "Standard_DS14_v2",
- "Standard_DS15_v2"
- ]
- },
- "osPlatform": "Linux",
- "imageReference": {
- "publisher": "checkpoint",
- "offer": "check-point-cg-r81",
- "sku": "sg-byol"
- },
- "count": 1
- },
- {
- "name": "R81vmSizeUiNGTP",
- "type": "Microsoft.Compute.SizeSelector",
- "visible": "[and(equals(steps('chkp').cloudGuardVersion, 'R81'), contains(steps('chkp').R80Offer, '(NGTP)'))]",
- "label": "Virtual machine size",
- "toolTip": "The VM size of the Security Gateway",
- "recommendedSizes": [
- "Standard_D3_v2",
- "Standard_DS3_v2"
- ],
- "constraints": {
- "allowedSizes": [
- "Standard_D4_v4",
- "Standard_D8_v4",
- "Standard_D16_v4",
- "Standard_D32_v4",
- "Standard_D48_v4",
- "Standard_D64_v4",
- "Standard_D4s_v4",
- "Standard_D8s_v4",
- "Standard_D16s_v4",
- "Standard_D32s_v4",
- "Standard_D48s_v4",
- "Standard_D64s_v4",
- "Standard_D2_v5",
- "Standard_D4_v5",
- "Standard_D8_v5",
- "Standard_D16_v5",
- "Standard_D32_v5",
- "Standard_D2s_v5",
- "Standard_D4s_v5",
- "Standard_D8s_v5",
- "Standard_D16s_v5",
- "Standard_D2d_v5",
- "Standard_D4d_v5",
- "Standard_D8d_v5",
- "Standard_D16d_v5",
- "Standard_D32d_v5",
- "Standard_D2ds_v5",
- "Standard_D4ds_v5",
- "Standard_D8ds_v5",
- "Standard_D16ds_v5",
- "Standard_D32ds_v5",
- "Standard_DS2_v2",
- "Standard_DS3_v2",
- "Standard_DS4_v2",
- "Standard_DS5_v2",
- "Standard_F2s",
- "Standard_F4s",
- "Standard_F8s",
- "Standard_F16s",
- "Standard_D4s_v3",
- "Standard_D8s_v3",
- "Standard_D16s_v3",
- "Standard_D32s_v3",
- "Standard_D64s_v3",
- "Standard_E4s_v3",
- "Standard_E8s_v3",
- "Standard_E16s_v3",
- "Standard_E20s_v3",
- "Standard_E32s_v3",
- "Standard_E64s_v3",
- "Standard_E64is_v3",
- "Standard_F4s_v2",
- "Standard_F8s_v2",
- "Standard_F16s_v2",
- "Standard_F32s_v2",
- "Standard_F64s_v2",
- "Standard_M8ms",
- "Standard_M16ms",
- "Standard_M32ms",
- "Standard_M64ms",
- "Standard_M64s",
- "Standard_D2_v2",
- "Standard_D3_v2",
- "Standard_D4_v2",
- "Standard_D5_v2",
- "Standard_D11_v2",
- "Standard_D12_v2",
- "Standard_D13_v2",
- "Standard_D14_v2",
- "Standard_D15_v2",
- "Standard_F2",
- "Standard_F4",
- "Standard_F8",
- "Standard_F16",
- "Standard_D4_v3",
- "Standard_D8_v3",
- "Standard_D16_v3",
- "Standard_D32_v3",
- "Standard_D64_v3",
- "Standard_E4_v3",
- "Standard_E8_v3",
- "Standard_E16_v3",
- "Standard_E20_v3",
- "Standard_E32_v3",
- "Standard_E64_v3",
- "Standard_E64i_v3",
- "Standard_DS11_v2",
- "Standard_DS12_v2",
- "Standard_DS13_v2",
- "Standard_DS14_v2",
- "Standard_DS15_v2"
+ "label": "R81.10",
+ "value": "R81.10"
+ },
+ {
+ "label": "R81.20",
+ "value": "R81.20"
+ }
]
- },
- "osPlatform": "Linux",
- "imageReference": {
- "publisher": "checkpoint",
- "offer": "check-point-cg-r81",
- "sku": "sg-ngtp"
- },
- "count": 1
+ }
},
{
- "name": "R81vmSizeUiNGTX",
- "type": "Microsoft.Compute.SizeSelector",
- "visible": "[and(equals(steps('chkp').cloudGuardVersion, 'R81'), contains(steps('chkp').R80Offer, '(NGTX)'))]",
- "label": "Virtual machine size",
- "toolTip": "The VM size of the Security Gateway",
- "recommendedSizes": [
- "Standard_D3_v2",
- "Standard_DS3_v2"
- ],
+ "name": "R80Offer",
+ "type": "Microsoft.Common.DropDown",
+ "label": "License type",
+ "toolTip": "The type of license.",
+ "defaultValue": "Bring Your Own License",
+ "visible": true,
"constraints": {
- "allowedSizes": [
- "Standard_D4_v4",
- "Standard_D8_v4",
- "Standard_D16_v4",
- "Standard_D32_v4",
- "Standard_D48_v4",
- "Standard_D64_v4",
- "Standard_D4s_v4",
- "Standard_D8s_v4",
- "Standard_D16s_v4",
- "Standard_D32s_v4",
- "Standard_D48s_v4",
- "Standard_D64s_v4",
- "Standard_D2_v5",
- "Standard_D4_v5",
- "Standard_D8_v5",
- "Standard_D16_v5",
- "Standard_D32_v5",
- "Standard_D2s_v5",
- "Standard_D4s_v5",
- "Standard_D8s_v5",
- "Standard_D16s_v5",
- "Standard_D2d_v5",
- "Standard_D4d_v5",
- "Standard_D8d_v5",
- "Standard_D16d_v5",
- "Standard_D32d_v5",
- "Standard_D2ds_v5",
- "Standard_D4ds_v5",
- "Standard_D8ds_v5",
- "Standard_D16ds_v5",
- "Standard_D32ds_v5",
- "Standard_DS2_v2",
- "Standard_DS3_v2",
- "Standard_DS4_v2",
- "Standard_DS5_v2",
- "Standard_F2s",
- "Standard_F4s",
- "Standard_F8s",
- "Standard_F16s",
- "Standard_D4s_v3",
- "Standard_D8s_v3",
- "Standard_D16s_v3",
- "Standard_D32s_v3",
- "Standard_D64s_v3",
- "Standard_E4s_v3",
- "Standard_E8s_v3",
- "Standard_E16s_v3",
- "Standard_E20s_v3",
- "Standard_E32s_v3",
- "Standard_E64s_v3",
- "Standard_E64is_v3",
- "Standard_F4s_v2",
- "Standard_F8s_v2",
- "Standard_F16s_v2",
- "Standard_F32s_v2",
- "Standard_F64s_v2",
- "Standard_M8ms",
- "Standard_M16ms",
- "Standard_M32ms",
- "Standard_M64ms",
- "Standard_M64s",
- "Standard_D2_v2",
- "Standard_D3_v2",
- "Standard_D4_v2",
- "Standard_D5_v2",
- "Standard_D11_v2",
- "Standard_D12_v2",
- "Standard_D13_v2",
- "Standard_D14_v2",
- "Standard_D15_v2",
- "Standard_F2",
- "Standard_F4",
- "Standard_F8",
- "Standard_F16",
- "Standard_D4_v3",
- "Standard_D8_v3",
- "Standard_D16_v3",
- "Standard_D32_v3",
- "Standard_D64_v3",
- "Standard_E4_v3",
- "Standard_E8_v3",
- "Standard_E16_v3",
- "Standard_E20_v3",
- "Standard_E32_v3",
- "Standard_E64_v3",
- "Standard_E64i_v3",
- "Standard_DS11_v2",
- "Standard_DS12_v2",
- "Standard_DS13_v2",
- "Standard_DS14_v2",
- "Standard_DS15_v2"
+ "allowedValues": [
+ {
+ "label": "Bring Your Own License",
+ "value": "Bring Your Own License"
+ },
+ {
+ "label": "Pay As You Go (NGTP)",
+ "value": "Pay As You Go (NGTP)"
+ },
+ {
+ "label": "Pay As You Go (NGTX)",
+ "value": "Pay As You Go (NGTX)"
+ }
]
- },
- "osPlatform": "Linux",
- "imageReference": {
- "publisher": "checkpoint",
- "offer": "check-point-cg-r81",
- "sku": "sg-ngtx"
- },
- "count": 1
+ }
},
{
"name": "R8110vmSizeUiBYOL",
@@ -1471,7 +785,7 @@
"name": "installationType",
"type": "Microsoft.Common.DropDown",
"label": "Installation type",
- "visible": "[or(equals(steps('chkp').cloudGuardVersion, 'R80.40'), equals(steps('chkp').cloudGuardVersion, 'R81'), equals(steps('chkp').cloudGuardVersion, 'R81.10'), equals(steps('chkp').cloudGuardVersion, 'R81.20'))]",
+ "visible": "[or(equals(equals(steps('chkp').cloudGuardVersion, 'R81.10'), equals(steps('chkp').cloudGuardVersion, 'R81.20'))]",
"defaultValue": "Gateway only",
"toolTip": "Select the type of deployment",
"constraints": {
@@ -1517,10 +831,10 @@
{
"name": "standaloneValidation",
"type": "Microsoft.Common.InfoBox",
- "visible": "[and(equals(steps('chkp').installationType, 'standalone'), not(and(equals(steps('chkp').R80Offer, 'Bring Your Own License'),or(equals(steps('chkp').cloudGuardVersion, 'R80.40'), equals(steps('chkp').cloudGuardVersion, 'R81'), equals(steps('chkp').cloudGuardVersion, 'R81.10'), equals(steps('chkp').cloudGuardVersion, 'R81.20')))))]",
+ "visible": "[and(equals(steps('chkp').installationType, 'standalone'), not(and(equals(steps('chkp').R80Offer, 'Bring Your Own License'),or(equals(equals(steps('chkp').cloudGuardVersion, 'R81.10'), equals(steps('chkp').cloudGuardVersion, 'R81.20')))))]",
"options": {
"icon": "Error",
- "text": "Standalone deployment is ONLY supported for CloudGuard versions R80.40, R81, R81.10 and R81.20 Bring Your Own License."
+ "text": "Standalone deployment is ONLY supported for CloudGuard versions R81.10 and R81.20 Bring Your Own License."
}
},
{
@@ -1533,7 +847,7 @@
"regex": "^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\\/([0-9]|[1-2][0-9]|3[0-2]))$",
"validationMessage": "Enter a valid IPv4 network CIDR"
},
- "visible": "[and(or(equals(steps('chkp').cloudGuardVersion, 'R80.40'), equals(steps('chkp').cloudGuardVersion, 'R81'), equals(steps('chkp').cloudGuardVersion, 'R81.10'), equals(steps('chkp').cloudGuardVersion, 'R81.20')), equals(steps('chkp').installationType, 'standalone'))]"
+ "visible": "[and(or(equals(steps('chkp').cloudGuardVersion, 'R81.10'), equals(steps('chkp').cloudGuardVersion, 'R81.20')), equals(steps('chkp').installationType, 'standalone'))]"
},
{
"name": "sicKeyUi",
@@ -1563,7 +877,7 @@
}
},
{
- "visible": "[bool(basics('auth').sshPublicKey)]",
+ "visible": "[bool(basics('auth').sshPublicKey)]",
"name": "EnableSerialConsolePassword",
"type": "Microsoft.Common.OptionsGroup",
"label": "Enable Serial console password",
@@ -1603,14 +917,14 @@
{
"name": "MaintenanceModeInfoBox",
"type": "Microsoft.Common.InfoBox",
- "visible": "[and(bool(basics('auth').password), not(contains('R80.40 R81 R81.10', steps('chkp').cloudGuardVersion)))]",
+ "visible": "[and(bool(basics('auth').password), not(contains('R81.10', steps('chkp').cloudGuardVersion)))]",
"options": {
"icon": "Info",
"text": "Check Point recommends setting a maintenance-mode password for recovery purposes."
}
},
{
- "visible": "[not(contains('R80.40 R81 R81.10', steps('chkp').cloudGuardVersion))]",
+ "visible": "[not(contains('R81.10', steps('chkp').cloudGuardVersion))]",
"name": "EnableMaintenanceMode",
"type": "Microsoft.Common.OptionsGroup",
"label": "Enable Maintenance Mode",
@@ -1630,7 +944,7 @@
}
},
{
- "visible": "[and(not(contains('R80.40 R81 R81.10', steps('chkp').cloudGuardVersion)), steps('chkp').EnableMaintenanceMode)]",
+ "visible": "[and(not(contains('R81.10', steps('chkp').cloudGuardVersion)), steps('chkp').EnableMaintenanceMode)]",
"name": "MaintenanceModePassword",
"type": "Microsoft.Common.PasswordBox",
"defaultValue": "",
@@ -1688,7 +1002,7 @@
"type": "Microsoft.Common.OptionsGroup",
"label": "VM disk type",
"toolTip": "Type of CloudGuard disk.",
- "visible": "[not(contains('R80.40 R81 R81.10' , steps('chkp').cloudGuardVersion))]",
+ "visible": "[not(contains('R81.10' , steps('chkp').cloudGuardVersion))]",
"defaultValue": "Premium",
"constraints": {
"allowedValues": [
@@ -1708,7 +1022,7 @@
"type": "Microsoft.Common.OptionsGroup",
"label": "VM disk type",
"toolTip": "Type of CloudGuard disk.",
- "visible": "[contains('R80.40 R81 R81.10' , steps('chkp').cloudGuardVersion)]",
+ "visible": "[contains('R81.10' , steps('chkp').cloudGuardVersion)]",
"defaultValue": "Standard",
"constraints": {
"allowedValues": [
@@ -1806,7 +1120,7 @@
"label": "Quick connect to Smart-1 Cloud",
"defaultValue": "Yes",
"toolTip": "Automatically connect this single gateway to Smart-1 Cloud - Check Point's Security Management as a Service",
- "constraints": {
+ "constraints": {
"allowedValues": [
{
"label": "Yes",
@@ -1843,7 +1157,7 @@
"validationMessage": "Smart1Cloud Token Should contain at lease 5 characters"
},
"visible": "[equals(steps('chkp').allowSmart1CloudConnection, 'yes')]"
- }
+ }
]
},
{
@@ -2007,7 +1321,7 @@
"authenticationType": "[basics('auth').authenticationType]",
"sshPublicKey": "[basics('auth').sshPublicKey]",
"vmName": "[basics('gatewayNameUi')]",
- "vmSize": "[coalesce(steps('chkp').R8040vmSizeUiBYOL, steps('chkp').R8040vmSizeUiNGTP, steps('chkp').R8040vmSizeUiNGTX,steps('chkp').R81vmSizeUiBYOL, steps('chkp').R81vmSizeUiNGTP, steps('chkp').R81vmSizeUiNGTX, steps('chkp').R8110vmSizeUiBYOL, steps('chkp').R8110vmSizeUiNGTP, steps('chkp').R8110vmSizeUiNGTX, steps('chkp').R8120vmSizeUiBYOL, steps('chkp').R8120vmSizeUiNGTP, steps('chkp').R8120vmSizeUiNGTX )]",
+ "vmSize": "[coalesce(steps('chkp').R8110vmSizeUiBYOL, steps('chkp').R8110vmSizeUiNGTP, steps('chkp').R8110vmSizeUiNGTX, steps('chkp').R8120vmSizeUiBYOL, steps('chkp').R8120vmSizeUiNGTP, steps('chkp').R8120vmSizeUiNGTX )]",
"sicKey": "[coalesce(steps('chkp').sicKeyUi, 'notused')]",
"virtualNetworkName": "[steps('network').virtualNetwork.name]",
"virtualNetworkAddressPrefix": "[steps('network').virtualNetwork.addressPrefix]",
@@ -2024,7 +1338,7 @@
"bootstrapScript": "[steps('chkp').bootstrapScript]",
"allowDownloadFromUploadToCheckPoint": "[coalesce(steps('chkp').allowUploadDownload, 'true')]",
"additionalDiskSizeGB": "[int(steps('chkp').additionalDiskSizeGB)]",
- "diskType": "[if(contains('R80.40 R81 R81.10' , steps('chkp').cloudGuardVersion) , steps('chkp').VMDiskTypeOldVersions , steps('chkp').VMDiskType)]",
+ "diskType": "[if(contains('R81.10' , steps('chkp').cloudGuardVersion) , steps('chkp').VMDiskTypeOldVersions , steps('chkp').VMDiskType)]",
"sourceImageVhdUri": "[coalesce(steps('chkp').sourceImageVhdUri, 'noCustomUri')]",
"customMetrics": "[steps('chkp').customMetrics]",
"adminShell": "[steps('chkp').adminShell]",
@@ -2036,4 +1350,4 @@
"addStorageAccountIpRules": "[steps('network').addStorageAccountIpRules]"
}
}
-}
+}
\ No newline at end of file
diff --git a/azure/templates/marketplace-single/mainTemplate.json b/azure/templates/marketplace-single/mainTemplate.json
index 9acc1ccf..57fea308 100644
--- a/azure/templates/marketplace-single/mainTemplate.json
+++ b/azure/templates/marketplace-single/mainTemplate.json
@@ -19,12 +19,6 @@
"cloudGuardVersion": {
"type": "string",
"allowedValues": [
- "R80.40 - Bring Your Own License",
- "R80.40 - Pay As You Go (NGTP)",
- "R80.40 - Pay As You Go (NGTX)",
- "R81 - Bring Your Own License",
- "R81 - Pay As You Go (NGTP)",
- "R81 - Pay As You Go (NGTX)",
"R81.10 - Bring Your Own License",
"R81.10 - Pay As You Go (NGTP)",
"R81.10 - Pay As You Go (NGTX)",
@@ -300,27 +294,21 @@
"metadata": {
"description": "Add Storage Account IP rules that allow access to the Serial Console only for IPs based on their geographic location, based on https://learn.microsoft.com/en-us/troubleshoot/azure/virtual-machines/serial-console-linux#use-serial-console-with-custom-boot-diagnostics-storage-account-firewall-enabled"
},
- "defaultValue" : false
+ "defaultValue": false
},
- "storageAccountAdditionalIps":{
+ "storageAccountAdditionalIps": {
"type": "array",
"metadata": {
"description": "IPs/CIDRs that are allowed access to the Storage Account"
},
- "defaultValue" : []
+ "defaultValue": []
}
},
"variables": {
"templateName": "single",
- "templateVersion": "20230910",
+ "templateVersion": "20240716",
"location": "[parameters('location')]",
"offers": {
- "R80.40 - Bring Your Own License": "BYOL",
- "R80.40 - Pay As You Go (NGTP)": "NGTP",
- "R80.40 - Pay As You Go (NGTX)": "NGTX",
- "R81 - Bring Your Own License": "BYOL",
- "R81 - Pay As You Go (NGTP)": "NGTP",
- "R81 - Pay As You Go (NGTX)": "NGTX",
"R81.10 - Bring Your Own License": "BYOL",
"R81.10 - Pay As You Go (NGTP)": "NGTP",
"R81.10 - Pay As You Go (NGTX)": "NGTX",
@@ -330,12 +318,6 @@
},
"offer": "[variables('offers')[parameters('cloudGuardVersion')]]",
"osVersions": {
- "R80.40 - Bring Your Own License": "R8040",
- "R80.40 - Pay As You Go (NGTP)": "R8040",
- "R80.40 - Pay As You Go (NGTX)": "R8040",
- "R81 - Bring Your Own License": "R81",
- "R81 - Pay As You Go (NGTP)": "R81",
- "R81 - Pay As You Go (NGTX)": "R81",
"R81.10 - Bring Your Own License": "R8110",
"R81.10 - Pay As You Go (NGTP)": "R8110",
"R81.10 - Pay As You Go (NGTX)": "R8110",
@@ -345,55 +327,211 @@
},
"osVersion": "[variables('osVersions')[parameters('cloudGuardVersion')]]",
"serialConsoleGeographies": {
- "eastasia" : ["20.205.69.28", "20.195.85.180"],
- "southeastasia" : ["20.205.69.28", "20.195.85.180"],
- "australiacentral" : ["20.53.53.224", "20.70.222.112"],
- "australiacentral2" : ["20.53.53.224", "20.70.222.112"],
- "australiaeast" : ["20.53.53.224", "20.70.222.112"],
- "australiasoutheast" : ["20.53.53.224", "20.70.222.112"],
- "brazilsouth" : ["91.234.136.63", "20.206.0.194"],
- "brazilsoutheast" : ["91.234.136.63", "20.206.0.194"],
- "canadacentral" : ["52.228.86.177", "52.242.40.90"],
- "canadaeast" : ["52.228.86.177", "52.242.40.90"],
- "northeurope" : ["52.146.139.220", "20.105.209.72"],
- "westeurope" : ["52.146.139.220", "20.105.209.72"],
- "francecentral" : ["20.111.0.244", "52.136.191.10"],
- "francesouth" : ["20.111.0.244", "52.136.191.10"],
- "germanynorth" : ["51.116.75.88", "20.52.95.48"],
- "germanywestcentral" : ["51.116.75.88", "20.52.95.48"],
- "centralindia" : ["20.192.168.150", "20.192.153.104"],
- "southindia" : ["20.192.168.150", "20.192.153.104"],
- "westindia" : ["20.192.168.150", "20.192.153.104"],
- "japaneast" : ["20.43.70.205", "20.189.228.222"],
- "japanwest" : ["20.43.70.205", "20.189.228.222"],
- "koreacentral" : ["20.200.196.96", "52.147.119.29"],
- "koreasouth" : ["20.200.196.96", "52.147.119.29"],
- "norwaywest" : ["20.100.1.184", "51.13.138.76"],
- "norwayeast" : ["20.100.1.184", "51.13.138.76"],
- "switzerlandnorth" : ["20.208.4.98", "51.107.251.190"],
- "switzerlandwest" : ["20.208.4.98", "51.107.251.190"],
- "uaecentral" : ["20.45.95.66", "20.38.141.5"],
- "uaenorth" : ["20.45.95.66", "20.38.141.5"],
- "uksouth" : ["20.90.132.144", "20.58.68.62"],
- "ukwest" : ["20.90.132.144", "20.58.68.62"],
- "swedencentral" : ["51.12.72.223", "51.12.22.174"],
- "swedensouth" : ["51.12.72.223", "51.12.22.174"],
- "centralus" : ["20.98.146.84", "20.98.194.64", "20.69.5.162", "20.83.222.102"],
- "eastus2" : ["20.98.146.84", "20.98.194.64", "20.69.5.162", "20.83.222.102"],
- "eastus" : ["20.98.146.84", "20.98.194.64", "20.69.5.162", "20.83.222.102"],
- "northcentralus" : ["20.98.146.84", "20.98.194.64", "20.69.5.162", "20.83.222.102"],
- "southcentralus" : ["20.98.146.84", "20.98.194.64", "20.69.5.162", "20.83.222.102"],
- "westus2" : ["20.98.146.84", "20.98.194.64", "20.69.5.162", "20.83.222.102"],
- "westus3" : ["20.98.146.84", "20.98.194.64", "20.69.5.162", "20.83.222.102"],
- "westcentralus" : ["20.98.146.84", "20.98.194.64", "20.69.5.162", "20.83.222.102"],
- "westus" : ["20.98.146.84", "20.98.194.64", "20.69.5.162", "20.83.222.102"],
- "eastus2euap" : ["20.45.242.18", "20.51.21.252"],
- "centraluseuap" : ["20.45.242.18", "20.51.21.252"],
- "usgovarizona" : ["20.141.10.130", "52.127.55.131"],
- "usgovvirginia" : ["20.141.10.130", "52.127.55.131"]
+ "eastasia": [
+ "20.205.69.28",
+ "20.195.85.180"
+ ],
+ "southeastasia": [
+ "20.205.69.28",
+ "20.195.85.180"
+ ],
+ "australiacentral": [
+ "20.53.53.224",
+ "20.70.222.112"
+ ],
+ "australiacentral2": [
+ "20.53.53.224",
+ "20.70.222.112"
+ ],
+ "australiaeast": [
+ "20.53.53.224",
+ "20.70.222.112"
+ ],
+ "australiasoutheast": [
+ "20.53.53.224",
+ "20.70.222.112"
+ ],
+ "brazilsouth": [
+ "91.234.136.63",
+ "20.206.0.194"
+ ],
+ "brazilsoutheast": [
+ "91.234.136.63",
+ "20.206.0.194"
+ ],
+ "canadacentral": [
+ "52.228.86.177",
+ "52.242.40.90"
+ ],
+ "canadaeast": [
+ "52.228.86.177",
+ "52.242.40.90"
+ ],
+ "northeurope": [
+ "52.146.139.220",
+ "20.105.209.72"
+ ],
+ "westeurope": [
+ "52.146.139.220",
+ "20.105.209.72"
+ ],
+ "francecentral": [
+ "20.111.0.244",
+ "52.136.191.10"
+ ],
+ "francesouth": [
+ "20.111.0.244",
+ "52.136.191.10"
+ ],
+ "germanynorth": [
+ "51.116.75.88",
+ "20.52.95.48"
+ ],
+ "germanywestcentral": [
+ "51.116.75.88",
+ "20.52.95.48"
+ ],
+ "centralindia": [
+ "20.192.168.150",
+ "20.192.153.104"
+ ],
+ "southindia": [
+ "20.192.168.150",
+ "20.192.153.104"
+ ],
+ "westindia": [
+ "20.192.168.150",
+ "20.192.153.104"
+ ],
+ "japaneast": [
+ "20.43.70.205",
+ "20.189.228.222"
+ ],
+ "japanwest": [
+ "20.43.70.205",
+ "20.189.228.222"
+ ],
+ "koreacentral": [
+ "20.200.196.96",
+ "52.147.119.29"
+ ],
+ "koreasouth": [
+ "20.200.196.96",
+ "52.147.119.29"
+ ],
+ "norwaywest": [
+ "20.100.1.184",
+ "51.13.138.76"
+ ],
+ "norwayeast": [
+ "20.100.1.184",
+ "51.13.138.76"
+ ],
+ "switzerlandnorth": [
+ "20.208.4.98",
+ "51.107.251.190"
+ ],
+ "switzerlandwest": [
+ "20.208.4.98",
+ "51.107.251.190"
+ ],
+ "uaecentral": [
+ "20.45.95.66",
+ "20.38.141.5"
+ ],
+ "uaenorth": [
+ "20.45.95.66",
+ "20.38.141.5"
+ ],
+ "uksouth": [
+ "20.90.132.144",
+ "20.58.68.62"
+ ],
+ "ukwest": [
+ "20.90.132.144",
+ "20.58.68.62"
+ ],
+ "swedencentral": [
+ "51.12.72.223",
+ "51.12.22.174"
+ ],
+ "swedensouth": [
+ "51.12.72.223",
+ "51.12.22.174"
+ ],
+ "centralus": [
+ "20.98.146.84",
+ "20.98.194.64",
+ "20.69.5.162",
+ "20.83.222.102"
+ ],
+ "eastus2": [
+ "20.98.146.84",
+ "20.98.194.64",
+ "20.69.5.162",
+ "20.83.222.102"
+ ],
+ "eastus": [
+ "20.98.146.84",
+ "20.98.194.64",
+ "20.69.5.162",
+ "20.83.222.102"
+ ],
+ "northcentralus": [
+ "20.98.146.84",
+ "20.98.194.64",
+ "20.69.5.162",
+ "20.83.222.102"
+ ],
+ "southcentralus": [
+ "20.98.146.84",
+ "20.98.194.64",
+ "20.69.5.162",
+ "20.83.222.102"
+ ],
+ "westus2": [
+ "20.98.146.84",
+ "20.98.194.64",
+ "20.69.5.162",
+ "20.83.222.102"
+ ],
+ "westus3": [
+ "20.98.146.84",
+ "20.98.194.64",
+ "20.69.5.162",
+ "20.83.222.102"
+ ],
+ "westcentralus": [
+ "20.98.146.84",
+ "20.98.194.64",
+ "20.69.5.162",
+ "20.83.222.102"
+ ],
+ "westus": [
+ "20.98.146.84",
+ "20.98.194.64",
+ "20.69.5.162",
+ "20.83.222.102"
+ ],
+ "eastus2euap": [
+ "20.45.242.18",
+ "20.51.21.252"
+ ],
+ "centraluseuap": [
+ "20.45.242.18",
+ "20.51.21.252"
+ ],
+ "usgovarizona": [
+ "20.141.10.130",
+ "52.127.55.131"
+ ],
+ "usgovvirginia": [
+ "20.141.10.130",
+ "52.127.55.131"
+ ]
},
"serialConsoleIps": "[if(contains(variables('serialConsoleGeographies'),variables('location')),variables('serialConsoleGeographies')[variables('location')],createArray())]",
- "storageAccountIps" : "[concat(variables('SerialConsoleIps'),parameters('storageAccountAdditionalIps'))]",
+ "storageAccountIps": "[concat(variables('SerialConsoleIps'),parameters('storageAccountAdditionalIps'))]",
"installationType": "[parameters('installationType')]",
"isBlink": "[equals(variables('installationType'), 'gateway')]",
"storageAccountName": "[concat('bootdiag', uniqueString(resourceGroup().id, deployment().name))]",
@@ -403,7 +541,7 @@
"customData": "[concat('#!/usr/bin/python3 /etc/cloud_config.py\n', '\n', 'installationType=\"', variables('installationType'), '\"', '\n', 'allowUploadDownload=\"', variables('allowUploadDownload'), '\"', '\n', 'osVersion=\"', variables('osVersion'), '\"', '\n', 'templateName=\"', variables('templateName'), '\"', '\n', 'isBlink=\"', variables('isBlink'), '\"', '\n', 'templateVersion=\"', variables('templateVersion'), '\"', '\n', 'bootstrapScript64=\"', variables('bootstrapScript64'), '\"', '\n', 'location=\"', variables('location'), '\"', '\n', 'sicKey=\"', variables('sicKey'), '\"', '\n', 'managementGUIClientNetwork=\"', variables('managementGUIClientNetwork'), '\"', '\n', 'customMetrics=\"', variables('customMetrics'), '\"', '\n', 'adminShell=\"', parameters('adminShell'), '\"', '\n', 'smart1CloudToken=\"', parameters('smart1CloudToken'), '\"', '\n', 'MaintenanceModePassword=\"', parameters('MaintenanceModePasswordHash'), '\"', '\n', 'passwordHash=\"', parameters('SerialConsolePasswordHash'), '\"', '\n')]",
"imageOffer": "[concat('check-point-cg-', toLower(variables('osVersion')))]",
"imagePublisher": "checkpoint",
- "imageSku": "[if(and(equals(parameters('installationType'), 'standalone'), or(equals(variables('osVersion'),'R8040'), equals(variables('osVersion'),'R81'), equals(variables('osVersion'),'R8110'), equals(variables('osVersion'),'R8120'))), 'mgmt-byol', 'sg-byol')]",
+ "imageSku": "[if(and(equals(parameters('installationType'), 'standalone'), or(equals(variables('osVersion'),'R8110'), equals(variables('osVersion'),'R8120'))), 'mgmt-byol', 'sg-byol')]",
"imageReferenceBYOL": {
"offer": "[variables('imageOffer')]",
"publisher": "[variables('imagePublisher')]",
@@ -497,7 +635,9 @@
"monitoringMetricsPublisher": "[concat('/subscriptions/', parameters('subscriptionId'), '/providers/Microsoft.Authorization/roleDefinitions/', '3913510d-42f4-4e42-8a64-420c390055eb')]",
"deployNewVnet": "[equals(parameters('vnetNewOrExisting'), 'new')]",
"vnetRGName": "[if(variables('deployNewVnet'), resourceGroup().name, parameters('virtualNetworkExistingRGName'))]",
- "NewNsgReference": {"id": "[resourceId('Microsoft.Network/networkSecurityGroups', parameters('NewNsgName'))]"}
+ "NewNsgReference": {
+ "id": "[resourceId('Microsoft.Network/networkSecurityGroups', parameters('NewNsgName'))]"
+ }
},
"resources": [
{
@@ -579,8 +719,7 @@
"deployNsg": {
"value": "[parameters('deployNewNSG')]"
},
- "NewNsgName":
- {
+ "NewNsgName": {
"value": "[parameters('NewNsgName')]"
}
}
@@ -613,8 +752,7 @@
"deployNsg": {
"value": "[parameters('deployNewNSG')]"
},
- "NewNsgName":
- {
+ "NewNsgName": {
"value": "[parameters('NewNsgName')]"
}
}
diff --git a/azure/templates/marketplace-stack-ha/createUiDefinition.json b/azure/templates/marketplace-stack-ha/createUiDefinition.json
index bf141cfe..08494d6a 100644
--- a/azure/templates/marketplace-stack-ha/createUiDefinition.json
+++ b/azure/templates/marketplace-stack-ha/createUiDefinition.json
@@ -57,14 +57,6 @@
"toolTip": "The version of Check Point CloudGuard.",
"constraints": {
"allowedValues": [
- {
- "label": "R80.40",
- "value": "R80.40"
- },
- {
- "label": "R81",
- "value": "R81"
- },
{
"label": "R81.10",
"value": "R81.10"
@@ -88,498 +80,6 @@
]
}
},
- {
- "name": "R8040vmSizeUiBYOL",
- "type": "Microsoft.Compute.SizeSelector",
- "visible": "[and(equals(steps('chkp').cloudGuardVersion, 'R80.40'), contains(steps('chkp').R80Offer, 'Bring Your Own License'))]",
- "label": "Virtual machine size",
- "toolTip": "The VM size of the Security Gateway",
- "recommendedSizes": [
- "Standard_D3_v2",
- "Standard_DS3_v2"
- ],
- "constraints": {
- "allowedSizes": [
- "Standard_DS2_v2",
- "Standard_DS3_v2",
- "Standard_DS4_v2",
- "Standard_DS5_v2",
- "Standard_F2s",
- "Standard_F4s",
- "Standard_F8s",
- "Standard_F16s",
- "Standard_D4s_v3",
- "Standard_D8s_v3",
- "Standard_D16s_v3",
- "Standard_D32s_v3",
- "Standard_D64s_v3",
- "Standard_E4s_v3",
- "Standard_E8s_v3",
- "Standard_E16s_v3",
- "Standard_E20s_v3",
- "Standard_E32s_v3",
- "Standard_E64s_v3",
- "Standard_E64is_v3",
- "Standard_F4s_v2",
- "Standard_F8s_v2",
- "Standard_F16s_v2",
- "Standard_F32s_v2",
- "Standard_F64s_v2",
- "Standard_M8ms",
- "Standard_M16ms",
- "Standard_M32ms",
- "Standard_M64ms",
- "Standard_M64s",
- "Standard_D2_v2",
- "Standard_D3_v2",
- "Standard_D4_v2",
- "Standard_D5_v2",
- "Standard_D11_v2",
- "Standard_D12_v2",
- "Standard_D13_v2",
- "Standard_D14_v2",
- "Standard_D15_v2",
- "Standard_F2",
- "Standard_F4",
- "Standard_F8",
- "Standard_F16",
- "Standard_D4_v3",
- "Standard_D8_v3",
- "Standard_D16_v3",
- "Standard_D32_v3",
- "Standard_D64_v3",
- "Standard_E4_v3",
- "Standard_E8_v3",
- "Standard_E16_v3",
- "Standard_E20_v3",
- "Standard_E32_v3",
- "Standard_E64_v3",
- "Standard_E64i_v3",
- "Standard_DS11_v2",
- "Standard_DS12_v2",
- "Standard_DS13_v2",
- "Standard_DS14_v2",
- "Standard_DS15_v2"
- ]
- },
- "osPlatform": "Linux",
- "imageReference": {
- "publisher": "checkpoint",
- "offer": "check-point-cg-r8040",
- "sku": "sg-byol"
- },
- "count": 2
- },
- {
- "name": "R8040vmSizeUiNGTP",
- "type": "Microsoft.Compute.SizeSelector",
- "visible": "[and(equals(steps('chkp').cloudGuardVersion, 'R80.40'), contains(steps('chkp').R80Offer, '(NGTP)'))]",
- "label": "Virtual machine size",
- "toolTip": "The VM size of the Security Gateway",
- "recommendedSizes": [
- "Standard_D3_v2",
- "Standard_DS3_v2"
- ],
- "constraints": {
- "allowedSizes": [
- "Standard_DS2_v2",
- "Standard_DS3_v2",
- "Standard_DS4_v2",
- "Standard_DS5_v2",
- "Standard_F2s",
- "Standard_F4s",
- "Standard_F8s",
- "Standard_F16s",
- "Standard_D4s_v3",
- "Standard_D8s_v3",
- "Standard_D16s_v3",
- "Standard_D32s_v3",
- "Standard_D64s_v3",
- "Standard_E4s_v3",
- "Standard_E8s_v3",
- "Standard_E16s_v3",
- "Standard_E20s_v3",
- "Standard_E32s_v3",
- "Standard_E64s_v3",
- "Standard_E64is_v3",
- "Standard_F4s_v2",
- "Standard_F8s_v2",
- "Standard_F16s_v2",
- "Standard_F32s_v2",
- "Standard_F64s_v2",
- "Standard_M8ms",
- "Standard_M16ms",
- "Standard_M32ms",
- "Standard_M64ms",
- "Standard_M64s",
- "Standard_D2_v2",
- "Standard_D3_v2",
- "Standard_D4_v2",
- "Standard_D5_v2",
- "Standard_D11_v2",
- "Standard_D12_v2",
- "Standard_D13_v2",
- "Standard_D14_v2",
- "Standard_D15_v2",
- "Standard_F2",
- "Standard_F4",
- "Standard_F8",
- "Standard_F16",
- "Standard_D4_v3",
- "Standard_D8_v3",
- "Standard_D16_v3",
- "Standard_D32_v3",
- "Standard_D64_v3",
- "Standard_E4_v3",
- "Standard_E8_v3",
- "Standard_E16_v3",
- "Standard_E20_v3",
- "Standard_E32_v3",
- "Standard_E64_v3",
- "Standard_E64i_v3",
- "Standard_DS11_v2",
- "Standard_DS12_v2",
- "Standard_DS13_v2",
- "Standard_DS14_v2",
- "Standard_DS15_v2"
- ]
- },
- "osPlatform": "Linux",
- "imageReference": {
- "publisher": "checkpoint",
- "offer": "check-point-cg-r8040",
- "sku": "sg-ngtp"
- },
- "count": 2
- },
- {
- "name": "R8040vmSizeUiNGTX",
- "type": "Microsoft.Compute.SizeSelector",
- "visible": "[and(equals(steps('chkp').cloudGuardVersion, 'R80.40'), contains(steps('chkp').R80Offer, '(NGTX)'))]",
- "label": "Virtual machine size",
- "toolTip": "The VM size of the Security Gateway",
- "recommendedSizes": [
- "Standard_D3_v2",
- "Standard_DS3_v2"
- ],
- "constraints": {
- "allowedSizes": [
- "Standard_DS2_v2",
- "Standard_DS3_v2",
- "Standard_DS4_v2",
- "Standard_DS5_v2",
- "Standard_F2s",
- "Standard_F4s",
- "Standard_F8s",
- "Standard_F16s",
- "Standard_D4s_v3",
- "Standard_D8s_v3",
- "Standard_D16s_v3",
- "Standard_D32s_v3",
- "Standard_D64s_v3",
- "Standard_E4s_v3",
- "Standard_E8s_v3",
- "Standard_E16s_v3",
- "Standard_E20s_v3",
- "Standard_E32s_v3",
- "Standard_E64s_v3",
- "Standard_E64is_v3",
- "Standard_F4s_v2",
- "Standard_F8s_v2",
- "Standard_F16s_v2",
- "Standard_F32s_v2",
- "Standard_F64s_v2",
- "Standard_M8ms",
- "Standard_M16ms",
- "Standard_M32ms",
- "Standard_M64ms",
- "Standard_M64s",
- "Standard_D2_v2",
- "Standard_D3_v2",
- "Standard_D4_v2",
- "Standard_D5_v2",
- "Standard_D11_v2",
- "Standard_D12_v2",
- "Standard_D13_v2",
- "Standard_D14_v2",
- "Standard_D15_v2",
- "Standard_F2",
- "Standard_F4",
- "Standard_F8",
- "Standard_F16",
- "Standard_D4_v3",
- "Standard_D8_v3",
- "Standard_D16_v3",
- "Standard_D32_v3",
- "Standard_D64_v3",
- "Standard_E4_v3",
- "Standard_E8_v3",
- "Standard_E16_v3",
- "Standard_E20_v3",
- "Standard_E32_v3",
- "Standard_E64_v3",
- "Standard_E64i_v3",
- "Standard_DS11_v2",
- "Standard_DS12_v2",
- "Standard_DS13_v2",
- "Standard_DS14_v2",
- "Standard_DS15_v2"
- ]
- },
- "osPlatform": "Linux",
- "imageReference": {
- "publisher": "checkpoint",
- "offer": "check-point-cg-r8040",
- "sku": "sg-ngtx"
- },
- "count": 2
- },
- {
- "name": "R81vmSizeUiBYOL",
- "type": "Microsoft.Compute.SizeSelector",
- "visible": "[and(equals(steps('chkp').cloudGuardVersion, 'R81'), contains(steps('chkp').R80Offer, 'Bring Your Own License'))]",
- "label": "Virtual machine size",
- "toolTip": "The VM size of the Security Gateway",
- "recommendedSizes": [
- "Standard_D3_v2",
- "Standard_DS3_v2"
- ],
- "constraints": {
- "allowedSizes": [
- "Standard_DS2_v2",
- "Standard_DS3_v2",
- "Standard_DS4_v2",
- "Standard_DS5_v2",
- "Standard_F2s",
- "Standard_F4s",
- "Standard_F8s",
- "Standard_F16s",
- "Standard_D4s_v3",
- "Standard_D8s_v3",
- "Standard_D16s_v3",
- "Standard_D32s_v3",
- "Standard_D64s_v3",
- "Standard_E4s_v3",
- "Standard_E8s_v3",
- "Standard_E16s_v3",
- "Standard_E20s_v3",
- "Standard_E32s_v3",
- "Standard_E64s_v3",
- "Standard_E64is_v3",
- "Standard_F4s_v2",
- "Standard_F8s_v2",
- "Standard_F16s_v2",
- "Standard_F32s_v2",
- "Standard_F64s_v2",
- "Standard_M8ms",
- "Standard_M16ms",
- "Standard_M32ms",
- "Standard_M64ms",
- "Standard_M64s",
- "Standard_D2_v2",
- "Standard_D3_v2",
- "Standard_D4_v2",
- "Standard_D5_v2",
- "Standard_D11_v2",
- "Standard_D12_v2",
- "Standard_D13_v2",
- "Standard_D14_v2",
- "Standard_D15_v2",
- "Standard_F2",
- "Standard_F4",
- "Standard_F8",
- "Standard_F16",
- "Standard_D4_v3",
- "Standard_D8_v3",
- "Standard_D16_v3",
- "Standard_D32_v3",
- "Standard_D64_v3",
- "Standard_E4_v3",
- "Standard_E8_v3",
- "Standard_E16_v3",
- "Standard_E20_v3",
- "Standard_E32_v3",
- "Standard_E64_v3",
- "Standard_E64i_v3",
- "Standard_DS11_v2",
- "Standard_DS12_v2",
- "Standard_DS13_v2",
- "Standard_DS14_v2",
- "Standard_DS15_v2"
- ]
- },
- "osPlatform": "Linux",
- "imageReference": {
- "publisher": "checkpoint",
- "offer": "check-point-cg-r81",
- "sku": "sg-byol"
- },
- "count": 2
- },
- {
- "name": "R81vmSizeUiNGTP",
- "type": "Microsoft.Compute.SizeSelector",
- "visible": "[and(equals(steps('chkp').cloudGuardVersion, 'R81'), contains(steps('chkp').R80Offer, '(NGTP)'))]",
- "label": "Virtual machine size",
- "toolTip": "The VM size of the Security Gateway",
- "recommendedSizes": [
- "Standard_D3_v2",
- "Standard_DS3_v2"
- ],
- "constraints": {
- "allowedSizes": [
- "Standard_DS2_v2",
- "Standard_DS3_v2",
- "Standard_DS4_v2",
- "Standard_DS5_v2",
- "Standard_F2s",
- "Standard_F4s",
- "Standard_F8s",
- "Standard_F16s",
- "Standard_D4s_v3",
- "Standard_D8s_v3",
- "Standard_D16s_v3",
- "Standard_D32s_v3",
- "Standard_D64s_v3",
- "Standard_E4s_v3",
- "Standard_E8s_v3",
- "Standard_E16s_v3",
- "Standard_E20s_v3",
- "Standard_E32s_v3",
- "Standard_E64s_v3",
- "Standard_E64is_v3",
- "Standard_F4s_v2",
- "Standard_F8s_v2",
- "Standard_F16s_v2",
- "Standard_F32s_v2",
- "Standard_F64s_v2",
- "Standard_M8ms",
- "Standard_M16ms",
- "Standard_M32ms",
- "Standard_M64ms",
- "Standard_M64s",
- "Standard_D2_v2",
- "Standard_D3_v2",
- "Standard_D4_v2",
- "Standard_D5_v2",
- "Standard_D11_v2",
- "Standard_D12_v2",
- "Standard_D13_v2",
- "Standard_D14_v2",
- "Standard_D15_v2",
- "Standard_F2",
- "Standard_F4",
- "Standard_F8",
- "Standard_F16",
- "Standard_D4_v3",
- "Standard_D8_v3",
- "Standard_D16_v3",
- "Standard_D32_v3",
- "Standard_D64_v3",
- "Standard_E4_v3",
- "Standard_E8_v3",
- "Standard_E16_v3",
- "Standard_E20_v3",
- "Standard_E32_v3",
- "Standard_E64_v3",
- "Standard_E64i_v3",
- "Standard_DS11_v2",
- "Standard_DS12_v2",
- "Standard_DS13_v2",
- "Standard_DS14_v2",
- "Standard_DS15_v2"
- ]
- },
- "osPlatform": "Linux",
- "imageReference": {
- "publisher": "checkpoint",
- "offer": "check-point-cg-r81",
- "sku": "sg-ngtp"
- },
- "count": 2
- },
- {
- "name": "R81vmSizeUiNGTX",
- "type": "Microsoft.Compute.SizeSelector",
- "visible": "[and(equals(steps('chkp').cloudGuardVersion, 'R81'), contains(steps('chkp').R80Offer, '(NGTX)'))]",
- "label": "Virtual machine size",
- "toolTip": "The VM size of the Security Gateway",
- "recommendedSizes": [
- "Standard_D3_v2",
- "Standard_DS3_v2"
- ],
- "constraints": {
- "allowedSizes": [
- "Standard_DS2_v2",
- "Standard_DS3_v2",
- "Standard_DS4_v2",
- "Standard_DS5_v2",
- "Standard_F2s",
- "Standard_F4s",
- "Standard_F8s",
- "Standard_F16s",
- "Standard_D4s_v3",
- "Standard_D8s_v3",
- "Standard_D16s_v3",
- "Standard_D32s_v3",
- "Standard_D64s_v3",
- "Standard_E4s_v3",
- "Standard_E8s_v3",
- "Standard_E16s_v3",
- "Standard_E20s_v3",
- "Standard_E32s_v3",
- "Standard_E64s_v3",
- "Standard_E64is_v3",
- "Standard_F4s_v2",
- "Standard_F8s_v2",
- "Standard_F16s_v2",
- "Standard_F32s_v2",
- "Standard_F64s_v2",
- "Standard_M8ms",
- "Standard_M16ms",
- "Standard_M32ms",
- "Standard_M64ms",
- "Standard_M64s",
- "Standard_D2_v2",
- "Standard_D3_v2",
- "Standard_D4_v2",
- "Standard_D5_v2",
- "Standard_D11_v2",
- "Standard_D12_v2",
- "Standard_D13_v2",
- "Standard_D14_v2",
- "Standard_D15_v2",
- "Standard_F2",
- "Standard_F4",
- "Standard_F8",
- "Standard_F16",
- "Standard_D4_v3",
- "Standard_D8_v3",
- "Standard_D16_v3",
- "Standard_D32_v3",
- "Standard_D64_v3",
- "Standard_E4_v3",
- "Standard_E8_v3",
- "Standard_E16_v3",
- "Standard_E20_v3",
- "Standard_E32_v3",
- "Standard_E64_v3",
- "Standard_E64i_v3",
- "Standard_DS11_v2",
- "Standard_DS12_v2",
- "Standard_DS13_v2",
- "Standard_DS14_v2",
- "Standard_DS15_v2"
- ]
- },
- "osPlatform": "Linux",
- "imageReference": {
- "publisher": "checkpoint",
- "offer": "check-point-cg-r81",
- "sku": "sg-ngtx"
- },
- "count": 2
- },
{
"name": "R8110vmSizeUiBYOL",
"type": "Microsoft.Compute.SizeSelector",
@@ -992,7 +492,7 @@
"authenticationType": "[basics('auth').authenticationType]",
"sshPublicKey": "[basics('auth').sshPublicKey]",
"vmName": "[basics('clusterObjectNameUi')]",
- "vmSize": "[coalesce(steps('chkp').R8040vmSizeUiBYOL, steps('chkp').R8040vmSizeUiNGTP, steps('chkp').R8040vmSizeUiNGTX, steps('chkp').R81vmSizeUiBYOL, steps('chkp').R81vmSizeUiNGTP, steps('chkp').R81vmSizeUiNGTX, steps('chkp').R8110vmSizeUiBYOL, steps('chkp').R8110vmSizeUiNGTP, steps('chkp').R8110vmSizeUiNGTX)]",
+ "vmSize": "[coalesce(steps('chkp').R8110vmSizeUiBYOL, steps('chkp').R8110vmSizeUiNGTP, steps('chkp').R8110vmSizeUiNGTX)]",
"sicKey": "[steps('chkp').sicKeyUi]",
"virtualNetworkName": "[steps('network').virtualNetwork.name]",
"virtualNetworkAddressPrefixes": "[steps('network').virtualNetwork.addressPrefixes]",
@@ -1010,4 +510,4 @@
"sourceImageVhdUri": "[coalesce(steps('chkp').sourceImageVhdUri, 'noCustomUri')]"
}
}
-}
+}
\ No newline at end of file
diff --git a/azure/templates/marketplace-stack-ha/mainTemplate.json b/azure/templates/marketplace-stack-ha/mainTemplate.json
index 23e62359..932a8714 100755
--- a/azure/templates/marketplace-stack-ha/mainTemplate.json
+++ b/azure/templates/marketplace-stack-ha/mainTemplate.json
@@ -12,12 +12,6 @@
"cloudGuardVersion": {
"type": "string",
"allowedValues": [
- "R80.40 - Bring Your Own License",
- "R80.40 - Pay As You Go (NGTP)",
- "R80.40 - Pay As You Go (NGTX)",
- "R81 - Bring Your Own License",
- "R81 - Pay As You Go (NGTP)",
- "R81 - Pay As You Go (NGTX)",
"R81.10 - Bring Your Own License",
"R81.10 - Pay As You Go (NGTP)",
"R81.10 - Pay As You Go (NGTX)"
@@ -231,24 +225,12 @@
"templateVersion": "20230219",
"location": "[parameters('location')]",
"offers": {
- "R80.40 - Bring Your Own License": "BYOL",
- "R80.40 - Pay As You Go (NGTP)": "NGTP",
- "R80.40 - Pay As You Go (NGTX)": "NGTX",
- "R81 - Bring Your Own License": "BYOL",
- "R81 - Pay As You Go (NGTP)": "NGTP",
- "R81 - Pay As You Go (NGTX)": "NGTX",
"R81.10 - Bring Your Own License": "BYOL",
"R81.10 - Pay As You Go (NGTP)": "NGTP",
"R81.10 - Pay As You Go (NGTX)": "NGTX"
},
"offer": "[variables('offers')[parameters('cloudGuardVersion')]]",
"osVersions": {
- "R80.40 - Bring Your Own License": "R8040",
- "R80.40 - Pay As You Go (NGTP)": "R8040",
- "R80.40 - Pay As You Go (NGTX)": "R8040",
- "R81 - Bring Your Own License": "R81",
- "R81 - Pay As You Go (NGTP)": "R81",
- "R81 - Pay As You Go (NGTX)": "R81",
"R81.10 - Bring Your Own License": "R8110",
"R81.10 - Pay As You Go (NGTP)": "R8110",
"R81.10 - Pay As You Go (NGTX)": "R8110"
@@ -264,8 +246,6 @@
"diskSize100GB": 100,
"diskSizeGB": "[add(parameters('additionalDiskSizeGB'), variables('diskSize100GB'))]",
"customData": "[concat('#!/usr/bin/python /etc/cloud_config.py\n', '\n', 'installationType=\"', variables('installationType'), '\"', '\n', 'allowUploadDownload=\"', variables('allowUploadDownload'), '\"', '\n', 'osVersion=\"', variables('osVersion'), '\"', '\n', 'templateName=\"', variables('templateName'), '\"', '\n', 'isBlink=\"', variables('isBlink'), '\"', '\n', 'templateVersion=\"', variables('templateVersion'), '\"', '\n', 'bootstrapScript64=\"', variables('bootstrapScript64'), '\"', '\n', 'location=\"', variables('location'), '\"', '\n', 'sicKey=\"', variables('sicKey'), '\"', '\n', 'managementGUIClientNetwork=\"', variables('managementGUIClientNetwork'), '\"', '\n', 'resourceGroup=\"', resourceGroup().name, '\"', '\n', 'subscriptionId=\"', subscription().subscriptionId, '\"', '\n', 'subnet1Prefix=\"', first(split(parameters('subnet1Prefix'), '/')), '\"', '\n', 'location=\"', variables('location'), '\"', '\n', 'tenantId=\"', subscription().tenantId, '\"', '\n', 'virtualNetwork=\"', parameters('virtualNetworkName'), '\"', '\n', 'clusterName=\"', parameters('vmName'), '\"', '\n')]",
- "imageOfferR8040": "check-point-cg-r8040",
- "imageOfferR81": "check-point-cg-r81",
"imageOfferR8110": "check-point-cg-r8110",
"imageOffer": "[concat(variables(concat('imageOffer', variables('osVersion'))), parameters('preview'))]",
"imagePublisher": "checkpoint",
@@ -706,4 +686,4 @@
"value": "[reference(variables('publicIPAddressId2')).IpAddress]"
}
}
-}
+}
\ No newline at end of file
diff --git a/azure/templates/marketplace-stack-management/createUiDefinition.json b/azure/templates/marketplace-stack-management/createUiDefinition.json
index 71078f61..3f5a84d7 100644
--- a/azure/templates/marketplace-stack-management/createUiDefinition.json
+++ b/azure/templates/marketplace-stack-management/createUiDefinition.json
@@ -57,14 +57,6 @@
"toolTip": "The version of Check Point CloudGuard.",
"constraints": {
"allowedValues": [
- {
- "label": "R80.40",
- "value": "R80.40"
- },
- {
- "label": "R81",
- "value": "R81"
- },
{
"label": "R81.10",
"value": "R81.10"
@@ -92,118 +84,6 @@
]
}
},
- {
- "name": "R8040vmSizeUiBYOL",
- "type": "Microsoft.Compute.SizeSelector",
- "visible": "[and(equals(steps('chkp').cloudGuardVersion, 'R80.40'), contains(steps('chkp').R80Offer, 'Bring Your Own License'))]",
- "label": "Virtual machine size",
- "toolTip": "The VM size of the Management",
- "recommendedSizes": [
- "Standard_D3_v2"
- ],
- "constraints": {
- "excludedSizes": [
- "Standard_A1_v2",
- "Standard_D1_v2",
- "Standard_DS1_v2",
- "Standard_F1",
- "Standard_F1s",
- "Standard_G1",
- "Standard_GS1"
- ]
- },
- "osPlatform": "Linux",
- "imageReference": {
- "publisher": "checkpoint",
- "offer": "check-point-cg-r8040",
- "sku": "mgmt-byol"
- },
- "count": 1
- },
- {
- "name": "R8040vmSizeUiMGMT25",
- "type": "Microsoft.Compute.SizeSelector",
- "visible": "[and(equals(steps('chkp').cloudGuardVersion, 'R80.40'), contains(steps('chkp').R80Offer, '(MGMT25)'))]",
- "label": "Virtual machine size",
- "toolTip": "The VM size of the Management",
- "recommendedSizes": [
- "Standard_D3_v2"
- ],
- "constraints": {
- "excludedSizes": [
- "Standard_A1_v2",
- "Standard_D1_v2",
- "Standard_DS1_v2",
- "Standard_F1",
- "Standard_F1s",
- "Standard_G1",
- "Standard_GS1"
- ]
- },
- "osPlatform": "Linux",
- "imageReference": {
- "publisher": "checkpoint",
- "offer": "check-point-cg-r8040",
- "sku": "mgmt-25"
- },
- "count": 1
- },
- {
- "name": "R81vmSizeUiBYOL",
- "type": "Microsoft.Compute.SizeSelector",
- "visible": "[and(equals(steps('chkp').cloudGuardVersion, 'R81'), contains(steps('chkp').R80Offer, 'Bring Your Own License'))]",
- "label": "Virtual machine size",
- "toolTip": "The VM size of the Management",
- "recommendedSizes": [
- "Standard_D3_v2"
- ],
- "constraints": {
- "excludedSizes": [
- "Standard_A1_v2",
- "Standard_D1_v2",
- "Standard_DS1_v2",
- "Standard_F1",
- "Standard_F1s",
- "Standard_G1",
- "Standard_GS1"
- ]
- },
- "osPlatform": "Linux",
- "imageReference": {
- "publisher": "checkpoint",
- "offer": "check-point-cg-r81",
- "sku": "mgmt-byol"
- },
- "count": 1
- },
- {
- "name": "R81vmSizeUiMGMT25",
- "type": "Microsoft.Compute.SizeSelector",
- "visible": "[and(equals(steps('chkp').cloudGuardVersion, 'R81'), contains(steps('chkp').R80Offer, '(MGMT25)'))]",
- "label": "Virtual machine size",
- "toolTip": "The VM size of the Management",
- "recommendedSizes": [
- "Standard_D3_v2"
- ],
- "constraints": {
- "excludedSizes": [
- "Standard_A1_v2",
- "Standard_D1_v2",
- "Standard_DS1_v2",
- "Standard_F1",
- "Standard_F1s",
- "Standard_G1",
- "Standard_GS1"
- ]
- },
- "osPlatform": "Linux",
- "imageReference": {
- "publisher": "checkpoint",
- "offer": "check-point-cg-r81",
- "sku": "mgmt-25"
- },
- "count": 1
- },
{
"name": "R8110vmSizeUiBYOL",
"type": "Microsoft.Compute.SizeSelector",
@@ -408,7 +288,7 @@
"authenticationType": "[basics('auth').authenticationType]",
"sshPublicKey": "[basics('auth').sshPublicKey]",
"vmName": "[basics('gatewayNameUi')]",
- "vmSize": "[coalesce(steps('chkp').R8040vmSizeUiBYOL, steps('chkp').R8040vmSizeUiMGMT25, steps('chkp').R81vmSizeUiBYOL, steps('chkp').R81vmSizeUiMGMT25, steps('chkp').R8110vmSizeUiBYOL, steps('chkp').R8110vmSizeUiMGMT25)]",
+ "vmSize": "[coalesce(steps('chkp').R8110vmSizeUiBYOL, steps('chkp').R8110vmSizeUiMGMT25)]",
"virtualNetworkName": "[steps('network').virtualNetwork.name]",
"virtualNetworkAddressPrefix": "[steps('network').virtualNetwork.addressPrefix]",
"Subnet1Name": "[steps('network').virtualNetwork.subnets.subnet1.name]",
@@ -423,4 +303,4 @@
"sourceImageVhdUri": "[coalesce(steps('chkp').sourceImageVhdUri, 'noCustomUri')]"
}
}
-}
+}
\ No newline at end of file
diff --git a/azure/templates/marketplace-stack-management/mainTemplate.json b/azure/templates/marketplace-stack-management/mainTemplate.json
index 687277f2..e8c36031 100755
--- a/azure/templates/marketplace-stack-management/mainTemplate.json
+++ b/azure/templates/marketplace-stack-management/mainTemplate.json
@@ -12,10 +12,6 @@
"cloudGuardVersion": {
"type": "string",
"allowedValues": [
- "R80.40 - Bring Your Own License",
- "R80.40 - Pay As You Go (MGMT25)",
- "R81 - Bring Your Own License",
- "R81 - Pay As You Go (MGMT25)",
"R81.10 - Bring Your Own License",
"R81.10 - Pay As You Go (MGMT25)"
],
@@ -213,19 +209,11 @@
"templateVersion": "20230219",
"location": "[parameters('location')]",
"offers": {
- "R80.40 - Bring Your Own License": "BYOL",
- "R80.40 - Pay As You Go (MGMT25)": "MGMT25",
- "R81 - Bring Your Own License": "BYOL",
- "R81 - Pay As You Go (MGMT25)": "MGMT25",
"R81.10 - Bring Your Own License": "BYOL",
"R81.10 - Pay As You Go (MGMT25)": "MGMT25"
},
"offer": "[variables('offers')[parameters('cloudGuardVersion')]]",
"osVersions": {
- "R80.40 - Bring Your Own License": "R8040",
- "R80.40 - Pay As You Go (MGMT25)": "R8040",
- "R81 - Bring Your Own License": "R81",
- "R81 - Pay As You Go (MGMT25)": "R81",
"R81.10 - Bring Your Own License": "R8110",
"R81.10 - Pay As You Go (MGMT25)": "R8110"
},
@@ -240,8 +228,6 @@
"diskSize100GB": 100,
"diskSizeGB": "[add(parameters('additionalDiskSizeGB'), variables('diskSize100GB'))]",
"customData": "[concat('#!/usr/bin/python /etc/cloud_config.py\n', '\n', 'installationType=\"', variables('installationType'), '\"', '\n', 'allowUploadDownload=\"', variables('allowUploadDownload'), '\"', '\n', 'osVersion=\"', variables('osVersion'), '\"', '\n', 'templateName=\"', variables('templateName'), '\"', '\n', 'isBlink=\"', variables('isBlink'), '\"', '\n', 'templateVersion=\"', variables('templateVersion'), '\"', '\n', 'bootstrapScript64=\"', variables('bootstrapScript64'), '\"', '\n', 'location=\"', variables('location'), '\"', '\n', 'sicKey=\"', variables('sicKey'), '\"', '\n', 'managementGUIClientNetwork=\"', variables('managementGUIClientNetwork'), '\"', '\n', 'resourceGroup=\"', resourceGroup().name, '\"', '\n', 'subscriptionId=\"', subscription().subscriptionId, '\"', '\n')]",
- "imageOfferR8040": "check-point-cg-r8040",
- "imageOfferR81": "check-point-cg-r81",
"imageOfferR8110": "check-point-cg-r8110",
"imageOffer": "[concat(variables(concat('imageOffer', variables('osVersion'))), parameters('preview'))]",
"imagePublisher": "checkpoint",
@@ -476,4 +462,4 @@
"value": "[reference(variables('publicIPAddressId')).IpAddress]"
}
}
-}
+}
\ No newline at end of file
diff --git a/azure/templates/marketplace-stack-single/createUiDefinition.json b/azure/templates/marketplace-stack-single/createUiDefinition.json
index 0f5e5b38..279644a1 100644
--- a/azure/templates/marketplace-stack-single/createUiDefinition.json
+++ b/azure/templates/marketplace-stack-single/createUiDefinition.json
@@ -57,14 +57,6 @@
"toolTip": "The version of Check Point CloudGuard Gateway.",
"constraints": {
"allowedValues": [
- {
- "label": "R80.40",
- "value": "R80.40"
- },
- {
- "label": "R81",
- "value": "R81"
- },
{
"label": "R81.10",
"value": "R81.10"
@@ -88,498 +80,6 @@
]
}
},
- {
- "name": "R8040vmSizeUiBYOL",
- "type": "Microsoft.Compute.SizeSelector",
- "visible": "[and(equals(steps('chkp').cloudGuardVersion, 'R80.40'), contains(steps('chkp').R80Offer, 'Bring Your Own License'))]",
- "label": "Virtual machine size",
- "toolTip": "The VM size of the Security Gateway",
- "recommendedSizes": [
- "Standard_D3_v2",
- "Standard_DS3_v2"
- ],
- "constraints": {
- "allowedSizes": [
- "Standard_DS2_v2",
- "Standard_DS3_v2",
- "Standard_DS4_v2",
- "Standard_DS5_v2",
- "Standard_F2s",
- "Standard_F4s",
- "Standard_F8s",
- "Standard_F16s",
- "Standard_D4s_v3",
- "Standard_D8s_v3",
- "Standard_D16s_v3",
- "Standard_D32s_v3",
- "Standard_D64s_v3",
- "Standard_E4s_v3",
- "Standard_E8s_v3",
- "Standard_E16s_v3",
- "Standard_E20s_v3",
- "Standard_E32s_v3",
- "Standard_E64s_v3",
- "Standard_E64is_v3",
- "Standard_F4s_v2",
- "Standard_F8s_v2",
- "Standard_F16s_v2",
- "Standard_F32s_v2",
- "Standard_F64s_v2",
- "Standard_M8ms",
- "Standard_M16ms",
- "Standard_M32ms",
- "Standard_M64ms",
- "Standard_M64s",
- "Standard_D2_v2",
- "Standard_D3_v2",
- "Standard_D4_v2",
- "Standard_D5_v2",
- "Standard_D11_v2",
- "Standard_D12_v2",
- "Standard_D13_v2",
- "Standard_D14_v2",
- "Standard_D15_v2",
- "Standard_F2",
- "Standard_F4",
- "Standard_F8",
- "Standard_F16",
- "Standard_D4_v3",
- "Standard_D8_v3",
- "Standard_D16_v3",
- "Standard_D32_v3",
- "Standard_D64_v3",
- "Standard_E4_v3",
- "Standard_E8_v3",
- "Standard_E16_v3",
- "Standard_E20_v3",
- "Standard_E32_v3",
- "Standard_E64_v3",
- "Standard_E64i_v3",
- "Standard_DS11_v2",
- "Standard_DS12_v2",
- "Standard_DS13_v2",
- "Standard_DS14_v2",
- "Standard_DS15_v2"
- ]
- },
- "osPlatform": "Linux",
- "imageReference": {
- "publisher": "checkpoint",
- "offer": "check-point-cg-r8040",
- "sku": "sg-byol"
- },
- "count": 1
- },
- {
- "name": "R8040vmSizeUiNGTP",
- "type": "Microsoft.Compute.SizeSelector",
- "visible": "[and(equals(steps('chkp').cloudGuardVersion, 'R80.40'), contains(steps('chkp').R80Offer, '(NGTP)'))]",
- "label": "Virtual machine size",
- "toolTip": "The VM size of the Security Gateway",
- "recommendedSizes": [
- "Standard_D3_v2",
- "Standard_DS3_v2"
- ],
- "constraints": {
- "allowedSizes": [
- "Standard_DS2_v2",
- "Standard_DS3_v2",
- "Standard_DS4_v2",
- "Standard_DS5_v2",
- "Standard_F2s",
- "Standard_F4s",
- "Standard_F8s",
- "Standard_F16s",
- "Standard_D4s_v3",
- "Standard_D8s_v3",
- "Standard_D16s_v3",
- "Standard_D32s_v3",
- "Standard_D64s_v3",
- "Standard_E4s_v3",
- "Standard_E8s_v3",
- "Standard_E16s_v3",
- "Standard_E20s_v3",
- "Standard_E32s_v3",
- "Standard_E64s_v3",
- "Standard_E64is_v3",
- "Standard_F4s_v2",
- "Standard_F8s_v2",
- "Standard_F16s_v2",
- "Standard_F32s_v2",
- "Standard_F64s_v2",
- "Standard_M8ms",
- "Standard_M16ms",
- "Standard_M32ms",
- "Standard_M64ms",
- "Standard_M64s",
- "Standard_D2_v2",
- "Standard_D3_v2",
- "Standard_D4_v2",
- "Standard_D5_v2",
- "Standard_D11_v2",
- "Standard_D12_v2",
- "Standard_D13_v2",
- "Standard_D14_v2",
- "Standard_D15_v2",
- "Standard_F2",
- "Standard_F4",
- "Standard_F8",
- "Standard_F16",
- "Standard_D4_v3",
- "Standard_D8_v3",
- "Standard_D16_v3",
- "Standard_D32_v3",
- "Standard_D64_v3",
- "Standard_E4_v3",
- "Standard_E8_v3",
- "Standard_E16_v3",
- "Standard_E20_v3",
- "Standard_E32_v3",
- "Standard_E64_v3",
- "Standard_E64i_v3",
- "Standard_DS11_v2",
- "Standard_DS12_v2",
- "Standard_DS13_v2",
- "Standard_DS14_v2",
- "Standard_DS15_v2"
- ]
- },
- "osPlatform": "Linux",
- "imageReference": {
- "publisher": "checkpoint",
- "offer": "check-point-cg-r8040",
- "sku": "sg-ngtp"
- },
- "count": 1
- },
- {
- "name": "R8040vmSizeUiNGTX",
- "type": "Microsoft.Compute.SizeSelector",
- "visible": "[and(equals(steps('chkp').cloudGuardVersion, 'R80.40'), contains(steps('chkp').R80Offer, '(NGTX)'))]",
- "label": "Virtual machine size",
- "toolTip": "The VM size of the Security Gateway",
- "recommendedSizes": [
- "Standard_D3_v2",
- "Standard_DS3_v2"
- ],
- "constraints": {
- "allowedSizes": [
- "Standard_DS2_v2",
- "Standard_DS3_v2",
- "Standard_DS4_v2",
- "Standard_DS5_v2",
- "Standard_F2s",
- "Standard_F4s",
- "Standard_F8s",
- "Standard_F16s",
- "Standard_D4s_v3",
- "Standard_D8s_v3",
- "Standard_D16s_v3",
- "Standard_D32s_v3",
- "Standard_D64s_v3",
- "Standard_E4s_v3",
- "Standard_E8s_v3",
- "Standard_E16s_v3",
- "Standard_E20s_v3",
- "Standard_E32s_v3",
- "Standard_E64s_v3",
- "Standard_E64is_v3",
- "Standard_F4s_v2",
- "Standard_F8s_v2",
- "Standard_F16s_v2",
- "Standard_F32s_v2",
- "Standard_F64s_v2",
- "Standard_M8ms",
- "Standard_M16ms",
- "Standard_M32ms",
- "Standard_M64ms",
- "Standard_M64s",
- "Standard_D2_v2",
- "Standard_D3_v2",
- "Standard_D4_v2",
- "Standard_D5_v2",
- "Standard_D11_v2",
- "Standard_D12_v2",
- "Standard_D13_v2",
- "Standard_D14_v2",
- "Standard_D15_v2",
- "Standard_F2",
- "Standard_F4",
- "Standard_F8",
- "Standard_F16",
- "Standard_D4_v3",
- "Standard_D8_v3",
- "Standard_D16_v3",
- "Standard_D32_v3",
- "Standard_D64_v3",
- "Standard_E4_v3",
- "Standard_E8_v3",
- "Standard_E16_v3",
- "Standard_E20_v3",
- "Standard_E32_v3",
- "Standard_E64_v3",
- "Standard_E64i_v3",
- "Standard_DS11_v2",
- "Standard_DS12_v2",
- "Standard_DS13_v2",
- "Standard_DS14_v2",
- "Standard_DS15_v2"
- ]
- },
- "osPlatform": "Linux",
- "imageReference": {
- "publisher": "checkpoint",
- "offer": "check-point-cg-r8040",
- "sku": "sg-ngtx"
- },
- "count": 1
- },
- {
- "name": "R81vmSizeUiBYOL",
- "type": "Microsoft.Compute.SizeSelector",
- "visible": "[and(equals(steps('chkp').cloudGuardVersion, 'R81'), contains(steps('chkp').R80Offer, 'Bring Your Own License'))]",
- "label": "Virtual machine size",
- "toolTip": "The VM size of the Security Gateway",
- "recommendedSizes": [
- "Standard_D3_v2",
- "Standard_DS3_v2"
- ],
- "constraints": {
- "allowedSizes": [
- "Standard_DS2_v2",
- "Standard_DS3_v2",
- "Standard_DS4_v2",
- "Standard_DS5_v2",
- "Standard_F2s",
- "Standard_F4s",
- "Standard_F8s",
- "Standard_F16s",
- "Standard_D4s_v3",
- "Standard_D8s_v3",
- "Standard_D16s_v3",
- "Standard_D32s_v3",
- "Standard_D64s_v3",
- "Standard_E4s_v3",
- "Standard_E8s_v3",
- "Standard_E16s_v3",
- "Standard_E20s_v3",
- "Standard_E32s_v3",
- "Standard_E64s_v3",
- "Standard_E64is_v3",
- "Standard_F4s_v2",
- "Standard_F8s_v2",
- "Standard_F16s_v2",
- "Standard_F32s_v2",
- "Standard_F64s_v2",
- "Standard_M8ms",
- "Standard_M16ms",
- "Standard_M32ms",
- "Standard_M64ms",
- "Standard_M64s",
- "Standard_D2_v2",
- "Standard_D3_v2",
- "Standard_D4_v2",
- "Standard_D5_v2",
- "Standard_D11_v2",
- "Standard_D12_v2",
- "Standard_D13_v2",
- "Standard_D14_v2",
- "Standard_D15_v2",
- "Standard_F2",
- "Standard_F4",
- "Standard_F8",
- "Standard_F16",
- "Standard_D4_v3",
- "Standard_D8_v3",
- "Standard_D16_v3",
- "Standard_D32_v3",
- "Standard_D64_v3",
- "Standard_E4_v3",
- "Standard_E8_v3",
- "Standard_E16_v3",
- "Standard_E20_v3",
- "Standard_E32_v3",
- "Standard_E64_v3",
- "Standard_E64i_v3",
- "Standard_DS11_v2",
- "Standard_DS12_v2",
- "Standard_DS13_v2",
- "Standard_DS14_v2",
- "Standard_DS15_v2"
- ]
- },
- "osPlatform": "Linux",
- "imageReference": {
- "publisher": "checkpoint",
- "offer": "check-point-cg-r81",
- "sku": "sg-byol"
- },
- "count": 1
- },
- {
- "name": "R81vmSizeUiNGTP",
- "type": "Microsoft.Compute.SizeSelector",
- "visible": "[and(equals(steps('chkp').cloudGuardVersion, 'R81'), contains(steps('chkp').R80Offer, '(NGTP)'))]",
- "label": "Virtual machine size",
- "toolTip": "The VM size of the Security Gateway",
- "recommendedSizes": [
- "Standard_D3_v2",
- "Standard_DS3_v2"
- ],
- "constraints": {
- "allowedSizes": [
- "Standard_DS2_v2",
- "Standard_DS3_v2",
- "Standard_DS4_v2",
- "Standard_DS5_v2",
- "Standard_F2s",
- "Standard_F4s",
- "Standard_F8s",
- "Standard_F16s",
- "Standard_D4s_v3",
- "Standard_D8s_v3",
- "Standard_D16s_v3",
- "Standard_D32s_v3",
- "Standard_D64s_v3",
- "Standard_E4s_v3",
- "Standard_E8s_v3",
- "Standard_E16s_v3",
- "Standard_E20s_v3",
- "Standard_E32s_v3",
- "Standard_E64s_v3",
- "Standard_E64is_v3",
- "Standard_F4s_v2",
- "Standard_F8s_v2",
- "Standard_F16s_v2",
- "Standard_F32s_v2",
- "Standard_F64s_v2",
- "Standard_M8ms",
- "Standard_M16ms",
- "Standard_M32ms",
- "Standard_M64ms",
- "Standard_M64s",
- "Standard_D2_v2",
- "Standard_D3_v2",
- "Standard_D4_v2",
- "Standard_D5_v2",
- "Standard_D11_v2",
- "Standard_D12_v2",
- "Standard_D13_v2",
- "Standard_D14_v2",
- "Standard_D15_v2",
- "Standard_F2",
- "Standard_F4",
- "Standard_F8",
- "Standard_F16",
- "Standard_D4_v3",
- "Standard_D8_v3",
- "Standard_D16_v3",
- "Standard_D32_v3",
- "Standard_D64_v3",
- "Standard_E4_v3",
- "Standard_E8_v3",
- "Standard_E16_v3",
- "Standard_E20_v3",
- "Standard_E32_v3",
- "Standard_E64_v3",
- "Standard_E64i_v3",
- "Standard_DS11_v2",
- "Standard_DS12_v2",
- "Standard_DS13_v2",
- "Standard_DS14_v2",
- "Standard_DS15_v2"
- ]
- },
- "osPlatform": "Linux",
- "imageReference": {
- "publisher": "checkpoint",
- "offer": "check-point-cg-r81",
- "sku": "sg-ngtp"
- },
- "count": 1
- },
- {
- "name": "R81vmSizeUiNGTX",
- "type": "Microsoft.Compute.SizeSelector",
- "visible": "[and(equals(steps('chkp').cloudGuardVersion, 'R81'), contains(steps('chkp').R80Offer, '(NGTX)'))]",
- "label": "Virtual machine size",
- "toolTip": "The VM size of the Security Gateway",
- "recommendedSizes": [
- "Standard_D3_v2",
- "Standard_DS3_v2"
- ],
- "constraints": {
- "allowedSizes": [
- "Standard_DS2_v2",
- "Standard_DS3_v2",
- "Standard_DS4_v2",
- "Standard_DS5_v2",
- "Standard_F2s",
- "Standard_F4s",
- "Standard_F8s",
- "Standard_F16s",
- "Standard_D4s_v3",
- "Standard_D8s_v3",
- "Standard_D16s_v3",
- "Standard_D32s_v3",
- "Standard_D64s_v3",
- "Standard_E4s_v3",
- "Standard_E8s_v3",
- "Standard_E16s_v3",
- "Standard_E20s_v3",
- "Standard_E32s_v3",
- "Standard_E64s_v3",
- "Standard_E64is_v3",
- "Standard_F4s_v2",
- "Standard_F8s_v2",
- "Standard_F16s_v2",
- "Standard_F32s_v2",
- "Standard_F64s_v2",
- "Standard_M8ms",
- "Standard_M16ms",
- "Standard_M32ms",
- "Standard_M64ms",
- "Standard_M64s",
- "Standard_D2_v2",
- "Standard_D3_v2",
- "Standard_D4_v2",
- "Standard_D5_v2",
- "Standard_D11_v2",
- "Standard_D12_v2",
- "Standard_D13_v2",
- "Standard_D14_v2",
- "Standard_D15_v2",
- "Standard_F2",
- "Standard_F4",
- "Standard_F8",
- "Standard_F16",
- "Standard_D4_v3",
- "Standard_D8_v3",
- "Standard_D16_v3",
- "Standard_D32_v3",
- "Standard_D64_v3",
- "Standard_E4_v3",
- "Standard_E8_v3",
- "Standard_E16_v3",
- "Standard_E20_v3",
- "Standard_E32_v3",
- "Standard_E64_v3",
- "Standard_E64i_v3",
- "Standard_DS11_v2",
- "Standard_DS12_v2",
- "Standard_DS13_v2",
- "Standard_DS14_v2",
- "Standard_DS15_v2"
- ]
- },
- "osPlatform": "Linux",
- "imageReference": {
- "publisher": "checkpoint",
- "offer": "check-point-cg-r81",
- "sku": "sg-ngtx"
- },
- "count": 1
- },
{
"name": "R8110vmSizeUiBYOL",
"type": "Microsoft.Compute.SizeSelector",
@@ -991,7 +491,7 @@
"authenticationType": "[basics('auth').authenticationType]",
"sshPublicKey": "[basics('auth').sshPublicKey]",
"vmName": "[basics('gatewayNameUi')]",
- "vmSize": "[coalesce(steps('chkp').R8040vmSizeUiBYOL, steps('chkp').R8040vmSizeUiNGTP, steps('chkp').R8040vmSizeUiNGTX,steps('chkp').R81vmSizeUiBYOL, steps('chkp').R81vmSizeUiNGTP, steps('chkp').R81vmSizeUiNGTX, steps('chkp').R8110vmSizeUiBYOL, steps('chkp').R8110vmSizeUiNGTP, steps('chkp').R8110vmSizeUiNGTX )]",
+ "vmSize": "[coalesce(steps('chkp').R8110vmSizeUiBYOL, steps('chkp').R8110vmSizeUiNGTP, steps('chkp').R8110vmSizeUiNGTX )]",
"sicKey": "[coalesce(steps('chkp').sicKeyUi, 'notused')]",
"virtualNetworkName": "[steps('network').virtualNetwork.name]",
"virtualNetworkAddressPrefix": "[steps('network').virtualNetwork.addressPrefix]",
@@ -1010,4 +510,4 @@
"sourceImageVhdUri": "[coalesce(steps('chkp').sourceImageVhdUri, 'noCustomUri')]"
}
}
-}
+}
\ No newline at end of file
diff --git a/azure/templates/marketplace-stack-single/mainTemplate.json b/azure/templates/marketplace-stack-single/mainTemplate.json
index e8dad555..c33ab3e1 100755
--- a/azure/templates/marketplace-stack-single/mainTemplate.json
+++ b/azure/templates/marketplace-stack-single/mainTemplate.json
@@ -12,12 +12,6 @@
"cloudGuardVersion": {
"type": "string",
"allowedValues": [
- "R80.40 - Bring Your Own License",
- "R80.40 - Pay As You Go (NGTP)",
- "R80.40 - Pay As You Go (NGTX)",
- "R81 - Bring Your Own License",
- "R81 - Pay As You Go (NGTP)",
- "R81 - Pay As You Go (NGTX)",
"R81.10 - Bring Your Own License",
"R81.10 - Pay As You Go (NGTP)",
"R81.10 - Pay As You Go (NGTX)"
@@ -236,24 +230,12 @@
"templateVersion": "20230219",
"location": "[parameters('location')]",
"offers": {
- "R80.40 - Bring Your Own License": "BYOL",
- "R80.40 - Pay As You Go (NGTP)": "NGTP",
- "R80.40 - Pay As You Go (NGTX)": "NGTX",
- "R81 - Bring Your Own License": "BYOL",
- "R81 - Pay As You Go (NGTP)": "NGTP",
- "R81 - Pay As You Go (NGTX)": "NGTX",
"R81.10 - Bring Your Own License": "BYOL",
"R81.10 - Pay As You Go (NGTP)": "NGTP",
"R81.10 - Pay As You Go (NGTX)": "NGTX"
},
"offer": "[variables('offers')[parameters('cloudGuardVersion')]]",
"osVersions": {
- "R80.40 - Bring Your Own License": "R8040",
- "R80.40 - Pay As You Go (NGTP)": "R8040",
- "R80.40 - Pay As You Go (NGTX)": "R8040",
- "R81 - Bring Your Own License": "R81",
- "R81 - Pay As You Go (NGTP)": "R81",
- "R81 - Pay As You Go (NGTX)": "R81",
"R81.10 - Bring Your Own License": "R8110",
"R81.10 - Pay As You Go (NGTP)": "R8110",
"R81.10 - Pay As You Go (NGTX)": "R8110"
@@ -269,8 +251,6 @@
"diskSize100GB": 100,
"diskSizeGB": "[add(parameters('additionalDiskSizeGB'), variables('diskSize100GB'))]",
"customData": "[concat('#!/usr/bin/python /etc/cloud_config.py\n', '\n', 'installationType=\"', variables('installationType'), '\"', '\n', 'allowUploadDownload=\"', variables('allowUploadDownload'), '\"', '\n', 'osVersion=\"', variables('osVersion'), '\"', '\n', 'templateName=\"', variables('templateName'), '\"', '\n', 'isBlink=\"', variables('isBlink'), '\"', '\n', 'templateVersion=\"', variables('templateVersion'), '\"', '\n', 'bootstrapScript64=\"', variables('bootstrapScript64'), '\"', '\n', 'location=\"', variables('location'), '\"', '\n', 'sicKey=\"', variables('sicKey'), '\"', '\n', 'managementGUIClientNetwork=\"', variables('managementGUIClientNetwork'), '\"', '\n', 'resourceGroup=\"', resourceGroup().name, '\"', '\n', 'subscriptionId=\"', subscription().subscriptionId, '\"', '\n')]",
- "imageOfferR8040": "check-point-cg-r8040",
- "imageOfferR81": "check-point-cg-r81",
"imageOfferR8110": "check-point-cg-r8110",
"imageOffer": "[concat(variables(concat('imageOffer', variables('osVersion'))), parameters('preview'))]",
"imagePublisher": "checkpoint",
@@ -569,4 +549,4 @@
"value": "[reference(variables('publicIPAddressId')).IpAddress]"
}
}
-}
+}
\ No newline at end of file
diff --git a/azure/templates/marketplace-vmss/createUiDefinition.json b/azure/templates/marketplace-vmss/createUiDefinition.json
index 2561be28..a2160355 100644
--- a/azure/templates/marketplace-vmss/createUiDefinition.json
+++ b/azure/templates/marketplace-vmss/createUiDefinition.json
@@ -583,725 +583,39 @@
"constraints": {
"allowedValues": [
{
- "label": "R80.40",
- "value": "R80.40"
- },
- {
- "label": "R81",
- "value": "R81"
- },
- {
- "label": "R81.10",
- "value": "R81.10"
- },
- {
- "label": "R81.20",
- "value": "R81.20"
- }
- ]
- }
- },
- {
- "name": "R80Offer",
- "type": "Microsoft.Common.DropDown",
- "label": "License type",
- "toolTip": "The type of license.",
- "defaultValue": "Bring Your Own License",
- "visible": true,
- "constraints": {
- "allowedValues": [
- {
- "label": "Bring Your Own License",
- "value": "Bring Your Own License"
- },
- {
- "label": "Pay As You Go (NGTP)",
- "value": "Pay As You Go (NGTP)"
- },
- {
- "label": "Pay As You Go (NGTX)",
- "value": "Pay As You Go (NGTX)"
- }
- ]
- }
- },
- {
- "name": "R8040vmSizeUiBYOL",
- "type": "Microsoft.Compute.SizeSelector",
- "visible": "[and(equals(steps('chkp').cloudGuardVersion, 'R80.40'), contains(steps('chkp').R80Offer, 'Bring Your Own License'))]",
- "label": "Virtual machine size",
- "toolTip": "The VM size of the Security Gateway",
- "recommendedSizes": [
- "Standard_D3_v2",
- "Standard_DS3_v2"
- ],
- "constraints": {
- "allowedSizes": [
- "Standard_D4_v4",
- "Standard_D8_v4",
- "Standard_D16_v4",
- "Standard_D32_v4",
- "Standard_D48_v4",
- "Standard_D64_v4",
- "Standard_D4s_v4",
- "Standard_D8s_v4",
- "Standard_D16s_v4",
- "Standard_D32s_v4",
- "Standard_D48s_v4",
- "Standard_D64s_v4",
- "Standard_D2_v5",
- "Standard_D4_v5",
- "Standard_D8_v5",
- "Standard_D16_v5",
- "Standard_D32_v5",
- "Standard_D2s_v5",
- "Standard_D4s_v5",
- "Standard_D8s_v5",
- "Standard_D16s_v5",
- "Standard_D2d_v5",
- "Standard_D4d_v5",
- "Standard_D8d_v5",
- "Standard_D16d_v5",
- "Standard_D32d_v5",
- "Standard_D2ds_v5",
- "Standard_D4ds_v5",
- "Standard_D8ds_v5",
- "Standard_D16ds_v5",
- "Standard_D32ds_v5",
- "Standard_DS2_v2",
- "Standard_DS3_v2",
- "Standard_DS4_v2",
- "Standard_DS5_v2",
- "Standard_F2s",
- "Standard_F4s",
- "Standard_F8s",
- "Standard_F16s",
- "Standard_D4s_v3",
- "Standard_D8s_v3",
- "Standard_D16s_v3",
- "Standard_D32s_v3",
- "Standard_D64s_v3",
- "Standard_E4s_v3",
- "Standard_E8s_v3",
- "Standard_E16s_v3",
- "Standard_E20s_v3",
- "Standard_E32s_v3",
- "Standard_E64s_v3",
- "Standard_E64is_v3",
- "Standard_F4s_v2",
- "Standard_F8s_v2",
- "Standard_F16s_v2",
- "Standard_F32s_v2",
- "Standard_F64s_v2",
- "Standard_M8ms",
- "Standard_M16ms",
- "Standard_M32ms",
- "Standard_M64ms",
- "Standard_M64s",
- "Standard_D2_v2",
- "Standard_D3_v2",
- "Standard_D4_v2",
- "Standard_D5_v2",
- "Standard_D11_v2",
- "Standard_D12_v2",
- "Standard_D13_v2",
- "Standard_D14_v2",
- "Standard_D15_v2",
- "Standard_F2",
- "Standard_F4",
- "Standard_F8",
- "Standard_F16",
- "Standard_D4_v3",
- "Standard_D8_v3",
- "Standard_D16_v3",
- "Standard_D32_v3",
- "Standard_D64_v3",
- "Standard_E4_v3",
- "Standard_E8_v3",
- "Standard_E16_v3",
- "Standard_E20_v3",
- "Standard_E32_v3",
- "Standard_E64_v3",
- "Standard_E64i_v3",
- "Standard_DS11_v2",
- "Standard_DS12_v2",
- "Standard_DS13_v2",
- "Standard_DS14_v2",
- "Standard_DS15_v2"
- ]
- },
- "osPlatform": "Linux",
- "imageReference": {
- "publisher": "checkpoint",
- "offer": "check-point-cg-r8040",
- "sku": "sg-byol"
- },
- "count": "[steps('autoprovision').vmCount]"
- },
- {
- "name": "R8040vmSizeUiNGTP",
- "type": "Microsoft.Compute.SizeSelector",
- "visible": "[and(equals(steps('chkp').cloudGuardVersion, 'R80.40'), contains(steps('chkp').R80Offer, '(NGTP)'))]",
- "label": "Virtual machine size",
- "toolTip": "The VM size of the Security Gateway",
- "recommendedSizes": [
- "Standard_D3_v2",
- "Standard_DS3_v2"
- ],
- "constraints": {
- "allowedSizes": [
- "Standard_D4_v4",
- "Standard_D8_v4",
- "Standard_D16_v4",
- "Standard_D32_v4",
- "Standard_D48_v4",
- "Standard_D64_v4",
- "Standard_D4s_v4",
- "Standard_D8s_v4",
- "Standard_D16s_v4",
- "Standard_D32s_v4",
- "Standard_D48s_v4",
- "Standard_D64s_v4",
- "Standard_D2_v5",
- "Standard_D4_v5",
- "Standard_D8_v5",
- "Standard_D16_v5",
- "Standard_D32_v5",
- "Standard_D2s_v5",
- "Standard_D4s_v5",
- "Standard_D8s_v5",
- "Standard_D16s_v5",
- "Standard_D2d_v5",
- "Standard_D4d_v5",
- "Standard_D8d_v5",
- "Standard_D16d_v5",
- "Standard_D32d_v5",
- "Standard_D2ds_v5",
- "Standard_D4ds_v5",
- "Standard_D8ds_v5",
- "Standard_D16ds_v5",
- "Standard_D32ds_v5",
- "Standard_DS2_v2",
- "Standard_DS3_v2",
- "Standard_DS4_v2",
- "Standard_DS5_v2",
- "Standard_F2s",
- "Standard_F4s",
- "Standard_F8s",
- "Standard_F16s",
- "Standard_D4s_v3",
- "Standard_D8s_v3",
- "Standard_D16s_v3",
- "Standard_D32s_v3",
- "Standard_D64s_v3",
- "Standard_E4s_v3",
- "Standard_E8s_v3",
- "Standard_E16s_v3",
- "Standard_E20s_v3",
- "Standard_E32s_v3",
- "Standard_E64s_v3",
- "Standard_E64is_v3",
- "Standard_F4s_v2",
- "Standard_F8s_v2",
- "Standard_F16s_v2",
- "Standard_F32s_v2",
- "Standard_F64s_v2",
- "Standard_M8ms",
- "Standard_M16ms",
- "Standard_M32ms",
- "Standard_M64ms",
- "Standard_M64s",
- "Standard_D2_v2",
- "Standard_D3_v2",
- "Standard_D4_v2",
- "Standard_D5_v2",
- "Standard_D11_v2",
- "Standard_D12_v2",
- "Standard_D13_v2",
- "Standard_D14_v2",
- "Standard_D15_v2",
- "Standard_F2",
- "Standard_F4",
- "Standard_F8",
- "Standard_F16",
- "Standard_D4_v3",
- "Standard_D8_v3",
- "Standard_D16_v3",
- "Standard_D32_v3",
- "Standard_D64_v3",
- "Standard_E4_v3",
- "Standard_E8_v3",
- "Standard_E16_v3",
- "Standard_E20_v3",
- "Standard_E32_v3",
- "Standard_E64_v3",
- "Standard_E64i_v3",
- "Standard_DS11_v2",
- "Standard_DS12_v2",
- "Standard_DS13_v2",
- "Standard_DS14_v2",
- "Standard_DS15_v2"
- ]
- },
- "osPlatform": "Linux",
- "imageReference": {
- "publisher": "checkpoint",
- "offer": "check-point-cg-r8040",
- "sku": "sg-ngtp"
- },
- "count": "[steps('autoprovision').vmCount]"
- },
- {
- "name": "R8040vmSizeUiNGTX",
- "type": "Microsoft.Compute.SizeSelector",
- "visible": "[and(equals(steps('chkp').cloudGuardVersion, 'R80.40'), contains(steps('chkp').R80Offer, '(NGTX)'))]",
- "label": "Virtual machine size",
- "toolTip": "The VM size of the Security Gateway",
- "recommendedSizes": [
- "Standard_D3_v2",
- "Standard_DS3_v2"
- ],
- "constraints": {
- "allowedSizes": [
- "Standard_D4_v4",
- "Standard_D8_v4",
- "Standard_D16_v4",
- "Standard_D32_v4",
- "Standard_D48_v4",
- "Standard_D64_v4",
- "Standard_D4s_v4",
- "Standard_D8s_v4",
- "Standard_D16s_v4",
- "Standard_D32s_v4",
- "Standard_D48s_v4",
- "Standard_D64s_v4",
- "Standard_D2_v5",
- "Standard_D4_v5",
- "Standard_D8_v5",
- "Standard_D16_v5",
- "Standard_D32_v5",
- "Standard_D2s_v5",
- "Standard_D4s_v5",
- "Standard_D8s_v5",
- "Standard_D16s_v5",
- "Standard_D2d_v5",
- "Standard_D4d_v5",
- "Standard_D8d_v5",
- "Standard_D16d_v5",
- "Standard_D32d_v5",
- "Standard_D2ds_v5",
- "Standard_D4ds_v5",
- "Standard_D8ds_v5",
- "Standard_D16ds_v5",
- "Standard_D32ds_v5",
- "Standard_DS2_v2",
- "Standard_DS3_v2",
- "Standard_DS4_v2",
- "Standard_DS5_v2",
- "Standard_F2s",
- "Standard_F4s",
- "Standard_F8s",
- "Standard_F16s",
- "Standard_D4s_v3",
- "Standard_D8s_v3",
- "Standard_D16s_v3",
- "Standard_D32s_v3",
- "Standard_D64s_v3",
- "Standard_E4s_v3",
- "Standard_E8s_v3",
- "Standard_E16s_v3",
- "Standard_E20s_v3",
- "Standard_E32s_v3",
- "Standard_E64s_v3",
- "Standard_E64is_v3",
- "Standard_F4s_v2",
- "Standard_F8s_v2",
- "Standard_F16s_v2",
- "Standard_F32s_v2",
- "Standard_F64s_v2",
- "Standard_M8ms",
- "Standard_M16ms",
- "Standard_M32ms",
- "Standard_M64ms",
- "Standard_M64s",
- "Standard_D2_v2",
- "Standard_D3_v2",
- "Standard_D4_v2",
- "Standard_D5_v2",
- "Standard_D11_v2",
- "Standard_D12_v2",
- "Standard_D13_v2",
- "Standard_D14_v2",
- "Standard_D15_v2",
- "Standard_F2",
- "Standard_F4",
- "Standard_F8",
- "Standard_F16",
- "Standard_D4_v3",
- "Standard_D8_v3",
- "Standard_D16_v3",
- "Standard_D32_v3",
- "Standard_D64_v3",
- "Standard_E4_v3",
- "Standard_E8_v3",
- "Standard_E16_v3",
- "Standard_E20_v3",
- "Standard_E32_v3",
- "Standard_E64_v3",
- "Standard_E64i_v3",
- "Standard_DS11_v2",
- "Standard_DS12_v2",
- "Standard_DS13_v2",
- "Standard_DS14_v2",
- "Standard_DS15_v2"
- ]
- },
- "osPlatform": "Linux",
- "imageReference": {
- "publisher": "checkpoint",
- "offer": "check-point-cg-r8040",
- "sku": "sg-ngtx"
- },
- "count": "[steps('autoprovision').vmCount]"
- },
- {
- "name": "R81vmSizeUiBYOL",
- "type": "Microsoft.Compute.SizeSelector",
- "visible": "[and(equals(steps('chkp').cloudGuardVersion, 'R81'), contains(steps('chkp').R80Offer, 'Bring Your Own License'))]",
- "label": "Virtual machine size",
- "toolTip": "The VM size of the Security Gateway",
- "recommendedSizes": [
- "Standard_D3_v2",
- "Standard_DS3_v2"
- ],
- "constraints": {
- "allowedSizes": [
- "Standard_D4_v4",
- "Standard_D8_v4",
- "Standard_D16_v4",
- "Standard_D32_v4",
- "Standard_D48_v4",
- "Standard_D64_v4",
- "Standard_D4s_v4",
- "Standard_D8s_v4",
- "Standard_D16s_v4",
- "Standard_D32s_v4",
- "Standard_D48s_v4",
- "Standard_D64s_v4",
- "Standard_D2_v5",
- "Standard_D4_v5",
- "Standard_D8_v5",
- "Standard_D16_v5",
- "Standard_D32_v5",
- "Standard_D2s_v5",
- "Standard_D4s_v5",
- "Standard_D8s_v5",
- "Standard_D16s_v5",
- "Standard_D2d_v5",
- "Standard_D4d_v5",
- "Standard_D8d_v5",
- "Standard_D16d_v5",
- "Standard_D32d_v5",
- "Standard_D2ds_v5",
- "Standard_D4ds_v5",
- "Standard_D8ds_v5",
- "Standard_D16ds_v5",
- "Standard_D32ds_v5",
- "Standard_DS2_v2",
- "Standard_DS3_v2",
- "Standard_DS4_v2",
- "Standard_DS5_v2",
- "Standard_F2s",
- "Standard_F4s",
- "Standard_F8s",
- "Standard_F16s",
- "Standard_D4s_v3",
- "Standard_D8s_v3",
- "Standard_D16s_v3",
- "Standard_D32s_v3",
- "Standard_D64s_v3",
- "Standard_E4s_v3",
- "Standard_E8s_v3",
- "Standard_E16s_v3",
- "Standard_E20s_v3",
- "Standard_E32s_v3",
- "Standard_E64s_v3",
- "Standard_E64is_v3",
- "Standard_F4s_v2",
- "Standard_F8s_v2",
- "Standard_F16s_v2",
- "Standard_F32s_v2",
- "Standard_F64s_v2",
- "Standard_M8ms",
- "Standard_M16ms",
- "Standard_M32ms",
- "Standard_M64ms",
- "Standard_M64s",
- "Standard_D2_v2",
- "Standard_D3_v2",
- "Standard_D4_v2",
- "Standard_D5_v2",
- "Standard_D11_v2",
- "Standard_D12_v2",
- "Standard_D13_v2",
- "Standard_D14_v2",
- "Standard_D15_v2",
- "Standard_F2",
- "Standard_F4",
- "Standard_F8",
- "Standard_F16",
- "Standard_D4_v3",
- "Standard_D8_v3",
- "Standard_D16_v3",
- "Standard_D32_v3",
- "Standard_D64_v3",
- "Standard_E4_v3",
- "Standard_E8_v3",
- "Standard_E16_v3",
- "Standard_E20_v3",
- "Standard_E32_v3",
- "Standard_E64_v3",
- "Standard_E64i_v3",
- "Standard_DS11_v2",
- "Standard_DS12_v2",
- "Standard_DS13_v2",
- "Standard_DS14_v2",
- "Standard_DS15_v2"
- ]
- },
- "osPlatform": "Linux",
- "imageReference": {
- "publisher": "checkpoint",
- "offer": "check-point-cg-r81",
- "sku": "sg-byol"
- },
- "count": "[steps('autoprovision').vmCount]"
- },
- {
- "name": "R81vmSizeUiNGTP",
- "type": "Microsoft.Compute.SizeSelector",
- "visible": "[and(equals(steps('chkp').cloudGuardVersion, 'R81'), contains(steps('chkp').R80Offer, '(NGTP)'))]",
- "label": "Virtual machine size",
- "toolTip": "The VM size of the Security Gateway",
- "recommendedSizes": [
- "Standard_D3_v2",
- "Standard_DS3_v2"
- ],
- "constraints": {
- "allowedSizes": [
- "Standard_D4_v4",
- "Standard_D8_v4",
- "Standard_D16_v4",
- "Standard_D32_v4",
- "Standard_D48_v4",
- "Standard_D64_v4",
- "Standard_D4s_v4",
- "Standard_D8s_v4",
- "Standard_D16s_v4",
- "Standard_D32s_v4",
- "Standard_D48s_v4",
- "Standard_D64s_v4",
- "Standard_D2_v5",
- "Standard_D4_v5",
- "Standard_D8_v5",
- "Standard_D16_v5",
- "Standard_D32_v5",
- "Standard_D2s_v5",
- "Standard_D4s_v5",
- "Standard_D8s_v5",
- "Standard_D16s_v5",
- "Standard_D2d_v5",
- "Standard_D4d_v5",
- "Standard_D8d_v5",
- "Standard_D16d_v5",
- "Standard_D32d_v5",
- "Standard_D2ds_v5",
- "Standard_D4ds_v5",
- "Standard_D8ds_v5",
- "Standard_D16ds_v5",
- "Standard_D32ds_v5",
- "Standard_DS2_v2",
- "Standard_DS3_v2",
- "Standard_DS4_v2",
- "Standard_DS5_v2",
- "Standard_F2s",
- "Standard_F4s",
- "Standard_F8s",
- "Standard_F16s",
- "Standard_D4s_v3",
- "Standard_D8s_v3",
- "Standard_D16s_v3",
- "Standard_D32s_v3",
- "Standard_D64s_v3",
- "Standard_E4s_v3",
- "Standard_E8s_v3",
- "Standard_E16s_v3",
- "Standard_E20s_v3",
- "Standard_E32s_v3",
- "Standard_E64s_v3",
- "Standard_E64is_v3",
- "Standard_F4s_v2",
- "Standard_F8s_v2",
- "Standard_F16s_v2",
- "Standard_F32s_v2",
- "Standard_F64s_v2",
- "Standard_M8ms",
- "Standard_M16ms",
- "Standard_M32ms",
- "Standard_M64ms",
- "Standard_M64s",
- "Standard_D2_v2",
- "Standard_D3_v2",
- "Standard_D4_v2",
- "Standard_D5_v2",
- "Standard_D11_v2",
- "Standard_D12_v2",
- "Standard_D13_v2",
- "Standard_D14_v2",
- "Standard_D15_v2",
- "Standard_F2",
- "Standard_F4",
- "Standard_F8",
- "Standard_F16",
- "Standard_D4_v3",
- "Standard_D8_v3",
- "Standard_D16_v3",
- "Standard_D32_v3",
- "Standard_D64_v3",
- "Standard_E4_v3",
- "Standard_E8_v3",
- "Standard_E16_v3",
- "Standard_E20_v3",
- "Standard_E32_v3",
- "Standard_E64_v3",
- "Standard_E64i_v3",
- "Standard_DS11_v2",
- "Standard_DS12_v2",
- "Standard_DS13_v2",
- "Standard_DS14_v2",
- "Standard_DS15_v2"
+ "label": "R81.10",
+ "value": "R81.10"
+ },
+ {
+ "label": "R81.20",
+ "value": "R81.20"
+ }
]
- },
- "osPlatform": "Linux",
- "imageReference": {
- "publisher": "checkpoint",
- "offer": "check-point-cg-r81",
- "sku": "sg-ngtp"
- },
- "count": "[steps('autoprovision').vmCount]"
+ }
},
{
- "name": "R81vmSizeUiNGTX",
- "type": "Microsoft.Compute.SizeSelector",
- "visible": "[and(equals(steps('chkp').cloudGuardVersion, 'R81'), contains(steps('chkp').R80Offer, '(NGTX)'))]",
- "label": "Virtual machine size",
- "toolTip": "The VM size of the Security Gateway",
- "recommendedSizes": [
- "Standard_D3_v2",
- "Standard_DS3_v2"
- ],
+ "name": "R80Offer",
+ "type": "Microsoft.Common.DropDown",
+ "label": "License type",
+ "toolTip": "The type of license.",
+ "defaultValue": "Bring Your Own License",
+ "visible": true,
"constraints": {
- "allowedSizes": [
- "Standard_D4_v4",
- "Standard_D8_v4",
- "Standard_D16_v4",
- "Standard_D32_v4",
- "Standard_D48_v4",
- "Standard_D64_v4",
- "Standard_D4s_v4",
- "Standard_D8s_v4",
- "Standard_D16s_v4",
- "Standard_D32s_v4",
- "Standard_D48s_v4",
- "Standard_D64s_v4",
- "Standard_D2_v5",
- "Standard_D4_v5",
- "Standard_D8_v5",
- "Standard_D16_v5",
- "Standard_D32_v5",
- "Standard_D2s_v5",
- "Standard_D4s_v5",
- "Standard_D8s_v5",
- "Standard_D16s_v5",
- "Standard_D2d_v5",
- "Standard_D4d_v5",
- "Standard_D8d_v5",
- "Standard_D16d_v5",
- "Standard_D32d_v5",
- "Standard_D2ds_v5",
- "Standard_D4ds_v5",
- "Standard_D8ds_v5",
- "Standard_D16ds_v5",
- "Standard_D32ds_v5",
- "Standard_DS2_v2",
- "Standard_DS3_v2",
- "Standard_DS4_v2",
- "Standard_DS5_v2",
- "Standard_F2s",
- "Standard_F4s",
- "Standard_F8s",
- "Standard_F16s",
- "Standard_D4s_v3",
- "Standard_D8s_v3",
- "Standard_D16s_v3",
- "Standard_D32s_v3",
- "Standard_D64s_v3",
- "Standard_E4s_v3",
- "Standard_E8s_v3",
- "Standard_E16s_v3",
- "Standard_E20s_v3",
- "Standard_E32s_v3",
- "Standard_E64s_v3",
- "Standard_E64is_v3",
- "Standard_F4s_v2",
- "Standard_F8s_v2",
- "Standard_F16s_v2",
- "Standard_F32s_v2",
- "Standard_F64s_v2",
- "Standard_M8ms",
- "Standard_M16ms",
- "Standard_M32ms",
- "Standard_M64ms",
- "Standard_M64s",
- "Standard_D2_v2",
- "Standard_D3_v2",
- "Standard_D4_v2",
- "Standard_D5_v2",
- "Standard_D11_v2",
- "Standard_D12_v2",
- "Standard_D13_v2",
- "Standard_D14_v2",
- "Standard_D15_v2",
- "Standard_F2",
- "Standard_F4",
- "Standard_F8",
- "Standard_F16",
- "Standard_D4_v3",
- "Standard_D8_v3",
- "Standard_D16_v3",
- "Standard_D32_v3",
- "Standard_D64_v3",
- "Standard_E4_v3",
- "Standard_E8_v3",
- "Standard_E16_v3",
- "Standard_E20_v3",
- "Standard_E32_v3",
- "Standard_E64_v3",
- "Standard_E64i_v3",
- "Standard_DS11_v2",
- "Standard_DS12_v2",
- "Standard_DS13_v2",
- "Standard_DS14_v2",
- "Standard_DS15_v2"
+ "allowedValues": [
+ {
+ "label": "Bring Your Own License",
+ "value": "Bring Your Own License"
+ },
+ {
+ "label": "Pay As You Go (NGTP)",
+ "value": "Pay As You Go (NGTP)"
+ },
+ {
+ "label": "Pay As You Go (NGTX)",
+ "value": "Pay As You Go (NGTX)"
+ }
]
- },
- "osPlatform": "Linux",
- "imageReference": {
- "publisher": "checkpoint",
- "offer": "check-point-cg-r81",
- "sku": "sg-ngtx"
- },
- "count": "[steps('autoprovision').vmCount]"
+ }
},
{
"name": "R8110vmSizeUiBYOL",
@@ -2035,7 +1349,7 @@
}
},
{
- "visible": "[bool(basics('auth').sshPublicKey)]",
+ "visible": "[bool(basics('auth').sshPublicKey)]",
"name": "EnableSerialConsolePassword",
"type": "Microsoft.Common.OptionsGroup",
"label": "Enable Serial console password",
@@ -2075,14 +1389,14 @@
{
"name": "MaintenanceModeInfoBox",
"type": "Microsoft.Common.InfoBox",
- "visible": "[and(bool(basics('auth').password), not(contains('R80.40 R81 R81.10', steps('chkp').cloudGuardVersion)))]",
+ "visible": "[and(bool(basics('auth').password), not(contains('R81.10', steps('chkp').cloudGuardVersion)))]",
"options": {
"icon": "Info",
"text": "Check Point recommends setting a maintenance-mode password for recovery purposes."
}
},
{
- "visible": "[not(contains('R80.40 R81 R81.10', steps('chkp').cloudGuardVersion))]",
+ "visible": "[not(contains('R81.10', steps('chkp').cloudGuardVersion))]",
"name": "EnableMaintenanceMode",
"type": "Microsoft.Common.OptionsGroup",
"label": "Enable Maintenance Mode",
@@ -2102,7 +1416,7 @@
}
},
{
- "visible": "[and(not(contains('R80.40 R81 R81.10', steps('chkp').cloudGuardVersion)), steps('chkp').EnableMaintenanceMode)]",
+ "visible": "[and(not(contains('R81.10', steps('chkp').cloudGuardVersion)), steps('chkp').EnableMaintenanceMode)]",
"name": "MaintenanceModePassword",
"type": "Microsoft.Common.PasswordBox",
"defaultValue": "",
@@ -2159,7 +1473,7 @@
"type": "Microsoft.Common.OptionsGroup",
"label": "VM disk type",
"toolTip": "Type of CloudGuard disk.",
- "visible": "[not(contains('R80.40 R81 R81.10' , steps('chkp').cloudGuardVersion))]",
+ "visible": "[not(contains('R81.10' , steps('chkp').cloudGuardVersion))]",
"defaultValue": "Premium",
"constraints": {
"allowedValues": [
@@ -2179,7 +1493,7 @@
"type": "Microsoft.Common.OptionsGroup",
"label": "VM disk type",
"toolTip": "Type of CloudGuard disk.",
- "visible": "[contains('R80.40 R81 R81.10' , steps('chkp').cloudGuardVersion)]",
+ "visible": "[contains('R81.10' , steps('chkp').cloudGuardVersion)]",
"defaultValue": "Standard",
"constraints": {
"allowedValues": [
@@ -2204,7 +1518,7 @@
"regex": "^([0-9]|[1-9][0-9]|[1-9][0-9][0-9]|[1-2][0-9][0-9][0-9]|3[0-8][0-9][0-9]|399[0-5])$",
"validationMessage": "Select a number between 0 and 3995"
},
- "visible": "[not(contains('R80.40 R81 R81.10 R81.20', steps('chkp').cloudGuardVersion))]"
+ "visible": "[not(contains('R81.10 R81.20', steps('chkp').cloudGuardVersion))]"
},
{
"name": "useCustomImageUri",
@@ -2422,12 +1736,12 @@
"availabilityZonesNum": "[coalesce(steps('autoprovision').availabilityZonesNum, int('0'))]",
"customMetrics": "[steps('autoprovision').customMetrics]",
"cloudGuardVersion": "[concat(steps('chkp').cloudGuardVersion, ' - ', coalesce(steps('chkp').R80Offer, 'Bring Your Own License'))]",
- "vmSize": "[coalesce(steps('chkp').R8040vmSizeUiBYOL, steps('chkp').R8040vmSizeUiNGTP, steps('chkp').R8040vmSizeUiNGTX, steps('chkp').R81vmSizeUiBYOL, steps('chkp').R81vmSizeUiNGTP, steps('chkp').R81vmSizeUiNGTX, steps('chkp').R8110vmSizeUiBYOL, steps('chkp').R8110vmSizeUiNGTP, steps('chkp').R8110vmSizeUiNGTX, steps('chkp').R8120vmSizeUiBYOL, steps('chkp').R8120vmSizeUiNGTP, steps('chkp').R8120vmSizeUiNGTX)]",
+ "vmSize": "[coalesce(steps('chkp').R8110vmSizeUiBYOL, steps('chkp').R8110vmSizeUiNGTP, steps('chkp').R8110vmSizeUiNGTX, steps('chkp').R8120vmSizeUiBYOL, steps('chkp').R8120vmSizeUiNGTP, steps('chkp').R8120vmSizeUiNGTX)]",
"sicKey": "[steps('chkp').sicKeyUi]",
"bootstrapScript": "[steps('chkp').bootstrapScript]",
"allowDownloadFromUploadToCheckPoint": "[coalesce(steps('chkp').allowUploadDownload, 'true')]",
"additionalDiskSizeGB": "[int(steps('chkp').additionalDiskSizeGB)]",
- "diskType": "[if(contains('R80.40 R81 R81.10' , steps('chkp').cloudGuardVersion) , steps('chkp').VMDiskTypeOldVersions , steps('chkp').VMDiskType)]",
+ "diskType": "[if(contains('R81.10' , steps('chkp').cloudGuardVersion) , steps('chkp').VMDiskTypeOldVersions , steps('chkp').VMDiskType)]",
"sourceImageVhdUri": "[coalesce(steps('chkp').sourceImageVhdUri, 'noCustomUri')]",
"virtualNetworkName": "[steps('network').virtualNetwork.name]",
"virtualNetworkAddressPrefixes": "[steps('network').virtualNetwork.addressPrefixes]",
@@ -2453,4 +1767,4 @@
"MaintenanceModePasswordHash": "[steps('chkp').MaintenanceModePassword]"
}
}
-}
+}
\ No newline at end of file
diff --git a/azure/templates/marketplace-vmss/mainTemplate.json b/azure/templates/marketplace-vmss/mainTemplate.json
index 2d654367..0dd69d8d 100644
--- a/azure/templates/marketplace-vmss/mainTemplate.json
+++ b/azure/templates/marketplace-vmss/mainTemplate.json
@@ -19,12 +19,6 @@
"cloudGuardVersion": {
"type": "string",
"allowedValues": [
- "R80.40 - Bring Your Own License",
- "R80.40 - Pay As You Go (NGTP)",
- "R80.40 - Pay As You Go (NGTX)",
- "R81 - Bring Your Own License",
- "R81 - Pay As You Go (NGTP)",
- "R81 - Pay As You Go (NGTX)",
"R81.10 - Bring Your Own License",
"R81.10 - Pay As You Go (NGTP)",
"R81.10 - Pay As You Go (NGTX)",
@@ -494,29 +488,23 @@
"metadata": {
"description": "Add Storage Account IP rules that allow access to the Serial Console only for IPs based on their geographic location, based on https://learn.microsoft.com/en-us/troubleshoot/azure/virtual-machines/serial-console-linux#use-serial-console-with-custom-boot-diagnostics-storage-account-firewall-enabled"
},
- "defaultValue" : false
+ "defaultValue": false
},
- "storageAccountAdditionalIps":{
+ "storageAccountAdditionalIps": {
"type": "array",
"metadata": {
"description": "IPs/CIDRs that are allowed access to the Storage Account"
},
- "defaultValue" : []
+ "defaultValue": []
}
},
"variables": {
"resourceGroup": "[resourceGroup()]",
"resourceGroupName": "[resourceGroup().name]",
"templateName": "vmss-v2",
- "templateVersion": "20230910",
+ "templateVersion": "20240716",
"location": "[parameters('location')]",
"offers": {
- "R80.40 - Bring Your Own License": "BYOL",
- "R80.40 - Pay As You Go (NGTP)": "NGTP",
- "R80.40 - Pay As You Go (NGTX)": "NGTX",
- "R81 - Bring Your Own License": "BYOL",
- "R81 - Pay As You Go (NGTP)": "NGTP",
- "R81 - Pay As You Go (NGTX)": "NGTX",
"R81.10 - Bring Your Own License": "BYOL",
"R81.10 - Pay As You Go (NGTP)": "NGTP",
"R81.10 - Pay As You Go (NGTX)": "NGTX",
@@ -526,12 +514,6 @@
},
"offer": "[variables('offers')[parameters('cloudGuardVersion')]]",
"osVersions": {
- "R80.40 - Bring Your Own License": "R8040",
- "R80.40 - Pay As You Go (NGTP)": "R8040",
- "R80.40 - Pay As You Go (NGTX)": "R8040",
- "R81 - Bring Your Own License": "R81",
- "R81 - Pay As You Go (NGTP)": "R81",
- "R81 - Pay As You Go (NGTX)": "R81",
"R81.10 - Bring Your Own License": "R8110",
"R81.10 - Pay As You Go (NGTP)": "R8110",
"R81.10 - Pay As You Go (NGTX)": "R8110",
@@ -541,58 +523,209 @@
},
"osVersion": "[variables('osVersions')[parameters('cloudGuardVersion')]]",
"SerialConsoleGeographies": {
- "eastasia" : ["20.205.69.28", "20.195.85.180"],
- "southeastasia" : ["20.205.69.28", "20.195.85.180"],
- "australiacentral" : ["20.53.53.224", "20.70.222.112"],
- "australiacentral2" : ["20.53.53.224", "20.70.222.112"],
- "australiaeast" : ["20.53.53.224", "20.70.222.112"],
- "australiasoutheast" : ["20.53.53.224", "20.70.222.112"],
- "brazilsouth" : ["91.234.136.63", "20.206.0.194"],
- "brazilsoutheast" : ["91.234.136.63", "20.206.0.194"],
- "canadacentral" : ["52.228.86.177", "52.242.40.90"],
- "canadaeast" : ["52.228.86.177", "52.242.40.90"],
- "northeurope" : ["52.146.139.220", "20.105.209.72"],
- "westeurope" : ["52.146.139.220", "20.105.209.72"],
- "francecentral" : ["20.111.0.244", "52.136.191.10"],
- "francesouth" : ["20.111.0.244", "52.136.191.10"],
- "germanynorth" : ["51.116.75.88", "20.52.95.48"],
- "germanywestcentral" : ["51.116.75.88", "20.52.95.48"],
- "centralindia" : ["20.192.168.150", "20.192.153.104"],
- "southindia" : ["20.192.168.150", "20.192.153.104"],
- "westindia" : ["20.192.168.150", "20.192.153.104"],
- "japaneast" : ["20.43.70.205", "20.189.228.222"],
- "japanwest" : ["20.43.70.205", "20.189.228.222"],
- "koreacentral" : ["20.200.196.96", "52.147.119.29"],
- "koreasouth" : ["20.200.196.96", "52.147.119.29"],
- "norwaywest" : ["20.100.1.184", "51.13.138.76"],
- "norwayeast" : ["20.100.1.184", "51.13.138.76"],
- "switzerlandnorth" : ["20.208.4.98", "51.107.251.190"],
- "switzerlandwest" : ["20.208.4.98", "51.107.251.190"],
- "uaecentral" : ["20.45.95.66", "20.38.141.5"],
- "uaenorth" : ["20.45.95.66", "20.38.141.5"],
- "uksouth" : ["20.90.132.144", "20.58.68.62"],
- "ukwest" : ["20.90.132.144", "20.58.68.62"],
- "swedencentral" : ["51.12.72.223", "51.12.22.174"],
- "swedensouth" : ["51.12.72.223", "51.12.22.174"],
- "centralus" : ["20.98.146.84", "20.98.194.64", "20.69.5.162", "20.83.222.102"],
- "eastus2" : ["20.98.146.84", "20.98.194.64", "20.69.5.162", "20.83.222.102"],
- "eastus" : ["20.98.146.84", "20.98.194.64", "20.69.5.162", "20.83.222.102"],
- "northcentralus" : ["20.98.146.84", "20.98.194.64", "20.69.5.162", "20.83.222.102"],
- "southcentralus" : ["20.98.146.84", "20.98.194.64", "20.69.5.162", "20.83.222.102"],
- "westus2" : ["20.98.146.84", "20.98.194.64", "20.69.5.162", "20.83.222.102"],
- "westus3" : ["20.98.146.84", "20.98.194.64", "20.69.5.162", "20.83.222.102"],
- "westcentralus" : ["20.98.146.84", "20.98.194.64", "20.69.5.162", "20.83.222.102"],
- "westus" : ["20.98.146.84", "20.98.194.64", "20.69.5.162", "20.83.222.102"],
- "eastus2euap" : ["20.45.242.18", "20.51.21.252"],
- "centraluseuap" : ["20.45.242.18", "20.51.21.252"]},
+ "eastasia": [
+ "20.205.69.28",
+ "20.195.85.180"
+ ],
+ "southeastasia": [
+ "20.205.69.28",
+ "20.195.85.180"
+ ],
+ "australiacentral": [
+ "20.53.53.224",
+ "20.70.222.112"
+ ],
+ "australiacentral2": [
+ "20.53.53.224",
+ "20.70.222.112"
+ ],
+ "australiaeast": [
+ "20.53.53.224",
+ "20.70.222.112"
+ ],
+ "australiasoutheast": [
+ "20.53.53.224",
+ "20.70.222.112"
+ ],
+ "brazilsouth": [
+ "91.234.136.63",
+ "20.206.0.194"
+ ],
+ "brazilsoutheast": [
+ "91.234.136.63",
+ "20.206.0.194"
+ ],
+ "canadacentral": [
+ "52.228.86.177",
+ "52.242.40.90"
+ ],
+ "canadaeast": [
+ "52.228.86.177",
+ "52.242.40.90"
+ ],
+ "northeurope": [
+ "52.146.139.220",
+ "20.105.209.72"
+ ],
+ "westeurope": [
+ "52.146.139.220",
+ "20.105.209.72"
+ ],
+ "francecentral": [
+ "20.111.0.244",
+ "52.136.191.10"
+ ],
+ "francesouth": [
+ "20.111.0.244",
+ "52.136.191.10"
+ ],
+ "germanynorth": [
+ "51.116.75.88",
+ "20.52.95.48"
+ ],
+ "germanywestcentral": [
+ "51.116.75.88",
+ "20.52.95.48"
+ ],
+ "centralindia": [
+ "20.192.168.150",
+ "20.192.153.104"
+ ],
+ "southindia": [
+ "20.192.168.150",
+ "20.192.153.104"
+ ],
+ "westindia": [
+ "20.192.168.150",
+ "20.192.153.104"
+ ],
+ "japaneast": [
+ "20.43.70.205",
+ "20.189.228.222"
+ ],
+ "japanwest": [
+ "20.43.70.205",
+ "20.189.228.222"
+ ],
+ "koreacentral": [
+ "20.200.196.96",
+ "52.147.119.29"
+ ],
+ "koreasouth": [
+ "20.200.196.96",
+ "52.147.119.29"
+ ],
+ "norwaywest": [
+ "20.100.1.184",
+ "51.13.138.76"
+ ],
+ "norwayeast": [
+ "20.100.1.184",
+ "51.13.138.76"
+ ],
+ "switzerlandnorth": [
+ "20.208.4.98",
+ "51.107.251.190"
+ ],
+ "switzerlandwest": [
+ "20.208.4.98",
+ "51.107.251.190"
+ ],
+ "uaecentral": [
+ "20.45.95.66",
+ "20.38.141.5"
+ ],
+ "uaenorth": [
+ "20.45.95.66",
+ "20.38.141.5"
+ ],
+ "uksouth": [
+ "20.90.132.144",
+ "20.58.68.62"
+ ],
+ "ukwest": [
+ "20.90.132.144",
+ "20.58.68.62"
+ ],
+ "swedencentral": [
+ "51.12.72.223",
+ "51.12.22.174"
+ ],
+ "swedensouth": [
+ "51.12.72.223",
+ "51.12.22.174"
+ ],
+ "centralus": [
+ "20.98.146.84",
+ "20.98.194.64",
+ "20.69.5.162",
+ "20.83.222.102"
+ ],
+ "eastus2": [
+ "20.98.146.84",
+ "20.98.194.64",
+ "20.69.5.162",
+ "20.83.222.102"
+ ],
+ "eastus": [
+ "20.98.146.84",
+ "20.98.194.64",
+ "20.69.5.162",
+ "20.83.222.102"
+ ],
+ "northcentralus": [
+ "20.98.146.84",
+ "20.98.194.64",
+ "20.69.5.162",
+ "20.83.222.102"
+ ],
+ "southcentralus": [
+ "20.98.146.84",
+ "20.98.194.64",
+ "20.69.5.162",
+ "20.83.222.102"
+ ],
+ "westus2": [
+ "20.98.146.84",
+ "20.98.194.64",
+ "20.69.5.162",
+ "20.83.222.102"
+ ],
+ "westus3": [
+ "20.98.146.84",
+ "20.98.194.64",
+ "20.69.5.162",
+ "20.83.222.102"
+ ],
+ "westcentralus": [
+ "20.98.146.84",
+ "20.98.194.64",
+ "20.69.5.162",
+ "20.83.222.102"
+ ],
+ "westus": [
+ "20.98.146.84",
+ "20.98.194.64",
+ "20.69.5.162",
+ "20.83.222.102"
+ ],
+ "eastus2euap": [
+ "20.45.242.18",
+ "20.51.21.252"
+ ],
+ "centraluseuap": [
+ "20.45.242.18",
+ "20.51.21.252"
+ ]
+ },
"serialConsoleIps": "[if(contains(variables('serialConsoleGeographies'),variables('location')),variables('serialConsoleGeographies')[variables('location')],createArray())]",
- "storageAccountIps" : "[concat(variables('SerialConsoleIps'),parameters('storageAccountAdditionalIps'))]",
+ "storageAccountIps": "[concat(variables('SerialConsoleIps'),parameters('storageAccountAdditionalIps'))]",
"isBlink": true,
"subnet2Name": "[parameters('subnet2Name')]",
"storageAccountName": "[concat('bootdiag', uniqueString(variables('resourceGroup').id, deployment().name))]",
"storageAccountType": "Standard_LRS",
"diskSize100GB": 100,
- "additionalDiskSizeGB": "[if(contains('R8040 R81 R8110 R8120', variables('osVersion')), 0, parameters('additionalDiskSizeGB'))]",
+ "additionalDiskSizeGB": "[if(contains('R8110 R8120', variables('osVersion')), 0, parameters('additionalDiskSizeGB'))]",
"diskSizeGB": "[add(variables('additionalDiskSizeGB'), variables('diskSize100GB'))]",
"enableFloatingIP": "[equals(parameters('floatingIP'), 'yes')]",
"customData": "[concat('#!/usr/bin/python3 /etc/cloud_config.py\n', '\n', 'installationType=\"', variables('installationType'), '\"', '\n', 'allowUploadDownload=\"', variables('allowUploadDownload'), '\"', '\n', 'osVersion=\"', variables('osVersion'), '\"', '\n', 'templateName=\"', variables('templateName'), '\"', '\n', 'isBlink=\"', variables('isBlink'), '\"', '\n', 'templateVersion=\"', variables('templateVersion'), '\"', '\n', 'bootstrapScript64=\"', variables('bootstrapScript64'), '\"', '\n', 'location=\"', variables('location'), '\"', '\n', 'sicKey=\"', variables('sicKey'), '\"', '\n', 'customMetrics=\"', variables('customMetrics'), '\"', '\n', 'adminShell=\"', parameters('adminShell'), '\"', '\n', 'MaintenanceModePassword=\"', parameters('MaintenanceModePasswordHash'), '\"', '\n', 'passwordHash=\"', parameters('SerialConsolePasswordHash'), '\"', '\n')]",
@@ -770,7 +903,9 @@
},
"publicIPPrefixLength": "[variables('IPv4Lengths')[parameters('IPv4Length')]]",
"useIpPrefix": "[if(equals(parameters('publicIPPrefix'), 'yes'), variables('publicIPPropertiesWithPrefix'), variables('publicIPPropertiesWithoutPrefix'))]",
- "NewNsgReference": {"id": "[resourceId(variables('vnetRGName'),'Microsoft.Network/networkSecurityGroups', parameters('NewNsgName'))]"}
+ "NewNsgReference": {
+ "id": "[resourceId(variables('vnetRGName'),'Microsoft.Network/networkSecurityGroups', parameters('NewNsgName'))]"
+ }
},
"resources": [
{
@@ -857,8 +992,7 @@
"deployNsg": {
"value": "[parameters('deployNewNSG')]"
},
- "NewNsgName":
- {
+ "NewNsgName": {
"value": "[parameters('NewNsgName')]"
},
"tagsByResource": {
@@ -895,8 +1029,7 @@
"deployNsg": {
"value": "[parameters('deployNewNSG')]"
},
- "NewNsgName":
- {
+ "NewNsgName": {
"value": "[parameters('NewNsgName')]"
},
"tagsByResource": {
diff --git a/azure/templates/single-ipv6/mainTemplate.json b/azure/templates/single-ipv6/mainTemplate.json
index 7679d2a9..3ef03349 100755
--- a/azure/templates/single-ipv6/mainTemplate.json
+++ b/azure/templates/single-ipv6/mainTemplate.json
@@ -12,12 +12,6 @@
"cloudGuardVersion": {
"type": "string",
"allowedValues": [
- "R80.40 - Bring Your Own License",
- "R80.40 - Pay As You Go (NGTP)",
- "R80.40 - Pay As You Go (NGTX)",
- "R81 - Bring Your Own License",
- "R81 - Pay As You Go (NGTP)",
- "R81 - Pay As You Go (NGTX)",
"R81.10 - Bring Your Own License",
"R81.10 - Pay As You Go (NGTP)",
"R81.10 - Pay As You Go (NGTX)",
@@ -281,16 +275,15 @@
"metadata": {
"description": "Add Storage Account IP rules that allow access to the Serial Console only for IPs based on their geographic location, based on https://learn.microsoft.com/en-us/troubleshoot/azure/virtual-machines/serial-console-linux#use-serial-console-with-custom-boot-diagnostics-storage-account-firewall-enabled"
},
- "defaultValue" : false
+ "defaultValue": false
},
- "storageAccountAdditionalIps":{
+ "storageAccountAdditionalIps": {
"type": "array",
"metadata": {
"description": "IPs/CIDRs that are allowed access to the Storage Account"
},
- "defaultValue" : []
+ "defaultValue": []
}
-
},
"variables": {
"vnetv4AddressRange": "[parameters('virtualNetworkAddressPrefix')]",
@@ -303,17 +296,11 @@
"subnetName": "[parameters('Subnet1Name')]",
"subnet2Name": "[parameters('Subnet2Name')]",
"templateName": "singleIpv6",
- "templateVersion": "20230910",
+ "templateVersion": "20240716",
"location": "[parameters('location')]",
"subnet-id": "[resourceId(parameters('virtualNetworkExistingRGName'), 'Microsoft.Network/virtualNetworks/subnets', variables('virtualNetworkName'), variables('subnetName'))]",
"subnet2-id": "[resourceId(parameters('virtualNetworkExistingRGName'), 'Microsoft.Network/virtualNetworks/subnets', variables('virtualNetworkName'), variables('subnet2Name'))]",
"offers": {
- "R80.40 - Bring Your Own License": "BYOL",
- "R80.40 - Pay As You Go (NGTP)": "NGTP",
- "R80.40 - Pay As You Go (NGTX)": "NGTX",
- "R81 - Bring Your Own License": "BYOL",
- "R81 - Pay As You Go (NGTP)": "NGTP",
- "R81 - Pay As You Go (NGTX)": "NGTX",
"R81.10 - Bring Your Own License": "BYOL",
"R81.10 - Pay As You Go (NGTP)": "NGTP",
"R81.10 - Pay As You Go (NGTX)": "NGTX",
@@ -323,12 +310,6 @@
},
"offer": "[variables('offers')[parameters('cloudGuardVersion')]]",
"osVersions": {
- "R80.40 - Bring Your Own License": "R8040",
- "R80.40 - Pay As You Go (NGTP)": "R8040",
- "R80.40 - Pay As You Go (NGTX)": "R8040",
- "R81 - Bring Your Own License": "R81",
- "R81 - Pay As You Go (NGTP)": "R81",
- "R81 - Pay As You Go (NGTX)": "R81",
"R81.10 - Bring Your Own License": "R8110",
"R81.10 - Pay As You Go (NGTP)": "R8110",
"R81.10 - Pay As You Go (NGTX)": "R8110",
@@ -338,52 +319,203 @@
},
"osVersion": "[variables('osVersions')[parameters('cloudGuardVersion')]]",
"SerialConsoleGeographies": {
- "eastasia" : ["20.205.69.28", "20.195.85.180"],
- "southeastasia" : ["20.205.69.28", "20.195.85.180"],
- "australiacentral" : ["20.53.53.224", "20.70.222.112"],
- "australiacentral2" : ["20.53.53.224", "20.70.222.112"],
- "australiaeast" : ["20.53.53.224", "20.70.222.112"],
- "australiasoutheast" : ["20.53.53.224", "20.70.222.112"],
- "brazilsouth" : ["91.234.136.63", "20.206.0.194"],
- "brazilsoutheast" : ["91.234.136.63", "20.206.0.194"],
- "canadacentral" : ["52.228.86.177", "52.242.40.90"],
- "canadaeast" : ["52.228.86.177", "52.242.40.90"],
- "northeurope" : ["52.146.139.220", "20.105.209.72"],
- "westeurope" : ["52.146.139.220", "20.105.209.72"],
- "francecentral" : ["20.111.0.244", "52.136.191.10"],
- "francesouth" : ["20.111.0.244", "52.136.191.10"],
- "germanynorth" : ["51.116.75.88", "20.52.95.48"],
- "germanywestcentral" : ["51.116.75.88", "20.52.95.48"],
- "centralindia" : ["20.192.168.150", "20.192.153.104"],
- "southindia" : ["20.192.168.150", "20.192.153.104"],
- "westindia" : ["20.192.168.150", "20.192.153.104"],
- "japaneast" : ["20.43.70.205", "20.189.228.222"],
- "japanwest" : ["20.43.70.205", "20.189.228.222"],
- "koreacentral" : ["20.200.196.96", "52.147.119.29"],
- "koreasouth" : ["20.200.196.96", "52.147.119.29"],
- "norwaywest" : ["20.100.1.184", "51.13.138.76"],
- "norwayeast" : ["20.100.1.184", "51.13.138.76"],
- "switzerlandnorth" : ["20.208.4.98", "51.107.251.190"],
- "switzerlandwest" : ["20.208.4.98", "51.107.251.190"],
- "uaecentral" : ["20.45.95.66", "20.38.141.5"],
- "uaenorth" : ["20.45.95.66", "20.38.141.5"],
- "uksouth" : ["20.90.132.144", "20.58.68.62"],
- "ukwest" : ["20.90.132.144", "20.58.68.62"],
- "swedencentral" : ["51.12.72.223", "51.12.22.174"],
- "swedensouth" : ["51.12.72.223", "51.12.22.174"],
- "centralus" : ["20.98.146.84", "20.98.194.64", "20.69.5.162", "20.83.222.102"],
- "eastus2" : ["20.98.146.84", "20.98.194.64", "20.69.5.162", "20.83.222.102"],
- "eastus" : ["20.98.146.84", "20.98.194.64", "20.69.5.162", "20.83.222.102"],
- "northcentralus" : ["20.98.146.84", "20.98.194.64", "20.69.5.162", "20.83.222.102"],
- "southcentralus" : ["20.98.146.84", "20.98.194.64", "20.69.5.162", "20.83.222.102"],
- "westus2" : ["20.98.146.84", "20.98.194.64", "20.69.5.162", "20.83.222.102"],
- "westus3" : ["20.98.146.84", "20.98.194.64", "20.69.5.162", "20.83.222.102"],
- "westcentralus" : ["20.98.146.84", "20.98.194.64", "20.69.5.162", "20.83.222.102"],
- "westus" : ["20.98.146.84", "20.98.194.64", "20.69.5.162", "20.83.222.102"],
- "eastus2euap" : ["20.45.242.18", "20.51.21.252"],
- "centraluseuap" : ["20.45.242.18", "20.51.21.252"]},
+ "eastasia": [
+ "20.205.69.28",
+ "20.195.85.180"
+ ],
+ "southeastasia": [
+ "20.205.69.28",
+ "20.195.85.180"
+ ],
+ "australiacentral": [
+ "20.53.53.224",
+ "20.70.222.112"
+ ],
+ "australiacentral2": [
+ "20.53.53.224",
+ "20.70.222.112"
+ ],
+ "australiaeast": [
+ "20.53.53.224",
+ "20.70.222.112"
+ ],
+ "australiasoutheast": [
+ "20.53.53.224",
+ "20.70.222.112"
+ ],
+ "brazilsouth": [
+ "91.234.136.63",
+ "20.206.0.194"
+ ],
+ "brazilsoutheast": [
+ "91.234.136.63",
+ "20.206.0.194"
+ ],
+ "canadacentral": [
+ "52.228.86.177",
+ "52.242.40.90"
+ ],
+ "canadaeast": [
+ "52.228.86.177",
+ "52.242.40.90"
+ ],
+ "northeurope": [
+ "52.146.139.220",
+ "20.105.209.72"
+ ],
+ "westeurope": [
+ "52.146.139.220",
+ "20.105.209.72"
+ ],
+ "francecentral": [
+ "20.111.0.244",
+ "52.136.191.10"
+ ],
+ "francesouth": [
+ "20.111.0.244",
+ "52.136.191.10"
+ ],
+ "germanynorth": [
+ "51.116.75.88",
+ "20.52.95.48"
+ ],
+ "germanywestcentral": [
+ "51.116.75.88",
+ "20.52.95.48"
+ ],
+ "centralindia": [
+ "20.192.168.150",
+ "20.192.153.104"
+ ],
+ "southindia": [
+ "20.192.168.150",
+ "20.192.153.104"
+ ],
+ "westindia": [
+ "20.192.168.150",
+ "20.192.153.104"
+ ],
+ "japaneast": [
+ "20.43.70.205",
+ "20.189.228.222"
+ ],
+ "japanwest": [
+ "20.43.70.205",
+ "20.189.228.222"
+ ],
+ "koreacentral": [
+ "20.200.196.96",
+ "52.147.119.29"
+ ],
+ "koreasouth": [
+ "20.200.196.96",
+ "52.147.119.29"
+ ],
+ "norwaywest": [
+ "20.100.1.184",
+ "51.13.138.76"
+ ],
+ "norwayeast": [
+ "20.100.1.184",
+ "51.13.138.76"
+ ],
+ "switzerlandnorth": [
+ "20.208.4.98",
+ "51.107.251.190"
+ ],
+ "switzerlandwest": [
+ "20.208.4.98",
+ "51.107.251.190"
+ ],
+ "uaecentral": [
+ "20.45.95.66",
+ "20.38.141.5"
+ ],
+ "uaenorth": [
+ "20.45.95.66",
+ "20.38.141.5"
+ ],
+ "uksouth": [
+ "20.90.132.144",
+ "20.58.68.62"
+ ],
+ "ukwest": [
+ "20.90.132.144",
+ "20.58.68.62"
+ ],
+ "swedencentral": [
+ "51.12.72.223",
+ "51.12.22.174"
+ ],
+ "swedensouth": [
+ "51.12.72.223",
+ "51.12.22.174"
+ ],
+ "centralus": [
+ "20.98.146.84",
+ "20.98.194.64",
+ "20.69.5.162",
+ "20.83.222.102"
+ ],
+ "eastus2": [
+ "20.98.146.84",
+ "20.98.194.64",
+ "20.69.5.162",
+ "20.83.222.102"
+ ],
+ "eastus": [
+ "20.98.146.84",
+ "20.98.194.64",
+ "20.69.5.162",
+ "20.83.222.102"
+ ],
+ "northcentralus": [
+ "20.98.146.84",
+ "20.98.194.64",
+ "20.69.5.162",
+ "20.83.222.102"
+ ],
+ "southcentralus": [
+ "20.98.146.84",
+ "20.98.194.64",
+ "20.69.5.162",
+ "20.83.222.102"
+ ],
+ "westus2": [
+ "20.98.146.84",
+ "20.98.194.64",
+ "20.69.5.162",
+ "20.83.222.102"
+ ],
+ "westus3": [
+ "20.98.146.84",
+ "20.98.194.64",
+ "20.69.5.162",
+ "20.83.222.102"
+ ],
+ "westcentralus": [
+ "20.98.146.84",
+ "20.98.194.64",
+ "20.69.5.162",
+ "20.83.222.102"
+ ],
+ "westus": [
+ "20.98.146.84",
+ "20.98.194.64",
+ "20.69.5.162",
+ "20.83.222.102"
+ ],
+ "eastus2euap": [
+ "20.45.242.18",
+ "20.51.21.252"
+ ],
+ "centraluseuap": [
+ "20.45.242.18",
+ "20.51.21.252"
+ ]
+ },
"serialConsoleIps": "[if(contains(variables('serialConsoleGeographies'),variables('location')),variables('serialConsoleGeographies')[variables('location')],createArray())]",
- "storageAccountIps" : "[concat(variables('SerialConsoleIps'),parameters('storageAccountAdditionalIps'))]",
+ "storageAccountIps": "[concat(variables('SerialConsoleIps'),parameters('storageAccountAdditionalIps'))]",
"installationType": "[parameters('installationType')]",
"isBlink": "[equals(variables('installationType'), 'gateway')]",
"storageAccountName": "[concat('bootdiag', uniqueString(resourceGroup().id, deployment().name))]",
@@ -393,7 +525,7 @@
"customData": "[concat('#!/usr/bin/python3 /etc/cloud_config.py\n', '\n', 'installationType=\"', variables('installationType'), '\"', '\n', 'allowUploadDownload=\"', variables('allowUploadDownload'), '\"', '\n', 'osVersion=\"', variables('osVersion'), '\"', '\n', 'templateName=\"', variables('templateName'), '\"', '\n', 'isBlink=\"', variables('isBlink'), '\"', '\n', 'templateVersion=\"', variables('templateVersion'), '\"', '\n', 'bootstrapScript64=\"', variables('bootstrapScript64'), '\"', '\n', 'location=\"', variables('location'), '\"', '\n', 'sicKey=\"', variables('sicKey'), '\"', '\n', 'managementGUIClientNetwork=\"', variables('managementGUIClientNetwork'), '\"', '\n', 'adminShell=\"', parameters('adminShell'), '\"', '\n')]",
"imageOffer": "[concat('check-point-cg-', toLower(variables('osVersion')))]",
"imagePublisher": "checkpoint",
- "imageSku": "[if(and(equals(parameters('installationType'), 'standalone'), or(equals(variables('osVersion'),'R8040'), equals(variables('osVersion'),'R81'))), 'mgmt-byol', 'sg-byol')]",
+ "imageSku": "sg-byol",
"imageReferenceBYOL": {
"offer": "[variables('imageOffer')]",
"publisher": "[variables('imagePublisher')]",
@@ -478,7 +610,9 @@
"networkSetupURL": "[uri(parameters('_artifactsLocation'), concat('nestedtemplates/vnet-', parameters('vnetNewOrExisting'), '.json', parameters('_artifactsLocationSasToken')))]",
"sicKey": "[parameters('sicKey')]",
"managementGUIClientNetwork": "[parameters('managementGUIClientNetwork')]",
- "NewNsgReference": {"id": "[resourceId('Microsoft.Network/networkSecurityGroups', parameters('NewNsgName'))]"}
+ "NewNsgReference": {
+ "id": "[resourceId('Microsoft.Network/networkSecurityGroups', parameters('NewNsgName'))]"
+ }
},
"resources": [
{
@@ -727,8 +861,7 @@
"deployNsg": {
"value": "[parameters('deployNewNSG')]"
},
- "NewNsgName":
- {
+ "NewNsgName": {
"value": "[parameters('NewNsgName')]"
}
}
diff --git a/azure/templates/vmss-ipv6/mainTemplate.json b/azure/templates/vmss-ipv6/mainTemplate.json
index 5821a075..4c0f3b0a 100755
--- a/azure/templates/vmss-ipv6/mainTemplate.json
+++ b/azure/templates/vmss-ipv6/mainTemplate.json
@@ -19,12 +19,6 @@
"cloudGuardVersion": {
"type": "string",
"allowedValues": [
- "R80.40 - Bring Your Own License",
- "R80.40 - Pay As You Go (NGTP)",
- "R80.40 - Pay As You Go (NGTX)",
- "R81 - Bring Your Own License",
- "R81 - Pay As You Go (NGTP)",
- "R81 - Pay As You Go (NGTX)",
"R81.10 - Bring Your Own License",
"R81.10 - Pay As You Go (NGTP)",
"R81.10 - Pay As You Go (NGTX)",
@@ -358,16 +352,15 @@
"metadata": {
"description": "Add Storage Account IP rules that allow access to the Serial Console only for IPs based on their geographic location, based on https://learn.microsoft.com/en-us/troubleshoot/azure/virtual-machines/serial-console-linux#use-serial-console-with-custom-boot-diagnostics-storage-account-firewall-enabled"
},
- "defaultValue" : false
+ "defaultValue": false
},
- "storageAccountAdditionalIps":{
+ "storageAccountAdditionalIps": {
"type": "array",
"metadata": {
"description": "IPs/CIDRs that are allowed access to the Storage Account"
},
- "defaultValue" : []
+ "defaultValue": []
}
-
},
"variables": {
"vnetv4AddressRange": "[parameters('virtualNetworkAddressPrefix')]",
@@ -381,19 +374,13 @@
"subnet2Name": "[parameters('Subnet2Name')]",
"resourceGroup": "[resourceGroup()]",
"templateName": "vmss-v2",
- "templateVersion": "20230910",
+ "templateVersion": "20240716",
"location": "[parameters('location')]",
"subnet-id": "[resourceId(parameters('virtualNetworkExistingRGName'), 'Microsoft.Network/virtualNetworks/subnets', variables('virtualNetworkName'), variables('subnetName'))]",
"subnet2-id": "[resourceId(parameters('virtualNetworkExistingRGName'), 'Microsoft.Network/virtualNetworks/subnets', variables('virtualNetworkName'), variables('subnet2Name'))]",
"VMSSFrontend": "VMSS-Frontend",
"VMSSBackend": "VMSS-Backend",
"offers": {
- "R80.40 - Bring Your Own License": "BYOL",
- "R80.40 - Pay As You Go (NGTP)": "NGTP",
- "R80.40 - Pay As You Go (NGTX)": "NGTX",
- "R81 - Bring Your Own License": "BYOL",
- "R81 - Pay As You Go (NGTP)": "NGTP",
- "R81 - Pay As You Go (NGTX)": "NGTX",
"R81.10 - Bring Your Own License": "BYOL",
"R81.10 - Pay As You Go (NGTP)": "NGTP",
"R81.10 - Pay As You Go (NGTX)": "NGTX",
@@ -403,12 +390,6 @@
},
"offer": "[variables('offers')[parameters('cloudGuardVersion')]]",
"osVersions": {
- "R80.40 - Bring Your Own License": "R8040",
- "R80.40 - Pay As You Go (NGTP)": "R8040",
- "R80.40 - Pay As You Go (NGTX)": "R8040",
- "R81 - Bring Your Own License": "R81",
- "R81 - Pay As You Go (NGTP)": "R81",
- "R81 - Pay As You Go (NGTX)": "R81",
"R81.10 - Bring Your Own License": "R8110",
"R81.10 - Pay As You Go (NGTP)": "R8110",
"R81.10 - Pay As You Go (NGTX)": "R8110",
@@ -418,57 +399,208 @@
},
"osVersion": "[variables('osVersions')[parameters('cloudGuardVersion')]]",
"SerialConsoleGeographies": {
- "eastasia" : ["20.205.69.28", "20.195.85.180"],
- "southeastasia" : ["20.205.69.28", "20.195.85.180"],
- "australiacentral" : ["20.53.53.224", "20.70.222.112"],
- "australiacentral2" : ["20.53.53.224", "20.70.222.112"],
- "australiaeast" : ["20.53.53.224", "20.70.222.112"],
- "australiasoutheast" : ["20.53.53.224", "20.70.222.112"],
- "brazilsouth" : ["91.234.136.63", "20.206.0.194"],
- "brazilsoutheast" : ["91.234.136.63", "20.206.0.194"],
- "canadacentral" : ["52.228.86.177", "52.242.40.90"],
- "canadaeast" : ["52.228.86.177", "52.242.40.90"],
- "northeurope" : ["52.146.139.220", "20.105.209.72"],
- "westeurope" : ["52.146.139.220", "20.105.209.72"],
- "francecentral" : ["20.111.0.244", "52.136.191.10"],
- "francesouth" : ["20.111.0.244", "52.136.191.10"],
- "germanynorth" : ["51.116.75.88", "20.52.95.48"],
- "germanywestcentral" : ["51.116.75.88", "20.52.95.48"],
- "centralindia" : ["20.192.168.150", "20.192.153.104"],
- "southindia" : ["20.192.168.150", "20.192.153.104"],
- "westindia" : ["20.192.168.150", "20.192.153.104"],
- "japaneast" : ["20.43.70.205", "20.189.228.222"],
- "japanwest" : ["20.43.70.205", "20.189.228.222"],
- "koreacentral" : ["20.200.196.96", "52.147.119.29"],
- "koreasouth" : ["20.200.196.96", "52.147.119.29"],
- "norwaywest" : ["20.100.1.184", "51.13.138.76"],
- "norwayeast" : ["20.100.1.184", "51.13.138.76"],
- "switzerlandnorth" : ["20.208.4.98", "51.107.251.190"],
- "switzerlandwest" : ["20.208.4.98", "51.107.251.190"],
- "uaecentral" : ["20.45.95.66", "20.38.141.5"],
- "uaenorth" : ["20.45.95.66", "20.38.141.5"],
- "uksouth" : ["20.90.132.144", "20.58.68.62"],
- "ukwest" : ["20.90.132.144", "20.58.68.62"],
- "swedencentral" : ["51.12.72.223", "51.12.22.174"],
- "swedensouth" : ["51.12.72.223", "51.12.22.174"],
- "centralus" : ["20.98.146.84", "20.98.194.64", "20.69.5.162", "20.83.222.102"],
- "eastus2" : ["20.98.146.84", "20.98.194.64", "20.69.5.162", "20.83.222.102"],
- "eastus" : ["20.98.146.84", "20.98.194.64", "20.69.5.162", "20.83.222.102"],
- "northcentralus" : ["20.98.146.84", "20.98.194.64", "20.69.5.162", "20.83.222.102"],
- "southcentralus" : ["20.98.146.84", "20.98.194.64", "20.69.5.162", "20.83.222.102"],
- "westus2" : ["20.98.146.84", "20.98.194.64", "20.69.5.162", "20.83.222.102"],
- "westus3" : ["20.98.146.84", "20.98.194.64", "20.69.5.162", "20.83.222.102"],
- "westcentralus" : ["20.98.146.84", "20.98.194.64", "20.69.5.162", "20.83.222.102"],
- "westus" : ["20.98.146.84", "20.98.194.64", "20.69.5.162", "20.83.222.102"],
- "eastus2euap" : ["20.45.242.18", "20.51.21.252"],
- "centraluseuap" : ["20.45.242.18", "20.51.21.252"]},
+ "eastasia": [
+ "20.205.69.28",
+ "20.195.85.180"
+ ],
+ "southeastasia": [
+ "20.205.69.28",
+ "20.195.85.180"
+ ],
+ "australiacentral": [
+ "20.53.53.224",
+ "20.70.222.112"
+ ],
+ "australiacentral2": [
+ "20.53.53.224",
+ "20.70.222.112"
+ ],
+ "australiaeast": [
+ "20.53.53.224",
+ "20.70.222.112"
+ ],
+ "australiasoutheast": [
+ "20.53.53.224",
+ "20.70.222.112"
+ ],
+ "brazilsouth": [
+ "91.234.136.63",
+ "20.206.0.194"
+ ],
+ "brazilsoutheast": [
+ "91.234.136.63",
+ "20.206.0.194"
+ ],
+ "canadacentral": [
+ "52.228.86.177",
+ "52.242.40.90"
+ ],
+ "canadaeast": [
+ "52.228.86.177",
+ "52.242.40.90"
+ ],
+ "northeurope": [
+ "52.146.139.220",
+ "20.105.209.72"
+ ],
+ "westeurope": [
+ "52.146.139.220",
+ "20.105.209.72"
+ ],
+ "francecentral": [
+ "20.111.0.244",
+ "52.136.191.10"
+ ],
+ "francesouth": [
+ "20.111.0.244",
+ "52.136.191.10"
+ ],
+ "germanynorth": [
+ "51.116.75.88",
+ "20.52.95.48"
+ ],
+ "germanywestcentral": [
+ "51.116.75.88",
+ "20.52.95.48"
+ ],
+ "centralindia": [
+ "20.192.168.150",
+ "20.192.153.104"
+ ],
+ "southindia": [
+ "20.192.168.150",
+ "20.192.153.104"
+ ],
+ "westindia": [
+ "20.192.168.150",
+ "20.192.153.104"
+ ],
+ "japaneast": [
+ "20.43.70.205",
+ "20.189.228.222"
+ ],
+ "japanwest": [
+ "20.43.70.205",
+ "20.189.228.222"
+ ],
+ "koreacentral": [
+ "20.200.196.96",
+ "52.147.119.29"
+ ],
+ "koreasouth": [
+ "20.200.196.96",
+ "52.147.119.29"
+ ],
+ "norwaywest": [
+ "20.100.1.184",
+ "51.13.138.76"
+ ],
+ "norwayeast": [
+ "20.100.1.184",
+ "51.13.138.76"
+ ],
+ "switzerlandnorth": [
+ "20.208.4.98",
+ "51.107.251.190"
+ ],
+ "switzerlandwest": [
+ "20.208.4.98",
+ "51.107.251.190"
+ ],
+ "uaecentral": [
+ "20.45.95.66",
+ "20.38.141.5"
+ ],
+ "uaenorth": [
+ "20.45.95.66",
+ "20.38.141.5"
+ ],
+ "uksouth": [
+ "20.90.132.144",
+ "20.58.68.62"
+ ],
+ "ukwest": [
+ "20.90.132.144",
+ "20.58.68.62"
+ ],
+ "swedencentral": [
+ "51.12.72.223",
+ "51.12.22.174"
+ ],
+ "swedensouth": [
+ "51.12.72.223",
+ "51.12.22.174"
+ ],
+ "centralus": [
+ "20.98.146.84",
+ "20.98.194.64",
+ "20.69.5.162",
+ "20.83.222.102"
+ ],
+ "eastus2": [
+ "20.98.146.84",
+ "20.98.194.64",
+ "20.69.5.162",
+ "20.83.222.102"
+ ],
+ "eastus": [
+ "20.98.146.84",
+ "20.98.194.64",
+ "20.69.5.162",
+ "20.83.222.102"
+ ],
+ "northcentralus": [
+ "20.98.146.84",
+ "20.98.194.64",
+ "20.69.5.162",
+ "20.83.222.102"
+ ],
+ "southcentralus": [
+ "20.98.146.84",
+ "20.98.194.64",
+ "20.69.5.162",
+ "20.83.222.102"
+ ],
+ "westus2": [
+ "20.98.146.84",
+ "20.98.194.64",
+ "20.69.5.162",
+ "20.83.222.102"
+ ],
+ "westus3": [
+ "20.98.146.84",
+ "20.98.194.64",
+ "20.69.5.162",
+ "20.83.222.102"
+ ],
+ "westcentralus": [
+ "20.98.146.84",
+ "20.98.194.64",
+ "20.69.5.162",
+ "20.83.222.102"
+ ],
+ "westus": [
+ "20.98.146.84",
+ "20.98.194.64",
+ "20.69.5.162",
+ "20.83.222.102"
+ ],
+ "eastus2euap": [
+ "20.45.242.18",
+ "20.51.21.252"
+ ],
+ "centraluseuap": [
+ "20.45.242.18",
+ "20.51.21.252"
+ ]
+ },
"serialConsoleIps": "[if(contains(variables('serialConsoleGeographies'),variables('location')),variables('serialConsoleGeographies')[variables('location')],createArray())]",
- "storageAccountIps" : "[concat(variables('SerialConsoleIps'),parameters('storageAccountAdditionalIps'))]",
+ "storageAccountIps": "[concat(variables('SerialConsoleIps'),parameters('storageAccountAdditionalIps'))]",
"isBlink": true,
"storageAccountName": "[concat('bootdiag', uniqueString(variables('resourceGroup').id, deployment().name))]",
"storageAccountType": "Standard_LRS",
"diskSize100GB": 100,
- "additionalDiskSizeGB": "[if(contains('R8040 R81 R8110 R8120', variables('osVersion')), 0, parameters('additionalDiskSizeGB'))]",
+ "additionalDiskSizeGB": "[if(contains('R8110 R8120', variables('osVersion')), 0, parameters('additionalDiskSizeGB'))]",
"diskSizeGB": "[add(variables('additionalDiskSizeGB'), variables('diskSize100GB'))]",
"customData": "[concat('#!/usr/bin/python3 /etc/cloud_config.py\n', '\n', 'installationType=\"', variables('installationType'), '\"', '\n', 'allowUploadDownload=\"', variables('allowUploadDownload'), '\"', '\n', 'osVersion=\"', variables('osVersion'), '\"', '\n', 'templateName=\"', variables('templateName'), '\"', '\n', 'isBlink=\"', variables('isBlink'), '\"', '\n', 'templateVersion=\"', variables('templateVersion'), '\"', '\n', 'bootstrapScript64=\"', variables('bootstrapScript64'), '\"', '\n', 'location=\"', variables('location'), '\"', '\n', 'sicKey=\"', variables('sicKey'), '\"', '\n', 'customMetrics=\"', variables('customMetrics'), '\"', '\n', 'adminShell=\"', parameters('adminShell'), '\"', '\n')]",
"imageOffer": "[concat('check-point-cg-', toLower(variables('osVersion')))]",
@@ -618,7 +750,9 @@
"customMetrics": "[parameters('customMetrics')]",
"monitoringMetricsPublisher": "[concat('/subscriptions/', parameters('subscriptionId'), '/providers/Microsoft.Authorization/roleDefinitions/', '3913510d-42f4-4e42-8a64-420c390055eb')]",
"identity": "[json('{\"type\": \"SystemAssigned\"}')]",
- "NewNsgReference": {"id": "[resourceId('Microsoft.Network/networkSecurityGroups', parameters('NewNsgName'))]"}
+ "NewNsgReference": {
+ "id": "[resourceId('Microsoft.Network/networkSecurityGroups', parameters('NewNsgName'))]"
+ }
},
"resources": [
{
@@ -954,8 +1088,7 @@
"deployNsg": {
"value": "[parameters('deployNewNSG')]"
},
- "NewNsgName":
- {
+ "NewNsgName": {
"value": "[parameters('NewNsgName')]"
},
"tagsByResource": {
@@ -1056,8 +1189,7 @@
"virtualMachineProfile": {
"UserData": "[base64(concat(variables('customData'), '\n', 'vnet=\"', if(equals(parameters('vnetNewOrExisting'), 'new'), split(parameters('virtualNetworkAddressPrefix'), '.')[0], reference('networkExistingSetup').outputs.vnetAddressPrefixes.value[0]), '\"', '\n' ))]",
"storageProfile": {
- "osDisk":
- {
+ "osDisk": {
"diskSizeGB": "[variables('diskSizeGB')]",
"caching": "ReadWrite",
"createOption": "FromImage",
diff --git a/deprecated/azure/templates/cluster-r7730/README.MD b/deprecated/azure/templates/R7730/cluster-r7730/README.MD
similarity index 100%
rename from deprecated/azure/templates/cluster-r7730/README.MD
rename to deprecated/azure/templates/R7730/cluster-r7730/README.MD
diff --git a/deprecated/azure/templates/cluster-r7730/createUiDefinition.json b/deprecated/azure/templates/R7730/cluster-r7730/createUiDefinition.json
similarity index 100%
rename from deprecated/azure/templates/cluster-r7730/createUiDefinition.json
rename to deprecated/azure/templates/R7730/cluster-r7730/createUiDefinition.json
diff --git a/deprecated/azure/templates/cluster-r7730/mainTemplate.json b/deprecated/azure/templates/R7730/cluster-r7730/mainTemplate.json
similarity index 100%
rename from deprecated/azure/templates/cluster-r7730/mainTemplate.json
rename to deprecated/azure/templates/R7730/cluster-r7730/mainTemplate.json
diff --git a/deprecated/azure/templates/cluster-r7730/vnet-existing.json b/deprecated/azure/templates/R7730/cluster-r7730/vnet-existing.json
similarity index 100%
rename from deprecated/azure/templates/cluster-r7730/vnet-existing.json
rename to deprecated/azure/templates/R7730/cluster-r7730/vnet-existing.json
diff --git a/deprecated/azure/templates/cluster-r7730/vnet-new.json b/deprecated/azure/templates/R7730/cluster-r7730/vnet-new.json
similarity index 100%
rename from deprecated/azure/templates/cluster-r7730/vnet-new.json
rename to deprecated/azure/templates/R7730/cluster-r7730/vnet-new.json
diff --git a/deprecated/azure/templates/mgmt-r7730/README.MD b/deprecated/azure/templates/R7730/mgmt-r7730/README.MD
similarity index 100%
rename from deprecated/azure/templates/mgmt-r7730/README.MD
rename to deprecated/azure/templates/R7730/mgmt-r7730/README.MD
diff --git a/deprecated/azure/templates/mgmt-r7730/createUiDefinition.json b/deprecated/azure/templates/R7730/mgmt-r7730/createUiDefinition.json
similarity index 100%
rename from deprecated/azure/templates/mgmt-r7730/createUiDefinition.json
rename to deprecated/azure/templates/R7730/mgmt-r7730/createUiDefinition.json
diff --git a/deprecated/azure/templates/mgmt-r7730/mainTemplate.json b/deprecated/azure/templates/R7730/mgmt-r7730/mainTemplate.json
similarity index 100%
rename from deprecated/azure/templates/mgmt-r7730/mainTemplate.json
rename to deprecated/azure/templates/R7730/mgmt-r7730/mainTemplate.json
diff --git a/deprecated/azure/templates/mgmt-r7730/vnet-1-subnet-existing.json b/deprecated/azure/templates/R7730/mgmt-r7730/vnet-1-subnet-existing.json
similarity index 100%
rename from deprecated/azure/templates/mgmt-r7730/vnet-1-subnet-existing.json
rename to deprecated/azure/templates/R7730/mgmt-r7730/vnet-1-subnet-existing.json
diff --git a/deprecated/azure/templates/mgmt-r7730/vnet-1-subnet-new.json b/deprecated/azure/templates/R7730/mgmt-r7730/vnet-1-subnet-new.json
similarity index 100%
rename from deprecated/azure/templates/mgmt-r7730/vnet-1-subnet-new.json
rename to deprecated/azure/templates/R7730/mgmt-r7730/vnet-1-subnet-new.json
diff --git a/deprecated/azure/templates/single-r7730/README.MD b/deprecated/azure/templates/R7730/single-r7730/README.MD
similarity index 100%
rename from deprecated/azure/templates/single-r7730/README.MD
rename to deprecated/azure/templates/R7730/single-r7730/README.MD
diff --git a/deprecated/azure/templates/single-r7730/createUiDefinition.json b/deprecated/azure/templates/R7730/single-r7730/createUiDefinition.json
similarity index 100%
rename from deprecated/azure/templates/single-r7730/createUiDefinition.json
rename to deprecated/azure/templates/R7730/single-r7730/createUiDefinition.json
diff --git a/deprecated/azure/templates/single-r7730/mainTemplate.json b/deprecated/azure/templates/R7730/single-r7730/mainTemplate.json
similarity index 100%
rename from deprecated/azure/templates/single-r7730/mainTemplate.json
rename to deprecated/azure/templates/R7730/single-r7730/mainTemplate.json
diff --git a/deprecated/azure/templates/cluster-r8010/nestedtemplates/vnet-existing.json b/deprecated/azure/templates/R7730/single-r7730/vnet-existing.json
similarity index 100%
rename from deprecated/azure/templates/cluster-r8010/nestedtemplates/vnet-existing.json
rename to deprecated/azure/templates/R7730/single-r7730/vnet-existing.json
diff --git a/deprecated/azure/templates/cluster-r8010/nestedtemplates/vnet-new.json b/deprecated/azure/templates/R7730/single-r7730/vnet-new.json
similarity index 100%
rename from deprecated/azure/templates/cluster-r8010/nestedtemplates/vnet-new.json
rename to deprecated/azure/templates/R7730/single-r7730/vnet-new.json
diff --git a/deprecated/azure/templates/vmss-r7730/README.MD b/deprecated/azure/templates/R7730/vmss-r7730/README.MD
similarity index 100%
rename from deprecated/azure/templates/vmss-r7730/README.MD
rename to deprecated/azure/templates/R7730/vmss-r7730/README.MD
diff --git a/deprecated/azure/templates/vmss-r7730/createUiDefinition.json b/deprecated/azure/templates/R7730/vmss-r7730/createUiDefinition.json
similarity index 100%
rename from deprecated/azure/templates/vmss-r7730/createUiDefinition.json
rename to deprecated/azure/templates/R7730/vmss-r7730/createUiDefinition.json
diff --git a/deprecated/azure/templates/vmss-r7730/mainTemplate.json b/deprecated/azure/templates/R7730/vmss-r7730/mainTemplate.json
similarity index 100%
rename from deprecated/azure/templates/vmss-r7730/mainTemplate.json
rename to deprecated/azure/templates/R7730/vmss-r7730/mainTemplate.json
diff --git a/deprecated/azure/templates/vmss-r7730/vnet-1-subnet-existing.json b/deprecated/azure/templates/R7730/vmss-r7730/vnet-1-subnet-existing.json
similarity index 100%
rename from deprecated/azure/templates/vmss-r7730/vnet-1-subnet-existing.json
rename to deprecated/azure/templates/R7730/vmss-r7730/vnet-1-subnet-existing.json
diff --git a/deprecated/azure/templates/vmss-r7730/vnet-1-subnet-new.json b/deprecated/azure/templates/R7730/vmss-r7730/vnet-1-subnet-new.json
similarity index 100%
rename from deprecated/azure/templates/vmss-r7730/vnet-1-subnet-new.json
rename to deprecated/azure/templates/R7730/vmss-r7730/vnet-1-subnet-new.json
diff --git a/deprecated/azure/templates/cluster-r8010/README.MD b/deprecated/azure/templates/R8010-R8020/cluster-r8010/README.MD
similarity index 100%
rename from deprecated/azure/templates/cluster-r8010/README.MD
rename to deprecated/azure/templates/R8010-R8020/cluster-r8010/README.MD
diff --git a/deprecated/azure/templates/cluster-r8010/createUiDefinition.json b/deprecated/azure/templates/R8010-R8020/cluster-r8010/createUiDefinition.json
similarity index 100%
rename from deprecated/azure/templates/cluster-r8010/createUiDefinition.json
rename to deprecated/azure/templates/R8010-R8020/cluster-r8010/createUiDefinition.json
diff --git a/deprecated/azure/templates/cluster-r8010/mainTemplate.json b/deprecated/azure/templates/R8010-R8020/cluster-r8010/mainTemplate.json
similarity index 100%
rename from deprecated/azure/templates/cluster-r8010/mainTemplate.json
rename to deprecated/azure/templates/R8010-R8020/cluster-r8010/mainTemplate.json
diff --git a/deprecated/azure/templates/single-r7730/vnet-existing.json b/deprecated/azure/templates/R8010-R8020/cluster-r8010/nestedtemplates/vnet-existing.json
similarity index 100%
rename from deprecated/azure/templates/single-r7730/vnet-existing.json
rename to deprecated/azure/templates/R8010-R8020/cluster-r8010/nestedtemplates/vnet-existing.json
diff --git a/deprecated/azure/templates/single-r7730/vnet-new.json b/deprecated/azure/templates/R8010-R8020/cluster-r8010/nestedtemplates/vnet-new.json
similarity index 100%
rename from deprecated/azure/templates/single-r7730/vnet-new.json
rename to deprecated/azure/templates/R8010-R8020/cluster-r8010/nestedtemplates/vnet-new.json
diff --git a/deprecated/azure/templates/ha-r8010-r8020/README.MD b/deprecated/azure/templates/R8010-R8020/ha-r8010-r8020/README.MD
similarity index 100%
rename from deprecated/azure/templates/ha-r8010-r8020/README.MD
rename to deprecated/azure/templates/R8010-R8020/ha-r8010-r8020/README.MD
diff --git a/deprecated/azure/templates/ha-r8010-r8020/createUiDefinition.json b/deprecated/azure/templates/R8010-R8020/ha-r8010-r8020/createUiDefinition.json
similarity index 100%
rename from deprecated/azure/templates/ha-r8010-r8020/createUiDefinition.json
rename to deprecated/azure/templates/R8010-R8020/ha-r8010-r8020/createUiDefinition.json
diff --git a/deprecated/azure/templates/ha-r8010-r8020/mainTemplate.json b/deprecated/azure/templates/R8010-R8020/ha-r8010-r8020/mainTemplate.json
similarity index 100%
rename from deprecated/azure/templates/ha-r8010-r8020/mainTemplate.json
rename to deprecated/azure/templates/R8010-R8020/ha-r8010-r8020/mainTemplate.json
diff --git a/deprecated/azure/templates/ha-r8010-r8020/nestedtemplates/vnet-2-subnet-ha2-existing.json b/deprecated/azure/templates/R8010-R8020/ha-r8010-r8020/nestedtemplates/vnet-2-subnet-ha2-existing.json
similarity index 100%
rename from deprecated/azure/templates/ha-r8010-r8020/nestedtemplates/vnet-2-subnet-ha2-existing.json
rename to deprecated/azure/templates/R8010-R8020/ha-r8010-r8020/nestedtemplates/vnet-2-subnet-ha2-existing.json
diff --git a/deprecated/azure/templates/ha-r8010-r8020/nestedtemplates/vnet-2-subnet-ha2-new.json b/deprecated/azure/templates/R8010-R8020/ha-r8010-r8020/nestedtemplates/vnet-2-subnet-ha2-new.json
similarity index 100%
rename from deprecated/azure/templates/ha-r8010-r8020/nestedtemplates/vnet-2-subnet-ha2-new.json
rename to deprecated/azure/templates/R8010-R8020/ha-r8010-r8020/nestedtemplates/vnet-2-subnet-ha2-new.json
diff --git a/deprecated/azure/templates/mgmt-r8010-r8020/README.MD b/deprecated/azure/templates/R8010-R8020/mgmt-r8010-r8020/README.MD
similarity index 100%
rename from deprecated/azure/templates/mgmt-r8010-r8020/README.MD
rename to deprecated/azure/templates/R8010-R8020/mgmt-r8010-r8020/README.MD
diff --git a/deprecated/azure/templates/mgmt-r8010-r8020/createUiDefinition.json b/deprecated/azure/templates/R8010-R8020/mgmt-r8010-r8020/createUiDefinition.json
similarity index 100%
rename from deprecated/azure/templates/mgmt-r8010-r8020/createUiDefinition.json
rename to deprecated/azure/templates/R8010-R8020/mgmt-r8010-r8020/createUiDefinition.json
diff --git a/deprecated/azure/templates/mgmt-r8010-r8020/mainTemplate.json b/deprecated/azure/templates/R8010-R8020/mgmt-r8010-r8020/mainTemplate.json
similarity index 100%
rename from deprecated/azure/templates/mgmt-r8010-r8020/mainTemplate.json
rename to deprecated/azure/templates/R8010-R8020/mgmt-r8010-r8020/mainTemplate.json
diff --git a/deprecated/azure/templates/mgmt-r8010-r8020/nestedtemplates/vnet-1-subnet-existing.json b/deprecated/azure/templates/R8010-R8020/mgmt-r8010-r8020/nestedtemplates/vnet-1-subnet-existing.json
similarity index 100%
rename from deprecated/azure/templates/mgmt-r8010-r8020/nestedtemplates/vnet-1-subnet-existing.json
rename to deprecated/azure/templates/R8010-R8020/mgmt-r8010-r8020/nestedtemplates/vnet-1-subnet-existing.json
diff --git a/deprecated/azure/templates/mgmt-r8010-r8020/nestedtemplates/vnet-1-subnet-new.json b/deprecated/azure/templates/R8010-R8020/mgmt-r8010-r8020/nestedtemplates/vnet-1-subnet-new.json
similarity index 100%
rename from deprecated/azure/templates/mgmt-r8010-r8020/nestedtemplates/vnet-1-subnet-new.json
rename to deprecated/azure/templates/R8010-R8020/mgmt-r8010-r8020/nestedtemplates/vnet-1-subnet-new.json
diff --git a/deprecated/azure/templates/single-r8010-r8020/README.MD b/deprecated/azure/templates/R8010-R8020/single-r8010-r8020/README.MD
similarity index 100%
rename from deprecated/azure/templates/single-r8010-r8020/README.MD
rename to deprecated/azure/templates/R8010-R8020/single-r8010-r8020/README.MD
diff --git a/deprecated/azure/templates/single-r8010-r8020/createUiDefinition.json b/deprecated/azure/templates/R8010-R8020/single-r8010-r8020/createUiDefinition.json
similarity index 100%
rename from deprecated/azure/templates/single-r8010-r8020/createUiDefinition.json
rename to deprecated/azure/templates/R8010-R8020/single-r8010-r8020/createUiDefinition.json
diff --git a/deprecated/azure/templates/single-r8010-r8020/mainTemplate.json b/deprecated/azure/templates/R8010-R8020/single-r8010-r8020/mainTemplate.json
similarity index 100%
rename from deprecated/azure/templates/single-r8010-r8020/mainTemplate.json
rename to deprecated/azure/templates/R8010-R8020/single-r8010-r8020/mainTemplate.json
diff --git a/deprecated/azure/templates/single-r8010-r8020/nestedtemplates/vnet-existing.json b/deprecated/azure/templates/R8010-R8020/single-r8010-r8020/nestedtemplates/vnet-existing.json
similarity index 100%
rename from deprecated/azure/templates/single-r8010-r8020/nestedtemplates/vnet-existing.json
rename to deprecated/azure/templates/R8010-R8020/single-r8010-r8020/nestedtemplates/vnet-existing.json
diff --git a/deprecated/azure/templates/single-r8010-r8020/nestedtemplates/vnet-new.json b/deprecated/azure/templates/R8010-R8020/single-r8010-r8020/nestedtemplates/vnet-new.json
similarity index 100%
rename from deprecated/azure/templates/single-r8010-r8020/nestedtemplates/vnet-new.json
rename to deprecated/azure/templates/R8010-R8020/single-r8010-r8020/nestedtemplates/vnet-new.json
diff --git a/deprecated/azure/templates/vmss-r8010-r8020/README.MD b/deprecated/azure/templates/R8010-R8020/vmss-r8010-r8020/README.MD
similarity index 100%
rename from deprecated/azure/templates/vmss-r8010-r8020/README.MD
rename to deprecated/azure/templates/R8010-R8020/vmss-r8010-r8020/README.MD
diff --git a/deprecated/azure/templates/vmss-r8010-r8020/createUiDefinition.json b/deprecated/azure/templates/R8010-R8020/vmss-r8010-r8020/createUiDefinition.json
similarity index 100%
rename from deprecated/azure/templates/vmss-r8010-r8020/createUiDefinition.json
rename to deprecated/azure/templates/R8010-R8020/vmss-r8010-r8020/createUiDefinition.json
diff --git a/deprecated/azure/templates/vmss-r8010-r8020/mainTemplate.json b/deprecated/azure/templates/R8010-R8020/vmss-r8010-r8020/mainTemplate.json
similarity index 100%
rename from deprecated/azure/templates/vmss-r8010-r8020/mainTemplate.json
rename to deprecated/azure/templates/R8010-R8020/vmss-r8010-r8020/mainTemplate.json
diff --git a/deprecated/azure/templates/vmss-r8010-r8020/nestedtemplates/load-balancers.json b/deprecated/azure/templates/R8010-R8020/vmss-r8010-r8020/nestedtemplates/load-balancers.json
similarity index 100%
rename from deprecated/azure/templates/vmss-r8010-r8020/nestedtemplates/load-balancers.json
rename to deprecated/azure/templates/R8010-R8020/vmss-r8010-r8020/nestedtemplates/load-balancers.json
diff --git a/deprecated/azure/templates/vmss-r8010-r8020/nestedtemplates/vnet-2-subnet-ha-existing.json b/deprecated/azure/templates/R8010-R8020/vmss-r8010-r8020/nestedtemplates/vnet-2-subnet-ha-existing.json
similarity index 100%
rename from deprecated/azure/templates/vmss-r8010-r8020/nestedtemplates/vnet-2-subnet-ha-existing.json
rename to deprecated/azure/templates/R8010-R8020/vmss-r8010-r8020/nestedtemplates/vnet-2-subnet-ha-existing.json
diff --git a/deprecated/azure/templates/vmss-r8010-r8020/nestedtemplates/vnet-2-subnet-ha-new.json b/deprecated/azure/templates/R8010-R8020/vmss-r8010-r8020/nestedtemplates/vnet-2-subnet-ha-new.json
similarity index 100%
rename from deprecated/azure/templates/vmss-r8010-r8020/nestedtemplates/vnet-2-subnet-ha-new.json
rename to deprecated/azure/templates/R8010-R8020/vmss-r8010-r8020/nestedtemplates/vnet-2-subnet-ha-new.json
diff --git a/deprecated/azure/templates/ha-r8030/README.MD b/deprecated/azure/templates/R8030/ha-r8030/README.MD
similarity index 100%
rename from deprecated/azure/templates/ha-r8030/README.MD
rename to deprecated/azure/templates/R8030/ha-r8030/README.MD
diff --git a/deprecated/azure/templates/ha-r8030/createUiDefinition.json b/deprecated/azure/templates/R8030/ha-r8030/createUiDefinition.json
similarity index 100%
rename from deprecated/azure/templates/ha-r8030/createUiDefinition.json
rename to deprecated/azure/templates/R8030/ha-r8030/createUiDefinition.json
diff --git a/deprecated/azure/templates/ha-r8030/mainTemplate.json b/deprecated/azure/templates/R8030/ha-r8030/mainTemplate.json
similarity index 100%
rename from deprecated/azure/templates/ha-r8030/mainTemplate.json
rename to deprecated/azure/templates/R8030/ha-r8030/mainTemplate.json
diff --git a/deprecated/azure/templates/ha-r8030/nestedtemplates/vnet-2-subnet-ha2-existing.json b/deprecated/azure/templates/R8030/ha-r8030/nestedtemplates/vnet-2-subnet-ha2-existing.json
old mode 100755
new mode 100644
similarity index 100%
rename from deprecated/azure/templates/ha-r8030/nestedtemplates/vnet-2-subnet-ha2-existing.json
rename to deprecated/azure/templates/R8030/ha-r8030/nestedtemplates/vnet-2-subnet-ha2-existing.json
diff --git a/deprecated/azure/templates/ha-r8030/nestedtemplates/vnet-2-subnet-ha2-new.json b/deprecated/azure/templates/R8030/ha-r8030/nestedtemplates/vnet-2-subnet-ha2-new.json
old mode 100755
new mode 100644
similarity index 100%
rename from deprecated/azure/templates/ha-r8030/nestedtemplates/vnet-2-subnet-ha2-new.json
rename to deprecated/azure/templates/R8030/ha-r8030/nestedtemplates/vnet-2-subnet-ha2-new.json
diff --git a/deprecated/azure/templates/mds-r8030/README.MD b/deprecated/azure/templates/R8030/mds-r8030/README.MD
similarity index 100%
rename from deprecated/azure/templates/mds-r8030/README.MD
rename to deprecated/azure/templates/R8030/mds-r8030/README.MD
diff --git a/deprecated/azure/templates/mds-r8030/createUiDefinition.json b/deprecated/azure/templates/R8030/mds-r8030/createUiDefinition.json
similarity index 100%
rename from deprecated/azure/templates/mds-r8030/createUiDefinition.json
rename to deprecated/azure/templates/R8030/mds-r8030/createUiDefinition.json
diff --git a/deprecated/azure/templates/mds-r8030/mainTemplate.json b/deprecated/azure/templates/R8030/mds-r8030/mainTemplate.json
similarity index 100%
rename from deprecated/azure/templates/mds-r8030/mainTemplate.json
rename to deprecated/azure/templates/R8030/mds-r8030/mainTemplate.json
diff --git a/deprecated/azure/templates/mds-r8030/nestedtemplates/vnet-1-subnet-existing.json b/deprecated/azure/templates/R8030/mds-r8030/nestedtemplates/vnet-1-subnet-existing.json
old mode 100755
new mode 100644
similarity index 100%
rename from deprecated/azure/templates/mds-r8030/nestedtemplates/vnet-1-subnet-existing.json
rename to deprecated/azure/templates/R8030/mds-r8030/nestedtemplates/vnet-1-subnet-existing.json
diff --git a/deprecated/azure/templates/mds-r8030/nestedtemplates/vnet-1-subnet-new.json b/deprecated/azure/templates/R8030/mds-r8030/nestedtemplates/vnet-1-subnet-new.json
old mode 100755
new mode 100644
similarity index 100%
rename from deprecated/azure/templates/mds-r8030/nestedtemplates/vnet-1-subnet-new.json
rename to deprecated/azure/templates/R8030/mds-r8030/nestedtemplates/vnet-1-subnet-new.json
diff --git a/deprecated/azure/templates/mgmt-r8030/README.MD b/deprecated/azure/templates/R8030/mgmt-r8030/README.MD
similarity index 100%
rename from deprecated/azure/templates/mgmt-r8030/README.MD
rename to deprecated/azure/templates/R8030/mgmt-r8030/README.MD
diff --git a/deprecated/azure/templates/mgmt-r8030/createUiDefinition.json b/deprecated/azure/templates/R8030/mgmt-r8030/createUiDefinition.json
similarity index 100%
rename from deprecated/azure/templates/mgmt-r8030/createUiDefinition.json
rename to deprecated/azure/templates/R8030/mgmt-r8030/createUiDefinition.json
diff --git a/deprecated/azure/templates/mgmt-r8030/mainTemplate.json b/deprecated/azure/templates/R8030/mgmt-r8030/mainTemplate.json
similarity index 100%
rename from deprecated/azure/templates/mgmt-r8030/mainTemplate.json
rename to deprecated/azure/templates/R8030/mgmt-r8030/mainTemplate.json
diff --git a/deprecated/azure/templates/mgmt-r8030/nestedtemplates/vnet-1-subnet-existing.json b/deprecated/azure/templates/R8030/mgmt-r8030/nestedtemplates/vnet-1-subnet-existing.json
old mode 100755
new mode 100644
similarity index 100%
rename from deprecated/azure/templates/mgmt-r8030/nestedtemplates/vnet-1-subnet-existing.json
rename to deprecated/azure/templates/R8030/mgmt-r8030/nestedtemplates/vnet-1-subnet-existing.json
diff --git a/deprecated/azure/templates/mgmt-r8030/nestedtemplates/vnet-1-subnet-new.json b/deprecated/azure/templates/R8030/mgmt-r8030/nestedtemplates/vnet-1-subnet-new.json
old mode 100755
new mode 100644
similarity index 100%
rename from deprecated/azure/templates/mgmt-r8030/nestedtemplates/vnet-1-subnet-new.json
rename to deprecated/azure/templates/R8030/mgmt-r8030/nestedtemplates/vnet-1-subnet-new.json
diff --git a/deprecated/azure/templates/single-r8030/README.MD b/deprecated/azure/templates/R8030/single-r8030/README.MD
similarity index 100%
rename from deprecated/azure/templates/single-r8030/README.MD
rename to deprecated/azure/templates/R8030/single-r8030/README.MD
diff --git a/deprecated/azure/templates/single-r8030/createUiDefinition.json b/deprecated/azure/templates/R8030/single-r8030/createUiDefinition.json
similarity index 100%
rename from deprecated/azure/templates/single-r8030/createUiDefinition.json
rename to deprecated/azure/templates/R8030/single-r8030/createUiDefinition.json
diff --git a/deprecated/azure/templates/single-r8030/mainTemplate.json b/deprecated/azure/templates/R8030/single-r8030/mainTemplate.json
similarity index 100%
rename from deprecated/azure/templates/single-r8030/mainTemplate.json
rename to deprecated/azure/templates/R8030/single-r8030/mainTemplate.json
diff --git a/deprecated/azure/templates/single-r8030/nestedtemplates/vnet-existing.json b/deprecated/azure/templates/R8030/single-r8030/nestedtemplates/vnet-existing.json
old mode 100755
new mode 100644
similarity index 100%
rename from deprecated/azure/templates/single-r8030/nestedtemplates/vnet-existing.json
rename to deprecated/azure/templates/R8030/single-r8030/nestedtemplates/vnet-existing.json
diff --git a/deprecated/azure/templates/single-r8030/nestedtemplates/vnet-new.json b/deprecated/azure/templates/R8030/single-r8030/nestedtemplates/vnet-new.json
old mode 100755
new mode 100644
similarity index 100%
rename from deprecated/azure/templates/single-r8030/nestedtemplates/vnet-new.json
rename to deprecated/azure/templates/R8030/single-r8030/nestedtemplates/vnet-new.json
diff --git a/deprecated/azure/templates/vmss-r8030/README.MD b/deprecated/azure/templates/R8030/vmss-r8030/README.MD
similarity index 100%
rename from deprecated/azure/templates/vmss-r8030/README.MD
rename to deprecated/azure/templates/R8030/vmss-r8030/README.MD
diff --git a/deprecated/azure/templates/vmss-r8030/createUiDefinition.json b/deprecated/azure/templates/R8030/vmss-r8030/createUiDefinition.json
similarity index 100%
rename from deprecated/azure/templates/vmss-r8030/createUiDefinition.json
rename to deprecated/azure/templates/R8030/vmss-r8030/createUiDefinition.json
diff --git a/deprecated/azure/templates/vmss-r8030/mainTemplate.json b/deprecated/azure/templates/R8030/vmss-r8030/mainTemplate.json
similarity index 100%
rename from deprecated/azure/templates/vmss-r8030/mainTemplate.json
rename to deprecated/azure/templates/R8030/vmss-r8030/mainTemplate.json
diff --git a/deprecated/azure/templates/vmss-r8030/nestedtemplates/load-balancers.json b/deprecated/azure/templates/R8030/vmss-r8030/nestedtemplates/load-balancers.json
old mode 100755
new mode 100644
similarity index 100%
rename from deprecated/azure/templates/vmss-r8030/nestedtemplates/load-balancers.json
rename to deprecated/azure/templates/R8030/vmss-r8030/nestedtemplates/load-balancers.json
diff --git a/deprecated/azure/templates/vmss-r8030/nestedtemplates/vnet-2-subnet-ha-existing.json b/deprecated/azure/templates/R8030/vmss-r8030/nestedtemplates/vnet-2-subnet-ha-existing.json
old mode 100755
new mode 100644
similarity index 100%
rename from deprecated/azure/templates/vmss-r8030/nestedtemplates/vnet-2-subnet-ha-existing.json
rename to deprecated/azure/templates/R8030/vmss-r8030/nestedtemplates/vnet-2-subnet-ha-existing.json
diff --git a/deprecated/azure/templates/vmss-r8030/nestedtemplates/vnet-2-subnet-ha-new.json b/deprecated/azure/templates/R8030/vmss-r8030/nestedtemplates/vnet-2-subnet-ha-new.json
old mode 100755
new mode 100644
similarity index 100%
rename from deprecated/azure/templates/vmss-r8030/nestedtemplates/vnet-2-subnet-ha-new.json
rename to deprecated/azure/templates/R8030/vmss-r8030/nestedtemplates/vnet-2-subnet-ha-new.json
diff --git a/deprecated/azure/templates/R8040-R81/ha-r8040-r81/README.md b/deprecated/azure/templates/R8040-R81/ha-r8040-r81/README.md
new file mode 100644
index 00000000..e58bd802
--- /dev/null
+++ b/deprecated/azure/templates/R8040-R81/ha-r8040-r81/README.md
@@ -0,0 +1,21 @@
+# Check Point CloudGuard Network Security High Availability for Azure
+
+Check Point CloudGuard Network Security delivers advanced, multi-layered threat prevention to protect customer assets in Azure from malware and sophisticated threats. As a Microsoft Azure certified solution, CloudGuard Network Security enables you to easily and seamlessly secure your workloads while providing secure connectivity across your cloud and on-premises environments.
+
+Benefits:
+
+· Advanced threat prevention and traffic inspection
+
+· Integrated with Azure Security Center and Azure Sentinel
+
+· Provides consistent security policy management, enforcement, and reporting with a single pane of glass, using Check Point Unified Security Management
+
+
+
+ 
+
+
+
+To deploy with full control over all the template options use: [Full Control Deployment](https://portal.azure.com/#create/Microsoft.Template/uri/https%3A%2F%2Fraw.githubusercontent.com%2FCheckPointSW%2FCloudGuardIaaS%2Fmaster%2Fazure%2Ftemplates%2Fmarketplace-ha%2FmainTemplate.json)
+
+
diff --git a/deprecated/azure/templates/R8040-R81/ha-r8040-r81/createUiDefinition.json b/deprecated/azure/templates/R8040-R81/ha-r8040-r81/createUiDefinition.json
new file mode 100644
index 00000000..31bbc503
--- /dev/null
+++ b/deprecated/azure/templates/R8040-R81/ha-r8040-r81/createUiDefinition.json
@@ -0,0 +1,1602 @@
+{
+ "$schema": "https://schema.management.azure.com/schemas/0.1.2-preview/CreateUIDefinition.MultiVm.json#",
+ "handler": "Microsoft.Compute.MultiVm",
+ "version": "0.1.2-preview",
+ "parameters": {
+ "basics": [
+ {
+ "name": "basics settings text block",
+ "type": "Microsoft.Common.TextBlock",
+ "visible": true,
+ "options": {
+ "text": "Please follow the Check Point CloudGuard IaaS High Availability Administration Guide.",
+ "link": {
+ "label": "Administration Guide",
+ "uri": "https://sc1.checkpoint.com/documents/IaaS/WebAdminGuides/EN/CP_CloudGuard_Network_for_Azure_HA_Cluster/Default.htm"
+ }
+ }
+ },
+ {
+ "name": "clusterObjectNameUi",
+ "type": "Microsoft.Common.TextBox",
+ "label": "Cluster Object Name",
+ "toolTip": "The name of the cluster object.",
+ "constraints": {
+ "required": true,
+ "regex": "^[a-z0-9A-Z]{1,30}$",
+ "validationMessage": "Only alphanumeric characters are allowed, and the name must be 1-30 characters long."
+ }
+ },
+ {
+ "name": "auth",
+ "type": "Microsoft.Compute.CredentialsCombo",
+ "label": {
+ "authenticationType": "Authentication type",
+ "password": "Password",
+ "confirmPassword": "Confirm password",
+ "sshPublicKey": "SSH public key"
+ },
+ "toolTip": {
+ "password": "The user 'admin' password",
+ "sshPublicKey": "Paste an OpenSSH public key. You can generate a key pair using ssh-keygen (Linux, OS X, Cygwin) or PuttyGen (Windows)"
+ },
+ "constraints": {
+ "required": true
+ },
+ "options": {
+ "hideConfirmation": false,
+ "hidePassword": false
+ },
+ "osPlatform": "Linux"
+ }
+ ],
+ "steps": [
+ {
+ "name": "chkp",
+ "label": "Check Point Cluster Object settings",
+ "subLabel": {
+ "preValidation": "Configure Cluster Object settings",
+ "postValidation": "Done"
+ },
+ "bladeTitle": "Cluster Object settings",
+ "elements": [
+ {
+ "name": "cloudGuardVersion",
+ "type": "Microsoft.Common.DropDown",
+ "label": "Check Point CloudGuard version",
+ "defaultValue": "R81",
+ "toolTip": "The version of Check Point CloudGuard.",
+ "constraints": {
+ "allowedValues": [
+ {
+ "label": "R80.40",
+ "value": "R80.40"
+ },
+ {
+ "label": "R81",
+ "value": "R81"
+ }
+ ]
+ }
+ },
+ {
+ "name": "R80Offer",
+ "type": "Microsoft.Common.DropDown",
+ "label": "License type",
+ "toolTip": "The type of license.",
+ "defaultValue": "Bring Your Own License",
+ "visible": true,
+ "constraints": {
+ "allowedValues": [
+ {
+ "label": "Bring Your Own License",
+ "value": "Bring Your Own License"
+ },
+ {
+ "label": "Pay As You Go (NGTP)",
+ "value": "Pay As You Go (NGTP)"
+ },
+ {
+ "label": "Pay As You Go (NGTX)",
+ "value": "Pay As You Go (NGTX)"
+ }
+ ]
+ }
+ },
+ {
+ "name": "R8040vmSizeUiBYOL",
+ "type": "Microsoft.Compute.SizeSelector",
+ "visible": "[and(equals(steps('chkp').cloudGuardVersion, 'R80.40'), contains(steps('chkp').R80Offer, 'Bring Your Own License'))]",
+ "label": "Virtual machine size",
+ "toolTip": "The VM size of the Security Gateway",
+ "recommendedSizes": [
+ "Standard_D3_v2",
+ "Standard_DS3_v2"
+ ],
+ "constraints": {
+ "allowedSizes": [
+ "Standard_D4_v4",
+ "Standard_D8_v4",
+ "Standard_D16_v4",
+ "Standard_D32_v4",
+ "Standard_D48_v4",
+ "Standard_D64_v4",
+ "Standard_D4s_v4",
+ "Standard_D8s_v4",
+ "Standard_D16s_v4",
+ "Standard_D32s_v4",
+ "Standard_D48s_v4",
+ "Standard_D64s_v4",
+ "Standard_D2_v5",
+ "Standard_D4_v5",
+ "Standard_D8_v5",
+ "Standard_D16_v5",
+ "Standard_D32_v5",
+ "Standard_D2s_v5",
+ "Standard_D4s_v5",
+ "Standard_D8s_v5",
+ "Standard_D16s_v5",
+ "Standard_D2d_v5",
+ "Standard_D4d_v5",
+ "Standard_D8d_v5",
+ "Standard_D16d_v5",
+ "Standard_D32d_v5",
+ "Standard_D2ds_v5",
+ "Standard_D4ds_v5",
+ "Standard_D8ds_v5",
+ "Standard_D16ds_v5",
+ "Standard_D32ds_v5",
+ "Standard_DS2_v2",
+ "Standard_DS3_v2",
+ "Standard_DS4_v2",
+ "Standard_DS5_v2",
+ "Standard_F2s",
+ "Standard_F4s",
+ "Standard_F8s",
+ "Standard_F16s",
+ "Standard_D4s_v3",
+ "Standard_D8s_v3",
+ "Standard_D16s_v3",
+ "Standard_D32s_v3",
+ "Standard_D64s_v3",
+ "Standard_E4s_v3",
+ "Standard_E8s_v3",
+ "Standard_E16s_v3",
+ "Standard_E20s_v3",
+ "Standard_E32s_v3",
+ "Standard_E64s_v3",
+ "Standard_E64is_v3",
+ "Standard_F4s_v2",
+ "Standard_F8s_v2",
+ "Standard_F16s_v2",
+ "Standard_F32s_v2",
+ "Standard_F64s_v2",
+ "Standard_M8ms",
+ "Standard_M16ms",
+ "Standard_M32ms",
+ "Standard_M64ms",
+ "Standard_M64s",
+ "Standard_D2_v2",
+ "Standard_D3_v2",
+ "Standard_D4_v2",
+ "Standard_D5_v2",
+ "Standard_D11_v2",
+ "Standard_D12_v2",
+ "Standard_D13_v2",
+ "Standard_D14_v2",
+ "Standard_D15_v2",
+ "Standard_F2",
+ "Standard_F4",
+ "Standard_F8",
+ "Standard_F16",
+ "Standard_D4_v3",
+ "Standard_D8_v3",
+ "Standard_D16_v3",
+ "Standard_D32_v3",
+ "Standard_D64_v3",
+ "Standard_E4_v3",
+ "Standard_E8_v3",
+ "Standard_E16_v3",
+ "Standard_E20_v3",
+ "Standard_E32_v3",
+ "Standard_E64_v3",
+ "Standard_E64i_v3",
+ "Standard_DS11_v2",
+ "Standard_DS12_v2",
+ "Standard_DS13_v2",
+ "Standard_DS14_v2",
+ "Standard_DS15_v2"
+ ]
+ },
+ "osPlatform": "Linux",
+ "imageReference": {
+ "publisher": "checkpoint",
+ "offer": "check-point-cg-r8040",
+ "sku": "sg-byol"
+ },
+ "count": 2
+ },
+ {
+ "name": "R8040vmSizeUiNGTP",
+ "type": "Microsoft.Compute.SizeSelector",
+ "visible": "[and(equals(steps('chkp').cloudGuardVersion, 'R80.40'), contains(steps('chkp').R80Offer, '(NGTP)'))]",
+ "label": "Virtual machine size",
+ "toolTip": "The VM size of the Security Gateway",
+ "recommendedSizes": [
+ "Standard_D3_v2",
+ "Standard_DS3_v2"
+ ],
+ "constraints": {
+ "allowedSizes": [
+ "Standard_D4_v4",
+ "Standard_D8_v4",
+ "Standard_D16_v4",
+ "Standard_D32_v4",
+ "Standard_D48_v4",
+ "Standard_D64_v4",
+ "Standard_D4s_v4",
+ "Standard_D8s_v4",
+ "Standard_D16s_v4",
+ "Standard_D32s_v4",
+ "Standard_D48s_v4",
+ "Standard_D64s_v4",
+ "Standard_D2_v5",
+ "Standard_D4_v5",
+ "Standard_D8_v5",
+ "Standard_D16_v5",
+ "Standard_D32_v5",
+ "Standard_D2s_v5",
+ "Standard_D4s_v5",
+ "Standard_D8s_v5",
+ "Standard_D16s_v5",
+ "Standard_D2d_v5",
+ "Standard_D4d_v5",
+ "Standard_D8d_v5",
+ "Standard_D16d_v5",
+ "Standard_D32d_v5",
+ "Standard_D2ds_v5",
+ "Standard_D4ds_v5",
+ "Standard_D8ds_v5",
+ "Standard_D16ds_v5",
+ "Standard_D32ds_v5",
+ "Standard_DS2_v2",
+ "Standard_DS3_v2",
+ "Standard_DS4_v2",
+ "Standard_DS5_v2",
+ "Standard_F2s",
+ "Standard_F4s",
+ "Standard_F8s",
+ "Standard_F16s",
+ "Standard_D4s_v3",
+ "Standard_D8s_v3",
+ "Standard_D16s_v3",
+ "Standard_D32s_v3",
+ "Standard_D64s_v3",
+ "Standard_E4s_v3",
+ "Standard_E8s_v3",
+ "Standard_E16s_v3",
+ "Standard_E20s_v3",
+ "Standard_E32s_v3",
+ "Standard_E64s_v3",
+ "Standard_E64is_v3",
+ "Standard_F4s_v2",
+ "Standard_F8s_v2",
+ "Standard_F16s_v2",
+ "Standard_F32s_v2",
+ "Standard_F64s_v2",
+ "Standard_M8ms",
+ "Standard_M16ms",
+ "Standard_M32ms",
+ "Standard_M64ms",
+ "Standard_M64s",
+ "Standard_D2_v2",
+ "Standard_D3_v2",
+ "Standard_D4_v2",
+ "Standard_D5_v2",
+ "Standard_D11_v2",
+ "Standard_D12_v2",
+ "Standard_D13_v2",
+ "Standard_D14_v2",
+ "Standard_D15_v2",
+ "Standard_F2",
+ "Standard_F4",
+ "Standard_F8",
+ "Standard_F16",
+ "Standard_D4_v3",
+ "Standard_D8_v3",
+ "Standard_D16_v3",
+ "Standard_D32_v3",
+ "Standard_D64_v3",
+ "Standard_E4_v3",
+ "Standard_E8_v3",
+ "Standard_E16_v3",
+ "Standard_E20_v3",
+ "Standard_E32_v3",
+ "Standard_E64_v3",
+ "Standard_E64i_v3",
+ "Standard_DS11_v2",
+ "Standard_DS12_v2",
+ "Standard_DS13_v2",
+ "Standard_DS14_v2",
+ "Standard_DS15_v2"
+ ]
+ },
+ "osPlatform": "Linux",
+ "imageReference": {
+ "publisher": "checkpoint",
+ "offer": "check-point-cg-r8040",
+ "sku": "sg-ngtp"
+ },
+ "count": 2
+ },
+ {
+ "name": "R8040vmSizeUiNGTX",
+ "type": "Microsoft.Compute.SizeSelector",
+ "visible": "[and(equals(steps('chkp').cloudGuardVersion, 'R80.40'), contains(steps('chkp').R80Offer, '(NGTX)'))]",
+ "label": "Virtual machine size",
+ "toolTip": "The VM size of the Security Gateway",
+ "recommendedSizes": [
+ "Standard_D3_v2",
+ "Standard_DS3_v2"
+ ],
+ "constraints": {
+ "allowedSizes": [
+ "Standard_D4_v4",
+ "Standard_D8_v4",
+ "Standard_D16_v4",
+ "Standard_D32_v4",
+ "Standard_D48_v4",
+ "Standard_D64_v4",
+ "Standard_D4s_v4",
+ "Standard_D8s_v4",
+ "Standard_D16s_v4",
+ "Standard_D32s_v4",
+ "Standard_D48s_v4",
+ "Standard_D64s_v4",
+ "Standard_D2_v5",
+ "Standard_D4_v5",
+ "Standard_D8_v5",
+ "Standard_D16_v5",
+ "Standard_D32_v5",
+ "Standard_D2s_v5",
+ "Standard_D4s_v5",
+ "Standard_D8s_v5",
+ "Standard_D16s_v5",
+ "Standard_D2d_v5",
+ "Standard_D4d_v5",
+ "Standard_D8d_v5",
+ "Standard_D16d_v5",
+ "Standard_D32d_v5",
+ "Standard_D2ds_v5",
+ "Standard_D4ds_v5",
+ "Standard_D8ds_v5",
+ "Standard_D16ds_v5",
+ "Standard_D32ds_v5",
+ "Standard_DS2_v2",
+ "Standard_DS3_v2",
+ "Standard_DS4_v2",
+ "Standard_DS5_v2",
+ "Standard_F2s",
+ "Standard_F4s",
+ "Standard_F8s",
+ "Standard_F16s",
+ "Standard_D4s_v3",
+ "Standard_D8s_v3",
+ "Standard_D16s_v3",
+ "Standard_D32s_v3",
+ "Standard_D64s_v3",
+ "Standard_E4s_v3",
+ "Standard_E8s_v3",
+ "Standard_E16s_v3",
+ "Standard_E20s_v3",
+ "Standard_E32s_v3",
+ "Standard_E64s_v3",
+ "Standard_E64is_v3",
+ "Standard_F4s_v2",
+ "Standard_F8s_v2",
+ "Standard_F16s_v2",
+ "Standard_F32s_v2",
+ "Standard_F64s_v2",
+ "Standard_M8ms",
+ "Standard_M16ms",
+ "Standard_M32ms",
+ "Standard_M64ms",
+ "Standard_M64s",
+ "Standard_D2_v2",
+ "Standard_D3_v2",
+ "Standard_D4_v2",
+ "Standard_D5_v2",
+ "Standard_D11_v2",
+ "Standard_D12_v2",
+ "Standard_D13_v2",
+ "Standard_D14_v2",
+ "Standard_D15_v2",
+ "Standard_F2",
+ "Standard_F4",
+ "Standard_F8",
+ "Standard_F16",
+ "Standard_D4_v3",
+ "Standard_D8_v3",
+ "Standard_D16_v3",
+ "Standard_D32_v3",
+ "Standard_D64_v3",
+ "Standard_E4_v3",
+ "Standard_E8_v3",
+ "Standard_E16_v3",
+ "Standard_E20_v3",
+ "Standard_E32_v3",
+ "Standard_E64_v3",
+ "Standard_E64i_v3",
+ "Standard_DS11_v2",
+ "Standard_DS12_v2",
+ "Standard_DS13_v2",
+ "Standard_DS14_v2",
+ "Standard_DS15_v2"
+ ]
+ },
+ "osPlatform": "Linux",
+ "imageReference": {
+ "publisher": "checkpoint",
+ "offer": "check-point-cg-r8040",
+ "sku": "sg-ngtx"
+ },
+ "count": 2
+ },
+ {
+ "name": "R81vmSizeUiBYOL",
+ "type": "Microsoft.Compute.SizeSelector",
+ "visible": "[and(equals(steps('chkp').cloudGuardVersion, 'R81'), contains(steps('chkp').R80Offer, 'Bring Your Own License'))]",
+ "label": "Virtual machine size",
+ "toolTip": "The VM size of the Security Gateway",
+ "recommendedSizes": [
+ "Standard_D3_v2",
+ "Standard_DS3_v2"
+ ],
+ "constraints": {
+ "allowedSizes": [
+ "Standard_D4_v4",
+ "Standard_D8_v4",
+ "Standard_D16_v4",
+ "Standard_D32_v4",
+ "Standard_D48_v4",
+ "Standard_D64_v4",
+ "Standard_D4s_v4",
+ "Standard_D8s_v4",
+ "Standard_D16s_v4",
+ "Standard_D32s_v4",
+ "Standard_D48s_v4",
+ "Standard_D64s_v4",
+ "Standard_D2_v5",
+ "Standard_D4_v5",
+ "Standard_D8_v5",
+ "Standard_D16_v5",
+ "Standard_D32_v5",
+ "Standard_D2s_v5",
+ "Standard_D4s_v5",
+ "Standard_D8s_v5",
+ "Standard_D16s_v5",
+ "Standard_D2d_v5",
+ "Standard_D4d_v5",
+ "Standard_D8d_v5",
+ "Standard_D16d_v5",
+ "Standard_D32d_v5",
+ "Standard_D2ds_v5",
+ "Standard_D4ds_v5",
+ "Standard_D8ds_v5",
+ "Standard_D16ds_v5",
+ "Standard_D32ds_v5",
+ "Standard_DS2_v2",
+ "Standard_DS3_v2",
+ "Standard_DS4_v2",
+ "Standard_DS5_v2",
+ "Standard_F2s",
+ "Standard_F4s",
+ "Standard_F8s",
+ "Standard_F16s",
+ "Standard_D4s_v3",
+ "Standard_D8s_v3",
+ "Standard_D16s_v3",
+ "Standard_D32s_v3",
+ "Standard_D64s_v3",
+ "Standard_E4s_v3",
+ "Standard_E8s_v3",
+ "Standard_E16s_v3",
+ "Standard_E20s_v3",
+ "Standard_E32s_v3",
+ "Standard_E64s_v3",
+ "Standard_E64is_v3",
+ "Standard_F4s_v2",
+ "Standard_F8s_v2",
+ "Standard_F16s_v2",
+ "Standard_F32s_v2",
+ "Standard_F64s_v2",
+ "Standard_M8ms",
+ "Standard_M16ms",
+ "Standard_M32ms",
+ "Standard_M64ms",
+ "Standard_M64s",
+ "Standard_D2_v2",
+ "Standard_D3_v2",
+ "Standard_D4_v2",
+ "Standard_D5_v2",
+ "Standard_D11_v2",
+ "Standard_D12_v2",
+ "Standard_D13_v2",
+ "Standard_D14_v2",
+ "Standard_D15_v2",
+ "Standard_F2",
+ "Standard_F4",
+ "Standard_F8",
+ "Standard_F16",
+ "Standard_D4_v3",
+ "Standard_D8_v3",
+ "Standard_D16_v3",
+ "Standard_D32_v3",
+ "Standard_D64_v3",
+ "Standard_E4_v3",
+ "Standard_E8_v3",
+ "Standard_E16_v3",
+ "Standard_E20_v3",
+ "Standard_E32_v3",
+ "Standard_E64_v3",
+ "Standard_E64i_v3",
+ "Standard_DS11_v2",
+ "Standard_DS12_v2",
+ "Standard_DS13_v2",
+ "Standard_DS14_v2",
+ "Standard_DS15_v2"
+ ]
+ },
+ "osPlatform": "Linux",
+ "imageReference": {
+ "publisher": "checkpoint",
+ "offer": "check-point-cg-r81",
+ "sku": "sg-byol"
+ },
+ "count": 2
+ },
+ {
+ "name": "R81vmSizeUiNGTP",
+ "type": "Microsoft.Compute.SizeSelector",
+ "visible": "[and(equals(steps('chkp').cloudGuardVersion, 'R81'), contains(steps('chkp').R80Offer, '(NGTP)'))]",
+ "label": "Virtual machine size",
+ "toolTip": "The VM size of the Security Gateway",
+ "recommendedSizes": [
+ "Standard_D3_v2",
+ "Standard_DS3_v2"
+ ],
+ "constraints": {
+ "allowedSizes": [
+ "Standard_D4_v4",
+ "Standard_D8_v4",
+ "Standard_D16_v4",
+ "Standard_D32_v4",
+ "Standard_D48_v4",
+ "Standard_D64_v4",
+ "Standard_D4s_v4",
+ "Standard_D8s_v4",
+ "Standard_D16s_v4",
+ "Standard_D32s_v4",
+ "Standard_D48s_v4",
+ "Standard_D64s_v4",
+ "Standard_D2_v5",
+ "Standard_D4_v5",
+ "Standard_D8_v5",
+ "Standard_D16_v5",
+ "Standard_D32_v5",
+ "Standard_D2s_v5",
+ "Standard_D4s_v5",
+ "Standard_D8s_v5",
+ "Standard_D16s_v5",
+ "Standard_D2d_v5",
+ "Standard_D4d_v5",
+ "Standard_D8d_v5",
+ "Standard_D16d_v5",
+ "Standard_D32d_v5",
+ "Standard_D2ds_v5",
+ "Standard_D4ds_v5",
+ "Standard_D8ds_v5",
+ "Standard_D16ds_v5",
+ "Standard_D32ds_v5",
+ "Standard_DS2_v2",
+ "Standard_DS3_v2",
+ "Standard_DS4_v2",
+ "Standard_DS5_v2",
+ "Standard_F2s",
+ "Standard_F4s",
+ "Standard_F8s",
+ "Standard_F16s",
+ "Standard_D4s_v3",
+ "Standard_D8s_v3",
+ "Standard_D16s_v3",
+ "Standard_D32s_v3",
+ "Standard_D64s_v3",
+ "Standard_E4s_v3",
+ "Standard_E8s_v3",
+ "Standard_E16s_v3",
+ "Standard_E20s_v3",
+ "Standard_E32s_v3",
+ "Standard_E64s_v3",
+ "Standard_E64is_v3",
+ "Standard_F4s_v2",
+ "Standard_F8s_v2",
+ "Standard_F16s_v2",
+ "Standard_F32s_v2",
+ "Standard_F64s_v2",
+ "Standard_M8ms",
+ "Standard_M16ms",
+ "Standard_M32ms",
+ "Standard_M64ms",
+ "Standard_M64s",
+ "Standard_D2_v2",
+ "Standard_D3_v2",
+ "Standard_D4_v2",
+ "Standard_D5_v2",
+ "Standard_D11_v2",
+ "Standard_D12_v2",
+ "Standard_D13_v2",
+ "Standard_D14_v2",
+ "Standard_D15_v2",
+ "Standard_F2",
+ "Standard_F4",
+ "Standard_F8",
+ "Standard_F16",
+ "Standard_D4_v3",
+ "Standard_D8_v3",
+ "Standard_D16_v3",
+ "Standard_D32_v3",
+ "Standard_D64_v3",
+ "Standard_E4_v3",
+ "Standard_E8_v3",
+ "Standard_E16_v3",
+ "Standard_E20_v3",
+ "Standard_E32_v3",
+ "Standard_E64_v3",
+ "Standard_E64i_v3",
+ "Standard_DS11_v2",
+ "Standard_DS12_v2",
+ "Standard_DS13_v2",
+ "Standard_DS14_v2",
+ "Standard_DS15_v2"
+ ]
+ },
+ "osPlatform": "Linux",
+ "imageReference": {
+ "publisher": "checkpoint",
+ "offer": "check-point-cg-r81",
+ "sku": "sg-ngtp"
+ },
+ "count": 2
+ },
+ {
+ "name": "R81vmSizeUiNGTX",
+ "type": "Microsoft.Compute.SizeSelector",
+ "visible": "[and(equals(steps('chkp').cloudGuardVersion, 'R81'), contains(steps('chkp').R80Offer, '(NGTX)'))]",
+ "label": "Virtual machine size",
+ "toolTip": "The VM size of the Security Gateway",
+ "recommendedSizes": [
+ "Standard_D3_v2",
+ "Standard_DS3_v2"
+ ],
+ "constraints": {
+ "allowedSizes": [
+ "Standard_D4_v4",
+ "Standard_D8_v4",
+ "Standard_D16_v4",
+ "Standard_D32_v4",
+ "Standard_D48_v4",
+ "Standard_D64_v4",
+ "Standard_D4s_v4",
+ "Standard_D8s_v4",
+ "Standard_D16s_v4",
+ "Standard_D32s_v4",
+ "Standard_D48s_v4",
+ "Standard_D64s_v4",
+ "Standard_D2_v5",
+ "Standard_D4_v5",
+ "Standard_D8_v5",
+ "Standard_D16_v5",
+ "Standard_D32_v5",
+ "Standard_D2s_v5",
+ "Standard_D4s_v5",
+ "Standard_D8s_v5",
+ "Standard_D16s_v5",
+ "Standard_D2d_v5",
+ "Standard_D4d_v5",
+ "Standard_D8d_v5",
+ "Standard_D16d_v5",
+ "Standard_D32d_v5",
+ "Standard_D2ds_v5",
+ "Standard_D4ds_v5",
+ "Standard_D8ds_v5",
+ "Standard_D16ds_v5",
+ "Standard_D32ds_v5",
+ "Standard_DS2_v2",
+ "Standard_DS3_v2",
+ "Standard_DS4_v2",
+ "Standard_DS5_v2",
+ "Standard_F2s",
+ "Standard_F4s",
+ "Standard_F8s",
+ "Standard_F16s",
+ "Standard_D4s_v3",
+ "Standard_D8s_v3",
+ "Standard_D16s_v3",
+ "Standard_D32s_v3",
+ "Standard_D64s_v3",
+ "Standard_E4s_v3",
+ "Standard_E8s_v3",
+ "Standard_E16s_v3",
+ "Standard_E20s_v3",
+ "Standard_E32s_v3",
+ "Standard_E64s_v3",
+ "Standard_E64is_v3",
+ "Standard_F4s_v2",
+ "Standard_F8s_v2",
+ "Standard_F16s_v2",
+ "Standard_F32s_v2",
+ "Standard_F64s_v2",
+ "Standard_M8ms",
+ "Standard_M16ms",
+ "Standard_M32ms",
+ "Standard_M64ms",
+ "Standard_M64s",
+ "Standard_D2_v2",
+ "Standard_D3_v2",
+ "Standard_D4_v2",
+ "Standard_D5_v2",
+ "Standard_D11_v2",
+ "Standard_D12_v2",
+ "Standard_D13_v2",
+ "Standard_D14_v2",
+ "Standard_D15_v2",
+ "Standard_F2",
+ "Standard_F4",
+ "Standard_F8",
+ "Standard_F16",
+ "Standard_D4_v3",
+ "Standard_D8_v3",
+ "Standard_D16_v3",
+ "Standard_D32_v3",
+ "Standard_D64_v3",
+ "Standard_E4_v3",
+ "Standard_E8_v3",
+ "Standard_E16_v3",
+ "Standard_E20_v3",
+ "Standard_E32_v3",
+ "Standard_E64_v3",
+ "Standard_E64i_v3",
+ "Standard_DS11_v2",
+ "Standard_DS12_v2",
+ "Standard_DS13_v2",
+ "Standard_DS14_v2",
+ "Standard_DS15_v2"
+ ]
+ },
+ "osPlatform": "Linux",
+ "imageReference": {
+ "publisher": "checkpoint",
+ "offer": "check-point-cg-r81",
+ "sku": "sg-ngtx"
+ },
+ "count": 2
+ },
+ {
+ "name": "adminShell",
+ "type": "Microsoft.Common.DropDown",
+ "label": "Default shell for the admin user",
+ "defaultValue": "/etc/cli.sh",
+ "toolTip": "The default shell for the admin user",
+ "constraints": {
+ "allowedValues": [
+ {
+ "label": "/etc/cli.sh",
+ "value": "/etc/cli.sh"
+ },
+ {
+ "label": "/bin/bash",
+ "value": "/bin/bash"
+ },
+ {
+ "label": "/bin/csh",
+ "value": "/bin/csh"
+ },
+ {
+ "label": "/bin/tcsh",
+ "value": "/bin/tcsh"
+ }
+ ]
+ }
+ },
+ {
+ "name": "sicKeyUi",
+ "type": "Microsoft.Common.PasswordBox",
+ "label": {
+ "password": "SIC key",
+ "confirmPassword": "Confirm SIC key"
+ },
+ "toolTip": "Set the Secure Internal Communication one time secret used to set up trust between the cluster object and the management server.",
+ "constraints": {
+ "required": true,
+ "regex": "^[a-z0-9A-Z]{12,30}$",
+ "validationMessage": "Only alphanumeric characters are allowed, and the value must be 12-30 characters long."
+ },
+ "options": {
+ "hideConfirmation": false
+ },
+ "visible": "true"
+ },
+ {
+ "name": "SerialPasswordInfoBox",
+ "type": "Microsoft.Common.InfoBox",
+ "visible": "[bool(basics('auth').sshPublicKey)]",
+ "options": {
+ "icon": "Info",
+ "text": "Check Point recommends setting serial console password and maintenance-mode password for recovery purposes. For R81.10 and below the serial console password is used also as maintenance-mode password"
+ }
+ },
+ {
+ "visible": "[bool(basics('auth').sshPublicKey)]",
+ "name": "EnableSerialConsolePassword",
+ "type": "Microsoft.Common.OptionsGroup",
+ "label": "Enable Serial console password",
+ "defaultValue": "Yes",
+ "toolTip": "A unique password hash to enable VM connection via serial console.",
+ "constraints": {
+ "allowedValues": [
+ {
+ "label": "Yes",
+ "value": true
+ },
+ {
+ "label": "No",
+ "value": false
+ }
+ ]
+ }
+ },
+ {
+ "name": "AdditionalPassword",
+ "type": "Microsoft.Common.PasswordBox",
+ "toolTip": "Serial console password hash, used to enable password authentication (using serial console). To generate password hash use the command 'openssl passwd -6 PASSWORD'",
+ "visible": "[and(bool(basics('auth').sshPublicKey), steps('chkp').EnableSerialConsolePassword)]",
+ "label": {
+ "password": "Password hash",
+ "confirmPassword": "Confirm password"
+ },
+ "constraints": {
+ "required": true,
+ "regex": "^.{12,300}$",
+ "validationMessage": "The value must be the output of the hash command."
+ },
+ "options": {
+ "hideConfirmation": false
+ }
+ },
+ {
+ "name": "managedSystemAssigned",
+ "type": "Microsoft.Common.OptionsGroup",
+ "visible": true,
+ "label": "Create a System Assigned Identity",
+ "toolTip": "Automatically create a Service Principal for this deployment.",
+ "defaultValue": "Yes",
+ "constraints": {
+ "allowedValues": [
+ {
+ "label": "Yes",
+ "value": "yes"
+ },
+ {
+ "label": "No",
+ "value": "no"
+ }
+ ]
+ }
+ },
+ {
+ "name": "availabilityOptions",
+ "type": "Microsoft.Common.DropDown",
+ "label": "Availability options",
+ "defaultValue": "Availability Set",
+ "toolTip": "Use replicated Cluster VMs in Availability Set or Availability Zones. Note that the load balancers and their IP addresses will be zone redundant in any case.",
+ "visible": "[contains(' australiaeast brazilsouth canadacentral centralus eastasia eastus eastus2 francecentral germanywestcentral japaneast koreacentral northeurope norwayeast southafricanorth southcentralus southeastasia swedencentral uksouth usgovvirginia westeurope westus2 westus3 switzerlandnorth qatarcentral centralindia uaenorth italynorth \\ ', concat(' ', location(), ' '))]",
+ "constraints": {
+ "allowedValues": [
+ {
+ "label": "Availability Set",
+ "value": "Availability Set"
+ },
+ {
+ "label": "Availability Zones",
+ "value": "Availability Zones"
+ }
+ ]
+ }
+ },
+ {
+ "name": "bootstrapScript",
+ "type": "Microsoft.Common.FileUpload",
+ "label": "Bootstrap script",
+ "toolTip": "An optional script to run on the initial boot",
+ "constraints": {
+ "required": false,
+ "accept": ".sh,text/plain"
+ },
+ "options": {
+ "multiple": false,
+ "uploadMode": "file",
+ "openMode": "text",
+ "encoding": "UTF-8"
+ }
+ },
+ {
+ "name": "allowUploadDownload",
+ "type": "Microsoft.Common.OptionsGroup",
+ "label": "Automatically download updates and share statistical data for product improvement purpose",
+ "defaultValue": "Yes",
+ "toolTip": "Automatically download Blade Contracts and other important data. Improve product experience by sending data to Check Point",
+ "constraints": {
+ "allowedValues": [
+ {
+ "label": "Yes",
+ "value": "true"
+ },
+ {
+ "label": "No",
+ "value": "false"
+ }
+ ]
+ }
+ },
+ {
+ "name": "VMDiskType",
+ "type": "Microsoft.Common.OptionsGroup",
+ "label": "VM disk type",
+ "toolTip": "Type of CloudGuard disk.",
+ "visible": "[not(contains('R80.40 R81 ' , steps('chkp').cloudGuardVersion))]",
+ "defaultValue": "Premium",
+ "constraints": {
+ "allowedValues": [
+ {
+ "label": "Standard",
+ "value": "Standard_LRS"
+ },
+ {
+ "label": "Premium",
+ "value": "Premium_LRS"
+ }
+ ]
+ }
+ },
+ {
+ "name": "VMDiskTypeOldVersions",
+ "type": "Microsoft.Common.OptionsGroup",
+ "label": "VM disk type",
+ "toolTip": "Type of CloudGuard disk.",
+ "visible": "[contains('R80.40 R81 ' , steps('chkp').cloudGuardVersion)]",
+ "defaultValue": "Standard",
+ "constraints": {
+ "allowedValues": [
+ {
+ "label": "Standard",
+ "value": "Standard_LRS"
+ },
+ {
+ "label": "Premium",
+ "value": "Premium_LRS"
+ }
+ ]
+ }
+ },
+ {
+ "name": "basics settings text block",
+ "type": "Microsoft.Common.TextBlock",
+ "visible": true,
+ "options": {
+ "text": "Please follow the Check Point referenced guide for adding disk space.",
+ "link": {
+ "label": "Additional disk space in CloudGuard",
+ "uri": "https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk156552"
+ }
+ }
+ },
+ {
+ "name": "additionalDiskSizeGB",
+ "type": "Microsoft.Common.TextBox",
+ "label": "Additional disk space (GB)",
+ "defaultValue": "0",
+ "toolTip": "Additional disk space (in GB), initial disk size is 100 GB.",
+ "constraints": {
+ "regex": "^([0-9]|[1-9][0-9]|[1-9][0-9][0-9]|[1-2][0-9][0-9][0-9]|3[0-8][0-9][0-9]|399[0-5])$",
+ "validationMessage": "Select a number between 0 and 3995"
+ }
+ },
+ {
+ "name": "useCustomImageUri",
+ "type": "Microsoft.Common.OptionsGroup",
+ "label": "Use development image uri",
+ "defaultValue": "No",
+ "toolTip": "Use custom image URI.",
+ "constraints": {
+ "allowedValues": [
+ {
+ "label": "Yes",
+ "value": "Yes"
+ },
+ {
+ "label": "No",
+ "value": "No"
+ }
+ ],
+ "required": true
+ },
+ "visible": false
+ },
+ {
+ "name": "sourceImageVhdUri",
+ "type": "Microsoft.Common.TextBox",
+ "label": "Development Image URI",
+ "toolTip": "The URI of the blob containing the development image",
+ "constraints": {
+ "required": "[equals(steps('chkp').useCustomImageUri, 'Yes')]",
+ "regex": "^[a-z0-9A-Z_\\-\\.\\:\\/]{1,500}.vhd$",
+ "validationMessage": "Only alphanumeric characters and '_','-','.',':','/' are allowed, the value must be 1-500 characters long and must end with .vhd. "
+ },
+ "visible": "[equals(steps('chkp').useCustomImageUri, 'Yes')]"
+ },
+ {
+ "name": "customMetrics",
+ "type": "Microsoft.Common.OptionsGroup",
+ "label": "Enable CloudGuard metrics",
+ "defaultValue": "Yes",
+ "toolTip": "Enable CloudGuard metrics in order to send statuses and statistics collected from Cluster members to the Azure Monitor service.",
+ "constraints": {
+ "allowedValues": [
+ {
+ "label": "Yes",
+ "value": "yes"
+ },
+ {
+ "label": "No",
+ "value": "no"
+ }
+ ]
+ },
+ "visible": true
+ },
+ {
+ "name": "customMetricsInfoBox",
+ "type": "Microsoft.Common.InfoBox",
+ "visible": "[and(equals(steps('chkp').customMetrics, 'yes'), not(equals(steps('chkp').managedSystemAssigned, 'yes')))]",
+ "options": {
+ "icon": "Warning",
+ "text": "CloudGuard metrics can't be used when System Assigned Identity is disabled"
+ }
+ },
+ {
+ "name": "floatingIP",
+ "type": "Microsoft.Common.OptionsGroup",
+ "label": "Deploy the Load Balancers with floating IP",
+ "defaultValue": "No",
+ "toolTip": "Deploy the Load Balancers with floating IP.",
+ "constraints": {
+ "allowedValues": [
+ {
+ "label": "No",
+ "value": "no"
+ },
+ {
+ "label": "Yes",
+ "value": "yes"
+ }
+ ]
+ },
+ "visible": true
+ },
+ {
+ "name": "publicIPPrefix",
+ "type": "Microsoft.Common.OptionsGroup",
+ "label": "Use public IP prefix",
+ "defaultValue": "No",
+ "toolTip": "Use public IP prefix.",
+ "constraints": {
+ "allowedValues": [
+ {
+ "label": "No",
+ "value": "no"
+ },
+ {
+ "label": "Yes",
+ "value": "yes"
+ }
+ ]
+ },
+ "visible": true
+ },
+ {
+ "name": "createNewIPPrefix",
+ "type": "Microsoft.Common.OptionsGroup",
+ "label": "Create public IP prefix",
+ "defaultValue": "No",
+ "toolTip": "Create new public IP prefix to use.",
+ "constraints": {
+ "allowedValues": [
+ {
+ "label": "No",
+ "value": "no"
+ },
+ {
+ "label": "Yes",
+ "value": "yes"
+ }
+ ]
+ },
+ "visible": "[equals(steps('chkp').publicIPPrefix, 'yes')]"
+ },
+ {
+ "name": "ipPrefixExistingResourceId",
+ "type": "Microsoft.Common.TextBox",
+ "label": "Public IP prefix resource id",
+ "defaultValue": "",
+ "toolTip": "Use an exisiting public IP prefix resource id.",
+ "constraints": {
+ "required": true,
+ "regex": "^[a-z0-9A-Z -.:/n]{1,}$",
+ "validationMessage": "Only alphanumeric characters, hyphens, spaces, periods, and colons are allowed."
+ },
+ "visible": "[equals(steps('chkp').createNewIPPrefix, 'no')]"
+ },
+ {
+ "name": "allowSmart1CloudConnection",
+ "type": "Microsoft.Common.OptionsGroup",
+ "label": "Quick connect to Smart-1 Cloud",
+ "defaultValue": "Yes",
+ "toolTip": "Automatically connect this Cluster to Smart-1 Cloud - Check Point's Security Management as a Service",
+ "constraints": {
+ "allowedValues": [
+ {
+ "label": "Yes",
+ "value": "yes"
+ },
+ {
+ "label": "No",
+ "value": "no"
+ }
+ ]
+ },
+ "visible": true
+ },
+ {
+ "name": "smart1CloudTokenTxt",
+ "type": "Microsoft.Common.TextBlock",
+ "options": {
+ "text": "Follow these instructions to quickly connect this Cluster to Smart-1 Cloud",
+ "link": {
+ "label": "SK180501 - Connecting CloudGuard Network Security Public Cloud Gateways to Smart-1 Cloud",
+ "uri": "https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk180501"
+ }
+ },
+ "visible": "[equals(steps('chkp').allowSmart1CloudConnection, 'yes')]"
+ },
+ {
+ "name": "Smart1CloudTokenA",
+ "type": "Microsoft.Common.TextBox",
+ "label": "Smart-1 Cloud Token Member A",
+ "toolTip": "Paste here the token copied from the Connect Gateway (Member A) screen in Smart-1 Cloud portal",
+ "constraints": {
+ "required": true,
+ "regex": "[\\S\\s]{5,}",
+ "validationMessage": "Smart1Cloud Token Should contain at lease 5 characters"
+ },
+ "visible": "[equals(steps('chkp').allowSmart1CloudConnection, 'yes')]"
+ },
+ {
+ "name": "Smart1CloudTokenB",
+ "type": "Microsoft.Common.TextBox",
+ "label": "Smart-1 Cloud Token Member B",
+ "toolTip": "Paste here the token copied from the Connect Gateway (Member B) screen in Smart-1 Cloud portal",
+ "constraints": {
+ "required": true,
+ "regex": "[\\S\\s]{5,}",
+ "validationMessage": "Smart1Cloud Token Should contain at lease 5 characters"
+ },
+ "visible": "[equals(steps('chkp').allowSmart1CloudConnection, 'yes')]"
+ }
+ ]
+ },
+ {
+ "name": "network",
+ "label": "Network settings",
+ "subLabel": {
+ "preValidation": "Configure network settings",
+ "postValidation": "Done"
+ },
+ "bladeTitle": "Network settings",
+ "elements": [
+ {
+ "name": "virtualNetwork",
+ "type": "Microsoft.Network.VirtualNetworkCombo",
+ "label": {
+ "virtualNetwork": "Virtual network",
+ "subnets": "Subnets"
+ },
+ "toolTip": {
+ "virtualNetwork": "Virtual Network Name",
+ "subnets": "List of subnets to deploy into"
+ },
+ "defaultValue": {
+ "name": "vnet01",
+ "addressPrefixSize": "/16"
+ },
+ "constraints": {
+ "minAddressPrefixSize": "/28"
+ },
+ "options": {
+ "hideExisting": false
+ },
+ "subnets": {
+ "subnet1": {
+ "label": "Frontend subnet",
+ "defaultValue": {
+ "name": "Frontend",
+ "addressPrefixSize": "/24"
+ },
+ "constraints": {
+ "minAddressPrefixSize": "/29",
+ "minAddressCount": 2,
+ "requireContiguousAddresses": true
+ }
+ },
+ "subnet2": {
+ "label": "Backend subnet",
+ "defaultValue": {
+ "name": "Backend",
+ "addressPrefixSize": "/24"
+ },
+ "constraints": {
+ "minAddressPrefixSize": "/29",
+ "minAddressCount": 2,
+ "requireContiguousAddresses": true
+ }
+ }
+ }
+ },
+ {
+ "name": "Vips_Number",
+ "type": "Microsoft.Common.DropDown",
+ "label": "Number of Virtual IPs (VIP)",
+ "defaultValue": "1",
+ "toolTip": "Choose number of Virtual IP addresses to deploy for the cluster's external NIC",
+ "constraints": {
+ "allowedValues": [
+ {
+ "label": "1",
+ "value": "1"
+ },
+ {
+ "label": "2",
+ "value": "2"
+ },
+ {
+ "label": "3",
+ "value": "3"
+ },
+ {
+ "label": "4",
+ "value": "4"
+ },
+ {
+ "label": "5",
+ "value": "5"
+ },
+ {
+ "label": "6",
+ "value": "6"
+ },
+ {
+ "label": "7",
+ "value": "7"
+ },
+ {
+ "label": "8",
+ "value": "8"
+ },
+ {
+ "label": "9",
+ "value": "9"
+ },
+ {
+ "label": "10",
+ "value": "10"
+ }
+ ],
+ "required": true
+ },
+ "visible": true
+ },
+ {
+ "name": "VIP_Names",
+ "type": "Microsoft.Common.Section",
+ "label": "VIPs Names",
+ "elements": [
+ {
+ "name": "VIP2_Name",
+ "type": "Microsoft.Common.TextBox",
+ "label": "VIP 2 name",
+ "toolTip": "Choose name for VIP number 2",
+ "visible": "[greater(int(steps('network').Vips_Number), 1)]",
+ "constraints": {
+ "validations": [
+ {
+ "regex": "^[a-z0-9A-Z]{1,30}$",
+ "message": "Only alphanumeric characters are allowed, and the name must be 1-30 characters long."
+ }
+ ]
+ }
+ },
+ {
+ "name": "VIP3_Name",
+ "type": "Microsoft.Common.TextBox",
+ "label": "VIP 3 name",
+ "toolTip": "Choose name for VIP number 3",
+ "visible": "[greater(int(steps('network').Vips_Number), 2)]",
+ "constraints": {
+ "validations": [
+ {
+ "regex": "^[a-z0-9A-Z]{1,30}$",
+ "message": "Only alphanumeric characters are allowed, and the name must be 1-30 characters long."
+ }
+ ]
+ }
+ },
+ {
+ "name": "VIP4_Name",
+ "type": "Microsoft.Common.TextBox",
+ "label": "VIP 4 name",
+ "toolTip": "Choose name for VIP number 4",
+ "visible": "[greater(int(steps('network').Vips_Number), 3)]",
+ "constraints": {
+ "validations": [
+ {
+ "regex": "^[a-z0-9A-Z]{1,30}$",
+ "message": "Only alphanumeric characters are allowed, and the name must be 1-30 characters long."
+ }
+ ]
+ }
+ },
+ {
+ "name": "VIP5_Name",
+ "type": "Microsoft.Common.TextBox",
+ "label": "VIP 5 name",
+ "toolTip": "Choose name for VIP number 5",
+ "visible": "[greater(int(steps('network').Vips_Number), 4)]",
+ "constraints": {
+ "validations": [
+ {
+ "regex": "^[a-z0-9A-Z]{1,30}$",
+ "message": "Only alphanumeric characters are allowed, and the name must be 1-30 characters long."
+ }
+ ]
+ }
+ },
+ {
+ "name": "VIP6_Name",
+ "type": "Microsoft.Common.TextBox",
+ "label": "VIP 6 name",
+ "toolTip": "Choose name for VIP number 6",
+ "visible": "[greater(int(steps('network').Vips_Number), 5)]",
+ "constraints": {
+ "validations": [
+ {
+ "regex": "^[a-z0-9A-Z]{1,30}$",
+ "message": "Only alphanumeric characters are allowed, and the name must be 1-30 characters long."
+ }
+ ]
+ }
+ },
+ {
+ "name": "VIP7_Name",
+ "type": "Microsoft.Common.TextBox",
+ "label": "VIP 7 name",
+ "toolTip": "Choose name for VIP number 7",
+ "visible": "[greater(int(steps('network').Vips_Number), 6)]",
+ "constraints": {
+ "validations": [
+ {
+ "regex": "^[a-z0-9A-Z]{1,30}$",
+ "message": "Only alphanumeric characters are allowed, and the name must be 1-30 characters long."
+ }
+ ]
+ }
+ },
+ {
+ "name": "VIP8_Name",
+ "type": "Microsoft.Common.TextBox",
+ "label": "VIP 8 name",
+ "toolTip": "Choose name for VIP number 8",
+ "visible": "[greater(int(steps('network').Vips_Number), 7)]",
+ "constraints": {
+ "validations": [
+ {
+ "regex": "^[a-z0-9A-Z]{1,30}$",
+ "message": "Only alphanumeric characters are allowed, and the name must be 1-30 characters long."
+ }
+ ]
+ }
+ },
+ {
+ "name": "VIP9_Name",
+ "type": "Microsoft.Common.TextBox",
+ "label": "VIP 9 name",
+ "toolTip": "Choose name for VIP number 9",
+ "visible": "[greater(int(steps('network').Vips_Number), 8)]",
+ "constraints": {
+ "validations": [
+ {
+ "regex": "^[a-z0-9A-Z]{1,30}$",
+ "message": "Only alphanumeric characters are allowed, and the name must be 1-30 characters long."
+ }
+ ]
+ }
+ },
+ {
+ "name": "VIP10_Name",
+ "type": "Microsoft.Common.TextBox",
+ "label": "VIP 10 name",
+ "toolTip": "Choose name for VIP number 10",
+ "visible": "[greater(int(steps('network').Vips_Number), 9)]",
+ "constraints": {
+ "validations": [
+ {
+ "regex": "^[a-z0-9A-Z]{1,30}$",
+ "message": "Only alphanumeric characters are allowed, and the name must be 1-30 characters long."
+ }
+ ]
+ }
+ }
+ ],
+ "visible": "[greater(int(steps('network').Vips_Number), 1)]"
+ },
+ {
+ "name": "NSG",
+ "type": "Microsoft.Common.OptionsGroup",
+ "label": "Network Security Group",
+ "toolTip": "Choose between using an existing NSG or using a new NSG",
+ "constraints": {
+ "allowedValues": [
+ {
+ "label": "Create new",
+ "value": true
+ },
+ {
+ "label": "Existing NSG",
+ "value": false
+ }
+ ],
+ "required": true
+ },
+ "visible": true
+ },
+ {
+ "name": "nsgSelector",
+ "type": "Microsoft.Solutions.ResourceSelector",
+ "label": "Network Security Group",
+ "defaultValue": "null",
+ "toolTip": "Choose an existing NSG",
+ "resourceType": "Microsoft.Network/NetworkSecurityGroups",
+ "options": {
+ "filter": {
+ "subscription": "onBasics",
+ "location": "onBasics"
+ }
+ },
+ "constraints": {
+ "required": true
+ },
+ "visible": "[equals(steps('network').NSG, false)]"
+ },
+ {
+ "name": "NSGName",
+ "type": "Microsoft.Common.TextBox",
+ "label": "Name",
+ "defaultValue": "[concat(basics('clusterObjectNameUi') , '-nsg')]",
+ "toolTip": "Insert Name for the new NSG",
+ "multiLine": false,
+ "constraints": {
+ "required": "[steps('network').NSG]",
+ "regex": "^[a-z0-9A-Z-]{1,30}$",
+ "validationMessage": "Only alphanumeric characters are allowed, and the name must be 1-30 characters long."
+ },
+ "visible": "[steps('network').NSG]"
+ },
+ {
+ "name": "addStorageAccountIpRules",
+ "type": "Microsoft.Common.OptionsGroup",
+ "defaultValue": "Network access from all networks",
+ "label": "Storage Account Network Access",
+ "toolTip": "Select your preferred network access to the Storage Account, for more information - https://learn.microsoft.com/en-us/troubleshoot/azure/virtual-machines/serial-console-linux#serial-console-security",
+ "constraints": {
+ "allowedValues": [
+ {
+ "label": "Network access from all networks",
+ "value": false
+ },
+ {
+ "label": "Network access only from Serial Console",
+ "value": true
+ }
+ ],
+ "required": true
+ },
+ "visible": true
+ }
+ ]
+ },
+ {
+ "name": "tags",
+ "label": "Tags",
+ "elements": [
+ {
+ "name": "tagsByResource",
+ "type": "Microsoft.Common.TagsByResource",
+ "toolTip": "Create Azure tags for the new resources",
+ "resources": [
+ "Microsoft.Storage/storageAccounts",
+ "Microsoft.Compute/availabilitySets",
+ "Microsoft.Network/publicIPAddresses",
+ "Microsoft.Network/networkInterfaces",
+ "Microsoft.Compute/virtualMachines",
+ "Microsoft.Network/loadBalancers",
+ "Microsoft.Network/networkSecurityGroups",
+ "Microsoft.Network/routeTables",
+ "Microsoft.Network/virtualNetworks"
+ ]
+ }
+ ]
+ }
+ ],
+ "outputs": {
+ "location": "[location()]",
+ "cloudGuardVersion": "[concat(steps('chkp').cloudGuardVersion, ' - ', coalesce(steps('chkp').R80Offer, 'Bring Your Own License'))]",
+ "adminPassword": "[basics('auth').password]",
+ "authenticationType": "[basics('auth').authenticationType]",
+ "sshPublicKey": "[basics('auth').sshPublicKey]",
+ "vmName": "[basics('clusterObjectNameUi')]",
+ "vmSize": "[coalesce(steps('chkp').R8040vmSizeUiBYOL, steps('chkp').R8040vmSizeUiNGTP, steps('chkp').R8040vmSizeUiNGTX, steps('chkp').R81vmSizeUiBYOL, steps('chkp').R81vmSizeUiNGTP, steps('chkp').R81vmSizeUiNGTX)]",
+ "sicKey": "[steps('chkp').sicKeyUi]",
+ "virtualNetworkName": "[steps('network').virtualNetwork.name]",
+ "virtualNetworkAddressPrefixes": "[steps('network').virtualNetwork.addressPrefixes]",
+ "subnet1Name": "[steps('network').virtualNetwork.subnets.subnet1.name]",
+ "subnet1Prefix": "[steps('network').virtualNetwork.subnets.subnet1.addressPrefix]",
+ "subnet1StartAddress": "[steps('network').virtualNetwork.subnets.subnet1.startAddress]",
+ "subnet2Name": "[steps('network').virtualNetwork.subnets.subnet2.name]",
+ "subnet2Prefix": "[steps('network').virtualNetwork.subnets.subnet2.addressPrefix]",
+ "subnet2StartAddress": "[steps('network').virtualNetwork.subnets.subnet2.startAddress]",
+ "vnetNewOrExisting": "[steps('network').virtualNetwork.newOrExisting]",
+ "virtualNetworkExistingRGName": "[steps('network').virtualNetwork.resourceGroup]",
+ "bootstrapScript": "[steps('chkp').bootstrapScript]",
+ "allowDownloadFromUploadToCheckPoint": "[coalesce(steps('chkp').allowUploadDownload, 'true')]",
+ "additionalDiskSizeGB": "[int(steps('chkp').additionalDiskSizeGB)]",
+ "diskType": "[if(contains('R80.40 R81 ' , steps('chkp').cloudGuardVersion) , steps('chkp').VMDiskTypeOldVersions , steps('chkp').VMDiskType)]",
+ "managedSystemAssigned": "[steps('chkp').managedSystemAssigned]",
+ "sourceImageVhdUri": "[coalesce(steps('chkp').sourceImageVhdUri, 'noCustomUri')]",
+ "availabilityOptions": "[steps('chkp').availabilityOptions]",
+ "customMetrics": "[steps('chkp').customMetrics]",
+ "floatingIP": "[steps('chkp').floatingIP]",
+ "publicIPPrefix": "[steps('chkp').publicIPPrefix]",
+ "createNewIPPrefix": "[steps('chkp').createNewIPPrefix]",
+ "ipPrefixExistingResourceId": "[steps('chkp').ipPrefixExistingResourceId]",
+ "adminShell": "[steps('chkp').adminShell]",
+ "smart1CloudTokenA": "[steps('chkp').Smart1CloudTokenA]",
+ "smart1CloudTokenB": "[steps('chkp').Smart1CloudTokenB]",
+ "tagsByResource": "[steps('tags').tagsByResource]",
+ "deployNewNSG": "[steps('network').NSG]",
+ "ExistingNSG": "[steps('network').nsgSelector]",
+ "NewNsgName": "[steps('network').NSGName]",
+ "addStorageAccountIpRules":"[steps('network').addStorageAccountIpRules]",
+ "VipsNumber": "[int(steps('network').Vips_Number)]",
+ "VipNames": "[concat(steps('network').VIP_Names.VIP2_Name, ',', steps('network').VIP_Names.VIP3_Name, ',', steps('network').VIP_Names.VIP4_Name, ',', steps('network').VIP_Names.VIP5_Name, ',', steps('network').VIP_Names.VIP6_Name, ',', steps('network').VIP_Names.VIP7_Name, ',', steps('network').VIP_Names.VIP8_Name, ',', steps('network').VIP_Names.VIP9_Name, ',', steps('network').VIP_Names.VIP10_Name)]",
+ "SerialConsolePasswordHash": "[steps('chkp').AdditionalPassword]"
+ }
+ }
+}
\ No newline at end of file
diff --git a/deprecated/azure/templates/R8040-R81/ha-r8040-r81/mainTemplate.json b/deprecated/azure/templates/R8040-R81/ha-r8040-r81/mainTemplate.json
new file mode 100644
index 00000000..59952e87
--- /dev/null
+++ b/deprecated/azure/templates/R8040-R81/ha-r8040-r81/mainTemplate.json
@@ -0,0 +1,1294 @@
+{
+ "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
+ "contentVersion": "1.0.0.0",
+ "parameters": {
+ "location": {
+ "type": "string",
+ "metadata": {
+ "description": "Deployment location"
+ },
+ "defaultValue": "[resourceGroup().location]"
+ },
+ "cloudGuardVersion": {
+ "type": "string",
+ "allowedValues": [
+ "R80.40 - Bring Your Own License",
+ "R80.40 - Pay As You Go (NGTP)",
+ "R80.40 - Pay As You Go (NGTX)",
+ "R81 - Bring Your Own License",
+ "R81 - Pay As You Go (NGTP)",
+ "R81 - Pay As You Go (NGTX)",
+ ],
+ "defaultValue": "R81 - Bring Your Own License",
+ "metadata": {
+ "description": "Check Point CloudGuard version"
+ }
+ },
+ "authenticationType": {
+ "type": "string",
+ "allowedValues": [
+ "password",
+ "sshPublicKey"
+ ],
+ "defaultValue": "password",
+ "metadata": {
+ "description": "Authentication type"
+ }
+ },
+ "sshPublicKey": {
+ "type": "string",
+ "defaultValue": "",
+ "metadata": {
+ "description": "Administrator SSH public key"
+ }
+ },
+ "adminPassword": {
+ "type": "securestring",
+ "metadata": {
+ "description": "Administrator password"
+ },
+ "defaultValue": ""
+ },
+ "SerialConsolePasswordHash": {
+ "type": "securestring",
+ "defaultValue": "",
+ "metadata": {
+ "Description": "Optional parameter, used to enable serial console connection in case of SSH key as authentication type"
+ }
+ },
+ "floatingIP": {
+ "type": "string",
+ "allowedValues": [
+ "no",
+ "yes"
+ ],
+ "defaultValue": "no",
+ "metadata": {
+ "description": "Deploy the Load Balancers with floating IP"
+ }
+ },
+ "publicIPPrefix": {
+ "type": "string",
+ "allowedValues": [
+ "no",
+ "yes"
+ ],
+ "defaultValue": "no",
+ "metadata": {
+ "description": "Use public IP prefix"
+ }
+ },
+ "createNewIPPrefix": {
+ "type": "string",
+ "allowedValues": [
+ "no",
+ "yes"
+ ],
+ "defaultValue": "no",
+ "metadata": {
+ "description": "Create new public IP prefix"
+ }
+ },
+ "ipPrefixExistingResourceId": {
+ "type": "string",
+ "metadata": {
+ "description": "The resource id of the existing IP prefix"
+ },
+ "defaultValue": ""
+ },
+ "vmName": {
+ "type": "string",
+ "defaultValue": "[resourceGroup().name]",
+ "metadata": {
+ "description": "Name of the Check Point Cluster object"
+ }
+ },
+ "vmSize": {
+ "type": "string",
+ "defaultValue": "Standard_D3_v2",
+ "metadata": {
+ "description": "Size of the VM"
+ }
+ },
+ "adminShell": {
+ "type": "string",
+ "defaultValue": "/etc/cli.sh",
+ "allowedValues": [
+ "/etc/cli.sh",
+ "/bin/bash",
+ "/bin/csh",
+ "/bin/tcsh"
+ ],
+ "metadata": {
+ "Description": "The default shell for the admin user"
+ }
+ },
+ "sicKey": {
+ "type": "securestring",
+ "metadata": {
+ "description": "One time key for Secure Internal Communication"
+ }
+ },
+ "virtualNetworkName": {
+ "type": "string",
+ "metadata": {
+ "description": "The name of the virtual network"
+ },
+ "defaultValue": "[concat(resourceGroup().name, '-vnet')]"
+ },
+ "virtualNetworkAddressPrefixes": {
+ "type": "array",
+ "metadata": {
+ "description": "The address prefixes of the virtual network"
+ },
+ "defaultValue": [
+ "10.0.0.0/16"
+ ]
+ },
+ "subnet1Name": {
+ "type": "string",
+ "metadata": {
+ "description": "The name of the frontend subnet"
+ },
+ "defaultValue": "Frontend"
+ },
+ "subnet1Prefix": {
+ "type": "string",
+ "metadata": {
+ "description": "The address prefix of the frontend subnet"
+ },
+ "defaultValue": "10.0.1.0/24"
+ },
+ "subnet1StartAddress": {
+ "type": "string",
+ "metadata": {
+ "description": "The first available address on the 1st subnet"
+ },
+ "defaultValue": "10.0.1.10"
+ },
+ "subnet2Name": {
+ "type": "string",
+ "metadata": {
+ "description": "The name of the backend subnet"
+ },
+ "defaultValue": "Backend"
+ },
+ "subnet2Prefix": {
+ "type": "string",
+ "metadata": {
+ "description": "The address prefix of the backend subnet"
+ },
+ "defaultValue": "10.0.2.0/24"
+ },
+ "subnet2StartAddress": {
+ "type": "string",
+ "metadata": {
+ "description": "The first available address on the 2nd subnet"
+ },
+ "defaultValue": "10.0.2.10"
+ },
+ "vnetNewOrExisting": {
+ "type": "string",
+ "defaultValue": "new",
+ "allowedValues": [
+ "new",
+ "existing"
+ ],
+ "metadata": {
+ "Description": "Indicates whether the virtual network is new or existing"
+ }
+ },
+ "virtualNetworkExistingRGName": {
+ "type": "string",
+ "metadata": {
+ "description": "Resource Group of the existing virtual network"
+ },
+ "defaultValue": "[resourceGroup().name]"
+ },
+ "bootstrapScript": {
+ "type": "string",
+ "metadata": {
+ "description": "Bootstrap script"
+ },
+ "defaultValue": ""
+ },
+ "allowDownloadFromUploadToCheckPoint": {
+ "type": "string",
+ "allowedValues": [
+ "true",
+ "false"
+ ],
+ "defaultValue": "true",
+ "metadata": {
+ "description": "Automatically download Blade Contracts and other important data. Improve product experience by sending data to Check Point"
+ }
+ },
+ "additionalDiskSizeGB": {
+ "type": "int",
+ "defaultValue": 0,
+ "metadata": {
+ "description": "Amount of additional disk space (in GB)"
+ },
+ "minValue": 0,
+ "maxValue": 3995
+ },
+ "diskType": {
+ "type": "string",
+ "defaultValue": "Standard_LRS",
+ "metadata": {
+ "description": "The type of the OS disk. Premium is applicable only to DS machine sizes"
+ },
+ "allowedValues": [
+ "Standard_LRS",
+ "Premium_LRS"
+ ]
+ },
+ "managedSystemAssigned": {
+ "type": "string",
+ "allowedValues": [
+ "yes",
+ "no"
+ ],
+ "defaultValue": "yes",
+ "metadata": {
+ "description": "Automatically create a Service Principal for this deployment."
+ }
+ },
+ "sourceImageVhdUri": {
+ "type": "string",
+ "defaultValue": "noCustomUri",
+ "metadata": {
+ "description": "The URI of the blob containing the development image"
+ }
+ },
+ "availabilityOptions": {
+ "type": "string",
+ "allowedValues": [
+ "Availability Set",
+ "Availability Zones"
+ ],
+ "defaultValue": "Availability Set",
+ "metadata": {
+ "description": "Use replicated Cluster VMs in Availability Set or Availability Zones"
+ }
+ },
+ "_artifactsLocation": {
+ "type": "string",
+ "metadata": {
+ "description": "Use the following URI when deploying a custom template: https://raw.githubusercontent.com/CheckPointSW/CloudGuardIaaS/master/azure/templates/"
+ },
+ "defaultValue": "[deployment().properties.templateLink.uri]"
+ },
+ "_artifactsLocationSasToken": {
+ "type": "securestring",
+ "metadata": {
+ "description": "The sasToken required to access _artifactsLocation. When the template is deployed using the accompanying scripts, a sasToken will be automatically generated. Use the defaultValue if the staging location is not secured."
+ },
+ "defaultValue": ""
+ },
+ "customMetrics": {
+ "type": "string",
+ "allowedValues": [
+ "no",
+ "yes"
+ ],
+ "defaultValue": "yes",
+ "metadata": {
+ "Description": "Indicates whether CloudGuard Metrics will be used for Cluster members monitoring"
+ }
+ },
+ "smart1CloudTokenA": {
+ "type": "securestring",
+ "defaultValue": ""
+ },
+ "smart1CloudTokenB": {
+ "type": "securestring",
+ "defaultValue": ""
+ },
+ "tagsByResource": {
+ "type": "object",
+ "defaultValue": {}
+ },
+ "deployNewNSG": {
+ "type": "bool",
+ "defaultValue": true
+ },
+ "ExistingNSG": {
+ "type": "object",
+ "defaultValue": {}
+ },
+ "NewNsgName": {
+ "type": "string",
+ "defaultValue": "[concat(parameters('vmName'),'-nsg')]"
+ },
+ "VipsNumber": {
+ "type": "int",
+ "defaultValue": 1,
+ "minValue": 1,
+ "maxValue": 10
+ },
+ "VipNames": {
+ "type": "string",
+ "defaultValue": ""
+ },
+ "addStorageAccountIpRules": {
+ "type": "bool",
+ "metadata": {
+ "description": "Add Storage Account IP rules that allow access to the Serial Console only for IPs based on their geographic location, based on https://learn.microsoft.com/en-us/troubleshoot/azure/virtual-machines/serial-console-linux#use-serial-console-with-custom-boot-diagnostics-storage-account-firewall-enabled, based on https://learn.microsoft.com/en-us/troubleshoot/azure/virtual-machines/serial-console-linux#use-serial-console-with-custom-boot-diagnostics-storage-account-firewall-enabled"
+ },
+ "defaultValue" : false
+ },
+ "storageAccountAdditionalIps":{
+ "type": "array",
+ "metadata": {
+ "description": "IPs/CIDRs that are allowed access to the Storage Account"
+ },
+ "defaultValue" : []
+ }
+
+ },
+ "variables": {
+ "VIPs_Number": "[int(parameters('VipsNumber'))]",
+ "Vip_Names": "[split(parameters('VipNames'), ',')]",
+ "templateName": "ha",
+ "templateVersion": "20230910",
+ "location": "[parameters('location')]",
+ "elbPublicIPName": "frontend-lb-address",
+ "haPublicIPName": "[parameters('vmName')]",
+ "offers": {
+ "R80.40 - Bring Your Own License": "BYOL",
+ "R80.40 - Pay As You Go (NGTP)": "NGTP",
+ "R80.40 - Pay As You Go (NGTX)": "NGTX",
+ "R81 - Bring Your Own License": "BYOL",
+ "R81 - Pay As You Go (NGTP)": "NGTP",
+ "R81 - Pay As You Go (NGTX)": "NGTX",
+ },
+ "offer": "[variables('offers')[parameters('cloudGuardVersion')]]",
+ "osVersions": {
+ "R80.40 - Bring Your Own License": "R8040",
+ "R80.40 - Pay As You Go (NGTP)": "R8040",
+ "R80.40 - Pay As You Go (NGTX)": "R8040",
+ "R81 - Bring Your Own License": "R81",
+ "R81 - Pay As You Go (NGTP)": "R81",
+ "R81 - Pay As You Go (NGTX)": "R81",
+ },
+ "osVersion": "[variables('osVersions')[parameters('cloudGuardVersion')]]",
+ "SerialConsoleGeographies": {
+ "eastasia" : ["20.205.69.28", "20.195.85.180"],
+ "southeastasia" : ["20.205.69.28", "20.195.85.180"],
+ "australiacentral" : ["20.53.53.224", "20.70.222.112"],
+ "australiacentral2" : ["20.53.53.224", "20.70.222.112"],
+ "australiaeast" : ["20.53.53.224", "20.70.222.112"],
+ "australiasoutheast" : ["20.53.53.224", "20.70.222.112"],
+ "brazilsouth" : ["91.234.136.63", "20.206.0.194"],
+ "brazilsoutheast" : ["91.234.136.63", "20.206.0.194"],
+ "canadacentral" : ["52.228.86.177", "52.242.40.90"],
+ "canadaeast" : ["52.228.86.177", "52.242.40.90"],
+ "northeurope" : ["52.146.139.220", "20.105.209.72"],
+ "westeurope" : ["52.146.139.220", "20.105.209.72"],
+ "francecentral" : ["20.111.0.244", "52.136.191.10"],
+ "francesouth" : ["20.111.0.244", "52.136.191.10"],
+ "germanynorth" : ["51.116.75.88", "20.52.95.48"],
+ "germanywestcentral" : ["51.116.75.88", "20.52.95.48"],
+ "centralindia" : ["20.192.168.150", "20.192.153.104"],
+ "southindia" : ["20.192.168.150", "20.192.153.104"],
+ "westindia" : ["20.192.168.150", "20.192.153.104"],
+ "japaneast" : ["20.43.70.205", "20.189.228.222"],
+ "japanwest" : ["20.43.70.205", "20.189.228.222"],
+ "koreacentral" : ["20.200.196.96", "52.147.119.29"],
+ "koreasouth" : ["20.200.196.96", "52.147.119.29"],
+ "norwaywest" : ["20.100.1.184", "51.13.138.76"],
+ "norwayeast" : ["20.100.1.184", "51.13.138.76"],
+ "switzerlandnorth" : ["20.208.4.98", "51.107.251.190"],
+ "switzerlandwest" : ["20.208.4.98", "51.107.251.190"],
+ "uaecentral" : ["20.45.95.66", "20.38.141.5"],
+ "uaenorth" : ["20.45.95.66", "20.38.141.5"],
+ "uksouth" : ["20.90.132.144", "20.58.68.62"],
+ "ukwest" : ["20.90.132.144", "20.58.68.62"],
+ "swedencentral" : ["51.12.72.223", "51.12.22.174"],
+ "swedensouth" : ["51.12.72.223", "51.12.22.174"],
+ "centralus" : ["20.98.146.84", "20.98.194.64", "20.69.5.162", "20.83.222.102"],
+ "eastus2" : ["20.98.146.84", "20.98.194.64", "20.69.5.162", "20.83.222.102"],
+ "eastus" : ["20.98.146.84", "20.98.194.64", "20.69.5.162", "20.83.222.102"],
+ "northcentralus" : ["20.98.146.84", "20.98.194.64", "20.69.5.162", "20.83.222.102"],
+ "southcentralus" : ["20.98.146.84", "20.98.194.64", "20.69.5.162", "20.83.222.102"],
+ "westus2" : ["20.98.146.84", "20.98.194.64", "20.69.5.162", "20.83.222.102"],
+ "westus3" : ["20.98.146.84", "20.98.194.64", "20.69.5.162", "20.83.222.102"],
+ "westcentralus" : ["20.98.146.84", "20.98.194.64", "20.69.5.162", "20.83.222.102"],
+ "westus" : ["20.98.146.84", "20.98.194.64", "20.69.5.162", "20.83.222.102"],
+ "eastus2euap" : ["20.45.242.18", "20.51.21.252"],
+ "centraluseuap" : ["20.45.242.18", "20.51.21.252"]},
+ "serialConsoleIps": "[if(contains(variables('serialConsoleGeographies'),variables('location')),variables('serialConsoleGeographies')[variables('location')],createArray())]",
+ "storageAccountIps" : "[concat(variables('SerialConsoleIps'),parameters('storageAccountAdditionalIps'))]",
+ "isBlink": true,
+ "storageAccountName": "[concat('bootdiag', uniqueString(resourceGroup().id, deployment().name))]",
+ "storageAccountType": "Standard_LRS",
+ "diskSize100GB": 100,
+ "diskSizeGB": "[add(parameters('additionalDiskSizeGB'), variables('diskSize100GB'))]",
+ "imageOffer": "[concat('check-point-cg-', toLower(variables('osVersion')))]",
+ "imagePublisher": "checkpoint",
+ "imageReferenceBYOL": {
+ "offer": "[variables('imageOffer')]",
+ "publisher": "[variables('imagePublisher')]",
+ "sku": "sg-byol",
+ "version": "latest"
+ },
+ "imageReferenceNGTP": {
+ "offer": "[variables('imageOffer')]",
+ "publisher": "[variables('imagePublisher')]",
+ "sku": "sg-ngtp",
+ "version": "latest"
+ },
+ "imageReferenceNGTP-V2": {
+ "offer": "[variables('imageOffer')]",
+ "publisher": "[variables('imagePublisher')]",
+ "sku": "sg-ngtp-v2",
+ "version": "latest"
+ },
+ "imageReferenceNGTX": {
+ "offer": "[variables('imageOffer')]",
+ "publisher": "[variables('imagePublisher')]",
+ "sku": "sg-ngtx",
+ "version": "latest"
+ },
+ "imageReferenceNGTX-V2": {
+ "offer": "[variables('imageOffer')]",
+ "publisher": "[variables('imagePublisher')]",
+ "sku": "sg-ngtx-v2",
+ "version": "latest"
+ },
+ "imageReferenceMarketplace": "[if(equals(variables('offer'), 'BYOL'), variables('imageReferenceBYOL'), if(equals(variables('offer'), 'NGTP'), variables('imageReferenceNGTP'), if(equals(variables('offer'), 'NGTP-V2'), variables('imageReferenceNGTP-V2'), if(equals(variables('offer'), 'NGTX'), variables('imageReferenceNGTX'), if(equals(variables('offer'), 'NGTX-V2'), variables('imageReferenceNGTX-V2'), json('null'))))))]",
+ "customImage": "customImage",
+ "imageReferenceCustomUri": {
+ "id": "[resourceId('Microsoft.Compute/images/', variables('customImage'))]"
+ },
+ "imageReference": "[if(equals(parameters('sourceImageVhdUri'),'noCustomUri'), variables('imageReferenceMarketplace'), variables('imageReferenceCustomUri'))]",
+ "enableFloatingIP": "[equals(parameters('floatingIP'), 'yes')]",
+ "nic1Name": "eth0",
+ "nic2Name": "eth1",
+ "elbName": "frontend-lb",
+ "elbId": "[resourceId('Microsoft.Network/loadBalancers', variables('elbName'))]",
+ "elbBEAddressPool": "[concat(variables('elbName'), '-pool')]",
+ "elbBEAddressPoolID": "[resourceId('Microsoft.Network/loadBalancers/backendAddressPools', variables('elbName'), variables('elbBEAddressPool'))]",
+ "ilbName": "backend-lb",
+ "ilbId": "[resourceId('Microsoft.Network/loadBalancers', variables('ilbName'))]",
+ "ilbBEAddressPool": "[concat(variables('ilbName'), '-pool')]",
+ "ilbBEAddressPoolID": "[resourceId('Microsoft.Network/loadBalancers/backendAddressPools/', variables('ilbName'), variables('ilbBEAddressPool'))]",
+ "ilbFEIPConfigID": "[resourceId('Microsoft.Network/loadBalancers/frontendIPConfigurations/', variables('ilbName'), variables('ilbName'))]",
+ "ilbProbeName": "[variables('ilbName')]",
+ "ilbProbeID": "[resourceId('Microsoft.Network/loadBalancers/probes/', variables('ilbName'), variables('ilbProbeName'))]",
+ "linuxConfigurationpassword": {
+ "disablePasswordAuthentication": "false"
+ },
+ "appProbeName": "health_prob_port",
+ "linuxConfigurationsshPublicKey": {
+ "disablePasswordAuthentication": "true",
+ "ssh": {
+ "publicKeys": [
+ {
+ "keyData": "[parameters('sshPublicKey')]",
+ "path": "/home/notused/.ssh/authorized_keys"
+ }
+ ]
+ }
+ },
+ "linuxConfiguration": "[if(equals(parameters('authenticationType'), 'password'), variables('linuxConfigurationpassword'), variables('linuxConfigurationsshPublicKey'))]",
+ "planBYOL": {
+ "name": "sg-byol",
+ "product": "[variables('imageOffer')]",
+ "publisher": "[variables('imagePublisher')]"
+ },
+ "planNGTP": {
+ "name": "sg-ngtp",
+ "product": "[variables('imageOffer')]",
+ "publisher": "[variables('imagePublisher')]"
+ },
+ "planNGTP-V2": {
+ "name": "sg-ngtp-v2",
+ "product": "[variables('imageOffer')]",
+ "publisher": "[variables('imagePublisher')]"
+ },
+ "planNGTX": {
+ "name": "sg-ngtx",
+ "product": "[variables('imageOffer')]",
+ "publisher": "[variables('imagePublisher')]"
+ },
+ "planNGTX-V2": {
+ "name": "sg-ngtx-v2",
+ "product": "[variables('imageOffer')]",
+ "publisher": "[variables('imagePublisher')]"
+ },
+ "plan": "[if(equals(variables('offer'), 'BYOL') , variables('planBYOL'), if(equals(variables('offer'), 'NGTP'), variables('planNGTP'), if(equals(variables('offer'), 'NGTP-V2'), variables('planNGTP-V2'), if(equals(variables('offer'), 'NGTX'), variables('planNGTX'), if(equals(variables('offer'), 'NGTX-V2'), variables('planNGTX-V2'), json('null'))))))]",
+ "roleDefinitionIds": "[createArray(subscriptionResourceId('Microsoft.Authorization/roleDefinitions/', '9980e02c-c2be-4d73-94e8-173b1dc7cf3c'), subscriptionResourceId('Microsoft.Authorization/roleDefinitions/', 'acdd72a7-3385-48ef-bd42-f606fba81ae7'))]",
+ "identity": "[json('{\"type\": \"SystemAssigned\"}')]",
+ "subnet2PrivateAddresses": [
+ "[concat(split(parameters('subnet2StartAddress'), '.')[0],'.', split(parameters('subnet2StartAddress'), '.')[1],'.', split(parameters('subnet2StartAddress'), '.')[2],'.', string(add(int(split(parameters('subnet2StartAddress'), '.')[3]),1)))]",
+ "[concat(split(parameters('subnet2StartAddress'), '.')[0],'.', split(parameters('subnet2StartAddress'), '.')[1],'.', split(parameters('subnet2StartAddress'), '.')[2],'.', string(add(int(split(parameters('subnet2StartAddress'), '.')[3]),2)))]"
+ ],
+ "elbPublicIPId": "[resourceId('Microsoft.Network/publicIPAddresses', variables('elbPublicIPName'))]",
+ "haPublicIPId": "[resourceId('Microsoft.Network/publicIPAddresses', variables('haPublicIPName'))]",
+ "gwPublicIPIds": [
+ "[resourceId('Microsoft.Network/publicIPAddresses', concat(parameters('vmName'), '1'))]",
+ "[resourceId('Microsoft.Network/publicIPAddresses', concat(parameters('vmName'), '2'))]"
+ ],
+ "availabilitySetName": "[concat(parameters('vmName'), '-AvailabilitySet')]",
+ "count": 2,
+ "bootstrapScript64": "[base64(parameters('bootstrapScript'))]",
+ "allowUploadDownload": "[parameters('allowDownloadFromUploadToCheckPoint')]",
+ "_artifactsLocation": "[if(contains(parameters('_artifactsLocation'),'raw.githubusercontent.com/CheckPointSW/CloudGuardIaaS/master/azure/templates/marketplace'),'https://raw.githubusercontent.com/CheckPointSW/CloudGuardIaaS/master/azure/templates/',parameters('_artifactsLocation'))]",
+ "networkSetupURL": "[uri(variables('_artifactsLocation'), concat('nestedtemplates/vnet-2-subnet-ha2-', parameters('vnetNewOrExisting'), '.json', parameters('_artifactsLocationSasToken')))]",
+ "ExsitingNsgRoleAssignmentURL": "[uri(variables('_artifactsLocation'), concat('nestedtemplates/existing-nsg-RoleAssignment', '.json'))]",
+ "sicKey": "[parameters('sicKey')]",
+ "installationType": "cluster",
+ "internalLBPrivateIPAddress": "[parameters('Subnet2StartAddress')]",
+ "availabilityZonesLocations": [
+ "brazilsouth",
+ "canadacentral",
+ "centralus",
+ "eastus",
+ "eastus2",
+ "southcentralus",
+ "usgovvirginia",
+ "westus2",
+ "westus3",
+ "francecentral",
+ "germanywestcentral",
+ "northeurope",
+ "norwayeast",
+ "uksouth",
+ "westeurope",
+ "swedencentral",
+ "switzerlandnorth",
+ "qatarcentral",
+ "uaenorth",
+ "southafricanorth",
+ "australiaeast",
+ "centralindia",
+ "japaneast",
+ "koreacentral",
+ "southeastasia",
+ "eastasia",
+ "italynorth"
+ ],
+ "availabilitySetProperty": {
+ "id": "[resourceId('Microsoft.Compute/availabilitySets', variables('availabilitySetName'))]"
+ },
+ "useAZ": "[and(contains(variables('availabilityZonesLocations'), variables('location')), equals(parameters('availabilityOptions'), 'Availability Zones'))]",
+ "customMetrics": "[parameters('customMetrics')]",
+ "emptyString": "none",
+ "ipPrefixNewName": "[concat(parameters('vmName'), '-ipprefix')]",
+ "ipPrefixExistingResourceId": "[if(equals(parameters('publicIPPrefix'), 'yes'), parameters('ipPrefixExistingResourceId'), variables('emptyString'))]",
+ "ipNewPrefixId": "[resourceId('Microsoft.Network/publicIPPrefixes',variables('ipPrefixNewName'))]",
+ "publicIPNewPrefixId": "[if(equals(parameters('publicIPPrefix'), 'yes'), variables('ipNewPrefixId'), json('null'))]",
+ "usepublicIPPrefix": "[if(equals(parameters('createNewIPPrefix'),'yes'), variables('publicIPNewPrefixId'), variables('ipPrefixExistingResourceId'))]",
+ "publicIPPrefixProperty": {
+ "Id": "[variables('usepublicIPPrefix')]"
+ },
+ "tokens":[
+ "[parameters('smart1CloudTokenA')]",
+ "[parameters('smart1CloudTokenB')]"
+ ],
+ "prefixDependsOn": "[if(equals(parameters('publicIPPrefix'), 'yes'), if(equals(parameters('createNewIPPrefix'), 'yes'), variables('publicIPNewPrefixId'), variables('ipNewPrefixId')), variables('ipNewPrefixId'))]",
+ "deployNewVnet": "[equals(parameters('vnetNewOrExisting'), 'new')]",
+ "vnetRGName": "[if(variables('deployNewVnet'), resourceGroup().name, parameters('virtualNetworkExistingRGName'))]",
+ "NewNsgReference": {"id": "[resourceId('Microsoft.Network/networkSecurityGroups', parameters('NewNsgName'))]"},
+ "DefaultIpAddresses":
+ [{
+ "name": "member-ip",
+ "properties": {
+ "primary": true,
+ "privateIPAddress": "[variables('externalPrivateAddresses')[0]]",
+ "privateIPAllocationMethod": "Static",
+ "PublicIpAddress": {
+ "Id": "[variables('gwPublicIPIds')[0]]"
+ },
+ "subnet": {
+ "id": "[resourceId(variables('vnetRGName'), 'Microsoft.Network/virtualNetworks/subnets', parameters('virtualNetworkName'), parameters('subnet1Name'))]"
+ },
+ "loadBalancerBackendAddressPools": [
+ {
+ "id": "[variables('elbBEAddressPoolID')]"
+ }
+ ]
+ }
+ },
+ {
+ "name": "cluster-vip",
+ "properties": {
+ "primary": false,
+ "privateIPAddress": "[variables('externalPrivateAddresses')[2]]",
+ "privateIPAllocationMethod": "Static",
+ "PublicIpAddress": {
+ "Id": "[variables('haPublicIPId')]"
+ },
+ "subnet": {
+ "id": "[resourceId(variables('vnetRGName'), 'Microsoft.Network/virtualNetworks/subnets', parameters('virtualNetworkName'), parameters('subnet1Name'))]"
+ }
+ }
+ }],
+ "copy":
+ [
+ {
+ "name": "externalPrivateAddresses",
+ "count": "[add(variables('VIPs_Number'),2)]",
+ "input": "[concat(split(parameters('subnet1StartAddress'), '.')[0],'.', split(parameters('subnet1StartAddress'), '.')[1],'.', split(parameters('subnet1StartAddress'), '.')[2],'.', string(add(int(split(parameters('subnet1StartAddress'), '.')[3]),copyIndex('externalPrivateAddresses'))))]"
+ },
+ {
+ "name": "Vips",
+ "count": "[sub(variables('VIPs_Number'), 1)]",
+ "input": {
+ "name": "[concat('cluster-vip-', copyIndex('Vips', 1))]",
+ "properties": {
+ "primary": false,
+ "privateIPAddress": "[variables('externalPrivateAddresses')[add(copyIndex('Vips'), 3)]]",
+ "privateIPAllocationMethod": "Static",
+ "PublicIpAddress": {
+ "Id": "[resourceId('Microsoft.Network/publicIPAddresses', variables('Vip_Names')[copyIndex('Vips')])]"
+ },
+ "subnet": {
+ "id": "[resourceId(variables('vnetRGName'), 'Microsoft.Network/virtualNetworks/subnets', parameters('virtualNetworkName'), parameters('subnet1Name'))]"
+ }
+ }
+ }
+ },
+ {
+ "name": "VipsInformation",
+ "count": "[sub(variables('VIPs_Number'), 1)]",
+ "input": {
+ "name": "[concat('cluster-vip-', copyIndex('VipsInformation', 1))]",
+ "privateIPAddress": "[variables('externalPrivateAddresses')[add(copyIndex('VipsInformation'), 3)]]",
+ "publicIPAddress": "[variables('Vip_Names')[copyIndex('VipsInformation')]]"
+ }
+ },
+ {
+ "name": "customData",
+ "count": "[variables('count')]",
+ "input": "[concat('#!/usr/bin/python3 /etc/cloud_config.py\n', '\n', 'installationType=\"', variables('installationType'), '\"', '\n', 'allowUploadDownload=\"', variables('allowUploadDownload'), '\"', '\n', 'osVersion=\"', variables('osVersion'), '\"', '\n', 'templateName=\"', variables('templateName'), '\"', '\n', 'isBlink=\"', variables('isBlink'), '\"', '\n', 'templateVersion=\"', variables('templateVersion'), '\"', '\n', 'bootstrapScript64=\"', variables('bootstrapScript64'), '\"', '\n', 'location=\"', variables('location'), '\"', '\n', 'sicKey=\"', variables('sicKey'), '\"', '\n', 'location=\"', variables('location'), '\"', '\n', 'tenantId=\"', subscription().tenantId, '\"', '\n', 'virtualNetwork=\"', parameters('virtualNetworkName'), '\"', '\n', 'clusterName=\"', parameters('vmName'), '\"', '\n', 'customMetrics=\"', variables('customMetrics'), '\"', '\n', 'adminShell=\"', parameters('adminShell'), '\"', '\n', '\n','smart1CloudToken=\"', variables('tokens')[copyIndex('customData')], '\"', '\n', 'Vips=\"', string(variables('VipsInformationForCloudConfig')), '\"', '\n','externalPrivateAddresses=\"', variables('externalPrivateAddresses')[2], '\"', '\n', 'passwordHash=\"', parameters('SerialConsolePasswordHash'), '\"', '\n')]"
+ }
+ ],
+ "DefaultVipInformation": [
+ {
+ "name": "cluster-vip",
+ "privateIPAddress": "[variables('externalPrivateAddresses')[2]]",
+ "publicIPAddress": "[parameters('vmName')]"
+ }
+ ],
+ "VipsInformationForCloudConfig": "[union(variables('DefaultVipInformation'), variables('VipsInformation'))]"
+ },
+ "resources": [
+ {
+ "condition": "[and(equals(parameters('createNewIPPrefix'), 'yes'), equals(parameters('publicIPPrefix'), 'yes'))]",
+ "apiVersion": "2020-06-01",
+ "type": "Microsoft.Network/publicIPPrefixes",
+ "name": "[variables('ipPrefixNewName')]",
+ "location": "[variables('location')]",
+ "properties": {
+ "prefixLength": "[if(greater(variables('VIPs_Number'), 5), '28', if(greater(variables('VIPs_Number'), 1), '29', '30'))]",
+ "publicIPAddressVersion": "IPv4"
+ },
+ "sku": {
+ "name": "Standard",
+ "tier": "Regional"
+ },
+ "tags": "[ if(contains(parameters('tagsByResource'), 'Microsoft.Network/publicIPPrefixes'), parameters('tagsByResource')['Microsoft.Network/publicIPPrefixes'], json('{}')) ]"
+ },
+ {
+ "apiVersion": "2020-06-01",
+ "name": "pid-6f13b00a-7546-4ab2-be9f-c66815cc6c8b-partnercenter",
+ "type": "Microsoft.Resources/deployments",
+ "properties": {
+ "mode": "Incremental",
+ "template": {
+ "$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
+ "contentVersion": "1.0.0.0",
+ "resources": []
+ }
+ }
+ },
+ {
+ "type": "Microsoft.Storage/storageAccounts",
+ "name": "[variables('storageAccountName')]",
+ "apiVersion": "2022-09-01",
+ "properties": {
+ "supportsHttpsTrafficOnly": true,
+ "allowBlobPublicAccess": false,
+ "minimumTlsVersion": "TLS1_2",
+ "networkAcls": {
+ "bypass": "None",
+ "defaultAction": "[if(parameters('addStorageAccountIpRules'), 'Deny', 'Allow')]",
+ "ipRules": "[if(parameters('addStorageAccountIpRules'), map(variables('storageAccountIps'), lambda('ip',createObject('action','Allow','value',lambdaVariables('ip')))), createArray())]"
+ }
+ },
+ "location": "[variables('location')]",
+ "sku": {
+ "name": "[variables('storageAccountType')]"
+ },
+ "kind": "Storage",
+ "tags": "[ if(contains(parameters('tagsByResource'), 'Microsoft.Storage/storageAccounts'), parameters('tagsByResource')['Microsoft.Storage/storageAccounts'], json('{}')) ]"
+ },
+ {
+ "condition": "[equals(parameters('vnetNewOrExisting'), 'new')]",
+ "name": "networkNewSetup",
+ "type": "Microsoft.Resources/deployments",
+ "apiVersion": "2020-06-01",
+ "properties": {
+ "mode": "Incremental",
+ "templateLink": {
+ "uri": "[variables('networkSetupURL')]",
+ "contentVersion": "1.0.0.0"
+ },
+ "parameters": {
+ "location": {
+ "value": "[variables('location')]"
+ },
+ "virtualNetworkName": {
+ "value": "[parameters('virtualNetworkName')]"
+ },
+ "virtualNetworkAddressPrefixes": {
+ "value": "[parameters('virtualNetworkAddressPrefixes')]"
+ },
+ "subnet1Name": {
+ "value": "[parameters('subnet1Name')]"
+ },
+ "subnet1Prefix": {
+ "value": "[parameters('subnet1Prefix')]"
+ },
+ "subnet2Name": {
+ "value": "[parameters('subnet2Name')]"
+ },
+ "subnet2Prefix": {
+ "value": "[parameters('subnet2Prefix')]"
+ },
+ "deployNsg": {
+ "value": "[parameters('deployNewNSG')]"
+ },
+ "NewNsgName":
+ {
+ "value":"[parameters('NewNsgName')]"
+ },
+ "tagsByResource": {
+ "value": "[parameters('tagsByResource')]"
+ }
+ }
+ }
+ },
+ {
+ "condition": "[equals(parameters('vnetNewOrExisting'), 'existing')]",
+ "name": "networkExistingSetup",
+ "type": "Microsoft.Resources/deployments",
+ "apiVersion": "2020-06-01",
+ "properties": {
+ "mode": "Incremental",
+ "templateLink": {
+ "uri": "[variables('networkSetupURL')]",
+ "contentVersion": "1.0.0.0"
+ },
+ "parameters": {
+ "location": {
+ "value": "[variables('location')]"
+ },
+ "virtualNetworkName": {
+ "value": "[parameters('virtualNetworkName')]"
+ },
+ "virtualNetworkExistingRGName": {
+ "value": "[variables('vnetRGName')]"
+ },
+ "deployNsg": {
+ "value": "[parameters('deployNewNSG')]"
+ },
+ "NewNsgName":
+ {
+ "value":"[parameters('NewNsgName')]"
+ },
+ "tagsByResource": {
+ "value": "[parameters('tagsByResource')]"
+ }
+ }
+ }
+ },
+ {
+ "type": "Microsoft.Compute/availabilitySets",
+ "condition": "[not(variables('useAZ'))]",
+ "apiVersion": "2020-06-01",
+ "location": "[variables('location')]",
+ "name": "[concat(variables('availabilitySetName'))]",
+ "properties": {
+ "platformFaultDomainCount": 2
+ },
+ "sku": {
+ "name": "Aligned"
+ },
+ "tags": "[ if(contains(parameters('tagsByResource'), 'Microsoft.Compute/availabilitySets'), parameters('tagsByResource')['Microsoft.Compute/availabilitySets'], json('{}')) ]"
+ },
+ {
+ "type": "Microsoft.Network/publicIPAddresses",
+ "apiVersion": "2020-06-01",
+ "dependsOn": [
+ "[variables('prefixDependsOn')]"
+ ],
+ "location": "[variables('location')]",
+ "name": "[variables('elbPublicIPName')]",
+ "sku": {
+ "name": "Standard"
+ },
+ "properties": {
+ "idleTimeoutInMinutes": 30,
+ "publicIPAllocationMethod": "Static",
+ "dnsSettings": {
+ "domainNameLabel": "[concat(toLower(parameters('vmName')), '-', uniquestring(resourceGroup().id, deployment().name))]"
+ },
+ "publicIPPrefix": "[if(equals(parameters('publicIPPrefix'), 'yes'), variables('publicIPPrefixProperty'), json('null'))]"
+ },
+ "tags": "[ if(contains(parameters('tagsByResource'), 'Microsoft.Network/publicIPAddresses'), parameters('tagsByResource')['Microsoft.Network/publicIPAddresses'], json('{}')) ]"
+ },
+ {
+ "type": "Microsoft.Network/publicIPAddresses",
+ "apiVersion": "2020-06-01",
+ "dependsOn": [
+ "[variables('prefixDependsOn')]"
+ ],
+ "location": "[variables('location')]",
+ "name": "[concat(parameters('vmName'), copyIndex(1))]",
+ "sku": {
+ "name": "Standard"
+ },
+ "copy": {
+ "name": "publicAddressCopy",
+ "count": "[variables('count')]"
+ },
+ "properties": {
+ "idleTimeoutInMinutes": 30,
+ "publicIPAllocationMethod": "Static",
+ "dnsSettings": {
+ "domainNameLabel": "[concat(toLower(parameters('vmName')), '-', copyIndex(1), '-', uniquestring(resourceGroup().id, deployment().name))]"
+ },
+ "publicIPPrefix": "[if(equals(parameters('publicIPPrefix'), 'yes'), variables('publicIPPrefixProperty'), json('null'))]"
+ },
+ "tags": "[ if(contains(parameters('tagsByResource'), 'Microsoft.Network/publicIPAddresses'), parameters('tagsByResource')['Microsoft.Network/publicIPAddresses'], json('{}')) ]"
+ },
+ {
+ "type": "Microsoft.Network/publicIPAddresses",
+ "apiVersion": "2020-06-01",
+ "dependsOn": [
+ "[variables('prefixDependsOn')]"
+ ],
+ "location": "[variables('location')]",
+ "name": "[parameters('vmName')]",
+ "sku": {
+ "name": "Standard"
+ },
+ "properties": {
+ "idleTimeoutInMinutes": 30,
+ "publicIPAllocationMethod": "Static",
+ "dnsSettings": {
+ "domainNameLabel": "[concat(toLower(parameters('vmName')), '-vip-', uniquestring(resourceGroup().id, deployment().name))]"
+ },
+ "publicIPPrefix": "[if(equals(parameters('publicIPPrefix'), 'yes'), variables('publicIPPrefixProperty'), json('null'))]"
+ },
+ "tags": "[ if(contains(parameters('tagsByResource'), 'Microsoft.Network/publicIPAddresses'), parameters('tagsByResource')['Microsoft.Network/publicIPAddresses'], json('{}')) ]"
+ },
+ {
+ "type": "Microsoft.Network/publicIPAddresses",
+ "apiVersion": "2020-06-01",
+ "dependsOn": [
+ "[variables('prefixDependsOn')]"
+ ],
+ "location": "[variables('location')]",
+ "name": "[variables('Vip_Names')[copyIndex()]]",
+ "sku": {
+ "name": "Standard"
+ },
+ "copy": {
+ "name": "publicVipCopy",
+ "count": "[sub(variables('VIPs_Number'), 1)]"
+ },
+ "properties": {
+ "idleTimeoutInMinutes": 30,
+ "publicIPAllocationMethod": "Static",
+ "dnsSettings": {
+ "domainNameLabel": "[concat(toLower(parameters('vmName')), 'vip', copyIndex(1), '-', uniquestring(resourceGroup().id, deployment().name))]"
+ },
+ "publicIPPrefix": "[if(equals(parameters('publicIPPrefix'), 'yes'), variables('publicIPPrefixProperty'), json('null'))]"
+ },
+ "tags": "[ if(contains(parameters('tagsByResource'), 'Microsoft.Network/publicIPAddresses'), parameters('tagsByResource')['Microsoft.Network/publicIPAddresses'], json('{}')) ]"
+ },
+ {
+ "type": "Microsoft.Network/networkInterfaces",
+ "apiVersion": "2020-06-01",
+ "dependsOn": [
+ "[coalesce(resourceId('Microsoft.Resources/deployments', 'networkNewSetup'), resourceId('Microsoft.Resources/deployments', 'networkExistingSetup'))]",
+ "[variables('elbId')]",
+ "[variables('gwPublicIPIds')[0]]",
+ "[variables('haPublicIPId')]"
+ ],
+ "location": "[variables('location')]",
+ "name": "[concat(parameters('vmName'), '1-', variables('nic1Name'))]",
+ "properties": {
+ "primary": true,
+ "enableIPForwarding": true,
+ "enableAcceleratedNetworking": true,
+ "networkSecurityGroup":"[if(parameters('deployNewNSG') , variables('NewNsgReference') , parameters('ExistingNSG'))]",
+ "ipConfigurations":"[union(variables('DefaultIpAddresses'),variables('Vips'))]"
+ },
+ "tags": "[ if(contains(parameters('tagsByResource'), 'Microsoft.Network/networkInterfaces'), parameters('tagsByResource')['Microsoft.Network/networkInterfaces'], json('{}')) ]"
+ },
+ {
+ "type": "Microsoft.Network/networkInterfaces",
+ "apiVersion": "2020-06-01",
+ "dependsOn": [
+ "[coalesce(resourceId('Microsoft.Resources/deployments', 'networkNewSetup'), resourceId('Microsoft.Resources/deployments', 'networkExistingSetup'))]",
+ "[variables('elbId')]",
+ "[variables('gwPublicIPIds')[1]]"
+ ],
+ "location": "[variables('location')]",
+ "name": "[concat(parameters('vmName'), '2-', variables('nic1Name'))]",
+ "properties": {
+ "primary": true,
+ "enableIPForwarding": true,
+ "enableAcceleratedNetworking": true,
+ "networkSecurityGroup":"[if(parameters('deployNewNSG') , variables('NewNsgReference') , parameters('ExistingNSG'))]",
+ "ipConfigurations": [
+ {
+ "name": "member-ip",
+ "properties": {
+ "primary": true,
+ "privateIPAddress": "[variables('externalPrivateAddresses')[1]]",
+ "privateIPAllocationMethod": "Static",
+ "PublicIpAddress": {
+ "Id": "[variables('gwPublicIPIds')[1]]"
+ },
+ "subnet": {
+ "id": "[resourceId(variables('vnetRGName'), 'Microsoft.Network/virtualNetworks/subnets', parameters('virtualNetworkName'), parameters('subnet1Name'))]"
+ },
+ "loadBalancerBackendAddressPools": [
+ {
+ "id": "[variables('elbBEAddressPoolID')]"
+ }
+ ]
+ }
+ }
+ ]
+ },
+ "tags": "[ if(contains(parameters('tagsByResource'), 'Microsoft.Network/networkInterfaces'), parameters('tagsByResource')['Microsoft.Network/networkInterfaces'], json('{}')) ]"
+ },
+ {
+ "type": "Microsoft.Network/networkInterfaces",
+ "apiVersion": "2020-06-01",
+ "dependsOn": [
+ "[coalesce(resourceId('Microsoft.Resources/deployments', 'networkNewSetup'), resourceId('Microsoft.Resources/deployments', 'networkExistingSetup'))]",
+ "[variables('ilbId')]"
+ ],
+ "location": "[variables('location')]",
+ "name": "[concat(parameters('vmName'), copyIndex(1), '-', variables('nic2Name'))]",
+ "copy": {
+ "name": "internalNicCopy",
+ "count": "[variables('count')]"
+ },
+ "properties": {
+ "primary": false,
+ "enableIPForwarding": true,
+ "enableAcceleratedNetworking": true,
+ "ipConfigurations": [
+ {
+ "name": "member-ip",
+ "properties": {
+ "primary": true,
+ "privateIPAddress": "[variables('subnet2PrivateAddresses')[copyIndex()]]",
+ "privateIPAllocationMethod": "Static",
+ "subnet": {
+ "id": "[resourceId(variables('vnetRGName'), 'Microsoft.Network/virtualNetworks/subnets', parameters('virtualNetworkName'), parameters('subnet2Name'))]"
+ },
+ "loadBalancerBackendAddressPools": [
+ {
+ "id": "[variables('ilbBEAddressPoolID')]"
+ }
+ ]
+ }
+ }
+ ]
+ },
+ "tags": "[ if(contains(parameters('tagsByResource'), 'Microsoft.Network/networkInterfaces'), parameters('tagsByResource')['Microsoft.Network/networkInterfaces'], json('{}')) ]"
+ },
+ {
+ "condition": "[not(equals(parameters('sourceImageVhdUri'), 'noCustomUri'))]",
+ "type": "Microsoft.Compute/images",
+ "apiVersion": "2020-06-01",
+ "name": "[variables('customImage')]",
+ "location": "[variables('location')]",
+ "properties": {
+ "storageProfile": {
+ "osDisk": {
+ "osType": "Linux",
+ "osState": "Generalized",
+ "blobUri": "[parameters('sourceImageVhdUri')]",
+ "storageAccountType": "Standard_LRS"
+ }
+ },
+ "hyperVGeneration": "V1"
+ },
+ "tags": "[ if(contains(parameters('tagsByResource'), 'Microsoft.Compute/images'), parameters('tagsByResource')['Microsoft.Compute/images'], json('{}')) ]"
+ },
+ {
+ "type": "Microsoft.Compute/virtualMachines",
+ "apiVersion": "2022-11-01",
+ "dependsOn": [
+ "[resourceId('Microsoft.Storage/storageAccounts', variables('storageAccountName'))]",
+ "[resourceId('Microsoft.Compute/availabilitySets', variables('availabilitySetName'))]",
+ "[resourceId('Microsoft.Network/networkInterfaces', concat(parameters('vmName'), copyIndex(1), '-', variables('nic1Name')))]",
+ "[resourceId('Microsoft.Network/networkInterfaces', concat(parameters('vmName'), copyIndex(1), '-', variables('nic2Name')))]",
+ "[resourceId('Microsoft.Compute/images/', variables('customImage'))]"
+ ],
+ "location": "[variables('location')]",
+ "name": "[concat(parameters('vmName'), copyIndex(1))]",
+ "zones": "[if(variables('useAZ'), array(copyIndex(1)), json('null'))]",
+ "copy": {
+ "name": "virtualMachineCopy",
+ "count": "[variables('count')]"
+ },
+ "plan": "[if(equals(parameters('sourceImageVhdUri'),'noCustomUri'), variables('plan'), json('null'))]",
+ "identity": "[if(equals(parameters('managedSystemAssigned'), 'yes'), variables('identity'), json('null'))]",
+ "properties": {
+ "UserData": "[base64(concat(variables('customData')[copyIndex()], 'vnet=\"', if(equals(parameters('vnetNewOrExisting'), 'new'), reference('networkNewSetup').outputs.vnetAddressPrefixes.value[0], reference('networkExistingSetup').outputs.vnetAddressPrefixes.value[0]), '\"', '\n'))]",
+ "availabilitySet": "[if(not(variables('useAZ')), variables('availabilitySetProperty'), json('null'))]",
+ "diagnosticsProfile": {
+ "bootDiagnostics": {
+ "enabled": "true",
+ "storageUri": "[reference(resourceId('Microsoft.Storage/storageAccounts/', variables('storageAccountName')), '2022-09-01').primaryEndpoints.blob]"
+ }
+ },
+ "hardwareProfile": {
+ "vmSize": "[parameters('vmSize')]"
+ },
+ "networkProfile": {
+ "networkInterfaces": [
+ {
+ "id": "[resourceId('Microsoft.Network/networkInterfaces', concat(parameters('vmName'), copyIndex(1), '-', variables('nic1Name')))]",
+ "properties": {
+ "primary": true
+ }
+ },
+ {
+ "id": "[resourceId('Microsoft.Network/networkInterfaces', concat(parameters('vmName'), copyIndex(1), '-', variables('nic2Name')))]",
+ "properties": {
+ "primary": false
+ }
+ }
+ ]
+ },
+ "osProfile": {
+ "adminPassword": "[parameters('adminPassword')]",
+ "adminUsername": "[concat('not','used')]",
+ "computername": "[concat(toLower(parameters('vmName')), copyIndex(1))]",
+ "customData": "[base64(concat(variables('customData')[copyIndex()], 'vnet=\"', if(equals(parameters('vnetNewOrExisting'), 'new'), reference('networkNewSetup').outputs.vnetAddressPrefixes.value[0], reference('networkExistingSetup').outputs.vnetAddressPrefixes.value[0]), '\"', '\n'))]",
+ "linuxConfiguration": "[variables('linuxConfiguration')]"
+ },
+ "storageProfile": {
+ "imageReference": "[variables('imageReference')]",
+ "osDisk": {
+ "caching": "ReadWrite",
+ "createOption": "FromImage",
+ "diskSizeGB": "[variables('diskSizeGB')]",
+ "name": "[concat(parameters('vmName'), copyIndex(1))]",
+ "managedDisk": {
+ "storageAccountType": "[parameters('diskType')]"
+ }
+ }
+ }
+ },
+ "tags": "[ if(contains(parameters('tagsByResource'), 'Microsoft.Compute/virtualMachines'), parameters('tagsByResource')['Microsoft.Compute/virtualMachines'], json('{}')) ]"
+ },
+ {
+ "type": "Microsoft.Network/loadBalancers",
+ "apiVersion": "2020-06-01",
+ "dependsOn": [
+ "[variables('elbPublicIPId')]"
+ ],
+ "name": "[variables('elbName')]",
+ "location": "[variables('location')]",
+ "sku": {
+ "name": "Standard"
+ },
+ "properties": {
+ "frontendIPConfigurations": [
+ {
+ "name": "LoadBalancerFrontend",
+ "properties": {
+ "publicIPAddress": {
+ "id": "[variables('elbPublicIPId')]",
+ "publicIPPrefix": {
+ "id": "[if(equals(parameters('publicIPPrefix'), 'yes'), variables('usepublicIPPrefix'), json('null'))]"
+ }
+ }
+ }
+ }
+ ],
+ "backendAddressPools": [
+ {
+ "name": "[variables('elbBEAddressPool')]"
+ }
+ ],
+ "probes": [
+ {
+ "name": "[variables('appProbeName')]",
+ "properties": {
+ "protocol": "tcp",
+ "port": 8117,
+ "intervalInSeconds": 5,
+ "numberOfProbes": 2
+ }
+ }
+ ]
+ },
+ "tags": "[ if(contains(parameters('tagsByResource'), 'Microsoft.Network/loadBalancers'), parameters('tagsByResource')['Microsoft.Network/loadBalancers'], json('{}')) ]"
+ },
+ {
+ "condition": "[equals(parameters('managedSystemAssigned'), 'yes')]",
+ "type": "Microsoft.Authorization/roleAssignments",
+ "apiVersion": "2020-04-01-preview",
+ "name": "[guid(resourceGroup().id, concat(parameters('vmName'), copyIndex(1)))]",
+ "copy": {
+ "name": "virtualMachineCopy",
+ "count": "[mul(length(variables('roleDefinitionIds')), variables('count'))]"
+ },
+ "dependsOn": [
+ "[resourceId('Microsoft.Compute/virtualMachines/', concat(parameters('vmName'), if(equals(mod(copyIndex(1), 2), 1), '1', '2')))]"
+ ],
+ "properties": {
+ "roleDefinitionId": "[variables('roleDefinitionIds')[if(greater(copyIndex(1), 2), 1, 0)]]",
+ "scope": "[resourceGroup().id]",
+ "principalId": "[reference(resourceId('Microsoft.Compute/virtualMachines/', concat(parameters('vmName'), if(equals(mod(copyIndex(1), 2), 1), '1', '2'))), '2022-11-01', 'Full').identity.principalId]"
+ },
+ "tags": "[ if(contains(parameters('tagsByResource'), 'Microsoft.Authorization/roleAssignments'), parameters('tagsByResource')['Microsoft.Authorization/roleAssignments'], json('{}')) ]"
+ },
+ {
+ "condition": "[and(equals(parameters('managedSystemAssigned'), 'yes'), not(parameters('deployNewNSG')))]",
+ "dependsOn": ["[resourceId('Microsoft.Compute/virtualMachines/', concat(parameters('vmName'), '1'))]"],
+ "name": "[concat('ExistingNsgRoleAssignment', copyIndex())]",
+ "copy": {
+ "name": "ExistingNsgRoleAssignmentCopy",
+ "count": "[length(variables('roleDefinitionIds'))]"
+ },
+ "type": "Microsoft.Resources/deployments",
+ "apiVersion": "2021-04-01",
+ "resourceGroup": "[if(not(parameters('deployNewNSG')), split(parameters('ExistingNSG').id, '/')[4], '')]",
+ "subscriptionId": "[subscription().subscriptionId]",
+ "properties": {
+ "mode": "Incremental",
+ "templateLink": {
+ "uri": "[variables('ExsitingNsgRoleAssignmentURL')]",
+ "contentVersion": "1.0.0.0"
+ },
+ "parameters": {
+ "ExistingNSG": {
+ "value": "[parameters('ExistingNSG')]"
+ },
+ "vmName": {
+ "value": "[parameters('vmName')]"
+ },
+ "roleDefinitionId": {
+ "value": "[variables('roleDefinitionIds')[copyIndex()]]"
+ },
+ "principalId1": {
+ "value": "[reference(resourceId('Microsoft.Compute/virtualMachines/', concat(parameters('vmName'), '1')), '2022-11-01', 'Full').identity.principalId]"
+ },
+ "principalId2": {
+ "value": "[reference(resourceId('Microsoft.Compute/virtualMachines/', concat(parameters('vmName'), '2')), '2022-11-01', 'Full').identity.principalId]"
+ },
+ "index": {
+ "value": "[copyIndex()]"
+ }
+ }
+ }
+ },
+ {
+ "type": "Microsoft.Network/loadBalancers",
+ "apiVersion": "2020-06-01",
+ "dependsOn": [
+ "[coalesce(resourceId('Microsoft.Resources/deployments', 'networkNewSetup'), resourceId('Microsoft.Resources/deployments', 'networkExistingSetup'))]"
+ ],
+ "name": "[variables('ilbName')]",
+ "location": "[variables('location')]",
+ "sku": {
+ "name": "Standard"
+ },
+ "properties": {
+ "frontendIPConfigurations": [
+ {
+ "name": "[variables('ilbName')]",
+ "properties": {
+ "privateIPAllocationMethod": "Static",
+ "privateIPAddress": "[variables('internalLBPrivateIPAddress')]",
+ "subnet": {
+ "id": "[resourceId(variables('vnetRGName'), 'Microsoft.Network/virtualNetworks/subnets', parameters('virtualNetworkName'), parameters('subnet2Name'))]"
+ }
+ }
+ }
+ ],
+ "backendAddressPools": [
+ {
+ "name": "[variables('ilbBEAddressPool')]"
+ }
+ ],
+ "loadBalancingRules": [
+ {
+ "name": "[variables('ilbName')]",
+ "properties": {
+ "frontendIPConfiguration": {
+ "id": "[variables('ilbFEIPConfigID')]"
+ },
+ "backendAddressPool": {
+ "id": "[variables('ilbBEAddressPoolID')]"
+ },
+ "probe": {
+ "id": "[variables('ilbProbeID')]"
+ },
+ "protocol": "All",
+ "frontendPort": 0,
+ "backendPort": 0,
+ "loadDistribution": "Default",
+ "enableFloatingIP": "[variables('enableFloatingIP')]"
+ }
+ }
+ ],
+ "probes": [
+ {
+ "name": "[variables('ilbProbeName')]",
+ "properties": {
+ "protocol": "tcp",
+ "port": 8117,
+ "intervalInSeconds": 5,
+ "numberOfProbes": 2
+ }
+ }
+ ]
+ },
+ "tags": "[ if(contains(parameters('tagsByResource'), 'Microsoft.Network/loadBalancers'), parameters('tagsByResource')['Microsoft.Network/loadBalancers'], json('{}')) ]"
+ }
+ ],
+ "outputs": {
+ "HaIPAddr": {
+ "type": "string",
+ "value": "[reference(variables('haPublicIPId')).IpAddress]"
+ },
+ "HaFQDN": {
+ "type": "string",
+ "value": "[reference(variables('haPublicIPId')).dnsSettings.fqdn]"
+ },
+ "Member1IPAddr": {
+ "type": "string",
+ "value": "[reference(variables('gwPublicIPIds')[0]).IpAddress]"
+ },
+ "Member1FQDN": {
+ "type": "string",
+ "value": "[reference(variables('gwPublicIPIds')[0]).dnsSettings.fqdn]"
+ },
+ "Member2IPAddr": {
+ "type": "string",
+ "value": "[reference(variables('gwPublicIPIds')[1]).IpAddress]"
+ },
+ "Member2FQDN": {
+ "type": "string",
+ "value": "[reference(variables('gwPublicIPIds')[1]).dnsSettings.fqdn]"
+ }
+ }
+}
diff --git a/deprecated/azure/templates/R8040-R81/mds-r8040-r81/README.md b/deprecated/azure/templates/R8040-R81/mds-r8040-r81/README.md
new file mode 100644
index 00000000..83bf14c5
--- /dev/null
+++ b/deprecated/azure/templates/R8040-R81/mds-r8040-r81/README.md
@@ -0,0 +1,21 @@
+# Check Point CloudGuard Network Security MDS for Azure
+
+Check Point CloudGuard Network Security delivers advanced, multi-layered threat prevention to protect customer assets in Azure from malware and sophisticated threats. As a Microsoft Azure certified solution, CloudGuard Network Security enables you to easily and seamlessly secure your workloads while providing secure connectivity across your cloud and on-premises environments.
+
+Benefits:
+
+· Advanced threat prevention and traffic inspection
+
+· Integrated with Azure Security Center and Azure Sentinel
+
+· Provides consistent security policy management, enforcement, and reporting with a single pane of glass, using Check Point Unified Security Management
+
+
+
+
+
+
+
+To deploy with full control over all the template options use: [Full Control Deployment](https://portal.azure.com/#create/Microsoft.Template/uri/https%3A%2F%2Fraw.githubusercontent.com%2FCheckPointSW%2FCloudGuardIaaS%2Fmaster%2Fazure%2Ftemplates%2Fmarketplace-mds%2FmainTemplate.json)
+
+
diff --git a/deprecated/azure/templates/R8040-R81/mds-r8040-r81/createUiDefinition.json b/deprecated/azure/templates/R8040-R81/mds-r8040-r81/createUiDefinition.json
new file mode 100644
index 00000000..cb81c79e
--- /dev/null
+++ b/deprecated/azure/templates/R8040-R81/mds-r8040-r81/createUiDefinition.json
@@ -0,0 +1,589 @@
+{
+ "$schema": "https://schema.management.azure.com/schemas/0.1.2-preview/CreateUIDefinition.MultiVm.json#",
+ "handler": "Microsoft.Compute.MultiVm",
+ "version": "0.1.2-preview",
+ "parameters": {
+ "basics": [
+ {
+ "name": "CloudGuard MDS deployment guide",
+ "type": "Microsoft.Common.TextBlock",
+ "visible": true,
+ "options": {
+ "text": "Please follow the Check Point MDS Deployment for Azure.",
+ "link": {
+ "label": "MDS Deployment Guide",
+ "uri": "https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk154436&partition=Basic&product=CloudGuard"
+ }
+ }
+ },
+ {
+ "name": "gatewayNameUi",
+ "type": "Microsoft.Common.TextBox",
+ "label": "Server Name",
+ "toolTip": "The name of the Check Point Multi-Domain Server.",
+ "constraints": {
+ "required": true,
+ "regex": "^[a-z0-9A-Z]{1,30}$",
+ "validationMessage": "Only alphanumeric characters are allowed, and the name must be 1-30 characters long."
+ }
+ },
+ {
+ "name": "auth",
+ "type": "Microsoft.Compute.CredentialsCombo",
+ "label": {
+ "authenticationType": "Authentication type",
+ "password": "Password",
+ "confirmPassword": "Confirm password",
+ "sshPublicKey": "SSH public key"
+ },
+ "toolTip": {
+ "password": "The user 'admin' password",
+ "sshPublicKey": "Paste an OpenSSH public key. You can generate a key pair using ssh-keygen (Linux, OS X, Cygwin) or PuttyGen (Windows)"
+ },
+ "constraints": {
+ "required": true
+ },
+ "options": {
+ "hideConfirmation": false,
+ "hidePassword": false
+ },
+ "osPlatform": "Linux"
+ }
+ ],
+ "steps": [
+ {
+ "name": "chkp",
+ "label": "Check Point Multi-Domain Server settings",
+ "subLabel": {
+ "preValidation": "Configure additional settings",
+ "postValidation": "Done"
+ },
+ "bladeTitle": "Multi-Domain Server settings",
+ "elements": [
+ {
+ "name": "cloudGuardVersion",
+ "type": "Microsoft.Common.DropDown",
+ "label": "Check Point CloudGuard version",
+ "defaultValue": "R81",
+ "toolTip": "The version of Check Point CloudGuard.",
+ "constraints": {
+ "allowedValues": [
+ {
+ "label": "R80.40",
+ "value": "R80.40"
+ },
+ {
+ "label": "R81",
+ "value": "R81"
+ }
+ ]
+ }
+ },
+ {
+ "name": "R80Offer",
+ "type": "Microsoft.Common.DropDown",
+ "label": "License type",
+ "toolTip": "The type of license.",
+ "defaultValue": "Bring Your Own License",
+ "visible": true,
+ "constraints": {
+ "allowedValues": [
+ {
+ "label": "Bring Your Own License",
+ "value": "Bring Your Own License"
+ }
+ ]
+ }
+ },
+ {
+ "name": "R8040vmSizeUiBYOL",
+ "type": "Microsoft.Compute.SizeSelector",
+ "visible": "[and(equals(steps('chkp').cloudGuardVersion, 'R80.40'), contains(steps('chkp').R80Offer, 'Bring Your Own License'))]",
+ "label": "Virtual machine size",
+ "toolTip": "The VM size. Minimum of 16 cores and 64 GB RAM is required.",
+ "recommendedSizes": [
+ "Standard_DS5_v2",
+ "Standard_DS15_v2"
+ ],
+ "constraints": {
+ "excludedSizes": [
+ "Standard_A1_v2",
+ "Standard_D1_v2",
+ "Standard_DS1_v2",
+ "Standard_F1",
+ "Standard_F1s",
+ "Standard_G1",
+ "Standard_GS1"
+ ]
+ },
+ "osPlatform": "Linux",
+ "imageReference": {
+ "publisher": "checkpoint",
+ "offer": "check-point-cg-r8040",
+ "sku": "mgmt-byol"
+ },
+ "count": 1
+ },
+ {
+ "name": "R81vmSizeUiBYOL",
+ "type": "Microsoft.Compute.SizeSelector",
+ "visible": "[and(equals(steps('chkp').cloudGuardVersion, 'R81'), contains(steps('chkp').R80Offer, 'Bring Your Own License'))]",
+ "label": "Virtual machine size",
+ "toolTip": "The VM size. Minimum of 16 cores and 64 GB RAM is required.",
+ "recommendedSizes": [
+ "Standard_DS5_v2",
+ "Standard_DS15_v2"
+ ],
+ "constraints": {
+ "excludedSizes": [
+ "Standard_A1_v2",
+ "Standard_D1_v2",
+ "Standard_DS1_v2",
+ "Standard_F1",
+ "Standard_F1s",
+ "Standard_G1",
+ "Standard_GS1"
+ ]
+ },
+ "osPlatform": "Linux",
+ "imageReference": {
+ "publisher": "checkpoint",
+ "offer": "check-point-cg-r81",
+ "sku": "mgmt-byol"
+ },
+ "count": 1
+ },
+ {
+ "name": "installationType",
+ "type": "Microsoft.Common.DropDown",
+ "label": "Installation type",
+ "defaultValue": "Primary Multi-Domain Server",
+ "toolTip": "Select the type of deployment",
+ "constraints": {
+ "allowedValues": [
+ {
+ "label": "Primary Multi-Domain Server",
+ "value": "mds-primary"
+ },
+ {
+ "label": "Secondary Multi-Domain Server",
+ "value": "mds-secondary"
+ },
+ {
+ "label": "Multi-Domain Log Server",
+ "value": "mds-logserver"
+ }
+ ]
+ }
+ },
+ {
+ "name": "SerialPasswordInfoBox",
+ "type": "Microsoft.Common.InfoBox",
+ "visible": "[bool(basics('auth').sshPublicKey)]",
+ "options": {
+ "icon": "Info",
+ "text": "Check Point recommends setting serial console password and maintenance-mode password for recovery purposes. For R81.10 and below the serial console password is used also as maintenance-mode password"
+ }
+ },
+ {
+ "visible": "[bool(basics('auth').sshPublicKey)]",
+ "name": "EnableSerialConsolePassword",
+ "type": "Microsoft.Common.OptionsGroup",
+ "label": "Enable Serial console password",
+ "defaultValue": "Yes",
+ "toolTip": "A unique password hash to enable VM connection via serial console.",
+ "constraints": {
+ "allowedValues": [
+ {
+ "label": "Yes",
+ "value": true
+ },
+ {
+ "label": "No",
+ "value": false
+ }
+ ]
+ }
+ },
+ {
+ "name": "AdditionalPassword",
+ "type": "Microsoft.Common.PasswordBox",
+ "toolTip": "Serial console password hash, used to enable password authentication (using serial console). To generate password hash use the command 'openssl passwd -6 PASSWORD'",
+ "visible": "[and(bool(basics('auth').sshPublicKey), steps('chkp').EnableSerialConsolePassword)]",
+ "label": {
+ "password": "Password hash",
+ "confirmPassword": "Confirm password"
+ },
+ "constraints": {
+ "required": true,
+ "regex": "^.{12,300}$",
+ "validationMessage": "The value must be the output of the hash command."
+ },
+ "options": {
+ "hideConfirmation": false
+ }
+ },
+ {
+ "name": "adminShell",
+ "type": "Microsoft.Common.DropDown",
+ "label": "Default shell for the admin user",
+ "defaultValue": "/etc/cli.sh",
+ "toolTip": "The default shell for the admin user",
+ "constraints": {
+ "allowedValues": [
+ {
+ "label": "/etc/cli.sh",
+ "value": "/etc/cli.sh"
+ },
+ {
+ "label": "/bin/bash",
+ "value": "/bin/bash"
+ },
+ {
+ "label": "/bin/csh",
+ "value": "/bin/csh"
+ },
+ {
+ "label": "/bin/tcsh",
+ "value": "/bin/tcsh"
+ }
+ ]
+ }
+ },
+ {
+ "name": "managementGUIClientNetwork",
+ "type": "Microsoft.Common.TextBox",
+ "label": "Allowed GUI clients",
+ "toolTip": "GUI clients network CIDR",
+ "constraints": {
+ "required": true,
+ "regex": "(^0\\.0\\.0\\.0\\/0$)|(^(?!0\\.0\\.0\\.0$)(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\\/32)?$)",
+ "validationMessage": "Enter a valid IPv4 network CIDR (only 0.0.0.0/0, X.X.X.X/32 or X.X.X.X are acceptable)"
+ },
+ "visible": true
+ },
+ {
+ "name": "sicKeyUi",
+ "type": "Microsoft.Common.PasswordBox",
+ "label": {
+ "password": "SIC key",
+ "confirmPassword": "Confirm SIC key"
+ },
+ "toolTip": "Set the Secure Internal Communication one time secret used to set up trust between the primary and secondary servers. SIC key must be provided if installing a secondary Multi-Domain Server.",
+ "constraints": {
+ "required": true,
+ "regex": "^[a-z0-9A-Z]{12,30}$",
+ "validationMessage": "Only alphanumeric characters are allowed, and the value must be 12-30 characters long."
+ },
+ "options": {
+ "hideConfirmation": false
+ },
+ "visible": "[not(equals(steps('chkp').installationType, 'mds-primary'))]"
+ },
+ {
+ "name": "bootstrapScript",
+ "type": "Microsoft.Common.FileUpload",
+ "label": "Bootstrap script",
+ "toolTip": "An optional script to run on the initial boot",
+ "constraints": {
+ "required": false,
+ "accept": ".sh,text/plain"
+ },
+ "options": {
+ "multiple": false,
+ "uploadMode": "file",
+ "openMode": "text",
+ "encoding": "UTF-8"
+ }
+ },
+ {
+ "name": "allowUploadDownload",
+ "type": "Microsoft.Common.OptionsGroup",
+ "label": "Automatically download updates and share statistical data for product improvement purpose",
+ "defaultValue": "Yes",
+ "toolTip": "Automatically download Blade Contracts and other important data. Improve product experience by sending data to Check Point",
+ "constraints": {
+ "allowedValues": [
+ {
+ "label": "Yes",
+ "value": "true"
+ },
+ {
+ "label": "No",
+ "value": "false"
+ }
+ ]
+ }
+ },
+ {
+ "name": "basics settings text block",
+ "type": "Microsoft.Common.TextBlock",
+ "visible": true,
+ "options": {
+ "text": "Please follow the Check Point referenced guide for adding disk space.",
+ "link": {
+ "label": "Additional disk space in CloudGuard",
+ "uri": "https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk156552"
+ }
+ }
+ },
+ {
+ "name": "additionalDiskSizeGB",
+ "type": "Microsoft.Common.TextBox",
+ "label": "Additional disk space (GB)",
+ "defaultValue": "0",
+ "toolTip": "Additional disk space (in GB), initial disk size is 100 GB.",
+ "constraints": {
+ "regex": "^([0-9]|[1-9][0-9]|[1-9][0-9][0-9]|[1-2][0-9][0-9][0-9]|3[0-8][0-9][0-9]|399[0-5])$",
+ "validationMessage": "Select a number between 0 and 3995"
+ }
+ },
+ {
+ "name": "VMDiskType",
+ "type": "Microsoft.Common.OptionsGroup",
+ "label": "VM disk type",
+ "toolTip": "Type of CloudGuard disk.",
+ "visible": "[not(contains('R80.40 R81' , steps('chkp').cloudGuardVersion))]",
+ "defaultValue": "Premium",
+ "constraints": {
+ "allowedValues": [
+ {
+ "label": "Standard",
+ "value": "Standard_LRS"
+ },
+ {
+ "label": "Premium",
+ "value": "Premium_LRS"
+ }
+ ]
+ }
+ },
+ {
+ "name": "VMDiskTypeOldVersions",
+ "type": "Microsoft.Common.OptionsGroup",
+ "label": "VM disk type",
+ "toolTip": "Type of CloudGuard disk.",
+ "visible": "[contains('R80.40 R81' , steps('chkp').cloudGuardVersion)]",
+ "defaultValue": "Standard",
+ "constraints": {
+ "allowedValues": [
+ {
+ "label": "Standard",
+ "value": "Standard_LRS"
+ },
+ {
+ "label": "Premium",
+ "value": "Premium_LRS"
+ }
+ ]
+ }
+ },
+ {
+ "name": "useCustomImageUri",
+ "type": "Microsoft.Common.OptionsGroup",
+ "label": "Use custom image uri",
+ "defaultValue": "No",
+ "toolTip": "Use custom image URI.",
+ "constraints": {
+ "allowedValues": [
+ {
+ "label": "Yes",
+ "value": "Yes"
+ },
+ {
+ "label": "No",
+ "value": "No"
+ }
+ ],
+ "required": true
+ },
+ "visible": false
+ },
+ {
+ "name": "sourceImageVhdUri",
+ "type": "Microsoft.Common.TextBox",
+ "label": "Development Image URI",
+ "toolTip": "The URI of the blob containing the development image",
+ "constraints": {
+ "required": "[equals(steps('chkp').useCustomImageUri, 'Yes')]",
+ "regex": "^[a-z0-9A-Z_\\-\\.\\:\\/]{1,500}.vhd$",
+ "validationMessage": "Only alphanumeric characters and '_','-','.',':','/' are allowed, the value must be 1-500 characters long and must end with .vhd. "
+ },
+ "visible": "[equals(steps('chkp').useCustomImageUri, 'Yes')]"
+ }
+ ]
+ },
+ {
+ "name": "network",
+ "label": "Network settings",
+ "subLabel": {
+ "preValidation": "Configure network settings",
+ "postValidation": "Done"
+ },
+ "bladeTitle": "Network settings",
+ "elements": [
+ {
+ "name": "virtualNetwork",
+ "type": "Microsoft.Network.VirtualNetworkCombo",
+ "label": {
+ "virtualNetwork": "Virtual network",
+ "subnets": "Subnet"
+ },
+ "toolTip": {
+ "virtualNetwork": "Virtual Network Name",
+ "subnets": "The subnet to deploy into"
+ },
+ "defaultValue": {
+ "name": "vnet01",
+ "addressPrefixSize": "/20"
+ },
+ "constraints": {
+ "minAddressPrefixSize": "/29"
+ },
+ "options": {
+ "hideExisting": false
+ },
+ "subnets": {
+ "subnet1": {
+ "label": "Multi-Domain Server subnet",
+ "defaultValue": {
+ "name": "Multi-Domain-Server",
+ "addressPrefixSize": "/24"
+ },
+ "constraints": {
+ "minAddressPrefixSize": "/29",
+ "minAddressCount": 1,
+ "requireContiguousAddresses": true
+ }
+ }
+ }
+ },
+ {
+ "name": "NSG",
+ "type": "Microsoft.Common.OptionsGroup",
+ "label": "Network Security Group",
+ "toolTip": "Choose between using an existing NSG or using a new NSG",
+ "constraints": {
+ "allowedValues": [
+ {
+ "label": "Create new",
+ "value": true
+ },
+ {
+ "label": "Existing NSG",
+ "value": false
+ }
+ ],
+ "required": true
+ },
+ "visible": true
+ },
+ {
+ "name": "nsgSelector",
+ "type": "Microsoft.Solutions.ResourceSelector",
+ "label": "Network Security Group",
+ "defaultValue": "null",
+ "toolTip": "Choose an existing NSG",
+ "resourceType": "Microsoft.Network/NetworkSecurityGroups",
+ "options": {
+ "filter": {
+ "subscription": "onBasics",
+ "location": "onBasics"
+ }
+ },
+ "constraints": {
+ "required": true
+ },
+ "visible": "[equals(steps('network').NSG, false)]"
+ },
+ {
+ "name": "NSGName",
+ "type": "Microsoft.Common.TextBox",
+ "label": "Name",
+ "defaultValue": "[concat(basics('gatewayNameUi') , '-nsg')]",
+ "toolTip": "Insert Name for the new NSG",
+ "multiLine": false,
+ "constraints": {
+ "required": "[steps('network').NSG]",
+ "regex": "^[a-z0-9A-Z-]{1,30}$",
+ "validationMessage": "Only alphanumeric characters are allowed, and the name must be 1-30 characters long."
+ },
+ "visible": "[steps('network').NSG]"
+ },
+ {
+ "name": "addStorageAccountIpRules",
+ "type": "Microsoft.Common.OptionsGroup",
+ "defaultValue": "Network access from all networks",
+ "label": "Storage Account Network Access",
+ "toolTip": "Select your preferred network access to the Storage Account, for more information - https://learn.microsoft.com/en-us/troubleshoot/azure/virtual-machines/serial-console-linux#serial-console-security",
+ "constraints": {
+ "allowedValues": [
+ {
+ "label": "Network access from all networks",
+ "value": false
+ },
+ {
+ "label": "Network access only from Serial Console",
+ "value": true
+ }
+ ],
+ "required": true
+ },
+ "visible": true
+ }
+ ]
+ },
+ {
+ "name": "tags",
+ "label": "Tags",
+ "elements": [
+ {
+ "name": "tagsByResource",
+ "type": "Microsoft.Common.TagsByResource",
+ "toolTip": "Create Azure tags for the new resources",
+ "resources": [
+ "Microsoft.Storage/storageAccounts",
+ "Microsoft.Network/publicIPAddresses",
+ "Microsoft.Network/networkSecurityGroups",
+ "Microsoft.Network/networkInterfaces",
+ "Microsoft.Compute/virtualMachines",
+ "Microsoft.Network/routeTables",
+ "Microsoft.Network/virtualNetworks"
+ ]
+ }
+ ]
+ }
+ ],
+ "outputs": {
+ "location": "[location()]",
+ "cloudGuardVersion": "[concat(steps('chkp').cloudGuardVersion, ' - ', coalesce(steps('chkp').R80Offer, 'Bring Your Own License'))]",
+ "adminPassword": "[basics('auth').password]",
+ "authenticationType": "[basics('auth').authenticationType]",
+ "sshPublicKey": "[basics('auth').sshPublicKey]",
+ "vmName": "[basics('gatewayNameUi')]",
+ "vmSize": "[coalesce(steps('chkp').R8040vmSizeUiBYOL, steps('chkp').R81vmSizeUiBYOL)]",
+ "virtualNetworkName": "[steps('network').virtualNetwork.name]",
+ "virtualNetworkAddressPrefix": "[steps('network').virtualNetwork.addressPrefix]",
+ "Subnet1Name": "[steps('network').virtualNetwork.subnets.subnet1.name]",
+ "Subnet1Prefix": "[steps('network').virtualNetwork.subnets.subnet1.addressPrefix]",
+ "Subnet1StartAddress": "[steps('network').virtualNetwork.subnets.subnet1.startAddress]",
+ "vnetNewOrExisting": "[steps('network').virtualNetwork.newOrExisting]",
+ "virtualNetworkExistingRGName": "[steps('network').virtualNetwork.resourceGroup]",
+ "managementGUIClientNetwork": "[if(contains(steps('chkp').managementGUIClientNetwork, '/'), steps('chkp').managementGUIClientNetwork, concat(steps('chkp').managementGUIClientNetwork, '/32'))]",
+ "sicKey": "[coalesce(steps('chkp').sicKeyUi, 'notused')]",
+ "installationType": "[steps('chkp').installationType]",
+ "bootstrapScript": "[steps('chkp').bootstrapScript]",
+ "allowDownloadFromUploadToCheckPoint": "[coalesce(steps('chkp').allowUploadDownload, 'true')]",
+ "additionalDiskSizeGB": "[int(steps('chkp').additionalDiskSizeGB)]",
+ "diskType": "[if(contains('R80.40 R81' , steps('chkp').cloudGuardVersion) , steps('chkp').VMDiskTypeOldVersions , steps('chkp').VMDiskType)]",
+ "sourceImageVhdUri": "[coalesce(steps('chkp').sourceImageVhdUri, 'noCustomUri')]",
+ "adminShell": "[steps('chkp').adminShell]",
+ "tagsByResource": "[steps('tags').tagsByResource]",
+ "deployNewNSG": "[steps('network').NSG]",
+ "ExistingNSG": "[steps('network').nsgSelector]",
+ "NewNsgName": "[steps('network').NSGName]",
+ "addStorageAccountIpRules":"[steps('network').addStorageAccountIpRules]",
+ "SerialConsolePasswordHash": "[steps('chkp').AdditionalPassword]"
+ }
+ }
+}
\ No newline at end of file
diff --git a/deprecated/azure/templates/R8040-R81/mds-r8040-r81/mainTemplate.json b/deprecated/azure/templates/R8040-R81/mds-r8040-r81/mainTemplate.json
new file mode 100644
index 00000000..c9800935
--- /dev/null
+++ b/deprecated/azure/templates/R8040-R81/mds-r8040-r81/mainTemplate.json
@@ -0,0 +1,746 @@
+{
+ "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
+ "contentVersion": "1.0.0.0",
+ "parameters": {
+ "location": {
+ "type": "string",
+ "metadata": {
+ "description": "Deployment location"
+ },
+ "defaultValue": "[resourceGroup().location]"
+ },
+ "cloudGuardVersion": {
+ "type": "string",
+ "allowedValues": [
+ "R80.40 - Bring Your Own License",
+ "R81 - Bring Your Own License",
+ ],
+ "defaultValue": "R81.20 - Bring Your Own License",
+ "metadata": {
+ "description": "Version of Check Point CloudGuard"
+ }
+ },
+ "authenticationType": {
+ "type": "string",
+ "allowedValues": [
+ "password",
+ "sshPublicKey"
+ ],
+ "defaultValue": "password",
+ "metadata": {
+ "description": "Authentication type"
+ }
+ },
+ "sshPublicKey": {
+ "type": "string",
+ "defaultValue": "",
+ "metadata": {
+ "description": "Administrator SSH public key"
+ }
+ },
+ "adminPassword": {
+ "type": "securestring",
+ "metadata": {
+ "description": "Administrator password"
+ },
+ "defaultValue": ""
+ },
+ "SerialConsolePasswordHash": {
+ "type": "securestring",
+ "defaultValue": "",
+ "metadata": {
+ "Description": "Optional parameter, used to enable serial console connection in case of SSH key as authentication type"
+ }
+ },
+ "vmName": {
+ "type": "string",
+ "metadata": {
+ "description": "The name of the Check Point Multi-Domain Server."
+ }
+ },
+ "vmSize": {
+ "type": "string",
+ "defaultValue": "Standard_DS5_v2",
+ "metadata": {
+ "description": "Size of the VM"
+ }
+ },
+ "adminShell": {
+ "type": "string",
+ "defaultValue": "/etc/cli.sh",
+ "allowedValues": [
+ "/etc/cli.sh",
+ "/bin/bash",
+ "/bin/csh",
+ "/bin/tcsh"
+ ],
+ "metadata": {
+ "Description": "The default shell for the admin user"
+ }
+ },
+ "virtualNetworkName": {
+ "type": "string",
+ "metadata": {
+ "description": "The name of the virtual network"
+ },
+ "defaultValue": "vnet01"
+ },
+ "virtualNetworkAddressPrefix": {
+ "type": "string",
+ "metadata": {
+ "description": "The address prefix of the virtual network"
+ },
+ "defaultValue": "10.0.0.0/16"
+ },
+ "Subnet1Name": {
+ "type": "string",
+ "metadata": {
+ "description": "The name of the subnet"
+ },
+ "defaultValue": "Multi-Domain-Server"
+ },
+ "Subnet1Prefix": {
+ "type": "string",
+ "metadata": {
+ "description": "The address prefix of the subnet"
+ },
+ "defaultValue": "10.0.1.0/24"
+ },
+ "Subnet1StartAddress": {
+ "type": "string",
+ "metadata": {
+ "description": "The first available address on the subnet"
+ },
+ "defaultValue": "10.0.1.10"
+ },
+ "vnetNewOrExisting": {
+ "type": "string",
+ "defaultValue": "new",
+ "allowedValues": [
+ "new",
+ "existing"
+ ],
+ "metadata": {
+ "Description": "Indicates whether the virtual network is new or existing"
+ }
+ },
+ "virtualNetworkExistingRGName": {
+ "type": "string",
+ "metadata": {
+ "description": "Resource Group of the existing virtual network"
+ },
+ "defaultValue": "[resourceGroup().name]"
+ },
+ "managementGUIClientNetwork": {
+ "type": "string",
+ "metadata": {
+ "description": "Allowed GUI clients"
+ },
+ "defaultValue": "0.0.0.0/0"
+ },
+ "sicKey": {
+ "type": "securestring",
+ "metadata": {
+ "description": "One time key for Secure Internal Communication"
+ }
+ },
+ "installationType": {
+ "type": "string",
+ "metadata": {
+ "description": "Installation Type"
+ },
+ "defaultValue": "mds-primary",
+ "allowedValues": [
+ "mds-primary",
+ "mds-secondary",
+ "mds-logserver"
+ ]
+ },
+ "bootstrapScript": {
+ "type": "string",
+ "metadata": {
+ "description": "Bootstrap script"
+ },
+ "defaultValue": ""
+ },
+ "allowDownloadFromUploadToCheckPoint": {
+ "type": "string",
+ "allowedValues": [
+ "true",
+ "false"
+ ],
+ "defaultValue": "true",
+ "metadata": {
+ "description": "Automatically download Blade Contracts and other important data. Improve product experience by sending data to Check Point"
+ }
+ },
+ "additionalDiskSizeGB": {
+ "type": "int",
+ "defaultValue": 0,
+ "metadata": {
+ "description": "Amount of additional disk space (in GB)"
+ },
+ "minValue": 0,
+ "maxValue": 3995
+ },
+ "diskType": {
+ "type": "string",
+ "defaultValue": "Standard_LRS",
+ "metadata": {
+ "description": "The type of the OS disk. Premium is applicable only to DS machine sizes"
+ },
+ "allowedValues": [
+ "Standard_LRS",
+ "Premium_LRS"
+ ]
+ },
+ "msi": {
+ "type": "bool",
+ "defaultValue": false,
+ "metadata": {
+ "description": "Configure managed service identity for the VM"
+ }
+ },
+ "sourceImageVhdUri": {
+ "type": "string",
+ "defaultValue": "noCustomUri",
+ "metadata": {
+ "description": "The URI of the blob containing the development image"
+ }
+ },
+ "_artifactsLocation": {
+ "type": "string",
+ "metadata": {
+ "description": "Use the following URI when deploying a custom template: https://raw.githubusercontent.com/CheckPointSW/CloudGuardIaaS/master/azure/templates/"
+ },
+ "defaultValue": "[deployment().properties.templateLink.uri]"
+ },
+ "_artifactsLocationSasToken": {
+ "type": "securestring",
+ "metadata": {
+ "description": "The sasToken required to access _artifactsLocation. When the template is deployed using the accompanying scripts, a sasToken will be automatically generated. Use the defaultValue if the staging location is not secured."
+ },
+ "defaultValue": ""
+ },
+ "tagsByResource": {
+ "type": "object",
+ "defaultValue": {}
+ },
+ "deployNewNSG": {
+ "type": "bool",
+ "defaultValue": true
+ },
+ "ExistingNSG": {
+ "type": "object",
+ "defaultValue": {}
+ },
+ "NewNsgName": {
+ "type": "string",
+ "defaultValue": "[concat(parameters('vmName'),'-nsg')]"
+ },
+ "addStorageAccountIpRules": {
+ "type": "bool",
+ "metadata": {
+ "description": "Add Storage Account IP rules that allow access to the Serial Console only for IPs based on their geographic location, based on https://learn.microsoft.com/en-us/troubleshoot/azure/virtual-machines/serial-console-linux#use-serial-console-with-custom-boot-diagnostics-storage-account-firewall-enabled"
+ },
+ "defaultValue" : false
+ },
+ "storageAccountAdditionalIps":{
+ "type": "array",
+ "metadata": {
+ "description": "IPs/CIDRs that are allowed access to the Storage Account"
+ },
+ "defaultValue" : []
+ }
+
+ },
+ "variables": {
+ "templateName": "mds",
+ "templateVersion": "20230910",
+ "location": "[parameters('location')]",
+ "offers": {
+ "R80.40 - Bring Your Own License": "BYOL",
+ "R81 - Bring Your Own License": "BYOL"
+ },
+ "offer": "[variables('offers')[parameters('cloudGuardVersion')]]",
+ "osVersions": {
+ "R80.40 - Bring Your Own License": "R8040",
+ "R81 - Bring Your Own License": "R81"
+ },
+ "osVersion": "[variables('osVersions')[parameters('cloudGuardVersion')]]",
+ "serialConsoleGeographies": {
+ "astasia" : ["20.205.69.28"],
+ "southeastasia" : ["20.205.69.28", "20.195.85.180"],
+ "eastasia" : ["20.195.85.180"],
+ "australiacentral" : ["20.53.53.224", "20.70.222.112"],
+ "australiacentral2" : ["20.53.53.224", "20.70.222.112"],
+ "australiaeast" : ["20.53.53.224", "20.70.222.112"],
+ "australiasoutheast" : ["20.53.53.224", "20.70.222.112"],
+ "brazilsouth" : ["91.234.136.63", "20.206.0.194"],
+ "brazilsoutheast" : ["91.234.136.63", "20.206.0.194"],
+ "canadacentral" : ["52.228.86.177", "52.242.40.90"],
+ "canadaeast" : ["52.228.86.177", "52.242.40.90"],
+ "northeurope" : ["52.146.139.220", "20.105.209.72"],
+ "westeurope" : ["52.146.139.220", "20.105.209.72"],
+ "francecentral" : ["20.111.0.244", "52.136.191.10"],
+ "francesouth" : ["20.111.0.244", "52.136.191.10"],
+ "germanynorth" : ["51.116.75.88", "20.52.95.48"],
+ "germanywestcentral" : ["51.116.75.88", "20.52.95.48"],
+ "centralindia" : ["20.192.168.150", "20.192.153.104"],
+ "southindia" : ["20.192.168.150", "20.192.153.104"],
+ "westindia" : ["20.192.168.150", "20.192.153.104"],
+ "japaneast" : ["20.43.70.205", "20.189.228.222"],
+ "japanwest" : ["20.43.70.205", "20.189.228.222"],
+ "koreacentral" : ["20.200.196.96", "52.147.119.29"],
+ "koreasouth" : ["20.200.196.96", "52.147.119.29"],
+ "norwaywest" : ["20.100.1.184", "51.13.138.76"],
+ "norwayeast" : ["20.100.1.184", "51.13.138.76"],
+ "switzerlandnorth" : ["20.208.4.98", "51.107.251.190"],
+ "switzerlandwest" : ["20.208.4.98", "51.107.251.190"],
+ "uaecentral" : ["20.45.95.66", "20.38.141.5"],
+ "uaenorth" : ["20.45.95.66", "20.38.141.5"],
+ "uksouth" : ["20.90.132.144", "20.58.68.62"],
+ "ukwest" : ["20.90.132.144", "20.58.68.62"],
+ "swedencentral" : ["51.12.72.223", "51.12.22.174"],
+ "swedensouth" : ["51.12.72.223", "51.12.22.174"],
+ "centralus" : ["20.98.146.84", "20.98.194.64", "20.69.5.162", "20.83.222.102"],
+ "eastus2" : ["20.98.146.84", "20.98.194.64", "20.69.5.162", "20.83.222.102"],
+ "eastus" : ["20.98.146.84", "20.98.194.64", "20.69.5.162", "20.83.222.102"],
+ "northcentralus" : ["20.98.146.84", "20.98.194.64", "20.69.5.162", "20.83.222.102"],
+ "southcentralus" : ["20.98.146.84", "20.98.194.64", "20.69.5.162", "20.83.222.102"],
+ "westus2" : ["20.98.146.84", "20.98.194.64", "20.69.5.162", "20.83.222.102"],
+ "westus3" : ["20.98.146.84", "20.98.194.64", "20.69.5.162", "20.83.222.102"],
+ "westcentralus" : ["20.98.146.84", "20.98.194.64", "20.69.5.162", "20.83.222.102"],
+ "westus" : ["20.98.146.84", "20.98.194.64", "20.69.5.162", "20.83.222.102"],
+ "eastus2euap" : ["20.45.242.18", "20.51.21.252"],
+ "centraluseuap" : ["20.45.242.18", "20.51.21.252"]
+ },
+ "serialConsoleIps": "[if(contains(variables('serialConsoleGeographies'),variables('location')),variables('serialConsoleGeographies')[variables('location')],createArray())]",
+ "storageAccountIps" : "[concat(variables('SerialConsoleIps'),parameters('storageAccountAdditionalIps'))]",
+ "isBlink": "[bool('false')]",
+ "primary": "[equals(parameters('installationType'), 'mds-primary')]",
+ "secondary": "[equals(parameters('installationType'), 'mds-secondary')]",
+ "logserver": "[equals(parameters('installationType'), 'mds-logserver')]",
+ "storageAccountName": "[concat('bootdiag', uniqueString(resourceGroup().id, deployment().name))]",
+ "storageAccountType": "Standard_LRS",
+ "diskSize100GB": 100,
+ "diskSizeGB": "[add(parameters('additionalDiskSizeGB'), variables('diskSize100GB'))]",
+ "customData": "[concat('#!/usr/bin/python3 /etc/cloud_config.py\n', '\n', 'installationType=\"', parameters('installationType'), '\"', '\n', 'allowUploadDownload=\"', variables('allowUploadDownload'), '\"', '\n', 'osVersion=\"', variables('osVersion'), '\"', '\n', 'templateName=\"', variables('templateName'), '\"', '\n', 'isBlink=\"', variables('isBlink'), '\"', '\n', 'templateVersion=\"', variables('templateVersion'), '\"', '\n', 'bootstrapScript64=\"', variables('bootstrapScript64'), '\"', '\n', 'location=\"', variables('location'), '\"', '\n', 'managementGUIClientNetwork=\"', variables('managementGUIClientNetwork'), '\"', '\n', 'sicKey=\"', parameters('sicKey'), '\"', '\n', 'primary=\"', variables('primary'), '\"', '\n', 'secondary=\"', variables('secondary'), '\"', '\n', 'logserver=\"', variables('logserver'), '\"', '\n', 'adminShell=\"', parameters('adminShell'), '\"', '\n', 'passwordHash=\"', parameters('SerialConsolePasswordHash'), '\"', '\n')]",
+ "customData64": "[base64(variables('customData'))]",
+ "imageOffer": "[concat('check-point-cg-', toLower(variables('osVersion')))]",
+ "imagePublisher": "checkpoint",
+ "imageReferenceBYOL": {
+ "offer": "[variables('imageOffer')]",
+ "publisher": "[variables('imagePublisher')]",
+ "sku": "mgmt-byol",
+ "version": "latest"
+ },
+ "imageReferenceMarketplace": "[variables('imageReferenceBYOL')]",
+ "customImage": "customImage",
+ "imageReferenceCustomUri": {
+ "id": "[resourceId('Microsoft.Compute/images/', variables('customImage'))]"
+ },
+ "imageReference": "[if(equals(parameters('sourceImageVhdUri'),'noCustomUri'), variables('imageReferenceMarketplace'), variables('imageReferenceCustomUri'))]",
+ "nic1Name": "[concat(parameters('vmName'), '-eth0')]",
+ "linuxConfigurationpassword": {
+ "disablePasswordAuthentication": "false"
+ },
+ "linuxConfigurationsshPublicKey": {
+ "disablePasswordAuthentication": "true",
+ "ssh": {
+ "publicKeys": [
+ {
+ "keyData": "[parameters('sshPublicKey')]",
+ "path": "/home/notused/.ssh/authorized_keys"
+ }
+ ]
+ }
+ },
+ "linuxConfiguration": "[if(equals(parameters('authenticationType'), 'password'), variables('linuxConfigurationpassword'), variables('linuxConfigurationsshPublicKey'))]",
+ "planBYOL": {
+ "name": "mgmt-byol",
+ "product": "[variables('imageOffer')]",
+ "publisher": "[variables('imagePublisher')]"
+ },
+ "plan": "[if(equals(variables('offer'), 'BYOL'), variables('planBYOL'), variables('planBYOL'))]",
+ "identity": "[if(parameters('msi'), json('{\"type\": \"SystemAssigned\"}'), json('null'))]",
+ "publicIPAddressName": "[parameters('vmName')]",
+ "publicIPAddressId": "[resourceId('Microsoft.Network/publicIPAddresses', variables('publicIPAddressName'))]",
+ "bootstrapScript64": "[base64(parameters('bootstrapScript'))]",
+ "allowUploadDownload": "[parameters('allowDownloadFromUploadToCheckPoint')]",
+ "_artifactsLocation": "[if(contains(parameters('_artifactsLocation'),'raw.githubusercontent.com/CheckPointSW/CloudGuardIaaS/master/azure/templates/marketplace'),'https://raw.githubusercontent.com/CheckPointSW/CloudGuardIaaS/master/azure/templates/',parameters('_artifactsLocation'))]",
+ "networkSetupURL": "[uri(variables('_artifactsLocation'), concat('nestedtemplates/vnet-1-subnet-', parameters('vnetNewOrExisting'), '.json', parameters('_artifactsLocationSasToken')))]",
+ "managementGUIClientNetwork": "[parameters('managementGUIClientNetwork')]",
+ "deployNewVnet": "[equals(parameters('vnetNewOrExisting'), 'new')]",
+ "vnetRGName": "[if(variables('deployNewVnet'), resourceGroup().name, parameters('virtualNetworkExistingRGName'))]",
+ "NewNsgReference": {"id": "[resourceId('Microsoft.Network/networkSecurityGroups', parameters('NewNsgName'))]"}
+ },
+ "resources": [
+ {
+ "apiVersion": "2020-06-01",
+ "name": "pid-6f13b00a-7546-4ab2-be9f-c66815cc6c8b-partnercenter",
+ "type": "Microsoft.Resources/deployments",
+ "properties": {
+ "mode": "Incremental",
+ "template": {
+ "$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
+ "contentVersion": "1.0.0.0",
+ "resources": []
+ }
+ }
+ },
+ {
+ "type": "Microsoft.Storage/storageAccounts",
+ "name": "[variables('storageAccountName')]",
+ "apiVersion": "2022-09-01",
+ "properties": {
+ "supportsHttpsTrafficOnly": true,
+ "allowBlobPublicAccess": false,
+ "minimumTlsVersion": "TLS1_2",
+ "networkAcls": {
+ "bypass": "None",
+ "defaultAction": "[if(parameters('addStorageAccountIpRules'), 'Deny', 'Allow')]",
+ "ipRules": "[if(parameters('addStorageAccountIpRules'), map(variables('storageAccountIps'), lambda('ip',createObject('action','Allow','value',lambdaVariables('ip')))), createArray())]"
+ }
+ },
+ "location": "[variables('location')]",
+ "sku": {
+ "name": "[variables('storageAccountType')]"
+ },
+ "kind": "Storage",
+ "tags": "[ if(contains(parameters('tagsByResource'), 'Microsoft.Storage/storageAccounts'), parameters('tagsByResource')['Microsoft.Storage/storageAccounts'], json('{}')) ]"
+ },
+ {
+ "condition": "[equals(parameters('vnetNewOrExisting'), 'new')]",
+ "name": "networkNewSetup",
+ "type": "Microsoft.Resources/deployments",
+ "apiVersion": "2020-06-01",
+ "properties": {
+ "mode": "Incremental",
+ "templateLink": {
+ "uri": "[variables('networkSetupURL')]",
+ "contentVersion": "1.0.0.0"
+ },
+ "parameters": {
+ "location": {
+ "value": "[variables('location')]"
+ },
+ "virtualNetworkName": {
+ "value": "[parameters('virtualNetworkName')]"
+ },
+ "virtualNetworkAddressPrefix": {
+ "value": "[parameters('virtualNetworkAddressPrefix')]"
+ },
+ "Subnet1Name": {
+ "value": "[parameters('Subnet1Name')]"
+ },
+ "Subnet1Prefix": {
+ "value": "[parameters('Subnet1Prefix')]"
+ },
+ "tagsByResource": {
+ "value": "[parameters('tagsByResource')]"
+ },
+ "deployNsg": {
+ "value": false
+ },
+ "NewNsgName":
+ {
+ "value":"[parameters('NewNsgName')]"
+ }
+ }
+ }
+ },
+ {
+ "condition": "[equals(parameters('vnetNewOrExisting'), 'existing')]",
+ "name": "networkExistingSetup",
+ "type": "Microsoft.Resources/deployments",
+ "apiVersion": "2020-06-01",
+ "properties": {
+ "mode": "Incremental",
+ "templateLink": {
+ "uri": "[variables('networkSetupURL')]",
+ "contentVersion": "1.0.0.0"
+ },
+ "parameters": {
+ "location": {
+ "value": "[variables('location')]"
+ },
+ "virtualNetworkName": {
+ "value": "[parameters('virtualNetworkName')]"
+ },
+ "virtualNetworkExistingRGName": {
+ "value": "[variables('vnetRGName')]"
+ },
+ "vmName": {
+ "value": "[parameters('vmName')]"
+ },
+ "tagsByResource": {
+ "value": "[parameters('tagsByResource')]"
+ },
+ "deployNsg": {
+ "value": false
+ },
+ "NewNsgName":
+ {
+ "value":"[parameters('NewNsgName')]"
+ }
+ }
+ }
+ },
+ {
+ "type": "Microsoft.Network/publicIPAddresses",
+ "apiVersion": "2020-06-01",
+ "location": "[variables('location')]",
+ "name": "[variables('publicIPAddressName')]",
+ "sku": {
+ "name": "Standard"
+ },
+ "properties": {
+ "idleTimeoutInMinutes": 30,
+ "publicIPAllocationMethod": "Static",
+ "dnsSettings": {
+ "domainNameLabel": "[concat(toLower(parameters('vmName')), '-', uniquestring(resourceGroup().id, deployment().name))]"
+ }
+ },
+ "tags": "[ if(contains(parameters('tagsByResource'), 'Microsoft.Network/publicIPAddresses'), parameters('tagsByResource')['Microsoft.Network/publicIPAddresses'], json('{}')) ]"
+ },
+ {
+ "condition": "[parameters('deployNewNSG')]",
+ "type": "Microsoft.Network/networkSecurityGroups",
+ "apiVersion": "2020-06-01",
+ "location": "[variables('location')]",
+ "name": "[parameters('NewNsgName')]",
+ "properties": {
+ "securityRules": [
+ {
+ "name": "SSH",
+ "properties": {
+ "description": "Allow inbound SSH connection",
+ "protocol": "TCP",
+ "sourcePortRange": "*",
+ "destinationPortRange": "22",
+ "sourceAddressPrefix": "[variables('managementGUIClientNetwork')]",
+ "destinationAddressPrefix": "*",
+ "access": "Allow",
+ "priority": "100",
+ "direction": "Inbound"
+ }
+ },
+ {
+ "name": "GAiA-portal",
+ "properties": {
+ "description": "Allow inbound HTTPS access to the GAiA portal",
+ "protocol": "TCP",
+ "sourcePortRange": "*",
+ "destinationPortRange": "443",
+ "sourceAddressPrefix": "[variables('managementGUIClientNetwork')]",
+ "destinationAddressPrefix": "*",
+ "access": "Allow",
+ "priority": "110",
+ "direction": "Inbound"
+ }
+ },
+ {
+ "name": "SmartConsole-1",
+ "properties": {
+ "description": "Allow inbound access using the SmartConsole GUI client",
+ "protocol": "TCP",
+ "sourcePortRange": "*",
+ "destinationPortRange": "18190",
+ "sourceAddressPrefix": "[variables('managementGUIClientNetwork')]",
+ "destinationAddressPrefix": "*",
+ "access": "Allow",
+ "priority": "120",
+ "direction": "Inbound"
+ }
+ },
+ {
+ "name": "SmartConsole-2",
+ "properties": {
+ "description": "Allow inbound access using the SmartConsole GUI client",
+ "protocol": "TCP",
+ "sourcePortRange": "*",
+ "destinationPortRange": "19009",
+ "sourceAddressPrefix": "[variables('managementGUIClientNetwork')]",
+ "destinationAddressPrefix": "*",
+ "access": "Allow",
+ "priority": "130",
+ "direction": "Inbound"
+ }
+ },
+ {
+ "name": "Logs",
+ "properties": {
+ "description": "Allow inbound logging connections from managed gateways",
+ "protocol": "TCP",
+ "sourcePortRange": "*",
+ "destinationPortRange": "257",
+ "sourceAddressPrefix": "*",
+ "destinationAddressPrefix": "*",
+ "access": "Allow",
+ "priority": "140",
+ "direction": "Inbound"
+ }
+ },
+ {
+ "name": "ICA-pull",
+ "properties": {
+ "description": "Allow security gateways to pull a SIC certificate",
+ "protocol": "TCP",
+ "sourcePortRange": "*",
+ "destinationPortRange": "18210",
+ "sourceAddressPrefix": "*",
+ "destinationAddressPrefix": "*",
+ "access": "Allow",
+ "priority": "150",
+ "direction": "Inbound"
+ }
+ },
+ {
+ "name": "CRL-fetch",
+ "properties": {
+ "description": "Allow security gateways to fetch CRLs",
+ "protocol": "TCP",
+ "sourcePortRange": "*",
+ "destinationPortRange": "18264",
+ "sourceAddressPrefix": "*",
+ "destinationAddressPrefix": "*",
+ "access": "Allow",
+ "priority": "160",
+ "direction": "Inbound"
+ }
+ },
+ {
+ "name": "Policy-fetch",
+ "properties": {
+ "description": "Allow security gateways to fetch policy",
+ "protocol": "TCP",
+ "sourcePortRange": "*",
+ "destinationPortRange": "18191",
+ "sourceAddressPrefix": "*",
+ "destinationAddressPrefix": "*",
+ "access": "Allow",
+ "priority": "170",
+ "direction": "Inbound"
+ }
+ }
+ ]
+ },
+ "tags": "[ if(contains(parameters('tagsByResource'), 'Microsoft.Network/networkSecurityGroups'), parameters('tagsByResource')['Microsoft.Network/networkSecurityGroups'], json('{}')) ]"
+ },
+ {
+ "type": "Microsoft.Network/networkInterfaces",
+ "apiVersion": "2020-06-01",
+ "dependsOn": [
+ "[coalesce(resourceId('Microsoft.Resources/deployments', 'networkNewSetup'), resourceId('Microsoft.Resources/deployments', 'networkExistingSetup'))]",
+ "[variables('publicIPAddressId')]"
+ ],
+ "location": "[variables('location')]",
+ "name": "[variables('nic1Name')]",
+ "properties": {
+ "enableIPForwarding": false,
+ "networkSecurityGroup":"[if(parameters('deployNewNSG') , variables('NewNsgReference') , parameters('ExistingNSG'))]",
+ "ipConfigurations": [
+ {
+ "name": "ipconfig1",
+ "properties": {
+ "privateIPAddress": "[parameters('Subnet1StartAddress')]",
+ "privateIPAllocationMethod": "Static",
+ "PublicIpAddress": {
+ "Id": "[variables('publicIPAddressId')]"
+ },
+ "subnet": {
+ "id": "[resourceId(variables('vnetRGName') ,'Microsoft.Network/virtualNetworks/subnets', parameters('virtualNetworkName'), parameters('Subnet1Name'))]"
+ }
+ }
+ }
+ ]
+ },
+ "tags": "[ if(contains(parameters('tagsByResource'), 'Microsoft.Network/networkInterfaces'), parameters('tagsByResource')['Microsoft.Network/networkInterfaces'], json('{}')) ]"
+ },
+ {
+ "condition": "[not(equals(parameters('sourceImageVhdUri'), 'noCustomUri'))]",
+ "type": "Microsoft.Compute/images",
+ "apiVersion": "2020-06-01",
+ "name": "[variables('customImage')]",
+ "location": "[variables('location')]",
+ "properties": {
+ "storageProfile": {
+ "osDisk": {
+ "osType": "Linux",
+ "osState": "Generalized",
+ "blobUri": "[parameters('sourceImageVhdUri')]",
+ "storageAccountType": "Standard_LRS"
+ }
+ },
+ "hyperVGeneration": "V1"
+ },
+ "tags": "[ if(contains(parameters('tagsByResource'), 'Microsoft.Compute/images'), parameters('tagsByResource')['Microsoft.Compute/images'], json('{}')) ]"
+ },
+ {
+ "type": "Microsoft.Compute/virtualMachines",
+ "apiVersion": "2021-07-01",
+ "dependsOn": [
+ "[resourceId('Microsoft.Storage/storageAccounts', variables('storageAccountName'))]",
+ "[resourceId('Microsoft.Network/networkInterfaces', variables('nic1Name'))]",
+ "[resourceId('Microsoft.Compute/images/', variables('customImage'))]"
+ ],
+ "location": "[variables('location')]",
+ "name": "[parameters('vmName')]",
+ "plan": "[if(equals(parameters('sourceImageVhdUri'),'noCustomUri'), variables('plan'), json('null'))]",
+ "identity": "[variables('identity')]",
+ "properties": {
+ "UserData": "[variables('customData64')]",
+ "diagnosticsProfile": {
+ "bootDiagnostics": {
+ "enabled": "true",
+ "storageUri": "[reference(resourceId('Microsoft.Storage/storageAccounts/', variables('storageAccountName')), '2022-09-01').primaryEndpoints.blob]"
+ }
+ },
+ "hardwareProfile": {
+ "vmSize": "[parameters('vmSize')]"
+ },
+ "networkProfile": {
+ "networkInterfaces": [
+ {
+ "id": "[resourceId('Microsoft.Network/networkInterfaces', variables('nic1Name'))]",
+ "properties": {
+ "primary": true
+ }
+ }
+ ]
+ },
+ "osProfile": {
+ "adminPassword": "[parameters('adminPassword')]",
+ "adminUsername": "[concat('not','used')]",
+ "computerName": "[toLower(parameters('vmName'))]",
+ "customData": "[variables('customData64')]",
+ "linuxConfiguration": "[variables('linuxConfiguration')]"
+ },
+ "storageProfile": {
+ "imageReference": "[variables('imageReference')]",
+ "osDisk": {
+ "caching": "ReadWrite",
+ "createOption": "FromImage",
+ "diskSizeGB": "[variables('diskSizeGB')]",
+ "name": "[parameters('vmName')]",
+ "managedDisk": {
+ "storageAccountType": "[parameters('diskType')]"
+ }
+ }
+ }
+ },
+ "tags": "[ if(contains(parameters('tagsByResource'), 'Microsoft.Compute/virtualMachines'), parameters('tagsByResource')['Microsoft.Compute/virtualMachines'], json('{}')) ]"
+ }
+ ],
+ "outputs": {
+ "IPAddress": {
+ "type": "string",
+ "value": "[reference(variables('publicIPAddressId')).IpAddress]"
+ },
+ "FQDN": {
+ "type": "string",
+ "value": "[reference(variables('publicIPAddressId')).dnsSettings.fqdn]"
+ }
+ }
+}
\ No newline at end of file
diff --git a/deprecated/azure/templates/R8040-R81/mgmt-r840-r81/README.md b/deprecated/azure/templates/R8040-R81/mgmt-r840-r81/README.md
new file mode 100644
index 00000000..ae636acd
--- /dev/null
+++ b/deprecated/azure/templates/R8040-R81/mgmt-r840-r81/README.md
@@ -0,0 +1,21 @@
+# Check Point CloudGuard Network Security Management for Azure
+
+Check Point CloudGuard Network Security delivers advanced, multi-layered threat prevention to protect customer assets in Azure from malware and sophisticated threats. As a Microsoft Azure certified solution, CloudGuard Network Security enables you to easily and seamlessly secure your workloads while providing secure connectivity across your cloud and on-premises environments.
+
+Benefits:
+
+· Advanced threat prevention and traffic inspection
+
+· Integrated with Azure Security Center and Azure Sentinel
+
+· Provides consistent security policy management, enforcement, and reporting with a single pane of glass, using Check Point Unified Security Management
+
+
+
+
+
+
+
+To deploy with full control over all the template options use: [Full Control Deployment](https://portal.azure.com/#create/Microsoft.Template/uri/https%3A%2F%2Fraw.githubusercontent.com%2FCheckPointSW%2FCloudGuardIaaS%2Fmaster%2Fazure%2Ftemplates%2Fmarketplace-management%2FmainTemplate.json)
+
+
diff --git a/deprecated/azure/templates/R8040-R81/mgmt-r840-r81/createUiDefinition.json b/deprecated/azure/templates/R8040-R81/mgmt-r840-r81/createUiDefinition.json
new file mode 100644
index 00000000..e2bdf52e
--- /dev/null
+++ b/deprecated/azure/templates/R8040-R81/mgmt-r840-r81/createUiDefinition.json
@@ -0,0 +1,654 @@
+{
+ "$schema": "https://schema.management.azure.com/schemas/0.1.2-preview/CreateUIDefinition.MultiVm.json#",
+ "handler": "Microsoft.Compute.MultiVm",
+ "version": "0.1.2-preview",
+ "parameters": {
+ "basics": [
+ {
+ "name": "chkp refrence architecture",
+ "type": "Microsoft.Common.TextBlock",
+ "visible": true,
+ "options": {
+ "text": "Please follow the Check Point Reference Architecture for Azure.",
+ "link": {
+ "label": "Reference Architecture Guide",
+ "uri": "https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk109360"
+ }
+ }
+ },
+ {
+ "name": "gatewayNameUi",
+ "type": "Microsoft.Common.TextBox",
+ "label": "Server Name",
+ "toolTip": "The name of the Check Point Security Management Server.",
+ "constraints": {
+ "required": true,
+ "regex": "^[a-z0-9A-Z]{1,30}$",
+ "validationMessage": "Only alphanumeric characters are allowed, and the name must be 1-30 characters long."
+ }
+ },
+ {
+ "name": "auth",
+ "type": "Microsoft.Compute.CredentialsCombo",
+ "label": {
+ "authenticationType": "Authentication type",
+ "password": "Password",
+ "confirmPassword": "Confirm password",
+ "sshPublicKey": "SSH public key"
+ },
+ "toolTip": {
+ "password": "The user 'admin' password",
+ "sshPublicKey": "Paste an OpenSSH public key. You can generate a key pair using ssh-keygen (Linux, OS X, Cygwin) or PuttyGen (Windows)"
+ },
+ "constraints": {
+ "required": true
+ },
+ "options": {
+ "hideConfirmation": false,
+ "hidePassword": false
+ },
+ "osPlatform": "Linux"
+ }
+ ],
+ "steps": [
+ {
+ "name": "chkp",
+ "label": "Check Point Security Management Server settings",
+ "subLabel": {
+ "preValidation": "Configure additional settings",
+ "postValidation": "Done"
+ },
+ "bladeTitle": "Security Management settings",
+ "elements": [
+ {
+ "name": "cloudGuardVersion",
+ "type": "Microsoft.Common.DropDown",
+ "label": "Check Point CloudGuard version",
+ "defaultValue": "R81",
+ "toolTip": "The version of Check Point CloudGuard.",
+ "constraints": {
+ "allowedValues": [
+ {
+ "label": "R80.40",
+ "value": "R80.40"
+ },
+ {
+ "label": "R81",
+ "value": "R81"
+ }
+ ]
+ }
+ },
+ {
+ "name": "R80Offer",
+ "type": "Microsoft.Common.DropDown",
+ "label": "License type",
+ "toolTip": "The type of license.",
+ "defaultValue": "Bring Your Own License",
+ "visible": true,
+ "constraints": {
+ "allowedValues": [
+ {
+ "label": "Bring Your Own License",
+ "value": "Bring Your Own License"
+ },
+ {
+ "label": "Pay As You Go (MGMT25)",
+ "value": "Pay As You Go (MGMT25)"
+ }
+ ]
+ }
+ },
+ {
+ "name": "R8040vmSizeUiBYOL",
+ "type": "Microsoft.Compute.SizeSelector",
+ "visible": "[and(equals(steps('chkp').cloudGuardVersion, 'R80.40'), contains(steps('chkp').R80Offer, 'Bring Your Own License'))]",
+ "label": "Virtual machine size",
+ "toolTip": "The VM size of the Management",
+ "recommendedSizes": [
+ "Standard_D3_v2",
+ "Standard_DS3_v2"
+ ],
+ "constraints": {
+ "excludedSizes": [
+ "Standard_A1_v2",
+ "Standard_D1_v2",
+ "Standard_DS1_v2",
+ "Standard_F1",
+ "Standard_F1s",
+ "Standard_G1",
+ "Standard_GS1"
+ ]
+ },
+ "osPlatform": "Linux",
+ "imageReference": {
+ "publisher": "checkpoint",
+ "offer": "check-point-cg-r8040",
+ "sku": "mgmt-byol"
+ },
+ "count": 1
+ },
+ {
+ "name": "R8040vmSizeUiMGMT25",
+ "type": "Microsoft.Compute.SizeSelector",
+ "visible": "[and(equals(steps('chkp').cloudGuardVersion, 'R80.40'), contains(steps('chkp').R80Offer, '(MGMT25)'))]",
+ "label": "Virtual machine size",
+ "toolTip": "The VM size of the Management",
+ "recommendedSizes": [
+ "Standard_D3_v2",
+ "Standard_DS3_v2"
+ ],
+ "constraints": {
+ "excludedSizes": [
+ "Standard_A1_v2",
+ "Standard_D1_v2",
+ "Standard_DS1_v2",
+ "Standard_F1",
+ "Standard_F1s",
+ "Standard_G1",
+ "Standard_GS1"
+ ]
+ },
+ "osPlatform": "Linux",
+ "imageReference": {
+ "publisher": "checkpoint",
+ "offer": "check-point-cg-r8040",
+ "sku": "mgmt-25"
+ },
+ "count": 1
+ },
+ {
+ "name": "R81vmSizeUiBYOL",
+ "type": "Microsoft.Compute.SizeSelector",
+ "visible": "[and(equals(steps('chkp').cloudGuardVersion, 'R81'), contains(steps('chkp').R80Offer, 'Bring Your Own License'))]",
+ "label": "Virtual machine size",
+ "toolTip": "The VM size of the Management",
+ "recommendedSizes": [
+ "Standard_D3_v2",
+ "Standard_DS3_v2"
+ ],
+ "constraints": {
+ "excludedSizes": [
+ "Standard_A1_v2",
+ "Standard_D1_v2",
+ "Standard_DS1_v2",
+ "Standard_F1",
+ "Standard_F1s",
+ "Standard_G1",
+ "Standard_GS1"
+ ]
+ },
+ "osPlatform": "Linux",
+ "imageReference": {
+ "publisher": "checkpoint",
+ "offer": "check-point-cg-r81",
+ "sku": "mgmt-byol"
+ },
+ "count": 1
+ },
+ {
+ "name": "R81vmSizeUiMGMT25",
+ "type": "Microsoft.Compute.SizeSelector",
+ "visible": "[and(equals(steps('chkp').cloudGuardVersion, 'R81'), contains(steps('chkp').R80Offer, '(MGMT25)'))]",
+ "label": "Virtual machine size",
+ "toolTip": "The VM size of the Management",
+ "recommendedSizes": [
+ "Standard_D3_v2",
+ "Standard_DS3_v2"
+ ],
+ "constraints": {
+ "excludedSizes": [
+ "Standard_A1_v2",
+ "Standard_D1_v2",
+ "Standard_DS1_v2",
+ "Standard_F1",
+ "Standard_F1s",
+ "Standard_G1",
+ "Standard_GS1"
+ ]
+ },
+ "osPlatform": "Linux",
+ "imageReference": {
+ "publisher": "checkpoint",
+ "offer": "check-point-cg-r81",
+ "sku": "mgmt-25"
+ },
+ "count": 1
+ },
+ {
+ "name": "SerialPasswordInfoBox",
+ "type": "Microsoft.Common.InfoBox",
+ "visible": "[bool(basics('auth').sshPublicKey)]",
+ "options": {
+ "icon": "Info",
+ "text": "Check Point recommends setting serial console password and maintenance-mode password for recovery purposes. For R81.10 and below the serial console password is used also as maintenance-mode password"
+ }
+ },
+ {
+ "visible": "[bool(basics('auth').sshPublicKey)]",
+ "name": "EnableSerialConsolePassword",
+ "type": "Microsoft.Common.OptionsGroup",
+ "label": "Enable Serial console password",
+ "defaultValue": "Yes",
+ "toolTip": "A unique password hash to enable VM connection via serial console.",
+ "constraints": {
+ "allowedValues": [
+ {
+ "label": "Yes",
+ "value": true
+ },
+ {
+ "label": "No",
+ "value": false
+ }
+ ]
+ }
+ },
+ {
+ "name": "AdditionalPassword",
+ "type": "Microsoft.Common.PasswordBox",
+ "toolTip": "Serial console password hash, used to enable password authentication (using serial console). To generate password hash use the command 'openssl passwd -6 PASSWORD'",
+ "visible": "[and(bool(basics('auth').sshPublicKey), steps('chkp').EnableSerialConsolePassword)]",
+ "label": {
+ "password": "Password hash",
+ "confirmPassword": "Confirm password"
+ },
+ "constraints": {
+ "required": true,
+ "regex": "^.{12,300}$",
+ "validationMessage": "The value must be the output of the hash command."
+ },
+ "options": {
+ "hideConfirmation": false
+ }
+ },
+ {
+ "name": "installationType",
+ "type": "Microsoft.Common.DropDown",
+ "label": "Installation type",
+ "defaultValue": "Management",
+ "toolTip": "Select the type of deployment",
+ "constraints": {
+ "allowedValues": [
+ {
+ "label": "Management",
+ "value": "management"
+ },
+ {
+ "label": "Configure manually",
+ "value": "custom"
+ }
+ ]
+ }
+ },
+ {
+ "name": "adminShell",
+ "type": "Microsoft.Common.DropDown",
+ "label": "Default shell for the admin user",
+ "defaultValue": "/etc/cli.sh",
+ "toolTip": "The default shell for the admin user",
+ "constraints": {
+ "allowedValues": [
+ {
+ "label": "/etc/cli.sh",
+ "value": "/etc/cli.sh"
+ },
+ {
+ "label": "/bin/bash",
+ "value": "/bin/bash"
+ },
+ {
+ "label": "/bin/csh",
+ "value": "/bin/csh"
+ },
+ {
+ "label": "/bin/tcsh",
+ "value": "/bin/tcsh"
+ }
+ ]
+ }
+ },
+ {
+ "name": "managementGUIClientNetwork",
+ "type": "Microsoft.Common.TextBox",
+ "label": "Allowed GUI clients",
+ "toolTip": "GUI clients network CIDR",
+ "constraints": {
+ "required": true,
+ "regex": "^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\\/([0-9]|[1-2][0-9]|3[0-2]))$",
+ "validationMessage": "Enter a valid IPv4 network CIDR"
+ },
+ "visible": "[equals(steps('chkp').installationType, 'management')]"
+ },
+ {
+ "name": "bootstrapScript",
+ "type": "Microsoft.Common.FileUpload",
+ "label": "Bootstrap script",
+ "toolTip": "An optional script to run on the initial boot",
+ "constraints": {
+ "required": false,
+ "accept": ".sh,text/plain"
+ },
+ "options": {
+ "multiple": false,
+ "uploadMode": "file",
+ "openMode": "text",
+ "encoding": "UTF-8"
+ }
+ },
+ {
+ "name": "VMDiskType",
+ "type": "Microsoft.Common.OptionsGroup",
+ "label": "VM disk type",
+ "toolTip": "Type of CloudGuard disk.",
+ "visible": "[not(contains('R80.40 R81' , steps('chkp').cloudGuardVersion))]",
+ "defaultValue": "Premium",
+ "constraints": {
+ "allowedValues": [
+ {
+ "label": "Standard",
+ "value": "Standard_LRS"
+ },
+ {
+ "label": "Premium",
+ "value": "Premium_LRS"
+ }
+ ]
+ }
+ },
+ {
+ "name": "VMDiskTypeOldVersions",
+ "type": "Microsoft.Common.OptionsGroup",
+ "label": "VM disk type",
+ "toolTip": "Type of CloudGuard disk.",
+ "visible": "[contains('R80.40 R81' , steps('chkp').cloudGuardVersion)]",
+ "defaultValue": "Standard",
+ "constraints": {
+ "allowedValues": [
+ {
+ "label": "Standard",
+ "value": "Standard_LRS"
+ },
+ {
+ "label": "Premium",
+ "value": "Premium_LRS"
+ }
+ ]
+ }
+ },
+ {
+ "name": "enableApi",
+ "type": "Microsoft.Common.DropDown",
+ "label": "Accept Management API calls",
+ "defaultValue": "Management server only",
+ "toolTip": "Select the type of the Management API calls",
+ "constraints": {
+ "allowedValues": [
+ {
+ "label": "Management server only",
+ "value": "management_only"
+ },
+ {
+ "label": "All IP Addresses that can be used for GUI clients",
+ "value": "gui_clients"
+ },
+ {
+ "label": "All IP addresses",
+ "value": "all"
+ }
+ ]
+ },
+ "visible": "[not(or(equals(steps('chkp').cloudGuardVersion, 'R81'), equals(steps('chkp').cloudGuardVersion, 'R80.40'))))]"
+ },
+ {
+ "visible": "[equals(steps('chkp').installationType, 'management')]",
+ "name": "allowUploadDownload",
+ "type": "Microsoft.Common.OptionsGroup",
+ "label": "Automatically download updates and share statistical data for product improvement purpose",
+ "defaultValue": "Yes",
+ "toolTip": "Automatically download Blade Contracts and other important data. Improve product experience by sending data to Check Point",
+ "constraints": {
+ "allowedValues": [
+ {
+ "label": "Yes",
+ "value": "true"
+ },
+ {
+ "label": "No",
+ "value": "false"
+ }
+ ]
+ }
+ },
+ {
+ "name": "basics settings text block",
+ "type": "Microsoft.Common.TextBlock",
+ "visible": true,
+ "options": {
+ "text": "Please follow the Check Point referenced guide for adding disk space.",
+ "link": {
+ "label": "Additional disk space in CloudGuard",
+ "uri": "https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk156552"
+ }
+ }
+ },
+ {
+ "name": "additionalDiskSizeGB",
+ "type": "Microsoft.Common.TextBox",
+ "label": "Additional disk space (GB)",
+ "defaultValue": "0",
+ "toolTip": "Additional disk space (in GB), initial disk size is 100 GB.",
+ "constraints": {
+ "regex": "^([0-9]|[1-9][0-9]|[1-9][0-9][0-9]|[1-2][0-9][0-9][0-9]|3[0-8][0-9][0-9]|399[0-5])$",
+ "validationMessage": "Select a number between 0 and 3995"
+ }
+ },
+ {
+ "name": "useCustomImageUri",
+ "type": "Microsoft.Common.OptionsGroup",
+ "label": "Use development image uri",
+ "defaultValue": "No",
+ "toolTip": "Use custom image URI.",
+ "constraints": {
+ "allowedValues": [
+ {
+ "label": "Yes",
+ "value": "Yes"
+ },
+ {
+ "label": "No",
+ "value": "No"
+ }
+ ],
+ "required": true
+ },
+ "visible": false
+ },
+ {
+ "name": "sourceImageVhdUri",
+ "type": "Microsoft.Common.TextBox",
+ "label": "Development Image URI",
+ "toolTip": "The URI of the blob containing the development image",
+ "constraints": {
+ "required": "[equals(steps('chkp').useCustomImageUri, 'Yes')]",
+ "regex": "^[a-z0-9A-Z_\\-\\.\\:\\/]{1,500}.vhd$",
+ "validationMessage": "Only alphanumeric characters and '_','-','.',':','/' are allowed, the value must be 1-500 characters long and must end with .vhd. "
+ },
+ "visible": "[equals(steps('chkp').useCustomImageUri, 'Yes')]"
+ }
+ ]
+ },
+ {
+ "name": "network",
+ "label": "Network settings",
+ "subLabel": {
+ "preValidation": "Configure network settings",
+ "postValidation": "Done"
+ },
+ "bladeTitle": "Network settings",
+ "elements": [
+ {
+ "name": "virtualNetwork",
+ "type": "Microsoft.Network.VirtualNetworkCombo",
+ "label": {
+ "virtualNetwork": "Virtual network",
+ "subnets": "Subnet"
+ },
+ "toolTip": {
+ "virtualNetwork": "Virtual Network Name",
+ "subnets": "The subnet to deploy into"
+ },
+ "defaultValue": {
+ "name": "vnet01",
+ "addressPrefixSize": "/20"
+ },
+ "constraints": {
+ "minAddressPrefixSize": "/29"
+ },
+ "options": {
+ "hideExisting": false
+ },
+ "subnets": {
+ "subnet1": {
+ "label": "Management subnet",
+ "defaultValue": {
+ "name": "Management",
+ "addressPrefixSize": "/24"
+ },
+ "constraints": {
+ "minAddressPrefixSize": "/29",
+ "minAddressCount": 1,
+ "requireContiguousAddresses": true
+ }
+ }
+ }
+ },
+ {
+ "name": "NSG",
+ "type": "Microsoft.Common.OptionsGroup",
+ "label": "Network Security Group",
+ "toolTip": "Choose between using an existing NSG or using a new NSG",
+ "constraints": {
+ "allowedValues": [
+ {
+ "label": "Create new",
+ "value": true
+ },
+ {
+ "label": "Existing NSG",
+ "value": false
+ }
+ ],
+ "required": true
+ },
+ "visible": true
+ },
+ {
+ "name": "nsgSelector",
+ "type": "Microsoft.Solutions.ResourceSelector",
+ "label": "Network Security Group",
+ "defaultValue": "null",
+ "toolTip": "Choose an existing NSG",
+ "resourceType": "Microsoft.Network/NetworkSecurityGroups",
+ "options": {
+ "filter": {
+ "subscription": "onBasics",
+ "location": "onBasics"
+ }
+ },
+ "constraints": {
+ "required": true
+ },
+ "visible": "[equals(steps('network').NSG, false)]"
+ },
+ {
+ "name": "NSGName",
+ "type": "Microsoft.Common.TextBox",
+ "label": "Name",
+ "defaultValue": "[concat(basics('gatewayNameUi') , '-nsg')]",
+ "toolTip": "Insert Name for the new NSG",
+ "multiLine": false,
+ "constraints": {
+ "required": "[steps('network').NSG]",
+ "regex": "^[a-z0-9A-Z-]{1,30}$",
+ "validationMessage": "Only alphanumeric characters are allowed, and the name must be 1-30 characters long."
+ },
+ "visible": "[steps('network').NSG]"
+ },
+ {
+ "name": "addStorageAccountIpRules",
+ "type": "Microsoft.Common.OptionsGroup",
+ "defaultValue": "Network access from all networks",
+ "label": "Storage Account Network Access",
+ "toolTip": "Select your preferred network access to the Storage Account, for more information - https://learn.microsoft.com/en-us/troubleshoot/azure/virtual-machines/serial-console-linux#serial-console-security",
+ "constraints": {
+ "allowedValues": [
+ {
+ "label": "Network access from all networks",
+ "value": false
+ },
+ {
+ "label": "Network access only from Serial Console",
+ "value": true
+ }
+ ],
+ "required": true
+ },
+ "visible": true
+ }
+ ]
+ },
+ {
+ "name": "tags",
+ "label": "Tags",
+ "elements": [
+ {
+ "name": "tagsByResource",
+ "type": "Microsoft.Common.TagsByResource",
+ "toolTip": "Create Azure tags for the new resources",
+ "resources": [
+ "Microsoft.Storage/storageAccounts",
+ "Microsoft.Network/publicIPAddresses",
+ "Microsoft.Compute/virtualMachines",
+ "Microsoft.Network/networkSecurityGroups",
+ "Microsoft.Network/networkInterfaces",
+ "Microsoft.Network/routeTables",
+ "Microsoft.Network/virtualNetworks"
+ ]
+ }
+ ]
+ }
+ ],
+ "outputs": {
+ "location": "[location()]",
+ "cloudGuardVersion": "[concat(steps('chkp').cloudGuardVersion, ' - ', coalesce(steps('chkp').R80Offer, 'Bring Your Own License'))]",
+ "adminPassword": "[basics('auth').password]",
+ "authenticationType": "[basics('auth').authenticationType]",
+ "sshPublicKey": "[basics('auth').sshPublicKey]",
+ "vmName": "[basics('gatewayNameUi')]",
+ "vmSize": "[coalesce(steps('chkp').R8040vmSizeUiBYOL, steps('chkp').R8040vmSizeUiMGMT25, steps('chkp').R81vmSizeUiBYOL, steps('chkp').R81vmSizeUiMGMT25)]",
+ "virtualNetworkName": "[steps('network').virtualNetwork.name]",
+ "virtualNetworkAddressPrefix": "[steps('network').virtualNetwork.addressPrefix]",
+ "Subnet1Name": "[steps('network').virtualNetwork.subnets.subnet1.name]",
+ "Subnet1Prefix": "[steps('network').virtualNetwork.subnets.subnet1.addressPrefix]",
+ "Subnet1StartAddress": "[steps('network').virtualNetwork.subnets.subnet1.startAddress]",
+ "vnetNewOrExisting": "[steps('network').virtualNetwork.newOrExisting]",
+ "virtualNetworkExistingRGName": "[steps('network').virtualNetwork.resourceGroup]",
+ "managementGUIClientNetwork": "[steps('chkp').managementGUIClientNetwork]",
+ "installationType": "[steps('chkp').installationType]",
+ "bootstrapScript": "[steps('chkp').bootstrapScript]",
+ "allowDownloadFromUploadToCheckPoint": "[coalesce(steps('chkp').allowUploadDownload, 'true')]",
+ "additionalDiskSizeGB": "[int(steps('chkp').additionalDiskSizeGB)]",
+ "diskType": "[if(contains('R80.40 R81' , steps('chkp').cloudGuardVersion) , steps('chkp').VMDiskTypeOldVersions , steps('chkp').VMDiskType)]",
+ "sourceImageVhdUri": "[coalesce(steps('chkp').sourceImageVhdUri, 'noCustomUri')]",
+ "enableApi": "[steps('chkp').enableApi]",
+ "adminShell": "[steps('chkp').adminShell]",
+ "tagsByResource": "[steps('tags').tagsByResource]",
+ "deployNewNSG": "[steps('network').NSG]",
+ "ExistingNSG": "[steps('network').nsgSelector]",
+ "NewNsgName": "[steps('network').NSGName]",
+ "addStorageAccountIpRules":"[steps('network').addStorageAccountIpRules]",
+ "SerialConsolePasswordHash": "[steps('chkp').AdditionalPassword]"
+ }
+ }
+}
\ No newline at end of file
diff --git a/deprecated/azure/templates/R8040-R81/mgmt-r840-r81/mainTemplate.json b/deprecated/azure/templates/R8040-R81/mgmt-r840-r81/mainTemplate.json
new file mode 100644
index 00000000..44f62298
--- /dev/null
+++ b/deprecated/azure/templates/R8040-R81/mgmt-r840-r81/mainTemplate.json
@@ -0,0 +1,751 @@
+{
+ "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
+ "contentVersion": "1.0.0.0",
+ "parameters": {
+ "location": {
+ "type": "string",
+ "metadata": {
+ "description": "Deployment location"
+ },
+ "defaultValue": "[resourceGroup().location]"
+ },
+ "cloudGuardVersion": {
+ "type": "string",
+ "allowedValues": [
+ "R80.40 - Bring Your Own License",
+ "R80.40 - Pay As You Go (MGMT25)",
+ "R81 - Bring Your Own License",
+ "R81 - Pay As You Go (MGMT25)"
+ ],
+ "defaultValue": "R81.20 - Bring Your Own License",
+ "metadata": {
+ "description": "Version of Check Point CloudGuard"
+ }
+ },
+ "authenticationType": {
+ "type": "string",
+ "allowedValues": [
+ "password",
+ "sshPublicKey"
+ ],
+ "defaultValue": "password",
+ "metadata": {
+ "description": "Authentication type"
+ }
+ },
+ "sshPublicKey": {
+ "type": "string",
+ "defaultValue": "",
+ "metadata": {
+ "description": "Administrator SSH public key"
+ }
+ },
+ "adminPassword": {
+ "type": "securestring",
+ "metadata": {
+ "description": "Administrator password"
+ },
+ "defaultValue": ""
+ },
+ "SerialConsolePasswordHash": {
+ "type": "securestring",
+ "defaultValue": "",
+ "metadata": {
+ "Description": "Optional parameter, used to enable serial console connection in case of SSH key as authentication type"
+ }
+ },
+ "vmName": {
+ "type": "string",
+ "metadata": {
+ "description": "Name of the Check Point Security Gateway"
+ }
+ },
+ "vmSize": {
+ "type": "string",
+ "defaultValue": "Standard_D3_v2",
+ "metadata": {
+ "description": "Size of the VM"
+ }
+ },
+ "virtualNetworkName": {
+ "type": "string",
+ "metadata": {
+ "description": "The name of the virtual network"
+ },
+ "defaultValue": "vnet"
+ },
+ "virtualNetworkAddressPrefix": {
+ "type": "string",
+ "metadata": {
+ "description": "The address prefix of the virtual network"
+ },
+ "defaultValue": "10.0.0.0/16"
+ },
+ "Subnet1Name": {
+ "type": "string",
+ "metadata": {
+ "description": "The name of the 1st subnet"
+ },
+ "defaultValue": "Frontend"
+ },
+ "Subnet1Prefix": {
+ "type": "string",
+ "metadata": {
+ "description": "The address prefix of the 1st subnet"
+ },
+ "defaultValue": "10.0.1.0/24"
+ },
+ "Subnet1StartAddress": {
+ "type": "string",
+ "metadata": {
+ "description": "The first available address on the 1st subnet"
+ },
+ "defaultValue": "10.0.1.10"
+ },
+ "vnetNewOrExisting": {
+ "type": "string",
+ "defaultValue": "new",
+ "allowedValues": [
+ "new",
+ "existing"
+ ],
+ "metadata": {
+ "Description": "Indicates whether the virtual network is new or existing"
+ }
+ },
+ "virtualNetworkExistingRGName": {
+ "type": "string",
+ "metadata": {
+ "description": "Resource Group of the existing virtual network"
+ },
+ "defaultValue": "[resourceGroup().name]"
+ },
+ "managementGUIClientNetwork": {
+ "type": "string",
+ "metadata": {
+ "description": "Allowed GUI clients"
+ },
+ "defaultValue": "0.0.0.0/0"
+ },
+ "installationType": {
+ "type": "string",
+ "metadata": {
+ "description": "Installation Type"
+ },
+ "defaultValue": "management",
+ "allowedValues": [
+ "management",
+ "custom"
+ ]
+ },
+ "adminShell": {
+ "type": "string",
+ "defaultValue": "/etc/cli.sh",
+ "allowedValues": [
+ "/etc/cli.sh",
+ "/bin/bash",
+ "/bin/csh",
+ "/bin/tcsh"
+ ],
+ "metadata": {
+ "Description": "The default shell for the admin user"
+ }
+ },
+ "bootstrapScript": {
+ "type": "string",
+ "metadata": {
+ "description": "Bootstrap script"
+ },
+ "defaultValue": ""
+ },
+ "allowDownloadFromUploadToCheckPoint": {
+ "type": "string",
+ "allowedValues": [
+ "true",
+ "false"
+ ],
+ "defaultValue": "true",
+ "metadata": {
+ "description": "Automatically download Blade Contracts and other important data. Improve product experience by sending data to Check Point"
+ }
+ },
+ "additionalDiskSizeGB": {
+ "type": "int",
+ "defaultValue": 0,
+ "metadata": {
+ "description": "Amount of additional disk space (in GB)"
+ },
+ "minValue": 0,
+ "maxValue": 3995
+ },
+ "diskType": {
+ "type": "string",
+ "defaultValue": "Standard_LRS",
+ "metadata": {
+ "description": "The type of the OS disk. Premium is applicable only to DS machine sizes"
+ },
+ "allowedValues": [
+ "Standard_LRS",
+ "Premium_LRS"
+ ]
+ },
+ "msi": {
+ "type": "bool",
+ "defaultValue": false,
+ "metadata": {
+ "description": "Configure managed service identity for the VM"
+ }
+ },
+ "sourceImageVhdUri": {
+ "type": "string",
+ "defaultValue": "noCustomUri",
+ "metadata": {
+ "description": "The URI of the blob containing the development image"
+ }
+ },
+ "_artifactsLocation": {
+ "type": "string",
+ "metadata": {
+ "description": "Use the following URI when deploying a custom template: https://raw.githubusercontent.com/CheckPointSW/CloudGuardIaaS/master/azure/templates/"
+ },
+ "defaultValue": "[deployment().properties.templateLink.uri]"
+ },
+ "_artifactsLocationSasToken": {
+ "type": "securestring",
+ "metadata": {
+ "description": "The sasToken required to access _artifactsLocation. When the template is deployed using the accompanying scripts, a sasToken will be automatically generated. Use the defaultValue if the staging location is not secured."
+ },
+ "defaultValue": ""
+ },
+ "tagsByResource": {
+ "type": "object",
+ "defaultValue": {}
+ },
+ "deployNewNSG": {
+ "type": "bool",
+ "defaultValue": true
+ },
+ "ExistingNSG": {
+ "type": "object",
+ "defaultValue": {}
+ },
+ "NewNsgName": {
+ "type": "string",
+ "defaultValue": "[concat(parameters('vmName'),'-nsg')]"
+ },
+ "addStorageAccountIpRules": {
+ "type": "bool",
+ "metadata": {
+ "description": "Add Storage Account IP rules that allow access to the Serial Console only for IPs based on their geographic location, based on https://learn.microsoft.com/en-us/troubleshoot/azure/virtual-machines/serial-console-linux#use-serial-console-with-custom-boot-diagnostics-storage-account-firewall-enabled"
+ },
+ "defaultValue" : false
+ },
+ "storageAccountAdditionalIps":{
+ "type": "array",
+ "metadata": {
+ "description": "IPs/CIDRs that are allowed access to the Storage Account"
+ },
+ "defaultValue" : []
+ }
+
+ },
+ "variables": {
+ "templateName": "management",
+ "templateVersion": "20230910",
+ "location": "[parameters('location')]",
+ "offers": {
+ "R80.40 - Bring Your Own License": "BYOL",
+ "R80.40 - Pay As You Go (MGMT25)": "MGMT25",
+ "R81 - Bring Your Own License": "BYOL",
+ "R81 - Pay As You Go (MGMT25)": "MGMT25"
+ },
+ "offer": "[variables('offers')[parameters('cloudGuardVersion')]]",
+ "osVersions": {
+ "R80.40 - Bring Your Own License": "R8040",
+ "R80.40 - Pay As You Go (MGMT25)": "R8040",
+ "R81 - Bring Your Own License": "R81",
+ "R81 - Pay As You Go (MGMT25)": "R81"
+ },
+ "osVersion": "[variables('osVersions')[parameters('cloudGuardVersion')]]",
+ "SerialConsoleGeographies": {
+ "eastasia" : ["20.205.69.28", "20.195.85.180"],
+ "southeastasia" : ["20.205.69.28", "20.195.85.180"],
+ "australiacentral" : ["20.53.53.224", "20.70.222.112"],
+ "australiacentral2" : ["20.53.53.224", "20.70.222.112"],
+ "australiaeast" : ["20.53.53.224", "20.70.222.112"],
+ "australiasoutheast" : ["20.53.53.224", "20.70.222.112"],
+ "brazilsouth" : ["91.234.136.63", "20.206.0.194"],
+ "brazilsoutheast" : ["91.234.136.63", "20.206.0.194"],
+ "canadacentral" : ["52.228.86.177", "52.242.40.90"],
+ "canadaeast" : ["52.228.86.177", "52.242.40.90"],
+ "northeurope" : ["52.146.139.220", "20.105.209.72"],
+ "westeurope" : ["52.146.139.220", "20.105.209.72"],
+ "francecentral" : ["20.111.0.244", "52.136.191.10"],
+ "francesouth" : ["20.111.0.244", "52.136.191.10"],
+ "germanynorth" : ["51.116.75.88", "20.52.95.48"],
+ "germanywestcentral" : ["51.116.75.88", "20.52.95.48"],
+ "centralindia" : ["20.192.168.150", "20.192.153.104"],
+ "southindia" : ["20.192.168.150", "20.192.153.104"],
+ "westindia" : ["20.192.168.150", "20.192.153.104"],
+ "japaneast" : ["20.43.70.205", "20.189.228.222"],
+ "japanwest" : ["20.43.70.205", "20.189.228.222"],
+ "koreacentral" : ["20.200.196.96", "52.147.119.29"],
+ "koreasouth" : ["20.200.196.96", "52.147.119.29"],
+ "norwaywest" : ["20.100.1.184", "51.13.138.76"],
+ "norwayeast" : ["20.100.1.184", "51.13.138.76"],
+ "switzerlandnorth" : ["20.208.4.98", "51.107.251.190"],
+ "switzerlandwest" : ["20.208.4.98", "51.107.251.190"],
+ "uaecentral" : ["20.45.95.66", "20.38.141.5"],
+ "uaenorth" : ["20.45.95.66", "20.38.141.5"],
+ "uksouth" : ["20.90.132.144", "20.58.68.62"],
+ "ukwest" : ["20.90.132.144", "20.58.68.62"],
+ "swedencentral" : ["51.12.72.223", "51.12.22.174"],
+ "swedensouth" : ["51.12.72.223", "51.12.22.174"],
+ "centralus" : ["20.98.146.84", "20.98.194.64", "20.69.5.162", "20.83.222.102"],
+ "eastus2" : ["20.98.146.84", "20.98.194.64", "20.69.5.162", "20.83.222.102"],
+ "eastus" : ["20.98.146.84", "20.98.194.64", "20.69.5.162", "20.83.222.102"],
+ "northcentralus" : ["20.98.146.84", "20.98.194.64", "20.69.5.162", "20.83.222.102"],
+ "southcentralus" : ["20.98.146.84", "20.98.194.64", "20.69.5.162", "20.83.222.102"],
+ "westus2" : ["20.98.146.84", "20.98.194.64", "20.69.5.162", "20.83.222.102"],
+ "westus3" : ["20.98.146.84", "20.98.194.64", "20.69.5.162", "20.83.222.102"],
+ "westcentralus" : ["20.98.146.84", "20.98.194.64", "20.69.5.162", "20.83.222.102"],
+ "westus" : ["20.98.146.84", "20.98.194.64", "20.69.5.162", "20.83.222.102"],
+ "eastus2euap" : ["20.45.242.18", "20.51.21.252"],
+ "centraluseuap" : ["20.45.242.18", "20.51.21.252"]},
+ "serialConsoleIps": "[if(contains(variables('serialConsoleGeographies'),variables('location')),variables('serialConsoleGeographies')[variables('location')],createArray())]",
+ "storageAccountIps" : "[concat(variables('SerialConsoleIps'),parameters('storageAccountAdditionalIps'))]",
+ "isBlink": "[bool('false')]",
+ "storageAccountName": "[concat('bootdiag', uniqueString(resourceGroup().id, deployment().name))]",
+ "storageAccountType": "Standard_LRS",
+ "diskSize100GB": 100,
+ "diskSizeGB": "[add(parameters('additionalDiskSizeGB'), variables('diskSize100GB'))]",
+ "customData": "[concat('#!/usr/bin/python3 /etc/cloud_config.py\n', '\n', 'installationType=\"', parameters('installationType'), '\"', '\n', 'allowUploadDownload=\"', variables('allowUploadDownload'), '\"', '\n', 'osVersion=\"', variables('osVersion'), '\"', '\n', 'templateName=\"', variables('templateName'), '\"', '\n', 'isBlink=\"', variables('isBlink'), '\"', '\n', 'templateVersion=\"', variables('templateVersion'), '\"', '\n', 'bootstrapScript64=\"', variables('bootstrapScript64'), '\"', '\n', 'location=\"', variables('location'), '\"', '\n', 'managementGUIClientNetwork=\"', variables('managementGUIClientNetwork'), '\"', '\n', 'enableApi=\"', parameters('enableApi'), '\"', '\n', 'adminShell=\"', parameters('adminShell'), '\"', '\n', 'passwordHash=\"', parameters('SerialConsolePasswordHash'), '\"', '\n')]",
+ "customData64": "[base64(variables('customData'))]",
+ "imageOffer": "[concat('check-point-cg-', toLower(variables('osVersion')))]",
+ "imagePublisher": "checkpoint",
+ "imageReferenceBYOL": {
+ "offer": "[variables('imageOffer')]",
+ "publisher": "[variables('imagePublisher')]",
+ "sku": "mgmt-byol",
+ "version": "latest"
+ },
+ "imageReferenceMGMT25": {
+ "offer": "[variables('imageOffer')]",
+ "publisher": "[variables('imagePublisher')]",
+ "sku": "mgmt-25",
+ "version": "latest"
+ },
+ "imageReferenceMarketplace": "[if(equals(variables('offer'), 'BYOL'), variables('imageReferenceBYOL'), variables('imageReferenceMGMT25'))]",
+ "customImage": "customImage",
+ "imageReferenceCustomUri": {
+ "id": "[resourceId('Microsoft.Compute/images/', variables('customImage'))]"
+ },
+ "imageReference": "[if(equals(parameters('sourceImageVhdUri'),'noCustomUri'), variables('imageReferenceMarketplace'), variables('imageReferenceCustomUri'))]",
+ "nic1Name": "[concat(parameters('vmName'), '-eth0')]",
+ "linuxConfigurationpassword": {
+ "disablePasswordAuthentication": "false"
+ },
+ "linuxConfigurationsshPublicKey": {
+ "disablePasswordAuthentication": "true",
+ "ssh": {
+ "publicKeys": [
+ {
+ "keyData": "[parameters('sshPublicKey')]",
+ "path": "/home/notused/.ssh/authorized_keys"
+ }
+ ]
+ }
+ },
+ "linuxConfiguration": "[if(equals(parameters('authenticationType'), 'password'), variables('linuxConfigurationpassword'), variables('linuxConfigurationsshPublicKey'))]",
+ "planBYOL": {
+ "name": "mgmt-byol",
+ "product": "[variables('imageOffer')]",
+ "publisher": "[variables('imagePublisher')]"
+ },
+ "planMGMT25": {
+ "name": "mgmt-25",
+ "product": "[variables('imageOffer')]",
+ "publisher": "[variables('imagePublisher')]"
+ },
+ "plan": "[if(equals(variables('offer'), 'BYOL'), variables('planBYOL'), variables('planMGMT25'))]",
+ "identity": "[if(parameters('msi'), json('{\"type\": \"SystemAssigned\"}'), json('null'))]",
+ "publicIPAddressName": "[parameters('vmName')]",
+ "publicIPAddressId": "[resourceId('Microsoft.Network/publicIPAddresses', variables('publicIPAddressName'))]",
+ "bootstrapScript64": "[base64(parameters('bootstrapScript'))]",
+ "allowUploadDownload": "[parameters('allowDownloadFromUploadToCheckPoint')]",
+ "_artifactsLocation": "[if(contains(parameters('_artifactsLocation'),'raw.githubusercontent.com/CheckPointSW/CloudGuardIaaS/master/azure/templates/marketplace'),'https://raw.githubusercontent.com/CheckPointSW/CloudGuardIaaS/master/azure/templates/',parameters('_artifactsLocation'))]",
+ "networkSetupURL": "[uri(variables('_artifactsLocation'), concat('nestedtemplates/vnet-1-subnet-', parameters('vnetNewOrExisting'), '.json', parameters('_artifactsLocationSasToken')))]",
+ "managementGUIClientNetwork": "[parameters('managementGUIClientNetwork')]",
+ "deployNewVnet": "[equals(parameters('vnetNewOrExisting'), 'new')]",
+ "vnetRGName": "[if(variables('deployNewVnet'), resourceGroup().name, parameters('virtualNetworkExistingRGName'))]",
+ "NewNsgReference": {"id": "[resourceId('Microsoft.Network/networkSecurityGroups', parameters('NewNsgName'))]"}
+ },
+ "resources": [
+ {
+ "apiVersion": "2020-06-01",
+ "name": "pid-6f13b00a-7546-4ab2-be9f-c66815cc6c8b-partnercenter",
+ "type": "Microsoft.Resources/deployments",
+ "properties": {
+ "mode": "Incremental",
+ "template": {
+ "$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
+ "contentVersion": "1.0.0.0",
+ "resources": []
+ }
+ }
+ },
+ {
+ "type": "Microsoft.Storage/storageAccounts",
+ "name": "[variables('storageAccountName')]",
+ "apiVersion": "2022-09-01",
+ "properties": {
+ "supportsHttpsTrafficOnly": true,
+ "allowBlobPublicAccess": false,
+ "minimumTlsVersion": "TLS1_2",
+ "networkAcls": {
+ "bypass": "None",
+ "defaultAction": "[if(parameters('addStorageAccountIpRules'), 'Deny', 'Allow')]",
+ "ipRules": "[if(parameters('addStorageAccountIpRules'), map(variables('storageAccountIps'), lambda('ip',createObject('action','Allow','value',lambdaVariables('ip')))), createArray())]"
+ }
+ },
+ "location": "[variables('location')]",
+ "sku": {
+ "name": "[variables('storageAccountType')]"
+ },
+ "kind": "Storage",
+ "tags": "[ if(contains(parameters('tagsByResource'), 'Microsoft.Storage/storageAccounts'), parameters('tagsByResource')['Microsoft.Storage/storageAccounts'], json('{}')) ]"
+ },
+ {
+ "condition": "[equals(parameters('vnetNewOrExisting'), 'new')]",
+ "name": "networkNewSetup",
+ "type": "Microsoft.Resources/deployments",
+ "apiVersion": "2020-06-01",
+ "properties": {
+ "mode": "Incremental",
+ "templateLink": {
+ "uri": "[variables('networkSetupURL')]",
+ "contentVersion": "1.0.0.0"
+ },
+ "parameters": {
+ "location": {
+ "value": "[variables('location')]"
+ },
+ "virtualNetworkName": {
+ "value": "[parameters('virtualNetworkName')]"
+ },
+ "virtualNetworkAddressPrefix": {
+ "value": "[parameters('virtualNetworkAddressPrefix')]"
+ },
+ "Subnet1Name": {
+ "value": "[parameters('Subnet1Name')]"
+ },
+ "Subnet1Prefix": {
+ "value": "[parameters('Subnet1Prefix')]"
+ },
+ "deployNsg": {
+ "value": false
+ },
+ "NewNsgName":
+ {
+ "value":"[parameters('NewNsgName')]"
+ },
+ "tagsByResource": {
+ "value": "[parameters('tagsByResource')]"
+ }
+ }
+ }
+ },
+ {
+ "condition": "[equals(parameters('vnetNewOrExisting'), 'existing')]",
+ "name": "networkExistingSetup",
+ "type": "Microsoft.Resources/deployments",
+ "apiVersion": "2020-06-01",
+ "properties": {
+ "mode": "Incremental",
+ "templateLink": {
+ "uri": "[variables('networkSetupURL')]",
+ "contentVersion": "1.0.0.0"
+ },
+ "parameters": {
+ "location": {
+ "value": "[variables('location')]"
+ },
+ "virtualNetworkName": {
+ "value": "[parameters('virtualNetworkName')]"
+ },
+ "virtualNetworkExistingRGName": {
+ "value": "[variables('vnetRGName')]"
+ },
+ "vmName": {
+ "value": "[parameters('vmName')]"
+ },
+ "deployNsg": {
+ "value": false
+ },
+ "NewNsgName":
+ {
+ "value":"[parameters('NewNsgName')]"
+ },
+ "tagsByResource": {
+ "value": "[parameters('tagsByResource')]"
+ }
+ }
+ }
+ },
+ {
+ "type": "Microsoft.Network/publicIPAddresses",
+ "apiVersion": "2020-06-01",
+ "location": "[variables('location')]",
+ "name": "[variables('publicIPAddressName')]",
+ "sku": {
+ "name": "Standard"
+ },
+ "properties": {
+ "idleTimeoutInMinutes": 30,
+ "publicIPAllocationMethod": "Static",
+ "dnsSettings": {
+ "domainNameLabel": "[concat(toLower(parameters('vmName')), '-', uniquestring(resourceGroup().id, deployment().name))]"
+ }
+ },
+ "tags": "[ if(contains(parameters('tagsByResource'), 'Microsoft.Network/publicIPAddresses'), parameters('tagsByResource')['Microsoft.Network/publicIPAddresses'], json('{}')) ]"
+ },
+ {
+ "condition": "[parameters('deployNewNSG')]",
+ "type": "Microsoft.Network/networkSecurityGroups",
+ "apiVersion": "2020-06-01",
+ "location": "[variables('location')]",
+ "name": "[parameters('NewNsgName')]",
+ "properties": {
+ "securityRules": [
+ {
+ "name": "SSH",
+ "properties": {
+ "description": "Allow inbound SSH connection",
+ "protocol": "TCP",
+ "sourcePortRange": "*",
+ "destinationPortRange": "22",
+ "sourceAddressPrefix": "[variables('managementGUIClientNetwork')]",
+ "destinationAddressPrefix": "*",
+ "access": "Allow",
+ "priority": "100",
+ "direction": "Inbound"
+ }
+ },
+ {
+ "name": "GAiA-portal",
+ "properties": {
+ "description": "Allow inbound HTTPS access to the GAiA portal",
+ "protocol": "TCP",
+ "sourcePortRange": "*",
+ "destinationPortRange": "443",
+ "sourceAddressPrefix": "[variables('managementGUIClientNetwork')]",
+ "destinationAddressPrefix": "*",
+ "access": "Allow",
+ "priority": "110",
+ "direction": "Inbound"
+ }
+ },
+ {
+ "name": "SmartConsole-1",
+ "properties": {
+ "description": "Allow inbound access using the SmartConsole GUI client",
+ "protocol": "TCP",
+ "sourcePortRange": "*",
+ "destinationPortRange": "18190",
+ "sourceAddressPrefix": "[variables('managementGUIClientNetwork')]",
+ "destinationAddressPrefix": "*",
+ "access": "Allow",
+ "priority": "120",
+ "direction": "Inbound"
+ }
+ },
+ {
+ "name": "SmartConsole-2",
+ "properties": {
+ "description": "Allow inbound access using the SmartConsole GUI client",
+ "protocol": "TCP",
+ "sourcePortRange": "*",
+ "destinationPortRange": "19009",
+ "sourceAddressPrefix": "[variables('managementGUIClientNetwork')]",
+ "destinationAddressPrefix": "*",
+ "access": "Allow",
+ "priority": "130",
+ "direction": "Inbound"
+ }
+ },
+ {
+ "name": "Logs",
+ "properties": {
+ "description": "Allow inbound logging connections from managed gateways",
+ "protocol": "TCP",
+ "sourcePortRange": "*",
+ "destinationPortRange": "257",
+ "sourceAddressPrefix": "*",
+ "destinationAddressPrefix": "*",
+ "access": "Allow",
+ "priority": "140",
+ "direction": "Inbound"
+ }
+ },
+ {
+ "name": "ICA-pull",
+ "properties": {
+ "description": "Allow security gateways to pull a SIC certificate",
+ "protocol": "TCP",
+ "sourcePortRange": "*",
+ "destinationPortRange": "18210",
+ "sourceAddressPrefix": "*",
+ "destinationAddressPrefix": "*",
+ "access": "Allow",
+ "priority": "150",
+ "direction": "Inbound"
+ }
+ },
+ {
+ "name": "CRL-fetch",
+ "properties": {
+ "description": "Allow security gateways to fetch CRLs",
+ "protocol": "TCP",
+ "sourcePortRange": "*",
+ "destinationPortRange": "18264",
+ "sourceAddressPrefix": "*",
+ "destinationAddressPrefix": "*",
+ "access": "Allow",
+ "priority": "160",
+ "direction": "Inbound"
+ }
+ },
+ {
+ "name": "Policy-fetch",
+ "properties": {
+ "description": "Allow security gateways to fetch policy",
+ "protocol": "TCP",
+ "sourcePortRange": "*",
+ "destinationPortRange": "18191",
+ "sourceAddressPrefix": "*",
+ "destinationAddressPrefix": "*",
+ "access": "Allow",
+ "priority": "170",
+ "direction": "Inbound"
+ }
+ }
+ ]
+ },
+ "tags": "[ if(contains(parameters('tagsByResource'), 'Microsoft.Network/networkSecurityGroups'), parameters('tagsByResource')['Microsoft.Network/networkSecurityGroups'], json('{}')) ]"
+ },
+ {
+ "type": "Microsoft.Network/networkInterfaces",
+ "apiVersion": "2020-06-01",
+ "dependsOn": [
+ "[coalesce(resourceId('Microsoft.Resources/deployments', 'networkNewSetup'), resourceId('Microsoft.Resources/deployments', 'networkExistingSetup'))]",
+ "[variables('publicIPAddressId')]"
+ ],
+ "location": "[variables('location')]",
+ "name": "[variables('nic1Name')]",
+ "properties": {
+ "enableIPForwarding": false,
+ "networkSecurityGroup":"[if(parameters('deployNewNSG') , variables('NewNsgReference') , parameters('ExistingNSG'))]",
+ "ipConfigurations": [
+ {
+ "name": "ipconfig1",
+ "properties": {
+ "privateIPAddress": "[parameters('Subnet1StartAddress')]",
+ "privateIPAllocationMethod": "Static",
+ "PublicIpAddress": {
+ "Id": "[variables('publicIPAddressId')]"
+ },
+ "subnet": {
+ "id": "[resourceId(variables('vnetRGName') ,'Microsoft.Network/virtualNetworks/subnets', parameters('virtualNetworkName'), parameters('Subnet1Name'))]"
+ }
+ }
+ }
+ ]
+ },
+ "tags": "[ if(contains(parameters('tagsByResource'), 'Microsoft.Network/networkInterfaces'), parameters('tagsByResource')['Microsoft.Network/networkInterfaces'], json('{}')) ]"
+ },
+ {
+ "condition": "[not(equals(parameters('sourceImageVhdUri'), 'noCustomUri'))]",
+ "type": "Microsoft.Compute/images",
+ "apiVersion": "2020-06-01",
+ "name": "[variables('customImage')]",
+ "location": "[variables('location')]",
+ "properties": {
+ "storageProfile": {
+ "osDisk": {
+ "osType": "Linux",
+ "osState": "Generalized",
+ "blobUri": "[parameters('sourceImageVhdUri')]",
+ "storageAccountType": "Standard_LRS"
+ }
+ },
+ "hyperVGeneration": "V1"
+ },
+ "tags": "[ if(contains(parameters('tagsByResource'), 'Microsoft.Compute/images'), parameters('tagsByResource')['Microsoft.Compute/images'], json('{}')) ]"
+ },
+ {
+ "type": "Microsoft.Compute/virtualMachines",
+ "apiVersion": "2021-07-01",
+ "dependsOn": [
+ "[resourceId('Microsoft.Storage/storageAccounts', variables('storageAccountName'))]",
+ "[resourceId('Microsoft.Network/networkInterfaces', variables('nic1Name'))]",
+ "[resourceId('Microsoft.Compute/images/', variables('customImage'))]"
+ ],
+ "location": "[variables('location')]",
+ "name": "[parameters('vmName')]",
+ "plan": "[if(equals(parameters('sourceImageVhdUri'),'noCustomUri'), variables('plan'), json('null'))]",
+ "identity": "[variables('identity')]",
+ "properties": {
+ "UserData": "[variables('customData64')]",
+ "diagnosticsProfile": {
+ "bootDiagnostics": {
+ "enabled": "true",
+ "storageUri": "[reference(resourceId('Microsoft.Storage/storageAccounts/', variables('storageAccountName')), '2022-09-01').primaryEndpoints.blob]"
+ }
+ },
+ "hardwareProfile": {
+ "vmSize": "[parameters('vmSize')]"
+ },
+ "networkProfile": {
+ "networkInterfaces": [
+ {
+ "id": "[resourceId('Microsoft.Network/networkInterfaces', variables('nic1Name'))]",
+ "properties": {
+ "primary": true
+ }
+ }
+ ]
+ },
+ "osProfile": {
+ "adminPassword": "[parameters('adminPassword')]",
+ "adminUsername": "[concat('not','used')]",
+ "computerName": "[toLower(parameters('vmName'))]",
+ "customData": "[variables('customData64')]",
+ "linuxConfiguration": "[variables('linuxConfiguration')]"
+ },
+ "storageProfile": {
+ "imageReference": "[variables('imageReference')]",
+ "osDisk": {
+ "caching": "ReadWrite",
+ "createOption": "FromImage",
+ "diskSizeGB": "[variables('diskSizeGB')]",
+ "name": "[parameters('vmName')]",
+ "managedDisk": {
+ "storageAccountType": "[parameters('diskType')]"
+ }
+ }
+ }
+ },
+ "tags": "[ if(contains(parameters('tagsByResource'), 'Microsoft.Compute/virtualMachines'), parameters('tagsByResource')['Microsoft.Compute/virtualMachines'], json('{}')) ]"
+ }
+ ],
+ "outputs": {
+ "IPAddress": {
+ "type": "string",
+ "value": "[reference(variables('publicIPAddressId')).IpAddress]"
+ },
+ "FQDN": {
+ "type": "string",
+ "value": "[reference(variables('publicIPAddressId')).dnsSettings.fqdn]"
+ }
+ }
+}
\ No newline at end of file
diff --git a/deprecated/azure/templates/R8040-R81/single-ipv6-r8040-r81/README.md b/deprecated/azure/templates/R8040-R81/single-ipv6-r8040-r81/README.md
new file mode 100644
index 00000000..57e098d6
--- /dev/null
+++ b/deprecated/azure/templates/R8040-R81/single-ipv6-r8040-r81/README.md
@@ -0,0 +1,10 @@
+# IPv6 support for CloudGuard IaaS in Azure
+Azure's IPv6 connectivity makes it easy to provide dual stack (IPv4/IPv6) Internet connectivity for applications hosted in Azure.
+It allows for simple deployment of VMs with load balanced IPv6 connectivity for both inbound and outbound initiated connections.
+
+Follow [sk170760](https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk170760) instruction to deploy dual stack (IPv4/IPv6) CloudGuard IaaS Security Gateway in Azure.
+
+
+
+
+
diff --git a/deprecated/azure/templates/R8040-R81/single-ipv6-r8040-r81/mainTemplate.json b/deprecated/azure/templates/R8040-R81/single-ipv6-r8040-r81/mainTemplate.json
new file mode 100644
index 00000000..2a322a31
--- /dev/null
+++ b/deprecated/azure/templates/R8040-R81/single-ipv6-r8040-r81/mainTemplate.json
@@ -0,0 +1,887 @@
+{
+ "$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
+ "contentVersion": "1.0.0.0",
+ "parameters": {
+ "location": {
+ "type": "string",
+ "metadata": {
+ "description": "Deployment location"
+ },
+ "defaultValue": "[resourceGroup().location]"
+ },
+ "cloudGuardVersion": {
+ "type": "string",
+ "allowedValues": [
+ "R80.40 - Bring Your Own License",
+ "R80.40 - Pay As You Go (NGTP)",
+ "R80.40 - Pay As You Go (NGTX)",
+ "R81 - Bring Your Own License",
+ "R81 - Pay As You Go (NGTP)",
+ "R81 - Pay As You Go (NGTX)"
+ ],
+ "defaultValue": "R81.20 - Bring Your Own License",
+ "metadata": {
+ "description": "Version of Check Point CloudGuard"
+ }
+ },
+ "adminPassword": {
+ "type": "securestring",
+ "metadata": {
+ "description": "Administrator password"
+ },
+ "defaultValue": ""
+ },
+ "authenticationType": {
+ "type": "string",
+ "allowedValues": [
+ "password",
+ "sshPublicKey"
+ ],
+ "defaultValue": "password",
+ "metadata": {
+ "description": "Authentication type"
+ }
+ },
+ "sshPublicKey": {
+ "type": "string",
+ "defaultValue": "",
+ "metadata": {
+ "description": "Administrator SSH public key"
+ }
+ },
+ "vmName": {
+ "type": "string",
+ "metadata": {
+ "description": "Name of the Check Point Security Gateway"
+ }
+ },
+ "vmSize": {
+ "type": "string",
+ "defaultValue": "Standard_D3_v2",
+ "metadata": {
+ "description": "Size of the VM"
+ }
+ },
+ "adminShell": {
+ "type": "string",
+ "defaultValue": "/etc/cli.sh",
+ "allowedValues": [
+ "/etc/cli.sh",
+ "/bin/bash",
+ "/bin/csh",
+ "/bin/tcsh"
+ ],
+ "metadata": {
+ "Description": "The default shell for the admin user"
+ }
+ },
+ "sicKey": {
+ "type": "securestring",
+ "metadata": {
+ "description": "One time key for Secure Internal Communication"
+ }
+ },
+ "virtualNetworkName": {
+ "type": "string",
+ "metadata": {
+ "description": "The name of the virtual network"
+ },
+ "defaultValue": "vnet"
+ },
+ "virtualNetworkAddressPrefix": {
+ "type": "string",
+ "metadata": {
+ "description": "The address prefix of the virtual network"
+ },
+ "defaultValue": "10.0.0.0/16"
+ },
+ "virtualNetworkIpv6AddressPrefix": {
+ "type": "string",
+ "metadata": {
+ "description": "The IPv6 address prefix of the virtual network"
+ },
+ "defaultValue": "ace:cab:deca::/48"
+ },
+ "Subnet1Name": {
+ "type": "string",
+ "metadata": {
+ "description": "The name of the 1st subnet"
+ },
+ "defaultValue": "Frontend"
+ },
+ "Subnet1Prefix": {
+ "type": "string",
+ "metadata": {
+ "description": "The address prefix of the 1st subnet"
+ },
+ "defaultValue": "10.0.0.0/24"
+ },
+ "Subnet1Ipv6Prefix": {
+ "type": "string",
+ "metadata": {
+ "description": "The IPv6 address prefix of the 1st subnet"
+ },
+ "defaultValue": "ace:cab:deca:deed::/64"
+ },
+ "Subnet1StartAddress": {
+ "type": "string",
+ "metadata": {
+ "description": "The first available address on the 1st subnet"
+ },
+ "defaultValue": "10.0.0.10"
+ },
+ "Subnet2Name": {
+ "type": "string",
+ "metadata": {
+ "description": "The name of the 2nd subnet"
+ },
+ "defaultValue": "Backend"
+ },
+ "Subnet2Prefix": {
+ "type": "string",
+ "metadata": {
+ "description": "The address prefix of the 2nd subnet"
+ },
+ "defaultValue": "10.0.1.0/24"
+ },
+ "Subnet2Ipv6Prefix": {
+ "type": "string",
+ "metadata": {
+ "description": "The IPv6 address prefix of the 2nd subnet"
+ },
+ "defaultValue": "ace:cab:deca:deee::/64"
+ },
+ "Subnet2StartAddress": {
+ "type": "string",
+ "metadata": {
+ "description": "The first available address on the 2nd subnet"
+ },
+ "defaultValue": "10.0.1.10"
+ },
+ "vnetNewOrExisting": {
+ "type": "string",
+ "defaultValue": "new",
+ "allowedValues": [
+ "new",
+ "existing"
+ ],
+ "metadata": {
+ "Description": "Indicates whether the virtual network is new or existing"
+ }
+ },
+ "virtualNetworkExistingRGName": {
+ "type": "string",
+ "metadata": {
+ "description": "Resource Group of the existing virtual network"
+ },
+ "defaultValue": "[resourceGroup().name]"
+ },
+ "managementGUIClientNetwork": {
+ "type": "string",
+ "metadata": {
+ "description": "Allowed GUI clients"
+ },
+ "defaultValue": "0.0.0.0/0"
+ },
+ "installationType": {
+ "type": "string",
+ "metadata": {
+ "description": "Installation Type"
+ },
+ "defaultValue": "ipv6Gateway",
+ "allowedValues": [
+ "standalone",
+ "gateway",
+ "custom"
+ ]
+ },
+ "bootstrapScript": {
+ "type": "string",
+ "metadata": {
+ "description": "Bootstrap script"
+ },
+ "defaultValue": ""
+ },
+ "allowDownloadFromUploadToCheckPoint": {
+ "type": "string",
+ "allowedValues": [
+ "true",
+ "false"
+ ],
+ "defaultValue": "true",
+ "metadata": {
+ "description": "Automatically download Blade Contracts and other important data. Improve product experience by sending data to Check Point"
+ }
+ },
+ "additionalDiskSizeGB": {
+ "type": "int",
+ "defaultValue": 0,
+ "metadata": {
+ "description": "Amount of additional disk space (in GB)"
+ },
+ "minValue": 0,
+ "maxValue": 3995
+ },
+ "diskType": {
+ "type": "string",
+ "defaultValue": "Standard_LRS",
+ "metadata": {
+ "description": "The type of the OS disk. Premium is applicable only to DS machine sizes"
+ },
+ "allowedValues": [
+ "Standard_LRS",
+ "Premium_LRS"
+ ]
+ },
+ "sourceImageVhdUri": {
+ "type": "string",
+ "defaultValue": "noCustomUri",
+ "metadata": {
+ "description": "The URI of the blob containing the development image"
+ }
+ },
+ "_artifactsLocation": {
+ "type": "string",
+ "metadata": {
+ "description": "The base URI where artifacts required by this template are located including a trailing '/'"
+ },
+ "defaultValue": "https://raw.githubusercontent.com/CheckPointSW/CloudGuardIaaS/master/azure/templates/"
+ },
+ "_artifactsLocationSasToken": {
+ "type": "securestring",
+ "metadata": {
+ "description": "The sasToken required to access _artifactsLocation. When the template is deployed using the accompanying scripts, a sasToken will be automatically generated. Use the defaultValue if the staging location is not secured."
+ },
+ "defaultValue": ""
+ },
+ "tagsByResource": {
+ "type": "object",
+ "defaultValue": {}
+ },
+ "deployNewNSG": {
+ "type": "bool",
+ "defaultValue": true
+ },
+ "ExistingNSG": {
+ "type": "object",
+ "defaultValue": {}
+ },
+ "NewNsgName": {
+ "type": "string",
+ "defaultValue": "[concat(parameters('vmName'),'-nsg')]"
+ },
+ "addStorageAccountIpRules": {
+ "type": "bool",
+ "metadata": {
+ "description": "Add Storage Account IP rules that allow access to the Serial Console only for IPs based on their geographic location, based on https://learn.microsoft.com/en-us/troubleshoot/azure/virtual-machines/serial-console-linux#use-serial-console-with-custom-boot-diagnostics-storage-account-firewall-enabled"
+ },
+ "defaultValue" : false
+ },
+ "storageAccountAdditionalIps":{
+ "type": "array",
+ "metadata": {
+ "description": "IPs/CIDRs that are allowed access to the Storage Account"
+ },
+ "defaultValue" : []
+ }
+
+ },
+ "variables": {
+ "vnetv4AddressRange": "[parameters('virtualNetworkAddressPrefix')]",
+ "vnetv6AddressRange": "[parameters('virtualNetworkIPv6AddressPrefix')]",
+ "subnetv4AddressRange": "[parameters('Subnet1Prefix')]",
+ "subnet2v4AddressRange": "[parameters('Subnet2Prefix')]",
+ "subnetv6AddressRange": "[parameters('Subnet1IPv6Prefix')]",
+ "subnet2v6AddressRange": "[parameters('Subnet2IPv6Prefix')]",
+ "virtualNetworkName": "[parameters('virtualNetworkName')]",
+ "subnetName": "[parameters('Subnet1Name')]",
+ "subnet2Name": "[parameters('Subnet2Name')]",
+ "templateName": "singleIpv6",
+ "templateVersion": "20230910",
+ "location": "[parameters('location')]",
+ "subnet-id": "[resourceId(parameters('virtualNetworkExistingRGName'), 'Microsoft.Network/virtualNetworks/subnets', variables('virtualNetworkName'), variables('subnetName'))]",
+ "subnet2-id": "[resourceId(parameters('virtualNetworkExistingRGName'), 'Microsoft.Network/virtualNetworks/subnets', variables('virtualNetworkName'), variables('subnet2Name'))]",
+ "offers": {
+ "R80.40 - Bring Your Own License": "BYOL",
+ "R80.40 - Pay As You Go (NGTP)": "NGTP",
+ "R80.40 - Pay As You Go (NGTX)": "NGTX",
+ "R81 - Bring Your Own License": "BYOL",
+ "R81 - Pay As You Go (NGTP)": "NGTP",
+ "R81 - Pay As You Go (NGTX)": "NGTX"
+ },
+ "offer": "[variables('offers')[parameters('cloudGuardVersion')]]",
+ "osVersions": {
+ "R80.40 - Bring Your Own License": "R8040",
+ "R80.40 - Pay As You Go (NGTP)": "R8040",
+ "R80.40 - Pay As You Go (NGTX)": "R8040",
+ "R81 - Bring Your Own License": "R81",
+ "R81 - Pay As You Go (NGTP)": "R81",
+ "R81 - Pay As You Go (NGTX)": "R81"
+ },
+ "osVersion": "[variables('osVersions')[parameters('cloudGuardVersion')]]",
+ "SerialConsoleGeographies": {
+ "eastasia" : ["20.205.69.28", "20.195.85.180"],
+ "southeastasia" : ["20.205.69.28", "20.195.85.180"],
+ "australiacentral" : ["20.53.53.224", "20.70.222.112"],
+ "australiacentral2" : ["20.53.53.224", "20.70.222.112"],
+ "australiaeast" : ["20.53.53.224", "20.70.222.112"],
+ "australiasoutheast" : ["20.53.53.224", "20.70.222.112"],
+ "brazilsouth" : ["91.234.136.63", "20.206.0.194"],
+ "brazilsoutheast" : ["91.234.136.63", "20.206.0.194"],
+ "canadacentral" : ["52.228.86.177", "52.242.40.90"],
+ "canadaeast" : ["52.228.86.177", "52.242.40.90"],
+ "northeurope" : ["52.146.139.220", "20.105.209.72"],
+ "westeurope" : ["52.146.139.220", "20.105.209.72"],
+ "francecentral" : ["20.111.0.244", "52.136.191.10"],
+ "francesouth" : ["20.111.0.244", "52.136.191.10"],
+ "germanynorth" : ["51.116.75.88", "20.52.95.48"],
+ "germanywestcentral" : ["51.116.75.88", "20.52.95.48"],
+ "centralindia" : ["20.192.168.150", "20.192.153.104"],
+ "southindia" : ["20.192.168.150", "20.192.153.104"],
+ "westindia" : ["20.192.168.150", "20.192.153.104"],
+ "japaneast" : ["20.43.70.205", "20.189.228.222"],
+ "japanwest" : ["20.43.70.205", "20.189.228.222"],
+ "koreacentral" : ["20.200.196.96", "52.147.119.29"],
+ "koreasouth" : ["20.200.196.96", "52.147.119.29"],
+ "norwaywest" : ["20.100.1.184", "51.13.138.76"],
+ "norwayeast" : ["20.100.1.184", "51.13.138.76"],
+ "switzerlandnorth" : ["20.208.4.98", "51.107.251.190"],
+ "switzerlandwest" : ["20.208.4.98", "51.107.251.190"],
+ "uaecentral" : ["20.45.95.66", "20.38.141.5"],
+ "uaenorth" : ["20.45.95.66", "20.38.141.5"],
+ "uksouth" : ["20.90.132.144", "20.58.68.62"],
+ "ukwest" : ["20.90.132.144", "20.58.68.62"],
+ "swedencentral" : ["51.12.72.223", "51.12.22.174"],
+ "swedensouth" : ["51.12.72.223", "51.12.22.174"],
+ "centralus" : ["20.98.146.84", "20.98.194.64", "20.69.5.162", "20.83.222.102"],
+ "eastus2" : ["20.98.146.84", "20.98.194.64", "20.69.5.162", "20.83.222.102"],
+ "eastus" : ["20.98.146.84", "20.98.194.64", "20.69.5.162", "20.83.222.102"],
+ "northcentralus" : ["20.98.146.84", "20.98.194.64", "20.69.5.162", "20.83.222.102"],
+ "southcentralus" : ["20.98.146.84", "20.98.194.64", "20.69.5.162", "20.83.222.102"],
+ "westus2" : ["20.98.146.84", "20.98.194.64", "20.69.5.162", "20.83.222.102"],
+ "westus3" : ["20.98.146.84", "20.98.194.64", "20.69.5.162", "20.83.222.102"],
+ "westcentralus" : ["20.98.146.84", "20.98.194.64", "20.69.5.162", "20.83.222.102"],
+ "westus" : ["20.98.146.84", "20.98.194.64", "20.69.5.162", "20.83.222.102"],
+ "eastus2euap" : ["20.45.242.18", "20.51.21.252"],
+ "centraluseuap" : ["20.45.242.18", "20.51.21.252"]},
+ "serialConsoleIps": "[if(contains(variables('serialConsoleGeographies'),variables('location')),variables('serialConsoleGeographies')[variables('location')],createArray())]",
+ "storageAccountIps" : "[concat(variables('SerialConsoleIps'),parameters('storageAccountAdditionalIps'))]",
+ "installationType": "[parameters('installationType')]",
+ "isBlink": "[equals(variables('installationType'), 'gateway')]",
+ "storageAccountName": "[concat('bootdiag', uniqueString(resourceGroup().id, deployment().name))]",
+ "storageAccountType": "Standard_LRS",
+ "diskSize100GB": 100,
+ "diskSizeGB": "[add(parameters('additionalDiskSizeGB'), variables('diskSize100GB'))]",
+ "customData": "[concat('#!/usr/bin/python3 /etc/cloud_config.py\n', '\n', 'installationType=\"', variables('installationType'), '\"', '\n', 'allowUploadDownload=\"', variables('allowUploadDownload'), '\"', '\n', 'osVersion=\"', variables('osVersion'), '\"', '\n', 'templateName=\"', variables('templateName'), '\"', '\n', 'isBlink=\"', variables('isBlink'), '\"', '\n', 'templateVersion=\"', variables('templateVersion'), '\"', '\n', 'bootstrapScript64=\"', variables('bootstrapScript64'), '\"', '\n', 'location=\"', variables('location'), '\"', '\n', 'sicKey=\"', variables('sicKey'), '\"', '\n', 'managementGUIClientNetwork=\"', variables('managementGUIClientNetwork'), '\"', '\n', 'adminShell=\"', parameters('adminShell'), '\"', '\n')]",
+ "imageOffer": "[concat('check-point-cg-', toLower(variables('osVersion')))]",
+ "imagePublisher": "checkpoint",
+ "imageSku": "[if(and(equals(parameters('installationType'), 'standalone'), or(equals(variables('osVersion'),'R8040'), equals(variables('osVersion'),'R81'))), 'mgmt-byol', 'sg-byol')]",
+ "imageReferenceBYOL": {
+ "offer": "[variables('imageOffer')]",
+ "publisher": "[variables('imagePublisher')]",
+ "sku": "[variables('imageSku')]",
+ "version": "latest"
+ },
+ "imageReferenceNGTP": {
+ "offer": "[variables('imageOffer')]",
+ "publisher": "[variables('imagePublisher')]",
+ "sku": "sg-ngtp",
+ "version": "latest"
+ },
+ "imageReferenceNGTP-V2": {
+ "offer": "[variables('imageOffer')]",
+ "publisher": "[variables('imagePublisher')]",
+ "sku": "sg-ngtp-v2",
+ "version": "latest"
+ },
+ "imageReferenceNGTX": {
+ "offer": "[variables('imageOffer')]",
+ "publisher": "[variables('imagePublisher')]",
+ "sku": "sg-ngtx",
+ "version": "latest"
+ },
+ "imageReferenceNGTX-V2": {
+ "offer": "[variables('imageOffer')]",
+ "publisher": "[variables('imagePublisher')]",
+ "sku": "sg-ngtx-v2",
+ "version": "latest"
+ },
+ "imageReferenceMarketplace": "[if(equals(variables('offer'), 'BYOL'), variables('imageReferenceBYOL'), if(equals(variables('offer'), 'NGTP'), variables('imageReferenceNGTP'), if(equals(variables('offer'), 'NGTP-V2'), variables('imageReferenceNGTP-V2'), if(equals(variables('offer'), 'NGTX'), variables('imageReferenceNGTX'), if(equals(variables('offer'), 'NGTX-V2'), variables('imageReferenceNGTX-V2'), json('null'))))))]",
+ "customImage": "customImage",
+ "imageReferenceCustomUri": {
+ "id": "[resourceId('Microsoft.Compute/images/', variables('customImage'))]"
+ },
+ "imageReference": "[if(equals(parameters('sourceImageVhdUri'),'noCustomUri'), variables('imageReferenceMarketplace'), variables('imageReferenceCustomUri'))]",
+ "nic1Name": "[concat(parameters('vmName'), '-eth0')]",
+ "nic2Name": "[concat(parameters('vmName'), '-eth1')]",
+ "linuxConfigurationpassword": {
+ "disablePasswordAuthentication": "false"
+ },
+ "linuxConfigurationsshPublicKey": {
+ "disablePasswordAuthentication": "true",
+ "ssh": {
+ "publicKeys": [
+ {
+ "keyData": "[parameters('sshPublicKey')]",
+ "path": "/home/notused/.ssh/authorized_keys"
+ }
+ ]
+ }
+ },
+ "linuxConfiguration": "[if(equals(parameters('authenticationType'), 'password'), variables('linuxConfigurationpassword'), variables('linuxConfigurationsshPublicKey'))]",
+ "planBYOL": {
+ "name": "[variables('imageSku')]",
+ "product": "[variables('imageOffer')]",
+ "publisher": "[variables('imagePublisher')]"
+ },
+ "planNGTP": {
+ "name": "sg-ngtp",
+ "product": "[variables('imageOffer')]",
+ "publisher": "[variables('imagePublisher')]"
+ },
+ "planNGTP-V2": {
+ "name": "sg-ngtp-v2",
+ "product": "[variables('imageOffer')]",
+ "publisher": "[variables('imagePublisher')]"
+ },
+ "planNGTX": {
+ "name": "sg-ngtx",
+ "product": "[variables('imageOffer')]",
+ "publisher": "[variables('imagePublisher')]"
+ },
+ "planNGTX-V2": {
+ "name": "sg-ngtx-v2",
+ "product": "[variables('imageOffer')]",
+ "publisher": "[variables('imagePublisher')]"
+ },
+ "plan": "[if(equals(variables('offer'), 'BYOL') , variables('planBYOL'), if(equals(variables('offer'), 'NGTP'), variables('planNGTP'), if(equals(variables('offer'), 'NGTP-V2'), variables('planNGTP-V2'), if(equals(variables('offer'), 'NGTX'), variables('planNGTX'), if(equals(variables('offer'), 'NGTX-V2'), variables('planNGTX-V2'), json('null'))))))]",
+ "bootstrapScript64": "[base64(parameters('bootstrapScript'))]",
+ "allowUploadDownload": "[parameters('allowDownloadFromUploadToCheckPoint')]",
+ "networkSetupURL": "[uri(parameters('_artifactsLocation'), concat('nestedtemplates/vnet-', parameters('vnetNewOrExisting'), '.json', parameters('_artifactsLocationSasToken')))]",
+ "sicKey": "[parameters('sicKey')]",
+ "managementGUIClientNetwork": "[parameters('managementGUIClientNetwork')]",
+ "NewNsgReference": {"id": "[resourceId('Microsoft.Network/networkSecurityGroups', parameters('NewNsgName'))]"}
+ },
+ "resources": [
+ {
+ "apiVersion": "2020-06-01",
+ "name": "pid-14dc7680-7a2f-483c-b3ec-2c0cfae477aa",
+ "type": "Microsoft.Resources/deployments",
+ "properties": {
+ "mode": "Incremental",
+ "template": {
+ "$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
+ "contentVersion": "1.0.0.0",
+ "resources": []
+ }
+ }
+ },
+ {
+ "type": "Microsoft.Storage/storageAccounts",
+ "name": "[variables('storageAccountName')]",
+ "apiVersion": "2021-06-01",
+ "properties": {
+ "supportsHttpsTrafficOnly": true,
+ "allowBlobPublicAccess": false,
+ "minimumTlsVersion": "TLS1_2",
+ "networkAcls": {
+ "bypass": "None",
+ "defaultAction": "[if(parameters('addStorageAccountIpRules'), 'Deny', 'Allow')]",
+ "ipRules": "[if(parameters('addStorageAccountIpRules'), map(variables('storageAccountIps'), lambda('ip',createObject('action','Allow','value',lambdaVariables('ip')))), createArray())]"
+ }
+ },
+ "location": "[variables('location')]",
+ "sku": {
+ "name": "[variables('storageAccountType')]"
+ },
+ "kind": "Storage",
+ "tags": "[ if(contains(parameters('tagsByResource'), 'Microsoft.Storage/storageAccounts'), parameters('tagsByResource')['Microsoft.Storage/storageAccounts'], json('{}')) ]"
+ },
+ {
+ "apiVersion": "2020-05-01",
+ "type": "Microsoft.Network/publicIPAddresses",
+ "name": "lbpublicip-v4",
+ "location": "[parameters('location')]",
+ "sku": {
+ "name": "Standard"
+ },
+ "properties": {
+ "publicIPAllocationMethod": "Static"
+ },
+ "tags": "[ if(contains(parameters('tagsByResource'), 'Microsoft.Network/publicIPAddresses'), parameters('tagsByResource')['Microsoft.Network/publicIPAddresses'], json('{}')) ]"
+ },
+ {
+ "apiVersion": "2020-05-01",
+ "type": "Microsoft.Network/publicIPAddresses",
+ "name": "lbpublicip-v6",
+ "location": "[parameters('location')]",
+ "sku": {
+ "name": "Standard"
+ },
+ "properties": {
+ "publicIPAllocationMethod": "Static",
+ "publicIPAddressVersion": "IPv6"
+ },
+ "tags": "[ if(contains(parameters('tagsByResource'), 'Microsoft.Network/publicIPAddresses'), parameters('tagsByResource')['Microsoft.Network/publicIPAddresses'], json('{}')) ]"
+ },
+ {
+ "apiVersion": "2020-05-01",
+ "name": "loadBalancer",
+ "type": "Microsoft.Network/loadBalancers",
+ "location": "[parameters('location')]",
+ "sku": {
+ "name": "Standard"
+ },
+ "dependsOn": [
+ "[resourceId('Microsoft.Network/publicIPAddresses','lbpublicip-v4')]",
+ "[resourceId('Microsoft.Network/publicIPAddresses','lbpublicip-v6')]"
+ ],
+ "properties": {
+ "frontendIpConfigurations": [
+ {
+ "name": "LB-v4",
+ "properties": {
+ "publicIPAddress": {
+ "id": "[resourceId('Microsoft.Network/publicIPAddresses', 'lbpublicip-v4')]"
+ }
+ }
+ },
+ {
+ "name": "LB-v6",
+ "properties": {
+ "publicIPAddress": {
+ "id": "[resourceId('Microsoft.Network/publicIPAddresses','lbpublicip-v6')]"
+ }
+ }
+ }
+ ],
+ "backendAddressPools": [
+ {
+ "name": "LBBAP-v4"
+ },
+ {
+ "name": "LBBAP-v6"
+ }
+ ],
+ "loadBalancingRules": [
+ {
+ "properties": {
+ "frontendIPConfiguration": {
+ "id": "[resourceId('Microsoft.Network/loadBalancers/frontendIpConfigurations', 'loadBalancer', 'LB-v4')]"
+ },
+ "backendAddressPool": {
+ "id": "[resourceId('Microsoft.Network/loadBalancers/backendAddressPools', 'loadBalancer', 'LBBAP-v4')]"
+ },
+ "probe": {
+ "id": "[resourceId('Microsoft.Network/loadBalancers/probes', 'loadBalancer', 'lb-probe')]"
+ },
+ "protocol": "Tcp",
+ "frontendPort": 443,
+ "backendPort": 443,
+ "idleTimeoutInMinutes": 4
+ },
+ "name": "lb-rule-v4"
+ },
+ {
+ "properties": {
+ "frontendIPConfiguration": {
+ "id": "[resourceId('Microsoft.Network/loadBalancers/frontendIpConfigurations', 'loadBalancer', 'LB-v6')]"
+ },
+ "backendAddressPool": {
+ "id": "[resourceId('Microsoft.Network/loadBalancers/backendAddressPools', 'loadBalancer', 'LBBAP-v6')]"
+ },
+ "probe": {
+ "id": "[resourceId('Microsoft.Network/loadBalancers/probes', 'loadBalancer', 'lb-probe')]"
+ },
+ "protocol": "Tcp",
+ "frontendPort": 443,
+ "backendPort": 443
+ },
+ "name": "lb-rule-v6"
+ }
+ ],
+ "probes": [
+ {
+ "properties": {
+ "protocol": "Tcp",
+ "port": 22,
+ "intervalInSeconds": 5,
+ "numberOfProbes": 2
+ },
+ "name": "lb-probe"
+ }
+ ]
+ },
+ "tags": "[ if(contains(parameters('tagsByResource'), 'Microsoft.Network/loadBalancers'), parameters('tagsByResource')['Microsoft.Network/loadBalancers'], json('{}')) ]"
+ },
+ {
+ "type": "Microsoft.Network/networkSecurityGroups",
+ "condition": "[and(parameters('deployNewNSG'),equals(parameters('vnetNewOrExisting'), 'new'))]",
+ "apiVersion": "2020-06-01",
+ "location": "[parameters('location')]",
+ "name": "[parameters('NewNsgName')]",
+ "properties": {
+ "securityRules": [
+ {
+ "name": "AllowAllInBound",
+ "properties": {
+ "description": "Allow all inbound connections",
+ "protocol": "*",
+ "sourcePortRange": "*",
+ "destinationPortRange": "*",
+ "sourceAddressPrefix": "*",
+ "destinationAddressPrefix": "*",
+ "access": "Allow",
+ "priority": "100",
+ "direction": "Inbound"
+ }
+ }
+ ]
+ },
+ "tags": "[ if(contains(parameters('tagsByResource'), 'Microsoft.Network/networkSecurityGroups'), parameters('tagsByResource')['Microsoft.Network/networkSecurityGroups'], json('{}')) ]"
+ },
+ {
+ "condition": "[equals(parameters('vnetNewOrExisting'), 'new')]",
+ "apiVersion": "2021-05-01",
+ "type": "Microsoft.Network/virtualNetworks",
+ "name": "[variables('virtualNetworkName')]",
+ "location": "[parameters('location')]",
+ "properties": {
+ "dhcpOptions": {
+ "dnsServers": [
+ "cafe:43::",
+ "cafe:45::"
+ ]
+ },
+ "addressSpace": {
+ "addressPrefixes": [
+ "[variables('vnetv4AddressRange')]",
+ "[variables('vnetv6AddressRange')]"
+ ]
+ },
+ "subnets": [
+ {
+ "name": "[variables('subnetName')]",
+ "properties": {
+ "addressPrefixes": [
+ "[variables('subnetv4AddressRange')]",
+ "[variables('subnetv6AddressRange')]"
+ ]
+ }
+ },
+ {
+ "name": "[variables('subnet2Name')]",
+ "properties": {
+ "addressPrefixes": [
+ "[variables('subnet2v4AddressRange')]",
+ "[variables('subnet2v6AddressRange')]"
+ ]
+ }
+ }
+ ]
+ },
+ "tags": "[ if(contains(parameters('tagsByResource'), 'Microsoft.Network/virtualNetworks'), parameters('tagsByResource')['Microsoft.Network/virtualNetworks'], json('{}')) ]"
+ },
+ {
+ "condition": "[equals(parameters('vnetNewOrExisting'), 'existing')]",
+ "name": "networkExistingSetup",
+ "type": "Microsoft.Resources/deployments",
+ "apiVersion": "2020-05-01",
+ "properties": {
+ "mode": "Incremental",
+ "templateLink": {
+ "uri": "[variables('networkSetupURL')]",
+ "contentVersion": "1.0.0.0"
+ },
+ "parameters": {
+ "location": {
+ "value": "[variables('location')]"
+ },
+ "virtualNetworkName": {
+ "value": "[parameters('virtualNetworkName')]"
+ },
+ "virtualNetworkExistingRGName": {
+ "value": "[parameters('virtualNetworkExistingRGName')]"
+ },
+ "tagsByResource": {
+ "value": "[parameters('tagsByResource')]"
+ },
+ "deployNsg": {
+ "value": "[parameters('deployNewNSG')]"
+ },
+ "NewNsgName":
+ {
+ "value":"[parameters('NewNsgName')]"
+ }
+ }
+ }
+ },
+ {
+ "type": "Microsoft.Network/networkInterfaces",
+ "apiVersion": "2020-06-01",
+ "dependsOn": [
+ "[coalesce(resourceId('Microsoft.Network/virtualNetworks', variables('virtualNetworkName')), resourceId('Microsoft.Resources/deployments', 'networkExistingSetup'))]",
+ "[resourceId('Microsoft.Network/loadBalancers','loadBalancer')]"
+ ],
+ "location": "[variables('location')]",
+ "name": "[variables('nic1Name')]",
+ "properties": {
+ "networkSecurityGroup":"[if(parameters('deployNewNSG') , variables('NewNsgReference') , parameters('ExistingNSG'))]",
+ "enableIPForwarding": true,
+ "enableAcceleratedNetworking": true,
+ "ipConfigurations": [
+ {
+ "name": "ipconfig-v4",
+ "properties": {
+ "privateIPAddress": "[parameters('Subnet1StartAddress')]",
+ "privateIPAllocationMethod": "Static",
+ "privateIPAddressVersion": "IPv4",
+ "primary": true,
+ "subnet": {
+ "id": "[variables('subnet-id')]"
+ },
+ "loadBalancerBackendAddressPools": [
+ {
+ "id": "[resourceId('Microsoft.Network/loadBalancers/backendAddressPools', 'loadBalancer', 'LBBAP-v4')]"
+ }
+ ]
+ }
+ },
+ {
+ "name": "ipconfig-v6",
+ "properties": {
+ "privateIPAllocationMethod": "Dynamic",
+ "privateIPAddressVersion": "IPv6",
+ "subnet": {
+ "id": "[variables('subnet-id')]"
+ },
+ "loadBalancerBackendAddressPools": [
+ {
+ "id": "[resourceId('Microsoft.Network/loadBalancers/backendAddressPools', 'loadBalancer', 'LBBAP-v6')]"
+ }
+ ]
+ }
+ }
+ ]
+ },
+ "tags": "[ if(contains(parameters('tagsByResource'), 'Microsoft.Network/networkInterfaces'), parameters('tagsByResource')['Microsoft.Network/networkInterfaces'], json('{}')) ]"
+ },
+ {
+ "type": "Microsoft.Network/networkInterfaces",
+ "apiVersion": "2020-06-01",
+ "dependsOn": [
+ "[coalesce(resourceId('Microsoft.Network/virtualNetworks', variables('virtualNetworkName')), resourceId('Microsoft.Resources/deployments', 'networkExistingSetup'))]",
+ "[resourceId('Microsoft.Network/loadBalancers','loadBalancer')]"
+ ],
+ "location": "[variables('location')]",
+ "name": "[variables('nic2Name')]",
+ "properties": {
+ "enableIPForwarding": true,
+ "enableAcceleratedNetworking": true,
+ "ipConfigurations": [
+ {
+ "name": "ipconfig-v4",
+ "properties": {
+ "privateIPAddress": "[parameters('Subnet2StartAddress')]",
+ "privateIPAllocationMethod": "Static",
+ "subnet": {
+ "id": "[variables('subnet2-id')]"
+ }
+ }
+ },
+ {
+ "name": "ipconfig-v6",
+ "properties": {
+ "privateIPAllocationMethod": "Dynamic",
+ "privateIPAddressVersion": "IPv6",
+ "subnet": {
+ "id": "[variables('subnet2-id')]"
+ }
+ }
+ }
+ ]
+ },
+ "tags": "[ if(contains(parameters('tagsByResource'), 'Microsoft.Network/networkInterfaces'), parameters('tagsByResource')['Microsoft.Network/networkInterfaces'], json('{}')) ]"
+ },
+ {
+ "condition": "[not(equals(parameters('sourceImageVhdUri'), 'noCustomUri'))]",
+ "type": "Microsoft.Compute/images",
+ "apiVersion": "2020-06-01",
+ "name": "[variables('customImage')]",
+ "location": "[variables('location')]",
+ "properties": {
+ "storageProfile": {
+ "osDisk": {
+ "osType": "Linux",
+ "osState": "Generalized",
+ "blobUri": "[parameters('sourceImageVhdUri')]",
+ "storageAccountType": "Standard_LRS"
+ }
+ },
+ "hyperVGeneration": "V1"
+ },
+ "tags": "[ if(contains(parameters('tagsByResource'), 'Microsoft.Compute/images'), parameters('tagsByResource')['Microsoft.Compute/images'], json('{}')) ]"
+ },
+ {
+ "type": "Microsoft.Compute/virtualMachines",
+ "apiVersion": "2021-07-01",
+ "dependsOn": [
+ "[resourceId('Microsoft.Storage/storageAccounts', variables('storageAccountName'))]",
+ "[resourceId('Microsoft.Network/networkInterfaces', variables('nic1Name'))]",
+ "[resourceId('Microsoft.Network/networkInterfaces', variables('nic2Name'))]",
+ "[resourceId('Microsoft.Compute/images/', variables('customImage'))]"
+ ],
+ "location": "[variables('location')]",
+ "name": "[parameters('vmName')]",
+ "plan": "[if(equals(parameters('sourceImageVhdUri'),'noCustomUri'), variables('plan'), json('null'))]",
+ "properties": {
+ "UserData": "[base64(variables('customData'))]",
+ "diagnosticsProfile": {
+ "bootDiagnostics": {
+ "enabled": "true",
+ "storageUri": "[reference(resourceId('Microsoft.Storage/storageAccounts/', variables('storageAccountName')), '2021-06-01').primaryEndpoints.blob]"
+ }
+ },
+ "hardwareProfile": {
+ "vmSize": "[parameters('vmSize')]"
+ },
+ "networkProfile": {
+ "networkInterfaces": [
+ {
+ "id": "[resourceId('Microsoft.Network/networkInterfaces', variables('nic1Name'))]",
+ "properties": {
+ "primary": true
+ }
+ },
+ {
+ "id": "[resourceId('Microsoft.Network/networkInterfaces', variables('nic2Name'))]",
+ "properties": {
+ "primary": false
+ }
+ }
+ ]
+ },
+ "osProfile": {
+ "adminPassword": "[parameters('adminPassword')]",
+ "adminUsername": "[concat('not','used')]",
+ "computerName": "[toLower(parameters('vmName'))]",
+ "customData": "[base64(variables('customData'))]",
+ "linuxConfiguration": "[variables('linuxConfiguration')]"
+ },
+ "storageProfile": {
+ "imageReference": "[variables('imageReference')]",
+ "osDisk": {
+ "caching": "ReadWrite",
+ "createOption": "FromImage",
+ "diskSizeGB": "[variables('diskSizeGB')]",
+ "name": "[parameters('vmName')]",
+ "managedDisk": {
+ "storageAccountType": "[parameters('diskType')]"
+ }
+ }
+ }
+ },
+ "tags": "[ if(contains(parameters('tagsByResource'), 'Microsoft.Compute/virtualMachines'), parameters('tagsByResource')['Microsoft.Compute/virtualMachines'], json('{}')) ]"
+ }
+ ]
+}
\ No newline at end of file
diff --git a/deprecated/azure/templates/R8040-R81/single-r8040-r81/README.md b/deprecated/azure/templates/R8040-R81/single-r8040-r81/README.md
new file mode 100644
index 00000000..e092fdd8
--- /dev/null
+++ b/deprecated/azure/templates/R8040-R81/single-r8040-r81/README.md
@@ -0,0 +1,22 @@
+# Check Point CloudGuard Network Security Single Gateway for Azure
+
+Check Point CloudGuard Network Security delivers advanced, multi-layered threat prevention to protect customer assets in Azure from malware and sophisticated threats. As a Microsoft Azure certified solution, CloudGuard Network Security enables you to easily and seamlessly secure your workloads while providing secure connectivity across your cloud and on-premises environments.
+
+Benefits:
+
+· Advanced threat prevention and traffic inspection
+
+· Integrated with Azure Security Center and Azure Sentinel
+
+· Provides consistent security policy management, enforcement, and reporting with a single pane of glass, using Check Point Unified Security Management
+
+
+
+
+
+
+
+To deploy with full control over all the template options use: [Full Control Deployment](https://portal.azure.com/#create/Microsoft.Template/uri/https%3A%2F%2Fraw.githubusercontent.com%2FCheckPointSW%2FCloudGuardIaaS%2Fmaster%2Fazure%2Ftemplates%2Fmarketplace-single%2FmainTemplate.json)
+
+
+
diff --git a/deprecated/azure/templates/R8040-R81/single-r8040-r81/createUiDefinition.json b/deprecated/azure/templates/R8040-R81/single-r8040-r81/createUiDefinition.json
new file mode 100644
index 00000000..0cc7cd29
--- /dev/null
+++ b/deprecated/azure/templates/R8040-R81/single-r8040-r81/createUiDefinition.json
@@ -0,0 +1,1305 @@
+{
+ "$schema": "https://schema.management.azure.com/schemas/0.1.2-preview/CreateUIDefinition.MultiVm.json#",
+ "handler": "Microsoft.Compute.MultiVm",
+ "version": "0.1.2-preview",
+ "parameters": {
+ "basics": [
+ {
+ "name": "basics settings text block",
+ "type": "Microsoft.Common.TextBlock",
+ "visible": true,
+ "options": {
+ "text": "Please follow the Check Point Reference Architecture for Azure.",
+ "link": {
+ "label": "Reference Architecture Guide",
+ "uri": "https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk109360"
+ }
+ }
+ },
+ {
+ "name": "gatewayNameUi",
+ "type": "Microsoft.Common.TextBox",
+ "label": "VM Name",
+ "toolTip": "The name of the Check Point CloudGuard.",
+ "constraints": {
+ "required": true,
+ "regex": "^[a-z0-9A-Z]{1,30}$",
+ "validationMessage": "Only alphanumeric characters are allowed, and the name must be 1-30 characters long."
+ }
+ },
+ {
+ "name": "auth",
+ "type": "Microsoft.Compute.CredentialsCombo",
+ "label": {
+ "authenticationType": "Authentication type",
+ "password": "Password",
+ "confirmPassword": "Confirm password",
+ "sshPublicKey": "SSH public key"
+ },
+ "toolTip": {
+ "password": "The user 'admin' password",
+ "sshPublicKey": "Paste an OpenSSH public key. You can generate a key pair using ssh-keygen (Linux, OS X, Cygwin) or PuttyGen (Windows)"
+ },
+ "constraints": {
+ "required": true
+ },
+ "options": {
+ "hideConfirmation": false,
+ "hidePassword": false
+ },
+ "osPlatform": "Linux"
+ }
+ ],
+ "steps": [
+ {
+ "name": "chkp",
+ "label": "Check Point CloudGuard settings",
+ "subLabel": {
+ "preValidation": "Configure CloudGuard settings",
+ "postValidation": "Done"
+ },
+ "bladeTitle": "CloudGuard settings",
+ "elements": [
+ {
+ "name": "cloudGuardVersion",
+ "type": "Microsoft.Common.DropDown",
+ "label": "Check Point CloudGuard version",
+ "defaultValue": "R81",
+ "toolTip": "The version of Check Point CloudGuard.",
+ "constraints": {
+ "allowedValues": [
+ {
+ "label": "R80.40",
+ "value": "R80.40"
+ },
+ {
+ "label": "R81",
+ "value": "R81"
+ }
+ ]
+ }
+ },
+ {
+ "name": "R80Offer",
+ "type": "Microsoft.Common.DropDown",
+ "label": "License type",
+ "toolTip": "The type of license.",
+ "defaultValue": "Bring Your Own License",
+ "visible": true,
+ "constraints": {
+ "allowedValues": [
+ {
+ "label": "Bring Your Own License",
+ "value": "Bring Your Own License"
+ },
+ {
+ "label": "Pay As You Go (NGTP)",
+ "value": "Pay As You Go (NGTP)"
+ },
+ {
+ "label": "Pay As You Go (NGTX)",
+ "value": "Pay As You Go (NGTX)"
+ }
+ ]
+ }
+ },
+ {
+ "name": "R8040vmSizeUiBYOL",
+ "type": "Microsoft.Compute.SizeSelector",
+ "visible": "[and(equals(steps('chkp').cloudGuardVersion, 'R80.40'), contains(steps('chkp').R80Offer, 'Bring Your Own License'))]",
+ "label": "Virtual machine size",
+ "toolTip": "The VM size of the Security Gateway",
+ "recommendedSizes": [
+ "Standard_D3_v2",
+ "Standard_DS3_v2"
+ ],
+ "constraints": {
+ "allowedSizes": [
+ "Standard_D4_v4",
+ "Standard_D8_v4",
+ "Standard_D16_v4",
+ "Standard_D32_v4",
+ "Standard_D48_v4",
+ "Standard_D64_v4",
+ "Standard_D4s_v4",
+ "Standard_D8s_v4",
+ "Standard_D16s_v4",
+ "Standard_D32s_v4",
+ "Standard_D48s_v4",
+ "Standard_D64s_v4",
+ "Standard_D2_v5",
+ "Standard_D4_v5",
+ "Standard_D8_v5",
+ "Standard_D16_v5",
+ "Standard_D32_v5",
+ "Standard_D2s_v5",
+ "Standard_D4s_v5",
+ "Standard_D8s_v5",
+ "Standard_D16s_v5",
+ "Standard_D2d_v5",
+ "Standard_D4d_v5",
+ "Standard_D8d_v5",
+ "Standard_D16d_v5",
+ "Standard_D32d_v5",
+ "Standard_D2ds_v5",
+ "Standard_D4ds_v5",
+ "Standard_D8ds_v5",
+ "Standard_D16ds_v5",
+ "Standard_D32ds_v5",
+ "Standard_DS2_v2",
+ "Standard_DS3_v2",
+ "Standard_DS4_v2",
+ "Standard_DS5_v2",
+ "Standard_F2s",
+ "Standard_F4s",
+ "Standard_F8s",
+ "Standard_F16s",
+ "Standard_D4s_v3",
+ "Standard_D8s_v3",
+ "Standard_D16s_v3",
+ "Standard_D32s_v3",
+ "Standard_D64s_v3",
+ "Standard_E4s_v3",
+ "Standard_E8s_v3",
+ "Standard_E16s_v3",
+ "Standard_E20s_v3",
+ "Standard_E32s_v3",
+ "Standard_E64s_v3",
+ "Standard_E64is_v3",
+ "Standard_F4s_v2",
+ "Standard_F8s_v2",
+ "Standard_F16s_v2",
+ "Standard_F32s_v2",
+ "Standard_F64s_v2",
+ "Standard_M8ms",
+ "Standard_M16ms",
+ "Standard_M32ms",
+ "Standard_M64ms",
+ "Standard_M64s",
+ "Standard_D2_v2",
+ "Standard_D3_v2",
+ "Standard_D4_v2",
+ "Standard_D5_v2",
+ "Standard_D11_v2",
+ "Standard_D12_v2",
+ "Standard_D13_v2",
+ "Standard_D14_v2",
+ "Standard_D15_v2",
+ "Standard_F2",
+ "Standard_F4",
+ "Standard_F8",
+ "Standard_F16",
+ "Standard_D4_v3",
+ "Standard_D8_v3",
+ "Standard_D16_v3",
+ "Standard_D32_v3",
+ "Standard_D64_v3",
+ "Standard_E4_v3",
+ "Standard_E8_v3",
+ "Standard_E16_v3",
+ "Standard_E20_v3",
+ "Standard_E32_v3",
+ "Standard_E64_v3",
+ "Standard_E64i_v3",
+ "Standard_DS11_v2",
+ "Standard_DS12_v2",
+ "Standard_DS13_v2",
+ "Standard_DS14_v2",
+ "Standard_DS15_v2"
+ ]
+ },
+ "osPlatform": "Linux",
+ "imageReference": {
+ "publisher": "checkpoint",
+ "offer": "check-point-cg-r8040",
+ "sku": "sg-byol"
+ },
+ "count": 1
+ },
+ {
+ "name": "R8040vmSizeUiNGTP",
+ "type": "Microsoft.Compute.SizeSelector",
+ "visible": "[and(equals(steps('chkp').cloudGuardVersion, 'R80.40'), contains(steps('chkp').R80Offer, '(NGTP)'))]",
+ "label": "Virtual machine size",
+ "toolTip": "The VM size of the Security Gateway",
+ "recommendedSizes": [
+ "Standard_D3_v2",
+ "Standard_DS3_v2"
+ ],
+ "constraints": {
+ "allowedSizes": [
+ "Standard_D4_v4",
+ "Standard_D8_v4",
+ "Standard_D16_v4",
+ "Standard_D32_v4",
+ "Standard_D48_v4",
+ "Standard_D64_v4",
+ "Standard_D4s_v4",
+ "Standard_D8s_v4",
+ "Standard_D16s_v4",
+ "Standard_D32s_v4",
+ "Standard_D48s_v4",
+ "Standard_D64s_v4",
+ "Standard_D2_v5",
+ "Standard_D4_v5",
+ "Standard_D8_v5",
+ "Standard_D16_v5",
+ "Standard_D32_v5",
+ "Standard_D2s_v5",
+ "Standard_D4s_v5",
+ "Standard_D8s_v5",
+ "Standard_D16s_v5",
+ "Standard_D2d_v5",
+ "Standard_D4d_v5",
+ "Standard_D8d_v5",
+ "Standard_D16d_v5",
+ "Standard_D32d_v5",
+ "Standard_D2ds_v5",
+ "Standard_D4ds_v5",
+ "Standard_D8ds_v5",
+ "Standard_D16ds_v5",
+ "Standard_D32ds_v5",
+ "Standard_DS2_v2",
+ "Standard_DS3_v2",
+ "Standard_DS4_v2",
+ "Standard_DS5_v2",
+ "Standard_F2s",
+ "Standard_F4s",
+ "Standard_F8s",
+ "Standard_F16s",
+ "Standard_D4s_v3",
+ "Standard_D8s_v3",
+ "Standard_D16s_v3",
+ "Standard_D32s_v3",
+ "Standard_D64s_v3",
+ "Standard_E4s_v3",
+ "Standard_E8s_v3",
+ "Standard_E16s_v3",
+ "Standard_E20s_v3",
+ "Standard_E32s_v3",
+ "Standard_E64s_v3",
+ "Standard_E64is_v3",
+ "Standard_F4s_v2",
+ "Standard_F8s_v2",
+ "Standard_F16s_v2",
+ "Standard_F32s_v2",
+ "Standard_F64s_v2",
+ "Standard_M8ms",
+ "Standard_M16ms",
+ "Standard_M32ms",
+ "Standard_M64ms",
+ "Standard_M64s",
+ "Standard_D2_v2",
+ "Standard_D3_v2",
+ "Standard_D4_v2",
+ "Standard_D5_v2",
+ "Standard_D11_v2",
+ "Standard_D12_v2",
+ "Standard_D13_v2",
+ "Standard_D14_v2",
+ "Standard_D15_v2",
+ "Standard_F2",
+ "Standard_F4",
+ "Standard_F8",
+ "Standard_F16",
+ "Standard_D4_v3",
+ "Standard_D8_v3",
+ "Standard_D16_v3",
+ "Standard_D32_v3",
+ "Standard_D64_v3",
+ "Standard_E4_v3",
+ "Standard_E8_v3",
+ "Standard_E16_v3",
+ "Standard_E20_v3",
+ "Standard_E32_v3",
+ "Standard_E64_v3",
+ "Standard_E64i_v3",
+ "Standard_DS11_v2",
+ "Standard_DS12_v2",
+ "Standard_DS13_v2",
+ "Standard_DS14_v2",
+ "Standard_DS15_v2"
+ ]
+ },
+ "osPlatform": "Linux",
+ "imageReference": {
+ "publisher": "checkpoint",
+ "offer": "check-point-cg-r8040",
+ "sku": "sg-ngtp"
+ },
+ "count": 1
+ },
+ {
+ "name": "R8040vmSizeUiNGTX",
+ "type": "Microsoft.Compute.SizeSelector",
+ "visible": "[and(equals(steps('chkp').cloudGuardVersion, 'R80.40'), contains(steps('chkp').R80Offer, '(NGTX)'))]",
+ "label": "Virtual machine size",
+ "toolTip": "The VM size of the Security Gateway",
+ "recommendedSizes": [
+ "Standard_D3_v2",
+ "Standard_DS3_v2"
+ ],
+ "constraints": {
+ "allowedSizes": [
+ "Standard_D4_v4",
+ "Standard_D8_v4",
+ "Standard_D16_v4",
+ "Standard_D32_v4",
+ "Standard_D48_v4",
+ "Standard_D64_v4",
+ "Standard_D4s_v4",
+ "Standard_D8s_v4",
+ "Standard_D16s_v4",
+ "Standard_D32s_v4",
+ "Standard_D48s_v4",
+ "Standard_D64s_v4",
+ "Standard_D2_v5",
+ "Standard_D4_v5",
+ "Standard_D8_v5",
+ "Standard_D16_v5",
+ "Standard_D32_v5",
+ "Standard_D2s_v5",
+ "Standard_D4s_v5",
+ "Standard_D8s_v5",
+ "Standard_D16s_v5",
+ "Standard_D2d_v5",
+ "Standard_D4d_v5",
+ "Standard_D8d_v5",
+ "Standard_D16d_v5",
+ "Standard_D32d_v5",
+ "Standard_D2ds_v5",
+ "Standard_D4ds_v5",
+ "Standard_D8ds_v5",
+ "Standard_D16ds_v5",
+ "Standard_D32ds_v5",
+ "Standard_DS2_v2",
+ "Standard_DS3_v2",
+ "Standard_DS4_v2",
+ "Standard_DS5_v2",
+ "Standard_F2s",
+ "Standard_F4s",
+ "Standard_F8s",
+ "Standard_F16s",
+ "Standard_D4s_v3",
+ "Standard_D8s_v3",
+ "Standard_D16s_v3",
+ "Standard_D32s_v3",
+ "Standard_D64s_v3",
+ "Standard_E4s_v3",
+ "Standard_E8s_v3",
+ "Standard_E16s_v3",
+ "Standard_E20s_v3",
+ "Standard_E32s_v3",
+ "Standard_E64s_v3",
+ "Standard_E64is_v3",
+ "Standard_F4s_v2",
+ "Standard_F8s_v2",
+ "Standard_F16s_v2",
+ "Standard_F32s_v2",
+ "Standard_F64s_v2",
+ "Standard_M8ms",
+ "Standard_M16ms",
+ "Standard_M32ms",
+ "Standard_M64ms",
+ "Standard_M64s",
+ "Standard_D2_v2",
+ "Standard_D3_v2",
+ "Standard_D4_v2",
+ "Standard_D5_v2",
+ "Standard_D11_v2",
+ "Standard_D12_v2",
+ "Standard_D13_v2",
+ "Standard_D14_v2",
+ "Standard_D15_v2",
+ "Standard_F2",
+ "Standard_F4",
+ "Standard_F8",
+ "Standard_F16",
+ "Standard_D4_v3",
+ "Standard_D8_v3",
+ "Standard_D16_v3",
+ "Standard_D32_v3",
+ "Standard_D64_v3",
+ "Standard_E4_v3",
+ "Standard_E8_v3",
+ "Standard_E16_v3",
+ "Standard_E20_v3",
+ "Standard_E32_v3",
+ "Standard_E64_v3",
+ "Standard_E64i_v3",
+ "Standard_DS11_v2",
+ "Standard_DS12_v2",
+ "Standard_DS13_v2",
+ "Standard_DS14_v2",
+ "Standard_DS15_v2"
+ ]
+ },
+ "osPlatform": "Linux",
+ "imageReference": {
+ "publisher": "checkpoint",
+ "offer": "check-point-cg-r8040",
+ "sku": "sg-ngtx"
+ },
+ "count": 1
+ },
+ {
+ "name": "R81vmSizeUiBYOL",
+ "type": "Microsoft.Compute.SizeSelector",
+ "visible": "[and(equals(steps('chkp').cloudGuardVersion, 'R81'), contains(steps('chkp').R80Offer, 'Bring Your Own License'))]",
+ "label": "Virtual machine size",
+ "toolTip": "The VM size of the Security Gateway",
+ "recommendedSizes": [
+ "Standard_D3_v2",
+ "Standard_DS3_v2"
+ ],
+ "constraints": {
+ "allowedSizes": [
+ "Standard_D4_v4",
+ "Standard_D8_v4",
+ "Standard_D16_v4",
+ "Standard_D32_v4",
+ "Standard_D48_v4",
+ "Standard_D64_v4",
+ "Standard_D4s_v4",
+ "Standard_D8s_v4",
+ "Standard_D16s_v4",
+ "Standard_D32s_v4",
+ "Standard_D48s_v4",
+ "Standard_D64s_v4",
+ "Standard_D2_v5",
+ "Standard_D4_v5",
+ "Standard_D8_v5",
+ "Standard_D16_v5",
+ "Standard_D32_v5",
+ "Standard_D2s_v5",
+ "Standard_D4s_v5",
+ "Standard_D8s_v5",
+ "Standard_D16s_v5",
+ "Standard_D2d_v5",
+ "Standard_D4d_v5",
+ "Standard_D8d_v5",
+ "Standard_D16d_v5",
+ "Standard_D32d_v5",
+ "Standard_D2ds_v5",
+ "Standard_D4ds_v5",
+ "Standard_D8ds_v5",
+ "Standard_D16ds_v5",
+ "Standard_D32ds_v5",
+ "Standard_DS2_v2",
+ "Standard_DS3_v2",
+ "Standard_DS4_v2",
+ "Standard_DS5_v2",
+ "Standard_F2s",
+ "Standard_F4s",
+ "Standard_F8s",
+ "Standard_F16s",
+ "Standard_D4s_v3",
+ "Standard_D8s_v3",
+ "Standard_D16s_v3",
+ "Standard_D32s_v3",
+ "Standard_D64s_v3",
+ "Standard_E4s_v3",
+ "Standard_E8s_v3",
+ "Standard_E16s_v3",
+ "Standard_E20s_v3",
+ "Standard_E32s_v3",
+ "Standard_E64s_v3",
+ "Standard_E64is_v3",
+ "Standard_F4s_v2",
+ "Standard_F8s_v2",
+ "Standard_F16s_v2",
+ "Standard_F32s_v2",
+ "Standard_F64s_v2",
+ "Standard_M8ms",
+ "Standard_M16ms",
+ "Standard_M32ms",
+ "Standard_M64ms",
+ "Standard_M64s",
+ "Standard_D2_v2",
+ "Standard_D3_v2",
+ "Standard_D4_v2",
+ "Standard_D5_v2",
+ "Standard_D11_v2",
+ "Standard_D12_v2",
+ "Standard_D13_v2",
+ "Standard_D14_v2",
+ "Standard_D15_v2",
+ "Standard_F2",
+ "Standard_F4",
+ "Standard_F8",
+ "Standard_F16",
+ "Standard_D4_v3",
+ "Standard_D8_v3",
+ "Standard_D16_v3",
+ "Standard_D32_v3",
+ "Standard_D64_v3",
+ "Standard_E4_v3",
+ "Standard_E8_v3",
+ "Standard_E16_v3",
+ "Standard_E20_v3",
+ "Standard_E32_v3",
+ "Standard_E64_v3",
+ "Standard_E64i_v3",
+ "Standard_DS11_v2",
+ "Standard_DS12_v2",
+ "Standard_DS13_v2",
+ "Standard_DS14_v2",
+ "Standard_DS15_v2"
+ ]
+ },
+ "osPlatform": "Linux",
+ "imageReference": {
+ "publisher": "checkpoint",
+ "offer": "check-point-cg-r81",
+ "sku": "sg-byol"
+ },
+ "count": 1
+ },
+ {
+ "name": "R81vmSizeUiNGTP",
+ "type": "Microsoft.Compute.SizeSelector",
+ "visible": "[and(equals(steps('chkp').cloudGuardVersion, 'R81'), contains(steps('chkp').R80Offer, '(NGTP)'))]",
+ "label": "Virtual machine size",
+ "toolTip": "The VM size of the Security Gateway",
+ "recommendedSizes": [
+ "Standard_D3_v2",
+ "Standard_DS3_v2"
+ ],
+ "constraints": {
+ "allowedSizes": [
+ "Standard_D4_v4",
+ "Standard_D8_v4",
+ "Standard_D16_v4",
+ "Standard_D32_v4",
+ "Standard_D48_v4",
+ "Standard_D64_v4",
+ "Standard_D4s_v4",
+ "Standard_D8s_v4",
+ "Standard_D16s_v4",
+ "Standard_D32s_v4",
+ "Standard_D48s_v4",
+ "Standard_D64s_v4",
+ "Standard_D2_v5",
+ "Standard_D4_v5",
+ "Standard_D8_v5",
+ "Standard_D16_v5",
+ "Standard_D32_v5",
+ "Standard_D2s_v5",
+ "Standard_D4s_v5",
+ "Standard_D8s_v5",
+ "Standard_D16s_v5",
+ "Standard_D2d_v5",
+ "Standard_D4d_v5",
+ "Standard_D8d_v5",
+ "Standard_D16d_v5",
+ "Standard_D32d_v5",
+ "Standard_D2ds_v5",
+ "Standard_D4ds_v5",
+ "Standard_D8ds_v5",
+ "Standard_D16ds_v5",
+ "Standard_D32ds_v5",
+ "Standard_DS2_v2",
+ "Standard_DS3_v2",
+ "Standard_DS4_v2",
+ "Standard_DS5_v2",
+ "Standard_F2s",
+ "Standard_F4s",
+ "Standard_F8s",
+ "Standard_F16s",
+ "Standard_D4s_v3",
+ "Standard_D8s_v3",
+ "Standard_D16s_v3",
+ "Standard_D32s_v3",
+ "Standard_D64s_v3",
+ "Standard_E4s_v3",
+ "Standard_E8s_v3",
+ "Standard_E16s_v3",
+ "Standard_E20s_v3",
+ "Standard_E32s_v3",
+ "Standard_E64s_v3",
+ "Standard_E64is_v3",
+ "Standard_F4s_v2",
+ "Standard_F8s_v2",
+ "Standard_F16s_v2",
+ "Standard_F32s_v2",
+ "Standard_F64s_v2",
+ "Standard_M8ms",
+ "Standard_M16ms",
+ "Standard_M32ms",
+ "Standard_M64ms",
+ "Standard_M64s",
+ "Standard_D2_v2",
+ "Standard_D3_v2",
+ "Standard_D4_v2",
+ "Standard_D5_v2",
+ "Standard_D11_v2",
+ "Standard_D12_v2",
+ "Standard_D13_v2",
+ "Standard_D14_v2",
+ "Standard_D15_v2",
+ "Standard_F2",
+ "Standard_F4",
+ "Standard_F8",
+ "Standard_F16",
+ "Standard_D4_v3",
+ "Standard_D8_v3",
+ "Standard_D16_v3",
+ "Standard_D32_v3",
+ "Standard_D64_v3",
+ "Standard_E4_v3",
+ "Standard_E8_v3",
+ "Standard_E16_v3",
+ "Standard_E20_v3",
+ "Standard_E32_v3",
+ "Standard_E64_v3",
+ "Standard_E64i_v3",
+ "Standard_DS11_v2",
+ "Standard_DS12_v2",
+ "Standard_DS13_v2",
+ "Standard_DS14_v2",
+ "Standard_DS15_v2"
+ ]
+ },
+ "osPlatform": "Linux",
+ "imageReference": {
+ "publisher": "checkpoint",
+ "offer": "check-point-cg-r81",
+ "sku": "sg-ngtp"
+ },
+ "count": 1
+ },
+ {
+ "name": "R81vmSizeUiNGTX",
+ "type": "Microsoft.Compute.SizeSelector",
+ "visible": "[and(equals(steps('chkp').cloudGuardVersion, 'R81'), contains(steps('chkp').R80Offer, '(NGTX)'))]",
+ "label": "Virtual machine size",
+ "toolTip": "The VM size of the Security Gateway",
+ "recommendedSizes": [
+ "Standard_D3_v2",
+ "Standard_DS3_v2"
+ ],
+ "constraints": {
+ "allowedSizes": [
+ "Standard_D4_v4",
+ "Standard_D8_v4",
+ "Standard_D16_v4",
+ "Standard_D32_v4",
+ "Standard_D48_v4",
+ "Standard_D64_v4",
+ "Standard_D4s_v4",
+ "Standard_D8s_v4",
+ "Standard_D16s_v4",
+ "Standard_D32s_v4",
+ "Standard_D48s_v4",
+ "Standard_D64s_v4",
+ "Standard_D2_v5",
+ "Standard_D4_v5",
+ "Standard_D8_v5",
+ "Standard_D16_v5",
+ "Standard_D32_v5",
+ "Standard_D2s_v5",
+ "Standard_D4s_v5",
+ "Standard_D8s_v5",
+ "Standard_D16s_v5",
+ "Standard_D2d_v5",
+ "Standard_D4d_v5",
+ "Standard_D8d_v5",
+ "Standard_D16d_v5",
+ "Standard_D32d_v5",
+ "Standard_D2ds_v5",
+ "Standard_D4ds_v5",
+ "Standard_D8ds_v5",
+ "Standard_D16ds_v5",
+ "Standard_D32ds_v5",
+ "Standard_DS2_v2",
+ "Standard_DS3_v2",
+ "Standard_DS4_v2",
+ "Standard_DS5_v2",
+ "Standard_F2s",
+ "Standard_F4s",
+ "Standard_F8s",
+ "Standard_F16s",
+ "Standard_D4s_v3",
+ "Standard_D8s_v3",
+ "Standard_D16s_v3",
+ "Standard_D32s_v3",
+ "Standard_D64s_v3",
+ "Standard_E4s_v3",
+ "Standard_E8s_v3",
+ "Standard_E16s_v3",
+ "Standard_E20s_v3",
+ "Standard_E32s_v3",
+ "Standard_E64s_v3",
+ "Standard_E64is_v3",
+ "Standard_F4s_v2",
+ "Standard_F8s_v2",
+ "Standard_F16s_v2",
+ "Standard_F32s_v2",
+ "Standard_F64s_v2",
+ "Standard_M8ms",
+ "Standard_M16ms",
+ "Standard_M32ms",
+ "Standard_M64ms",
+ "Standard_M64s",
+ "Standard_D2_v2",
+ "Standard_D3_v2",
+ "Standard_D4_v2",
+ "Standard_D5_v2",
+ "Standard_D11_v2",
+ "Standard_D12_v2",
+ "Standard_D13_v2",
+ "Standard_D14_v2",
+ "Standard_D15_v2",
+ "Standard_F2",
+ "Standard_F4",
+ "Standard_F8",
+ "Standard_F16",
+ "Standard_D4_v3",
+ "Standard_D8_v3",
+ "Standard_D16_v3",
+ "Standard_D32_v3",
+ "Standard_D64_v3",
+ "Standard_E4_v3",
+ "Standard_E8_v3",
+ "Standard_E16_v3",
+ "Standard_E20_v3",
+ "Standard_E32_v3",
+ "Standard_E64_v3",
+ "Standard_E64i_v3",
+ "Standard_DS11_v2",
+ "Standard_DS12_v2",
+ "Standard_DS13_v2",
+ "Standard_DS14_v2",
+ "Standard_DS15_v2"
+ ]
+ },
+ "osPlatform": "Linux",
+ "imageReference": {
+ "publisher": "checkpoint",
+ "offer": "check-point-cg-r81",
+ "sku": "sg-ngtx"
+ },
+ "count": 1
+ },
+ {
+ "name": "installationType",
+ "type": "Microsoft.Common.DropDown",
+ "label": "Installation type",
+ "visible": "[or(equals(steps('chkp').cloudGuardVersion, 'R80.40'), equals(steps('chkp').cloudGuardVersion, 'R81'))]",
+ "defaultValue": "Gateway only",
+ "toolTip": "Select the type of deployment",
+ "constraints": {
+ "allowedValues": [
+ {
+ "label": "Gateway only",
+ "value": "gateway"
+ },
+ {
+ "label": "Standalone",
+ "value": "standalone"
+ }
+ ]
+ }
+ },
+ {
+ "name": "adminShell",
+ "type": "Microsoft.Common.DropDown",
+ "label": "Default shell for the admin user",
+ "defaultValue": "/etc/cli.sh",
+ "toolTip": "The default shell for the admin user",
+ "constraints": {
+ "allowedValues": [
+ {
+ "label": "/etc/cli.sh",
+ "value": "/etc/cli.sh"
+ },
+ {
+ "label": "/bin/bash",
+ "value": "/bin/bash"
+ },
+ {
+ "label": "/bin/csh",
+ "value": "/bin/csh"
+ },
+ {
+ "label": "/bin/tcsh",
+ "value": "/bin/tcsh"
+ }
+ ]
+ }
+ },
+ {
+ "name": "standaloneValidation",
+ "type": "Microsoft.Common.InfoBox",
+ "visible": "[and(equals(steps('chkp').installationType, 'standalone'), not(and(equals(steps('chkp').R80Offer, 'Bring Your Own License'),or(equals(steps('chkp').cloudGuardVersion, 'R80.40'), equals(steps('chkp').cloudGuardVersion, 'R81')))))]",
+ "options": {
+ "icon": "Error",
+ "text": "Standalone deployment is ONLY supported for CloudGuard versions R80.40, R81 Bring Your Own License."
+ }
+ },
+ {
+ "name": "managementGUIClientNetwork",
+ "type": "Microsoft.Common.TextBox",
+ "label": "Allowed GUI clients",
+ "toolTip": "GUI clients network CIDR",
+ "constraints": {
+ "required": true,
+ "regex": "^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\\/([0-9]|[1-2][0-9]|3[0-2]))$",
+ "validationMessage": "Enter a valid IPv4 network CIDR"
+ },
+ "visible": "[and(or(equals(steps('chkp').cloudGuardVersion, 'R80.40'), equals(steps('chkp').cloudGuardVersion, 'R81')), equals(steps('chkp').installationType, 'standalone'))]"
+ },
+ {
+ "name": "sicKeyUi",
+ "type": "Microsoft.Common.PasswordBox",
+ "label": {
+ "password": "SIC key",
+ "confirmPassword": "Confirm SIC key"
+ },
+ "toolTip": "Set the Secure Internal Communication one time secret used to set up trust between the gateway and the management server.",
+ "constraints": {
+ "required": true,
+ "regex": "^[a-z0-9A-Z]{12,30}$",
+ "validationMessage": "Only alphanumeric characters are allowed, and the value must be 12-30 characters long."
+ },
+ "options": {
+ "hideConfirmation": false
+ },
+ "visible": "[not(equals(steps('chkp').installationType, 'standalone'))]"
+ },
+ {
+ "name": "SerialPasswordInfoBox",
+ "type": "Microsoft.Common.InfoBox",
+ "visible": "[bool(basics('auth').sshPublicKey)]",
+ "options": {
+ "icon": "Info",
+ "text": "Check Point recommends setting serial console password and maintenance-mode password for recovery purposes. For R81.10 and below the serial console password is used also as maintenance-mode password"
+ }
+ },
+ {
+ "visible": "[bool(basics('auth').sshPublicKey)]",
+ "name": "EnableSerialConsolePassword",
+ "type": "Microsoft.Common.OptionsGroup",
+ "label": "Enable Serial console password",
+ "defaultValue": "Yes",
+ "toolTip": "A unique password hash to enable VM connection via serial console.",
+ "constraints": {
+ "allowedValues": [
+ {
+ "label": "Yes",
+ "value": true
+ },
+ {
+ "label": "No",
+ "value": false
+ }
+ ]
+ }
+ },
+ {
+ "name": "AdditionalPassword",
+ "type": "Microsoft.Common.PasswordBox",
+ "toolTip": "Serial console password hash, used to enable password authentication (using serial console). To generate password hash use the command 'openssl passwd -6 PASSWORD'",
+ "visible": "[and(bool(basics('auth').sshPublicKey), steps('chkp').EnableSerialConsolePassword)]",
+ "label": {
+ "password": "Password hash",
+ "confirmPassword": "Confirm password"
+ },
+ "constraints": {
+ "required": true,
+ "regex": "^.{12,300}$",
+ "validationMessage": "The value must be the output of the hash command."
+ },
+ "options": {
+ "hideConfirmation": false
+ }
+ },
+ {
+ "name": "bootstrapScript",
+ "type": "Microsoft.Common.FileUpload",
+ "label": "Bootstrap script",
+ "toolTip": "An optional script to run on the initial boot",
+ "constraints": {
+ "required": false,
+ "accept": ".sh,text/plain"
+ },
+ "options": {
+ "multiple": false,
+ "uploadMode": "file",
+ "openMode": "text",
+ "encoding": "UTF-8"
+ }
+ },
+ {
+ "visible": "[or(not(equals(steps('chkp').cloudGuardVersion, 'R80.10')), not(equals(steps('chkp').installationType, 'custom')))]",
+ "name": "allowUploadDownload",
+ "type": "Microsoft.Common.OptionsGroup",
+ "label": "Automatically download updates and share statistical data for product improvement purpose",
+ "defaultValue": "Yes",
+ "toolTip": "Automatically download Blade Contracts and other important data. Improve product experience by sending data to Check Point",
+ "constraints": {
+ "allowedValues": [
+ {
+ "label": "Yes",
+ "value": "true"
+ },
+ {
+ "label": "No",
+ "value": "false"
+ }
+ ]
+ }
+ },
+ {
+ "name": "VMDiskType",
+ "type": "Microsoft.Common.OptionsGroup",
+ "label": "VM disk type",
+ "toolTip": "Type of CloudGuard disk.",
+ "visible": "[not(contains('R80.40 R81' , steps('chkp').cloudGuardVersion))]",
+ "defaultValue": "Premium",
+ "constraints": {
+ "allowedValues": [
+ {
+ "label": "Standard",
+ "value": "Standard_LRS"
+ },
+ {
+ "label": "Premium",
+ "value": "Premium_LRS"
+ }
+ ]
+ }
+ },
+ {
+ "name": "VMDiskTypeOldVersions",
+ "type": "Microsoft.Common.OptionsGroup",
+ "label": "VM disk type",
+ "toolTip": "Type of CloudGuard disk.",
+ "visible": "[contains('R80.40 R81' , steps('chkp').cloudGuardVersion)]",
+ "defaultValue": "Standard",
+ "constraints": {
+ "allowedValues": [
+ {
+ "label": "Standard",
+ "value": "Standard_LRS"
+ },
+ {
+ "label": "Premium",
+ "value": "Premium_LRS"
+ }
+ ]
+ }
+ },
+ {
+ "name": "basics settings text block",
+ "type": "Microsoft.Common.TextBlock",
+ "visible": true,
+ "options": {
+ "text": "Please follow the Check Point referenced guide for adding disk space.",
+ "link": {
+ "label": "Additional disk space in CloudGuard",
+ "uri": "https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk156552"
+ }
+ }
+ },
+ {
+ "name": "additionalDiskSizeGB",
+ "type": "Microsoft.Common.TextBox",
+ "label": "Additional disk space (GB)",
+ "defaultValue": "0",
+ "toolTip": "Additional disk space (in GB), initial disk size is 100 GB.",
+ "constraints": {
+ "regex": "^([0-9]|[1-9][0-9]|[1-9][0-9][0-9]|[1-2][0-9][0-9][0-9]|3[0-8][0-9][0-9]|399[0-5])$",
+ "validationMessage": "Select a number between 0 and 3995"
+ }
+ },
+ {
+ "name": "useCustomImageUri",
+ "type": "Microsoft.Common.OptionsGroup",
+ "label": "Use development image uri",
+ "defaultValue": "No",
+ "toolTip": "Use custom image URI.",
+ "constraints": {
+ "allowedValues": [
+ {
+ "label": "Yes",
+ "value": "Yes"
+ },
+ {
+ "label": "No",
+ "value": "No"
+ }
+ ],
+ "required": true
+ },
+ "visible": false
+ },
+ {
+ "name": "sourceImageVhdUri",
+ "type": "Microsoft.Common.TextBox",
+ "label": "Development Image URI",
+ "toolTip": "The URI of the blob containing the development image",
+ "constraints": {
+ "required": "[equals(steps('chkp').useCustomImageUri, 'Yes')]",
+ "regex": "^[a-z0-9A-Z_\\-\\.\\:\\/]{1,500}.vhd$",
+ "validationMessage": "Only alphanumeric characters and '_','-','.',':','/' are allowed, the value must be 1-500 characters long and must end with .vhd. "
+ },
+ "visible": "[equals(steps('chkp').useCustomImageUri, 'Yes')]"
+ },
+ {
+ "name": "customMetrics",
+ "type": "Microsoft.Common.OptionsGroup",
+ "label": "Enable CloudGuard metrics",
+ "defaultValue": "Yes",
+ "toolTip": "Enable CloudGuard metrics in order to send statuses and statistics collected from Gateway or Standalone to the Azure Monitor service.",
+ "constraints": {
+ "allowedValues": [
+ {
+ "label": "Yes",
+ "value": "yes"
+ },
+ {
+ "label": "No",
+ "value": "no"
+ }
+ ],
+ "required": true
+ },
+ "visible": true
+ },
+ {
+ "name": "allowSmart1CloudConnection",
+ "type": "Microsoft.Common.OptionsGroup",
+ "label": "Quick connect to Smart-1 Cloud",
+ "defaultValue": "Yes",
+ "toolTip": "Automatically connect this single gateway to Smart-1 Cloud - Check Point's Security Management as a Service",
+ "constraints": {
+ "allowedValues": [
+ {
+ "label": "Yes",
+ "value": "yes"
+ },
+ {
+ "label": "No",
+ "value": "no"
+ }
+ ]
+ },
+ "visible": "[equals(steps('chkp').installationType, 'gateway')]"
+ },
+ {
+ "name": "smart1CloudTokenTxt",
+ "type": "Microsoft.Common.TextBlock",
+ "options": {
+ "text": "Follow these instructions to quickly connect this single gateway to Smart-1 Cloud",
+ "link": {
+ "label": "SK180501 - Connecting CloudGuard Network Security Public Cloud Gateways to Smart-1 Cloud",
+ "uri": "https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk180501"
+ }
+ },
+ "visible": "[equals(steps('chkp').allowSmart1CloudConnection, 'yes')]"
+ },
+ {
+ "name": "Smart1CloudToken",
+ "type": "Microsoft.Common.TextBox",
+ "label": "Smart-1 Cloud Token",
+ "toolTip": "Paste here the token copied from the Connect Gateway screen in Smart-1 Cloud portal",
+ "constraints": {
+ "required": true,
+ "regex": "[\\S\\s]{5,}",
+ "validationMessage": "Smart1Cloud Token Should contain at lease 5 characters"
+ },
+ "visible": "[equals(steps('chkp').allowSmart1CloudConnection, 'yes')]"
+ }
+ ]
+ },
+ {
+ "name": "network",
+ "label": "Network settings",
+ "subLabel": {
+ "preValidation": "Configure network settings",
+ "postValidation": "Done"
+ },
+ "bladeTitle": "Network settings",
+ "elements": [
+ {
+ "name": "virtualNetwork",
+ "type": "Microsoft.Network.VirtualNetworkCombo",
+ "label": {
+ "virtualNetwork": "Virtual network",
+ "subnets": "Subnets"
+ },
+ "toolTip": {
+ "virtualNetwork": "Virtual Network Name",
+ "subnets": "List of subnets to deploy into"
+ },
+ "defaultValue": {
+ "name": "vnet01",
+ "addressPrefixSize": "/16"
+ },
+ "constraints": {
+ "minAddressPrefixSize": "/28"
+ },
+ "options": {
+ "hideExisting": false
+ },
+ "subnets": {
+ "subnet1": {
+ "label": "Frontend subnet",
+ "defaultValue": {
+ "name": "Frontend",
+ "addressPrefixSize": "/24"
+ },
+ "constraints": {
+ "minAddressPrefixSize": "/29",
+ "minAddressCount": 1,
+ "requireContiguousAddresses": true
+ }
+ },
+ "subnet2": {
+ "label": "Backend subnet",
+ "defaultValue": {
+ "name": "Backend",
+ "addressPrefixSize": "/24"
+ },
+ "constraints": {
+ "minAddressPrefixSize": "/29",
+ "minAddressCount": 1,
+ "requireContiguousAddresses": true
+ }
+ }
+ }
+ },
+ {
+ "name": "NSG",
+ "type": "Microsoft.Common.OptionsGroup",
+ "label": "Network Security Group",
+ "toolTip": "Choose between using an existing NSG or using a new NSG",
+ "constraints": {
+ "allowedValues": [
+ {
+ "label": "Create new",
+ "value": true
+ },
+ {
+ "label": "Existing NSG",
+ "value": false
+ }
+ ],
+ "required": true
+ },
+ "visible": true
+ },
+ {
+ "name": "nsgSelector",
+ "type": "Microsoft.Solutions.ResourceSelector",
+ "label": "Network Security Group",
+ "defaultValue": "null",
+ "toolTip": "Choose an existing NSG",
+ "resourceType": "Microsoft.Network/NetworkSecurityGroups",
+ "options": {
+ "filter": {
+ "subscription": "onBasics",
+ "location": "onBasics"
+ }
+ },
+ "constraints": {
+ "required": true
+ },
+ "visible": "[equals(steps('network').NSG, false)]"
+ },
+ {
+ "name": "NSGName",
+ "type": "Microsoft.Common.TextBox",
+ "label": "Name",
+ "defaultValue": "[concat(basics('gatewayNameUi') , '-nsg')]",
+ "toolTip": "Insert Name for the new NSG",
+ "multiLine": false,
+ "constraints": {
+ "required": "[steps('network').NSG]",
+ "regex": "^[a-z0-9A-Z-]{1,30}$",
+ "validationMessage": "Only alphanumeric characters are allowed, and the name must be 1-30 characters long."
+ },
+ "visible": "[steps('network').NSG]"
+ },
+ {
+ "name": "addStorageAccountIpRules",
+ "type": "Microsoft.Common.OptionsGroup",
+ "defaultValue": "Network access from all networks",
+ "label": "Storage Account Network Access",
+ "toolTip": "Select your preferred network access to the Storage Account, for more information - https://learn.microsoft.com/en-us/troubleshoot/azure/virtual-machines/serial-console-linux#serial-console-security",
+ "constraints": {
+ "allowedValues": [
+ {
+ "label": "Network access from all networks",
+ "value": false
+ },
+ {
+ "label": "Network access only from Serial Console",
+ "value": true
+ }
+ ],
+ "required": true
+ },
+ "visible": true
+ }
+ ]
+ },
+ {
+ "name": "tags",
+ "label": "Tags",
+ "elements": [
+ {
+ "name": "tagsByResource",
+ "type": "Microsoft.Common.TagsByResource",
+ "toolTip": "Create Azure tags for the new resources",
+ "resources": [
+ "Microsoft.Storage/storageAccounts",
+ "Microsoft.Network/publicIPAddresses",
+ "Microsoft.Network/networkInterfaces",
+ "Microsoft.Compute/virtualMachines",
+ "Microsoft.Network/routeTables",
+ "Microsoft.Network/virtualNetworks"
+ ]
+ }
+ ]
+ }
+ ],
+ "outputs": {
+ "location": "[location()]",
+ "cloudGuardVersion": "[concat(steps('chkp').cloudGuardVersion, ' - ', coalesce(steps('chkp').R80Offer, 'Bring Your Own License'))]",
+ "adminPassword": "[basics('auth').password]",
+ "SerialConsolePasswordHash": "[steps('chkp').AdditionalPassword]",
+ "authenticationType": "[basics('auth').authenticationType]",
+ "sshPublicKey": "[basics('auth').sshPublicKey]",
+ "vmName": "[basics('gatewayNameUi')]",
+ "vmSize": "[coalesce(steps('chkp').R8040vmSizeUiBYOL, steps('chkp').R8040vmSizeUiNGTP, steps('chkp').R8040vmSizeUiNGTX,steps('chkp').R81vmSizeUiBYOL, steps('chkp').R81vmSizeUiNGTP, steps('chkp').R81vmSizeUiNGTX)]",
+ "sicKey": "[coalesce(steps('chkp').sicKeyUi, 'notused')]",
+ "virtualNetworkName": "[steps('network').virtualNetwork.name]",
+ "virtualNetworkAddressPrefix": "[steps('network').virtualNetwork.addressPrefix]",
+ "Subnet1Name": "[steps('network').virtualNetwork.subnets.subnet1.name]",
+ "Subnet1Prefix": "[steps('network').virtualNetwork.subnets.subnet1.addressPrefix]",
+ "Subnet1StartAddress": "[steps('network').virtualNetwork.subnets.subnet1.startAddress]",
+ "Subnet2Name": "[steps('network').virtualNetwork.subnets.subnet2.name]",
+ "Subnet2Prefix": "[steps('network').virtualNetwork.subnets.subnet2.addressPrefix]",
+ "Subnet2StartAddress": "[steps('network').virtualNetwork.subnets.subnet2.startAddress]",
+ "vnetNewOrExisting": "[steps('network').virtualNetwork.newOrExisting]",
+ "virtualNetworkExistingRGName": "[steps('network').virtualNetwork.resourceGroup]",
+ "managementGUIClientNetwork": "[steps('chkp').managementGUIClientNetwork]",
+ "installationType": "[steps('chkp').installationType]",
+ "bootstrapScript": "[steps('chkp').bootstrapScript]",
+ "allowDownloadFromUploadToCheckPoint": "[coalesce(steps('chkp').allowUploadDownload, 'true')]",
+ "additionalDiskSizeGB": "[int(steps('chkp').additionalDiskSizeGB)]",
+ "diskType": "[if(contains('R80.40 R81' , steps('chkp').cloudGuardVersion) , steps('chkp').VMDiskTypeOldVersions , steps('chkp').VMDiskType)]",
+ "sourceImageVhdUri": "[coalesce(steps('chkp').sourceImageVhdUri, 'noCustomUri')]",
+ "customMetrics": "[steps('chkp').customMetrics]",
+ "adminShell": "[steps('chkp').adminShell]",
+ "smart1CloudToken": "[steps('chkp').Smart1CloudToken]",
+ "tagsByResource": "[steps('tags').tagsByResource]",
+ "deployNewNSG": "[steps('network').NSG]",
+ "ExistingNSG": "[steps('network').nsgSelector]",
+ "NewNsgName": "[steps('network').NSGName]",
+ "addStorageAccountIpRules":"[steps('network').addStorageAccountIpRules]"
+ }
+ }
+}
diff --git a/deprecated/azure/templates/R8040-R81/single-r8040-r81/mainTemplate.json b/deprecated/azure/templates/R8040-R81/single-r8040-r81/mainTemplate.json
new file mode 100644
index 00000000..911b8572
--- /dev/null
+++ b/deprecated/azure/templates/R8040-R81/single-r8040-r81/mainTemplate.json
@@ -0,0 +1,779 @@
+{
+ "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
+ "contentVersion": "1.0.0.0",
+ "parameters": {
+ "subscriptionId": {
+ "type": "string",
+ "defaultValue": "[subscription().subscriptionId]",
+ "metadata": {
+ "description": "Subscription ID."
+ }
+ },
+ "location": {
+ "type": "string",
+ "metadata": {
+ "description": "Deployment location"
+ },
+ "defaultValue": "[resourceGroup().location]"
+ },
+ "cloudGuardVersion": {
+ "type": "string",
+ "allowedValues": [
+ "R80.40 - Bring Your Own License",
+ "R80.40 - Pay As You Go (NGTP)",
+ "R80.40 - Pay As You Go (NGTX)",
+ "R81 - Bring Your Own License",
+ "R81 - Pay As You Go (NGTP)",
+ "R81 - Pay As You Go (NGTX)",
+ ],
+ "defaultValue": "R81.20 - Bring Your Own License",
+ "metadata": {
+ "description": "Version of Check Point CloudGuard"
+ }
+ },
+ "authenticationType": {
+ "type": "string",
+ "allowedValues": [
+ "password",
+ "sshPublicKey"
+ ],
+ "defaultValue": "password",
+ "metadata": {
+ "description": "Authentication type"
+ }
+ },
+ "sshPublicKey": {
+ "type": "string",
+ "defaultValue": "",
+ "metadata": {
+ "description": "Administrator SSH public key"
+ }
+ },
+ "adminPassword": {
+ "type": "securestring",
+ "metadata": {
+ "description": "Administrator password"
+ },
+ "defaultValue": ""
+ },
+ "SerialConsolePasswordHash": {
+ "type": "securestring",
+ "defaultValue": "",
+ "metadata": {
+ "Description": "Optional parameter, used to enable serial console connection in case of SSH key as authentication type"
+ }
+ },
+ "vmName": {
+ "type": "string",
+ "metadata": {
+ "description": "Name of the Check Point Security Gateway"
+ }
+ },
+ "vmSize": {
+ "type": "string",
+ "defaultValue": "Standard_D3_v2",
+ "metadata": {
+ "description": "Size of the VM"
+ }
+ },
+ "adminShell": {
+ "type": "string",
+ "defaultValue": "/etc/cli.sh",
+ "allowedValues": [
+ "/etc/cli.sh",
+ "/bin/bash",
+ "/bin/csh",
+ "/bin/tcsh"
+ ],
+ "metadata": {
+ "Description": "The default shell for the admin user"
+ }
+ },
+ "sicKey": {
+ "type": "securestring",
+ "metadata": {
+ "description": "One time key for Secure Internal Communication"
+ }
+ },
+ "virtualNetworkName": {
+ "type": "string",
+ "metadata": {
+ "description": "The name of the virtual network"
+ },
+ "defaultValue": "vnet"
+ },
+ "virtualNetworkAddressPrefix": {
+ "type": "string",
+ "metadata": {
+ "description": "The address prefix of the virtual network"
+ },
+ "defaultValue": "10.0.0.0/16"
+ },
+ "Subnet1Name": {
+ "type": "string",
+ "metadata": {
+ "description": "The name of the 1st subnet"
+ },
+ "defaultValue": "Frontend"
+ },
+ "Subnet1Prefix": {
+ "type": "string",
+ "metadata": {
+ "description": "The address prefix of the 1st subnet"
+ },
+ "defaultValue": "10.0.1.0/24"
+ },
+ "Subnet1StartAddress": {
+ "type": "string",
+ "metadata": {
+ "description": "The first available address on the 1st subnet"
+ },
+ "defaultValue": "10.0.1.10"
+ },
+ "Subnet2Name": {
+ "type": "string",
+ "metadata": {
+ "description": "The name of the 2nd subnet"
+ },
+ "defaultValue": "Backend"
+ },
+ "Subnet2Prefix": {
+ "type": "string",
+ "metadata": {
+ "description": "The address prefix of the 2nd subnet"
+ },
+ "defaultValue": "10.0.2.0/24"
+ },
+ "Subnet2StartAddress": {
+ "type": "string",
+ "metadata": {
+ "description": "The first available address on the 2nd subnet"
+ },
+ "defaultValue": "10.0.2.10"
+ },
+ "vnetNewOrExisting": {
+ "type": "string",
+ "defaultValue": "new",
+ "allowedValues": [
+ "new",
+ "existing"
+ ],
+ "metadata": {
+ "Description": "Indicates whether the virtual network is new or existing"
+ }
+ },
+ "virtualNetworkExistingRGName": {
+ "type": "string",
+ "metadata": {
+ "description": "Resource Group of the existing virtual network"
+ },
+ "defaultValue": "[resourceGroup().name]"
+ },
+ "managementGUIClientNetwork": {
+ "type": "string",
+ "metadata": {
+ "description": "Allowed GUI clients"
+ },
+ "defaultValue": "0.0.0.0/0"
+ },
+ "installationType": {
+ "type": "string",
+ "metadata": {
+ "description": "Installation Type"
+ },
+ "defaultValue": "gateway",
+ "allowedValues": [
+ "standalone",
+ "gateway",
+ "custom"
+ ]
+ },
+ "bootstrapScript": {
+ "type": "string",
+ "metadata": {
+ "description": "Bootstrap script"
+ },
+ "defaultValue": ""
+ },
+ "allowDownloadFromUploadToCheckPoint": {
+ "type": "string",
+ "allowedValues": [
+ "true",
+ "false"
+ ],
+ "defaultValue": "true",
+ "metadata": {
+ "description": "Automatically download Blade Contracts and other important data. Improve product experience by sending data to Check Point"
+ }
+ },
+ "additionalDiskSizeGB": {
+ "type": "int",
+ "defaultValue": 0,
+ "metadata": {
+ "description": "Amount of additional disk space (in GB)"
+ },
+ "minValue": 0,
+ "maxValue": 3995
+ },
+ "diskType": {
+ "type": "string",
+ "defaultValue": "Standard_LRS",
+ "metadata": {
+ "description": "The type of the OS disk. Premium is applicable only to DS machine sizes"
+ },
+ "allowedValues": [
+ "Standard_LRS",
+ "Premium_LRS"
+ ]
+ },
+ "sourceImageVhdUri": {
+ "type": "string",
+ "defaultValue": "noCustomUri",
+ "metadata": {
+ "description": "The URI of the blob containing the development image"
+ }
+ },
+ "_artifactsLocation": {
+ "type": "string",
+ "metadata": {
+ "description": "Use the following URI when deploying a custom template: https://raw.githubusercontent.com/CheckPointSW/CloudGuardIaaS/master/azure/templates/"
+ },
+ "defaultValue": "[deployment().properties.templateLink.uri]"
+ },
+ "_artifactsLocationSasToken": {
+ "type": "securestring",
+ "metadata": {
+ "description": "The sasToken required to access _artifactsLocation. When the template is deployed using the accompanying scripts, a sasToken will be automatically generated. Use the defaultValue if the staging location is not secured."
+ },
+ "defaultValue": ""
+ },
+ "customMetrics": {
+ "type": "string",
+ "allowedValues": [
+ "no",
+ "yes"
+ ],
+ "defaultValue": "yes",
+ "metadata": {
+ "Description": "Indicates whether CloudGuard Metrics will be used for this VM monitoring"
+ }
+ },
+ "smart1CloudToken": {
+ "type": "securestring",
+ "defaultValue": ""
+ },
+ "rbacGuid": {
+ "type": "string",
+ "defaultValue": "[newGuid()]"
+ },
+ "tagsByResource": {
+ "type": "object",
+ "defaultValue": {}
+ },
+ "deployNewNSG": {
+ "type": "bool",
+ "defaultValue": true
+ },
+ "ExistingNSG": {
+ "type": "object",
+ "defaultValue": {}
+ },
+ "NewNsgName": {
+ "type": "string",
+ "defaultValue": "[concat(parameters('vmName'),'-nsg')]"
+ },
+ "addStorageAccountIpRules": {
+ "type": "bool",
+ "metadata": {
+ "description": "Add Storage Account IP rules that allow access to the Serial Console only for IPs based on their geographic location, based on https://learn.microsoft.com/en-us/troubleshoot/azure/virtual-machines/serial-console-linux#use-serial-console-with-custom-boot-diagnostics-storage-account-firewall-enabled"
+ },
+ "defaultValue" : false
+ },
+ "storageAccountAdditionalIps":{
+ "type": "array",
+ "metadata": {
+ "description": "IPs/CIDRs that are allowed access to the Storage Account"
+ },
+ "defaultValue" : []
+ }
+ },
+ "variables": {
+ "templateName": "single",
+ "templateVersion": "20230910",
+ "location": "[parameters('location')]",
+ "offers": {
+ "R80.40 - Bring Your Own License": "BYOL",
+ "R80.40 - Pay As You Go (NGTP)": "NGTP",
+ "R80.40 - Pay As You Go (NGTX)": "NGTX",
+ "R81 - Bring Your Own License": "BYOL",
+ "R81 - Pay As You Go (NGTP)": "NGTP",
+ "R81 - Pay As You Go (NGTX)": "NGTX"
+ },
+ "offer": "[variables('offers')[parameters('cloudGuardVersion')]]",
+ "osVersions": {
+ "R80.40 - Bring Your Own License": "R8040",
+ "R80.40 - Pay As You Go (NGTP)": "R8040",
+ "R80.40 - Pay As You Go (NGTX)": "R8040",
+ "R81 - Bring Your Own License": "R81",
+ "R81 - Pay As You Go (NGTP)": "R81",
+ "R81 - Pay As You Go (NGTX)": "R81"
+ },
+ "osVersion": "[variables('osVersions')[parameters('cloudGuardVersion')]]",
+ "serialConsoleGeographies": {
+ "eastasia" : ["20.205.69.28", "20.195.85.180"],
+ "southeastasia" : ["20.205.69.28", "20.195.85.180"],
+ "australiacentral" : ["20.53.53.224", "20.70.222.112"],
+ "australiacentral2" : ["20.53.53.224", "20.70.222.112"],
+ "australiaeast" : ["20.53.53.224", "20.70.222.112"],
+ "australiasoutheast" : ["20.53.53.224", "20.70.222.112"],
+ "brazilsouth" : ["91.234.136.63", "20.206.0.194"],
+ "brazilsoutheast" : ["91.234.136.63", "20.206.0.194"],
+ "canadacentral" : ["52.228.86.177", "52.242.40.90"],
+ "canadaeast" : ["52.228.86.177", "52.242.40.90"],
+ "northeurope" : ["52.146.139.220", "20.105.209.72"],
+ "westeurope" : ["52.146.139.220", "20.105.209.72"],
+ "francecentral" : ["20.111.0.244", "52.136.191.10"],
+ "francesouth" : ["20.111.0.244", "52.136.191.10"],
+ "germanynorth" : ["51.116.75.88", "20.52.95.48"],
+ "germanywestcentral" : ["51.116.75.88", "20.52.95.48"],
+ "centralindia" : ["20.192.168.150", "20.192.153.104"],
+ "southindia" : ["20.192.168.150", "20.192.153.104"],
+ "westindia" : ["20.192.168.150", "20.192.153.104"],
+ "japaneast" : ["20.43.70.205", "20.189.228.222"],
+ "japanwest" : ["20.43.70.205", "20.189.228.222"],
+ "koreacentral" : ["20.200.196.96", "52.147.119.29"],
+ "koreasouth" : ["20.200.196.96", "52.147.119.29"],
+ "norwaywest" : ["20.100.1.184", "51.13.138.76"],
+ "norwayeast" : ["20.100.1.184", "51.13.138.76"],
+ "switzerlandnorth" : ["20.208.4.98", "51.107.251.190"],
+ "switzerlandwest" : ["20.208.4.98", "51.107.251.190"],
+ "uaecentral" : ["20.45.95.66", "20.38.141.5"],
+ "uaenorth" : ["20.45.95.66", "20.38.141.5"],
+ "uksouth" : ["20.90.132.144", "20.58.68.62"],
+ "ukwest" : ["20.90.132.144", "20.58.68.62"],
+ "swedencentral" : ["51.12.72.223", "51.12.22.174"],
+ "swedensouth" : ["51.12.72.223", "51.12.22.174"],
+ "centralus" : ["20.98.146.84", "20.98.194.64", "20.69.5.162", "20.83.222.102"],
+ "eastus2" : ["20.98.146.84", "20.98.194.64", "20.69.5.162", "20.83.222.102"],
+ "eastus" : ["20.98.146.84", "20.98.194.64", "20.69.5.162", "20.83.222.102"],
+ "northcentralus" : ["20.98.146.84", "20.98.194.64", "20.69.5.162", "20.83.222.102"],
+ "southcentralus" : ["20.98.146.84", "20.98.194.64", "20.69.5.162", "20.83.222.102"],
+ "westus2" : ["20.98.146.84", "20.98.194.64", "20.69.5.162", "20.83.222.102"],
+ "westus3" : ["20.98.146.84", "20.98.194.64", "20.69.5.162", "20.83.222.102"],
+ "westcentralus" : ["20.98.146.84", "20.98.194.64", "20.69.5.162", "20.83.222.102"],
+ "westus" : ["20.98.146.84", "20.98.194.64", "20.69.5.162", "20.83.222.102"],
+ "eastus2euap" : ["20.45.242.18", "20.51.21.252"],
+ "centraluseuap" : ["20.45.242.18", "20.51.21.252"],
+ "usgovarizona" : ["20.141.10.130", "52.127.55.131"],
+ "usgovvirginia" : ["20.141.10.130", "52.127.55.131"]
+ },
+ "serialConsoleIps": "[if(contains(variables('serialConsoleGeographies'),variables('location')),variables('serialConsoleGeographies')[variables('location')],createArray())]",
+ "storageAccountIps" : "[concat(variables('SerialConsoleIps'),parameters('storageAccountAdditionalIps'))]",
+ "installationType": "[parameters('installationType')]",
+ "isBlink": "[equals(variables('installationType'), 'gateway')]",
+ "storageAccountName": "[concat('bootdiag', uniqueString(resourceGroup().id, deployment().name))]",
+ "storageAccountType": "Standard_LRS",
+ "diskSize100GB": 100,
+ "diskSizeGB": "[add(parameters('additionalDiskSizeGB'), variables('diskSize100GB'))]",
+ "customData": "[concat('#!/usr/bin/python3 /etc/cloud_config.py\n', '\n', 'installationType=\"', variables('installationType'), '\"', '\n', 'allowUploadDownload=\"', variables('allowUploadDownload'), '\"', '\n', 'osVersion=\"', variables('osVersion'), '\"', '\n', 'templateName=\"', variables('templateName'), '\"', '\n', 'isBlink=\"', variables('isBlink'), '\"', '\n', 'templateVersion=\"', variables('templateVersion'), '\"', '\n', 'bootstrapScript64=\"', variables('bootstrapScript64'), '\"', '\n', 'location=\"', variables('location'), '\"', '\n', 'sicKey=\"', variables('sicKey'), '\"', '\n', 'managementGUIClientNetwork=\"', variables('managementGUIClientNetwork'), '\"', '\n', 'customMetrics=\"', variables('customMetrics'), '\"', '\n', 'adminShell=\"', parameters('adminShell'), '\"', '\n', 'smart1CloudToken=\"', parameters('smart1CloudToken'), '\"', '\n', 'passwordHash=\"', parameters('SerialConsolePasswordHash'), '\"', '\n')]",
+ "imageOffer": "[concat('check-point-cg-', toLower(variables('osVersion')))]",
+ "imagePublisher": "checkpoint",
+ "imageSku": "[if(and(equals(parameters('installationType'), 'standalone'), or(equals(variables('osVersion'),'R8040'), equals(variables('osVersion'),'R81'))), 'mgmt-byol', 'sg-byol')]",
+ "imageReferenceBYOL": {
+ "offer": "[variables('imageOffer')]",
+ "publisher": "[variables('imagePublisher')]",
+ "sku": "[variables('imageSku')]",
+ "version": "latest"
+ },
+ "imageReferenceNGTP": {
+ "offer": "[variables('imageOffer')]",
+ "publisher": "[variables('imagePublisher')]",
+ "sku": "sg-ngtp",
+ "version": "latest"
+ },
+ "imageReferenceNGTP-V2": {
+ "offer": "[variables('imageOffer')]",
+ "publisher": "[variables('imagePublisher')]",
+ "sku": "sg-ngtp-v2",
+ "version": "latest"
+ },
+ "imageReferenceNGTX": {
+ "offer": "[variables('imageOffer')]",
+ "publisher": "[variables('imagePublisher')]",
+ "sku": "sg-ngtx",
+ "version": "latest"
+ },
+ "imageReferenceNGTX-V2": {
+ "offer": "[variables('imageOffer')]",
+ "publisher": "[variables('imagePublisher')]",
+ "sku": "sg-ngtx-v2",
+ "version": "latest"
+ },
+ "imageReferenceMarketplace": "[if(equals(variables('offer'), 'BYOL'), variables('imageReferenceBYOL'), if(equals(variables('offer'), 'NGTP'), variables('imageReferenceNGTP'), if(equals(variables('offer'), 'NGTP-V2'), variables('imageReferenceNGTP-V2'), if(equals(variables('offer'), 'NGTX'), variables('imageReferenceNGTX'), if(equals(variables('offer'), 'NGTX-V2'), variables('imageReferenceNGTX-V2'), json('null'))))))]",
+ "customImage": "customImage",
+ "imageReferenceCustomUri": {
+ "id": "[resourceId('Microsoft.Compute/images/', variables('customImage'))]"
+ },
+ "imageReference": "[if(equals(parameters('sourceImageVhdUri'),'noCustomUri'), variables('imageReferenceMarketplace'), variables('imageReferenceCustomUri'))]",
+ "nic1Name": "[concat(parameters('vmName'), '-eth0')]",
+ "nic2Name": "[concat(parameters('vmName'), '-eth1')]",
+ "linuxConfigurationpassword": {
+ "disablePasswordAuthentication": "false"
+ },
+ "linuxConfigurationsshPublicKey": {
+ "disablePasswordAuthentication": "true",
+ "ssh": {
+ "publicKeys": [
+ {
+ "keyData": "[parameters('sshPublicKey')]",
+ "path": "/home/notused/.ssh/authorized_keys"
+ }
+ ]
+ }
+ },
+ "linuxConfiguration": "[if(equals(parameters('authenticationType'), 'password'), variables('linuxConfigurationpassword'), variables('linuxConfigurationsshPublicKey'))]",
+ "planBYOL": {
+ "name": "[variables('imageSku')]",
+ "product": "[variables('imageOffer')]",
+ "publisher": "[variables('imagePublisher')]"
+ },
+ "planNGTP": {
+ "name": "sg-ngtp",
+ "product": "[variables('imageOffer')]",
+ "publisher": "[variables('imagePublisher')]"
+ },
+ "planNGTP-V2": {
+ "name": "sg-ngtp-v2",
+ "product": "[variables('imageOffer')]",
+ "publisher": "[variables('imagePublisher')]"
+ },
+ "planNGTX": {
+ "name": "sg-ngtx",
+ "product": "[variables('imageOffer')]",
+ "publisher": "[variables('imagePublisher')]"
+ },
+ "planNGTX-V2": {
+ "name": "sg-ngtx-v2",
+ "product": "[variables('imageOffer')]",
+ "publisher": "[variables('imagePublisher')]"
+ },
+ "plan": "[if(equals(variables('offer'), 'BYOL') , variables('planBYOL'), if(equals(variables('offer'), 'NGTP'), variables('planNGTP'), if(equals(variables('offer'), 'NGTP-V2'), variables('planNGTP-V2'), if(equals(variables('offer'), 'NGTX'), variables('planNGTX'), if(equals(variables('offer'), 'NGTX-V2'), variables('planNGTX-V2'), json('null'))))))]",
+ "publicIPAddressName": "[parameters('vmName')]",
+ "publicIPAddressId": "[resourceId('Microsoft.Network/publicIPAddresses/', variables('publicIPAddressName'))]",
+ "bootstrapScript64": "[base64(parameters('bootstrapScript'))]",
+ "allowUploadDownload": "[parameters('allowDownloadFromUploadToCheckPoint')]",
+ "_artifactsLocation": "[if(contains(parameters('_artifactsLocation'),'raw.githubusercontent.com/CheckPointSW/CloudGuardIaaS/master/azure/templates/marketplace'),'https://raw.githubusercontent.com/CheckPointSW/CloudGuardIaaS/master/azure/templates/',parameters('_artifactsLocation'))]",
+ "networkSetupURL": "[uri(variables('_artifactsLocation'), concat('nestedtemplates/vnet-', parameters('vnetNewOrExisting'), '.json', parameters('_artifactsLocationSasToken')))]",
+ "sicKey": "[parameters('sicKey')]",
+ "managementGUIClientNetwork": "[parameters('managementGUIClientNetwork')]",
+ "vmID": "[resourceId('Microsoft.Compute/virtualMachines/', parameters('vmName'))]",
+ "customMetrics": "[parameters('customMetrics')]",
+ "identity": "[json('{\"type\": \"SystemAssigned\"}')]",
+ "monitoringMetricsPublisher": "[concat('/subscriptions/', parameters('subscriptionId'), '/providers/Microsoft.Authorization/roleDefinitions/', '3913510d-42f4-4e42-8a64-420c390055eb')]",
+ "deployNewVnet": "[equals(parameters('vnetNewOrExisting'), 'new')]",
+ "vnetRGName": "[if(variables('deployNewVnet'), resourceGroup().name, parameters('virtualNetworkExistingRGName'))]",
+ "NewNsgReference": {"id": "[resourceId('Microsoft.Network/networkSecurityGroups', parameters('NewNsgName'))]"}
+ },
+ "resources": [
+ {
+ "apiVersion": "2020-06-01",
+ "name": "pid-6f13b00a-7546-4ab2-be9f-c66815cc6c8b-partnercenter",
+ "type": "Microsoft.Resources/deployments",
+ "properties": {
+ "mode": "Incremental",
+ "template": {
+ "$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
+ "contentVersion": "1.0.0.0",
+ "resources": []
+ }
+ }
+ },
+ {
+ "type": "Microsoft.Storage/storageAccounts",
+ "name": "[variables('storageAccountName')]",
+ "apiVersion": "2022-09-01",
+ "properties": {
+ "supportsHttpsTrafficOnly": true,
+ "allowBlobPublicAccess": false,
+ "minimumTlsVersion": "TLS1_2",
+ "networkAcls": {
+ "bypass": "None",
+ "defaultAction": "[if(parameters('addStorageAccountIpRules'), 'Deny', 'Allow')]",
+ "ipRules": "[if(parameters('addStorageAccountIpRules'), map(variables('storageAccountIps'), lambda('ip',createObject('action','Allow','value',lambdaVariables('ip')))), createArray())]"
+ }
+ },
+ "location": "[variables('location')]",
+ "sku": {
+ "name": "[variables('storageAccountType')]"
+ },
+ "kind": "Storage",
+ "tags": "[ if(contains(parameters('tagsByResource'), 'Microsoft.Storage/storageAccounts'), parameters('tagsByResource')['Microsoft.Storage/storageAccounts'], json('{}')) ]"
+ },
+ {
+ "condition": "[equals(parameters('vnetNewOrExisting'), 'new')]",
+ "name": "networkNewSetup",
+ "type": "Microsoft.Resources/deployments",
+ "apiVersion": "2020-06-01",
+ "properties": {
+ "mode": "Incremental",
+ "templateLink": {
+ "uri": "[variables('networkSetupURL')]",
+ "contentVersion": "1.0.0.0"
+ },
+ "parameters": {
+ "location": {
+ "value": "[variables('location')]"
+ },
+ "virtualNetworkName": {
+ "value": "[parameters('virtualNetworkName')]"
+ },
+ "virtualNetworkAddressPrefix": {
+ "value": "[parameters('virtualNetworkAddressPrefix')]"
+ },
+ "Subnet1Name": {
+ "value": "[parameters('Subnet1Name')]"
+ },
+ "Subnet1Prefix": {
+ "value": "[parameters('Subnet1Prefix')]"
+ },
+ "Subnet1StartAddress": {
+ "value": "[parameters('Subnet1StartAddress')]"
+ },
+ "Subnet2Name": {
+ "value": "[parameters('Subnet2Name')]"
+ },
+ "Subnet2Prefix": {
+ "value": "[parameters('Subnet2Prefix')]"
+ },
+ "Subnet2StartAddress": {
+ "value": "[parameters('Subnet2StartAddress')]"
+ },
+ "tagsByResource": {
+ "value": "[parameters('tagsByResource')]"
+ },
+ "deployNsg": {
+ "value": "[parameters('deployNewNSG')]"
+ },
+ "NewNsgName":
+ {
+ "value":"[parameters('NewNsgName')]"
+ }
+ }
+ }
+ },
+ {
+ "condition": "[equals(parameters('vnetNewOrExisting'), 'existing')]",
+ "name": "networkExistingSetup",
+ "type": "Microsoft.Resources/deployments",
+ "apiVersion": "2020-06-01",
+ "properties": {
+ "mode": "Incremental",
+ "templateLink": {
+ "uri": "[variables('networkSetupURL')]",
+ "contentVersion": "1.0.0.0"
+ },
+ "parameters": {
+ "location": {
+ "value": "[variables('location')]"
+ },
+ "virtualNetworkName": {
+ "value": "[parameters('virtualNetworkName')]"
+ },
+ "virtualNetworkExistingRGName": {
+ "value": "[variables('vnetRGName')]"
+ },
+ "tagsByResource": {
+ "value": "[parameters('tagsByResource')]"
+ },
+ "deployNsg": {
+ "value": "[parameters('deployNewNSG')]"
+ },
+ "NewNsgName":
+ {
+ "value":"[parameters('NewNsgName')]"
+ }
+ }
+ }
+ },
+ {
+ "type": "Microsoft.Network/publicIPAddresses",
+ "apiVersion": "2020-06-01",
+ "location": "[variables('location')]",
+ "name": "[variables('publicIPAddressName')]",
+ "sku": {
+ "name": "Standard"
+ },
+ "properties": {
+ "idleTimeoutInMinutes": 30,
+ "publicIPAllocationMethod": "Static",
+ "dnsSettings": {
+ "domainNameLabel": "[concat(toLower(parameters('vmName')), '-', uniquestring(resourceGroup().id, deployment().name))]"
+ }
+ },
+ "tags": "[ if(contains(parameters('tagsByResource'), 'Microsoft.Network/publicIPAddresses'), parameters('tagsByResource')['Microsoft.Network/publicIPAddresses'], json('{}')) ]"
+ },
+ {
+ "type": "Microsoft.Network/networkInterfaces",
+ "apiVersion": "2020-06-01",
+ "dependsOn": [
+ "[coalesce(resourceId('Microsoft.Resources/deployments/', 'networkNewSetup'), resourceId('Microsoft.Resources/deployments', 'networkExistingSetup'))]",
+ "[variables('publicIPAddressId')]"
+ ],
+ "location": "[variables('location')]",
+ "name": "[variables('nic1Name')]",
+ "properties": {
+ "enableIPForwarding": true,
+ "enableAcceleratedNetworking": true,
+ "networkSecurityGroup":"[if(parameters('deployNewNSG') , variables('NewNsgReference') , parameters('ExistingNSG'))]",
+ "ipConfigurations": [
+ {
+ "name": "ipconfig1",
+ "properties": {
+ "privateIPAddress": "[parameters('Subnet1StartAddress')]",
+ "privateIPAllocationMethod": "Static",
+ "PublicIpAddress": {
+ "Id": "[variables('publicIPAddressId')]"
+ },
+ "subnet": {
+ "id": "[resourceId(variables('vnetRGName'), 'Microsoft.Network/virtualNetworks/subnets/', parameters('virtualNetworkName'), parameters('Subnet1Name'))]"
+ }
+ }
+ }
+ ]
+ },
+ "tags": "[ if(contains(parameters('tagsByResource'), 'Microsoft.Network/networkInterfaces'), parameters('tagsByResource')['Microsoft.Network/networkInterfaces'], json('{}')) ]"
+ },
+ {
+ "type": "Microsoft.Network/networkInterfaces",
+ "apiVersion": "2020-06-01",
+ "dependsOn": [
+ "[coalesce(resourceId('Microsoft.Resources/deployments/', 'networkNewSetup'), resourceId('Microsoft.Resources/deployments/', 'networkExistingSetup'))]"
+ ],
+ "location": "[variables('location')]",
+ "name": "[variables('nic2Name')]",
+ "properties": {
+ "enableIPForwarding": true,
+ "enableAcceleratedNetworking": true,
+ "ipConfigurations": [
+ {
+ "name": "ipconfig2",
+ "properties": {
+ "privateIPAddress": "[parameters('Subnet2StartAddress')]",
+ "privateIPAllocationMethod": "Static",
+ "subnet": {
+ "id": "[resourceId(variables('vnetRGName'), 'Microsoft.Network/virtualNetworks/subnets/', parameters('virtualNetworkName'), parameters('Subnet2Name'))]"
+ }
+ }
+ }
+ ]
+ },
+ "tags": "[ if(contains(parameters('tagsByResource'), 'Microsoft.Network/networkInterfaces'), parameters('tagsByResource')['Microsoft.Network/networkInterfaces'], json('{}')) ]"
+ },
+ {
+ "condition": "[not(equals(parameters('sourceImageVhdUri'), 'noCustomUri'))]",
+ "type": "Microsoft.Compute/images",
+ "apiVersion": "2020-06-01",
+ "name": "[variables('customImage')]",
+ "location": "[variables('location')]",
+ "properties": {
+ "storageProfile": {
+ "osDisk": {
+ "osType": "Linux",
+ "osState": "Generalized",
+ "blobUri": "[parameters('sourceImageVhdUri')]",
+ "storageAccountType": "Standard_LRS"
+ }
+ },
+ "hyperVGeneration": "V1"
+ },
+ "tags": "[ if(contains(parameters('tagsByResource'), 'Microsoft.Compute/images'), parameters('tagsByResource')['Microsoft.Compute/images'], json('{}')) ]"
+ },
+ {
+ "type": "Microsoft.Compute/virtualMachines",
+ "apiVersion": "2021-07-01",
+ "dependsOn": [
+ "[resourceId('Microsoft.Storage/storageAccounts/', variables('storageAccountName'))]",
+ "[resourceId('Microsoft.Network/networkInterfaces/', variables('nic1Name'))]",
+ "[resourceId('Microsoft.Network/networkInterfaces/', variables('nic2Name'))]",
+ "[resourceId('Microsoft.Compute/images/', variables('customImage'))]"
+ ],
+ "location": "[variables('location')]",
+ "name": "[parameters('vmName')]",
+ "plan": "[if(equals(parameters('sourceImageVhdUri'),'noCustomUri'), variables('plan'), json('null'))]",
+ "identity": "[if(equals(variables('customMetrics'), 'yes'), variables('identity'), json('null'))]",
+ "properties": {
+ "UserData": "[base64(concat(variables('customData'), '\n', 'vnet=\"', if(equals(parameters('vnetNewOrExisting'), 'new'), reference('networkNewSetup').outputs.vnetAddressPrefix.value, reference('networkExistingSetup').outputs.vnetAddressPrefix.value), '\"', '\n' ))]",
+ "diagnosticsProfile": {
+ "bootDiagnostics": {
+ "enabled": "true",
+ "storageUri": "[reference(resourceId('Microsoft.Storage/storageAccounts/', variables('storageAccountName')), '2022-09-01').primaryEndpoints.blob]"
+ }
+ },
+ "hardwareProfile": {
+ "vmSize": "[parameters('vmSize')]"
+ },
+ "networkProfile": {
+ "networkInterfaces": [
+ {
+ "id": "[resourceId('Microsoft.Network/networkInterfaces/', variables('nic1Name'))]",
+ "properties": {
+ "primary": true
+ }
+ },
+ {
+ "id": "[resourceId('Microsoft.Network/networkInterfaces/', variables('nic2Name'))]",
+ "properties": {
+ "primary": false
+ }
+ }
+ ]
+ },
+ "osProfile": {
+ "adminPassword": "[parameters('adminPassword')]",
+ "adminUsername": "[concat('not','used')]",
+ "computerName": "[toLower(parameters('vmName'))]",
+ "customData": "[base64(concat(variables('customData'), '\n', 'vnet=\"', if(equals(parameters('vnetNewOrExisting'), 'new'), reference('networkNewSetup').outputs.vnetAddressPrefix.value, reference('networkExistingSetup').outputs.vnetAddressPrefix.value), '\"', '\n' ))]",
+ "linuxConfiguration": "[variables('linuxConfiguration')]"
+ },
+ "storageProfile": {
+ "imageReference": "[variables('imageReference')]",
+ "osDisk": {
+ "caching": "ReadWrite",
+ "createOption": "FromImage",
+ "diskSizeGB": "[variables('diskSizeGB')]",
+ "name": "[parameters('vmName')]",
+ "managedDisk": {
+ "storageAccountType": "[parameters('diskType')]"
+ }
+ }
+ }
+ },
+ "tags": "[ if(contains(parameters('tagsByResource'), 'Microsoft.Compute/virtualMachines'), parameters('tagsByResource')['Microsoft.Compute/virtualMachines'], json('{}')) ]"
+ },
+ {
+ "condition": "[equals(variables('customMetrics'), 'yes')]",
+ "apiVersion": "2020-04-01-preview",
+ "type": "Microsoft.Authorization/roleAssignments",
+ "name": "[parameters('rbacGuid')]",
+ "properties": {
+ "roleDefinitionId": "[variables('monitoringMetricsPublisher')]",
+ "principalId": "[reference(variables('vmID'), '2019-12-01', 'Full').identity.principalId]",
+ "scope": "[resourceGroup().id]"
+ },
+ "dependsOn": [
+ "[variables('vmID')]"
+ ],
+ "tags": "[ if(contains(parameters('tagsByResource'), 'Microsoft.Authorization/roleAssignments'), parameters('tagsByResource')['Microsoft.Authorization/roleAssignments'], json('{}')) ]"
+ }
+ ],
+ "outputs": {
+ "GatewayIPAddr": {
+ "type": "string",
+ "value": "[reference(variables('publicIPAddressId')).IpAddress]"
+ },
+ "GatewayFQDN": {
+ "type": "string",
+ "value": "[reference(variables('publicIPAddressId')).dnsSettings.fqdn]"
+ }
+ }
+}
\ No newline at end of file
diff --git a/deprecated/azure/templates/R8040-R81/vmss-ipv6-r8040-r81/README.md b/deprecated/azure/templates/R8040-R81/vmss-ipv6-r8040-r81/README.md
new file mode 100644
index 00000000..6fbc5c3c
--- /dev/null
+++ b/deprecated/azure/templates/R8040-R81/vmss-ipv6-r8040-r81/README.md
@@ -0,0 +1,9 @@
+# IPv6 support for CloudGuard IaaS in Azure
+Azure's IPv6 connectivity makes it easy to provide dual stack (IPv4/IPv6) Internet connectivity for applications hosted in Azure.
+It allows for simple deployment of VMs with load balanced IPv6 connectivity for both inbound and outbound initiated connections.
+
+Follow [sk170760](https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk170760) instruction to deploy CloudGuard IaaS virtual machine scale sets with IPv6 in Azure.
+
+
+
+
diff --git a/deprecated/azure/templates/R8040-R81/vmss-ipv6-r8040-r81/mainTemplate.json b/deprecated/azure/templates/R8040-R81/vmss-ipv6-r8040-r81/mainTemplate.json
new file mode 100644
index 00000000..fe55976d
--- /dev/null
+++ b/deprecated/azure/templates/R8040-R81/vmss-ipv6-r8040-r81/mainTemplate.json
@@ -0,0 +1,1209 @@
+{
+ "$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
+ "contentVersion": "1.0.0.0",
+ "parameters": {
+ "subscriptionId": {
+ "type": "string",
+ "defaultValue": "[subscription().subscriptionId]",
+ "metadata": {
+ "description": "Subscription ID."
+ }
+ },
+ "location": {
+ "type": "string",
+ "metadata": {
+ "description": "Deployment location"
+ },
+ "defaultValue": "[resourceGroup().location]"
+ },
+ "cloudGuardVersion": {
+ "type": "string",
+ "allowedValues": [
+ "R80.40 - Bring Your Own License",
+ "R80.40 - Pay As You Go (NGTP)",
+ "R80.40 - Pay As You Go (NGTX)",
+ "R81 - Bring Your Own License",
+ "R81 - Pay As You Go (NGTP)",
+ "R81 - Pay As You Go (NGTX)"
+ ],
+ "defaultValue": "R81 - Bring Your Own License",
+ "metadata": {
+ "description": "Version of Check Point CloudGuard"
+ }
+ },
+ "instanceCount": {
+ "defaultValue": "2",
+ "type": "string",
+ "metadata": {
+ "description": "Number of VM instances"
+ }
+ },
+ "maxInstanceCount": {
+ "defaultValue": "10",
+ "type": "string",
+ "metadata": {
+ "description": "Maximum number of VM instances"
+ }
+ },
+ "managementServer": {
+ "type": "string",
+ "metadata": {
+ "description": "The name of the management server as it appears in the configuration file"
+ }
+ },
+ "configurationTemplate": {
+ "type": "string",
+ "metadata": {
+ "description": "A name of a template as it appears in the configuration file"
+ }
+ },
+ "adminEmail": {
+ "type": "string",
+ "defaultValue": "",
+ "metadata": {
+ "description": "Email address to notify if there are any scaling operations"
+ }
+ },
+ "adminPassword": {
+ "type": "securestring",
+ "metadata": {
+ "description": "Administrator password"
+ },
+ "defaultValue": ""
+ },
+ "authenticationType": {
+ "type": "string",
+ "allowedValues": [
+ "password",
+ "sshPublicKey"
+ ],
+ "defaultValue": "password",
+ "metadata": {
+ "description": "Authentication type"
+ }
+ },
+ "sshPublicKey": {
+ "type": "string",
+ "defaultValue": "",
+ "metadata": {
+ "description": "Administrator SSH public key"
+ }
+ },
+ "vmName": {
+ "type": "string",
+ "defaultValue": "[resourceGroup().name]",
+ "metadata": {
+ "description": "Name of the Check Point Security Gateway scale set"
+ }
+ },
+ "vmSize": {
+ "type": "string",
+ "defaultValue": "Standard_D3_v2",
+ "metadata": {
+ "description": "Size of the VM"
+ }
+ },
+ "adminShell": {
+ "type": "string",
+ "defaultValue": "/etc/cli.sh",
+ "allowedValues": [
+ "/etc/cli.sh",
+ "/bin/bash",
+ "/bin/csh",
+ "/bin/tcsh"
+ ],
+ "metadata": {
+ "Description": "The default shell for the admin user"
+ }
+ },
+ "sicKey": {
+ "type": "securestring",
+ "metadata": {
+ "description": "One time key for Secure Internal Communication"
+ }
+ },
+ "virtualNetworkName": {
+ "type": "string",
+ "metadata": {
+ "description": "The name of the virtual network"
+ },
+ "defaultValue": "[concat(resourceGroup().name, '-vnet')]"
+ },
+ "virtualNetworkAddressPrefix": {
+ "type": "string",
+ "metadata": {
+ "description": "The address prefix of the virtual network"
+ },
+ "defaultValue": "10.0.0.0/16"
+ },
+ "virtualNetworkIpv6AddressPrefix": {
+ "type": "string",
+ "metadata": {
+ "description": "The IPv6 address prefix of the virtual network"
+ },
+ "defaultValue": "ace:cab:deca::/48"
+ },
+ "subnet1Name": {
+ "type": "string",
+ "metadata": {
+ "description": "The name of the frontend subnet"
+ },
+ "defaultValue": "Frontend"
+ },
+ "subnet1Prefix": {
+ "type": "string",
+ "metadata": {
+ "description": "The address prefix of the frontend subnet"
+ },
+ "defaultValue": "10.0.1.0/24"
+ },
+ "Subnet1Ipv6Prefix": {
+ "type": "string",
+ "metadata": {
+ "description": "The IPv6 address prefix of the 1st subnet"
+ },
+ "defaultValue": "ace:cab:deca:deed::/64"
+ },
+ "subnet2Name": {
+ "type": "string",
+ "metadata": {
+ "description": "The name of the backend subnet"
+ },
+ "defaultValue": "Backend"
+ },
+ "subnet2Prefix": {
+ "type": "string",
+ "metadata": {
+ "description": "The address prefix of the backend subnet"
+ },
+ "defaultValue": "10.0.2.0/24"
+ },
+ "Subnet2Ipv6Prefix": {
+ "type": "string",
+ "metadata": {
+ "description": "The IPv6 address prefix of the 2nd subnet"
+ },
+ "defaultValue": "ace:cab:deca:deee::/64"
+ },
+ "vnetNewOrExisting": {
+ "type": "string",
+ "defaultValue": "new",
+ "allowedValues": [
+ "new",
+ "existing"
+ ],
+ "metadata": {
+ "Description": "Indicates whether the virtual network is new or existing"
+ }
+ },
+ "virtualNetworkExistingRGName": {
+ "type": "string",
+ "metadata": {
+ "description": "Resource Group of the existing virtual network"
+ },
+ "defaultValue": "[resourceGroup().name]"
+ },
+ "bootstrapScript": {
+ "type": "string",
+ "metadata": {
+ "description": "Bootstrap script"
+ },
+ "defaultValue": ""
+ },
+ "allowDownloadFromUploadToCheckPoint": {
+ "type": "string",
+ "allowedValues": [
+ "true",
+ "false"
+ ],
+ "defaultValue": "true",
+ "metadata": {
+ "description": "Automatically download Blade Contracts and other important data. Improve product experience by sending data to Check Point"
+ }
+ },
+ "instanceLevelPublicIP": {
+ "type": "string",
+ "allowedValues": [
+ "no",
+ "yes"
+ ],
+ "defaultValue": "no",
+ "metadata": {
+ "description": "Deploy the VMSS with instance level Public IP address"
+ }
+ },
+ "mgmtInterfaceOpt1": {
+ "type": "string",
+ "allowedValues": [
+ "eth0-public",
+ "eth0-private",
+ "eth1-private"
+ ],
+ "defaultValue": "eth1-private",
+ "metadata": {
+ "description": "Manage the Gateways in the Scale Set via the instance's external (eth0) or internal (eth1) NIC's private IP address."
+ }
+ },
+ "mgmtInterfaceOpt2": {
+ "type": "string",
+ "allowedValues": [
+ "eth0-private",
+ "eth1-private"
+ ],
+ "defaultValue": "eth1-private",
+ "metadata": {
+ "description": "Manage the Gateways in the Scale Set via the instance's external (eth0) or internal (eth1) NIC's private IP address."
+ }
+ },
+ "mgmtIpAddress": {
+ "type": "string",
+ "defaultValue": "",
+ "metadata": {
+ "description": "The IP address used to manage the VMSS instances."
+ }
+ },
+ "diskType": {
+ "type": "string",
+ "defaultValue": "Standard_LRS",
+ "metadata": {
+ "description": "The type of the OS disk. Premium is applicable only to DS machine sizes"
+ },
+ "allowedValues": [
+ "Standard_LRS",
+ "Premium_LRS"
+ ]
+ },
+ "sourceImageVhdUri": {
+ "type": "string",
+ "defaultValue": "noCustomUri",
+ "metadata": {
+ "description": "The URI of the blob containing the development image"
+ }
+ },
+ "availabilityZonesNum": {
+ "type": "int",
+ "allowedValues": [
+ 0,
+ 1,
+ 2,
+ 3
+ ],
+ "defaultValue": 0,
+ "metadata": {
+ "description": "The number of availability zones"
+ }
+ },
+ "_artifactsLocation": {
+ "type": "string",
+ "metadata": {
+ "description": "The base URI where artifacts required by this template are located including a trailing '/'"
+ },
+ "defaultValue": "https://raw.githubusercontent.com/CheckPointSW/CloudGuardIaaS/master/azure/templates/"
+ },
+ "_artifactsLocationSasToken": {
+ "type": "securestring",
+ "metadata": {
+ "description": "The sasToken required to access _artifactsLocation. When the template is deployed using the accompanying scripts, a sasToken will be automatically generated. Use the defaultValue if the staging location is not secured."
+ },
+ "defaultValue": ""
+ },
+ "customMetrics": {
+ "type": "string",
+ "allowedValues": [
+ "no",
+ "yes"
+ ],
+ "defaultValue": "yes",
+ "metadata": {
+ "Description": "Indicates whether Custom Metrics will be used for VMSS Scaling policy and VM monitoring"
+ }
+ },
+ "rbacGuid": {
+ "type": "string",
+ "defaultValue": "[newGuid()]"
+ },
+ "tagsByResource": {
+ "type": "object",
+ "defaultValue": {}
+ },
+ "deployNewNSG": {
+ "type": "bool",
+ "defaultValue": true
+ },
+ "ExistingNSG": {
+ "type": "object",
+ "defaultValue": {}
+ },
+ "NewNsgName": {
+ "type": "string",
+ "defaultValue": "default-nsg"
+ },
+ "addStorageAccountIpRules": {
+ "type": "bool",
+ "metadata": {
+ "description": "Add Storage Account IP rules that allow access to the Serial Console only for IPs based on their geographic location, based on https://learn.microsoft.com/en-us/troubleshoot/azure/virtual-machines/serial-console-linux#use-serial-console-with-custom-boot-diagnostics-storage-account-firewall-enabled"
+ },
+ "defaultValue" : false
+ },
+ "storageAccountAdditionalIps":{
+ "type": "array",
+ "metadata": {
+ "description": "IPs/CIDRs that are allowed access to the Storage Account"
+ },
+ "defaultValue" : []
+ }
+
+ },
+ "variables": {
+ "vnetv4AddressRange": "[parameters('virtualNetworkAddressPrefix')]",
+ "vnetv6AddressRange": "[parameters('virtualNetworkIPv6AddressPrefix')]",
+ "subnetv4AddressRange": "[parameters('Subnet1Prefix')]",
+ "subnet2v4AddressRange": "[parameters('Subnet2Prefix')]",
+ "subnetv6AddressRange": "[parameters('Subnet1IPv6Prefix')]",
+ "subnet2v6AddressRange": "[parameters('Subnet2IPv6Prefix')]",
+ "virtualNetworkName": "[parameters('virtualNetworkName')]",
+ "subnetName": "[parameters('Subnet1Name')]",
+ "subnet2Name": "[parameters('Subnet2Name')]",
+ "resourceGroup": "[resourceGroup()]",
+ "templateName": "vmss-v2",
+ "templateVersion": "20230910",
+ "location": "[parameters('location')]",
+ "subnet-id": "[resourceId(parameters('virtualNetworkExistingRGName'), 'Microsoft.Network/virtualNetworks/subnets', variables('virtualNetworkName'), variables('subnetName'))]",
+ "subnet2-id": "[resourceId(parameters('virtualNetworkExistingRGName'), 'Microsoft.Network/virtualNetworks/subnets', variables('virtualNetworkName'), variables('subnet2Name'))]",
+ "VMSSFrontend": "VMSS-Frontend",
+ "VMSSBackend": "VMSS-Backend",
+ "offers": {
+ "R80.40 - Bring Your Own License": "BYOL",
+ "R80.40 - Pay As You Go (NGTP)": "NGTP",
+ "R80.40 - Pay As You Go (NGTX)": "NGTX",
+ "R81 - Bring Your Own License": "BYOL",
+ "R81 - Pay As You Go (NGTP)": "NGTP",
+ "R81 - Pay As You Go (NGTX)": "NGTX"
+ },
+ "offer": "[variables('offers')[parameters('cloudGuardVersion')]]",
+ "osVersions": {
+ "R80.40 - Bring Your Own License": "R8040",
+ "R80.40 - Pay As You Go (NGTP)": "R8040",
+ "R80.40 - Pay As You Go (NGTX)": "R8040",
+ "R81 - Bring Your Own License": "R81",
+ "R81 - Pay As You Go (NGTP)": "R81",
+ "R81 - Pay As You Go (NGTX)": "R81"
+ },
+ "osVersion": "[variables('osVersions')[parameters('cloudGuardVersion')]]",
+ "SerialConsoleGeographies": {
+ "eastasia" : ["20.205.69.28", "20.195.85.180"],
+ "southeastasia" : ["20.205.69.28", "20.195.85.180"],
+ "australiacentral" : ["20.53.53.224", "20.70.222.112"],
+ "australiacentral2" : ["20.53.53.224", "20.70.222.112"],
+ "australiaeast" : ["20.53.53.224", "20.70.222.112"],
+ "australiasoutheast" : ["20.53.53.224", "20.70.222.112"],
+ "brazilsouth" : ["91.234.136.63", "20.206.0.194"],
+ "brazilsoutheast" : ["91.234.136.63", "20.206.0.194"],
+ "canadacentral" : ["52.228.86.177", "52.242.40.90"],
+ "canadaeast" : ["52.228.86.177", "52.242.40.90"],
+ "northeurope" : ["52.146.139.220", "20.105.209.72"],
+ "westeurope" : ["52.146.139.220", "20.105.209.72"],
+ "francecentral" : ["20.111.0.244", "52.136.191.10"],
+ "francesouth" : ["20.111.0.244", "52.136.191.10"],
+ "germanynorth" : ["51.116.75.88", "20.52.95.48"],
+ "germanywestcentral" : ["51.116.75.88", "20.52.95.48"],
+ "centralindia" : ["20.192.168.150", "20.192.153.104"],
+ "southindia" : ["20.192.168.150", "20.192.153.104"],
+ "westindia" : ["20.192.168.150", "20.192.153.104"],
+ "japaneast" : ["20.43.70.205", "20.189.228.222"],
+ "japanwest" : ["20.43.70.205", "20.189.228.222"],
+ "koreacentral" : ["20.200.196.96", "52.147.119.29"],
+ "koreasouth" : ["20.200.196.96", "52.147.119.29"],
+ "norwaywest" : ["20.100.1.184", "51.13.138.76"],
+ "norwayeast" : ["20.100.1.184", "51.13.138.76"],
+ "switzerlandnorth" : ["20.208.4.98", "51.107.251.190"],
+ "switzerlandwest" : ["20.208.4.98", "51.107.251.190"],
+ "uaecentral" : ["20.45.95.66", "20.38.141.5"],
+ "uaenorth" : ["20.45.95.66", "20.38.141.5"],
+ "uksouth" : ["20.90.132.144", "20.58.68.62"],
+ "ukwest" : ["20.90.132.144", "20.58.68.62"],
+ "swedencentral" : ["51.12.72.223", "51.12.22.174"],
+ "swedensouth" : ["51.12.72.223", "51.12.22.174"],
+ "centralus" : ["20.98.146.84", "20.98.194.64", "20.69.5.162", "20.83.222.102"],
+ "eastus2" : ["20.98.146.84", "20.98.194.64", "20.69.5.162", "20.83.222.102"],
+ "eastus" : ["20.98.146.84", "20.98.194.64", "20.69.5.162", "20.83.222.102"],
+ "northcentralus" : ["20.98.146.84", "20.98.194.64", "20.69.5.162", "20.83.222.102"],
+ "southcentralus" : ["20.98.146.84", "20.98.194.64", "20.69.5.162", "20.83.222.102"],
+ "westus2" : ["20.98.146.84", "20.98.194.64", "20.69.5.162", "20.83.222.102"],
+ "westus3" : ["20.98.146.84", "20.98.194.64", "20.69.5.162", "20.83.222.102"],
+ "westcentralus" : ["20.98.146.84", "20.98.194.64", "20.69.5.162", "20.83.222.102"],
+ "westus" : ["20.98.146.84", "20.98.194.64", "20.69.5.162", "20.83.222.102"],
+ "eastus2euap" : ["20.45.242.18", "20.51.21.252"],
+ "centraluseuap" : ["20.45.242.18", "20.51.21.252"]},
+ "serialConsoleIps": "[if(contains(variables('serialConsoleGeographies'),variables('location')),variables('serialConsoleGeographies')[variables('location')],createArray())]",
+ "storageAccountIps" : "[concat(variables('SerialConsoleIps'),parameters('storageAccountAdditionalIps'))]",
+ "isBlink": true,
+ "storageAccountName": "[concat('bootdiag', uniqueString(variables('resourceGroup').id, deployment().name))]",
+ "storageAccountType": "Standard_LRS",
+ "diskSize100GB": 100,
+ "additionalDiskSizeGB": "[if(contains('R8040 R81', variables('osVersion')), 0, parameters('additionalDiskSizeGB'))]",
+ "diskSizeGB": "[add(variables('additionalDiskSizeGB'), variables('diskSize100GB'))]",
+ "customData": "[concat('#!/usr/bin/python3 /etc/cloud_config.py\n', '\n', 'installationType=\"', variables('installationType'), '\"', '\n', 'allowUploadDownload=\"', variables('allowUploadDownload'), '\"', '\n', 'osVersion=\"', variables('osVersion'), '\"', '\n', 'templateName=\"', variables('templateName'), '\"', '\n', 'isBlink=\"', variables('isBlink'), '\"', '\n', 'templateVersion=\"', variables('templateVersion'), '\"', '\n', 'bootstrapScript64=\"', variables('bootstrapScript64'), '\"', '\n', 'location=\"', variables('location'), '\"', '\n', 'sicKey=\"', variables('sicKey'), '\"', '\n', 'customMetrics=\"', variables('customMetrics'), '\"', '\n', 'adminShell=\"', parameters('adminShell'), '\"', '\n')]",
+ "imageOffer": "[concat('check-point-cg-', toLower(variables('osVersion')))]",
+ "imagePublisher": "checkpoint",
+ "imageReferenceBYOL": {
+ "offer": "[variables('imageOffer')]",
+ "publisher": "[variables('imagePublisher')]",
+ "sku": "sg-byol",
+ "version": "latest"
+ },
+ "imageReferenceNGTP": {
+ "offer": "[variables('imageOffer')]",
+ "publisher": "[variables('imagePublisher')]",
+ "sku": "sg-ngtp",
+ "version": "latest"
+ },
+ "imageReferenceNGTP-V2": {
+ "offer": "[variables('imageOffer')]",
+ "publisher": "[variables('imagePublisher')]",
+ "sku": "sg-ngtp-v2",
+ "version": "latest"
+ },
+ "imageReferenceNGTX": {
+ "offer": "[variables('imageOffer')]",
+ "publisher": "[variables('imagePublisher')]",
+ "sku": "sg-ngtx",
+ "version": "latest"
+ },
+ "imageReferenceNGTX-V2": {
+ "offer": "[variables('imageOffer')]",
+ "publisher": "[variables('imagePublisher')]",
+ "sku": "sg-ngtx-v2",
+ "version": "latest"
+ },
+ "imageReferenceMarketplace": "[if(equals(variables('offer'), 'BYOL'), variables('imageReferenceBYOL'), if(equals(variables('offer'), 'NGTP'), variables('imageReferenceNGTP'), if(equals(variables('offer'), 'NGTP-V2'), variables('imageReferenceNGTP-V2'), if(equals(variables('offer'), 'NGTX'), variables('imageReferenceNGTX'), if(equals(variables('offer'), 'NGTX-V2'), variables('imageReferenceNGTX-V2'), json('null'))))))]",
+ "customImage": "customImage",
+ "imageReferenceCustomUri": {
+ "id": "[resourceId('Microsoft.Compute/images', variables('customImage'))]"
+ },
+ "imageReference": "[if(equals(parameters('sourceImageVhdUri'),'noCustomUri'), variables('imageReferenceMarketplace'), variables('imageReferenceCustomUri'))]",
+ "linuxConfigurationpassword": {
+ "disablePasswordAuthentication": "false"
+ },
+ "linuxConfigurationsshPublicKey": {
+ "disablePasswordAuthentication": "true",
+ "ssh": {
+ "publicKeys": [
+ {
+ "keyData": "[parameters('sshPublicKey')]",
+ "path": "/home/notused/.ssh/authorized_keys"
+ }
+ ]
+ }
+ },
+ "linuxConfiguration": "[if(equals(parameters('authenticationType'), 'password'), variables('linuxConfigurationpassword'), variables('linuxConfigurationsshPublicKey'))]",
+ "planBYOL": {
+ "name": "sg-byol",
+ "product": "[variables('imageOffer')]",
+ "publisher": "[variables('imagePublisher')]"
+ },
+ "planNGTP": {
+ "name": "sg-ngtp",
+ "product": "[variables('imageOffer')]",
+ "publisher": "[variables('imagePublisher')]"
+ },
+ "planNGTP-V2": {
+ "name": "sg-ngtp-v2",
+ "product": "[variables('imageOffer')]",
+ "publisher": "[variables('imagePublisher')]"
+ },
+ "planNGTX": {
+ "name": "sg-ngtx",
+ "product": "[variables('imageOffer')]",
+ "publisher": "[variables('imagePublisher')]"
+ },
+ "planNGTX-V2": {
+ "name": "sg-ngtx-v2",
+ "product": "[variables('imageOffer')]",
+ "publisher": "[variables('imagePublisher')]"
+ },
+ "plan": "[if(equals(variables('offer'), 'BYOL') , variables('planBYOL'), if(equals(variables('offer'), 'NGTP'), variables('planNGTP'), if(equals(variables('offer'), 'NGTP-V2'), variables('planNGTP-V2'), if(equals(variables('offer'), 'NGTX'), variables('planNGTX'), if(equals(variables('offer'), 'NGTX-V2'), variables('planNGTX-V2'), json('null'))))))]",
+ "vmssID": "[resourceId('Microsoft.Compute/virtualMachineScaleSets', parameters('vmName'))]",
+ "bootstrapScript64": "[base64(parameters('bootstrapScript'))]",
+ "allowUploadDownload": "[parameters('allowDownloadFromUploadToCheckPoint')]",
+ "sicKey": "[parameters('sicKey')]",
+ "installationType": "vmss",
+ "publicIPProperties": {
+ "name": "instancePublicIP",
+ "properties": {
+ "idleTimeoutInMinutes": 15
+ }
+ },
+ "networkSetupURL": "[uri(parameters('_artifactsLocation'), concat('nestedtemplates/vnet-2-subnet-ha-', parameters('vnetNewOrExisting'), '.json', parameters('_artifactsLocationSasToken')))]",
+ "azureFunctionSetupURL": "[uri(parameters('_artifactsLocation'), concat('nestedtemplates/azure-func-sami.json', parameters('_artifactsLocationSasToken')))]",
+ "storageAccountId": "[resourceId('Microsoft.Storage/storageAccounts/', variables('storageAccountName'))]",
+ "customImageId": "[variables('imageReferenceCustomUri').id]",
+ "availabilityZonesLocations": [
+ "brazilsouth",
+ "canadacentral",
+ "centralus",
+ "eastus",
+ "eastus2",
+ "southcentralus",
+ "usgovvirginia",
+ "westus2",
+ "westus3",
+ "francecentral",
+ "germanywestcentral",
+ "northeurope",
+ "norwayeast",
+ "uksouth",
+ "westeurope",
+ "swedencentral",
+ "switzerlandnorth",
+ "qatarcentral",
+ "uaenorth",
+ "southafricanorth",
+ "australiaeast",
+ "centralindia",
+ "japaneast",
+ "koreacentral",
+ "southeastasia",
+ "eastasia",
+ "italynorth"
+ ],
+ "availabilityZonesProperty": "[range(1, parameters('availabilityZonesNum'))]",
+ "mgmtInterface": "[if(equals(parameters('instanceLevelPublicIP'), 'yes'), parameters('mgmtInterfaceOpt1'), parameters('mgmtInterfaceOpt2'))]",
+ "mgmtIpAddressType": "[split(variables('mgmtInterface'), '-')[1]]",
+ "mgmtInterfaceName": "[split(variables('mgmtInterface'), '-')[0]]",
+ "mgmtIPaddress": "[if(equals(variables('mgmtInterfaceName'), 'eth0'), parameters('mgmtIpAddress'), '')]",
+ "commomTags": {
+ "x-chkp-management": "[parameters('managementServer')]",
+ "x-chkp-template": "[parameters('configurationTemplate')]",
+ "x-chkp-ip-address": "[variables('mgmtIpAddressType')]",
+ "x-chkp-management-interface": "[variables('mgmtInterfaceName')]",
+ "x-chkp-topology": "eth0:external,eth1:internal",
+ "x-chkp-anti-spoofing": "eth0:false,eth1:false",
+ "x-chkp-srcImageUri": "[parameters('sourceImageVhdUri')]"
+ },
+ "uniqueTags": {
+ "x-chkp-management-address": "[variables('mgmtIPaddress')]"
+ },
+ "vmssTags": "[if(equals(variables('mgmtIPaddress'), ''), variables('commomTags'), union(variables('commomTags'), variables('uniqueTags')))]",
+ "dnsZoneResourceId": "[parameters('dnsZoneResourceId')]",
+ "dnsZoneRecordSetName": "[parameters('dnsZoneRecordSetName')]",
+ "numberOfRecordSetEntries": "20",
+ "customMetrics": "[parameters('customMetrics')]",
+ "monitoringMetricsPublisher": "[concat('/subscriptions/', parameters('subscriptionId'), '/providers/Microsoft.Authorization/roleDefinitions/', '3913510d-42f4-4e42-8a64-420c390055eb')]",
+ "identity": "[json('{\"type\": \"SystemAssigned\"}')]",
+ "NewNsgReference": {"id": "[resourceId('Microsoft.Network/networkSecurityGroups', parameters('NewNsgName'))]"}
+ },
+ "resources": [
+ {
+ "apiVersion": "2021-01-01",
+ "name": "pid-23952014-097a-4aed-ade6-0d4b5c278517",
+ "type": "Microsoft.Resources/deployments",
+ "properties": {
+ "mode": "Incremental",
+ "template": {
+ "$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
+ "contentVersion": "1.0.0.0",
+ "resources": []
+ }
+ }
+ },
+ {
+ "apiVersion": "2020-05-01",
+ "type": "Microsoft.Network/publicIPAddresses",
+ "name": "lbpublicip-v4",
+ "location": "[parameters('location')]",
+ "sku": {
+ "name": "Standard"
+ },
+ "properties": {
+ "publicIPAllocationMethod": "Static"
+ },
+ "tags": "[ if(contains(parameters('tagsByResource'), 'Microsoft.Network/publicIPAddresses'), parameters('tagsByResource')['Microsoft.Network/publicIPAddresses'], json('{}')) ]"
+ },
+ {
+ "apiVersion": "2020-05-01",
+ "type": "Microsoft.Network/publicIPAddresses",
+ "name": "lbpublicip-v6",
+ "location": "[parameters('location')]",
+ "sku": {
+ "name": "Standard"
+ },
+ "properties": {
+ "publicIPAllocationMethod": "Static",
+ "publicIPAddressVersion": "IPv6"
+ },
+ "tags": "[ if(contains(parameters('tagsByResource'), 'Microsoft.Network/publicIPAddresses'), parameters('tagsByResource')['Microsoft.Network/publicIPAddresses'], json('{}')) ]"
+ },
+ {
+ "apiVersion": "2020-05-01",
+ "name": "frontend-lb",
+ "type": "Microsoft.Network/loadBalancers",
+ "location": "[parameters('location')]",
+ "sku": {
+ "name": "Standard"
+ },
+ "dependsOn": [
+ "[resourceId('Microsoft.Network/publicIPAddresses','lbpublicip-v4')]",
+ "[resourceId('Microsoft.Network/publicIPAddresses','lbpublicip-v6')]"
+ ],
+ "properties": {
+ "frontendIpConfigurations": [
+ {
+ "name": "LB-v4",
+ "properties": {
+ "publicIPAddress": {
+ "id": "[resourceId('Microsoft.Network/publicIPAddresses', 'lbpublicip-v4')]"
+ }
+ }
+ },
+ {
+ "name": "LB-v6",
+ "properties": {
+ "publicIPAddress": {
+ "id": "[resourceId('Microsoft.Network/publicIPAddresses','lbpublicip-v6')]"
+ }
+ }
+ }
+ ],
+ "backendAddressPools": [
+ {
+ "name": "frontend-LBBAP-v4"
+ },
+ {
+ "name": "frontend-LBBAP-v6"
+ }
+ ],
+ "loadBalancingRules": [
+ {
+ "properties": {
+ "frontendIPConfiguration": {
+ "id": "[resourceId('Microsoft.Network/loadBalancers/frontendIpConfigurations', 'frontend-lb', 'LB-v4')]"
+ },
+ "backendAddressPool": {
+ "id": "[resourceId('Microsoft.Network/loadBalancers/backendAddressPools', 'frontend-lb', 'frontend-LBBAP-v4')]"
+ },
+ "probe": {
+ "id": "[resourceId('Microsoft.Network/loadBalancers/probes', 'frontend-lb', 'lb-probe')]"
+ },
+ "protocol": "Tcp",
+ "frontendPort": 443,
+ "backendPort": 443,
+ "idleTimeoutInMinutes": 4
+ },
+ "name": "frontend-lb-rule-v4"
+ },
+ {
+ "properties": {
+ "frontendIPConfiguration": {
+ "id": "[resourceId('Microsoft.Network/loadBalancers/frontendIpConfigurations', 'frontend-lb', 'LB-v6')]"
+ },
+ "backendAddressPool": {
+ "id": "[resourceId('Microsoft.Network/loadBalancers/backendAddressPools', 'frontend-lb', 'frontend-LBBAP-v6')]"
+ },
+ "probe": {
+ "id": "[resourceId('Microsoft.Network/loadBalancers/probes', 'frontend-lb', 'lb-probe')]"
+ },
+ "protocol": "Tcp",
+ "frontendPort": 443,
+ "backendPort": 443
+ },
+ "name": "frontend-lb-rule-v6"
+ }
+ ],
+ "probes": [
+ {
+ "properties": {
+ "protocol": "Tcp",
+ "port": 22,
+ "intervalInSeconds": 5,
+ "numberOfProbes": 2
+ },
+ "name": "lb-probe"
+ }
+ ]
+ },
+ "tags": "[ if(contains(parameters('tagsByResource'), 'Microsoft.Network/loadBalancers'), parameters('tagsByResource')['Microsoft.Network/loadBalancers'], json('{}')) ]"
+ },
+ {
+ "apiVersion": "2021-01-01",
+ "name": "backend-lb",
+ "type": "Microsoft.Network/loadBalancers",
+ "location": "[parameters('location')]",
+ "sku": {
+ "name": "Standard"
+ },
+ "dependsOn": [
+ "[coalesce(resourceId('Microsoft.Network/virtualNetworks', variables('virtualNetworkName')), resourceId('Microsoft.Resources/deployments', 'networkExistingSetup'))]"
+ ],
+ "properties": {
+ "frontendIpConfigurations": [
+ {
+ "name": "LB-v4",
+ "properties": {
+ "subnet": {
+ "id": "[variables('subnet2-id')]"
+ }
+ }
+ }
+ ],
+ "backendAddressPools": [
+ {
+ "name": "backend-LBBAP-v4"
+ }
+ ],
+ "loadBalancingRules": [
+ {
+ "properties": {
+ "frontendIPConfiguration": {
+ "id": "[resourceId('Microsoft.Network/loadBalancers/frontendIpConfigurations', 'backend-lb', 'LB-v4')]"
+ },
+ "backendAddressPool": {
+ "id": "[resourceId('Microsoft.Network/loadBalancers/backendAddressPools', 'backend-lb', 'backend-LBBAP-v4')]"
+ },
+ "probe": {
+ "id": "[resourceId('Microsoft.Network/loadBalancers/probes', 'backend-lb', 'lb-probe')]"
+ },
+ "protocol": "Tcp",
+ "frontendPort": 443,
+ "backendPort": 443,
+ "idleTimeoutInMinutes": 4
+ },
+ "name": "backend-lb-rule-v4"
+ }
+ ],
+ "probes": [
+ {
+ "properties": {
+ "protocol": "Tcp",
+ "port": 22,
+ "intervalInSeconds": 5,
+ "numberOfProbes": 2
+ },
+ "name": "lb-probe"
+ }
+ ]
+ },
+ "tags": "[ if(contains(parameters('tagsByResource'), 'Microsoft.Network/loadBalancers'), parameters('tagsByResource')['Microsoft.Network/loadBalancers'], json('{}')) ]"
+ },
+ {
+ "condition": "[equals(parameters('vnetNewOrExisting'), 'new')]",
+ "type": "Microsoft.Network/routeTables",
+ "name": "[variables('VMSSBackend')]",
+ "apiVersion": "2021-03-01",
+ "location": "[parameters('location')]",
+ "properties": {
+ "disableBgpRoutePropagation": false,
+ "routes": [
+ {
+ "name": "To-Internet",
+ "properties": {
+ "addressPrefix": "0.0.0.0/0",
+ "nextHopType": "None"
+ }
+ }
+ ]
+ },
+ "tags": "[ if(contains(parameters('tagsByResource'), 'Microsoft.Network/routeTables'), parameters('tagsByResource')['Microsoft.Network/routeTables'], json('{}')) ]"
+ },
+ {
+ "condition": "[equals(parameters('vnetNewOrExisting'), 'new')]",
+ "type": "Microsoft.Network/routeTables",
+ "name": "[variables('VMSSFrontend')]",
+ "apiVersion": "2021-03-01",
+ "location": "[parameters('location')]",
+ "properties": {
+ "disableBgpRoutePropagation": false,
+ "routes": [
+ {
+ "name": "Local-Subnet-v6",
+ "properties": {
+ "addressPrefix": "[parameters('Subnet1IPv6Prefix')]",
+ "nextHopType": "VnetLocal"
+ }
+ },
+ {
+ "name": "Local-Subnet-v4",
+ "properties": {
+ "addressPrefix": "[variables('subnetv4AddressRange')]",
+ "nextHopType": "VnetLocal"
+ }
+ }
+ ]
+ },
+ "tags": "[ if(contains(parameters('tagsByResource'), 'Microsoft.Network/routeTables'), parameters('tagsByResource')['Microsoft.Network/routeTables'], json('{}')) ]"
+ },
+ {
+ "condition": "[equals(parameters('vnetNewOrExisting'), 'new')]",
+ "apiVersion": "2021-03-01",
+ "type": "Microsoft.Network/virtualNetworks",
+ "name": "[variables('virtualNetworkName')]",
+ "location": "[parameters('location')]",
+ "dependsOn": [
+ "[resourceId('Microsoft.Network/routeTables', variables('VMSSFrontend'))]",
+ "[resourceId('Microsoft.Network/routeTables', variables('VMSSBackend'))]"
+ ],
+ "properties": {
+ "dhcpOptions": {
+ "dnsServers": [
+ "cafe:43::",
+ "cafe:45::"
+ ]
+ },
+ "addressSpace": {
+ "addressPrefixes": [
+ "[variables('vnetv4AddressRange')]",
+ "[variables('vnetv6AddressRange')]"
+ ]
+ },
+ "subnets": [
+ {
+ "name": "[variables('subnetName')]",
+ "properties": {
+ "addressPrefixes": [
+ "[variables('subnetv4AddressRange')]",
+ "[variables('subnetv6AddressRange')]"
+ ],
+ "routeTable": {
+ "id": "[resourceId('Microsoft.Network/routeTables', variables('VMSSFrontend'))]"
+ }
+ }
+ },
+ {
+ "name": "[variables('subnet2Name')]",
+ "properties": {
+ "addressPrefixes": [
+ "[variables('subnet2v4AddressRange')]",
+ "[variables('subnet2v6AddressRange')]"
+ ],
+ "routeTable": {
+ "id": "[resourceId('Microsoft.Network/routeTables', variables('VMSSBackend'))]"
+ }
+ }
+ }
+ ]
+ },
+ "tags": "[ if(contains(parameters('tagsByResource'), 'Microsoft.Network/virtualNetworks'), parameters('tagsByResource')['Microsoft.Network/virtualNetworks'], json('{}')) ]"
+ },
+ {
+ "condition": "[equals(variables('customMetrics'), 'yes')]",
+ "apiVersion": "2020-04-01-preview",
+ "type": "Microsoft.Authorization/roleAssignments",
+ "name": "[parameters('rbacGuid')]",
+ "properties": {
+ "roleDefinitionId": "[variables('monitoringMetricsPublisher')]",
+ "principalId": "[reference(variables('vmssID'), '2021-03-01', 'Full').identity.principalId]",
+ "scope": "[resourceGroup().id]"
+ },
+ "dependsOn": [
+ "[variables('vmssID')]"
+ ],
+ "tags": "[ if(contains(parameters('tagsByResource'), 'Microsoft.Authorization/roleAssignments'), parameters('tagsByResource')['Microsoft.Authorization/roleAssignments'], json('{}')) ]"
+ },
+ {
+ "condition": "[equals(parameters('vnetNewOrExisting'), 'existing')]",
+ "name": "networkExistingSetup",
+ "type": "Microsoft.Resources/deployments",
+ "apiVersion": "2021-01-01",
+ "resourceGroup": "[parameters('virtualNetworkExistingRGName')]",
+ "properties": {
+ "mode": "Incremental",
+ "templateLink": {
+ "uri": "[variables('networkSetupURL')]",
+ "contentVersion": "1.0.0.0"
+ },
+ "parameters": {
+ "location": {
+ "value": "[variables('location')]"
+ },
+ "virtualNetworkName": {
+ "value": "[parameters('virtualNetworkName')]"
+ },
+ "virtualNetworkExistingRGName": {
+ "value": "[parameters('virtualNetworkExistingRGName')]"
+ },
+ "vmName": {
+ "value": "[parameters('vmName')]"
+ },
+ "deployNsg": {
+ "value": "[parameters('deployNewNSG')]"
+ },
+ "NewNsgName":
+ {
+ "value":"[parameters('NewNsgName')]"
+ },
+ "tagsByResource": {
+ "value": "[parameters('tagsByResource')]"
+ }
+ }
+ }
+ },
+ {
+ "type": "Microsoft.Storage/storageAccounts",
+ "name": "[variables('storageAccountName')]",
+ "apiVersion": "2021-06-01",
+ "properties": {
+ "supportsHttpsTrafficOnly": true,
+ "allowBlobPublicAccess": false,
+ "minimumTlsVersion": "TLS1_2",
+ "networkAcls": {
+ "bypass": "None",
+ "defaultAction": "[if(parameters('addStorageAccountIpRules'), 'Deny', 'Allow')]",
+ "ipRules": "[if(parameters('addStorageAccountIpRules'), map(variables('storageAccountIps'), lambda('ip',createObject('action','Allow','value',lambdaVariables('ip')))), createArray())]"
+ }
+ },
+ "location": "[variables('location')]",
+ "sku": {
+ "name": "[variables('storageAccountType')]"
+ },
+ "kind": "Storage",
+ "tags": "[ if(contains(parameters('tagsByResource'), 'Microsoft.Storage/storageAccounts'), parameters('tagsByResource')['Microsoft.Storage/storageAccounts'], json('{}')) ]"
+ },
+ {
+ "condition": "[not(equals(parameters('sourceImageVhdUri'), 'noCustomUri'))]",
+ "type": "Microsoft.Compute/images",
+ "apiVersion": "2021-07-01",
+ "name": "[variables('customImage')]",
+ "location": "[variables('resourceGroup').location]",
+ "properties": {
+ "storageProfile": {
+ "osDisk": {
+ "osType": "Linux",
+ "osState": "Generalized",
+ "blobUri": "[parameters('sourceImageVhdUri')]",
+ "storageAccountType": "Standard_LRS"
+ }
+ }
+ },
+ "tags": "[ if(contains(parameters('tagsByResource'), 'Microsoft.Compute/images'), parameters('tagsByResource')['Microsoft.Compute/images'], json('{}')) ]"
+ },
+
+ {
+ "type": "Microsoft.Network/networkSecurityGroups",
+ "condition": "[and(parameters('deployNewNSG'),equals(parameters('vnetNewOrExisting'), 'new'))]",
+ "apiVersion": "2020-06-01",
+ "location": "[parameters('location')]",
+ "name": "[parameters('NewNsgName')]",
+ "properties": {
+ "securityRules": [
+ {
+ "name": "AllowAllInBound",
+ "properties": {
+ "description": "Allow all inbound connections",
+ "protocol": "*",
+ "sourcePortRange": "*",
+ "destinationPortRange": "*",
+ "sourceAddressPrefix": "*",
+ "destinationAddressPrefix": "*",
+ "access": "Allow",
+ "priority": "100",
+ "direction": "Inbound"
+ }
+ }
+ ]
+ }
+ },
+ {
+ "type": "Microsoft.Compute/virtualMachineScaleSets",
+ "apiVersion": "2021-07-01",
+ "name": "[parameters('vmName')]",
+ "location": "[variables('location')]",
+ "identity": "[if(equals(variables('customMetrics'), 'yes'), variables('identity'), json('null'))]",
+ "zones": "[if(and(contains(variables('availabilityZonesLocations'), variables('location')), greater(parameters('availabilityZonesNum'), 0)), variables('availabilityZonesProperty'), json('null'))]",
+ "tags": "[union(variables('vmssTags'),if(contains(parameters('tagsByResource'), 'Microsoft.Compute/virtualMachineScaleSets'), parameters('tagsByResource')['Microsoft.Compute/virtualMachineScaleSets'], json('{}')))]",
+ "dependsOn": [
+ "[coalesce(resourceId('Microsoft.Network/virtualNetworks', variables('virtualNetworkName')), resourceId('Microsoft.Resources/deployments', 'networkExistingSetup'))]",
+ "[resourceId('Microsoft.Network/loadBalancers','frontend-lb')]",
+ "[resourceId('Microsoft.Network/loadBalancers','backend-lb')]",
+ "[variables('storageAccountId')]",
+ "[variables('customImageId')]"
+ ],
+ "sku": {
+ "name": "[parameters('vmSize')]",
+ "tier": "Standard",
+ "capacity": "[parameters('instanceCount')]"
+ },
+ "plan": "[if(equals(parameters('sourceImageVhdUri'),'noCustomUri'), variables('plan'), json('null'))]",
+ "properties": {
+ "upgradePolicy": {
+ "mode": "Manual"
+ },
+ "virtualMachineProfile": {
+ "UserData": "[base64(concat(variables('customData'), '\n', 'vnet=\"', if(equals(parameters('vnetNewOrExisting'), 'new'), split(parameters('virtualNetworkAddressPrefix'), '.')[0], reference('networkExistingSetup').outputs.vnetAddressPrefixes.value[0]), '\"', '\n' ))]",
+ "storageProfile": {
+ "osDisk":
+ {
+ "diskSizeGB": "[variables('diskSizeGB')]",
+ "caching": "ReadWrite",
+ "createOption": "FromImage",
+ "managedDisk": {
+ "storageAccountType": "[parameters('diskType')]"
+ }
+ },
+ "imageReference": "[variables('imageReference')]"
+ },
+ "osProfile": {
+ "adminPassword": "[parameters('adminPassword')]",
+ "adminUsername": "[concat('not','used')]",
+ "computerNamePrefix": "[toLower(parameters('vmName'))]",
+ "customData": "[base64(concat(variables('customData'), '\n', 'vnet=\"', if(equals(parameters('vnetNewOrExisting'), 'new'), split(parameters('virtualNetworkAddressPrefix'), '.')[0], reference('networkExistingSetup').outputs.vnetAddressPrefixes.value[0]), '\"', '\n' ))]",
+ "linuxConfiguration": "[variables('linuxConfiguration')]"
+ },
+ "networkProfile": {
+ "networkInterfaceConfigurations": [
+ {
+ "name": "eth0",
+ "properties": {
+ "primary": true,
+ "enableIPForwarding": true,
+ "enableAcceleratedNetworking": true,
+ "networkSecurityGroup": "[if(parameters('deployNewNSG') , variables('NewNsgReference') , parameters('ExistingNSG'))]",
+ "ipConfigurations": [
+ {
+ "name": "ipconfig1IPV6",
+ "properties": {
+ "primary": true,
+ "subnet": {
+ "id": "[variables('subnet-id')]"
+ },
+ "privateIPAddressVersion": "IPv6",
+ "loadBalancerBackendAddressPools": [
+ {
+ "id": "[resourceId('Microsoft.Network/loadBalancers/backendAddressPools', 'frontend-lb', 'frontend-LBBAP-v6')]"
+ }
+ ]
+ }
+ },
+ {
+ "name": "ipconfig1",
+ "properties": {
+ "primary": false,
+ "privateIPAddressVersion": "IPv4",
+ "publicIpAddressConfiguration": "[if(equals(parameters('instanceLevelPublicIP'),'yes'), variables('publicIPProperties'), json('null'))]",
+ "subnet": {
+ "id": "[variables('subnet-id')]"
+ },
+ "loadBalancerBackendAddressPools": [
+ {
+ "id": "[resourceId('Microsoft.Network/loadBalancers/backendAddressPools', 'frontend-lb', 'frontend-LBBAP-v4')]"
+ }
+ ]
+ }
+ }
+ ]
+ }
+ },
+ {
+ "name": "eth1",
+ "properties": {
+ "primary": false,
+ "enableIPForwarding": true,
+ "enableAcceleratedNetworking": true,
+ "ipConfigurations": [
+ {
+ "name": "ipconfig2IPV6",
+ "properties": {
+ "primary": true,
+ "subnet": {
+ "id": "[variables('subnet2-id')]"
+ },
+ "privateIPAddressVersion": "IPv6"
+ }
+ },
+ {
+ "name": "ipconfig2",
+ "properties": {
+ "subnet": {
+ "id": "[variables('subnet2-id')]"
+ }
+ }
+ }
+ ]
+ }
+ }
+ ]
+ },
+ "diagnosticsProfile": {
+ "bootDiagnostics": {
+ "enabled": "true",
+ "storageUri": "[reference(variables('storageAccountId'), '2021-06-01').primaryEndpoints.blob]"
+ }
+ }
+ },
+ "overprovision": false
+ }
+ },
+ {
+ "type": "Microsoft.Insights/autoscaleSettings",
+ "apiVersion": "2015-04-01",
+ "name": "[parameters('vmName')]",
+ "location": "[variables('location')]",
+ "dependsOn": [
+ "[variables('vmssID')]"
+ ],
+ "properties": {
+ "name": "[parameters('vmName')]",
+ "targetResourceUri": "[variables('vmssID')]",
+ "notifications": [
+ {
+ "operation": "Scale",
+ "email": {
+ "sendToSubscriptionAdministrator": false,
+ "sendToSubscriptionCoAdministrators": false,
+ "customEmails": "[if(empty(parameters('adminEmail')), json('null'), array(parameters('adminEmail')))]"
+ }
+ }
+ ],
+ "enabled": true,
+ "profiles": [
+ {
+ "name": "Profile1",
+ "capacity": {
+ "minimum": "[parameters('instanceCount')]",
+ "maximum": "[parameters('maxInstanceCount')]",
+ "default": "[parameters('instanceCount')]"
+ },
+ "rules": [
+ {
+ "metricTrigger": {
+ "metricName": "Percentage CPU",
+ "metricResourceUri": "[variables('vmssID')]",
+ "timeGrain": "PT1M",
+ "statistic": "Average",
+ "timeWindow": "PT5M",
+ "timeAggregation": "Average",
+ "operator": "GreaterThan",
+ "threshold": 80
+ },
+ "scaleAction": {
+ "direction": "Increase",
+ "type": "ChangeCount",
+ "value": "1",
+ "cooldown": "PT5M"
+ }
+ },
+ {
+ "metricTrigger": {
+ "metricName": "Percentage CPU",
+ "metricResourceUri": "[variables('vmssID')]",
+ "timeGrain": "PT1M",
+ "statistic": "Average",
+ "timeWindow": "PT5M",
+ "timeAggregation": "Average",
+ "operator": "LessThan",
+ "threshold": 60
+ },
+ "scaleAction": {
+ "direction": "Decrease",
+ "type": "ChangeCount",
+ "value": "1",
+ "cooldown": "PT5M"
+ }
+ }
+ ]
+ }
+ ]
+ },
+ "tags": "[ if(contains(parameters('tagsByResource'), 'Microsoft.Insights/autoscaleSettings'), parameters('tagsByResource')['Microsoft.Insights/autoscaleSettings'], json('{}')) ]"
+ }
+ ]
+}
\ No newline at end of file
diff --git a/deprecated/azure/templates/R8040-R81/vmss-r8040-r81/README.md b/deprecated/azure/templates/R8040-R81/vmss-r8040-r81/README.md
new file mode 100644
index 00000000..3c632bf9
--- /dev/null
+++ b/deprecated/azure/templates/R8040-R81/vmss-r8040-r81/README.md
@@ -0,0 +1,23 @@
+# Check Point CloudGuard Network Security VMSS for Azure
+
+Check Point CloudGuard Network Security delivers advanced, multi-layered threat prevention to protect customer assets in Azure from malware and sophisticated threats. As a Microsoft Azure certified solution, CloudGuard Network Security enables you to easily and seamlessly secure your workloads while providing secure connectivity across your cloud and on-premises environments.
+
+Benefits:
+
+· Advanced threat prevention and traffic inspection
+
+· Integrated with Azure Security Center and Azure Sentinel
+
+· Provides consistent security policy management, enforcement, and reporting with a single pane of glass, using Check Point Unified Security Management
+
+
+
+
+
+
+
+
+To deploy with full control over all the template options use: [Full Control Deployment](https://portal.azure.com/#create/Microsoft.Template/uri/https%3A%2F%2Fraw.githubusercontent.com%2FCheckPointSW%2FCloudGuardIaaS%2Fmaster%2Fazure%2Ftemplates%2Fmarketplace-vmss%2FmainTemplate.json)
+
+
+
diff --git a/deprecated/azure/templates/R8040-R81/vmss-r8040-r81/createUiDefinition.json b/deprecated/azure/templates/R8040-R81/vmss-r8040-r81/createUiDefinition.json
new file mode 100644
index 00000000..c8b71304
--- /dev/null
+++ b/deprecated/azure/templates/R8040-R81/vmss-r8040-r81/createUiDefinition.json
@@ -0,0 +1,1732 @@
+{
+ "$schema": "https://schema.management.azure.com/schemas/0.1.2-preview/CreateUIDefinition.MultiVm.json#",
+ "handler": "Microsoft.Compute.MultiVm",
+ "version": "0.1.2-preview",
+ "parameters": {
+ "basics": [
+ {
+ "name": "CloudGuard VMSS settings text block",
+ "type": "Microsoft.Common.TextBlock",
+ "visible": true,
+ "options": {
+ "text": "Please follow the CloudGuard Network for Azure VMSS R80.10 and Higher Administration Guide.",
+ "link": {
+ "label": "Administration Guide",
+ "uri": "https://sc1.checkpoint.com/documents/IaaS/WebAdminGuides/EN/CP_VMSS_for_Azure/Default.htm"
+ }
+ }
+ },
+ {
+ "name": "warning reserved words InfoBox",
+ "type": "Microsoft.Common.InfoBox",
+ "visible": true,
+ "options": {
+ "icon": "Warning",
+ "text": "Note: Resource group and Gateway scale set names must be without reserved words according to: sk40179",
+ "uri": "https://support.checkpoint.com/results/sk/sk40179"
+ }
+ },
+ {
+ "name": "gatewayScaleSetNameUi",
+ "type": "Microsoft.Common.TextBox",
+ "label": "Gateway scale set name",
+ "toolTip": "The name of the Check Point Security Gateway Scale Set",
+ "constraints": {
+ "required": true,
+ "regex": "^[a-z0-9A-Z]{1,30}$",
+ "validationMessage": "Only alphanumeric characters are allowed, and the name must be 1-30 characters long."
+ }
+ },
+ {
+ "name": "auth",
+ "type": "Microsoft.Compute.CredentialsCombo",
+ "label": {
+ "authenticationType": "Authentication type",
+ "password": "Password",
+ "confirmPassword": "Confirm password",
+ "sshPublicKey": "SSH public key"
+ },
+ "toolTip": {
+ "password": "The user 'admin' password",
+ "sshPublicKey": "Paste an OpenSSH public key. You can generate a key pair using ssh-keygen (Linux, OS X, Cygwin) or PuttyGen (Windows)"
+ },
+ "constraints": {
+ "required": true
+ },
+ "options": {
+ "hideConfirmation": false,
+ "hidePassword": false
+ },
+ "osPlatform": "Linux"
+ }
+ ],
+ "steps": [
+ {
+ "name": "autoprovision",
+ "label": "Check Point VMSS settings",
+ "subLabel": {
+ "preValidation": "Configure CloudGuard VMSS settings",
+ "postValidation": "Done"
+ },
+ "bladeTitle": "CloudGuard VMSS settings",
+ "elements": [
+ {
+ "name": "upgrading",
+ "type": "Microsoft.Common.OptionsGroup",
+ "label": "Are you upgrading your CloudGuard VMSS solution?",
+ "defaultValue": "No",
+ "toolTip": "Select 'Yes' if you are upgrading your CloudGuard VMSS solution.",
+ "constraints": {
+ "allowedValues": [
+ {
+ "label": "No",
+ "value": "no"
+ },
+ {
+ "label": "Yes",
+ "value": "yes"
+ }
+ ]
+ }
+ },
+ {
+ "name": "upgradeVmssInfoBox",
+ "type": "Microsoft.Common.InfoBox",
+ "visible": "[equals(steps('autoprovision').upgrading, 'yes')]",
+ "options": {
+ "icon": "Warning",
+ "text": "All the configurations below must be similar to the existing CloudGuard VMSS solution.\n\nNote that the target load balancers are the ones connected to your existing CloudGuard VMSS solution.\n\nSee the Deployment Guide for more information."
+ }
+ },
+ {
+ "name": "vmCount",
+ "type": "Microsoft.Common.TextBox",
+ "label": "Initial number of gateways",
+ "defaultValue": "2",
+ "toolTip": "The initial number of gateways",
+ "constraints": {
+ "required": true,
+ "regex": "^[1-9][0-9]{0,1}$",
+ "validationMessage": "Please enter a number in the range 1-99."
+ }
+ },
+ {
+ "name": "maxVmCount",
+ "type": "Microsoft.Common.TextBox",
+ "label": "Maximum number of gateways",
+ "defaultValue": "10",
+ "toolTip": "The maximum number of gateways",
+ "constraints": {
+ "required": true,
+ "regex": "^[1-9][0-9]{0,1}$",
+ "validationMessage": "Please enter a number in the range 1-99."
+ }
+ },
+ {
+ "name": "numGwsValidation",
+ "type": "Microsoft.Common.InfoBox",
+ "visible": "[greater(steps('autoprovision').vmCount, steps('autoprovision').maxVmCount)]",
+ "options": {
+ "icon": "Error",
+ "text": "Maximum number of gateways is lower than initial number of gateways"
+ }
+ },
+ {
+ "name": "managementServer",
+ "type": "Microsoft.Common.TextBox",
+ "label": "Management name",
+ "toolTip": "The name of the management server as it appears in the configuration file",
+ "constraints": {
+ "required": true,
+ "regex": "^[a-z0-9A-Z_\\-]{1,30}$",
+ "validationMessage": "Field cannot be empty. Only alphanumeric characters or '_'/'-' are allowed, and the name must be 1-30 characters long."
+ }
+ },
+ {
+ "name": "configurationTemplateInfoBox",
+ "type": "Microsoft.Common.InfoBox",
+ "visible": "[equals(steps('autoprovision').upgrading, 'yes')]",
+ "options": {
+ "icon": "Info",
+ "text": "Use a different configuration template name than in your existing CloudGuard VMSS solution."
+ }
+ },
+ {
+ "name": "configurationTemplate",
+ "type": "Microsoft.Common.TextBox",
+ "label": "Configuration template name",
+ "toolTip": "The configuration template name as it appears in the configuration file",
+ "constraints": {
+ "required": true,
+ "regex": "^[a-z0-9A-Z_\\-]{1,30}$",
+ "validationMessage": "Field cannot be empty. Only alphanumeric characters or '_'/'-' are allowed, and the name must be 1-30 characters long."
+ }
+ },
+ {
+ "name": "adminEmail",
+ "type": "Microsoft.Common.TextBox",
+ "label": "Administrator email address",
+ "defaultValue": "",
+ "toolTip": "An email address to notify about scaling operations",
+ "constraints": {
+ "required": false,
+ "regex": "^([a-zA-Z0-9_\\-\\.]+)@((\\[[0-9]{1,3}\\.[0-9]{1,3}\\.[0-9]{1,3}\\.)|(([a-zA-Z0-9\\-]+\\.)+))([a-zA-Z]{2,4}|[0-9]{1,3})(\\]?)$",
+ "validationMessage": "Leave empty or enter a valid email address."
+ }
+ },
+ {
+ "name": "deploymentMode",
+ "type": "Microsoft.Common.DropDown",
+ "label": "Load balancers deployment",
+ "defaultValue": "Standard (External & Internal)",
+ "toolTip": "Defines which load balancers will be deployed. Note: For outbound inspection it is mandatory to deploy an external load balancer and/or instance level public IP addresses.",
+ "constraints": {
+ "allowedValues": [
+ {
+ "label": "Standard (External & Internal)",
+ "value": "Standard"
+ },
+ {
+ "label": "External only (Inbound inspection only)",
+ "value": "ELBOnly"
+ },
+ {
+ "label": "Internal only (Outbound & E-W inspection only - see tooltip)",
+ "value": "ILBOnly"
+ }
+ ]
+ }
+ },
+ {
+ "name": "appLoadDistribution",
+ "type": "Microsoft.Common.DropDown",
+ "label": "External Load Balancer session persistence",
+ "defaultValue": "None (5-tuple)",
+ "toolTip": "The load balancing distribution method for the External Load Balancer.",
+ "visible": "[not(equals(steps('autoprovision').deploymentMode, 'ILBOnly'))]",
+ "constraints": {
+ "allowedValues": [
+ {
+ "label": "None (5-tuple)",
+ "value": "Default"
+ },
+ {
+ "label": "Client IP (2-tuple)",
+ "value": "SourceIP"
+ },
+ {
+ "label": "Client IP and protocol (3-tuple)",
+ "value": "SourceIPProtocol"
+ }
+ ]
+ }
+ },
+ {
+ "name": "ilbLoadDistribution",
+ "type": "Microsoft.Common.DropDown",
+ "label": "Internal Load Balancer session persistence",
+ "defaultValue": "None (5-tuple)",
+ "toolTip": "The load balancing distribution method for the Internal Load Balancer.",
+ "visible": "[not(equals(steps('autoprovision').deploymentMode, 'ELBOnly'))]",
+ "constraints": {
+ "allowedValues": [
+ {
+ "label": "None (5-tuple)",
+ "value": "Default"
+ },
+ {
+ "label": "Client IP (2-tuple)",
+ "value": "SourceIP"
+ },
+ {
+ "label": "Client IP and protocol (3-tuple)",
+ "value": "SourceIPProtocol"
+ }
+ ]
+ }
+ },
+ {
+ "name": "floatingIP",
+ "type": "Microsoft.Common.OptionsGroup",
+ "label": "Deploy the Load Balancers with floating IP",
+ "defaultValue": "No",
+ "toolTip": "Deploy the Load Balancers with floating IP.",
+ "constraints": {
+ "allowedValues": [
+ {
+ "label": "No",
+ "value": "no"
+ },
+ {
+ "label": "Yes",
+ "value": "yes"
+ }
+ ]
+ },
+ "visible": true
+ },
+ {
+ "name": "instanceLevelPublicIP",
+ "type": "Microsoft.Common.OptionsGroup",
+ "label": "Deploy the VMSS with instance level Public IP address",
+ "defaultValue": "No",
+ "toolTip": "If selected 'Yes', then each VMSS instance will have its own public IP address.",
+ "constraints": {
+ "allowedValues": [
+ {
+ "label": "No",
+ "value": "no"
+ },
+ {
+ "label": "Yes",
+ "value": "yes"
+ }
+ ]
+ }
+ },
+ {
+ "name": "publicIPPrefix",
+ "type": "Microsoft.Common.OptionsGroup",
+ "label": "Public IP prefix",
+ "defaultValue": "No",
+ "toolTip": "Define if deploy existsing Public IP Prefix or a new Public IP Prefix.",
+ "constraints": {
+ "allowedValues": [
+ {
+ "label": "No",
+ "value": "no"
+ },
+ {
+ "label": "Yes",
+ "value": "yes"
+ }
+ ]
+ },
+ "visible": "[equals(steps('autoprovision').instanceLevelPublicIP, 'yes')]"
+ },
+ {
+ "name": "createNewIPPrefix",
+ "type": "Microsoft.Common.OptionsGroup",
+ "label": "Create new IP prefiex",
+ "toolTip": "Create new or existsing Public IP Prefix",
+ "defaultValue": "No",
+ "constraints": {
+ "allowedValues": [
+ {
+ "label": "No",
+ "value": "no"
+ },
+ {
+ "label": "Yes",
+ "value": "yes"
+ }
+ ]
+ },
+ "visible": "[equals(steps('autoprovision').publicIPPrefix, 'yes')]"
+ },
+ {
+ "name": "IPv4Length",
+ "type": "Microsoft.Common.DropDown",
+ "label": "IPv4 IP prefix length",
+ "defaultValue": "/31 (2 addresses)",
+ "toolTip": "Choose the length of the IP prefix for IP v4.",
+ "multiselect": false,
+ "selectAll": false,
+ "filter": false,
+ "multiLine": false,
+ "constraints": {
+ "allowedValues": [
+ {
+ "label": "/28 (16 addresses)",
+ "value": "/28 (16 addresses)"
+ },
+ {
+ "label": "/29 (8 addresses)",
+ "value": "/29 (8 addresses)"
+ },
+ {
+ "label": "/30 (4 addresses)",
+ "value": "/30 (4 addresses)"
+ },
+ {
+ "label": "/31 (2 addresses)",
+ "value": "/31 (2 addresses)"
+ }
+ ],
+ "required": true
+ },
+ "visible": "[equals(steps('autoprovision').createNewIPPrefix, 'yes')]"
+ },
+ {
+ "name": "ipPrefixLengthWarning",
+ "type": "Microsoft.Common.InfoBox",
+ "visible": "[equals(steps('autoprovision').createNewIPPrefix, 'yes')]",
+ "options": {
+ "icon": "Warning",
+ "text": "[concat('NOTE: The VMSS will not be allowed to contain more than ', if(equals(steps('autoprovision').IPv4Length, '/31 (2 addresses)'), '2', if(equals(steps('autoprovision').IPv4Length, '/30 (4 addresses)'), '4', if(equals(steps('autoprovision').IPv4Length, '/29 (8 addresses)'), '8', if(equals(steps('autoprovision').IPv4Length, '/28 (16 addresses)'), '16', '0')))), ' instances')]"
+ }
+ },
+ {
+ "name": "ipPrefixExistingResourceId",
+ "type": "Microsoft.Common.TextBox",
+ "label": "Enter an existing IP prefix resource id",
+ "toolTip": "The resource id of an existing public IP prefix.",
+ "multiLine": false,
+ "constraints": {
+ "regex": "^[a-z0-9A-Z -.:/n]{1,}$",
+ "validationMessage": "Only alphanumeric characters, hyphens, spaces, periods, and colons are allowed.",
+ "required": true
+ },
+ "visible": "[equals(steps('autoprovision').createNewIPPrefix, 'no')]"
+ },
+ {
+ "name": "externalCommunicationInfoBox",
+ "type": "Microsoft.Common.InfoBox",
+ "visible": "[and(equals(steps('autoprovision').instanceLevelPublicIP, 'no'), equals(steps('autoprovision').deploymentMode, 'ILBOnly'))]",
+ "options": {
+ "icon": "Warning",
+ "text": "For outbound inspection it is mandatory to deploy an external load balancer and/or instance level public IP addresses."
+ }
+ },
+ {
+ "name": "lbsTargetRGName",
+ "type": "Microsoft.Common.TextBox",
+ "visible": "[equals(steps('autoprovision').upgrading, 'yes')]",
+ "label": "Target load balancers resource group name",
+ "defaultValue": "",
+ "toolTip": "The name of the Target Load Balancers Resource Group.",
+ "constraints": {
+ "required": true,
+ "regex": "^[a-z0-9A-Z_\\-\\.\\/\\(\\)]",
+ "validationMessage": "Resource Group only allow alphanumeric characters, periods, underscores, hyphens, slash, and parenthesis"
+ }
+ },
+ {
+ "name": "elbResourceId",
+ "type": "Microsoft.Common.TextBox",
+ "visible": "[and(equals(steps('autoprovision').upgrading, 'yes'), not(equals(steps('autoprovision').deploymentMode, 'ILBOnly')))]",
+ "label": "Target external load balancer resource ID",
+ "defaultValue": "",
+ "toolTip": "The Resource ID of the Target External Load Balancer.",
+ "constraints": {
+ "required": true,
+ "regex": "^[a-z0-9A-Z_\\-\\.\\/\\(\\)]",
+ "validationMessage": "Resource Id only allow alphanumeric characters, periods, underscores, hyphens, slash, and parenthesis"
+ }
+ },
+ {
+ "name": "elbInfoBox",
+ "type": "Microsoft.Common.InfoBox",
+ "visible": "[and(equals(steps('autoprovision').upgrading, 'yes'), not(equals(steps('autoprovision').deploymentMode, 'ILBOnly')))]",
+ "options": {
+ "icon": "Info",
+ "text": "Make sure you have created a new backend address pool for the target external load balancer."
+ }
+ },
+ {
+ "name": "elbBEAddressPoolName",
+ "type": "Microsoft.Common.TextBox",
+ "visible": "[and(equals(steps('autoprovision').upgrading, 'yes'), not(equals(steps('autoprovision').deploymentMode, 'ILBOnly')))]",
+ "label": "External load balancer's new backend pool name",
+ "toolTip": "The name of the new Target External Load Balancer's Backend Pool.",
+ "constraints": {
+ "required": true,
+ "regex": "^[a-z0-9A-Z_\\-\\.\\/\\(\\)]",
+ "validationMessage": "Only alphanumeric characters, periods, underscores, hyphens, slash, and parenthesis are allowed"
+ }
+ },
+ {
+ "name": "ilbResourceId",
+ "type": "Microsoft.Common.TextBox",
+ "visible": "[and(equals(steps('autoprovision').upgrading, 'yes'), not(equals(steps('autoprovision').deploymentMode, 'ELBOnly')))]",
+ "label": "Target internal load balancer resource ID",
+ "defaultValue": "",
+ "toolTip": "The Resource ID of the Target Internal Load Balancer.",
+ "constraints": {
+ "required": true,
+ "regex": "^[a-z0-9A-Z_\\-\\.\\/\\(\\)]",
+ "validationMessage": "Resource Id only allow alphanumeric characters, periods, underscores, hyphens, slash, and parenthesis"
+ }
+ },
+ {
+ "name": "ilbInfoBox",
+ "type": "Microsoft.Common.InfoBox",
+ "visible": "[and(equals(steps('autoprovision').upgrading, 'yes'), not(equals(steps('autoprovision').deploymentMode, 'ELBOnly')))]",
+ "options": {
+ "icon": "Info",
+ "text": "Make sure you have created a new backend address pool for the target internal load balancer."
+ }
+ },
+ {
+ "name": "ilbBEAddressPoolName",
+ "type": "Microsoft.Common.TextBox",
+ "visible": "[and(equals(steps('autoprovision').upgrading, 'yes'), not(equals(steps('autoprovision').deploymentMode, 'ELBOnly')))]",
+ "label": "Internal load balancer's new backend pool name",
+ "toolTip": "The name of the new target internal load balancer's backend pool.",
+ "constraints": {
+ "required": true,
+ "regex": "^[a-z0-9A-Z_\\-\\.\\/\\(\\)]",
+ "validationMessage": "Only alphanumeric characters, periods, underscores, hyphens, slash, and parenthesis are allowed"
+ }
+ },
+ {
+ "name": "mgmtInterfaceOpt1",
+ "type": "Microsoft.Common.DropDown",
+ "label": "Management interface and IP address",
+ "defaultValue": "Backend NIC's private IP address",
+ "visible": "[equals(steps('autoprovision').instanceLevelPublicIP, 'yes')]",
+ "toolTip": "Manage the Gateways in the Scale Set via the instance's external (eth0) or internal (eth1) NIC and with public or private IP.",
+ "constraints": {
+ "allowedValues": [
+ {
+ "label": "Backend NIC's private IP address",
+ "value": "eth1-private"
+ },
+ {
+ "label": "Frontend NIC's public IP address",
+ "value": "eth0-public"
+ },
+ {
+ "label": "Frontend NIC's private IP address",
+ "value": "eth0-private"
+ }
+ ]
+ }
+ },
+ {
+ "name": "mgmtInterfaceOpt2",
+ "type": "Microsoft.Common.DropDown",
+ "label": "Management interface and IP address",
+ "defaultValue": "Backend NIC's private IP address",
+ "visible": "[equals(steps('autoprovision').instanceLevelPublicIP, 'no')]",
+ "toolTip": "Manage the Gateways in the Scale Set via the instance's external (eth0) or internal (eth1) NIC's private IP address.",
+ "constraints": {
+ "allowedValues": [
+ {
+ "label": "Backend NIC's private IP address",
+ "value": "eth1-private"
+ },
+ {
+ "label": "Frontend NIC's private IP address",
+ "value": "eth0-private"
+ }
+ ]
+ }
+ },
+ {
+ "name": "mgmtIPaddress",
+ "type": "Microsoft.Common.TextBox",
+ "label": "Management Server IP address",
+ "toolTip": "The IP address used to manage the VMSS instances.",
+ "visible": "[or(equals(steps('autoprovision').mgmtInterfaceOpt1, 'eth0-private'), equals(steps('autoprovision').mgmtInterfaceOpt2, 'eth0-private'))]",
+ "constraints": {
+ "regex": "^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])$",
+ "required": true,
+ "validationMessage": "Please enter a valid IP address"
+ }
+ },
+ {
+ "name": "availabilityZonesNum",
+ "type": "Microsoft.Common.DropDown",
+ "label": "Number of Availability Zones to use",
+ "defaultValue": "None",
+ "toolTip": "The number of avalability zones to use for the scale set. Note that the load balancers and their IP addresses will be zone redundant in any case.",
+ "visible": "[contains(' australiaeast brazilsouth canadacentral centralus eastasia eastus eastus2 francecentral germanywestcentral japaneast koreacentral northeurope norwayeast southafricanorth southcentralus southeastasia swedencentral uksouth usgovvirginia westeurope westus2 westus3 switzerlandnorth qatarcentral centralindia uaenorth italynorth ', concat(' ', location(), ' '))]",
+ "constraints": {
+ "allowedValues": [
+ {
+ "label": "None",
+ "value": 0
+ },
+ {
+ "label": "One zone",
+ "value": 1
+ },
+ {
+ "label": "Two zones",
+ "value": 2
+ },
+ {
+ "label": "Three zones",
+ "value": 3
+ }
+ ]
+ }
+ },
+ {
+ "name": "customMetrics",
+ "type": "Microsoft.Common.OptionsGroup",
+ "label": "Enable CloudGuard metrics",
+ "defaultValue": "Yes",
+ "toolTip": "Enable CloudGuard metrics in order to send statuses and statistics collected from VMSS instances to the Azure Monitor service.",
+ "constraints": {
+ "allowedValues": [
+ {
+ "label": "No",
+ "value": "no"
+ },
+ {
+ "label": "Yes",
+ "value": "yes"
+ }
+ ]
+ },
+ "visible": true
+ }
+ ]
+ },
+ {
+ "name": "chkp",
+ "label": "Check Point CloudGuard settings",
+ "subLabel": {
+ "preValidation": "Configure CloudGuard settings",
+ "postValidation": "Done"
+ },
+ "bladeTitle": "CloudGuard settings",
+ "elements": [
+ {
+ "name": "cloudGuardVersion",
+ "type": "Microsoft.Common.DropDown",
+ "label": "Check Point CloudGuard version",
+ "defaultValue": "R81",
+ "toolTip": "The version of Check Point CloudGuard.",
+ "constraints": {
+ "allowedValues": [
+ {
+ "label": "R80.40",
+ "value": "R80.40"
+ },
+ {
+ "label": "R81",
+ "value": "R81"
+ }
+ ]
+ }
+ },
+ {
+ "name": "R80Offer",
+ "type": "Microsoft.Common.DropDown",
+ "label": "License type",
+ "toolTip": "The type of license.",
+ "defaultValue": "Bring Your Own License",
+ "visible": true,
+ "constraints": {
+ "allowedValues": [
+ {
+ "label": "Bring Your Own License",
+ "value": "Bring Your Own License"
+ },
+ {
+ "label": "Pay As You Go (NGTP)",
+ "value": "Pay As You Go (NGTP)"
+ },
+ {
+ "label": "Pay As You Go (NGTX)",
+ "value": "Pay As You Go (NGTX)"
+ }
+ ]
+ }
+ },
+ {
+ "name": "R8040vmSizeUiBYOL",
+ "type": "Microsoft.Compute.SizeSelector",
+ "visible": "[and(equals(steps('chkp').cloudGuardVersion, 'R80.40'), contains(steps('chkp').R80Offer, 'Bring Your Own License'))]",
+ "label": "Virtual machine size",
+ "toolTip": "The VM size of the Security Gateway",
+ "recommendedSizes": [
+ "Standard_D3_v2",
+ "Standard_DS3_v2"
+ ],
+ "constraints": {
+ "allowedSizes": [
+ "Standard_D4_v4",
+ "Standard_D8_v4",
+ "Standard_D16_v4",
+ "Standard_D32_v4",
+ "Standard_D48_v4",
+ "Standard_D64_v4",
+ "Standard_D4s_v4",
+ "Standard_D8s_v4",
+ "Standard_D16s_v4",
+ "Standard_D32s_v4",
+ "Standard_D48s_v4",
+ "Standard_D64s_v4",
+ "Standard_D2_v5",
+ "Standard_D4_v5",
+ "Standard_D8_v5",
+ "Standard_D16_v5",
+ "Standard_D32_v5",
+ "Standard_D2s_v5",
+ "Standard_D4s_v5",
+ "Standard_D8s_v5",
+ "Standard_D16s_v5",
+ "Standard_D2d_v5",
+ "Standard_D4d_v5",
+ "Standard_D8d_v5",
+ "Standard_D16d_v5",
+ "Standard_D32d_v5",
+ "Standard_D2ds_v5",
+ "Standard_D4ds_v5",
+ "Standard_D8ds_v5",
+ "Standard_D16ds_v5",
+ "Standard_D32ds_v5",
+ "Standard_DS2_v2",
+ "Standard_DS3_v2",
+ "Standard_DS4_v2",
+ "Standard_DS5_v2",
+ "Standard_F2s",
+ "Standard_F4s",
+ "Standard_F8s",
+ "Standard_F16s",
+ "Standard_D4s_v3",
+ "Standard_D8s_v3",
+ "Standard_D16s_v3",
+ "Standard_D32s_v3",
+ "Standard_D64s_v3",
+ "Standard_E4s_v3",
+ "Standard_E8s_v3",
+ "Standard_E16s_v3",
+ "Standard_E20s_v3",
+ "Standard_E32s_v3",
+ "Standard_E64s_v3",
+ "Standard_E64is_v3",
+ "Standard_F4s_v2",
+ "Standard_F8s_v2",
+ "Standard_F16s_v2",
+ "Standard_F32s_v2",
+ "Standard_F64s_v2",
+ "Standard_M8ms",
+ "Standard_M16ms",
+ "Standard_M32ms",
+ "Standard_M64ms",
+ "Standard_M64s",
+ "Standard_D2_v2",
+ "Standard_D3_v2",
+ "Standard_D4_v2",
+ "Standard_D5_v2",
+ "Standard_D11_v2",
+ "Standard_D12_v2",
+ "Standard_D13_v2",
+ "Standard_D14_v2",
+ "Standard_D15_v2",
+ "Standard_F2",
+ "Standard_F4",
+ "Standard_F8",
+ "Standard_F16",
+ "Standard_D4_v3",
+ "Standard_D8_v3",
+ "Standard_D16_v3",
+ "Standard_D32_v3",
+ "Standard_D64_v3",
+ "Standard_E4_v3",
+ "Standard_E8_v3",
+ "Standard_E16_v3",
+ "Standard_E20_v3",
+ "Standard_E32_v3",
+ "Standard_E64_v3",
+ "Standard_E64i_v3",
+ "Standard_DS11_v2",
+ "Standard_DS12_v2",
+ "Standard_DS13_v2",
+ "Standard_DS14_v2",
+ "Standard_DS15_v2"
+ ]
+ },
+ "osPlatform": "Linux",
+ "imageReference": {
+ "publisher": "checkpoint",
+ "offer": "check-point-cg-r8040",
+ "sku": "sg-byol"
+ },
+ "count": "[steps('autoprovision').vmCount]"
+ },
+ {
+ "name": "R8040vmSizeUiNGTP",
+ "type": "Microsoft.Compute.SizeSelector",
+ "visible": "[and(equals(steps('chkp').cloudGuardVersion, 'R80.40'), contains(steps('chkp').R80Offer, '(NGTP)'))]",
+ "label": "Virtual machine size",
+ "toolTip": "The VM size of the Security Gateway",
+ "recommendedSizes": [
+ "Standard_D3_v2",
+ "Standard_DS3_v2"
+ ],
+ "constraints": {
+ "allowedSizes": [
+ "Standard_D4_v4",
+ "Standard_D8_v4",
+ "Standard_D16_v4",
+ "Standard_D32_v4",
+ "Standard_D48_v4",
+ "Standard_D64_v4",
+ "Standard_D4s_v4",
+ "Standard_D8s_v4",
+ "Standard_D16s_v4",
+ "Standard_D32s_v4",
+ "Standard_D48s_v4",
+ "Standard_D64s_v4",
+ "Standard_D2_v5",
+ "Standard_D4_v5",
+ "Standard_D8_v5",
+ "Standard_D16_v5",
+ "Standard_D32_v5",
+ "Standard_D2s_v5",
+ "Standard_D4s_v5",
+ "Standard_D8s_v5",
+ "Standard_D16s_v5",
+ "Standard_D2d_v5",
+ "Standard_D4d_v5",
+ "Standard_D8d_v5",
+ "Standard_D16d_v5",
+ "Standard_D32d_v5",
+ "Standard_D2ds_v5",
+ "Standard_D4ds_v5",
+ "Standard_D8ds_v5",
+ "Standard_D16ds_v5",
+ "Standard_D32ds_v5",
+ "Standard_DS2_v2",
+ "Standard_DS3_v2",
+ "Standard_DS4_v2",
+ "Standard_DS5_v2",
+ "Standard_F2s",
+ "Standard_F4s",
+ "Standard_F8s",
+ "Standard_F16s",
+ "Standard_D4s_v3",
+ "Standard_D8s_v3",
+ "Standard_D16s_v3",
+ "Standard_D32s_v3",
+ "Standard_D64s_v3",
+ "Standard_E4s_v3",
+ "Standard_E8s_v3",
+ "Standard_E16s_v3",
+ "Standard_E20s_v3",
+ "Standard_E32s_v3",
+ "Standard_E64s_v3",
+ "Standard_E64is_v3",
+ "Standard_F4s_v2",
+ "Standard_F8s_v2",
+ "Standard_F16s_v2",
+ "Standard_F32s_v2",
+ "Standard_F64s_v2",
+ "Standard_M8ms",
+ "Standard_M16ms",
+ "Standard_M32ms",
+ "Standard_M64ms",
+ "Standard_M64s",
+ "Standard_D2_v2",
+ "Standard_D3_v2",
+ "Standard_D4_v2",
+ "Standard_D5_v2",
+ "Standard_D11_v2",
+ "Standard_D12_v2",
+ "Standard_D13_v2",
+ "Standard_D14_v2",
+ "Standard_D15_v2",
+ "Standard_F2",
+ "Standard_F4",
+ "Standard_F8",
+ "Standard_F16",
+ "Standard_D4_v3",
+ "Standard_D8_v3",
+ "Standard_D16_v3",
+ "Standard_D32_v3",
+ "Standard_D64_v3",
+ "Standard_E4_v3",
+ "Standard_E8_v3",
+ "Standard_E16_v3",
+ "Standard_E20_v3",
+ "Standard_E32_v3",
+ "Standard_E64_v3",
+ "Standard_E64i_v3",
+ "Standard_DS11_v2",
+ "Standard_DS12_v2",
+ "Standard_DS13_v2",
+ "Standard_DS14_v2",
+ "Standard_DS15_v2"
+ ]
+ },
+ "osPlatform": "Linux",
+ "imageReference": {
+ "publisher": "checkpoint",
+ "offer": "check-point-cg-r8040",
+ "sku": "sg-ngtp"
+ },
+ "count": "[steps('autoprovision').vmCount]"
+ },
+ {
+ "name": "R8040vmSizeUiNGTX",
+ "type": "Microsoft.Compute.SizeSelector",
+ "visible": "[and(equals(steps('chkp').cloudGuardVersion, 'R80.40'), contains(steps('chkp').R80Offer, '(NGTX)'))]",
+ "label": "Virtual machine size",
+ "toolTip": "The VM size of the Security Gateway",
+ "recommendedSizes": [
+ "Standard_D3_v2",
+ "Standard_DS3_v2"
+ ],
+ "constraints": {
+ "allowedSizes": [
+ "Standard_D4_v4",
+ "Standard_D8_v4",
+ "Standard_D16_v4",
+ "Standard_D32_v4",
+ "Standard_D48_v4",
+ "Standard_D64_v4",
+ "Standard_D4s_v4",
+ "Standard_D8s_v4",
+ "Standard_D16s_v4",
+ "Standard_D32s_v4",
+ "Standard_D48s_v4",
+ "Standard_D64s_v4",
+ "Standard_D2_v5",
+ "Standard_D4_v5",
+ "Standard_D8_v5",
+ "Standard_D16_v5",
+ "Standard_D32_v5",
+ "Standard_D2s_v5",
+ "Standard_D4s_v5",
+ "Standard_D8s_v5",
+ "Standard_D16s_v5",
+ "Standard_D2d_v5",
+ "Standard_D4d_v5",
+ "Standard_D8d_v5",
+ "Standard_D16d_v5",
+ "Standard_D32d_v5",
+ "Standard_D2ds_v5",
+ "Standard_D4ds_v5",
+ "Standard_D8ds_v5",
+ "Standard_D16ds_v5",
+ "Standard_D32ds_v5",
+ "Standard_DS2_v2",
+ "Standard_DS3_v2",
+ "Standard_DS4_v2",
+ "Standard_DS5_v2",
+ "Standard_F2s",
+ "Standard_F4s",
+ "Standard_F8s",
+ "Standard_F16s",
+ "Standard_D4s_v3",
+ "Standard_D8s_v3",
+ "Standard_D16s_v3",
+ "Standard_D32s_v3",
+ "Standard_D64s_v3",
+ "Standard_E4s_v3",
+ "Standard_E8s_v3",
+ "Standard_E16s_v3",
+ "Standard_E20s_v3",
+ "Standard_E32s_v3",
+ "Standard_E64s_v3",
+ "Standard_E64is_v3",
+ "Standard_F4s_v2",
+ "Standard_F8s_v2",
+ "Standard_F16s_v2",
+ "Standard_F32s_v2",
+ "Standard_F64s_v2",
+ "Standard_M8ms",
+ "Standard_M16ms",
+ "Standard_M32ms",
+ "Standard_M64ms",
+ "Standard_M64s",
+ "Standard_D2_v2",
+ "Standard_D3_v2",
+ "Standard_D4_v2",
+ "Standard_D5_v2",
+ "Standard_D11_v2",
+ "Standard_D12_v2",
+ "Standard_D13_v2",
+ "Standard_D14_v2",
+ "Standard_D15_v2",
+ "Standard_F2",
+ "Standard_F4",
+ "Standard_F8",
+ "Standard_F16",
+ "Standard_D4_v3",
+ "Standard_D8_v3",
+ "Standard_D16_v3",
+ "Standard_D32_v3",
+ "Standard_D64_v3",
+ "Standard_E4_v3",
+ "Standard_E8_v3",
+ "Standard_E16_v3",
+ "Standard_E20_v3",
+ "Standard_E32_v3",
+ "Standard_E64_v3",
+ "Standard_E64i_v3",
+ "Standard_DS11_v2",
+ "Standard_DS12_v2",
+ "Standard_DS13_v2",
+ "Standard_DS14_v2",
+ "Standard_DS15_v2"
+ ]
+ },
+ "osPlatform": "Linux",
+ "imageReference": {
+ "publisher": "checkpoint",
+ "offer": "check-point-cg-r8040",
+ "sku": "sg-ngtx"
+ },
+ "count": "[steps('autoprovision').vmCount]"
+ },
+ {
+ "name": "R81vmSizeUiBYOL",
+ "type": "Microsoft.Compute.SizeSelector",
+ "visible": "[and(equals(steps('chkp').cloudGuardVersion, 'R81'), contains(steps('chkp').R80Offer, 'Bring Your Own License'))]",
+ "label": "Virtual machine size",
+ "toolTip": "The VM size of the Security Gateway",
+ "recommendedSizes": [
+ "Standard_D3_v2",
+ "Standard_DS3_v2"
+ ],
+ "constraints": {
+ "allowedSizes": [
+ "Standard_D4_v4",
+ "Standard_D8_v4",
+ "Standard_D16_v4",
+ "Standard_D32_v4",
+ "Standard_D48_v4",
+ "Standard_D64_v4",
+ "Standard_D4s_v4",
+ "Standard_D8s_v4",
+ "Standard_D16s_v4",
+ "Standard_D32s_v4",
+ "Standard_D48s_v4",
+ "Standard_D64s_v4",
+ "Standard_D2_v5",
+ "Standard_D4_v5",
+ "Standard_D8_v5",
+ "Standard_D16_v5",
+ "Standard_D32_v5",
+ "Standard_D2s_v5",
+ "Standard_D4s_v5",
+ "Standard_D8s_v5",
+ "Standard_D16s_v5",
+ "Standard_D2d_v5",
+ "Standard_D4d_v5",
+ "Standard_D8d_v5",
+ "Standard_D16d_v5",
+ "Standard_D32d_v5",
+ "Standard_D2ds_v5",
+ "Standard_D4ds_v5",
+ "Standard_D8ds_v5",
+ "Standard_D16ds_v5",
+ "Standard_D32ds_v5",
+ "Standard_DS2_v2",
+ "Standard_DS3_v2",
+ "Standard_DS4_v2",
+ "Standard_DS5_v2",
+ "Standard_F2s",
+ "Standard_F4s",
+ "Standard_F8s",
+ "Standard_F16s",
+ "Standard_D4s_v3",
+ "Standard_D8s_v3",
+ "Standard_D16s_v3",
+ "Standard_D32s_v3",
+ "Standard_D64s_v3",
+ "Standard_E4s_v3",
+ "Standard_E8s_v3",
+ "Standard_E16s_v3",
+ "Standard_E20s_v3",
+ "Standard_E32s_v3",
+ "Standard_E64s_v3",
+ "Standard_E64is_v3",
+ "Standard_F4s_v2",
+ "Standard_F8s_v2",
+ "Standard_F16s_v2",
+ "Standard_F32s_v2",
+ "Standard_F64s_v2",
+ "Standard_M8ms",
+ "Standard_M16ms",
+ "Standard_M32ms",
+ "Standard_M64ms",
+ "Standard_M64s",
+ "Standard_D2_v2",
+ "Standard_D3_v2",
+ "Standard_D4_v2",
+ "Standard_D5_v2",
+ "Standard_D11_v2",
+ "Standard_D12_v2",
+ "Standard_D13_v2",
+ "Standard_D14_v2",
+ "Standard_D15_v2",
+ "Standard_F2",
+ "Standard_F4",
+ "Standard_F8",
+ "Standard_F16",
+ "Standard_D4_v3",
+ "Standard_D8_v3",
+ "Standard_D16_v3",
+ "Standard_D32_v3",
+ "Standard_D64_v3",
+ "Standard_E4_v3",
+ "Standard_E8_v3",
+ "Standard_E16_v3",
+ "Standard_E20_v3",
+ "Standard_E32_v3",
+ "Standard_E64_v3",
+ "Standard_E64i_v3",
+ "Standard_DS11_v2",
+ "Standard_DS12_v2",
+ "Standard_DS13_v2",
+ "Standard_DS14_v2",
+ "Standard_DS15_v2"
+ ]
+ },
+ "osPlatform": "Linux",
+ "imageReference": {
+ "publisher": "checkpoint",
+ "offer": "check-point-cg-r81",
+ "sku": "sg-byol"
+ },
+ "count": "[steps('autoprovision').vmCount]"
+ },
+ {
+ "name": "R81vmSizeUiNGTP",
+ "type": "Microsoft.Compute.SizeSelector",
+ "visible": "[and(equals(steps('chkp').cloudGuardVersion, 'R81'), contains(steps('chkp').R80Offer, '(NGTP)'))]",
+ "label": "Virtual machine size",
+ "toolTip": "The VM size of the Security Gateway",
+ "recommendedSizes": [
+ "Standard_D3_v2",
+ "Standard_DS3_v2"
+ ],
+ "constraints": {
+ "allowedSizes": [
+ "Standard_D4_v4",
+ "Standard_D8_v4",
+ "Standard_D16_v4",
+ "Standard_D32_v4",
+ "Standard_D48_v4",
+ "Standard_D64_v4",
+ "Standard_D4s_v4",
+ "Standard_D8s_v4",
+ "Standard_D16s_v4",
+ "Standard_D32s_v4",
+ "Standard_D48s_v4",
+ "Standard_D64s_v4",
+ "Standard_D2_v5",
+ "Standard_D4_v5",
+ "Standard_D8_v5",
+ "Standard_D16_v5",
+ "Standard_D32_v5",
+ "Standard_D2s_v5",
+ "Standard_D4s_v5",
+ "Standard_D8s_v5",
+ "Standard_D16s_v5",
+ "Standard_D2d_v5",
+ "Standard_D4d_v5",
+ "Standard_D8d_v5",
+ "Standard_D16d_v5",
+ "Standard_D32d_v5",
+ "Standard_D2ds_v5",
+ "Standard_D4ds_v5",
+ "Standard_D8ds_v5",
+ "Standard_D16ds_v5",
+ "Standard_D32ds_v5",
+ "Standard_DS2_v2",
+ "Standard_DS3_v2",
+ "Standard_DS4_v2",
+ "Standard_DS5_v2",
+ "Standard_F2s",
+ "Standard_F4s",
+ "Standard_F8s",
+ "Standard_F16s",
+ "Standard_D4s_v3",
+ "Standard_D8s_v3",
+ "Standard_D16s_v3",
+ "Standard_D32s_v3",
+ "Standard_D64s_v3",
+ "Standard_E4s_v3",
+ "Standard_E8s_v3",
+ "Standard_E16s_v3",
+ "Standard_E20s_v3",
+ "Standard_E32s_v3",
+ "Standard_E64s_v3",
+ "Standard_E64is_v3",
+ "Standard_F4s_v2",
+ "Standard_F8s_v2",
+ "Standard_F16s_v2",
+ "Standard_F32s_v2",
+ "Standard_F64s_v2",
+ "Standard_M8ms",
+ "Standard_M16ms",
+ "Standard_M32ms",
+ "Standard_M64ms",
+ "Standard_M64s",
+ "Standard_D2_v2",
+ "Standard_D3_v2",
+ "Standard_D4_v2",
+ "Standard_D5_v2",
+ "Standard_D11_v2",
+ "Standard_D12_v2",
+ "Standard_D13_v2",
+ "Standard_D14_v2",
+ "Standard_D15_v2",
+ "Standard_F2",
+ "Standard_F4",
+ "Standard_F8",
+ "Standard_F16",
+ "Standard_D4_v3",
+ "Standard_D8_v3",
+ "Standard_D16_v3",
+ "Standard_D32_v3",
+ "Standard_D64_v3",
+ "Standard_E4_v3",
+ "Standard_E8_v3",
+ "Standard_E16_v3",
+ "Standard_E20_v3",
+ "Standard_E32_v3",
+ "Standard_E64_v3",
+ "Standard_E64i_v3",
+ "Standard_DS11_v2",
+ "Standard_DS12_v2",
+ "Standard_DS13_v2",
+ "Standard_DS14_v2",
+ "Standard_DS15_v2"
+ ]
+ },
+ "osPlatform": "Linux",
+ "imageReference": {
+ "publisher": "checkpoint",
+ "offer": "check-point-cg-r81",
+ "sku": "sg-ngtp"
+ },
+ "count": "[steps('autoprovision').vmCount]"
+ },
+ {
+ "name": "R81vmSizeUiNGTX",
+ "type": "Microsoft.Compute.SizeSelector",
+ "visible": "[and(equals(steps('chkp').cloudGuardVersion, 'R81'), contains(steps('chkp').R80Offer, '(NGTX)'))]",
+ "label": "Virtual machine size",
+ "toolTip": "The VM size of the Security Gateway",
+ "recommendedSizes": [
+ "Standard_D3_v2",
+ "Standard_DS3_v2"
+ ],
+ "constraints": {
+ "allowedSizes": [
+ "Standard_D4_v4",
+ "Standard_D8_v4",
+ "Standard_D16_v4",
+ "Standard_D32_v4",
+ "Standard_D48_v4",
+ "Standard_D64_v4",
+ "Standard_D4s_v4",
+ "Standard_D8s_v4",
+ "Standard_D16s_v4",
+ "Standard_D32s_v4",
+ "Standard_D48s_v4",
+ "Standard_D64s_v4",
+ "Standard_D2_v5",
+ "Standard_D4_v5",
+ "Standard_D8_v5",
+ "Standard_D16_v5",
+ "Standard_D32_v5",
+ "Standard_D2s_v5",
+ "Standard_D4s_v5",
+ "Standard_D8s_v5",
+ "Standard_D16s_v5",
+ "Standard_D2d_v5",
+ "Standard_D4d_v5",
+ "Standard_D8d_v5",
+ "Standard_D16d_v5",
+ "Standard_D32d_v5",
+ "Standard_D2ds_v5",
+ "Standard_D4ds_v5",
+ "Standard_D8ds_v5",
+ "Standard_D16ds_v5",
+ "Standard_D32ds_v5",
+ "Standard_DS2_v2",
+ "Standard_DS3_v2",
+ "Standard_DS4_v2",
+ "Standard_DS5_v2",
+ "Standard_F2s",
+ "Standard_F4s",
+ "Standard_F8s",
+ "Standard_F16s",
+ "Standard_D4s_v3",
+ "Standard_D8s_v3",
+ "Standard_D16s_v3",
+ "Standard_D32s_v3",
+ "Standard_D64s_v3",
+ "Standard_E4s_v3",
+ "Standard_E8s_v3",
+ "Standard_E16s_v3",
+ "Standard_E20s_v3",
+ "Standard_E32s_v3",
+ "Standard_E64s_v3",
+ "Standard_E64is_v3",
+ "Standard_F4s_v2",
+ "Standard_F8s_v2",
+ "Standard_F16s_v2",
+ "Standard_F32s_v2",
+ "Standard_F64s_v2",
+ "Standard_M8ms",
+ "Standard_M16ms",
+ "Standard_M32ms",
+ "Standard_M64ms",
+ "Standard_M64s",
+ "Standard_D2_v2",
+ "Standard_D3_v2",
+ "Standard_D4_v2",
+ "Standard_D5_v2",
+ "Standard_D11_v2",
+ "Standard_D12_v2",
+ "Standard_D13_v2",
+ "Standard_D14_v2",
+ "Standard_D15_v2",
+ "Standard_F2",
+ "Standard_F4",
+ "Standard_F8",
+ "Standard_F16",
+ "Standard_D4_v3",
+ "Standard_D8_v3",
+ "Standard_D16_v3",
+ "Standard_D32_v3",
+ "Standard_D64_v3",
+ "Standard_E4_v3",
+ "Standard_E8_v3",
+ "Standard_E16_v3",
+ "Standard_E20_v3",
+ "Standard_E32_v3",
+ "Standard_E64_v3",
+ "Standard_E64i_v3",
+ "Standard_DS11_v2",
+ "Standard_DS12_v2",
+ "Standard_DS13_v2",
+ "Standard_DS14_v2",
+ "Standard_DS15_v2"
+ ]
+ },
+ "osPlatform": "Linux",
+ "imageReference": {
+ "publisher": "checkpoint",
+ "offer": "check-point-cg-r81",
+ "sku": "sg-ngtx"
+ },
+ "count": "[steps('autoprovision').vmCount]"
+ },
+ {
+ "name": "adminShell",
+ "type": "Microsoft.Common.DropDown",
+ "label": "Default shell for the admin user",
+ "defaultValue": "/etc/cli.sh",
+ "toolTip": "The default shell for the admin user",
+ "constraints": {
+ "allowedValues": [
+ {
+ "label": "/etc/cli.sh",
+ "value": "/etc/cli.sh"
+ },
+ {
+ "label": "/bin/bash",
+ "value": "/bin/bash"
+ },
+ {
+ "label": "/bin/csh",
+ "value": "/bin/csh"
+ },
+ {
+ "label": "/bin/tcsh",
+ "value": "/bin/tcsh"
+ }
+ ]
+ }
+ },
+ {
+ "name": "sicKeyUi",
+ "type": "Microsoft.Common.PasswordBox",
+ "label": {
+ "password": "SIC Key",
+ "confirmPassword": "Confirm SIC Key"
+ },
+ "toolTip": "Set the Secure Internal Communication one time secret used to set up trust between the gateway and the management server.",
+ "constraints": {
+ "required": true,
+ "regex": "^[a-z0-9A-Z]{12,30}$",
+ "validationMessage": "Only alphanumeric characters are allowed, and the value must be 12-30 characters long."
+ },
+ "options": {
+ "hideConfirmation": false
+ }
+ },
+ {
+ "name": "SerialPasswordInfoBox",
+ "type": "Microsoft.Common.InfoBox",
+ "visible": "[bool(basics('auth').sshPublicKey)]",
+ "options": {
+ "icon": "Info",
+ "text": "Check Point recommends setting serial console password and maintenance-mode password for recovery purposes. For R81.10 and below the serial console password is used also as maintenance-mode password"
+ }
+ },
+ {
+ "visible": "[bool(basics('auth').sshPublicKey)]",
+ "name": "EnableSerialConsolePassword",
+ "type": "Microsoft.Common.OptionsGroup",
+ "label": "Enable Serial console password",
+ "defaultValue": "Yes",
+ "toolTip": "A unique password hash to enable VM connection via serial console.",
+ "constraints": {
+ "allowedValues": [
+ {
+ "label": "Yes",
+ "value": true
+ },
+ {
+ "label": "No",
+ "value": false
+ }
+ ]
+ }
+ },
+ {
+ "name": "AdditionalPassword",
+ "type": "Microsoft.Common.PasswordBox",
+ "toolTip": "Serial console password hash, used to enable password authentication (using serial console). To generate password hash use the command 'openssl passwd -6 PASSWORD'",
+ "visible": "[and(bool(basics('auth').sshPublicKey), steps('chkp').EnableSerialConsolePassword)]",
+ "label": {
+ "password": "Password hash",
+ "confirmPassword": "Confirm password"
+ },
+ "constraints": {
+ "required": true,
+ "regex": "^.{12,300}$",
+ "validationMessage": "The value must be the output of the hash command."
+ },
+ "options": {
+ "hideConfirmation": false
+ }
+ },
+ {
+ "name": "bootstrapScript",
+ "type": "Microsoft.Common.FileUpload",
+ "label": "Bootstrap script",
+ "toolTip": "An optional script to run on the initial boot",
+ "constraints": {
+ "required": false,
+ "accept": ".sh,text/plain"
+ },
+ "options": {
+ "multiple": false,
+ "uploadMode": "file",
+ "openMode": "text",
+ "encoding": "UTF-8"
+ }
+ },
+ {
+ "name": "allowUploadDownload",
+ "type": "Microsoft.Common.OptionsGroup",
+ "label": "Allow download from/upload to Check Point",
+ "defaultValue": "Yes",
+ "toolTip": "Automatically download Blade Contracts and other important data. Improve product experience by sending data to Check Point",
+ "constraints": {
+ "allowedValues": [
+ {
+ "label": "Yes",
+ "value": "true"
+ },
+ {
+ "label": "No",
+ "value": "false"
+ }
+ ]
+ }
+ },
+ {
+ "name": "VMDiskType",
+ "type": "Microsoft.Common.OptionsGroup",
+ "label": "VM disk type",
+ "toolTip": "Type of CloudGuard disk.",
+ "visible": "[not(contains('R80.40 R81' , steps('chkp').cloudGuardVersion))]",
+ "defaultValue": "Premium",
+ "constraints": {
+ "allowedValues": [
+ {
+ "label": "Standard",
+ "value": "Standard_LRS"
+ },
+ {
+ "label": "Premium",
+ "value": "Premium_LRS"
+ }
+ ]
+ }
+ },
+ {
+ "name": "VMDiskTypeOldVersions",
+ "type": "Microsoft.Common.OptionsGroup",
+ "label": "VM disk type",
+ "toolTip": "Type of CloudGuard disk.",
+ "visible": "[contains('R80.40 R81' , steps('chkp').cloudGuardVersion)]",
+ "defaultValue": "Standard",
+ "constraints": {
+ "allowedValues": [
+ {
+ "label": "Standard",
+ "value": "Standard_LRS"
+ },
+ {
+ "label": "Premium",
+ "value": "Premium_LRS"
+ }
+ ]
+ }
+ },
+ {
+ "name": "additionalDiskSizeGB",
+ "type": "Microsoft.Common.TextBox",
+ "label": "Additional disk space (GB)",
+ "defaultValue": "0",
+ "toolTip": "Additional disk space (in GB), initial disk size is 100 GB.",
+ "constraints": {
+ "regex": "^([0-9]|[1-9][0-9]|[1-9][0-9][0-9]|[1-2][0-9][0-9][0-9]|3[0-8][0-9][0-9]|399[0-5])$",
+ "validationMessage": "Select a number between 0 and 3995"
+ },
+ "visible": "[not(contains('R80.40 R81', steps('chkp').cloudGuardVersion))]"
+ },
+ {
+ "name": "useCustomImageUri",
+ "type": "Microsoft.Common.OptionsGroup",
+ "label": "Use development image uri",
+ "defaultValue": "No",
+ "toolTip": "Use custom image URI.",
+ "constraints": {
+ "allowedValues": [
+ {
+ "label": "Yes",
+ "value": "Yes"
+ },
+ {
+ "label": "No",
+ "value": "No"
+ }
+ ],
+ "required": true
+ },
+ "visible": false
+ },
+ {
+ "name": "sourceImageVhdUri",
+ "type": "Microsoft.Common.TextBox",
+ "label": "Development Image URI",
+ "toolTip": "The URI of the blob containing the development image",
+ "constraints": {
+ "required": "[equals(steps('chkp').useCustomImageUri, 'Yes')]",
+ "regex": "^[a-z0-9A-Z_\\-\\.\\:\\/]{1,500}.vhd$",
+ "validationMessage": "Only alphanumeric characters and '_','-','.',':','/' are allowed, the value must be 1-500 characters long and must end with .vhd. "
+ },
+ "visible": "[equals(steps('chkp').useCustomImageUri, 'Yes')]"
+ }
+ ]
+ },
+ {
+ "name": "network",
+ "label": "Network settings",
+ "subLabel": {
+ "preValidation": "Configure network settings",
+ "postValidation": "Done"
+ },
+ "bladeTitle": "Network settings",
+ "elements": [
+ {
+ "name": "virtualNetwork",
+ "type": "Microsoft.Network.VirtualNetworkCombo",
+ "label": {
+ "virtualNetwork": "Virtual network",
+ "subnets": "Subnets"
+ },
+ "toolTip": {
+ "virtualNetwork": "Virtual Network Name",
+ "subnets": "The subnets to deploy into"
+ },
+ "defaultValue": {
+ "name": "vnet01",
+ "addressPrefixSize": "/16"
+ },
+ "constraints": {
+ "minAddressPrefixSize": "/28"
+ },
+ "options": {
+ "hideExisting": false
+ },
+ "subnets": {
+ "subnet1": {
+ "label": "VMSS Frontend subnet",
+ "defaultValue": {
+ "name": "VMSS-Frontend",
+ "addressPrefixSize": "/24"
+ },
+ "constraints": {
+ "minAddressPrefixSize": "/29",
+ "minAddressCount": "[steps('autoprovision').maxVmCount]",
+ "requireContiguousAddresses": false
+ }
+ },
+ "subnet2": {
+ "label": "VMSS Backend subnet",
+ "defaultValue": {
+ "name": "VMSS-Backend",
+ "addressPrefixSize": "/24"
+ },
+ "constraints": {
+ "minAddressPrefixSize": "/29",
+ "minAddressCount": "[steps('autoprovision').maxVmCount]",
+ "requireContiguousAddresses": false
+ }
+ }
+ }
+ },
+ {
+ "name": "NSG",
+ "type": "Microsoft.Common.OptionsGroup",
+ "label": "Network Security Group",
+ "toolTip": "Choose between using an existing NSG or using a new NSG",
+ "constraints": {
+ "allowedValues": [
+ {
+ "label": "Create new",
+ "value": true
+ },
+ {
+ "label": "Existing NSG",
+ "value": false
+ }
+ ],
+ "required": true
+ },
+ "visible": true
+ },
+ {
+ "name": "nsgSelector",
+ "type": "Microsoft.Solutions.ResourceSelector",
+ "label": "Network Security Group",
+ "defaultValue": "null",
+ "toolTip": "Choose an existing NSG",
+ "resourceType": "Microsoft.Network/NetworkSecurityGroups",
+ "options": {
+ "filter": {
+ "subscription": "onBasics",
+ "location": "onBasics"
+ }
+ },
+ "constraints": {
+ "required": true
+ },
+ "visible": "[equals(steps('network').NSG, false)]"
+ },
+ {
+ "name": "NSGName",
+ "type": "Microsoft.Common.TextBox",
+ "label": "Name",
+ "defaultValue": "[concat(basics('gatewayScaleSetNameUi') , '-nsg')]",
+ "toolTip": "Insert Name for the new NSG",
+ "multiLine": false,
+ "constraints": {
+ "required": "[steps('network').NSG]",
+ "regex": "^[a-z0-9A-Z-]{1,30}$",
+ "validationMessage": "Only alphanumeric characters are allowed, and the name must be 1-30 characters long."
+ },
+ "visible": "[steps('network').NSG]"
+ },
+ {
+ "name": "addStorageAccountIpRules",
+ "type": "Microsoft.Common.OptionsGroup",
+ "defaultValue": "Network access from all networks",
+ "label": "Storage Account Network Access",
+ "toolTip": "Select your preferred network access to the Storage Account, for more information - https://learn.microsoft.com/en-us/troubleshoot/azure/virtual-machines/serial-console-linux#serial-console-security",
+ "constraints": {
+ "allowedValues": [
+ {
+ "label": "Network access from all networks",
+ "value": false
+ },
+ {
+ "label": "Network access only from Serial Console",
+ "value": true
+ }
+ ],
+ "required": true
+ },
+ "visible": true
+ }
+ ]
+ },
+ {
+ "name": "tags",
+ "label": "Tags",
+ "elements": [
+ {
+ "name": "tagsByResource",
+ "type": "Microsoft.Common.TagsByResource",
+ "toolTip": "Create Azure tags for the new resources",
+ "resources": [
+ "Function App",
+ "Microsoft.Storage/storageAccounts",
+ "Microsoft.Compute/virtualMachineScaleSets",
+ "Microsoft.Network/routeTables",
+ "Microsoft.Network/virtualNetworks",
+ "Microsoft.Network/networkSecurityGroups",
+ "Microsoft.Network/publicIPAddresses",
+ "Microsoft.Network/loadBalancers"
+ ]
+ }
+ ]
+ }
+ ],
+ "outputs": {
+ "location": "[location()]",
+ "authenticationType": "[basics('auth').authenticationType]",
+ "adminPassword": "[basics('auth').password]",
+ "sshPublicKey": "[basics('auth').sshPublicKey]",
+ "upgrading": "[steps('autoprovision').upgrading]",
+ "vmName": "[basics('gatewayScaleSetNameUi')]",
+ "instanceCount": "[steps('autoprovision').vmCount]",
+ "maxInstanceCount": "[steps('autoprovision').maxVmCount]",
+ "managementServer": "[steps('autoprovision').managementServer]",
+ "configurationTemplate": "[steps('autoprovision').configurationTemplate]",
+ "adminEmail": "[steps('autoprovision').adminEmail]",
+ "deploymentMode": "[steps('autoprovision').deploymentMode]",
+ "instanceLevelPublicIP": "[steps('autoprovision').instanceLevelPublicIP]",
+ "lbsTargetRGName": "[steps('autoprovision').lbsTargetRGName]",
+ "elbResourceId": "[steps('autoprovision').elbResourceId]",
+ "elbTargetBEAddressPoolName": "[steps('autoprovision').elbBEAddressPoolName]",
+ "ilbResourceId": "[steps('autoprovision').ilbResourceId]",
+ "ilbTargetBEAddressPoolName": "[steps('autoprovision').ilbBEAddressPoolName]",
+ "mgmtInterfaceOpt1": "[steps('autoprovision').mgmtInterfaceOpt1]",
+ "mgmtInterfaceOpt2": "[steps('autoprovision').mgmtInterfaceOpt2]",
+ "mgmtIPaddress": "[steps('autoprovision').mgmtIPaddress]",
+ "appLoadDistribution": "[steps('autoprovision').appLoadDistribution]",
+ "ilbLoadDistribution": "[steps('autoprovision').ilbLoadDistribution]",
+ "availabilityZonesNum": "[coalesce(steps('autoprovision').availabilityZonesNum, int('0'))]",
+ "customMetrics": "[steps('autoprovision').customMetrics]",
+ "cloudGuardVersion": "[concat(steps('chkp').cloudGuardVersion, ' - ', coalesce(steps('chkp').R80Offer, 'Bring Your Own License'))]",
+ "vmSize": "[coalesce(steps('chkp').R8040vmSizeUiBYOL, steps('chkp').R8040vmSizeUiNGTP, steps('chkp').R8040vmSizeUiNGTX, steps('chkp').R81vmSizeUiBYOL, steps('chkp').R81vmSizeUiNGTP, steps('chkp').R81vmSizeUiNGTX)]",
+ "sicKey": "[steps('chkp').sicKeyUi]",
+ "bootstrapScript": "[steps('chkp').bootstrapScript]",
+ "allowDownloadFromUploadToCheckPoint": "[coalesce(steps('chkp').allowUploadDownload, 'true')]",
+ "additionalDiskSizeGB": "[int(steps('chkp').additionalDiskSizeGB)]",
+ "diskType": "[if(contains('R80.40 R81' , steps('chkp').cloudGuardVersion) , steps('chkp').VMDiskTypeOldVersions , steps('chkp').VMDiskType)]",
+ "sourceImageVhdUri": "[coalesce(steps('chkp').sourceImageVhdUri, 'noCustomUri')]",
+ "virtualNetworkName": "[steps('network').virtualNetwork.name]",
+ "virtualNetworkAddressPrefixes": "[steps('network').virtualNetwork.addressPrefixes]",
+ "vnetNewOrExisting": "[steps('network').virtualNetwork.newOrExisting]",
+ "virtualNetworkExistingRGName": "[steps('network').virtualNetwork.resourceGroup]",
+ "subnet1Name": "[steps('network').virtualNetwork.subnets.subnet1.name]",
+ "subnet1Prefix": "[steps('network').virtualNetwork.subnets.subnet1.addressPrefix]",
+ "subnet2Name": "[steps('network').virtualNetwork.subnets.subnet2.name]",
+ "subnet2Prefix": "[steps('network').virtualNetwork.subnets.subnet2.addressPrefix]",
+ "subnet2StartAddress": "[steps('network').virtualNetwork.subnets.subnet2.startAddress]",
+ "floatingIP": "[steps('autoprovision').floatingIP]",
+ "IPv4Length": "[steps('autoprovision').IPv4Length]",
+ "publicIPPrefix": "[steps('autoprovision').publicIPPrefix]",
+ "createNewIPPrefix": "[steps('autoprovision').createNewIPPrefix]",
+ "ipPrefixExistingResourceId": "[steps('autoprovision').ipPrefixExistingResourceId]",
+ "adminShell": "[steps('chkp').adminShell]",
+ "tagsByResource": "[steps('tags').tagsByResource]",
+ "deployNewNSG": "[steps('network').NSG]",
+ "ExistingNSG": "[steps('network').nsgSelector]",
+ "NewNsgName": "[steps('network').NSGName]",
+ "addStorageAccountIpRules":"[steps('network').addStorageAccountIpRules]",
+ "SerialConsolePasswordHash": "[steps('chkp').AdditionalPassword]"
+ }
+ }
+}
diff --git a/deprecated/azure/templates/R8040-R81/vmss-r8040-r81/mainTemplate.json b/deprecated/azure/templates/R8040-R81/vmss-r8040-r81/mainTemplate.json
new file mode 100644
index 00000000..b343976c
--- /dev/null
+++ b/deprecated/azure/templates/R8040-R81/vmss-r8040-r81/mainTemplate.json
@@ -0,0 +1,1156 @@
+{
+ "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
+ "contentVersion": "1.0.0.0",
+ "parameters": {
+ "subscriptionId": {
+ "type": "string",
+ "defaultValue": "[subscription().subscriptionId]",
+ "metadata": {
+ "description": "Subscription ID."
+ }
+ },
+ "location": {
+ "type": "string",
+ "metadata": {
+ "description": "Deployment location"
+ },
+ "defaultValue": "[resourceGroup().location]"
+ },
+ "cloudGuardVersion": {
+ "type": "string",
+ "allowedValues": [
+ "R80.40 - Bring Your Own License",
+ "R80.40 - Pay As You Go (NGTP)",
+ "R80.40 - Pay As You Go (NGTX)",
+ "R81 - Bring Your Own License",
+ "R81 - Pay As You Go (NGTP)",
+ "R81 - Pay As You Go (NGTX)"
+ ],
+ "defaultValue": "R81 - Bring Your Own License",
+ "metadata": {
+ "description": "Version of Check Point CloudGuard"
+ }
+ },
+ "instanceCount": {
+ "defaultValue": "2",
+ "type": "string",
+ "metadata": {
+ "description": "Number of VM instances"
+ }
+ },
+ "maxInstanceCount": {
+ "defaultValue": "10",
+ "type": "string",
+ "metadata": {
+ "description": "Maximum number of VM instances"
+ }
+ },
+ "managementServer": {
+ "type": "string",
+ "metadata": {
+ "description": "The name of the management server as it appears in the configuration file"
+ }
+ },
+ "configurationTemplate": {
+ "type": "string",
+ "metadata": {
+ "description": "A name of a template as it appears in the configuration file"
+ }
+ },
+ "adminEmail": {
+ "type": "string",
+ "defaultValue": "",
+ "metadata": {
+ "description": "Email address to notify if there are any scaling operations"
+ }
+ },
+ "authenticationType": {
+ "type": "string",
+ "allowedValues": [
+ "password",
+ "sshPublicKey"
+ ],
+ "defaultValue": "password",
+ "metadata": {
+ "description": "Authentication type"
+ }
+ },
+ "sshPublicKey": {
+ "type": "string",
+ "defaultValue": "",
+ "metadata": {
+ "description": "Administrator SSH public key"
+ }
+ },
+ "adminPassword": {
+ "type": "securestring",
+ "metadata": {
+ "description": "Administrator password"
+ },
+ "defaultValue": ""
+ },
+ "SerialConsolePasswordHash": {
+ "type": "securestring",
+ "defaultValue": "",
+ "metadata": {
+ "Description": "Optional parameter, used to enable serial console connection in case of SSH key as authentication type"
+ }
+ },
+ "vmName": {
+ "type": "string",
+ "metadata": {
+ "description": "Name of the Check Point Security Gateway scale set"
+ }
+ },
+ "vmSize": {
+ "type": "string",
+ "defaultValue": "Standard_D3_v2",
+ "metadata": {
+ "description": "Size of the VM"
+ }
+ },
+ "adminShell": {
+ "type": "string",
+ "defaultValue": "/etc/cli.sh",
+ "allowedValues": [
+ "/etc/cli.sh",
+ "/bin/bash",
+ "/bin/csh",
+ "/bin/tcsh"
+ ],
+ "metadata": {
+ "Description": "The default shell for the admin user"
+ }
+ },
+ "sicKey": {
+ "type": "securestring",
+ "metadata": {
+ "description": "One time key for Secure Internal Communication"
+ }
+ },
+ "virtualNetworkName": {
+ "type": "string",
+ "metadata": {
+ "description": "The name of the virtual network"
+ },
+ "defaultValue": "[concat(resourceGroup().name, '-vnet')]"
+ },
+ "upgrading": {
+ "type": "string",
+ "defaultValue": "no",
+ "allowedValues": [
+ "no",
+ "yes"
+ ],
+ "metadata": {
+ "Description": "Indicates whether the user in upgrading the CloudGuard VMSS solution"
+ }
+ },
+ "floatingIP": {
+ "type": "string",
+ "defaultValue": "no",
+ "allowedValues": [
+ "no",
+ "yes"
+ ],
+ "metadata": {
+ "description": "Deploy the Load Balancers with floating IP"
+ }
+ },
+ "instanceLevelPublicIP": {
+ "type": "string",
+ "allowedValues": [
+ "no",
+ "yes"
+ ],
+ "defaultValue": "no",
+ "metadata": {
+ "description": "Deploy the VMSS with instance level Public IP address"
+ }
+ },
+ "publicIPPrefix": {
+ "type": "string",
+ "defaultValue": "no",
+ "allowedValues": [
+ "no",
+ "yes"
+ ],
+ "metadata": {
+ "description": "Use public IP prefix."
+ }
+ },
+ "createNewIPPrefix": {
+ "type": "string",
+ "defaultValue": "no",
+ "allowedValues": [
+ "no",
+ "yes"
+ ],
+ "metadata": {
+ "description": "Create new IP prefix or use an existing one."
+ }
+ },
+ "IPv4Length": {
+ "type": "string",
+ "defaultValue": "/31 (2 addresses)",
+ "allowedValues": [
+ "/28 (16 addresses)",
+ "/29 (8 addresses)",
+ "/30 (4 addresses)",
+ "/31 (2 addresses)"
+ ],
+ "metadata": {
+ "description": "Choose the IP prefix length for IP v4."
+ }
+ },
+ "ipPrefixExistingResourceId": {
+ "type": "string",
+ "metadata": {
+ "description": "The resource id of the existing IP prefix."
+ },
+ "defaultValue": ""
+ },
+ "lbsTargetRGName": {
+ "type": "string",
+ "metadata": {
+ "description": "The name of the Target Load Balancers Resource Group."
+ },
+ "defaultValue": ""
+ },
+ "elbResourceId": {
+ "type": "string",
+ "metadata": {
+ "description": "The Resource ID of the Target External Load Balancer."
+ },
+ "defaultValue": ""
+ },
+ "elbTargetBEAddressPoolName": {
+ "type": "string",
+ "metadata": {
+ "description": "The name of the new Target External Load Balancer's Backend Pool."
+ },
+ "defaultValue": ""
+ },
+ "ilbResourceId": {
+ "type": "string",
+ "metadata": {
+ "description": "The Resource ID of the Target Internal Load Balancer."
+ },
+ "defaultValue": ""
+ },
+ "ilbTargetBEAddressPoolName": {
+ "type": "string",
+ "metadata": {
+ "description": "The name of the new Target Internal Load Balancer's Backend Pool."
+ },
+ "defaultValue": ""
+ },
+ "virtualNetworkAddressPrefixes": {
+ "type": "array",
+ "metadata": {
+ "description": "The address prefixes of the virtual network"
+ },
+ "defaultValue": [
+ "10.0.0.0/16"
+ ]
+ },
+ "subnet1Name": {
+ "type": "string",
+ "metadata": {
+ "description": "The name of the frontend subnet"
+ },
+ "defaultValue": "Frontend"
+ },
+ "subnet1Prefix": {
+ "type": "string",
+ "metadata": {
+ "description": "The address prefix of the frontend subnet"
+ },
+ "defaultValue": "10.0.1.0/24"
+ },
+ "subnet2Name": {
+ "type": "string",
+ "metadata": {
+ "description": "The name of the backend subnet"
+ },
+ "defaultValue": "Backend"
+ },
+ "subnet2Prefix": {
+ "type": "string",
+ "metadata": {
+ "description": "The address prefix of the backend subnet"
+ },
+ "defaultValue": "10.0.2.0/24"
+ },
+ "subnet2StartAddress": {
+ "type": "string",
+ "metadata": {
+ "description": "The first available address on the 2nd subnet"
+ },
+ "defaultValue": "10.0.2.4"
+ },
+ "vnetNewOrExisting": {
+ "type": "string",
+ "defaultValue": "new",
+ "allowedValues": [
+ "new",
+ "existing"
+ ],
+ "metadata": {
+ "Description": "Indicates whether the virtual network is new or existing"
+ }
+ },
+ "virtualNetworkExistingRGName": {
+ "type": "string",
+ "metadata": {
+ "description": "Resource Group of the existing virtual network"
+ },
+ "defaultValue": "[resourceGroup().name]"
+ },
+ "bootstrapScript": {
+ "type": "string",
+ "metadata": {
+ "description": "Bootstrap script"
+ },
+ "defaultValue": ""
+ },
+ "allowDownloadFromUploadToCheckPoint": {
+ "type": "string",
+ "allowedValues": [
+ "true",
+ "false"
+ ],
+ "defaultValue": "true",
+ "metadata": {
+ "description": "Automatically download Blade Contracts and other important data. Improve product experience by sending data to Check Point"
+ }
+ },
+ "mgmtInterfaceOpt1": {
+ "type": "string",
+ "allowedValues": [
+ "eth0-public",
+ "eth0-private",
+ "eth1-private"
+ ],
+ "defaultValue": "eth1-private",
+ "metadata": {
+ "description": "Manage the Gateways in the Scale Set via the instance's external (eth0) or internal (eth1) NIC's private IP address."
+ }
+ },
+ "mgmtInterfaceOpt2": {
+ "type": "string",
+ "allowedValues": [
+ "eth0-private",
+ "eth1-private"
+ ],
+ "defaultValue": "eth1-private",
+ "metadata": {
+ "description": "Manage the Gateways in the Scale Set via the instance's external (eth0) or internal (eth1) NIC's private IP address."
+ }
+ },
+ "mgmtIPaddress": {
+ "type": "string",
+ "defaultValue": "",
+ "metadata": {
+ "description": "The IP address used to manage the VMSS instances."
+ }
+ },
+ "diskType": {
+ "type": "string",
+ "defaultValue": "Standard_LRS",
+ "metadata": {
+ "description": "The type of the OS disk. Premium is applicable only to DS machine sizes"
+ },
+ "allowedValues": [
+ "Standard_LRS",
+ "Premium_LRS"
+ ]
+ },
+ "appLoadDistribution": {
+ "type": "string",
+ "allowedValues": [
+ "Default",
+ "SourceIP",
+ "SourceIPProtocol"
+ ],
+ "defaultValue": "Default",
+ "metadata": {
+ "description": "The External Load Balancer distribution method"
+ }
+ },
+ "ilbLoadDistribution": {
+ "type": "string",
+ "allowedValues": [
+ "Default",
+ "SourceIP",
+ "SourceIPProtocol"
+ ],
+ "defaultValue": "Default",
+ "metadata": {
+ "description": "The Internal Load Balancer distribution method"
+ }
+ },
+ "deploymentMode": {
+ "type": "string",
+ "allowedValues": [
+ "Standard",
+ "ILBOnly",
+ "ELBOnly"
+ ],
+ "defaultValue": "Standard",
+ "metadata": {
+ "description": "Solution deployment architecture."
+ }
+ },
+ "sourceImageVhdUri": {
+ "type": "string",
+ "defaultValue": "noCustomUri",
+ "metadata": {
+ "description": "The URI of the blob containing the development image"
+ }
+ },
+ "availabilityZonesNum": {
+ "type": "int",
+ "allowedValues": [
+ 0,
+ 1,
+ 2,
+ 3
+ ],
+ "defaultValue": 0,
+ "metadata": {
+ "description": "The number of availability zones"
+ }
+ },
+ "_artifactsLocation": {
+ "type": "string",
+ "metadata": {
+ "description": "Use the following URI when deploying a custom template: https://raw.githubusercontent.com/CheckPointSW/CloudGuardIaaS/master/azure/templates/"
+ },
+ "defaultValue": "[deployment().properties.templateLink.uri]"
+ },
+ "_artifactsLocationSasToken": {
+ "type": "securestring",
+ "metadata": {
+ "description": "The sasToken required to access _artifactsLocation. When the template is deployed using the accompanying scripts, a sasToken will be automatically generated. Use the defaultValue if the staging location is not secured."
+ },
+ "defaultValue": ""
+ },
+ "customMetrics": {
+ "type": "string",
+ "allowedValues": [
+ "no",
+ "yes"
+ ],
+ "defaultValue": "yes",
+ "metadata": {
+ "Description": "Indicates whether Custom Metrics will be used for VMSS Scaling policy and VM monitoring"
+ }
+ },
+ "rbacGuid": {
+ "type": "string",
+ "defaultValue": "[newGuid()]"
+ },
+ "tagsByResource": {
+ "type": "object",
+ "defaultValue": {}
+ },
+ "deployNewNSG": {
+ "type": "bool",
+ "defaultValue": true
+ },
+ "ExistingNSG": {
+ "type": "object",
+ "defaultValue": {}
+ },
+ "NewNsgName": {
+ "type": "string",
+ "defaultValue": "[concat(parameters('vmName'),'-nsg')]"
+ },
+ "addStorageAccountIpRules": {
+ "type": "bool",
+ "metadata": {
+ "description": "Add Storage Account IP rules that allow access to the Serial Console only for IPs based on their geographic location, based on https://learn.microsoft.com/en-us/troubleshoot/azure/virtual-machines/serial-console-linux#use-serial-console-with-custom-boot-diagnostics-storage-account-firewall-enabled"
+ },
+ "defaultValue" : false
+ },
+ "storageAccountAdditionalIps":{
+ "type": "array",
+ "metadata": {
+ "description": "IPs/CIDRs that are allowed access to the Storage Account"
+ },
+ "defaultValue" : []
+ }
+ },
+ "variables": {
+ "resourceGroup": "[resourceGroup()]",
+ "resourceGroupName": "[resourceGroup().name]",
+ "templateName": "vmss-v2",
+ "templateVersion": "20230910",
+ "location": "[parameters('location')]",
+ "offers": {
+ "R80.40 - Bring Your Own License": "BYOL",
+ "R80.40 - Pay As You Go (NGTP)": "NGTP",
+ "R80.40 - Pay As You Go (NGTX)": "NGTX",
+ "R81 - Bring Your Own License": "BYOL",
+ "R81 - Pay As You Go (NGTP)": "NGTP",
+ "R81 - Pay As You Go (NGTX)": "NGTX"
+ },
+ "offer": "[variables('offers')[parameters('cloudGuardVersion')]]",
+ "osVersions": {
+ "R80.40 - Bring Your Own License": "R8040",
+ "R80.40 - Pay As You Go (NGTP)": "R8040",
+ "R80.40 - Pay As You Go (NGTX)": "R8040",
+ "R81 - Bring Your Own License": "R81",
+ "R81 - Pay As You Go (NGTP)": "R81",
+ "R81 - Pay As You Go (NGTX)": "R81"
+ },
+ "osVersion": "[variables('osVersions')[parameters('cloudGuardVersion')]]",
+ "SerialConsoleGeographies": {
+ "eastasia" : ["20.205.69.28", "20.195.85.180"],
+ "southeastasia" : ["20.205.69.28", "20.195.85.180"],
+ "australiacentral" : ["20.53.53.224", "20.70.222.112"],
+ "australiacentral2" : ["20.53.53.224", "20.70.222.112"],
+ "australiaeast" : ["20.53.53.224", "20.70.222.112"],
+ "australiasoutheast" : ["20.53.53.224", "20.70.222.112"],
+ "brazilsouth" : ["91.234.136.63", "20.206.0.194"],
+ "brazilsoutheast" : ["91.234.136.63", "20.206.0.194"],
+ "canadacentral" : ["52.228.86.177", "52.242.40.90"],
+ "canadaeast" : ["52.228.86.177", "52.242.40.90"],
+ "northeurope" : ["52.146.139.220", "20.105.209.72"],
+ "westeurope" : ["52.146.139.220", "20.105.209.72"],
+ "francecentral" : ["20.111.0.244", "52.136.191.10"],
+ "francesouth" : ["20.111.0.244", "52.136.191.10"],
+ "germanynorth" : ["51.116.75.88", "20.52.95.48"],
+ "germanywestcentral" : ["51.116.75.88", "20.52.95.48"],
+ "centralindia" : ["20.192.168.150", "20.192.153.104"],
+ "southindia" : ["20.192.168.150", "20.192.153.104"],
+ "westindia" : ["20.192.168.150", "20.192.153.104"],
+ "japaneast" : ["20.43.70.205", "20.189.228.222"],
+ "japanwest" : ["20.43.70.205", "20.189.228.222"],
+ "koreacentral" : ["20.200.196.96", "52.147.119.29"],
+ "koreasouth" : ["20.200.196.96", "52.147.119.29"],
+ "norwaywest" : ["20.100.1.184", "51.13.138.76"],
+ "norwayeast" : ["20.100.1.184", "51.13.138.76"],
+ "switzerlandnorth" : ["20.208.4.98", "51.107.251.190"],
+ "switzerlandwest" : ["20.208.4.98", "51.107.251.190"],
+ "uaecentral" : ["20.45.95.66", "20.38.141.5"],
+ "uaenorth" : ["20.45.95.66", "20.38.141.5"],
+ "uksouth" : ["20.90.132.144", "20.58.68.62"],
+ "ukwest" : ["20.90.132.144", "20.58.68.62"],
+ "swedencentral" : ["51.12.72.223", "51.12.22.174"],
+ "swedensouth" : ["51.12.72.223", "51.12.22.174"],
+ "centralus" : ["20.98.146.84", "20.98.194.64", "20.69.5.162", "20.83.222.102"],
+ "eastus2" : ["20.98.146.84", "20.98.194.64", "20.69.5.162", "20.83.222.102"],
+ "eastus" : ["20.98.146.84", "20.98.194.64", "20.69.5.162", "20.83.222.102"],
+ "northcentralus" : ["20.98.146.84", "20.98.194.64", "20.69.5.162", "20.83.222.102"],
+ "southcentralus" : ["20.98.146.84", "20.98.194.64", "20.69.5.162", "20.83.222.102"],
+ "westus2" : ["20.98.146.84", "20.98.194.64", "20.69.5.162", "20.83.222.102"],
+ "westus3" : ["20.98.146.84", "20.98.194.64", "20.69.5.162", "20.83.222.102"],
+ "westcentralus" : ["20.98.146.84", "20.98.194.64", "20.69.5.162", "20.83.222.102"],
+ "westus" : ["20.98.146.84", "20.98.194.64", "20.69.5.162", "20.83.222.102"],
+ "eastus2euap" : ["20.45.242.18", "20.51.21.252"],
+ "centraluseuap" : ["20.45.242.18", "20.51.21.252"]},
+ "serialConsoleIps": "[if(contains(variables('serialConsoleGeographies'),variables('location')),variables('serialConsoleGeographies')[variables('location')],createArray())]",
+ "storageAccountIps" : "[concat(variables('SerialConsoleIps'),parameters('storageAccountAdditionalIps'))]",
+ "isBlink": true,
+ "subnet2Name": "[parameters('subnet2Name')]",
+ "storageAccountName": "[concat('bootdiag', uniqueString(variables('resourceGroup').id, deployment().name))]",
+ "storageAccountType": "Standard_LRS",
+ "diskSize100GB": 100,
+ "additionalDiskSizeGB": "[if(contains('R8040 R81', variables('osVersion')), 0, parameters('additionalDiskSizeGB'))]",
+ "diskSizeGB": "[add(variables('additionalDiskSizeGB'), variables('diskSize100GB'))]",
+ "enableFloatingIP": "[equals(parameters('floatingIP'), 'yes')]",
+ "customData": "[concat('#!/usr/bin/python3 /etc/cloud_config.py\n', '\n', 'installationType=\"', variables('installationType'), '\"', '\n', 'allowUploadDownload=\"', variables('allowUploadDownload'), '\"', '\n', 'osVersion=\"', variables('osVersion'), '\"', '\n', 'templateName=\"', variables('templateName'), '\"', '\n', 'isBlink=\"', variables('isBlink'), '\"', '\n', 'templateVersion=\"', variables('templateVersion'), '\"', '\n', 'bootstrapScript64=\"', variables('bootstrapScript64'), '\"', '\n', 'location=\"', variables('location'), '\"', '\n', 'sicKey=\"', variables('sicKey'), '\"', '\n', 'customMetrics=\"', variables('customMetrics'), '\"', '\n', 'adminShell=\"', parameters('adminShell'), '\"', '\n', 'MaintenanceModePassword=\"', parameters('MaintenanceModePasswordHash'), '\"', '\n', 'passwordHash=\"', parameters('SerialConsolePasswordHash'), '\"', '\n')]",
+ "imageOffer": "[concat('check-point-cg-', toLower(variables('osVersion')))]",
+ "imagePublisher": "checkpoint",
+ "imageReferenceBYOL": {
+ "offer": "[variables('imageOffer')]",
+ "publisher": "[variables('imagePublisher')]",
+ "sku": "sg-byol",
+ "version": "latest"
+ },
+ "imageReferenceNGTP": {
+ "offer": "[variables('imageOffer')]",
+ "publisher": "[variables('imagePublisher')]",
+ "sku": "sg-ngtp",
+ "version": "latest"
+ },
+ "imageReferenceNGTP-V2": {
+ "offer": "[variables('imageOffer')]",
+ "publisher": "[variables('imagePublisher')]",
+ "sku": "sg-ngtp-v2",
+ "version": "latest"
+ },
+ "imageReferenceNGTX": {
+ "offer": "[variables('imageOffer')]",
+ "publisher": "[variables('imagePublisher')]",
+ "sku": "sg-ngtx",
+ "version": "latest"
+ },
+ "imageReferenceNGTX-V2": {
+ "offer": "[variables('imageOffer')]",
+ "publisher": "[variables('imagePublisher')]",
+ "sku": "sg-ngtx-v2",
+ "version": "latest"
+ },
+ "imageReferenceMarketplace": "[if(equals(variables('offer'), 'BYOL'), variables('imageReferenceBYOL'), if(equals(variables('offer'), 'NGTP'), variables('imageReferenceNGTP'), if(equals(variables('offer'), 'NGTP-V2'), variables('imageReferenceNGTP-V2'), if(equals(variables('offer'), 'NGTX'), variables('imageReferenceNGTX'), if(equals(variables('offer'), 'NGTX-V2'), variables('imageReferenceNGTX-V2'), json('null'))))))]",
+ "customImage": "customImage",
+ "imageReferenceCustomUri": {
+ "id": "[resourceId('Microsoft.Compute/images', variables('customImage'))]"
+ },
+ "imageReference": "[if(equals(parameters('sourceImageVhdUri'),'noCustomUri'), variables('imageReferenceMarketplace'), variables('imageReferenceCustomUri'))]",
+ "linuxConfigurationpassword": {
+ "disablePasswordAuthentication": "false"
+ },
+ "linuxConfigurationsshPublicKey": {
+ "disablePasswordAuthentication": "true",
+ "ssh": {
+ "publicKeys": [
+ {
+ "keyData": "[parameters('sshPublicKey')]",
+ "path": "/home/notused/.ssh/authorized_keys"
+ }
+ ]
+ }
+ },
+ "linuxConfiguration": "[if(equals(parameters('authenticationType'), 'password'), variables('linuxConfigurationpassword'), variables('linuxConfigurationsshPublicKey'))]",
+ "planBYOL": {
+ "name": "sg-byol",
+ "product": "[variables('imageOffer')]",
+ "publisher": "[variables('imagePublisher')]"
+ },
+ "planNGTP": {
+ "name": "sg-ngtp",
+ "product": "[variables('imageOffer')]",
+ "publisher": "[variables('imagePublisher')]"
+ },
+ "planNGTP-V2": {
+ "name": "sg-ngtp-v2",
+ "product": "[variables('imageOffer')]",
+ "publisher": "[variables('imagePublisher')]"
+ },
+ "planNGTX": {
+ "name": "sg-ngtx",
+ "product": "[variables('imageOffer')]",
+ "publisher": "[variables('imagePublisher')]"
+ },
+ "planNGTX-V2": {
+ "name": "sg-ngtx-v2",
+ "product": "[variables('imageOffer')]",
+ "publisher": "[variables('imagePublisher')]"
+ },
+ "plan": "[if(equals(variables('offer'), 'BYOL') , variables('planBYOL'), if(equals(variables('offer'), 'NGTP'), variables('planNGTP'), if(equals(variables('offer'), 'NGTP-V2'), variables('planNGTP-V2'), if(equals(variables('offer'), 'NGTX'), variables('planNGTX'), if(equals(variables('offer'), 'NGTX-V2'), variables('planNGTX-V2'), json('null'))))))]",
+ "vmssID": "[resourceId('Microsoft.Compute/virtualMachineScaleSets', parameters('vmName'))]",
+ "bootstrapScript64": "[base64(parameters('bootstrapScript'))]",
+ "allowUploadDownload": "[parameters('allowDownloadFromUploadToCheckPoint')]",
+ "sicKey": "[parameters('sicKey')]",
+ "installationType": "vmss",
+ "upgrading": "[equals(parameters('upgrading'), 'yes')]",
+ "_artifactsLocation": "[if(contains(parameters('_artifactsLocation'),'raw.githubusercontent.com/CheckPointSW/CloudGuardIaaS/master/azure/templates/marketplace'),'https://raw.githubusercontent.com/CheckPointSW/CloudGuardIaaS/master/azure/templates/',parameters('_artifactsLocation'))]",
+ "networkSetupURL": "[uri(variables('_artifactsLocation'), concat('nestedtemplates/vnet-2-subnet-ha-', parameters('vnetNewOrExisting'), '.json', parameters('_artifactsLocationSasToken')))]",
+ "loadBalacerSetupURL": "[uri(variables('_artifactsLocation'), concat('nestedtemplates/load-balancers.json', parameters('_artifactsLocationSasToken')))]",
+ "lbsTargetRGName": "[parameters('lbsTargetRGName')]",
+ "lbRGName": "[if(variables('upgrading'), variables('lbsTargetRGName'), resourceGroup().name)]",
+ "loadBalancerSetupId": "[resourceId(variables('lbRGName'), 'Microsoft.Resources/deployments', 'loadBalancerSetup')]",
+ "deployNewVnet": "[equals(parameters('vnetNewOrExisting'), 'new')]",
+ "vnetRGName": "[if(variables('deployNewVnet'), variables('resourceGroupName'), parameters('virtualNetworkExistingRGName'))]",
+ "vnetID": "[if(variables('deployNewVnet'), resourceId(variables('vnetRGName'), 'Microsoft.Resources/deployments', 'networkNewSetup'), resourceId(variables('vnetRGName'), 'Microsoft.Resources/deployments', 'networkExistingSetup'))]",
+ "storageAccountId": "[resourceId('Microsoft.Storage/storageAccounts/', variables('storageAccountName'))]",
+ "customImageId": "[variables('imageReferenceCustomUri').id]",
+ "availabilityZonesLocations": [
+ "brazilsouth",
+ "canadacentral",
+ "centralus",
+ "eastus",
+ "eastus2",
+ "southcentralus",
+ "usgovvirginia",
+ "westus2",
+ "westus3",
+ "francecentral",
+ "germanywestcentral",
+ "northeurope",
+ "norwayeast",
+ "uksouth",
+ "westeurope",
+ "swedencentral",
+ "switzerlandnorth",
+ "qatarcentral",
+ "uaenorth",
+ "southafricanorth",
+ "australiaeast",
+ "centralindia",
+ "japaneast",
+ "koreacentral",
+ "southeastasia",
+ "eastasia",
+ "italynorth"
+ ],
+ "availabilityZonesProperty": "[range(1, parameters('availabilityZonesNum'))]",
+ "mgmtInterface": "[if(equals(parameters('instanceLevelPublicIP'), 'yes'), parameters('mgmtInterfaceOpt1'), parameters('mgmtInterfaceOpt2'))]",
+ "mgmtIpAddressType": "[split(variables('mgmtInterface'), '-')[1]]",
+ "mgmtInterfaceName": "[split(variables('mgmtInterface'), '-')[0]]",
+ "mgmtIPaddress": "[if(equals(variables('mgmtInterfaceName'), 'eth0'), parameters('mgmtIPaddress'), '')]",
+ "commomTags": {
+ "x-chkp-management": "[parameters('managementServer')]",
+ "x-chkp-template": "[parameters('configurationTemplate')]",
+ "x-chkp-ip-address": "[variables('mgmtIpAddressType')]",
+ "x-chkp-management-interface": "[variables('mgmtInterfaceName')]",
+ "x-chkp-topology": "eth0:external,eth1:internal",
+ "x-chkp-anti-spoofing": "eth0:false,eth1:false",
+ "x-chkp-srcImageUri": "[parameters('sourceImageVhdUri')]"
+ },
+ "uniqueTags": {
+ "x-chkp-management-address": "[variables('mgmtIPaddress')]"
+ },
+ "vmssTags": "[if(equals(variables('mgmtIPaddress'), ''), variables('commomTags'), union(variables('commomTags'), variables('uniqueTags')))]",
+ "customMetrics": "[parameters('customMetrics')]",
+ "monitoringMetricsPublisher": "[concat('/subscriptions/', parameters('subscriptionId'), '/providers/Microsoft.Authorization/roleDefinitions/', '3913510d-42f4-4e42-8a64-420c390055eb')]",
+ "identity": "[json('{\"type\": \"SystemAssigned\"}')]",
+ "IPv4Lengths": {
+ "/28 (16 addresses)": "28",
+ "/29 (8 addresses)": "29",
+ "/30 (4 addresses)": "30",
+ "/31 (2 addresses)": "31"
+ },
+ "ipPrefixNewName": "[concat(parameters('vmName'), '-ipprefix')]",
+ "ipPrefixExistingResourceId": "[if(equals(parameters('publicIPPrefix'), 'yes'), parameters('ipPrefixExistingResourceId'), json('null'))]",
+ "ipPrefixId": "[resourceId('Microsoft.Network/publicipprefixes',variables('ipPrefixNewName'))]",
+ "publicIPPrefixId": "[if(equals(parameters('publicIPPrefix'), 'yes'), variables('ipPrefixId'), json('null'))]",
+ "usePublicIPPrefix": "[if(equals(parameters('createNewIPPrefix'),'yes'), variables('publicIPPrefixId'), variables('ipPrefixExistingResourceId'))]",
+ "publicIPPropertiesWithPrefix": {
+ "name": "instancePublicIP",
+ "properties": {
+ "idleTimeoutInMinutes": 15,
+ "PublicIpPrefix": {
+ "Id": "[if(equals(parameters('publicIPPrefix'), 'yes'), variables('usePublicIPPrefix'), json('null'))]"
+ }
+ }
+ },
+ "publicIPPropertiesWithoutPrefix": {
+ "name": "instancePublicIP",
+ "properties": {
+ "idleTimeoutInMinutes": 15
+ }
+ },
+ "publicIPPrefixLength": "[variables('IPv4Lengths')[parameters('IPv4Length')]]",
+ "useIpPrefix": "[if(equals(parameters('publicIPPrefix'), 'yes'), variables('publicIPPropertiesWithPrefix'), variables('publicIPPropertiesWithoutPrefix'))]",
+ "NewNsgReference": {"id": "[resourceId(variables('vnetRGName'),'Microsoft.Network/networkSecurityGroups', parameters('NewNsgName'))]"}
+ },
+ "resources": [
+ {
+ "condition": "[and(equals(parameters('createNewIPPrefix'), 'yes'), equals(parameters('publicIPPrefix'), 'yes'))]",
+ "apiVersion": "2020-06-01",
+ "type": "Microsoft.Network/publicipprefixes",
+ "name": "[variables('ipPrefixNewName')]",
+ "location": "[variables('location')]",
+ "properties": {
+ "prefixLength": "[variables('publicIPPrefixLength')]",
+ "publicIPAddressVersion": "IPv4"
+ },
+ "sku": {
+ "name": "Standard",
+ "tier": "Regional"
+ },
+ "tags": "[ if(contains(parameters('tagsByResource'), 'Microsoft.Network/publicipprefixes'), parameters('tagsByResource')['Microsoft.Network/publicipprefixes'], json('{}')) ]"
+ },
+ {
+ "apiVersion": "2020-06-01",
+ "name": "pid-6f13b00a-7546-4ab2-be9f-c66815cc6c8b-partnercenter",
+ "type": "Microsoft.Resources/deployments",
+ "properties": {
+ "mode": "Incremental",
+ "template": {
+ "$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
+ "contentVersion": "1.0.0.0",
+ "resources": []
+ }
+ }
+ },
+ {
+ "condition": "[equals(variables('customMetrics'), 'yes')]",
+ "apiVersion": "2020-04-01-preview",
+ "type": "Microsoft.Authorization/roleAssignments",
+ "name": "[parameters('rbacGuid')]",
+ "properties": {
+ "roleDefinitionId": "[variables('monitoringMetricsPublisher')]",
+ "principalId": "[reference(variables('vmssID'), '2021-07-01', 'Full').identity.principalId]",
+ "scope": "[resourceGroup().id]"
+ },
+ "dependsOn": [
+ "[variables('vmssID')]"
+ ],
+ "tags": "[ if(contains(parameters('tagsByResource'), 'Microsoft.Authorization/roleAssignments'), parameters('tagsByResource')['Microsoft.Authorization/roleAssignments'], json('{}')) ]"
+ },
+ {
+ "condition": "[equals(parameters('vnetNewOrExisting'), 'new')]",
+ "name": "networkNewSetup",
+ "type": "Microsoft.Resources/deployments",
+ "apiVersion": "2020-06-01",
+ "resourceGroup": "[variables('vnetRGName')]",
+ "properties": {
+ "mode": "Incremental",
+ "templateLink": {
+ "uri": "[variables('networkSetupURL')]",
+ "contentVersion": "1.0.0.0"
+ },
+ "parameters": {
+ "location": {
+ "value": "[variables('location')]"
+ },
+ "virtualNetworkName": {
+ "value": "[parameters('virtualNetworkName')]"
+ },
+ "virtualNetworkAddressPrefixes": {
+ "value": "[parameters('virtualNetworkAddressPrefixes')]"
+ },
+ "subnet1Name": {
+ "value": "[parameters('subnet1Name')]"
+ },
+ "subnet1Prefix": {
+ "value": "[parameters('subnet1Prefix')]"
+ },
+ "subnet2Name": {
+ "value": "[parameters('subnet2Name')]"
+ },
+ "subnet2Prefix": {
+ "value": "[parameters('subnet2Prefix')]"
+ },
+ "vmName": {
+ "value": "[parameters('vmName')]"
+ },
+ "deployNsg": {
+ "value": "[parameters('deployNewNSG')]"
+ },
+ "NewNsgName":
+ {
+ "value":"[parameters('NewNsgName')]"
+ },
+ "tagsByResource": {
+ "value": "[parameters('tagsByResource')]"
+ }
+ }
+ }
+ },
+ {
+ "condition": "[equals(parameters('vnetNewOrExisting'), 'existing')]",
+ "name": "networkExistingSetup",
+ "type": "Microsoft.Resources/deployments",
+ "apiVersion": "2020-06-01",
+ "resourceGroup": "[variables('vnetRGName')]",
+ "properties": {
+ "mode": "Incremental",
+ "templateLink": {
+ "uri": "[variables('networkSetupURL')]",
+ "contentVersion": "1.0.0.0"
+ },
+ "parameters": {
+ "location": {
+ "value": "[variables('location')]"
+ },
+ "virtualNetworkName": {
+ "value": "[parameters('virtualNetworkName')]"
+ },
+ "virtualNetworkExistingRGName": {
+ "value": "[variables('vnetRGName')]"
+ },
+ "vmName": {
+ "value": "[parameters('vmName')]"
+ },
+ "deployNsg": {
+ "value": "[parameters('deployNewNSG')]"
+ },
+ "NewNsgName":
+ {
+ "value":"[parameters('NewNsgName')]"
+ },
+ "tagsByResource": {
+ "value": "[parameters('tagsByResource')]"
+ }
+ }
+ }
+ },
+ {
+ "name": "loadBalancerSetup",
+ "type": "Microsoft.Resources/deployments",
+ "resourceGroup": "[variables('lbRGName')]",
+ "apiVersion": "2020-06-01",
+ "dependsOn": [
+ "[variables('vnetID')]"
+ ],
+ "properties": {
+ "mode": "Incremental",
+ "templateLink": {
+ "uri": "[variables('loadBalacerSetupURL')]",
+ "contentVersion": "1.0.0.0"
+ },
+ "parameters": {
+ "deploymentMode": {
+ "value": "[parameters('deploymentMode')]"
+ },
+ "location": {
+ "value": "[variables('location')]"
+ },
+ "vmName": {
+ "value": "[parameters('vmName')]"
+ },
+ "appLoadDistribution": {
+ "value": "[parameters('appLoadDistribution')]"
+ },
+ "subnet2StartAddress": {
+ "value": "[parameters('subnet2StartAddress')]"
+ },
+ "subnet2Id": {
+ "value": "[resourceId(variables('vnetRGName'), 'Microsoft.Network/virtualNetworks/subnets', parameters('virtualNetworkName'), variables('subnet2Name'))]"
+ },
+ "ilbLoadDistribution": {
+ "value": "[parameters('ilbLoadDistribution')]"
+ },
+ "elbResourceId": {
+ "value": "[parameters('elbResourceId')]"
+ },
+ "elbTargetBEAddressPoolName": {
+ "value": "[parameters('elbTargetBEAddressPoolName')]"
+ },
+ "ilbResourceId": {
+ "value": "[parameters('ilbResourceId')]"
+ },
+ "ilbTargetBEAddressPoolName": {
+ "value": "[parameters('ilbTargetBEAddressPoolName')]"
+ },
+ "upgrading": {
+ "value": "[variables('upgrading')]"
+ },
+ "floatingIp": {
+ "value": "[variables('enableFloatingIP')]"
+ },
+ "tagsByResource": {
+ "value": "[parameters('tagsByResource')]"
+ }
+ }
+ }
+ },
+ {
+ "type": "Microsoft.Storage/storageAccounts",
+ "name": "[variables('storageAccountName')]",
+ "apiVersion": "2021-04-01",
+ "properties": {
+ "supportsHttpsTrafficOnly": true,
+ "allowBlobPublicAccess": false,
+ "minimumTlsVersion": "TLS1_2",
+ "networkAcls": {
+ "bypass": "None",
+ "defaultAction": "[if(parameters('addStorageAccountIpRules'), 'Deny', 'Allow')]",
+ "ipRules": "[if(parameters('addStorageAccountIpRules'), map(variables('storageAccountIps'), lambda('ip',createObject('action','Allow','value',lambdaVariables('ip')))), createArray())]"
+ }
+ },
+ "location": "[variables('location')]",
+ "sku": {
+ "name": "[variables('storageAccountType')]"
+ },
+ "kind": "Storage",
+ "tags": "[ if(contains(parameters('tagsByResource'), 'Microsoft.Storage/storageAccounts'), parameters('tagsByResource')['Microsoft.Storage/storageAccounts'], json('{}')) ]"
+ },
+ {
+ "condition": "[not(equals(parameters('sourceImageVhdUri'), 'noCustomUri'))]",
+ "type": "Microsoft.Compute/images",
+ "apiVersion": "2020-06-01",
+ "name": "[variables('customImage')]",
+ "location": "[variables('resourceGroup').location]",
+ "properties": {
+ "storageProfile": {
+ "osDisk": {
+ "osType": "Linux",
+ "osState": "Generalized",
+ "blobUri": "[parameters('sourceImageVhdUri')]",
+ "storageAccountType": "Standard_LRS"
+ }
+ },
+ "hyperVGeneration": "V1"
+ },
+ "tags": "[ if(contains(parameters('tagsByResource'), 'Microsoft.Compute/images'), parameters('tagsByResource')['Microsoft.Compute/images'], json('{}')) ]"
+ },
+ {
+ "type": "Microsoft.Compute/virtualMachineScaleSets",
+ "apiVersion": "2021-07-01",
+ "name": "[parameters('vmName')]",
+ "location": "[variables('location')]",
+ "identity": "[if(equals(variables('customMetrics'), 'yes'), variables('identity'), json('null'))]",
+ "zones": "[if(and(contains(variables('availabilityZonesLocations'), variables('location')), greater(parameters('availabilityZonesNum'), 0)), variables('availabilityZonesProperty'), json('null'))]",
+ "tags": "[union(variables('vmssTags'),if(contains(parameters('tagsByResource'), 'Microsoft.Compute/virtualMachineScaleSets'), parameters('tagsByResource')['Microsoft.Compute/virtualMachineScaleSets'], json('{}')))]",
+ "dependsOn": [
+ "[variables('vnetID')]",
+ "[variables('loadBalancerSetupId')]",
+ "[variables('storageAccountId')]",
+ "[variables('customImageId')]"
+ ],
+ "sku": {
+ "name": "[parameters('vmSize')]",
+ "tier": "Standard",
+ "capacity": "[parameters('instanceCount')]"
+ },
+ "plan": "[if(equals(parameters('sourceImageVhdUri'),'noCustomUri'), variables('plan'), json('null'))]",
+ "properties": {
+ "upgradePolicy": {
+ "mode": "Manual"
+ },
+ "virtualMachineProfile": {
+ "UserData": "[base64(concat(variables('customData'), '\n', 'vnet=\"', if(equals(parameters('vnetNewOrExisting'), 'new'), reference('networkNewSetup').outputs.vnetAddressPrefixes.value[0], reference('networkExistingSetup').outputs.vnetAddressPrefixes.value[0]), '\"', '\n' ))]",
+ "storageProfile": {
+ "osDisk": {
+ "caching": "ReadWrite",
+ "createOption": "FromImage",
+ "diskSizeGB": "[variables('diskSizeGB')]",
+ "managedDisk": {
+ "storageAccountType": "[parameters('diskType')]"
+ }
+ },
+ "imageReference": "[variables('imageReference')]"
+ },
+ "osProfile": {
+ "adminPassword": "[parameters('adminPassword')]",
+ "adminUsername": "[concat('not','used')]",
+ "computerNamePrefix": "[toLower(parameters('vmName'))]",
+ "customData": "[base64(concat(variables('customData'), '\n', 'vnet=\"', if(equals(parameters('vnetNewOrExisting'), 'new'), reference('networkNewSetup').outputs.vnetAddressPrefixes.value[0], reference('networkExistingSetup').outputs.vnetAddressPrefixes.value[0]), '\"', '\n' ))]",
+ "linuxConfiguration": "[variables('linuxConfiguration')]"
+ },
+ "networkProfile": {
+ "networkInterfaceConfigurations": [
+ {
+ "name": "eth0",
+ "properties": {
+ "primary": true,
+ "enableIPForwarding": true,
+ "enableAcceleratedNetworking": true,
+ "networkSecurityGroup":"[if(parameters('deployNewNSG') , variables('NewNsgReference') , parameters('ExistingNSG'))]",
+ "ipConfigurations": [
+ {
+ "name": "ipconfig1",
+ "properties": {
+ "publicIpAddressConfiguration": "[if(equals(parameters('instanceLevelPublicIP'),'yes'), variables('useIpPrefix'), json('null'))]",
+ "subnet": {
+ "id": "[resourceId(variables('vnetRGName'), 'Microsoft.Network/virtualNetworks/subnets', parameters('virtualNetworkName'), parameters('Subnet1Name'))]"
+ },
+ "loadBalancerBackendAddressPools": "[if(empty(reference('loadBalancerSetup').outputs.elbId.value), json('null'), reference('loadBalancerSetup').outputs.elbBEAddressPoolProperties.value)]"
+ }
+ }
+ ]
+ }
+ },
+ {
+ "name": "eth1",
+ "properties": {
+ "primary": false,
+ "enableIPForwarding": true,
+ "enableAcceleratedNetworking": true,
+ "ipConfigurations": [
+ {
+ "name": "ipconfig2",
+ "properties": {
+ "subnet": {
+ "id": "[resourceId(variables('vnetRGName'), 'Microsoft.Network/virtualNetworks/subnets', parameters('virtualNetworkName'), parameters('Subnet2Name'))]"
+ },
+ "loadBalancerBackendAddressPools": "[if(empty(reference('loadBalancerSetup').outputs.ilbId.value), json('null'), reference('loadBalancerSetup').outputs.ilbBEAddressPoolProperties.value)]"
+ }
+ }
+ ]
+ }
+ }
+ ]
+ },
+ "diagnosticsProfile": {
+ "bootDiagnostics": {
+ "enabled": "true",
+ "storageUri": "[reference(variables('storageAccountId'), '2021-04-01').primaryEndpoints.blob]"
+ }
+ }
+ },
+ "overprovision": false
+ }
+ },
+ {
+ "type": "Microsoft.Insights/autoscaleSettings",
+ "apiVersion": "2015-04-01",
+ "name": "[parameters('vmName')]",
+ "location": "[variables('location')]",
+ "dependsOn": [
+ "[variables('vmssID')]"
+ ],
+ "properties": {
+ "name": "[parameters('vmName')]",
+ "targetResourceUri": "[variables('vmssID')]",
+ "notifications": [
+ {
+ "operation": "Scale",
+ "email": {
+ "sendToSubscriptionAdministrator": false,
+ "sendToSubscriptionCoAdministrators": false,
+ "customEmails": "[if(empty(parameters('adminEmail')), json('null'), array(parameters('adminEmail')))]"
+ }
+ }
+ ],
+ "enabled": true,
+ "profiles": [
+ {
+ "name": "Profile1",
+ "capacity": {
+ "minimum": "[parameters('instanceCount')]",
+ "maximum": "[parameters('maxInstanceCount')]",
+ "default": "[parameters('instanceCount')]"
+ },
+ "rules": [
+ {
+ "metricTrigger": {
+ "metricName": "Percentage CPU",
+ "metricResourceUri": "[variables('vmssID')]",
+ "timeGrain": "PT1M",
+ "statistic": "Average",
+ "timeWindow": "PT5M",
+ "timeAggregation": "Average",
+ "operator": "GreaterThan",
+ "threshold": 80
+ },
+ "scaleAction": {
+ "direction": "Increase",
+ "type": "ChangeCount",
+ "value": "1",
+ "cooldown": "PT5M"
+ }
+ },
+ {
+ "metricTrigger": {
+ "metricName": "Percentage CPU",
+ "metricResourceUri": "[variables('vmssID')]",
+ "timeGrain": "PT1M",
+ "statistic": "Average",
+ "timeWindow": "PT5M",
+ "timeAggregation": "Average",
+ "operator": "LessThan",
+ "threshold": 60
+ },
+ "scaleAction": {
+ "direction": "Decrease",
+ "type": "ChangeCount",
+ "value": "1",
+ "cooldown": "PT5M"
+ }
+ }
+ ]
+ }
+ ]
+ },
+ "tags": "[ if(contains(parameters('tagsByResource'), 'Microsoft.Insights/autoscaleSettings'), parameters('tagsByResource')['Microsoft.Insights/autoscaleSettings'], json('{}')) ]"
+ }
+ ],
+ "outputs": {
+ "ApplicationAddress": {
+ "type": "string",
+ "value": "[reference('loadBalancerSetup').outputs.ApplicationAddress.value]"
+ },
+ "ApplicationFQDN": {
+ "type": "string",
+ "value": "[reference('loadBalancerSetup').outputs.ApplicationFQDN.value]"
+ }
+ }
+}
\ No newline at end of file
diff --git a/deprecated/azure/templates/stack-ha/createUiDefinition.json b/deprecated/azure/templates/stack-R8030/stack-ha/createUiDefinition.json
similarity index 100%
rename from deprecated/azure/templates/stack-ha/createUiDefinition.json
rename to deprecated/azure/templates/stack-R8030/stack-ha/createUiDefinition.json
diff --git a/deprecated/azure/templates/stack-ha/mainTemplate.json b/deprecated/azure/templates/stack-R8030/stack-ha/mainTemplate.json
similarity index 100%
rename from deprecated/azure/templates/stack-ha/mainTemplate.json
rename to deprecated/azure/templates/stack-R8030/stack-ha/mainTemplate.json
diff --git a/deprecated/azure/templates/stack-mgmt/createUiDefinition.json b/deprecated/azure/templates/stack-R8030/stack-mgmt/createUiDefinition.json
similarity index 100%
rename from deprecated/azure/templates/stack-mgmt/createUiDefinition.json
rename to deprecated/azure/templates/stack-R8030/stack-mgmt/createUiDefinition.json
diff --git a/deprecated/azure/templates/stack-mgmt/mainTemplate.json b/deprecated/azure/templates/stack-R8030/stack-mgmt/mainTemplate.json
similarity index 100%
rename from deprecated/azure/templates/stack-mgmt/mainTemplate.json
rename to deprecated/azure/templates/stack-R8030/stack-mgmt/mainTemplate.json
diff --git a/deprecated/azure/templates/stack-single/createUiDefinition.json b/deprecated/azure/templates/stack-R8030/stack-single/createUiDefinition.json
similarity index 100%
rename from deprecated/azure/templates/stack-single/createUiDefinition.json
rename to deprecated/azure/templates/stack-R8030/stack-single/createUiDefinition.json
diff --git a/deprecated/azure/templates/stack-single/mainTemplate.json b/deprecated/azure/templates/stack-R8030/stack-single/mainTemplate.json
similarity index 100%
rename from deprecated/azure/templates/stack-single/mainTemplate.json
rename to deprecated/azure/templates/stack-R8030/stack-single/mainTemplate.json
diff --git a/deprecated/azure/templates/stack-R8040-R81/stack-ha-r8040-r81/createUiDefinition.json b/deprecated/azure/templates/stack-R8040-R81/stack-ha-r8040-r81/createUiDefinition.json
new file mode 100644
index 00000000..e8491d12
--- /dev/null
+++ b/deprecated/azure/templates/stack-R8040-R81/stack-ha-r8040-r81/createUiDefinition.json
@@ -0,0 +1,763 @@
+{
+ "$schema": "https://schema.management.azure.com/schemas/0.1.2-preview/CreateUIDefinition.MultiVm.json#",
+ "handler": "Microsoft.Azure.CreateUIDef",
+ "version": "0.1.2-preview",
+ "parameters": {
+ "basics": [
+ {
+ "name": "clusterObjectNameUi",
+ "type": "Microsoft.Common.TextBox",
+ "label": "Cluster Object Name",
+ "toolTip": "The name of the Check Point CloudGuard Cluster object.",
+ "constraints": {
+ "required": true,
+ "regex": "^[a-z0-9A-Z]{1,30}$",
+ "validationMessage": "Only alphanumeric characters are allowed, and the name must be 1-30 characters long."
+ }
+ },
+ {
+ "name": "auth",
+ "type": "Microsoft.Compute.CredentialsCombo",
+ "label": {
+ "authenticationType": "Authentication type",
+ "password": "Password",
+ "confirmPassword": "Confirm password",
+ "sshPublicKey": "SSH public key"
+ },
+ "toolTip": {
+ "authenticationType": "",
+ "password": "The user 'admin' password",
+ "sshPublicKey": "Paste an OpenSSH public key. You can generate a key pair using ssh-keygen (Linux, OS X, Cygwin) or PuttyGen (Windows)"
+ },
+ "constraints": {
+ "required": true
+ },
+ "options": {
+ "hideConfirmation": false,
+ "hidePassword": false
+ },
+ "osPlatform": "Linux"
+ }
+ ],
+ "steps": [
+ {
+ "name": "chkp",
+ "label": "Check Point CloudGuard Cluster Object settings",
+ "subLabel": {
+ "preValidation": "Configure CloudGuard Cluster Object settings",
+ "postValidation": "Done"
+ },
+ "bladeTitle": "CloudGuard cluster Object settings",
+ "elements": [
+ {
+ "name": "cloudGuardVersion",
+ "type": "Microsoft.Common.DropDown",
+ "label": "Check Point CloudGuard version",
+ "defaultValue": "R81",
+ "toolTip": "The version of Check Point CloudGuard.",
+ "constraints": {
+ "allowedValues": [
+ {
+ "label": "R80.40",
+ "value": "R80.40"
+ },
+ {
+ "label": "R81",
+ "value": "R81"
+ }
+ ]
+ }
+ },
+ {
+ "name": "R80Offer",
+ "type": "Microsoft.Common.DropDown",
+ "label": "License type",
+ "toolTip": "The type of license.",
+ "defaultValue": "Bring Your Own License",
+ "visible": true,
+ "constraints": {
+ "allowedValues": [
+ {
+ "label": "Bring Your Own License",
+ "value": "Bring Your Own License"
+ }
+ ]
+ }
+ },
+ {
+ "name": "R8040vmSizeUiBYOL",
+ "type": "Microsoft.Compute.SizeSelector",
+ "visible": "[and(equals(steps('chkp').cloudGuardVersion, 'R80.40'), contains(steps('chkp').R80Offer, 'Bring Your Own License'))]",
+ "label": "Virtual machine size",
+ "toolTip": "The VM size of the Security Gateway",
+ "recommendedSizes": [
+ "Standard_D3_v2",
+ "Standard_DS3_v2"
+ ],
+ "constraints": {
+ "allowedSizes": [
+ "Standard_DS2_v2",
+ "Standard_DS3_v2",
+ "Standard_DS4_v2",
+ "Standard_DS5_v2",
+ "Standard_F2s",
+ "Standard_F4s",
+ "Standard_F8s",
+ "Standard_F16s",
+ "Standard_D4s_v3",
+ "Standard_D8s_v3",
+ "Standard_D16s_v3",
+ "Standard_D32s_v3",
+ "Standard_D64s_v3",
+ "Standard_E4s_v3",
+ "Standard_E8s_v3",
+ "Standard_E16s_v3",
+ "Standard_E20s_v3",
+ "Standard_E32s_v3",
+ "Standard_E64s_v3",
+ "Standard_E64is_v3",
+ "Standard_F4s_v2",
+ "Standard_F8s_v2",
+ "Standard_F16s_v2",
+ "Standard_F32s_v2",
+ "Standard_F64s_v2",
+ "Standard_M8ms",
+ "Standard_M16ms",
+ "Standard_M32ms",
+ "Standard_M64ms",
+ "Standard_M64s",
+ "Standard_D2_v2",
+ "Standard_D3_v2",
+ "Standard_D4_v2",
+ "Standard_D5_v2",
+ "Standard_D11_v2",
+ "Standard_D12_v2",
+ "Standard_D13_v2",
+ "Standard_D14_v2",
+ "Standard_D15_v2",
+ "Standard_F2",
+ "Standard_F4",
+ "Standard_F8",
+ "Standard_F16",
+ "Standard_D4_v3",
+ "Standard_D8_v3",
+ "Standard_D16_v3",
+ "Standard_D32_v3",
+ "Standard_D64_v3",
+ "Standard_E4_v3",
+ "Standard_E8_v3",
+ "Standard_E16_v3",
+ "Standard_E20_v3",
+ "Standard_E32_v3",
+ "Standard_E64_v3",
+ "Standard_E64i_v3",
+ "Standard_DS11_v2",
+ "Standard_DS12_v2",
+ "Standard_DS13_v2",
+ "Standard_DS14_v2",
+ "Standard_DS15_v2"
+ ]
+ },
+ "osPlatform": "Linux",
+ "imageReference": {
+ "publisher": "checkpoint",
+ "offer": "check-point-cg-r8040",
+ "sku": "sg-byol"
+ },
+ "count": 2
+ },
+ {
+ "name": "R8040vmSizeUiNGTP",
+ "type": "Microsoft.Compute.SizeSelector",
+ "visible": "[and(equals(steps('chkp').cloudGuardVersion, 'R80.40'), contains(steps('chkp').R80Offer, '(NGTP)'))]",
+ "label": "Virtual machine size",
+ "toolTip": "The VM size of the Security Gateway",
+ "recommendedSizes": [
+ "Standard_D3_v2",
+ "Standard_DS3_v2"
+ ],
+ "constraints": {
+ "allowedSizes": [
+ "Standard_DS2_v2",
+ "Standard_DS3_v2",
+ "Standard_DS4_v2",
+ "Standard_DS5_v2",
+ "Standard_F2s",
+ "Standard_F4s",
+ "Standard_F8s",
+ "Standard_F16s",
+ "Standard_D4s_v3",
+ "Standard_D8s_v3",
+ "Standard_D16s_v3",
+ "Standard_D32s_v3",
+ "Standard_D64s_v3",
+ "Standard_E4s_v3",
+ "Standard_E8s_v3",
+ "Standard_E16s_v3",
+ "Standard_E20s_v3",
+ "Standard_E32s_v3",
+ "Standard_E64s_v3",
+ "Standard_E64is_v3",
+ "Standard_F4s_v2",
+ "Standard_F8s_v2",
+ "Standard_F16s_v2",
+ "Standard_F32s_v2",
+ "Standard_F64s_v2",
+ "Standard_M8ms",
+ "Standard_M16ms",
+ "Standard_M32ms",
+ "Standard_M64ms",
+ "Standard_M64s",
+ "Standard_D2_v2",
+ "Standard_D3_v2",
+ "Standard_D4_v2",
+ "Standard_D5_v2",
+ "Standard_D11_v2",
+ "Standard_D12_v2",
+ "Standard_D13_v2",
+ "Standard_D14_v2",
+ "Standard_D15_v2",
+ "Standard_F2",
+ "Standard_F4",
+ "Standard_F8",
+ "Standard_F16",
+ "Standard_D4_v3",
+ "Standard_D8_v3",
+ "Standard_D16_v3",
+ "Standard_D32_v3",
+ "Standard_D64_v3",
+ "Standard_E4_v3",
+ "Standard_E8_v3",
+ "Standard_E16_v3",
+ "Standard_E20_v3",
+ "Standard_E32_v3",
+ "Standard_E64_v3",
+ "Standard_E64i_v3",
+ "Standard_DS11_v2",
+ "Standard_DS12_v2",
+ "Standard_DS13_v2",
+ "Standard_DS14_v2",
+ "Standard_DS15_v2"
+ ]
+ },
+ "osPlatform": "Linux",
+ "imageReference": {
+ "publisher": "checkpoint",
+ "offer": "check-point-cg-r8040",
+ "sku": "sg-ngtp"
+ },
+ "count": 2
+ },
+ {
+ "name": "R8040vmSizeUiNGTX",
+ "type": "Microsoft.Compute.SizeSelector",
+ "visible": "[and(equals(steps('chkp').cloudGuardVersion, 'R80.40'), contains(steps('chkp').R80Offer, '(NGTX)'))]",
+ "label": "Virtual machine size",
+ "toolTip": "The VM size of the Security Gateway",
+ "recommendedSizes": [
+ "Standard_D3_v2",
+ "Standard_DS3_v2"
+ ],
+ "constraints": {
+ "allowedSizes": [
+ "Standard_DS2_v2",
+ "Standard_DS3_v2",
+ "Standard_DS4_v2",
+ "Standard_DS5_v2",
+ "Standard_F2s",
+ "Standard_F4s",
+ "Standard_F8s",
+ "Standard_F16s",
+ "Standard_D4s_v3",
+ "Standard_D8s_v3",
+ "Standard_D16s_v3",
+ "Standard_D32s_v3",
+ "Standard_D64s_v3",
+ "Standard_E4s_v3",
+ "Standard_E8s_v3",
+ "Standard_E16s_v3",
+ "Standard_E20s_v3",
+ "Standard_E32s_v3",
+ "Standard_E64s_v3",
+ "Standard_E64is_v3",
+ "Standard_F4s_v2",
+ "Standard_F8s_v2",
+ "Standard_F16s_v2",
+ "Standard_F32s_v2",
+ "Standard_F64s_v2",
+ "Standard_M8ms",
+ "Standard_M16ms",
+ "Standard_M32ms",
+ "Standard_M64ms",
+ "Standard_M64s",
+ "Standard_D2_v2",
+ "Standard_D3_v2",
+ "Standard_D4_v2",
+ "Standard_D5_v2",
+ "Standard_D11_v2",
+ "Standard_D12_v2",
+ "Standard_D13_v2",
+ "Standard_D14_v2",
+ "Standard_D15_v2",
+ "Standard_F2",
+ "Standard_F4",
+ "Standard_F8",
+ "Standard_F16",
+ "Standard_D4_v3",
+ "Standard_D8_v3",
+ "Standard_D16_v3",
+ "Standard_D32_v3",
+ "Standard_D64_v3",
+ "Standard_E4_v3",
+ "Standard_E8_v3",
+ "Standard_E16_v3",
+ "Standard_E20_v3",
+ "Standard_E32_v3",
+ "Standard_E64_v3",
+ "Standard_E64i_v3",
+ "Standard_DS11_v2",
+ "Standard_DS12_v2",
+ "Standard_DS13_v2",
+ "Standard_DS14_v2",
+ "Standard_DS15_v2"
+ ]
+ },
+ "osPlatform": "Linux",
+ "imageReference": {
+ "publisher": "checkpoint",
+ "offer": "check-point-cg-r8040",
+ "sku": "sg-ngtx"
+ },
+ "count": 2
+ },
+ {
+ "name": "R81vmSizeUiBYOL",
+ "type": "Microsoft.Compute.SizeSelector",
+ "visible": "[and(equals(steps('chkp').cloudGuardVersion, 'R81'), contains(steps('chkp').R80Offer, 'Bring Your Own License'))]",
+ "label": "Virtual machine size",
+ "toolTip": "The VM size of the Security Gateway",
+ "recommendedSizes": [
+ "Standard_D3_v2",
+ "Standard_DS3_v2"
+ ],
+ "constraints": {
+ "allowedSizes": [
+ "Standard_DS2_v2",
+ "Standard_DS3_v2",
+ "Standard_DS4_v2",
+ "Standard_DS5_v2",
+ "Standard_F2s",
+ "Standard_F4s",
+ "Standard_F8s",
+ "Standard_F16s",
+ "Standard_D4s_v3",
+ "Standard_D8s_v3",
+ "Standard_D16s_v3",
+ "Standard_D32s_v3",
+ "Standard_D64s_v3",
+ "Standard_E4s_v3",
+ "Standard_E8s_v3",
+ "Standard_E16s_v3",
+ "Standard_E20s_v3",
+ "Standard_E32s_v3",
+ "Standard_E64s_v3",
+ "Standard_E64is_v3",
+ "Standard_F4s_v2",
+ "Standard_F8s_v2",
+ "Standard_F16s_v2",
+ "Standard_F32s_v2",
+ "Standard_F64s_v2",
+ "Standard_M8ms",
+ "Standard_M16ms",
+ "Standard_M32ms",
+ "Standard_M64ms",
+ "Standard_M64s",
+ "Standard_D2_v2",
+ "Standard_D3_v2",
+ "Standard_D4_v2",
+ "Standard_D5_v2",
+ "Standard_D11_v2",
+ "Standard_D12_v2",
+ "Standard_D13_v2",
+ "Standard_D14_v2",
+ "Standard_D15_v2",
+ "Standard_F2",
+ "Standard_F4",
+ "Standard_F8",
+ "Standard_F16",
+ "Standard_D4_v3",
+ "Standard_D8_v3",
+ "Standard_D16_v3",
+ "Standard_D32_v3",
+ "Standard_D64_v3",
+ "Standard_E4_v3",
+ "Standard_E8_v3",
+ "Standard_E16_v3",
+ "Standard_E20_v3",
+ "Standard_E32_v3",
+ "Standard_E64_v3",
+ "Standard_E64i_v3",
+ "Standard_DS11_v2",
+ "Standard_DS12_v2",
+ "Standard_DS13_v2",
+ "Standard_DS14_v2",
+ "Standard_DS15_v2"
+ ]
+ },
+ "osPlatform": "Linux",
+ "imageReference": {
+ "publisher": "checkpoint",
+ "offer": "check-point-cg-r81",
+ "sku": "sg-byol"
+ },
+ "count": 2
+ },
+ {
+ "name": "R81vmSizeUiNGTP",
+ "type": "Microsoft.Compute.SizeSelector",
+ "visible": "[and(equals(steps('chkp').cloudGuardVersion, 'R81'), contains(steps('chkp').R80Offer, '(NGTP)'))]",
+ "label": "Virtual machine size",
+ "toolTip": "The VM size of the Security Gateway",
+ "recommendedSizes": [
+ "Standard_D3_v2",
+ "Standard_DS3_v2"
+ ],
+ "constraints": {
+ "allowedSizes": [
+ "Standard_DS2_v2",
+ "Standard_DS3_v2",
+ "Standard_DS4_v2",
+ "Standard_DS5_v2",
+ "Standard_F2s",
+ "Standard_F4s",
+ "Standard_F8s",
+ "Standard_F16s",
+ "Standard_D4s_v3",
+ "Standard_D8s_v3",
+ "Standard_D16s_v3",
+ "Standard_D32s_v3",
+ "Standard_D64s_v3",
+ "Standard_E4s_v3",
+ "Standard_E8s_v3",
+ "Standard_E16s_v3",
+ "Standard_E20s_v3",
+ "Standard_E32s_v3",
+ "Standard_E64s_v3",
+ "Standard_E64is_v3",
+ "Standard_F4s_v2",
+ "Standard_F8s_v2",
+ "Standard_F16s_v2",
+ "Standard_F32s_v2",
+ "Standard_F64s_v2",
+ "Standard_M8ms",
+ "Standard_M16ms",
+ "Standard_M32ms",
+ "Standard_M64ms",
+ "Standard_M64s",
+ "Standard_D2_v2",
+ "Standard_D3_v2",
+ "Standard_D4_v2",
+ "Standard_D5_v2",
+ "Standard_D11_v2",
+ "Standard_D12_v2",
+ "Standard_D13_v2",
+ "Standard_D14_v2",
+ "Standard_D15_v2",
+ "Standard_F2",
+ "Standard_F4",
+ "Standard_F8",
+ "Standard_F16",
+ "Standard_D4_v3",
+ "Standard_D8_v3",
+ "Standard_D16_v3",
+ "Standard_D32_v3",
+ "Standard_D64_v3",
+ "Standard_E4_v3",
+ "Standard_E8_v3",
+ "Standard_E16_v3",
+ "Standard_E20_v3",
+ "Standard_E32_v3",
+ "Standard_E64_v3",
+ "Standard_E64i_v3",
+ "Standard_DS11_v2",
+ "Standard_DS12_v2",
+ "Standard_DS13_v2",
+ "Standard_DS14_v2",
+ "Standard_DS15_v2"
+ ]
+ },
+ "osPlatform": "Linux",
+ "imageReference": {
+ "publisher": "checkpoint",
+ "offer": "check-point-cg-r81",
+ "sku": "sg-ngtp"
+ },
+ "count": 2
+ },
+ {
+ "name": "R81vmSizeUiNGTX",
+ "type": "Microsoft.Compute.SizeSelector",
+ "visible": "[and(equals(steps('chkp').cloudGuardVersion, 'R81'), contains(steps('chkp').R80Offer, '(NGTX)'))]",
+ "label": "Virtual machine size",
+ "toolTip": "The VM size of the Security Gateway",
+ "recommendedSizes": [
+ "Standard_D3_v2",
+ "Standard_DS3_v2"
+ ],
+ "constraints": {
+ "allowedSizes": [
+ "Standard_DS2_v2",
+ "Standard_DS3_v2",
+ "Standard_DS4_v2",
+ "Standard_DS5_v2",
+ "Standard_F2s",
+ "Standard_F4s",
+ "Standard_F8s",
+ "Standard_F16s",
+ "Standard_D4s_v3",
+ "Standard_D8s_v3",
+ "Standard_D16s_v3",
+ "Standard_D32s_v3",
+ "Standard_D64s_v3",
+ "Standard_E4s_v3",
+ "Standard_E8s_v3",
+ "Standard_E16s_v3",
+ "Standard_E20s_v3",
+ "Standard_E32s_v3",
+ "Standard_E64s_v3",
+ "Standard_E64is_v3",
+ "Standard_F4s_v2",
+ "Standard_F8s_v2",
+ "Standard_F16s_v2",
+ "Standard_F32s_v2",
+ "Standard_F64s_v2",
+ "Standard_M8ms",
+ "Standard_M16ms",
+ "Standard_M32ms",
+ "Standard_M64ms",
+ "Standard_M64s",
+ "Standard_D2_v2",
+ "Standard_D3_v2",
+ "Standard_D4_v2",
+ "Standard_D5_v2",
+ "Standard_D11_v2",
+ "Standard_D12_v2",
+ "Standard_D13_v2",
+ "Standard_D14_v2",
+ "Standard_D15_v2",
+ "Standard_F2",
+ "Standard_F4",
+ "Standard_F8",
+ "Standard_F16",
+ "Standard_D4_v3",
+ "Standard_D8_v3",
+ "Standard_D16_v3",
+ "Standard_D32_v3",
+ "Standard_D64_v3",
+ "Standard_E4_v3",
+ "Standard_E8_v3",
+ "Standard_E16_v3",
+ "Standard_E20_v3",
+ "Standard_E32_v3",
+ "Standard_E64_v3",
+ "Standard_E64i_v3",
+ "Standard_DS11_v2",
+ "Standard_DS12_v2",
+ "Standard_DS13_v2",
+ "Standard_DS14_v2",
+ "Standard_DS15_v2"
+ ]
+ },
+ "osPlatform": "Linux",
+ "imageReference": {
+ "publisher": "checkpoint",
+ "offer": "check-point-cg-r81",
+ "sku": "sg-ngtx"
+ },
+ "count": 2
+ },
+ {
+ "name": "sicKeyUi",
+ "type": "Microsoft.Common.PasswordBox",
+ "label": {
+ "password": "SIC key",
+ "confirmPassword": "Confirm SIC key"
+ },
+ "toolTip": "Set the Secure Internal Communication one time secret used to set up trust between the cluster object and the management server.",
+ "constraints": {
+ "required": true,
+ "regex": "^[a-z0-9A-Z]{8,30}$",
+ "validationMessage": "Only alphanumeric characters are allowed, and the value must be 8-30 characters long."
+ },
+ "options": {
+ "hideConfirmation": true
+ },
+ "visible": "true"
+ },
+ {
+ "name": "bootstrapScript",
+ "type": "Microsoft.Common.FileUpload",
+ "label": "Bootstrap script",
+ "toolTip": "An optional script to run on the initial boot",
+ "constraints": {
+ "required": false,
+ "accept": ".sh,text/plain"
+ },
+ "options": {
+ "multiple": false,
+ "uploadMode": "file",
+ "openMode": "text",
+ "encoding": "UTF-8"
+ }
+ },
+ {
+ "name": "allowUploadDownload",
+ "type": "Microsoft.Common.OptionsGroup",
+ "label": "Allow download from/upload to Check Point",
+ "defaultValue": "Yes",
+ "toolTip": "Automatically download Blade Contracts and other important data. Improve product experience by sending data to Check Point",
+ "constraints": {
+ "allowedValues": [
+ {
+ "label": "Yes",
+ "value": "true"
+ },
+ {
+ "label": "No",
+ "value": "false"
+ }
+ ]
+ }
+ },
+ {
+ "name": "additionalDiskSizeGB",
+ "type": "Microsoft.Common.TextBox",
+ "label": "Additional disk space (GB)",
+ "defaultValue": "0",
+ "toolTip": "Additional disk space (in GB), Initial disk size is 100 GB.",
+ "constraints": {
+ "regex": "^([0-9]|[1-9][0-9]|[1-9][0-9][0-9]|[1-2][0-9][0-9][0-9]|3[0-8][0-9][0-9]|399[0-5])$",
+ "validationMessage": "Select a number between 0 and 3995"
+ }
+ },
+ {
+ "name": "useCustomImageUri",
+ "type": "Microsoft.Common.OptionsGroup",
+ "label": "Use development image uri",
+ "defaultValue": "No",
+ "toolTip": "",
+ "constraints": {
+ "allowedValues": [
+ {
+ "label": "Yes",
+ "value": "Yes"
+ },
+ {
+ "label": "No",
+ "value": "No"
+ }
+ ],
+ "required": true
+ },
+ "visible": false
+ },
+ {
+ "name": "sourceImageVhdUri",
+ "type": "Microsoft.Common.TextBox",
+ "label": "Development Image URI",
+ "toolTip": "The URI of the blob containing the development image",
+ "constraints": {
+ "required": "[equals(steps('chkp').useCustomImageUri, 'Yes')]",
+ "regex": "^[a-z0-9A-Z_\\-\\.\\:\\/]{1,500}.vhd$",
+ "validationMessage": "Only alphanumeric characters and '_','-','.',':','/' are allowed, the value must be 1-500 characters long and must end with .vhd. "
+ },
+ "visible": "[equals(steps('chkp').useCustomImageUri, 'Yes')]"
+ }
+ ]
+ },
+ {
+ "name": "network",
+ "label": "Network settings",
+ "subLabel": {
+ "preValidation": "Configure network settings",
+ "postValidation": "Done"
+ },
+ "bladeTitle": "Network settings",
+ "elements": [
+ {
+ "name": "virtualNetwork",
+ "type": "Microsoft.Network.VirtualNetworkCombo",
+ "label": {
+ "virtualNetwork": "Virtual network",
+ "subnets": "Subnets"
+ },
+ "toolTip": {
+ "virtualNetwork": "Virtual Network Name",
+ "subnets": "List of subnets to deploy into"
+ },
+ "defaultValue": {
+ "name": "vnet01",
+ "addressPrefixSize": "/16"
+ },
+ "constraints": {
+ "minAddressPrefixSize": "/28"
+ },
+ "options": {
+ "hideExisting": false
+ },
+ "subnets": {
+ "subnet1": {
+ "label": "Frontend subnet",
+ "defaultValue": {
+ "name": "Frontend",
+ "addressPrefixSize": "/24"
+ },
+ "constraints": {
+ "minAddressPrefixSize": "/29",
+ "minAddressCount": 2,
+ "requireContiguousAddresses": true
+ }
+ },
+ "subnet2": {
+ "label": "Backend subnet",
+ "defaultValue": {
+ "name": "Backend",
+ "addressPrefixSize": "/24"
+ },
+ "constraints": {
+ "minAddressPrefixSize": "/29",
+ "minAddressCount": 2,
+ "requireContiguousAddresses": true
+ }
+ }
+ }
+ }
+ ]
+ }
+ ],
+ "outputs": {
+ "location": "[location()]",
+ "cloudGuardVersion": "[concat(steps('chkp').cloudGuardVersion, ' - ', coalesce(steps('chkp').R80Offer, 'Bring Your Own License'))]",
+ "adminPassword": "[basics('auth').password]",
+ "authenticationType": "[basics('auth').authenticationType]",
+ "sshPublicKey": "[basics('auth').sshPublicKey]",
+ "vmName": "[basics('clusterObjectNameUi')]",
+ "vmSize": "[coalesce(steps('chkp').R8040vmSizeUiBYOL, steps('chkp').R8040vmSizeUiNGTP, steps('chkp').R8040vmSizeUiNGTX, steps('chkp').R81vmSizeUiBYOL, steps('chkp').R81vmSizeUiNGTP, steps('chkp').R81vmSizeUiNGTX)]",
+ "sicKey": "[steps('chkp').sicKeyUi]",
+ "virtualNetworkName": "[steps('network').virtualNetwork.name]",
+ "virtualNetworkAddressPrefixes": "[steps('network').virtualNetwork.addressPrefixes]",
+ "subnet1Name": "[steps('network').virtualNetwork.subnets.subnet1.name]",
+ "subnet1Prefix": "[steps('network').virtualNetwork.subnets.subnet1.addressPrefix]",
+ "subnet1StartAddress": "[steps('network').virtualNetwork.subnets.subnet1.startAddress]",
+ "subnet2Name": "[steps('network').virtualNetwork.subnets.subnet2.name]",
+ "subnet2Prefix": "[steps('network').virtualNetwork.subnets.subnet2.addressPrefix]",
+ "subnet2StartAddress": "[steps('network').virtualNetwork.subnets.subnet2.startAddress]",
+ "vnetNewOrExisting": "[steps('network').virtualNetwork.newOrExisting]",
+ "virtualNetworkExistingRGName": "[steps('network').virtualNetwork.resourceGroup]",
+ "bootstrapScript": "[steps('chkp').bootstrapScript]",
+ "allowDownloadFromUploadToCheckPoint": "[coalesce(steps('chkp').allowUploadDownload, 'true')]",
+ "additionalDiskSizeGB": "[int(steps('chkp').additionalDiskSizeGB)]",
+ "sourceImageVhdUri": "[coalesce(steps('chkp').sourceImageVhdUri, 'noCustomUri')]"
+ }
+ }
+}
\ No newline at end of file
diff --git a/deprecated/azure/templates/stack-R8040-R81/stack-ha-r8040-r81/mainTemplate.json b/deprecated/azure/templates/stack-R8040-R81/stack-ha-r8040-r81/mainTemplate.json
new file mode 100644
index 00000000..0847143c
--- /dev/null
+++ b/deprecated/azure/templates/stack-R8040-R81/stack-ha-r8040-r81/mainTemplate.json
@@ -0,0 +1,699 @@
+{
+ "$schema": "http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json",
+ "contentVersion": "1.0.0.0",
+ "parameters": {
+ "location": {
+ "type": "string",
+ "metadata": {
+ "description": "Deployment location"
+ },
+ "defaultValue": "[resourceGroup().location]"
+ },
+ "cloudGuardVersion": {
+ "type": "string",
+ "allowedValues": [
+ "R80.40 - Bring Your Own License",
+ "R80.40 - Pay As You Go (NGTP)",
+ "R80.40 - Pay As You Go (NGTX)",
+ "R81 - Bring Your Own License",
+ "R81 - Pay As You Go (NGTP)",
+ "R81 - Pay As You Go (NGTX)",
+ ],
+ "defaultValue": "R81 - Bring Your Own License",
+ "metadata": {
+ "description": "Version of Check Point CloudGuard"
+ }
+ },
+ "adminPassword": {
+ "type": "securestring",
+ "metadata": {
+ "description": "Administrator password"
+ },
+ "defaultValue": ""
+ },
+ "authenticationType": {
+ "type": "string",
+ "allowedValues": [
+ "password",
+ "sshPublicKey"
+ ],
+ "defaultValue": "password",
+ "metadata": {
+ "description": "Authentication type"
+ }
+ },
+ "sshPublicKey": {
+ "type": "string",
+ "defaultValue": "",
+ "metadata": {
+ "description": "Administrator SSH public key"
+ }
+ },
+ "vmName": {
+ "type": "string",
+ "defaultValue": "[resourceGroup().name]",
+ "metadata": {
+ "description": "Name of the Check Point Cluster object"
+ }
+ },
+ "vmSize": {
+ "type": "string",
+ "defaultValue": "Standard_D3_v2",
+ "metadata": {
+ "description": "Size of the VM"
+ }
+ },
+ "sicKey": {
+ "type": "securestring",
+ "metadata": {
+ "description": "One time key for Secure Internal Communication"
+ }
+ },
+ "virtualNetworkName": {
+ "type": "string",
+ "metadata": {
+ "description": "The name of the virtual network"
+ },
+ "defaultValue": "[concat(resourceGroup().name, '-vnet')]"
+ },
+ "virtualNetworkAddressPrefixes": {
+ "type": "array",
+ "metadata": {
+ "description": "The address prefixes of the virtual network"
+ },
+ "defaultValue": [
+ "10.0.0.0/16"
+ ]
+ },
+ "subnet1Name": {
+ "type": "string",
+ "metadata": {
+ "description": "The name of the frontend subnet"
+ },
+ "defaultValue": "Frontend"
+ },
+ "subnet1Prefix": {
+ "type": "string",
+ "metadata": {
+ "description": "The address prefix of the frontend subnet"
+ },
+ "defaultValue": "10.0.1.0/24"
+ },
+ "subnet1StartAddress": {
+ "type": "string",
+ "metadata": {
+ "description": "The first available address on the frontend subnet"
+ },
+ "defaultValue": "10.0.1.10"
+ },
+ "subnet2Name": {
+ "type": "string",
+ "metadata": {
+ "description": "The name of the backend subnet"
+ },
+ "defaultValue": "Backend"
+ },
+ "subnet2Prefix": {
+ "type": "string",
+ "metadata": {
+ "description": "The address prefix of the backend subnet"
+ },
+ "defaultValue": "10.0.2.0/24"
+ },
+ "subnet2StartAddress": {
+ "type": "string",
+ "metadata": {
+ "description": "The first available address on the 2nd subnet"
+ },
+ "defaultValue": "10.0.2.10"
+ },
+ "vnetNewOrExisting": {
+ "type": "string",
+ "defaultValue": "new",
+ "allowedValues": [
+ "new",
+ "existing"
+ ],
+ "metadata": {
+ "Description": "Indicates whether the virtual network is new or existing"
+ }
+ },
+ "virtualNetworkExistingRGName": {
+ "type": "string",
+ "metadata": {
+ "description": "Resource Group of the existing virtual network"
+ },
+ "defaultValue": ""
+ },
+ "_artifactsLocation": {
+ "type": "string",
+ "metadata": {
+ "description": "The base URI where artifacts required by this template are located including a trailing '/'"
+ },
+ "defaultValue": "[deployment().properties.templateLink.uri]"
+ },
+ "_artifactsLocationSasToken": {
+ "type": "securestring",
+ "metadata": {
+ "description": "The sasToken required to access _artifactsLocation. When the template is deployed using the accompanying scripts, a sasToken will be automatically generated. Use the defaultValue if the staging location is not secured."
+ },
+ "defaultValue": ""
+ },
+ "bootstrapScript": {
+ "type": "string",
+ "metadata": {
+ "description": "Bootstrap script"
+ },
+ "defaultValue": ""
+ },
+ "allowDownloadFromUploadToCheckPoint": {
+ "type": "string",
+ "allowedValues": [
+ "true",
+ "false"
+ ],
+ "defaultValue": "true",
+ "metadata": {
+ "description": "Automatically download Blade Contracts and other important data. Improve product experience by sending data to Check Point"
+ }
+ },
+ "additionalDiskSizeGB": {
+ "type": "int",
+ "defaultValue": 0,
+ "metadata": {
+ "description": "Amount of additional disk space (in GB)"
+ },
+ "minValue": 0,
+ "maxValue": 3995
+ },
+ "diskType": {
+ "type": "string",
+ "defaultValue": "Standard_LRS",
+ "metadata": {
+ "description": "The type of the OS disk. Premium is applicable only to DS machine sizes"
+ },
+ "allowedValues": [
+ "Standard_LRS",
+ "Premium_LRS"
+ ]
+ },
+ "preview": {
+ "type": "string",
+ "defaultValue": "",
+ "metadata": {
+ "description": "Deploy the staged image"
+ },
+ "allowedValues": [
+ "",
+ "-preview"
+ ]
+ },
+ "sourceImageVhdUri": {
+ "type": "string",
+ "defaultValue": "noCustomUri",
+ "metadata": {
+ "description": "The URI of the blob containing the development image"
+ }
+ },
+ "Check_PointTags": {
+ "type": "object",
+ "defaultValue": {
+ "provider": "30DE18BC-F9F6-4F22-9D30-54B8E74CFD5F"
+ }
+ }
+ },
+ "variables": {
+ "installationType": "cluster-stack",
+ "templateName": "stack-ha",
+ "templateVersion": "20230219",
+ "location": "[parameters('location')]",
+ "offers": {
+ "R80.40 - Bring Your Own License": "BYOL",
+ "R80.40 - Pay As You Go (NGTP)": "NGTP",
+ "R80.40 - Pay As You Go (NGTX)": "NGTX",
+ "R81 - Bring Your Own License": "BYOL",
+ "R81 - Pay As You Go (NGTP)": "NGTP",
+ "R81 - Pay As You Go (NGTX)": "NGTX"
+ },
+ "offer": "[variables('offers')[parameters('cloudGuardVersion')]]",
+ "osVersions": {
+ "R80.40 - Bring Your Own License": "R8040",
+ "R80.40 - Pay As You Go (NGTP)": "R8040",
+ "R80.40 - Pay As You Go (NGTX)": "R8040",
+ "R81 - Bring Your Own License": "R81",
+ "R81 - Pay As You Go (NGTP)": "R81",
+ "R81 - Pay As You Go (NGTX)": "R81"
+ },
+ "osVersion": "[variables('osVersions')[parameters('cloudGuardVersion')]]",
+ "isBlink": true,
+ "computeApiVersion": "2017-03-30",
+ "storageApiVersion": "2016-01-01",
+ "networkApiVersion": "2017-10-01",
+ "deploymentsApiVersion": "2016-02-01",
+ "storageAccountName": "[concat('bootdiag', uniqueString(resourceGroup().id, deployment().name))]",
+ "storageAccountType": "Standard_LRS",
+ "diskSize100GB": 100,
+ "diskSizeGB": "[add(parameters('additionalDiskSizeGB'), variables('diskSize100GB'))]",
+ "customData": "[concat('#!/usr/bin/python /etc/cloud_config.py\n', '\n', 'installationType=\"', variables('installationType'), '\"', '\n', 'allowUploadDownload=\"', variables('allowUploadDownload'), '\"', '\n', 'osVersion=\"', variables('osVersion'), '\"', '\n', 'templateName=\"', variables('templateName'), '\"', '\n', 'isBlink=\"', variables('isBlink'), '\"', '\n', 'templateVersion=\"', variables('templateVersion'), '\"', '\n', 'bootstrapScript64=\"', variables('bootstrapScript64'), '\"', '\n', 'location=\"', variables('location'), '\"', '\n', 'sicKey=\"', variables('sicKey'), '\"', '\n', 'managementGUIClientNetwork=\"', variables('managementGUIClientNetwork'), '\"', '\n', 'resourceGroup=\"', resourceGroup().name, '\"', '\n', 'subscriptionId=\"', subscription().subscriptionId, '\"', '\n', 'subnet1Prefix=\"', first(split(parameters('subnet1Prefix'), '/')), '\"', '\n', 'location=\"', variables('location'), '\"', '\n', 'tenantId=\"', subscription().tenantId, '\"', '\n', 'virtualNetwork=\"', parameters('virtualNetworkName'), '\"', '\n', 'clusterName=\"', parameters('vmName'), '\"', '\n')]",
+ "imageOfferR8040": "check-point-cg-r8040",
+ "imageOfferR81": "check-point-cg-r81",
+ "imageOffer": "[concat(variables(concat('imageOffer', variables('osVersion'))), parameters('preview'))]",
+ "imagePublisher": "checkpoint",
+ "imageReferenceBYOL": {
+ "offer": "[variables('imageOffer')]",
+ "publisher": "[variables('imagePublisher')]",
+ "sku": "sg-byol",
+ "version": "latest"
+ },
+ "imageReferenceNGTP": {
+ "offer": "[variables('imageOffer')]",
+ "publisher": "[variables('imagePublisher')]",
+ "sku": "sg-ngtp",
+ "version": "latest"
+ },
+ "imageReferenceNGTX": {
+ "offer": "[variables('imageOffer')]",
+ "publisher": "[variables('imagePublisher')]",
+ "sku": "sg-ngtx",
+ "version": "latest"
+ },
+ "imageReferenceMarketplace": "[variables(concat('imageReference', variables('offer')))]",
+ "customImage": "customImage",
+ "imageReferenceCustomUri": {
+ "id": "[resourceId('Microsoft.Compute/images/', variables('customImage'))]"
+ },
+ "imageReference": "[if(equals(parameters('sourceImageVhdUri'),'noCustomUri'), variables('imageReferenceMarketplace'), variables('imageReferenceCustomUri'))]",
+ "nic1Name": "eth0",
+ "nic2Name": "eth1",
+ "linuxConfigurationpassword": {},
+ "linuxConfigurationsshPublicKey": {
+ "disablePasswordAuthentication": "true",
+ "ssh": {
+ "publicKeys": [
+ {
+ "keyData": "[parameters('sshPublicKey')]",
+ "path": "/home/notused/.ssh/authorized_keys"
+ }
+ ]
+ }
+ },
+ "linuxConfiguration": "[variables(concat('linuxConfiguration', parameters('authenticationType')))]",
+ "planBYOL": {
+ "name": "sg-byol",
+ "product": "[variables('imageOffer')]",
+ "publisher": "[variables('imagePublisher')]"
+ },
+ "planNGTP": {
+ "name": "sg-ngtp",
+ "product": "[variables('imageOffer')]",
+ "publisher": "[variables('imagePublisher')]"
+ },
+ "planNGTX": {
+ "name": "sg-ngtx",
+ "product": "[variables('imageOffer')]",
+ "publisher": "[variables('imagePublisher')]"
+ },
+ "plan": "[variables(concat('plan', variables('offer')))]",
+ "publicIPAddressName": "[parameters('vmName')]",
+ "publicIPAddressId": "[resourceId('Microsoft.Network/publicIPAddresses', variables('publicIPAddressName'))]",
+ "bootstrapScript64": "[base64(parameters('bootstrapScript'))]",
+ "allowUploadDownload": "[parameters('allowDownloadFromUploadToCheckPoint')]",
+ "networkSetupURL": "[uri(parameters('_artifactsLocation'), concat('nestedtemplates/vnet-', parameters('vnetNewOrExisting'), '-stack-ha', '.json', parameters('_artifactsLocationSasToken')))]",
+ "sicKey": "[parameters('sicKey')]",
+ "managementGUIClientNetwork": "",
+ "externalPrivateAddresses": [
+ "[parameters('Subnet1StartAddress')]",
+ "[concat(split(parameters('subnet1StartAddress'), '.')[0],'.', split(parameters('subnet1StartAddress'), '.')[1],'.', split(parameters('subnet1StartAddress'), '.')[2],'.', string(add(int(split(parameters('subnet1StartAddress'), '.')[3]),1)))]"
+ ],
+ "Subnet2PrivateAddresses": [
+ "[parameters('subnet2StartAddress')]",
+ "[concat(split(parameters('subnet2StartAddress'), '.')[0],'.', split(parameters('subnet2StartAddress'), '.')[1],'.', split(parameters('subnet2StartAddress'), '.')[2],'.', string(add(int(split(parameters('subnet2StartAddress'), '.')[3]),1)))]"
+ ],
+ "publicIPAddressName1": "[concat(parameters('vmName'), 1)]",
+ "publicIPAddressId1": "[resourceId('Microsoft.Network/publicIPAddresses', variables('publicIPAddressName1'))]",
+ "publicIPAddressName2": "[concat(parameters('vmName'), 2)]",
+ "publicIPAddressId2": "[resourceId('Microsoft.Network/publicIPAddresses', variables('publicIPAddressName2'))]",
+ "availabilitySetName": "[concat(parameters('vmName'), '-AvailabilitySet')]",
+ "count": 2,
+ "frontEndIPConfMember1Id": "[concat(variables('lbId'), '/frontendIPConfigurations/LoadBalancerFrontEnd1')]",
+ "frontEndIPConfMember2Id": "[concat(variables('lbId'), '/frontendIPConfigurations/LoadBalancerFrontEnd2')]",
+ "member1IPConfigId": "[concat(variables('lbId'), '/frontendIPConfigurations/LoadBalancerFrontEnd1')]",
+ "member2IPConfigId": "[concat(variables('lbId'), '/frontendIPConfigurations/LoadBalancerFrontEnd2')]",
+ "elbBEAddressPool": "[concat(variables('lbName'), '-pool')]",
+ "elbBEAddressPoolID": "[concat(variables('lbId'),'/backendAddressPools/',variables('elbBEAddressPool'))]",
+ "appProbeName": "health_prob_port",
+ "elbPublicIPName": "frontend-lb-address",
+ "elbPublicIPId": "[resourceId('Microsoft.Network/publicIPAddresses', variables('elbPublicIPName'))]",
+ "lbId": "[resourceId('Microsoft.Network/loadBalancers', variables('lbName'))]",
+ "lbName": "frontend-lb"
+ },
+ "resources": [
+ {
+ "type": "Microsoft.Storage/storageAccounts",
+ "name": "[variables('storageAccountName')]",
+ "apiVersion": "[variables('storageApiVersion')]",
+ "location": "[variables('location')]",
+ "sku": {
+ "name": "[variables('storageAccountType')]"
+ },
+ "kind": "Storage",
+ "tags": {
+ "provider": "[toUpper(parameters('Check_PointTags').provider)]"
+ }
+ },
+ {
+ "name": "networkSetup",
+ "type": "Microsoft.Resources/deployments",
+ "apiVersion": "[variables('deploymentsApiVersion')]",
+ "properties": {
+ "mode": "Incremental",
+ "templateLink": {
+ "uri": "[variables('networkSetupURL')]",
+ "contentVersion": "1.0.0.0"
+ },
+ "parameters": {
+ "location": {
+ "value": "[variables('location')]"
+ },
+ "apiVersion": {
+ "value": "[variables('networkApiVersion')]"
+ },
+ "virtualNetworkName": {
+ "value": "[parameters('virtualNetworkName')]"
+ },
+ "virtualNetworkAddressPrefixes": {
+ "value": "[parameters('virtualNetworkAddressPrefixes')]"
+ },
+ "subnet1Name": {
+ "value": "[parameters('subnet1Name')]"
+ },
+ "subnet1Prefix": {
+ "value": "[parameters('subnet1Prefix')]"
+ },
+ "subnet1StartAddress": {
+ "value": "[parameters('subnet1StartAddress')]"
+ },
+ "subnet2Name": {
+ "value": "[parameters('subnet2Name')]"
+ },
+ "subnet2Prefix": {
+ "value": "[parameters('subnet2Prefix')]"
+ },
+ "subnet2StartAddress": {
+ "value": "[parameters('subnet2StartAddress')]"
+ },
+ "vnetNewOrExisting": {
+ "value": "[parameters('vnetNewOrExisting')]"
+ },
+ "virtualNetworkExistingRGName": {
+ "value": "[parameters('virtualNetworkExistingRGName')]"
+ }
+ }
+ }
+ },
+ {
+ "type": "Microsoft.Compute/availabilitySets",
+ "apiVersion": "[variables('computeApiVersion')]",
+ "location": "[variables('location')]",
+ "name": "[concat(variables('availabilitySetName'))]",
+ "properties": {
+ "platformFaultDomainCount": 2
+ },
+ "sku": {
+ "name": "Aligned"
+ },
+ "tags": {
+ "provider": "[toUpper(parameters('Check_PointTags').provider)]"
+ }
+ },
+ {
+ "type": "Microsoft.Network/publicIPAddresses",
+ "apiVersion": "[variables('networkApiVersion')]",
+ "location": "[variables('location')]",
+ "name": "[variables('elbPublicIPName')]",
+ "properties": {
+ "idleTimeoutInMinutes": 30,
+ "publicIPAllocationMethod": "Static"
+ }
+ },
+ {
+ "type": "Microsoft.Network/publicIPAddresses",
+ "apiVersion": "[variables('networkApiVersion')]",
+ "location": "[variables('location')]",
+ "name": "[concat(parameters('vmName'), copyIndex(1))]",
+ "copy": {
+ "name": "publicAddressCopy",
+ "count": "[variables('count')]"
+ },
+ "properties": {
+ "idleTimeoutInMinutes": 30,
+ "publicIPAllocationMethod": "Static"
+ },
+ "tags": {
+ "provider": "[toUpper(parameters('Check_PointTags').provider)]"
+ }
+ },
+ {
+ "type": "Microsoft.Network/networkInterfaces",
+ "apiVersion": "[variables('networkApiVersion')]",
+ "dependsOn": [
+ "[resourceId('Microsoft.Resources/deployments', 'networkSetup')]",
+ "[variables('lbId')]",
+ "[variables('publicIPAddressId1')]"
+ ],
+ "location": "[variables('location')]",
+ "name": "[concat(parameters('vmName'), '1-', variables('nic1Name'))]",
+ "properties": {
+ "enableIPForwarding": true,
+ "ipConfigurations": [
+ {
+ "name": "ipconfig1",
+ "properties": {
+ "privateIPAddress": "[variables('externalPrivateAddresses')[0]]",
+ "privateIPAllocationMethod": "Static",
+ "PublicIpAddress": {
+ "Id": "[variables(concat('publicIPAddressId', 1))]"
+ },
+ "subnet": {
+ "id": "[concat(reference('networkSetup').outputs.vnetId.value, '/subnets/', parameters('Subnet1Name'))]"
+ },
+ "loadBalancerBackendAddressPools": [
+ {
+ "id": "[variables('elbBEAddressPoolID')]"
+ }
+ ]
+ }
+ }
+ ]
+ },
+ "tags": {
+ "provider": "[toUpper(parameters('Check_PointTags').provider)]"
+ }
+ },
+ {
+ "type": "Microsoft.Network/networkInterfaces",
+ "apiVersion": "[variables('networkApiVersion')]",
+ "dependsOn": [
+ "[resourceId('Microsoft.Resources/deployments', 'networkSetup')]",
+ "[variables('lbId')]",
+ "[variables('publicIPAddressId2')]"
+ ],
+ "location": "[variables('location')]",
+ "name": "[concat(parameters('vmName'), '2-', variables('nic1Name'))]",
+ "properties": {
+ "enableIPForwarding": true,
+ "ipConfigurations": [
+ {
+ "name": "ipconfig2",
+ "properties": {
+ "privateIPAddress": "[variables('externalPrivateAddresses')[1]]",
+ "privateIPAllocationMethod": "Static",
+ "PublicIpAddress": {
+ "Id": "[variables(concat('publicIPAddressId', 2))]"
+ },
+ "subnet": {
+ "id": "[concat(reference('networkSetup').outputs.vnetId.value, '/subnets/', parameters('Subnet1Name'))]"
+ },
+ "loadBalancerBackendAddressPools": [
+ {
+ "id": "[variables('elbBEAddressPoolID')]"
+ }
+ ]
+ }
+ }
+ ]
+ },
+ "tags": {
+ "provider": "[toUpper(parameters('Check_PointTags').provider)]"
+ }
+ },
+ {
+ "type": "Microsoft.Network/networkInterfaces",
+ "apiVersion": "[variables('networkApiVersion')]",
+ "dependsOn": [
+ "[resourceId('Microsoft.Resources/deployments', 'networkSetup')]"
+ ],
+ "location": "[variables('location')]",
+ "name": "[concat(parameters('vmName'), copyIndex(1), '-', variables('nic2Name'))]",
+ "copy": {
+ "name": "interface2Copy",
+ "count": "[variables('count')]"
+ },
+ "properties": {
+ "enableIPForwarding": true,
+ "ipConfigurations": [
+ {
+ "name": "ipconfig2",
+ "properties": {
+ "privateIPAddress": "[variables('Subnet2PrivateAddresses')[copyIndex(0)]]",
+ "privateIPAllocationMethod": "Static",
+ "subnet": {
+ "id": "[concat(reference('networkSetup').outputs.vnetId.value, '/subnets/', parameters('Subnet2Name'))]"
+ }
+ }
+ }
+ ]
+ },
+ "tags": {
+ "provider": "[toUpper(parameters('Check_PointTags').provider)]"
+ }
+ },
+ {
+ "condition": "[not(equals(parameters('sourceImageVhdUri'), 'noCustomUri'))]",
+ "type": "Microsoft.Compute/images",
+ "apiVersion": "2017-12-01",
+ "name": "[variables('customImage')]",
+ "location": "[variables('location')]",
+ "properties": {
+ "storageProfile": {
+ "osDisk": {
+ "osType": "Linux",
+ "osState": "Generalized",
+ "blobUri": "[parameters('sourceImageVhdUri')]",
+ "storageAccountType": "Standard_LRS"
+ }
+ }
+ },
+ "tags": {
+ "provider": "[toUpper(parameters('Check_PointTags').provider)]"
+ }
+ },
+ {
+ "type": "Microsoft.Compute/virtualMachines",
+ "apiVersion": "[variables('computeApiVersion')]",
+ "dependsOn": [
+ "[resourceId('Microsoft.Storage/storageAccounts', variables('storageAccountName'))]",
+ "[resourceId('Microsoft.Network/networkInterfaces', concat(parameters('vmName'), copyIndex(1), '-', variables('nic1Name')))]",
+ "[resourceId('Microsoft.Network/networkInterfaces', concat(parameters('vmName'), copyIndex(1), '-', variables('nic2Name')))]",
+ "[resourceId('Microsoft.Compute/availabilitySets', variables('availabilitySetName'))]",
+ "[resourceId('Microsoft.Compute/images/', variables('customImage'))]"
+ ],
+ "location": "[variables('location')]",
+ "name": "[concat(parameters('vmName'), copyIndex(1))]",
+ "copy": {
+ "name": "virtualMachineCopy",
+ "count": "[variables('count')]"
+ },
+ "plan": "[if(equals(parameters('sourceImageVhdUri'),'noCustomUri'), variables('plan'), json('null'))]",
+ "properties": {
+ "availabilitySet": {
+ "id": "[resourceId('Microsoft.Compute/availabilitySets', variables('availabilitySetName'))]"
+ },
+ "diagnosticsProfile": {
+ "bootDiagnostics": {
+ "enabled": "true",
+ "storageUri": "[reference(resourceId('Microsoft.Storage/storageAccounts/', variables('storageAccountName')), variables('storageApiVersion')).primaryEndpoints.blob]"
+ }
+ },
+ "hardwareProfile": {
+ "vmSize": "[parameters('vmSize')]"
+ },
+ "networkProfile": {
+ "networkInterfaces": [
+ {
+ "id": "[resourceId('Microsoft.Network/networkInterfaces', concat(parameters('vmName'), copyIndex(1), '-', variables('nic1Name')))]",
+ "properties": {
+ "primary": true
+ }
+ },
+ {
+ "id": "[resourceId('Microsoft.Network/networkInterfaces', concat(parameters('vmName'), copyIndex(1), '-', variables('nic2Name')))]",
+ "properties": {
+ "primary": false
+ }
+ }
+ ]
+ },
+ "osProfile": {
+ "adminPassword": "[parameters('adminPassword')]",
+ "adminUsername": "notused",
+ "computerName": "[concat(toLower(parameters('vmName')), copyIndex(1))]",
+ "customData": "[base64(variables('customData'))]",
+ "linuxConfiguration": "[variables('linuxConfiguration')]"
+ },
+ "storageProfile": {
+ "imageReference": "[variables('imageReference')]",
+ "osDisk": {
+ "caching": "ReadWrite",
+ "createOption": "FromImage",
+ "diskSizeGB": "[variables('diskSizeGB')]",
+ "name": "[concat(parameters('vmName'), copyIndex(1))]",
+ "managedDisk": {
+ "storageAccountType": "[parameters('diskType')]"
+ }
+ }
+ }
+ },
+ "tags": {
+ "provider": "[toUpper(parameters('Check_PointTags').provider)]"
+ }
+ },
+ {
+ "type": "Microsoft.Network/loadBalancers",
+ "apiVersion": "[variables('networkApiVersion')]",
+ "dependsOn": [
+ "[variables('elbPublicIPId')]"
+ ],
+ "name": "[variables('lbName')]",
+ "location": "[variables('location')]",
+ "properties": {
+ "frontendIPConfigurations": [
+ {
+ "name": "LoadBalancerFrontend",
+ "properties": {
+ "publicIPAddress": {
+ "id": "[variables('elbPublicIPId')]"
+ }
+ }
+ }
+ ],
+ "backendAddressPools": [
+ {
+ "name": "[variables('elbBEAddressPool')]"
+ }
+ ],
+ "probes": [
+ {
+ "name": "[variables('appProbeName')]",
+ "properties": {
+ "protocol": "tcp",
+ "port": 8081,
+ "intervalInSeconds": 5,
+ "numberOfProbes": 2
+ }
+ }
+ ]
+ }
+ }
+ ],
+ "outputs": {
+ "Member1IPAddr": {
+ "type": "string",
+ "value": "[reference(variables('publicIPAddressId1')).IpAddress]"
+ },
+ "Member2IPAddr": {
+ "type": "string",
+ "value": "[reference(variables('publicIPAddressId2')).IpAddress]"
+ }
+ }
+}
\ No newline at end of file
diff --git a/deprecated/azure/templates/stack-R8040-R81/stack-management-r8040-r81/createUiDefinition.json b/deprecated/azure/templates/stack-R8040-R81/stack-management-r8040-r81/createUiDefinition.json
new file mode 100644
index 00000000..0ce4fcf5
--- /dev/null
+++ b/deprecated/azure/templates/stack-R8040-R81/stack-management-r8040-r81/createUiDefinition.json
@@ -0,0 +1,366 @@
+{
+ "$schema": "https://schema.management.azure.com/schemas/0.1.2-preview/CreateUIDefinition.MultiVm.json#",
+ "handler": "Microsoft.Azure.CreateUIDef",
+ "version": "0.1.2-preview",
+ "parameters": {
+ "basics": [
+ {
+ "name": "gatewayNameUi",
+ "type": "Microsoft.Common.TextBox",
+ "label": "Server Name",
+ "toolTip": "The name of the Check Point CloudGuard Security Management Server.",
+ "constraints": {
+ "required": true,
+ "regex": "^[a-z0-9A-Z]{1,30}$",
+ "validationMessage": "Only alphanumeric characters are allowed, and the name must be 1-30 characters long."
+ }
+ },
+ {
+ "name": "auth",
+ "type": "Microsoft.Compute.CredentialsCombo",
+ "label": {
+ "authenticationType": "Authentication type",
+ "password": "Password",
+ "confirmPassword": "Confirm password",
+ "sshPublicKey": "SSH public key"
+ },
+ "toolTip": {
+ "authenticationType": "",
+ "password": "The user 'admin' password",
+ "sshPublicKey": "Paste an OpenSSH public key. You can generate a key pair using ssh-keygen (Linux, OS X, Cygwin) or PuttyGen (Windows)"
+ },
+ "constraints": {
+ "required": true
+ },
+ "options": {
+ "hideConfirmation": false,
+ "hidePassword": false
+ },
+ "osPlatform": "Linux"
+ }
+ ],
+ "steps": [
+ {
+ "name": "chkp",
+ "label": "Check Point CloudGuard Security Management Server settings",
+ "subLabel": {
+ "preValidation": "Configure CloudGuard Security Management Server settings",
+ "postValidation": "Done"
+ },
+ "bladeTitle": "CloudGuard Security Management settings",
+ "elements": [
+ {
+ "name": "cloudGuardVersion",
+ "type": "Microsoft.Common.DropDown",
+ "label": "Check Point CloudGuard version",
+ "defaultValue": "R81",
+ "toolTip": "The version of Check Point CloudGuard.",
+ "constraints": {
+ "allowedValues": [
+ {
+ "label": "R80.40",
+ "value": "R80.40"
+ },
+ {
+ "label": "R81",
+ "value": "R81"
+ }
+ ]
+ }
+ },
+ {
+ "name": "R80Offer",
+ "type": "Microsoft.Common.DropDown",
+ "label": "License type",
+ "toolTip": "The type of license.",
+ "defaultValue": "Bring Your Own License",
+ "visible": true,
+ "constraints": {
+ "allowedValues": [
+ {
+ "label": "Bring Your Own License",
+ "value": "Bring Your Own License"
+ },
+ {
+ "label": "Pay As You Go (MGMT25)",
+ "value": "Pay As You Go (MGMT25)"
+ }
+ ]
+ }
+ },
+ {
+ "name": "R8040vmSizeUiBYOL",
+ "type": "Microsoft.Compute.SizeSelector",
+ "visible": "[and(equals(steps('chkp').cloudGuardVersion, 'R80.40'), contains(steps('chkp').R80Offer, 'Bring Your Own License'))]",
+ "label": "Virtual machine size",
+ "toolTip": "The VM size of the Management",
+ "recommendedSizes": [
+ "Standard_D3_v2"
+ ],
+ "constraints": {
+ "excludedSizes": [
+ "Standard_A1_v2",
+ "Standard_D1_v2",
+ "Standard_DS1_v2",
+ "Standard_F1",
+ "Standard_F1s",
+ "Standard_G1",
+ "Standard_GS1"
+ ]
+ },
+ "osPlatform": "Linux",
+ "imageReference": {
+ "publisher": "checkpoint",
+ "offer": "check-point-cg-r8040",
+ "sku": "mgmt-byol"
+ },
+ "count": 1
+ },
+ {
+ "name": "R8040vmSizeUiMGMT25",
+ "type": "Microsoft.Compute.SizeSelector",
+ "visible": "[and(equals(steps('chkp').cloudGuardVersion, 'R80.40'), contains(steps('chkp').R80Offer, '(MGMT25)'))]",
+ "label": "Virtual machine size",
+ "toolTip": "The VM size of the Management",
+ "recommendedSizes": [
+ "Standard_D3_v2"
+ ],
+ "constraints": {
+ "excludedSizes": [
+ "Standard_A1_v2",
+ "Standard_D1_v2",
+ "Standard_DS1_v2",
+ "Standard_F1",
+ "Standard_F1s",
+ "Standard_G1",
+ "Standard_GS1"
+ ]
+ },
+ "osPlatform": "Linux",
+ "imageReference": {
+ "publisher": "checkpoint",
+ "offer": "check-point-cg-r8040",
+ "sku": "mgmt-25"
+ },
+ "count": 1
+ },
+ {
+ "name": "R81vmSizeUiBYOL",
+ "type": "Microsoft.Compute.SizeSelector",
+ "visible": "[and(equals(steps('chkp').cloudGuardVersion, 'R81'), contains(steps('chkp').R80Offer, 'Bring Your Own License'))]",
+ "label": "Virtual machine size",
+ "toolTip": "The VM size of the Management",
+ "recommendedSizes": [
+ "Standard_D3_v2"
+ ],
+ "constraints": {
+ "excludedSizes": [
+ "Standard_A1_v2",
+ "Standard_D1_v2",
+ "Standard_DS1_v2",
+ "Standard_F1",
+ "Standard_F1s",
+ "Standard_G1",
+ "Standard_GS1"
+ ]
+ },
+ "osPlatform": "Linux",
+ "imageReference": {
+ "publisher": "checkpoint",
+ "offer": "check-point-cg-r81",
+ "sku": "mgmt-byol"
+ },
+ "count": 1
+ },
+ {
+ "name": "R81vmSizeUiMGMT25",
+ "type": "Microsoft.Compute.SizeSelector",
+ "visible": "[and(equals(steps('chkp').cloudGuardVersion, 'R81'), contains(steps('chkp').R80Offer, '(MGMT25)'))]",
+ "label": "Virtual machine size",
+ "toolTip": "The VM size of the Management",
+ "recommendedSizes": [
+ "Standard_D3_v2"
+ ],
+ "constraints": {
+ "excludedSizes": [
+ "Standard_A1_v2",
+ "Standard_D1_v2",
+ "Standard_DS1_v2",
+ "Standard_F1",
+ "Standard_F1s",
+ "Standard_G1",
+ "Standard_GS1"
+ ]
+ },
+ "osPlatform": "Linux",
+ "imageReference": {
+ "publisher": "checkpoint",
+ "offer": "check-point-cg-r81",
+ "sku": "mgmt-25"
+ },
+ "count": 1
+ },
+ {
+ "name": "managementGUIClientNetwork",
+ "type": "Microsoft.Common.TextBox",
+ "label": "Allowed GUI clients",
+ "toolTip": "GUI clients network CIDR",
+ "defaultValue": "0.0.0.0/0",
+ "constraints": {
+ "required": true,
+ "regex": "^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\\/([0-9]|[1-2][0-9]|3[0-2]))$",
+ "validationMessage": "Enter a valid IPv4 network CIDR"
+ }
+ },
+ {
+ "name": "bootstrapScript",
+ "type": "Microsoft.Common.FileUpload",
+ "label": "Bootstrap script",
+ "toolTip": "An optional script to run on the initial boot",
+ "constraints": {
+ "required": false,
+ "accept": ".sh,text/plain"
+ },
+ "options": {
+ "multiple": false,
+ "uploadMode": "file",
+ "openMode": "text",
+ "encoding": "UTF-8"
+ }
+ },
+ {
+ "name": "allowUploadDownload",
+ "type": "Microsoft.Common.OptionsGroup",
+ "label": "Allow download from/upload to Check Point",
+ "defaultValue": "Yes",
+ "toolTip": "Automatically download Blade Contracts and other important data. Improve product experience by sending data to Check Point",
+ "constraints": {
+ "allowedValues": [
+ {
+ "label": "Yes",
+ "value": "true"
+ },
+ {
+ "label": "No",
+ "value": "false"
+ }
+ ]
+ }
+ },
+ {
+ "name": "additionalDiskSizeGB",
+ "type": "Microsoft.Common.TextBox",
+ "label": "Additional disk space (GB)",
+ "defaultValue": "0",
+ "toolTip": "Additional disk space (in GB), Initial disk size is 100 GB.",
+ "constraints": {
+ "regex": "^([0-9]|[1-9][0-9]|[1-9][0-9][0-9]|[1-2][0-9][0-9][0-9]|3[0-8][0-9][0-9]|399[0-5])$",
+ "validationMessage": "Select a number between 0 and 3995"
+ }
+ },
+ {
+ "name": "useCustomImageUri",
+ "type": "Microsoft.Common.OptionsGroup",
+ "label": "Use development image uri",
+ "defaultValue": "No",
+ "toolTip": "",
+ "constraints": {
+ "allowedValues": [
+ {
+ "label": "Yes",
+ "value": "Yes"
+ },
+ {
+ "label": "No",
+ "value": "No"
+ }
+ ],
+ "required": true
+ },
+ "visible": false
+ },
+ {
+ "name": "sourceImageVhdUri",
+ "type": "Microsoft.Common.TextBox",
+ "label": "Development Image URI",
+ "toolTip": "The URI of the blob containing the development image",
+ "constraints": {
+ "required": "[equals(steps('chkp').useCustomImageUri, 'Yes')]",
+ "regex": "^[a-z0-9A-Z_\\-\\.\\:\\/]{1,500}.vhd$",
+ "validationMessage": "Only alphanumeric characters and '_','-','.',':','/' are allowed, the value must be 1-500 characters long and must end with .vhd. "
+ },
+ "visible": "[equals(steps('chkp').useCustomImageUri, 'Yes')]"
+ }
+ ]
+ },
+ {
+ "name": "network",
+ "label": "Network settings",
+ "subLabel": {
+ "preValidation": "Configure network settings",
+ "postValidation": "Done"
+ },
+ "bladeTitle": "Network settings",
+ "elements": [
+ {
+ "name": "virtualNetwork",
+ "type": "Microsoft.Network.VirtualNetworkCombo",
+ "label": {
+ "virtualNetwork": "Virtual network",
+ "subnets": "Subnet"
+ },
+ "toolTip": {
+ "virtualNetwork": "Virtual Network Name",
+ "subnets": "The subnet to deploy into"
+ },
+ "defaultValue": {
+ "name": "vnet01",
+ "addressPrefixSize": "/20"
+ },
+ "constraints": {
+ "minAddressPrefixSize": "/29"
+ },
+ "options": {
+ "hideExisting": false
+ },
+ "subnets": {
+ "subnet1": {
+ "label": "Management subnet",
+ "defaultValue": {
+ "name": "Management",
+ "addressPrefixSize": "/24"
+ },
+ "constraints": {
+ "minAddressPrefixSize": "/29",
+ "minAddressCount": 1,
+ "requireContiguousAddresses": true
+ }
+ }
+ }
+ }
+ ]
+ }
+ ],
+ "outputs": {
+ "location": "[location()]",
+ "cloudGuardVersion": "[concat(steps('chkp').cloudGuardVersion, ' - ', coalesce(steps('chkp').R80Offer, 'Bring Your Own License'))]",
+ "adminPassword": "[basics('auth').password]",
+ "authenticationType": "[basics('auth').authenticationType]",
+ "sshPublicKey": "[basics('auth').sshPublicKey]",
+ "vmName": "[basics('gatewayNameUi')]",
+ "vmSize": "[coalesce(steps('chkp').R8040vmSizeUiBYOL, steps('chkp').R8040vmSizeUiMGMT25, steps('chkp').R81vmSizeUiBYOL, steps('chkp').R81vmSizeUiMGMT25)]",
+ "virtualNetworkName": "[steps('network').virtualNetwork.name]",
+ "virtualNetworkAddressPrefix": "[steps('network').virtualNetwork.addressPrefix]",
+ "Subnet1Name": "[steps('network').virtualNetwork.subnets.subnet1.name]",
+ "Subnet1Prefix": "[steps('network').virtualNetwork.subnets.subnet1.addressPrefix]",
+ "Subnet1StartAddress": "[steps('network').virtualNetwork.subnets.subnet1.startAddress]",
+ "vnetNewOrExisting": "[steps('network').virtualNetwork.newOrExisting]",
+ "virtualNetworkExistingRGName": "[steps('network').virtualNetwork.resourceGroup]",
+ "managementGUIClientNetwork": "[steps('chkp').managementGUIClientNetwork]",
+ "bootstrapScript": "[steps('chkp').bootstrapScript]",
+ "allowDownloadFromUploadToCheckPoint": "[coalesce(steps('chkp').allowUploadDownload, 'true')]",
+ "additionalDiskSizeGB": "[int(steps('chkp').additionalDiskSizeGB)]",
+ "sourceImageVhdUri": "[coalesce(steps('chkp').sourceImageVhdUri, 'noCustomUri')]"
+ }
+ }
+}
\ No newline at end of file
diff --git a/deprecated/azure/templates/stack-R8040-R81/stack-management-r8040-r81/mainTemplate.json b/deprecated/azure/templates/stack-R8040-R81/stack-management-r8040-r81/mainTemplate.json
new file mode 100644
index 00000000..d2e59edb
--- /dev/null
+++ b/deprecated/azure/templates/stack-R8040-R81/stack-management-r8040-r81/mainTemplate.json
@@ -0,0 +1,472 @@
+{
+ "$schema": "http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json",
+ "contentVersion": "1.0.0.0",
+ "parameters": {
+ "location": {
+ "type": "string",
+ "metadata": {
+ "description": "Deployment location"
+ },
+ "defaultValue": "[resourceGroup().location]"
+ },
+ "cloudGuardVersion": {
+ "type": "string",
+ "allowedValues": [
+ "R80.40 - Bring Your Own License",
+ "R80.40 - Pay As You Go (MGMT25)",
+ "R81 - Bring Your Own License",
+ "R81 - Pay As You Go (MGMT25)",
+ ],
+ "defaultValue": "R81 - Bring Your Own License",
+ "metadata": {
+ "description": "Version of Check Point CloudGuard"
+ }
+ },
+ "adminPassword": {
+ "type": "securestring",
+ "metadata": {
+ "description": "Administrator password"
+ },
+ "defaultValue": ""
+ },
+ "authenticationType": {
+ "type": "string",
+ "allowedValues": [
+ "password",
+ "sshPublicKey"
+ ],
+ "defaultValue": "password",
+ "metadata": {
+ "description": "Authentication type"
+ }
+ },
+ "sshPublicKey": {
+ "type": "string",
+ "defaultValue": "",
+ "metadata": {
+ "description": "Administrator SSH public key"
+ }
+ },
+ "vmName": {
+ "type": "string",
+ "defaultValue": "[resourceGroup().name]",
+ "metadata": {
+ "description": "Name of the Check Point Security Management Server"
+ }
+ },
+ "vmSize": {
+ "type": "string",
+ "defaultValue": "Standard_D3_v2",
+ "metadata": {
+ "description": "Size of the VM"
+ }
+ },
+ "virtualNetworkName": {
+ "type": "string",
+ "metadata": {
+ "description": "The name of the virtual network"
+ },
+ "defaultValue": "[concat(resourceGroup().name, '-vnet')]"
+ },
+ "virtualNetworkAddressPrefix": {
+ "type": "string",
+ "metadata": {
+ "description": "The address prefix of the virtual network"
+ },
+ "defaultValue": "10.0.0.0/16"
+ },
+ "Subnet1Name": {
+ "type": "string",
+ "metadata": {
+ "description": "The name of the management subnet"
+ },
+ "defaultValue": "Frontend"
+ },
+ "Subnet1Prefix": {
+ "type": "string",
+ "metadata": {
+ "description": "The address prefix of the management subnet"
+ },
+ "defaultValue": "10.0.1.0/24"
+ },
+ "Subnet1StartAddress": {
+ "type": "string",
+ "metadata": {
+ "description": "The first available address on the management subnet"
+ },
+ "defaultValue": "10.0.1.10"
+ },
+ "vnetNewOrExisting": {
+ "type": "string",
+ "defaultValue": "new",
+ "allowedValues": [
+ "new",
+ "existing"
+ ],
+ "metadata": {
+ "Description": "Indicates whether the virtual network is new or existing"
+ }
+ },
+ "virtualNetworkExistingRGName": {
+ "type": "string",
+ "metadata": {
+ "description": "Resource Group of the existing virtual network"
+ },
+ "defaultValue": ""
+ },
+ "managementGUIClientNetwork": {
+ "type": "string",
+ "metadata": {
+ "description": "Allowed GUI clients"
+ },
+ "defaultValue": "0.0.0.0/0"
+ },
+ "_artifactsLocation": {
+ "type": "string",
+ "metadata": {
+ "description": "The base URI where artifacts required by this template are located including a trailing '/'"
+ },
+ "defaultValue": "[deployment().properties.templateLink.uri]"
+ },
+ "_artifactsLocationSasToken": {
+ "type": "securestring",
+ "metadata": {
+ "description": "The sasToken required to access _artifactsLocation. When the template is deployed using the accompanying scripts, a sasToken will be automatically generated. Use the defaultValue if the staging location is not secured."
+ },
+ "defaultValue": ""
+ },
+ "bootstrapScript": {
+ "type": "string",
+ "metadata": {
+ "description": "Bootstrap script"
+ },
+ "defaultValue": ""
+ },
+ "allowDownloadFromUploadToCheckPoint": {
+ "type": "string",
+ "allowedValues": [
+ "true",
+ "false"
+ ],
+ "defaultValue": "true",
+ "metadata": {
+ "description": "Automatically download Blade Contracts and other important data. Improve product experience by sending data to Check Point"
+ }
+ },
+ "additionalDiskSizeGB": {
+ "type": "int",
+ "defaultValue": 0,
+ "metadata": {
+ "description": "Amount of additional disk space (in GB)"
+ },
+ "minValue": 0,
+ "maxValue": 3995
+ },
+ "diskType": {
+ "type": "string",
+ "defaultValue": "Standard_LRS",
+ "metadata": {
+ "description": "The type of the OS disk. Premium is applicable only to DS machine sizes"
+ },
+ "allowedValues": [
+ "Standard_LRS",
+ "Premium_LRS"
+ ]
+ },
+ "preview": {
+ "type": "string",
+ "defaultValue": "",
+ "metadata": {
+ "description": "Deploy the staged image"
+ },
+ "allowedValues": [
+ "",
+ "-preview"
+ ]
+ },
+ "sourceImageVhdUri": {
+ "type": "string",
+ "defaultValue": "noCustomUri",
+ "metadata": {
+ "description": "The URI of the blob containing the development image"
+ }
+ },
+ "Check_PointTags": {
+ "type": "object",
+ "defaultValue": {
+ "provider": "30DE18BC-F9F6-4F22-9D30-54B8E74CFD5F"
+ }
+ },
+ "msi": {
+ "type": "bool",
+ "defaultValue": false,
+ "metadata": {
+ "description": "Configure managed service identity for the VM"
+ }
+ }
+ },
+ "variables": {
+ "installationType": "management-stack",
+ "templateName": "stack-management",
+ "templateVersion": "20230219",
+ "location": "[parameters('location')]",
+ "offers": {
+ "R80.40 - Bring Your Own License": "BYOL",
+ "R80.40 - Pay As You Go (MGMT25)": "MGMT25",
+ "R81 - Bring Your Own License": "BYOL",
+ "R81 - Pay As You Go (MGMT25)": "MGMT25"
+ },
+ "offer": "[variables('offers')[parameters('cloudGuardVersion')]]",
+ "osVersions": {
+ "R80.40 - Bring Your Own License": "R8040",
+ "R80.40 - Pay As You Go (MGMT25)": "R8040",
+ "R81 - Bring Your Own License": "R81",
+ "R81 - Pay As You Go (MGMT25)": "R81"
+ },
+ "osVersion": "[variables('osVersions')[parameters('cloudGuardVersion')]]",
+ "isBlink": false,
+ "computeApiVersion": "2017-03-30",
+ "storageApiVersion": "2016-01-01",
+ "networkApiVersion": "2017-10-01",
+ "deploymentsApiVersion": "2016-02-01",
+ "storageAccountName": "[concat('bootdiag', uniqueString(resourceGroup().id, deployment().name))]",
+ "storageAccountType": "Standard_LRS",
+ "diskSize100GB": 100,
+ "diskSizeGB": "[add(parameters('additionalDiskSizeGB'), variables('diskSize100GB'))]",
+ "customData": "[concat('#!/usr/bin/python /etc/cloud_config.py\n', '\n', 'installationType=\"', variables('installationType'), '\"', '\n', 'allowUploadDownload=\"', variables('allowUploadDownload'), '\"', '\n', 'osVersion=\"', variables('osVersion'), '\"', '\n', 'templateName=\"', variables('templateName'), '\"', '\n', 'isBlink=\"', variables('isBlink'), '\"', '\n', 'templateVersion=\"', variables('templateVersion'), '\"', '\n', 'bootstrapScript64=\"', variables('bootstrapScript64'), '\"', '\n', 'location=\"', variables('location'), '\"', '\n', 'sicKey=\"', variables('sicKey'), '\"', '\n', 'managementGUIClientNetwork=\"', variables('managementGUIClientNetwork'), '\"', '\n', 'resourceGroup=\"', resourceGroup().name, '\"', '\n', 'subscriptionId=\"', subscription().subscriptionId, '\"', '\n')]",
+ "imageOfferR8040": "check-point-cg-r8040",
+ "imageOfferR81": "check-point-cg-r81",
+ "imageOffer": "[concat(variables(concat('imageOffer', variables('osVersion'))), parameters('preview'))]",
+ "imagePublisher": "checkpoint",
+ "imageReferenceBYOL": {
+ "offer": "[variables('imageOffer')]",
+ "publisher": "[variables('imagePublisher')]",
+ "sku": "mgmt-byol",
+ "version": "latest"
+ },
+ "imageReferenceMGMT25": {
+ "offer": "[variables('imageOffer')]",
+ "publisher": "[variables('imagePublisher')]",
+ "sku": "mgmt-25",
+ "version": "latest"
+ },
+ "imageReferenceMarketplace": "[variables(concat('imageReference', variables('offer')))]",
+ "customImage": "customImage",
+ "imageReferenceCustomUri": {
+ "id": "[resourceId('Microsoft.Compute/images/', variables('customImage'))]"
+ },
+ "imageReference": "[if(equals(parameters('sourceImageVhdUri'),'noCustomUri'), variables('imageReferenceMarketplace'), variables('imageReferenceCustomUri'))]",
+ "nic1Name": "[concat(parameters('vmName'), '-eth0')]",
+ "linuxConfigurationpassword": {},
+ "linuxConfigurationsshPublicKey": {
+ "disablePasswordAuthentication": "true",
+ "ssh": {
+ "publicKeys": [
+ {
+ "keyData": "[parameters('sshPublicKey')]",
+ "path": "/home/notused/.ssh/authorized_keys"
+ }
+ ]
+ }
+ },
+ "linuxConfiguration": "[variables(concat('linuxConfiguration', parameters('authenticationType')))]",
+ "planBYOL": {
+ "name": "mgmt-byol",
+ "product": "[variables('imageOffer')]",
+ "publisher": "[variables('imagePublisher')]"
+ },
+ "planMGMT25": {
+ "name": "mgmt-25",
+ "product": "[variables('imageOffer')]",
+ "publisher": "[variables('imagePublisher')]"
+ },
+ "plan": "[variables(concat('plan', variables('offer')))]",
+ "publicIPAddressName": "[parameters('vmName')]",
+ "publicIPAddressId": "[resourceId('Microsoft.Network/publicIPAddresses', variables('publicIPAddressName'))]",
+ "bootstrapScript64": "[base64(parameters('bootstrapScript'))]",
+ "allowUploadDownload": "[parameters('allowDownloadFromUploadToCheckPoint')]",
+ "networkSetupURL": "[uri(parameters('_artifactsLocation'), concat('nestedtemplates/vnet-', parameters('vnetNewOrExisting'), '-stack-mgmt.json', parameters('_artifactsLocationSasToken')))]",
+ "sicKey": "notused",
+ "managementGUIClientNetwork": "[parameters('managementGUIClientNetwork')]",
+ "identity": "[if(parameters('msi'), json('{\"type\": \"SystemAssigned\"}'), json('null'))]"
+ },
+ "resources": [
+ {
+ "type": "Microsoft.Storage/storageAccounts",
+ "name": "[variables('storageAccountName')]",
+ "apiVersion": "[variables('storageApiVersion')]",
+ "location": "[variables('location')]",
+ "sku": {
+ "name": "[variables('storageAccountType')]"
+ },
+ "kind": "Storage",
+ "tags": {
+ "provider": "[toUpper(parameters('Check_PointTags').provider)]"
+ }
+ },
+ {
+ "name": "networkSetup",
+ "type": "Microsoft.Resources/deployments",
+ "apiVersion": "[variables('deploymentsApiVersion')]",
+ "properties": {
+ "mode": "Incremental",
+ "templateLink": {
+ "uri": "[variables('networkSetupURL')]",
+ "contentVersion": "1.0.0.0"
+ },
+ "parameters": {
+ "location": {
+ "value": "[variables('location')]"
+ },
+ "apiVersion": {
+ "value": "[variables('networkApiVersion')]"
+ },
+ "virtualNetworkName": {
+ "value": "[parameters('virtualNetworkName')]"
+ },
+ "virtualNetworkAddressPrefix": {
+ "value": "[parameters('virtualNetworkAddressPrefix')]"
+ },
+ "Subnet1Name": {
+ "value": "[parameters('Subnet1Name')]"
+ },
+ "Subnet1Prefix": {
+ "value": "[parameters('Subnet1Prefix')]"
+ },
+ "vnetNewOrExisting": {
+ "value": "[parameters('vnetNewOrExisting')]"
+ },
+ "virtualNetworkExistingRGName": {
+ "value": "[parameters('virtualNetworkExistingRGName')]"
+ }
+ }
+ }
+ },
+ {
+ "type": "Microsoft.Network/publicIPAddresses",
+ "apiVersion": "[variables('networkApiVersion')]",
+ "location": "[variables('location')]",
+ "name": "[variables('publicIPAddressName')]",
+ "properties": {
+ "idleTimeoutInMinutes": 30,
+ "publicIPAllocationMethod": "Static"
+ },
+ "tags": {
+ "provider": "[toUpper(parameters('Check_PointTags').provider)]"
+ }
+ },
+ {
+ "type": "Microsoft.Network/networkInterfaces",
+ "apiVersion": "[variables('networkApiVersion')]",
+ "dependsOn": [
+ "[resourceId('Microsoft.Resources/deployments', 'networkSetup')]",
+ "[variables('publicIPAddressId')]"
+ ],
+ "location": "[variables('location')]",
+ "name": "[variables('nic1Name')]",
+ "properties": {
+ "enableIPForwarding": false,
+ "ipConfigurations": [
+ {
+ "name": "ipconfig1",
+ "properties": {
+ "privateIPAddress": "[parameters('Subnet1StartAddress')]",
+ "privateIPAllocationMethod": "Static",
+ "PublicIpAddress": {
+ "Id": "[variables('publicIPAddressId')]"
+ },
+ "subnet": {
+ "id": "[concat(reference('networkSetup').outputs.vnetId.value, '/subnets/', parameters('Subnet1Name'))]"
+ }
+ }
+ }
+ ]
+ },
+ "tags": {
+ "provider": "[toUpper(parameters('Check_PointTags').provider)]"
+ }
+ },
+ {
+ "condition": "[not(equals(parameters('sourceImageVhdUri'), 'noCustomUri'))]",
+ "type": "Microsoft.Compute/images",
+ "apiVersion": "2017-12-01",
+ "name": "[variables('customImage')]",
+ "location": "[variables('location')]",
+ "properties": {
+ "storageProfile": {
+ "osDisk": {
+ "osType": "Linux",
+ "osState": "Generalized",
+ "blobUri": "[parameters('sourceImageVhdUri')]",
+ "storageAccountType": "Standard_LRS"
+ }
+ }
+ },
+ "tags": {
+ "provider": "[toUpper(parameters('Check_PointTags').provider)]"
+ }
+ },
+ {
+ "type": "Microsoft.Compute/virtualMachines",
+ "apiVersion": "[variables('computeApiVersion')]",
+ "dependsOn": [
+ "[resourceId('Microsoft.Storage/storageAccounts', variables('storageAccountName'))]",
+ "[resourceId('Microsoft.Network/networkInterfaces', variables('nic1Name'))]",
+ "[resourceId('Microsoft.Compute/images/', variables('customImage'))]"
+ ],
+ "location": "[variables('location')]",
+ "name": "[parameters('vmName')]",
+ "plan": "[if(equals(parameters('sourceImageVhdUri'),'noCustomUri'), variables('plan'), json('null'))]",
+ "identity": "[variables('identity')]",
+ "properties": {
+ "diagnosticsProfile": {
+ "bootDiagnostics": {
+ "enabled": "true",
+ "storageUri": "[reference(resourceId('Microsoft.Storage/storageAccounts/', variables('storageAccountName')), variables('storageApiVersion')).primaryEndpoints.blob]"
+ }
+ },
+ "hardwareProfile": {
+ "vmSize": "[parameters('vmSize')]"
+ },
+ "networkProfile": {
+ "networkInterfaces": [
+ {
+ "id": "[resourceId('Microsoft.Network/networkInterfaces', variables('nic1Name'))]",
+ "properties": {
+ "primary": true
+ }
+ }
+ ]
+ },
+ "osProfile": {
+ "adminPassword": "[parameters('adminPassword')]",
+ "adminUsername": "notused",
+ "computerName": "[toLower(parameters('vmName'))]",
+ "customData": "[base64(variables('customData'))]",
+ "linuxConfiguration": "[variables('linuxConfiguration')]"
+ },
+ "storageProfile": {
+ "imageReference": "[variables('imageReference')]",
+ "osDisk": {
+ "caching": "ReadWrite",
+ "createOption": "FromImage",
+ "diskSizeGB": "[variables('diskSizeGB')]",
+ "name": "[parameters('vmName')]",
+ "managedDisk": {
+ "storageAccountType": "[parameters('diskType')]"
+ }
+ }
+ }
+ },
+ "tags": {
+ "provider": "[toUpper(parameters('Check_PointTags').provider)]"
+ }
+ }
+ ],
+ "outputs": {
+ "IPAddress": {
+ "type": "string",
+ "value": "[reference(variables('publicIPAddressId')).IpAddress]"
+ }
+ }
+}
\ No newline at end of file
diff --git a/deprecated/azure/templates/stack-R8040-R81/stack-single-r8040-r81/createUiDefinition.json b/deprecated/azure/templates/stack-R8040-R81/stack-single-r8040-r81/createUiDefinition.json
new file mode 100644
index 00000000..cff833ef
--- /dev/null
+++ b/deprecated/azure/templates/stack-R8040-R81/stack-single-r8040-r81/createUiDefinition.json
@@ -0,0 +1,763 @@
+{
+ "$schema": "https://schema.management.azure.com/schemas/0.1.2-preview/CreateUIDefinition.MultiVm.json#",
+ "handler": "Microsoft.Azure.CreateUIDef",
+ "version": "0.1.2-preview",
+ "parameters": {
+ "basics": [
+ {
+ "name": "gatewayNameUi",
+ "type": "Microsoft.Common.TextBox",
+ "label": "VM Name",
+ "toolTip": "The name of the Check Point CloudGuard Gateway.",
+ "constraints": {
+ "required": true,
+ "regex": "^[a-z0-9A-Z]{1,30}$",
+ "validationMessage": "Only alphanumeric characters are allowed, and the name must be 1-30 characters long."
+ }
+ },
+ {
+ "name": "auth",
+ "type": "Microsoft.Compute.CredentialsCombo",
+ "label": {
+ "authenticationType": "Authentication type",
+ "password": "Password",
+ "confirmPassword": "Confirm password",
+ "sshPublicKey": "SSH public key"
+ },
+ "toolTip": {
+ "authenticationType": "",
+ "password": "The user 'admin' password",
+ "sshPublicKey": "Paste an OpenSSH public key. You can generate a key pair using ssh-keygen (Linux, OS X, Cygwin) or PuttyGen (Windows)"
+ },
+ "constraints": {
+ "required": true
+ },
+ "options": {
+ "hideConfirmation": false,
+ "hidePassword": false
+ },
+ "osPlatform": "Linux"
+ }
+ ],
+ "steps": [
+ {
+ "name": "chkp",
+ "label": "Check Point CloudGuard Gateway settings",
+ "subLabel": {
+ "preValidation": "Configure CloudGuard Gateway settings",
+ "postValidation": "Done"
+ },
+ "bladeTitle": "CloudGuard Gateway settings",
+ "elements": [
+ {
+ "name": "cloudGuardVersion",
+ "type": "Microsoft.Common.DropDown",
+ "label": "Check Point CloudGuard version",
+ "defaultValue": "R81",
+ "toolTip": "The version of Check Point CloudGuard Gateway.",
+ "constraints": {
+ "allowedValues": [
+ {
+ "label": "R80.40",
+ "value": "R80.40"
+ },
+ {
+ "label": "R81",
+ "value": "R81"
+ }
+ ]
+ }
+ },
+ {
+ "name": "R80Offer",
+ "type": "Microsoft.Common.DropDown",
+ "label": "License type",
+ "toolTip": "The type of license.",
+ "defaultValue": "Bring Your Own License",
+ "visible": true,
+ "constraints": {
+ "allowedValues": [
+ {
+ "label": "Bring Your Own License",
+ "value": "Bring Your Own License"
+ }
+ ]
+ }
+ },
+ {
+ "name": "R8040vmSizeUiBYOL",
+ "type": "Microsoft.Compute.SizeSelector",
+ "visible": "[and(equals(steps('chkp').cloudGuardVersion, 'R80.40'), contains(steps('chkp').R80Offer, 'Bring Your Own License'))]",
+ "label": "Virtual machine size",
+ "toolTip": "The VM size of the Security Gateway",
+ "recommendedSizes": [
+ "Standard_D3_v2",
+ "Standard_DS3_v2"
+ ],
+ "constraints": {
+ "allowedSizes": [
+ "Standard_DS2_v2",
+ "Standard_DS3_v2",
+ "Standard_DS4_v2",
+ "Standard_DS5_v2",
+ "Standard_F2s",
+ "Standard_F4s",
+ "Standard_F8s",
+ "Standard_F16s",
+ "Standard_D4s_v3",
+ "Standard_D8s_v3",
+ "Standard_D16s_v3",
+ "Standard_D32s_v3",
+ "Standard_D64s_v3",
+ "Standard_E4s_v3",
+ "Standard_E8s_v3",
+ "Standard_E16s_v3",
+ "Standard_E20s_v3",
+ "Standard_E32s_v3",
+ "Standard_E64s_v3",
+ "Standard_E64is_v3",
+ "Standard_F4s_v2",
+ "Standard_F8s_v2",
+ "Standard_F16s_v2",
+ "Standard_F32s_v2",
+ "Standard_F64s_v2",
+ "Standard_M8ms",
+ "Standard_M16ms",
+ "Standard_M32ms",
+ "Standard_M64ms",
+ "Standard_M64s",
+ "Standard_D2_v2",
+ "Standard_D3_v2",
+ "Standard_D4_v2",
+ "Standard_D5_v2",
+ "Standard_D11_v2",
+ "Standard_D12_v2",
+ "Standard_D13_v2",
+ "Standard_D14_v2",
+ "Standard_D15_v2",
+ "Standard_F2",
+ "Standard_F4",
+ "Standard_F8",
+ "Standard_F16",
+ "Standard_D4_v3",
+ "Standard_D8_v3",
+ "Standard_D16_v3",
+ "Standard_D32_v3",
+ "Standard_D64_v3",
+ "Standard_E4_v3",
+ "Standard_E8_v3",
+ "Standard_E16_v3",
+ "Standard_E20_v3",
+ "Standard_E32_v3",
+ "Standard_E64_v3",
+ "Standard_E64i_v3",
+ "Standard_DS11_v2",
+ "Standard_DS12_v2",
+ "Standard_DS13_v2",
+ "Standard_DS14_v2",
+ "Standard_DS15_v2"
+ ]
+ },
+ "osPlatform": "Linux",
+ "imageReference": {
+ "publisher": "checkpoint",
+ "offer": "check-point-cg-r8040",
+ "sku": "sg-byol"
+ },
+ "count": 1
+ },
+ {
+ "name": "R8040vmSizeUiNGTP",
+ "type": "Microsoft.Compute.SizeSelector",
+ "visible": "[and(equals(steps('chkp').cloudGuardVersion, 'R80.40'), contains(steps('chkp').R80Offer, '(NGTP)'))]",
+ "label": "Virtual machine size",
+ "toolTip": "The VM size of the Security Gateway",
+ "recommendedSizes": [
+ "Standard_D3_v2",
+ "Standard_DS3_v2"
+ ],
+ "constraints": {
+ "allowedSizes": [
+ "Standard_DS2_v2",
+ "Standard_DS3_v2",
+ "Standard_DS4_v2",
+ "Standard_DS5_v2",
+ "Standard_F2s",
+ "Standard_F4s",
+ "Standard_F8s",
+ "Standard_F16s",
+ "Standard_D4s_v3",
+ "Standard_D8s_v3",
+ "Standard_D16s_v3",
+ "Standard_D32s_v3",
+ "Standard_D64s_v3",
+ "Standard_E4s_v3",
+ "Standard_E8s_v3",
+ "Standard_E16s_v3",
+ "Standard_E20s_v3",
+ "Standard_E32s_v3",
+ "Standard_E64s_v3",
+ "Standard_E64is_v3",
+ "Standard_F4s_v2",
+ "Standard_F8s_v2",
+ "Standard_F16s_v2",
+ "Standard_F32s_v2",
+ "Standard_F64s_v2",
+ "Standard_M8ms",
+ "Standard_M16ms",
+ "Standard_M32ms",
+ "Standard_M64ms",
+ "Standard_M64s",
+ "Standard_D2_v2",
+ "Standard_D3_v2",
+ "Standard_D4_v2",
+ "Standard_D5_v2",
+ "Standard_D11_v2",
+ "Standard_D12_v2",
+ "Standard_D13_v2",
+ "Standard_D14_v2",
+ "Standard_D15_v2",
+ "Standard_F2",
+ "Standard_F4",
+ "Standard_F8",
+ "Standard_F16",
+ "Standard_D4_v3",
+ "Standard_D8_v3",
+ "Standard_D16_v3",
+ "Standard_D32_v3",
+ "Standard_D64_v3",
+ "Standard_E4_v3",
+ "Standard_E8_v3",
+ "Standard_E16_v3",
+ "Standard_E20_v3",
+ "Standard_E32_v3",
+ "Standard_E64_v3",
+ "Standard_E64i_v3",
+ "Standard_DS11_v2",
+ "Standard_DS12_v2",
+ "Standard_DS13_v2",
+ "Standard_DS14_v2",
+ "Standard_DS15_v2"
+ ]
+ },
+ "osPlatform": "Linux",
+ "imageReference": {
+ "publisher": "checkpoint",
+ "offer": "check-point-cg-r8040",
+ "sku": "sg-ngtp"
+ },
+ "count": 1
+ },
+ {
+ "name": "R8040vmSizeUiNGTX",
+ "type": "Microsoft.Compute.SizeSelector",
+ "visible": "[and(equals(steps('chkp').cloudGuardVersion, 'R80.40'), contains(steps('chkp').R80Offer, '(NGTX)'))]",
+ "label": "Virtual machine size",
+ "toolTip": "The VM size of the Security Gateway",
+ "recommendedSizes": [
+ "Standard_D3_v2",
+ "Standard_DS3_v2"
+ ],
+ "constraints": {
+ "allowedSizes": [
+ "Standard_DS2_v2",
+ "Standard_DS3_v2",
+ "Standard_DS4_v2",
+ "Standard_DS5_v2",
+ "Standard_F2s",
+ "Standard_F4s",
+ "Standard_F8s",
+ "Standard_F16s",
+ "Standard_D4s_v3",
+ "Standard_D8s_v3",
+ "Standard_D16s_v3",
+ "Standard_D32s_v3",
+ "Standard_D64s_v3",
+ "Standard_E4s_v3",
+ "Standard_E8s_v3",
+ "Standard_E16s_v3",
+ "Standard_E20s_v3",
+ "Standard_E32s_v3",
+ "Standard_E64s_v3",
+ "Standard_E64is_v3",
+ "Standard_F4s_v2",
+ "Standard_F8s_v2",
+ "Standard_F16s_v2",
+ "Standard_F32s_v2",
+ "Standard_F64s_v2",
+ "Standard_M8ms",
+ "Standard_M16ms",
+ "Standard_M32ms",
+ "Standard_M64ms",
+ "Standard_M64s",
+ "Standard_D2_v2",
+ "Standard_D3_v2",
+ "Standard_D4_v2",
+ "Standard_D5_v2",
+ "Standard_D11_v2",
+ "Standard_D12_v2",
+ "Standard_D13_v2",
+ "Standard_D14_v2",
+ "Standard_D15_v2",
+ "Standard_F2",
+ "Standard_F4",
+ "Standard_F8",
+ "Standard_F16",
+ "Standard_D4_v3",
+ "Standard_D8_v3",
+ "Standard_D16_v3",
+ "Standard_D32_v3",
+ "Standard_D64_v3",
+ "Standard_E4_v3",
+ "Standard_E8_v3",
+ "Standard_E16_v3",
+ "Standard_E20_v3",
+ "Standard_E32_v3",
+ "Standard_E64_v3",
+ "Standard_E64i_v3",
+ "Standard_DS11_v2",
+ "Standard_DS12_v2",
+ "Standard_DS13_v2",
+ "Standard_DS14_v2",
+ "Standard_DS15_v2"
+ ]
+ },
+ "osPlatform": "Linux",
+ "imageReference": {
+ "publisher": "checkpoint",
+ "offer": "check-point-cg-r8040",
+ "sku": "sg-ngtx"
+ },
+ "count": 1
+ },
+ {
+ "name": "R81vmSizeUiBYOL",
+ "type": "Microsoft.Compute.SizeSelector",
+ "visible": "[and(equals(steps('chkp').cloudGuardVersion, 'R81'), contains(steps('chkp').R80Offer, 'Bring Your Own License'))]",
+ "label": "Virtual machine size",
+ "toolTip": "The VM size of the Security Gateway",
+ "recommendedSizes": [
+ "Standard_D3_v2",
+ "Standard_DS3_v2"
+ ],
+ "constraints": {
+ "allowedSizes": [
+ "Standard_DS2_v2",
+ "Standard_DS3_v2",
+ "Standard_DS4_v2",
+ "Standard_DS5_v2",
+ "Standard_F2s",
+ "Standard_F4s",
+ "Standard_F8s",
+ "Standard_F16s",
+ "Standard_D4s_v3",
+ "Standard_D8s_v3",
+ "Standard_D16s_v3",
+ "Standard_D32s_v3",
+ "Standard_D64s_v3",
+ "Standard_E4s_v3",
+ "Standard_E8s_v3",
+ "Standard_E16s_v3",
+ "Standard_E20s_v3",
+ "Standard_E32s_v3",
+ "Standard_E64s_v3",
+ "Standard_E64is_v3",
+ "Standard_F4s_v2",
+ "Standard_F8s_v2",
+ "Standard_F16s_v2",
+ "Standard_F32s_v2",
+ "Standard_F64s_v2",
+ "Standard_M8ms",
+ "Standard_M16ms",
+ "Standard_M32ms",
+ "Standard_M64ms",
+ "Standard_M64s",
+ "Standard_D2_v2",
+ "Standard_D3_v2",
+ "Standard_D4_v2",
+ "Standard_D5_v2",
+ "Standard_D11_v2",
+ "Standard_D12_v2",
+ "Standard_D13_v2",
+ "Standard_D14_v2",
+ "Standard_D15_v2",
+ "Standard_F2",
+ "Standard_F4",
+ "Standard_F8",
+ "Standard_F16",
+ "Standard_D4_v3",
+ "Standard_D8_v3",
+ "Standard_D16_v3",
+ "Standard_D32_v3",
+ "Standard_D64_v3",
+ "Standard_E4_v3",
+ "Standard_E8_v3",
+ "Standard_E16_v3",
+ "Standard_E20_v3",
+ "Standard_E32_v3",
+ "Standard_E64_v3",
+ "Standard_E64i_v3",
+ "Standard_DS11_v2",
+ "Standard_DS12_v2",
+ "Standard_DS13_v2",
+ "Standard_DS14_v2",
+ "Standard_DS15_v2"
+ ]
+ },
+ "osPlatform": "Linux",
+ "imageReference": {
+ "publisher": "checkpoint",
+ "offer": "check-point-cg-r81",
+ "sku": "sg-byol"
+ },
+ "count": 1
+ },
+ {
+ "name": "R81vmSizeUiNGTP",
+ "type": "Microsoft.Compute.SizeSelector",
+ "visible": "[and(equals(steps('chkp').cloudGuardVersion, 'R81'), contains(steps('chkp').R80Offer, '(NGTP)'))]",
+ "label": "Virtual machine size",
+ "toolTip": "The VM size of the Security Gateway",
+ "recommendedSizes": [
+ "Standard_D3_v2",
+ "Standard_DS3_v2"
+ ],
+ "constraints": {
+ "allowedSizes": [
+ "Standard_DS2_v2",
+ "Standard_DS3_v2",
+ "Standard_DS4_v2",
+ "Standard_DS5_v2",
+ "Standard_F2s",
+ "Standard_F4s",
+ "Standard_F8s",
+ "Standard_F16s",
+ "Standard_D4s_v3",
+ "Standard_D8s_v3",
+ "Standard_D16s_v3",
+ "Standard_D32s_v3",
+ "Standard_D64s_v3",
+ "Standard_E4s_v3",
+ "Standard_E8s_v3",
+ "Standard_E16s_v3",
+ "Standard_E20s_v3",
+ "Standard_E32s_v3",
+ "Standard_E64s_v3",
+ "Standard_E64is_v3",
+ "Standard_F4s_v2",
+ "Standard_F8s_v2",
+ "Standard_F16s_v2",
+ "Standard_F32s_v2",
+ "Standard_F64s_v2",
+ "Standard_M8ms",
+ "Standard_M16ms",
+ "Standard_M32ms",
+ "Standard_M64ms",
+ "Standard_M64s",
+ "Standard_D2_v2",
+ "Standard_D3_v2",
+ "Standard_D4_v2",
+ "Standard_D5_v2",
+ "Standard_D11_v2",
+ "Standard_D12_v2",
+ "Standard_D13_v2",
+ "Standard_D14_v2",
+ "Standard_D15_v2",
+ "Standard_F2",
+ "Standard_F4",
+ "Standard_F8",
+ "Standard_F16",
+ "Standard_D4_v3",
+ "Standard_D8_v3",
+ "Standard_D16_v3",
+ "Standard_D32_v3",
+ "Standard_D64_v3",
+ "Standard_E4_v3",
+ "Standard_E8_v3",
+ "Standard_E16_v3",
+ "Standard_E20_v3",
+ "Standard_E32_v3",
+ "Standard_E64_v3",
+ "Standard_E64i_v3",
+ "Standard_DS11_v2",
+ "Standard_DS12_v2",
+ "Standard_DS13_v2",
+ "Standard_DS14_v2",
+ "Standard_DS15_v2"
+ ]
+ },
+ "osPlatform": "Linux",
+ "imageReference": {
+ "publisher": "checkpoint",
+ "offer": "check-point-cg-r81",
+ "sku": "sg-ngtp"
+ },
+ "count": 1
+ },
+ {
+ "name": "R81vmSizeUiNGTX",
+ "type": "Microsoft.Compute.SizeSelector",
+ "visible": "[and(equals(steps('chkp').cloudGuardVersion, 'R81'), contains(steps('chkp').R80Offer, '(NGTX)'))]",
+ "label": "Virtual machine size",
+ "toolTip": "The VM size of the Security Gateway",
+ "recommendedSizes": [
+ "Standard_D3_v2",
+ "Standard_DS3_v2"
+ ],
+ "constraints": {
+ "allowedSizes": [
+ "Standard_DS2_v2",
+ "Standard_DS3_v2",
+ "Standard_DS4_v2",
+ "Standard_DS5_v2",
+ "Standard_F2s",
+ "Standard_F4s",
+ "Standard_F8s",
+ "Standard_F16s",
+ "Standard_D4s_v3",
+ "Standard_D8s_v3",
+ "Standard_D16s_v3",
+ "Standard_D32s_v3",
+ "Standard_D64s_v3",
+ "Standard_E4s_v3",
+ "Standard_E8s_v3",
+ "Standard_E16s_v3",
+ "Standard_E20s_v3",
+ "Standard_E32s_v3",
+ "Standard_E64s_v3",
+ "Standard_E64is_v3",
+ "Standard_F4s_v2",
+ "Standard_F8s_v2",
+ "Standard_F16s_v2",
+ "Standard_F32s_v2",
+ "Standard_F64s_v2",
+ "Standard_M8ms",
+ "Standard_M16ms",
+ "Standard_M32ms",
+ "Standard_M64ms",
+ "Standard_M64s",
+ "Standard_D2_v2",
+ "Standard_D3_v2",
+ "Standard_D4_v2",
+ "Standard_D5_v2",
+ "Standard_D11_v2",
+ "Standard_D12_v2",
+ "Standard_D13_v2",
+ "Standard_D14_v2",
+ "Standard_D15_v2",
+ "Standard_F2",
+ "Standard_F4",
+ "Standard_F8",
+ "Standard_F16",
+ "Standard_D4_v3",
+ "Standard_D8_v3",
+ "Standard_D16_v3",
+ "Standard_D32_v3",
+ "Standard_D64_v3",
+ "Standard_E4_v3",
+ "Standard_E8_v3",
+ "Standard_E16_v3",
+ "Standard_E20_v3",
+ "Standard_E32_v3",
+ "Standard_E64_v3",
+ "Standard_E64i_v3",
+ "Standard_DS11_v2",
+ "Standard_DS12_v2",
+ "Standard_DS13_v2",
+ "Standard_DS14_v2",
+ "Standard_DS15_v2"
+ ]
+ },
+ "osPlatform": "Linux",
+ "imageReference": {
+ "publisher": "checkpoint",
+ "offer": "check-point-cg-r81",
+ "sku": "sg-ngtx"
+ },
+ "count": 1
+ },
+ {
+ "name": "sicKeyUi",
+ "type": "Microsoft.Common.PasswordBox",
+ "label": {
+ "password": "SIC key",
+ "confirmPassword": "Confirm SIC key"
+ },
+ "toolTip": "Set the Secure Internal Communication one time secret used to set up trust between the gateway and the management server.",
+ "constraints": {
+ "required": true,
+ "regex": "^[a-z0-9A-Z]{8,30}$",
+ "validationMessage": "Only alphanumeric characters are allowed, and the value must be 8-30 characters long."
+ },
+ "options": {
+ "hideConfirmation": true
+ }
+ },
+ {
+ "name": "bootstrapScript",
+ "type": "Microsoft.Common.FileUpload",
+ "label": "Bootstrap script",
+ "toolTip": "An optional script to run on the initial boot",
+ "constraints": {
+ "required": false,
+ "accept": ".sh,text/plain"
+ },
+ "options": {
+ "multiple": false,
+ "uploadMode": "file",
+ "openMode": "text",
+ "encoding": "UTF-8"
+ }
+ },
+ {
+ "name": "allowUploadDownload",
+ "type": "Microsoft.Common.OptionsGroup",
+ "label": "Allow download from/upload to Check Point",
+ "defaultValue": "Yes",
+ "toolTip": "Automatically download Blade Contracts and other important data. Improve product experience by sending data to Check Point",
+ "constraints": {
+ "allowedValues": [
+ {
+ "label": "Yes",
+ "value": "true"
+ },
+ {
+ "label": "No",
+ "value": "false"
+ }
+ ]
+ }
+ },
+ {
+ "name": "additionalDiskSizeGB",
+ "type": "Microsoft.Common.TextBox",
+ "label": "Additional disk space (GB)",
+ "defaultValue": "0",
+ "toolTip": "Additional disk space (in GB), Initial disk size is 100 GB.",
+ "constraints": {
+ "regex": "^([0-9]|[1-9][0-9]|[1-9][0-9][0-9]|[1-2][0-9][0-9][0-9]|3[0-8][0-9][0-9]|399[0-5])$",
+ "validationMessage": "Select a number between 0 and 3995"
+ }
+ },
+ {
+ "name": "useCustomImageUri",
+ "type": "Microsoft.Common.OptionsGroup",
+ "label": "Use development image uri",
+ "defaultValue": "No",
+ "toolTip": "",
+ "constraints": {
+ "allowedValues": [
+ {
+ "label": "Yes",
+ "value": "Yes"
+ },
+ {
+ "label": "No",
+ "value": "No"
+ }
+ ],
+ "required": true
+ },
+ "visible": false
+ },
+ {
+ "name": "sourceImageVhdUri",
+ "type": "Microsoft.Common.TextBox",
+ "label": "Development Image URI",
+ "toolTip": "The URI of the blob containing the development image",
+ "constraints": {
+ "required": "[equals(steps('chkp').useCustomImageUri, 'Yes')]",
+ "regex": "^[a-z0-9A-Z_\\-\\.\\:\\/]{1,500}.vhd$",
+ "validationMessage": "Only alphanumeric characters and '_','-','.',':','/' are allowed, the value must be 1-500 characters long and must end with .vhd. "
+ },
+ "visible": "[equals(steps('chkp').useCustomImageUri, 'Yes')]"
+ }
+ ]
+ },
+ {
+ "name": "network",
+ "label": "Network settings",
+ "subLabel": {
+ "preValidation": "Configure network settings",
+ "postValidation": "Done"
+ },
+ "bladeTitle": "Network settings",
+ "elements": [
+ {
+ "name": "virtualNetwork",
+ "type": "Microsoft.Network.VirtualNetworkCombo",
+ "label": {
+ "virtualNetwork": "Virtual network",
+ "subnets": "Subnets"
+ },
+ "toolTip": {
+ "virtualNetwork": "Virtual Network Name",
+ "subnets": "List of subnets to deploy into"
+ },
+ "defaultValue": {
+ "name": "vnet01",
+ "addressPrefixSize": "/16"
+ },
+ "constraints": {
+ "minAddressPrefixSize": "/28"
+ },
+ "options": {
+ "hideExisting": false
+ },
+ "subnets": {
+ "subnet1": {
+ "label": "Frontend subnet",
+ "defaultValue": {
+ "name": "Frontend",
+ "addressPrefixSize": "/24"
+ },
+ "constraints": {
+ "minAddressPrefixSize": "/29",
+ "minAddressCount": 1,
+ "requireContiguousAddresses": true
+ }
+ },
+ "subnet2": {
+ "label": "Backend subnet",
+ "defaultValue": {
+ "name": "Backend",
+ "addressPrefixSize": "/24"
+ },
+ "constraints": {
+ "minAddressPrefixSize": "/29",
+ "minAddressCount": 1,
+ "requireContiguousAddresses": true
+ }
+ }
+ }
+ }
+ ]
+ }
+ ],
+ "outputs": {
+ "location": "[location()]",
+ "cloudGuardVersion": "[concat(steps('chkp').cloudGuardVersion, ' - ', coalesce(steps('chkp').R80Offer, 'Bring Your Own License'))]",
+ "adminPassword": "[basics('auth').password]",
+ "authenticationType": "[basics('auth').authenticationType]",
+ "sshPublicKey": "[basics('auth').sshPublicKey]",
+ "vmName": "[basics('gatewayNameUi')]",
+ "vmSize": "[coalesce(steps('chkp').R8040vmSizeUiBYOL, steps('chkp').R8040vmSizeUiNGTP, steps('chkp').R8040vmSizeUiNGTX,steps('chkp').R81vmSizeUiBYOL, steps('chkp').R81vmSizeUiNGTP, steps('chkp').R81vmSizeUiNGTX)]",
+ "sicKey": "[coalesce(steps('chkp').sicKeyUi, 'notused')]",
+ "virtualNetworkName": "[steps('network').virtualNetwork.name]",
+ "virtualNetworkAddressPrefix": "[steps('network').virtualNetwork.addressPrefix]",
+ "Subnet1Name": "[steps('network').virtualNetwork.subnets.subnet1.name]",
+ "Subnet1Prefix": "[steps('network').virtualNetwork.subnets.subnet1.addressPrefix]",
+ "Subnet1StartAddress": "[steps('network').virtualNetwork.subnets.subnet1.startAddress]",
+ "Subnet2Name": "[steps('network').virtualNetwork.subnets.subnet2.name]",
+ "Subnet2Prefix": "[steps('network').virtualNetwork.subnets.subnet2.addressPrefix]",
+ "Subnet2StartAddress": "[steps('network').virtualNetwork.subnets.subnet2.startAddress]",
+ "vnetNewOrExisting": "[steps('network').virtualNetwork.newOrExisting]",
+ "virtualNetworkExistingRGName": "[steps('network').virtualNetwork.resourceGroup]",
+ "managementGUIClientNetwork": "[steps('chkp').managementGUIClientNetwork]",
+ "bootstrapScript": "[steps('chkp').bootstrapScript]",
+ "allowDownloadFromUploadToCheckPoint": "[coalesce(steps('chkp').allowUploadDownload, 'true')]",
+ "additionalDiskSizeGB": "[int(steps('chkp').additionalDiskSizeGB)]",
+ "sourceImageVhdUri": "[coalesce(steps('chkp').sourceImageVhdUri, 'noCustomUri')]"
+ }
+ }
+}
\ No newline at end of file
diff --git a/deprecated/azure/templates/stack-R8040-R81/stack-single-r8040-r81/mainTemplate.json b/deprecated/azure/templates/stack-R8040-R81/stack-single-r8040-r81/mainTemplate.json
new file mode 100644
index 00000000..50422c53
--- /dev/null
+++ b/deprecated/azure/templates/stack-R8040-R81/stack-single-r8040-r81/mainTemplate.json
@@ -0,0 +1,562 @@
+{
+ "$schema": "http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json",
+ "contentVersion": "1.0.0.0",
+ "parameters": {
+ "location": {
+ "type": "string",
+ "metadata": {
+ "description": "Deployment location"
+ },
+ "defaultValue": "[resourceGroup().location]"
+ },
+ "cloudGuardVersion": {
+ "type": "string",
+ "allowedValues": [
+ "R80.40 - Bring Your Own License",
+ "R80.40 - Pay As You Go (NGTP)",
+ "R80.40 - Pay As You Go (NGTX)",
+ "R81 - Bring Your Own License",
+ "R81 - Pay As You Go (NGTP)",
+ "R81 - Pay As You Go (NGTX)",
+ ],
+ "defaultValue": "R81 - Bring Your Own License",
+ "metadata": {
+ "description": "Version of Check Point CloudGuard"
+ }
+ },
+ "adminPassword": {
+ "type": "securestring",
+ "metadata": {
+ "description": "Administrator password"
+ },
+ "defaultValue": ""
+ },
+ "authenticationType": {
+ "type": "string",
+ "allowedValues": [
+ "password",
+ "sshPublicKey"
+ ],
+ "defaultValue": "password",
+ "metadata": {
+ "description": "Authentication type"
+ }
+ },
+ "sshPublicKey": {
+ "type": "string",
+ "defaultValue": "",
+ "metadata": {
+ "description": "Administrator SSH public key"
+ }
+ },
+ "vmName": {
+ "type": "string",
+ "defaultValue": "[resourceGroup().name]",
+ "metadata": {
+ "description": "Name of the Check Point Security Gateway"
+ }
+ },
+ "vmSize": {
+ "type": "string",
+ "defaultValue": "Standard_D3_v2",
+ "metadata": {
+ "description": "Size of the VM"
+ }
+ },
+ "sicKey": {
+ "type": "securestring",
+ "metadata": {
+ "description": "One time key for Secure Internal Communication"
+ }
+ },
+ "virtualNetworkName": {
+ "type": "string",
+ "metadata": {
+ "description": "The name of the virtual network"
+ },
+ "defaultValue": "[concat(resourceGroup().name, '-vnet')]"
+ },
+ "virtualNetworkAddressPrefix": {
+ "type": "string",
+ "metadata": {
+ "description": "The address prefix of the virtual network"
+ },
+ "defaultValue": "10.0.0.0/16"
+ },
+ "Subnet1Name": {
+ "type": "string",
+ "metadata": {
+ "description": "The name of the frontend subnet"
+ },
+ "defaultValue": "Frontend"
+ },
+ "Subnet1Prefix": {
+ "type": "string",
+ "metadata": {
+ "description": "The address prefix of the frontend subnet"
+ },
+ "defaultValue": "10.0.1.0/24"
+ },
+ "Subnet1StartAddress": {
+ "type": "string",
+ "metadata": {
+ "description": "The first available address on the frontend subnet"
+ },
+ "defaultValue": "10.0.1.10"
+ },
+ "Subnet2Name": {
+ "type": "string",
+ "metadata": {
+ "description": "The name of the backend subnet"
+ },
+ "defaultValue": "Backend"
+ },
+ "Subnet2Prefix": {
+ "type": "string",
+ "metadata": {
+ "description": "The address prefix of the backend subnet"
+ },
+ "defaultValue": "10.0.2.0/24"
+ },
+ "Subnet2StartAddress": {
+ "type": "string",
+ "metadata": {
+ "description": "The first available address on the backend subnet"
+ },
+ "defaultValue": "10.0.2.10"
+ },
+ "vnetNewOrExisting": {
+ "type": "string",
+ "defaultValue": "new",
+ "allowedValues": [
+ "new",
+ "existing"
+ ],
+ "metadata": {
+ "Description": "Indicates whether the virtual network is new or existing"
+ }
+ },
+ "virtualNetworkExistingRGName": {
+ "type": "string",
+ "metadata": {
+ "description": "Resource Group of the existing virtual network"
+ },
+ "defaultValue": ""
+ },
+ "managementGUIClientNetwork": {
+ "type": "string",
+ "metadata": {
+ "description": "Allowed GUI clients"
+ },
+ "defaultValue": "0.0.0.0/0"
+ },
+ "_artifactsLocation": {
+ "type": "string",
+ "metadata": {
+ "description": "The base URI where artifacts required by this template are located including a trailing '/'"
+ },
+ "defaultValue": "[deployment().properties.templateLink.uri]"
+ },
+ "_artifactsLocationSasToken": {
+ "type": "securestring",
+ "metadata": {
+ "description": "The sasToken required to access _artifactsLocation. When the template is deployed using the accompanying scripts, a sasToken will be automatically generated. Use the defaultValue if the staging location is not secured."
+ },
+ "defaultValue": ""
+ },
+ "bootstrapScript": {
+ "type": "string",
+ "metadata": {
+ "description": "Bootstrap script"
+ },
+ "defaultValue": ""
+ },
+ "allowDownloadFromUploadToCheckPoint": {
+ "type": "string",
+ "allowedValues": [
+ "true",
+ "false"
+ ],
+ "defaultValue": "true",
+ "metadata": {
+ "description": "Automatically download Blade Contracts and other important data. Improve product experience by sending data to Check Point"
+ }
+ },
+ "additionalDiskSizeGB": {
+ "type": "int",
+ "defaultValue": 0,
+ "metadata": {
+ "description": "Amount of additional disk space (in GB)"
+ },
+ "minValue": 0,
+ "maxValue": 3995
+ },
+ "diskType": {
+ "type": "string",
+ "defaultValue": "Standard_LRS",
+ "metadata": {
+ "description": "The type of the OS disk. Premium is applicable only to DS machine sizes"
+ },
+ "allowedValues": [
+ "Standard_LRS",
+ "Premium_LRS"
+ ]
+ },
+ "preview": {
+ "type": "string",
+ "defaultValue": "",
+ "metadata": {
+ "description": "Deploy the staged image"
+ },
+ "allowedValues": [
+ "",
+ "-preview"
+ ]
+ },
+ "sourceImageVhdUri": {
+ "type": "string",
+ "defaultValue": "noCustomUri",
+ "metadata": {
+ "description": "The URI of the blob containing the development image"
+ }
+ },
+ "Check_PointTags": {
+ "type": "object",
+ "defaultValue": {
+ "provider": "30DE18BC-F9F6-4F22-9D30-54B8E74CFD5F"
+ }
+ }
+ },
+ "variables": {
+ "installationType": "gateway-stack",
+ "templateName": "stack-single",
+ "templateVersion": "20230219",
+ "location": "[parameters('location')]",
+ "offers": {
+ "R80.40 - Bring Your Own License": "BYOL",
+ "R80.40 - Pay As You Go (NGTP)": "NGTP",
+ "R80.40 - Pay As You Go (NGTX)": "NGTX",
+ "R81 - Bring Your Own License": "BYOL",
+ "R81 - Pay As You Go (NGTP)": "NGTP",
+ "R81 - Pay As You Go (NGTX)": "NGTX",
+ },
+ "offer": "[variables('offers')[parameters('cloudGuardVersion')]]",
+ "osVersions": {
+ "R80.40 - Bring Your Own License": "R8040",
+ "R80.40 - Pay As You Go (NGTP)": "R8040",
+ "R80.40 - Pay As You Go (NGTX)": "R8040",
+ "R81 - Bring Your Own License": "R81",
+ "R81 - Pay As You Go (NGTP)": "R81",
+ "R81 - Pay As You Go (NGTX)": "R81"
+ },
+ "osVersion": "[variables('osVersions')[parameters('cloudGuardVersion')]]",
+ "isBlink": true,
+ "computeApiVersion": "2017-03-30",
+ "storageApiVersion": "2016-01-01",
+ "networkApiVersion": "2017-10-01",
+ "deploymentsApiVersion": "2016-02-01",
+ "storageAccountName": "[concat('bootdiag', uniqueString(resourceGroup().id, deployment().name))]",
+ "storageAccountType": "Standard_LRS",
+ "diskSize100GB": 100,
+ "diskSizeGB": "[add(parameters('additionalDiskSizeGB'), variables('diskSize100GB'))]",
+ "customData": "[concat('#!/usr/bin/python /etc/cloud_config.py\n', '\n', 'installationType=\"', variables('installationType'), '\"', '\n', 'allowUploadDownload=\"', variables('allowUploadDownload'), '\"', '\n', 'osVersion=\"', variables('osVersion'), '\"', '\n', 'templateName=\"', variables('templateName'), '\"', '\n', 'isBlink=\"', variables('isBlink'), '\"', '\n', 'templateVersion=\"', variables('templateVersion'), '\"', '\n', 'bootstrapScript64=\"', variables('bootstrapScript64'), '\"', '\n', 'location=\"', variables('location'), '\"', '\n', 'sicKey=\"', variables('sicKey'), '\"', '\n', 'managementGUIClientNetwork=\"', variables('managementGUIClientNetwork'), '\"', '\n', 'resourceGroup=\"', resourceGroup().name, '\"', '\n', 'subscriptionId=\"', subscription().subscriptionId, '\"', '\n')]",
+ "imageOfferR8040": "check-point-cg-r8040",
+ "imageOfferR81": "check-point-cg-r81",
+ "imageOffer": "[concat(variables(concat('imageOffer', variables('osVersion'))), parameters('preview'))]",
+ "imagePublisher": "checkpoint",
+ "imageReferenceBYOL": {
+ "offer": "[variables('imageOffer')]",
+ "publisher": "[variables('imagePublisher')]",
+ "sku": "sg-byol",
+ "version": "latest"
+ },
+ "imageReferenceNGTP": {
+ "offer": "[variables('imageOffer')]",
+ "publisher": "[variables('imagePublisher')]",
+ "sku": "sg-ngtp",
+ "version": "latest"
+ },
+ "imageReferenceNGTX": {
+ "offer": "[variables('imageOffer')]",
+ "publisher": "[variables('imagePublisher')]",
+ "sku": "sg-ngtx",
+ "version": "latest"
+ },
+ "imageReferenceMarketplace": "[variables(concat('imageReference', variables('offer')))]",
+ "customImage": "customImage",
+ "imageReferenceCustomUri": {
+ "id": "[resourceId('Microsoft.Compute/images/', variables('customImage'))]"
+ },
+ "imageReference": "[if(equals(parameters('sourceImageVhdUri'),'noCustomUri'), variables('imageReferenceMarketplace'), variables('imageReferenceCustomUri'))]",
+ "nic1Name": "[concat(parameters('vmName'), '-eth0')]",
+ "nic2Name": "[concat(parameters('vmName'), '-eth1')]",
+ "linuxConfigurationpassword": {},
+ "linuxConfigurationsshPublicKey": {
+ "disablePasswordAuthentication": "true",
+ "ssh": {
+ "publicKeys": [
+ {
+ "keyData": "[parameters('sshPublicKey')]",
+ "path": "/home/notused/.ssh/authorized_keys"
+ }
+ ]
+ }
+ },
+ "linuxConfiguration": "[variables(concat('linuxConfiguration', parameters('authenticationType')))]",
+ "planBYOL": {
+ "name": "sg-byol",
+ "product": "[variables('imageOffer')]",
+ "publisher": "[variables('imagePublisher')]"
+ },
+ "planNGTP": {
+ "name": "sg-ngtp",
+ "product": "[variables('imageOffer')]",
+ "publisher": "[variables('imagePublisher')]"
+ },
+ "planNGTP-V2": {
+ "name": "sg-ngtp-v2",
+ "product": "[variables('imageOffer')]",
+ "publisher": "[variables('imagePublisher')]"
+ },
+ "planNGTX": {
+ "name": "sg-ngtx",
+ "product": "[variables('imageOffer')]",
+ "publisher": "[variables('imagePublisher')]"
+ },
+ "plan": "[variables(concat('plan', variables('offer')))]",
+ "publicIPAddressName": "[parameters('vmName')]",
+ "publicIPAddressId": "[resourceId('Microsoft.Network/publicIPAddresses', variables('publicIPAddressName'))]",
+ "bootstrapScript64": "[base64(parameters('bootstrapScript'))]",
+ "allowUploadDownload": "[parameters('allowDownloadFromUploadToCheckPoint')]",
+ "networkSetupURL": "[uri(parameters('_artifactsLocation'), concat('nestedtemplates/vnet-', parameters('vnetNewOrExisting'), '-stack.json', parameters('_artifactsLocationSasToken')))]",
+ "sicKey": "[parameters('sicKey')]",
+ "managementGUIClientNetwork": "[parameters('managementGUIClientNetwork')]"
+ },
+ "resources": [
+ {
+ "type": "Microsoft.Storage/storageAccounts",
+ "name": "[variables('storageAccountName')]",
+ "apiVersion": "[variables('storageApiVersion')]",
+ "location": "[variables('location')]",
+ "sku": {
+ "name": "[variables('storageAccountType')]"
+ },
+ "kind": "Storage",
+ "tags": {
+ "provider": "[toUpper(parameters('Check_PointTags').provider)]"
+ }
+ },
+ {
+ "name": "networkSetup",
+ "type": "Microsoft.Resources/deployments",
+ "apiVersion": "[variables('deploymentsApiVersion')]",
+ "properties": {
+ "mode": "Incremental",
+ "templateLink": {
+ "uri": "[variables('networkSetupURL')]",
+ "contentVersion": "1.0.0.0"
+ },
+ "parameters": {
+ "location": {
+ "value": "[variables('location')]"
+ },
+ "apiVersion": {
+ "value": "[variables('networkApiVersion')]"
+ },
+ "virtualNetworkName": {
+ "value": "[parameters('virtualNetworkName')]"
+ },
+ "virtualNetworkAddressPrefix": {
+ "value": "[parameters('virtualNetworkAddressPrefix')]"
+ },
+ "Subnet1Name": {
+ "value": "[parameters('Subnet1Name')]"
+ },
+ "Subnet1Prefix": {
+ "value": "[parameters('Subnet1Prefix')]"
+ },
+ "Subnet1StartAddress": {
+ "value": "[parameters('Subnet1StartAddress')]"
+ },
+ "Subnet2Name": {
+ "value": "[parameters('Subnet2Name')]"
+ },
+ "Subnet2Prefix": {
+ "value": "[parameters('Subnet2Prefix')]"
+ },
+ "Subnet2StartAddress": {
+ "value": "[parameters('Subnet2StartAddress')]"
+ },
+ "vnetNewOrExisting": {
+ "value": "[parameters('vnetNewOrExisting')]"
+ },
+ "virtualNetworkExistingRGName": {
+ "value": "[parameters('virtualNetworkExistingRGName')]"
+ }
+ }
+ }
+ },
+ {
+ "type": "Microsoft.Network/publicIPAddresses",
+ "apiVersion": "[variables('networkApiVersion')]",
+ "name": "[variables('publicIPAddressName')]",
+ "location": "[variables('location')]",
+ "sku": {
+ "name": "Basic"
+ },
+ "properties": {
+ "idleTimeoutInMinutes": 30,
+ "publicIPAllocationMethod": "Static"
+ },
+ "tags": {
+ "provider": "[toUpper(parameters('Check_PointTags').provider)]"
+ }
+ },
+ {
+ "type": "Microsoft.Network/networkInterfaces",
+ "apiVersion": "[variables('networkApiVersion')]",
+ "dependsOn": [
+ "[resourceId('Microsoft.Resources/deployments', 'networkSetup')]",
+ "[variables('publicIPAddressId')]"
+ ],
+ "location": "[variables('location')]",
+ "name": "[variables('nic1Name')]",
+ "properties": {
+ "enableIPForwarding": true,
+ "ipConfigurations": [
+ {
+ "name": "ipconfig1",
+ "properties": {
+ "privateIPAddress": "[parameters('Subnet1StartAddress')]",
+ "privateIPAllocationMethod": "Static",
+ "PublicIpAddress": {
+ "Id": "[variables('publicIPAddressId')]"
+ },
+ "subnet": {
+ "id": "[concat(reference('networkSetup').outputs.vnetId.value, '/subnets/', parameters('Subnet1Name'))]"
+ }
+ }
+ }
+ ]
+ },
+ "tags": {
+ "provider": "[toUpper(parameters('Check_PointTags').provider)]"
+ }
+ },
+ {
+ "type": "Microsoft.Network/networkInterfaces",
+ "apiVersion": "[variables('networkApiVersion')]",
+ "dependsOn": [
+ "[resourceId('Microsoft.Resources/deployments', 'networkSetup')]"
+ ],
+ "location": "[variables('location')]",
+ "name": "[variables('nic2Name')]",
+ "properties": {
+ "enableIPForwarding": true,
+ "ipConfigurations": [
+ {
+ "name": "ipconfig2",
+ "properties": {
+ "privateIPAddress": "[parameters('Subnet2StartAddress')]",
+ "privateIPAllocationMethod": "Static",
+ "subnet": {
+ "id": "[concat(reference('networkSetup').outputs.vnetId.value, '/subnets/', parameters('Subnet2Name'))]"
+ }
+ }
+ }
+ ]
+ },
+ "tags": {
+ "provider": "[toUpper(parameters('Check_PointTags').provider)]"
+ }
+ },
+ {
+ "condition": "[not(equals(parameters('sourceImageVhdUri'), 'noCustomUri'))]",
+ "type": "Microsoft.Compute/images",
+ "apiVersion": "2017-12-01",
+ "name": "[variables('customImage')]",
+ "location": "[variables('location')]",
+ "properties": {
+ "storageProfile": {
+ "osDisk": {
+ "osType": "Linux",
+ "osState": "Generalized",
+ "blobUri": "[parameters('sourceImageVhdUri')]",
+ "storageAccountType": "Standard_LRS"
+ }
+ }
+ },
+ "tags": {
+ "provider": "[toUpper(parameters('Check_PointTags').provider)]"
+ }
+ },
+ {
+ "type": "Microsoft.Compute/virtualMachines",
+ "apiVersion": "[variables('computeApiVersion')]",
+ "dependsOn": [
+ "[resourceId('Microsoft.Storage/storageAccounts', variables('storageAccountName'))]",
+ "[resourceId('Microsoft.Network/networkInterfaces', variables('nic1Name'))]",
+ "[resourceId('Microsoft.Network/networkInterfaces', variables('nic2Name'))]",
+ "[resourceId('Microsoft.Compute/images/', variables('customImage'))]"
+ ],
+ "location": "[variables('location')]",
+ "name": "[parameters('vmName')]",
+ "plan": "[if(equals(parameters('sourceImageVhdUri'),'noCustomUri'), variables('plan'), json('null'))]",
+ "properties": {
+ "diagnosticsProfile": {
+ "bootDiagnostics": {
+ "enabled": "true",
+ "storageUri": "[reference(resourceId('Microsoft.Storage/storageAccounts/', variables('storageAccountName')), variables('storageApiVersion')).primaryEndpoints.blob]"
+ }
+ },
+ "hardwareProfile": {
+ "vmSize": "[parameters('vmSize')]"
+ },
+ "networkProfile": {
+ "networkInterfaces": [
+ {
+ "id": "[resourceId('Microsoft.Network/networkInterfaces', variables('nic1Name'))]",
+ "properties": {
+ "primary": true
+ }
+ },
+ {
+ "id": "[resourceId('Microsoft.Network/networkInterfaces', variables('nic2Name'))]",
+ "properties": {
+ "primary": false
+ }
+ }
+ ]
+ },
+ "osProfile": {
+ "adminPassword": "[parameters('adminPassword')]",
+ "adminUsername": "notused",
+ "computerName": "[toLower(parameters('vmName'))]",
+ "customData": "[base64(variables('customData'))]",
+ "linuxConfiguration": "[variables('linuxConfiguration')]"
+ },
+ "storageProfile": {
+ "imageReference": "[variables('imageReference')]",
+ "osDisk": {
+ "caching": "ReadWrite",
+ "createOption": "FromImage",
+ "diskSizeGB": "[variables('diskSizeGB')]",
+ "name": "[parameters('vmName')]",
+ "managedDisk": {
+ "storageAccountType": "[parameters('diskType')]"
+ }
+ }
+ }
+ },
+ "tags": {
+ "provider": "[toUpper(parameters('Check_PointTags').provider)]"
+ }
+ }
+ ],
+ "outputs": {
+ "GatewayIPAddr": {
+ "type": "string",
+ "value": "[reference(variables('publicIPAddressId')).IpAddress]"
+ }
+ }
+}
\ No newline at end of file
diff --git a/deprecated/terraform/azure/R8040-R81/high-availability-existing-vnet/README.md b/deprecated/terraform/azure/R8040-R81/high-availability-existing-vnet/README.md
new file mode 100644
index 00000000..c26e307a
--- /dev/null
+++ b/deprecated/terraform/azure/R8040-R81/high-availability-existing-vnet/README.md
@@ -0,0 +1,239 @@
+# Check Point CloudGuard IaaS High Availability Terraform deployment for Azure
+
+This Terraform module deploys Check Point CloudGuard IaaS High Availability solution into an existing Vnet in Azure.
+As part of the deployment the following resources are created:
+- Resource group
+- System assigned identity
+- Availability Set - conditional creation
+
+For additional information,
+please see the [CloudGuard Network for Azure High Availability Cluster Deployment Guide](https://sc1.checkpoint.com/documents/IaaS/WebAdminGuides/EN/CP_CloudGuard_Network_for_Azure_HA_Cluster/Default.htm)
+
+This solution uses the following modules:
+- /terraform/azure/modules/common - used for creating a resource group and defining common variables.
+
+
+## Configurations
+- Install and configure Terraform to provision Azure resources: [Configure Terraform for Azure](https://docs.microsoft.com/en-us/azure/virtual-machines/linux/terraform-install-configure)
+- In order to use ssh connection to VMs, it is **required** to add a public key to the /terraform/azure/high-availability-existing-vnet/azure_public_key file.
+
+## Usage
+- Choose the preferred login method to Azure in order to deploy the solution:
+
1. Using Service Principal:
+ - Create a [Service Principal](https://docs.microsoft.com/en-us/azure/active-directory/develop/howto-create-service-principal-portal) (or use the existing one)
+ - Grant the Service Principal at least "**Managed Application Contributor**", "**Storage Account Contributor**", "**Network Contributor**", "**Virtual Machine Contributor**", "**User Access Administrator**" permissions to the Azure subscription
+ - The Service Principal credentials can be stored either in the terraform.tfvars or as [Environment Variables](https://www.terraform.io/docs/providers/azuread/guides/service_principal_client_secret.html)
+
+ In case the Environment Variables are used, perform modifications described below:
+
+ a. The next lines in the main.tf file, in the provider azurerm resource, need to be deleted or commented:
+
+ provider "azurerm" {
+
+ // subscription_id = var.subscription_id
+ // client_id = var.client_id
+ // client_secret = var.client_secret
+ // tenant_id = var.tenant_id
+
+ features {}
+ }
+
+ b. In the terraform.tfvars file leave empty double quotes for client_secret, client_id , tenant_id and subscription_id variables:
+
+ client_secret = ""
+ client_id = ""
+ tenant_id = ""
+ subscription_id = ""
+
+
2. Using **az** commands from a command-line:
+ - Run **az login** command
+ - Sign in with your account credentials in the browser
+ - [Accept Azure Marketplace image terms](https://docs.microsoft.com/en-us/cli/azure/vm/image/terms?view=azure-cli-latest) by running:
+
**az vm image terms accept --urn publisher:offer:sku:version**, where:
+ - publisher = checkpoint;
+ - offer = vm_os_offer (see accepted values in the table below);
+ - sku = vm_os_sku (see accepted values in the table below);
+ - version = latest
+
Example:
+ az vm image terms accept --urn checkpoint:check-point-cg-r8040:sg-byol:latest
+
+ - In the terraform.tfvars file leave empty double quotes for client_secret, client_id and tenant_id variables.
+
+- Fill all variables in the /terraform/azure/high-availability-existing-vnet/terraform.tfvars file with proper values (see below for variables descriptions).
+- From a command line initialize the Terraform configuration directory:
+
+ terraform init
+- Create an execution plan:
+
+ terraform plan
+- Create or modify the deployment:
+
+ terraform apply
+
+### terraform.tfvars variables:
+ | Name | Description | Type | Allowed values | Default |
+ | ------------- | ------------- |--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|---------------------| ------------- |
+ | **client_secret** | The client secret of the Service Principal used to deploy the solution | string | | n/a |
+ | | | | | |
+ | **client_id** | The client ID of the Service Principal used to deploy the solution | string | | n/a |
+ | | | | | |
+ | **tenant_id** | The tenant ID of the Service Principal used to deploy the solution | string | | n/a |
+ | | | | | |
+ | **subscription_id** | The subscription ID is used to pay for Azure cloud services | string | | n/a |
+ | | | | | |
+ | **source_image_vhd_uri** | The URI of the blob containing the development image. Please use noCustomUri if you want to use marketplace images | string | | "noCustomUri" |
+ | | | | | |
+ | **resource_group_name** | The name of the resource group that will contain the contents of the deployment | string | Resource group names only allow alphanumeric characters, periods, underscores, hyphens and parenthesis and cannot end in a period | n/a |
+ | | | | | |
+ | **location** | The region where the resources will be deployed at | string | The full list of Azure regions can be found at https://azure.microsoft.com/regions | n/a |
+ | | | | | |
+ | **cluster_name** | The name of the Check Point Cluster Object | string | Only alphanumeric characters are allowed, and the name must be 1-30 characters long | n/a |
+ | | | | | |
+ | **vnet_name** | Virtual Network name | string | The name must begin with a letter or number, end with a letter, number or underscore, and may contain only letters, numbers, underscores, periods, or hyphens | n/a |
+ | | | | | |
+ | **vnet_resource_group** | Resource Group of the existing virtual network | string | The exact name of the existing vnet's resource group | n/a |
+ | | | | | |
+ | **frontend_subnet_name** | Specifies the name of the external subnet | string | The exact name of the existing external subnet | n/a |
+ | | | | | |
+ | **backend_subnet_name** | Specifies the name of the internal subnet | string | The exact name of the existing internal subnet | n/a |
+ | | | | | |
+ | **frontend_IP_addresses** | A list of three whole numbers representing the private ip addresses of the members eth0 NICs and the cluster vip ip addresses. The numbers can be represented as binary integers with no more than the number of digits remaining in the address after the given frontend subnet prefix. The IP addresses are defined by their position in the frontend subnet | list(number) | | n/a
+ | | | | | |
+ | **backend_IP_addresses** | A list of three whole numbers representing the private ip addresses of the members eth1 NICs and the backend lb ip addresses. The numbers can be represented as binary integers with no more than the number of digits remaining in the address after the given backend subnet prefix. The IP addresses are defined by their position in the backend subnet | list(number) | | n/a
+ | | | | | |
+ | **admin_password** | The password associated with the local administrator account on each cluster member | string | Password must have 3 of the following: 1 lower case character, 1 upper case character, 1 number, and 1 special character | n/a |
+ | | | | | |
+ | **smart_1_cloud_token_a** | Smart-1 Cloud token to connect automatically ***Member A*** to Check Point's Security Management as a Service.
Follow these instructions to quickly connect this member to Smart-1 Cloud - [SK180501](https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk180501) | string | A valid token copied from the Connect Gateway screen in Smart-1 Cloud portal | n/a | |
+ | | | | | |
+ | **smart_1_cloud_token_b** | Smart-1 Cloud token to connect automatically ***Member B*** to Check Point's Security Management as a Service.
Follow these instructions to quickly connect this member to Smart-1 Cloud - [SK180501](https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk180501)| string | A valid token copied from the Connect Gateway screen in Smart-1 Cloud portal | n/a | |
+ | | | | | |
+ | **sic_key** | The Secure Internal Communication one time secret used to set up trust between the cluster object and the management server | string | Only alphanumeric characters are allowed, and the value must be 12-30 characters long | n/a |
+ | | | | | |
+ | **vm_size** | Specifies the size of Virtual Machine | string | "Standard_DS2_v2", "Standard_DS3_v2", "Standard_DS4_v2", "Standard_DS5_v2", "Standard_F2s", "Standard_F4s", "Standard_F8s", "Standard_F16s", "Standard_D4s_v3", "Standard_D8s_v3", "Standard_D16s_v3", "Standard_D32s_v3", "Standard_D64s_v3", "Standard_E4s_v3", "Standard_E8s_v3", "Standard_E16s_v3", "Standard_E20s_v3", "Standard_E32s_v3", "Standard_E64s_v3", "Standard_E64is_v3", "Standard_F4s_v2", "Standard_F8s_v2", "Standard_F16s_v2", "Standard_F32s_v2", "Standard_F64s_v2", "Standard_M8ms", "Standard_M16ms", "Standard_M32ms", "Standard_M64ms", "Standard_M64s", "Standard_D2_v2", "Standard_D3_v2", "Standard_D4_v2", "Standard_D5_v2", "Standard_D11_v2", "Standard_D12_v2", "Standard_D13_v2", "Standard_D14_v2", "Standard_D15_v2", "Standard_F2", "Standard_F4", "Standard_F8", "Standard_F16", "Standard_D4_v3", "Standard_D8_v3", "Standard_D16_v3", "Standard_D32_v3", "Standard_D64_v3", "Standard_E4_v3", "Standard_E8_v3", "Standard_E16_v3", "Standard_E20_v3", "Standard_E32_v3", "Standard_E64_v3", "Standard_E64i_v3", "Standard_DS11_v2", "Standard_DS12_v2", "Standard_DS13_v2", "Standard_DS14_v2", "Standard_DS15_v2", "Standard_D2_v5", "Standard_D4_v5", "Standard_D8_v5", "Standard_D16_v5","Standard_D32_v5", "Standard_D2s_v5", "Standard_D4s_v5", "Standard_D8s_v5", "Standard_D16s_v5", "Standard_D2d_v5", "Standard_D4d_v5", "Standard_D8d_v5", "Standard_D16d_v5", "Standard_D32d_v5", "Standard_D2ds_v5", "Standard_D4ds_v5", "Standard_D8ds_v5", "Standard_D16ds_v5", "Standard_D32ds_v5" | n/a
+ | | | | | |
+ | **disk_size** | Storage data disk size size(GB) | string | A number in the range 100 - 3995 (GB) | n/a |
+ | | | | | |
+ | **vm_os_sku** | A sku of the image to be deployed | string | "sg-byol" - BYOL license;
"sg-ngtp" - NGTP PAYG license;
"sg-ngtx" - NGTX PAYG license; | n/a |
+ | | | | | |
+ | **vm_os_offer** | The name of the image offer to be deployed | string | "check-point-cg-r8040";
"check-point-cg-r81";
"check-point-cg-r81.10";
"check-point-cg-r81.20"; | n/a |
+ | | | | | |
+ | **os_version** | GAIA OS version | string | "R8040";
"R81";
"R8110";
"R8120"; | n/a |
+ | | | | | |
+ | **bootstrap_script** | An optional script to run on the initial boot | string | Bootstrap script example:
"touch /home/admin/bootstrap.txt; echo 'hello_world' > /home/admin/bootstrap.txt"
The script will create bootstrap.txt file in the /home/admin/ and add 'hello word' string into it | n/a |
+ | | | | | |
+ | **allow_upload_download** | Automatically download Blade Contracts and other important data. Improve product experience by sending data to Check Point | boolean | true;
false; | n/a |
+ | | | | | |
+ | **authentication_type** | Specifies whether a password authentication or SSH Public Key authentication should be used | string | "Password";
"SSH Public Key"; | n/a |
+ | | | | | |
+ | **availability_type** | Specifies whether to deploy the solution based on Azure Availability Set or based on Azure Availability Zone | string | "Availability Zone";
"Availability Set"; | "Availability Zone" |
+ | | | | | |
+ | **enable_custom_metrics** | Indicates whether CloudGuard Metrics will be use for Cluster members monitoring | boolean | true;
false; | true |
+ | | | | | |
+ | **enable_floating_ip** | Indicates whether the load balancers will be deployed with floating IP | boolean | true;
false; | false |
+ | | | | | |
+ | **use_public_ip_prefix** | Indicates whether the public IP resources will be deployed with public IP prefix | boolean | true;
false; | false |
+ | | | | | |
+ | **create_public_ip_prefix** | Indicates whether the public IP prefix will created or an existing will be used | boolean | true;
false; | false |
+ | | | | | |
+ | **existing_public_ip_prefix_id** | The existing public IP prefix resource id | string | Existing public IP prefix resource id | n/a |
+ | | | | | |
+ | **admin_shell** | Enables to select different admin shells | string | /etc/cli.sh;
/bin/bash;
/bin/csh;
/bin/tcsh; | n/a |
+ | | | | | |
+ | **serial_console_password_hash** | Optional parameter, used to enable serial console connection in case of SSH key as authentication type, to generate password hash use the command 'openssl passwd -6 PASSWORD' on Linux and paste it here | string | | n/a
+ | | | | | |
+ | **maintenance_mode_password_hash** | Maintenance mode password hash, relevant only for R81.20 and higher versions, to generate a password hash use the command 'grub2-mkpasswd-pbkdf2' on Linux and paste it here | string | | n/a
+ | | | | | |
+ | **add_storage_account_ip_rules** | Add Storage Account IP rules that allow access to the Serial Console only for IPs based on their geographic location, if false then accses will be allowed from all networks | boolean | true;
false; | false
+ | | | | | |
+ | **storage_account_additional_ips** | IPs/CIDRs that are allowed access to the Storage Account | list(string) | A list of valid IPs and CIDRs | []
+
+## Conditional creation
+- To deploy the solution based on Azure Availability Set and create a new Availability Set for the virtual machines:
+```
+availability_type = "Availability Set"
+```
+ Otherwise, to deploy the solution based on Azure Availability Zone:
+```
+availability_type = "Availability Zone"
+```
+- To enable CloudGuard metrics in order to send statuses and statistics collected from HA instances to the Azure Monitor service:
+ ```
+ enable_custom_metrics = true
+ ```
+- To create new public IP prefix for the public IP:
+ ```
+ use_public_ip_prefix = true
+ create_public_ip_prefix = true
+ ```
+- To use an existing public IP prefix for the public IP:
+ ```
+ use_public_ip_prefix = true
+ create_public_ip_prefix = false
+ existing_public_ip_prefix_id = "public IP prefix resource id"
+ ```
+
+## Example
+ client_secret = "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"
+ client_id = "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"
+ tenant_id = "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"
+ subscription_id = "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"
+ source_image_vhd_uri = "noCustomUri"
+ resource_group_name = "checkpoint-ha-terraform"
+ cluster_name = "checkpoint-ha-terraform"
+ location = "eastus"
+ vnet_name = "checkpoint-ha-vnet"
+ vnet_resource_group = "existing-vnet"
+ frontend_subnet_name = "frontend"
+ backend_subnet_name = "backend"
+ frontend_IP_addresses = [5, 6, 7]
+ backend_IP_addresses = [5, 6, 7]
+ admin_password = "xxxxxxxxxxxx"
+ smart_1_cloud_token_a = "xxxxxxxxxxxx"
+ smart_1_cloud_token_b = "xxxxxxxxxxxx"
+ sic_key = "xxxxxxxxxxxx"
+ vm_size = "Standard_D3_v2"
+ disk_size = "110"
+ vm_os_sku = "sg-byol"
+ vm_os_offer = "check-point-cg-r8110"
+ os_version = "R8110"
+ bootstrap_script = "touch /home/admin/bootstrap.txt; echo 'hello_world' > /home/admin/bootstrap.txt"
+ allow_upload_download = true
+ authentication_type = "Password"
+ availability_type = "Availability Zone"
+ enable_custom_metrics = true
+ enable_floating_ip = false
+ use_public_ip_prefix = false
+ create_public_ip_prefix = false
+ existing_public_ip_prefix_id = ""
+ admin_shell = "/etc/cli.sh"
+ serial_console_password_hash = "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"
+ maintenance_mode_password_hash = "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"
+ add_storage_account_ip_rules = false
+ storage_account_additional_ips = []
+
+## Revision History
+In order to check the template version refer to the [sk116585](https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk116585)
+
+| Template Version | Description |
+| ---------------- |----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
+| 20240613 | - Updated Azure Terraform provider version
- Updated managed identity permissions
- Cosmetic fixes & default values
- Added option to limit storage account access by specify allowed sourcess
- Added validation for os_version & os_offer |
+| | | |
+| 20230910 | - R81.20 is the default version |
+| | | |
+| 20230212 | - Added Smart-1 Cloud support |
+| | | |
+| 20221124 | - Added R81.20 support
- Upgraded azurerm provider |
+| | | |
+| 20220111 | - Added support to select different shells. |
+| | | |
+| 20210309 | - Add "source_image_vhd_uri" variable for using a custom development image |
+| | | |
+| 20210111 | First release of Check Point CloudGuard IaaS High Availability Terraform deployment into an existing Vnet in Azure. |
+| | | |
+| | Addition of "templateType" parameter to "cloud-version" files. |
+| | | |
+
+## License
+
+See the [LICENSE](../../LICENSE) file for details
+
diff --git a/deprecated/terraform/azure/R8040-R81/high-availability-existing-vnet/azure_public_key b/deprecated/terraform/azure/R8040-R81/high-availability-existing-vnet/azure_public_key
new file mode 100644
index 00000000..e69de29b
diff --git a/deprecated/terraform/azure/R8040-R81/high-availability-existing-vnet/cloud-init.sh b/deprecated/terraform/azure/R8040-R81/high-availability-existing-vnet/cloud-init.sh
new file mode 100644
index 00000000..0609bfcf
--- /dev/null
+++ b/deprecated/terraform/azure/R8040-R81/high-availability-existing-vnet/cloud-init.sh
@@ -0,0 +1,22 @@
+#!/usr/bin/python3 /etc/cloud_config.py
+
+installationType="${installation_type}"
+allowUploadDownload="${allow_upload_download}"
+osVersion="${os_version}"
+templateName="${template_name}"
+templateVersion="${template_version}"
+templateType="${template_type}"
+isBlink="${is_blink}"
+bootstrapScript64="${bootstrap_script64}"
+location="${location}"
+sicKey="${sic_key}"
+tenantId="${tenant_id}"
+virtualNetwork="${virtual_network}"
+clusterName="${cluster_name}"
+externalPrivateAddresses="${external_private_addresses}"
+customMetrics="${enable_custom_metrics}"
+adminShell="${admin_shell}"
+smart1CloudToken="${smart_1_cloud_token}"
+Vips='[{"name": "cluster-vip", "privateIPAddress": "${external_private_addresses}", "publicIPAddress": "${cluster_name}"}]'
+passwordHash="${serial_console_password_hash}"
+MaintenanceModePassword="${maintenance_mode_password_hash}"
diff --git a/deprecated/terraform/azure/R8040-R81/high-availability-existing-vnet/main.tf b/deprecated/terraform/azure/R8040-R81/high-availability-existing-vnet/main.tf
new file mode 100644
index 00000000..cd020475
--- /dev/null
+++ b/deprecated/terraform/azure/R8040-R81/high-availability-existing-vnet/main.tf
@@ -0,0 +1,531 @@
+//********************** Providers **************************//
+provider "azurerm" {
+
+ subscription_id = var.subscription_id
+ client_id = var.client_id
+ client_secret = var.client_secret
+ tenant_id = var.tenant_id
+
+ features {}
+}
+
+//********************** Basic Configuration **************************//
+module "common" {
+ source = "../modules/common"
+ resource_group_name = var.resource_group_name
+ location = var.location
+ admin_password = var.admin_password
+ installation_type = var.installation_type
+ template_name = var.template_name
+ template_version = var.template_version
+ number_of_vm_instances = var.number_of_vm_instances
+ allow_upload_download = var.allow_upload_download
+ vm_size = var.vm_size
+ disk_size = var.disk_size
+ is_blink = var.is_blink
+ os_version = var.os_version
+ vm_os_sku = var.vm_os_sku
+ vm_os_offer = var.vm_os_offer
+ authentication_type = var.authentication_type
+ serial_console_password_hash = var.serial_console_password_hash
+ maintenance_mode_password_hash = var.maintenance_mode_password_hash
+ storage_account_additional_ips = var.storage_account_additional_ips
+}
+
+//********************** Networking **************************//
+resource "random_id" "random_id" {
+ byte_length = 13
+ keepers = {
+ rg_id = module.common.resource_group_id
+ }
+}
+
+resource "azurerm_public_ip_prefix" "public_ip_prefix" {
+ count = var.use_public_ip_prefix && var.create_public_ip_prefix ? 1 : 0
+ name = "${module.common.resource_group_name}-ipprefix"
+ location = module.common.resource_group_location
+ resource_group_name = module.common.resource_group_name
+ prefix_length = 30
+}
+
+data "azurerm_subnet" "frontend" {
+ name = var.frontend_subnet_name
+ virtual_network_name = var.vnet_name
+ resource_group_name = var.vnet_resource_group
+}
+
+data "azurerm_subnet" "backend" {
+ name = var.backend_subnet_name
+ virtual_network_name = var.vnet_name
+ resource_group_name = var.vnet_resource_group
+}
+
+resource "azurerm_public_ip" "public-ip" {
+ count = 2
+ name = "${var.cluster_name}${count.index+1}_IP"
+ location = module.common.resource_group_location
+ resource_group_name = module.common.resource_group_name
+ allocation_method = var.vnet_allocation_method
+ sku = var.sku
+ domain_name_label = "${lower(var.cluster_name)}-${count.index+1}-${random_id.random_id.hex}"
+ public_ip_prefix_id = var.use_public_ip_prefix ? (var.create_public_ip_prefix ? azurerm_public_ip_prefix.public_ip_prefix[0].id : var.existing_public_ip_prefix_id) : null
+}
+
+resource "azurerm_public_ip" "cluster-vip" {
+ name = var.cluster_name
+ location = module.common.resource_group_location
+ resource_group_name = module.common.resource_group_name
+ allocation_method = var.vnet_allocation_method
+ sku = var.sku
+ domain_name_label = "${lower(var.cluster_name)}-vip-${random_id.random_id.hex}"
+ public_ip_prefix_id = var.use_public_ip_prefix ? (var.create_public_ip_prefix ? azurerm_public_ip_prefix.public_ip_prefix[0].id : var.existing_public_ip_prefix_id) : null
+}
+
+resource "azurerm_network_interface" "nic_vip" {
+ depends_on = [
+ azurerm_public_ip.cluster-vip,
+ azurerm_public_ip.public-ip]
+ name = "${var.cluster_name}1-eth0"
+ location = module.common.resource_group_location
+ resource_group_name = module.common.resource_group_name
+ enable_ip_forwarding = true
+ enable_accelerated_networking = true
+
+ ip_configuration {
+ name = "ipconfig1"
+ primary = true
+ subnet_id = data.azurerm_subnet.frontend.id
+ private_ip_address_allocation = var.vnet_allocation_method
+ private_ip_address = cidrhost(data.azurerm_subnet.frontend.address_prefixes[0], var.frontend_IP_addresses[0])
+ public_ip_address_id = azurerm_public_ip.public-ip.0.id
+ }
+ ip_configuration {
+ name = "cluster-vip"
+ subnet_id = data.azurerm_subnet.frontend.id
+ primary = false
+ private_ip_address_allocation = var.vnet_allocation_method
+ private_ip_address = cidrhost(data.azurerm_subnet.frontend.address_prefixes[0], var.frontend_IP_addresses[2])
+ public_ip_address_id = azurerm_public_ip.cluster-vip.id
+ }
+ lifecycle {
+ ignore_changes = [
+ # Ignore changes to ip_configuration when Re-applying, e.g. because a cluster failover and associating the cluster- vip with the other member.
+ # updates these based on some ruleset managed elsewhere.
+ ip_configuration
+ ]
+ }
+}
+
+resource "azurerm_network_interface_backend_address_pool_association" "nic_vip_lb_association" {
+ depends_on = [azurerm_network_interface.nic_vip, azurerm_lb_backend_address_pool.frontend-lb-pool]
+ network_interface_id = azurerm_network_interface.nic_vip.id
+ ip_configuration_name = "ipconfig1"
+ backend_address_pool_id = azurerm_lb_backend_address_pool.frontend-lb-pool.id
+}
+
+resource "azurerm_network_interface" "nic" {
+ depends_on = [
+ azurerm_public_ip.public-ip,
+ azurerm_lb.frontend-lb]
+ name = "${var.cluster_name}2-eth0"
+ location = module.common.resource_group_location
+ resource_group_name = module.common.resource_group_name
+ enable_ip_forwarding = true
+ enable_accelerated_networking = true
+
+ ip_configuration {
+ name = "ipconfig1"
+ primary = true
+ subnet_id = data.azurerm_subnet.frontend.id
+ private_ip_address_allocation = var.vnet_allocation_method
+ private_ip_address = cidrhost(data.azurerm_subnet.frontend.address_prefixes[0], var.frontend_IP_addresses[1])
+ public_ip_address_id = azurerm_public_ip.public-ip.1.id
+ }
+ lifecycle {
+ ignore_changes = [
+ # Ignore changes to ip_configuration when Re-applying, e.g. because a cluster failover and associating the cluster- vip with the other member.
+ # updates these based on some ruleset managed elsewhere.
+ ip_configuration
+ ]
+ }
+}
+
+resource "azurerm_network_interface_backend_address_pool_association" "nic_lb_association" {
+ depends_on = [azurerm_network_interface.nic, azurerm_lb_backend_address_pool.frontend-lb-pool]
+ network_interface_id = azurerm_network_interface.nic.id
+ ip_configuration_name = "ipconfig1"
+ backend_address_pool_id = azurerm_lb_backend_address_pool.frontend-lb-pool.id
+}
+
+resource "azurerm_network_interface" "nic1" {
+ depends_on = [
+ azurerm_lb.backend-lb]
+ count = 2
+ name = "${var.cluster_name}${count.index+1}-eth1"
+ location = module.common.resource_group_location
+ resource_group_name = module.common.resource_group_name
+ enable_ip_forwarding = true
+ enable_accelerated_networking = true
+
+ ip_configuration {
+ name = "ipconfig2"
+ subnet_id = data.azurerm_subnet.backend.id
+ private_ip_address_allocation = var.vnet_allocation_method
+ private_ip_address = cidrhost(data.azurerm_subnet.backend.address_prefixes[0], var.backend_IP_addresses[count.index+1])
+ }
+}
+
+resource "azurerm_network_interface_backend_address_pool_association" "nic1_lb_association" {
+ depends_on = [azurerm_network_interface.nic1, azurerm_lb_backend_address_pool.backend-lb-pool]
+ count = 2
+ network_interface_id = azurerm_network_interface.nic1[count.index].id
+ ip_configuration_name = "ipconfig2"
+ backend_address_pool_id = azurerm_lb_backend_address_pool.backend-lb-pool.id
+}
+
+//********************** Load Balancers **************************//
+resource "azurerm_public_ip" "public-ip-lb" {
+ name = "frontend_lb_ip"
+ location = module.common.resource_group_location
+ resource_group_name = module.common.resource_group_name
+ allocation_method = var.vnet_allocation_method
+ sku = var.sku
+ domain_name_label = "${lower(var.cluster_name)}-${random_id.random_id.hex}"
+ public_ip_prefix_id = var.use_public_ip_prefix ? (var.create_public_ip_prefix ? azurerm_public_ip_prefix.public_ip_prefix[0].id : var.existing_public_ip_prefix_id) : null
+}
+
+resource "azurerm_lb" "frontend-lb" {
+ depends_on = [
+ azurerm_public_ip.public-ip-lb]
+ name = "frontend-lb"
+ location = module.common.resource_group_location
+ resource_group_name = module.common.resource_group_name
+ sku = var.sku
+
+ frontend_ip_configuration {
+ name = "LoadBalancerFrontend"
+ public_ip_address_id = azurerm_public_ip.public-ip-lb.id
+ }
+}
+
+resource "azurerm_lb_backend_address_pool" "frontend-lb-pool" {
+ loadbalancer_id = azurerm_lb.frontend-lb.id
+ name = "frontend-lb-pool"
+}
+
+resource "azurerm_lb" "backend-lb" {
+ name = "backend-lb"
+ location = module.common.resource_group_location
+ resource_group_name = module.common.resource_group_name
+ sku = var.sku
+ frontend_ip_configuration {
+ name = "backend-lb"
+ subnet_id = data.azurerm_subnet.backend.id
+ private_ip_address_allocation = var.vnet_allocation_method
+ private_ip_address = cidrhost(data.azurerm_subnet.backend.address_prefixes[0], var.backend_IP_addresses[0])
+ }
+}
+
+resource "azurerm_lb_backend_address_pool" "backend-lb-pool" {
+ name = "backend-lb-pool"
+ loadbalancer_id = azurerm_lb.backend-lb.id
+}
+
+resource "azurerm_lb_probe" "azure_lb_healprob" {
+ count = 2
+ loadbalancer_id = count.index == 0 ? azurerm_lb.frontend-lb.id : azurerm_lb.backend-lb.id
+ name = var.lb_probe_name
+ protocol = var.lb_probe_protocol
+ port = var.lb_probe_port
+ interval_in_seconds = var.lb_probe_interval
+ number_of_probes = var.lb_probe_unhealthy_threshold
+}
+
+resource "azurerm_lb_rule" "backend_lb_rules" {
+ loadbalancer_id = azurerm_lb.backend-lb.id
+ name = "backend-lb"
+ protocol = "All"
+ frontend_port = 0
+ backend_port = 0
+ frontend_ip_configuration_name = "backend-lb"
+ load_distribution = "Default"
+ backend_address_pool_ids = [azurerm_lb_backend_address_pool.backend-lb-pool.id]
+ probe_id = azurerm_lb_probe.azure_lb_healprob[1].id
+ enable_floating_ip = var.enable_floating_ip
+}
+
+//********************** Availability Set **************************//
+locals {
+ availability_set_condition = var.availability_type == "Availability Set" ? true : false
+ SSH_authentication_type_condition = var.authentication_type == "SSH Public Key" ? true : false
+}
+resource "azurerm_availability_set" "availability-set" {
+ count = local.availability_set_condition ? 1 : 0
+ name = "${var.cluster_name}-AvailabilitySet"
+ location = module.common.resource_group_location
+ resource_group_name = module.common.resource_group_name
+ platform_fault_domain_count = 2
+ platform_update_domain_count = 5
+ managed = true
+}
+
+//********************** Storage accounts **************************//
+// Generate random text for a unique storage account name
+resource "random_id" "randomId" {
+ keepers = {
+ # Generate a new ID only when a new resource group is defined
+ resource_group = module.common.resource_group_name
+ }
+ byte_length = 8
+}
+resource "azurerm_storage_account" "vm-boot-diagnostics-storage" {
+ name = "bootdiag${random_id.randomId.hex}"
+ resource_group_name = module.common.resource_group_name
+ location = module.common.resource_group_location
+ account_tier = module.common.storage_account_tier
+ account_replication_type = module.common.account_replication_type
+ network_rules {
+ default_action = var.add_storage_account_ip_rules ? "Deny" : "Allow"
+ ip_rules = module.common.storage_account_ip_rules
+ }
+ blob_properties {
+ delete_retention_policy {
+ days = "15"
+ }
+ }
+}
+
+//********************** Virtual Machines **************************//
+locals {
+ custom_image_condition = var.source_image_vhd_uri == "noCustomUri" ? false : true
+}
+
+resource "azurerm_image" "custom-image" {
+ count = local.custom_image_condition ? 1 : 0
+ name = "custom-image"
+ location = var.location
+ resource_group_name = module.common.resource_group_name
+
+ os_disk {
+ os_type = "Linux"
+ os_state = "Generalized"
+ blob_uri = var.source_image_vhd_uri
+ }
+}
+resource "azurerm_virtual_machine" "vm-instance-availability-set" {
+ depends_on = [
+ azurerm_network_interface.nic,
+ azurerm_network_interface.nic1,
+ azurerm_network_interface.nic_vip]
+ count = local.availability_set_condition ? module.common.number_of_vm_instances : 0
+ name = "${var.cluster_name}${count.index+1}"
+ location = module.common.resource_group_location
+ resource_group_name = module.common.resource_group_name
+ availability_set_id = local.availability_set_condition ? azurerm_availability_set.availability-set[0].id : ""
+ vm_size = module.common.vm_size
+ network_interface_ids = count.index == 0 ? [
+ azurerm_network_interface.nic_vip.id,
+ azurerm_network_interface.nic1.0.id] : [
+ azurerm_network_interface.nic.id,
+ azurerm_network_interface.nic1.1.id]
+ delete_os_disk_on_termination = module.common.delete_os_disk_on_termination
+ primary_network_interface_id = count.index == 0 ? azurerm_network_interface.nic_vip.id : azurerm_network_interface.nic.id
+ identity {
+ type = module.common.vm_instance_identity
+ }
+ storage_image_reference {
+ id = local.custom_image_condition ? azurerm_image.custom-image[0].id : null
+ publisher = local.custom_image_condition ? null : module.common.publisher
+ offer = module.common.vm_os_offer
+ sku = module.common.vm_os_sku
+ version = module.common.vm_os_version
+ }
+
+ storage_os_disk {
+ name = "${var.cluster_name}-${count.index+1}"
+ create_option = module.common.storage_os_disk_create_option
+ caching = module.common.storage_os_disk_caching
+ managed_disk_type = module.common.storage_account_type
+ disk_size_gb = module.common.disk_size
+ }
+
+ dynamic "plan" {
+ for_each = local.custom_image_condition ? [
+ ] : [1]
+ content {
+ name = module.common.vm_os_sku
+ publisher = module.common.publisher
+ product = module.common.vm_os_offer
+ }
+ }
+
+ os_profile {
+ computer_name = "${var.cluster_name}${count.index+1}"
+ admin_username = module.common.admin_username
+ admin_password = module.common.admin_password
+ custom_data = templatefile("${path.module}/cloud-init.sh", {
+ installation_type = module.common.installation_type
+ allow_upload_download = module.common.allow_upload_download
+ os_version = module.common.os_version
+ template_name = module.common.template_name
+ template_version = module.common.template_version
+ template_type = "terraform"
+ is_blink = module.common.is_blink
+ bootstrap_script64 = base64encode(var.bootstrap_script)
+ location = module.common.resource_group_location
+ sic_key = var.sic_key
+ tenant_id = var.tenant_id
+ virtual_network = var.vnet_name
+ cluster_name = var.cluster_name
+ external_private_addresses = azurerm_network_interface.nic_vip.ip_configuration[1].private_ip_address
+ enable_custom_metrics = var.enable_custom_metrics ? "yes" : "no"
+ admin_shell = var.admin_shell
+ smart_1_cloud_token = count.index == 0 ? var.smart_1_cloud_token_a : var.smart_1_cloud_token_b
+ serial_console_password_hash = var.serial_console_password_hash
+ maintenance_mode_password_hash = var.maintenance_mode_password_hash
+ })
+ }
+
+ os_profile_linux_config {
+ disable_password_authentication = local.SSH_authentication_type_condition
+
+ dynamic "ssh_keys" {
+ for_each = local.SSH_authentication_type_condition ? [
+ 1] : []
+ content {
+ path = "/home/notused/.ssh/authorized_keys"
+ key_data = file("${path.module}/azure_public_key")
+ }
+ }
+ }
+
+ boot_diagnostics {
+ enabled = module.common.boot_diagnostics
+ storage_uri = module.common.boot_diagnostics ? join(",", azurerm_storage_account.vm-boot-diagnostics-storage.*.primary_blob_endpoint) : ""
+ }
+}
+
+resource "azurerm_virtual_machine" "vm-instance-availability-zone" {
+ depends_on = [
+ azurerm_network_interface.nic,
+ azurerm_network_interface.nic1,
+ azurerm_network_interface.nic_vip]
+ count = local.availability_set_condition ? 0 : module.common.number_of_vm_instances
+ name = "${var.cluster_name}${count.index+1}"
+ location = module.common.resource_group_location
+ resource_group_name = module.common.resource_group_name
+ zones = [
+ count.index+1]
+ vm_size = module.common.vm_size
+ network_interface_ids = count.index == 0 ? [
+ azurerm_network_interface.nic_vip.id,
+ azurerm_network_interface.nic1.0.id] : [
+ azurerm_network_interface.nic.id,
+ azurerm_network_interface.nic1.1.id]
+ delete_os_disk_on_termination = module.common.delete_os_disk_on_termination
+ primary_network_interface_id = count.index == 0 ? azurerm_network_interface.nic_vip.id : azurerm_network_interface.nic.id
+ identity {
+ type = module.common.vm_instance_identity
+ }
+ storage_image_reference {
+ id = local.custom_image_condition ? azurerm_image.custom-image[0].id : null
+ publisher = local.custom_image_condition ? null : module.common.publisher
+ offer = module.common.vm_os_offer
+ sku = module.common.vm_os_sku
+ version = module.common.vm_os_version
+ }
+
+ storage_os_disk {
+ name = "${var.cluster_name}-${count.index+1}"
+ create_option = module.common.storage_os_disk_create_option
+ caching = module.common.storage_os_disk_caching
+ managed_disk_type = module.common.storage_account_type
+ disk_size_gb = module.common.disk_size
+ }
+
+ dynamic "plan" {
+ for_each = local.custom_image_condition ? [
+ ] : [1]
+ content {
+ name = module.common.vm_os_sku
+ publisher = module.common.publisher
+ product = module.common.vm_os_offer
+ }
+ }
+
+ os_profile {
+ computer_name = "${var.cluster_name}${count.index+1}"
+ admin_username = module.common.admin_username
+ admin_password = module.common.admin_password
+ custom_data = templatefile("${path.module}/cloud-init.sh", {
+ installation_type = module.common.installation_type
+ allow_upload_download = module.common.allow_upload_download
+ os_version = module.common.os_version
+ template_name = module.common.template_name
+ template_version = module.common.template_version
+ template_type = "terraform"
+ is_blink = module.common.is_blink
+ bootstrap_script64 = base64encode(var.bootstrap_script)
+ location = module.common.resource_group_location
+ sic_key = var.sic_key
+ tenant_id = var.tenant_id
+ virtual_network = var.vnet_name
+ cluster_name = var.cluster_name
+ external_private_addresses = azurerm_network_interface.nic_vip.ip_configuration[1].private_ip_address
+ enable_custom_metrics = var.enable_custom_metrics ? "yes" : "no"
+ admin_shell = var.admin_shell
+ smart_1_cloud_token = count.index == 0 ? var.smart_1_cloud_token_a : var.smart_1_cloud_token_b
+ serial_console_password_hash = var.serial_console_password_hash
+ maintenance_mode_password_hash = var.maintenance_mode_password_hash
+ })
+ }
+
+ os_profile_linux_config {
+ disable_password_authentication = local.SSH_authentication_type_condition
+
+ dynamic "ssh_keys" {
+ for_each = local.SSH_authentication_type_condition ? [
+ 1] : []
+ content {
+ path = "/home/notused/.ssh/authorized_keys"
+ key_data = file("${path.module}/azure_public_key")
+ }
+ }
+ }
+
+ boot_diagnostics {
+ enabled = module.common.boot_diagnostics
+ storage_uri = module.common.boot_diagnostics ? join(",", azurerm_storage_account.vm-boot-diagnostics-storage.*.primary_blob_endpoint) : ""
+ }
+}
+//********************** Role Assigments **************************//
+data "azurerm_role_definition" "virtual_machine_contributor_role_definition" {
+ name = "Virtual Machine Contributor"
+}
+data "azurerm_role_definition" "reader_role_definition" {
+ name = "Reader"
+}
+data "azurerm_client_config" "client_config" {
+}
+resource "azurerm_role_assignment" "cluster_virtual_machine_contributor_assignment" {
+ count = 2
+ lifecycle {
+ ignore_changes = [
+ role_definition_id, principal_id
+ ]
+ }
+ scope = module.common.resource_group_id
+ role_definition_id = data.azurerm_role_definition.virtual_machine_contributor_role_definition.id
+ principal_id = local.availability_set_condition ? lookup(azurerm_virtual_machine.vm-instance-availability-set[count.index].identity[0], "principal_id") : lookup(azurerm_virtual_machine.vm-instance-availability-zone[count.index].identity[0], "principal_id")
+}
+resource "azurerm_role_assignment" "cluster_reader_assigment" {
+ count = 2
+ lifecycle {
+ ignore_changes = [
+ role_definition_id, principal_id
+ ]
+ }
+ scope = module.common.resource_group_id
+ role_definition_id = data.azurerm_role_definition.reader_role_definition.id
+ principal_id = local.availability_set_condition ? lookup(azurerm_virtual_machine.vm-instance-availability-set[count.index].identity[0], "principal_id") : lookup(azurerm_virtual_machine.vm-instance-availability-zone[count.index].identity[0], "principal_id")
+}
\ No newline at end of file
diff --git a/deprecated/terraform/azure/R8040-R81/high-availability-existing-vnet/terraform.tfvars b/deprecated/terraform/azure/R8040-R81/high-availability-existing-vnet/terraform.tfvars
new file mode 100644
index 00000000..e235eaa9
--- /dev/null
+++ b/deprecated/terraform/azure/R8040-R81/high-availability-existing-vnet/terraform.tfvars
@@ -0,0 +1,38 @@
+#PLEASE refer to the README.md for accepted values FOR THE VARIABLES BELOW
+client_secret = "PLEASE ENTER CLIENT SECRET" # "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"
+client_id = "PLEASE ENTER CLIENT ID" # "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"
+tenant_id = "PLEASE ENTER TENANT ID" # "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"
+subscription_id = "PLEASE ENTER SUBSCRIPTION ID" # "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"
+source_image_vhd_uri = "PLEASE ENTER SOURCE IMAGE VHD URI OR noCustomUri" # "noCustomUri"
+resource_group_name = "PLEASE ENTER RESOURCE GROUP NAME" # "checkpoint-ha-terraform"
+cluster_name = "PLEASE ENTER CLUSTER NAME" # "checkpoint-ha-terraform"
+location = "PLEASE ENTER LOCATION" # "eastus"
+vnet_name = "PLEASE ENTER VIRTUAL NETWORK NAME" # "checkpoint-ha-vnet"
+vnet_resource_group = "PLEASE ENTER VIRTUAL NETWORK'S RESOURCE GROUP NAME" # "existing-vnet"
+frontend_subnet_name = "PLEASE ENTER EXTERNAL SUBNET NAME" # "frontend"
+backend_subnet_name = "PLEASE ENTER INTERNAL SUBNET NAME" # "backend"
+frontend_IP_addresses = "PLEASE ENTER 3 FRONTEND IP ADDRESS POSITIONAL NUMBER" # [5, 6, 7]
+backend_IP_addresses = "PLEASE ENTER 3 BACKEND IP ADDRESSES POSITIONAL NUMBERS" # [5, 6, 7]
+admin_password = "PLEASE ENTER ADMIN PASSWORD" # "xxxxxxxxxxxx"
+smart_1_cloud_token_a = "PASTE TOKEN FROM SMART-1 CLOUD PORTAL" # ""
+smart_1_cloud_token_b = "PASTE TOKEN FROM SMART-1 CLOUD PORTAL" # ""
+sic_key = "PLEASE ENTER SIC KEY" # "xxxxxxxxxxxx"
+vm_size = "PLEASE ENTER VM SIZE" # "Standard_D3_v2"
+disk_size = "PLEASE ENTER DISK SIZE" # "110"
+vm_os_sku = "PLEASE ENTER VM SKU" # "sg-byol"
+vm_os_offer = "PLEASE ENTER VM OFFER" # "check-point-cg-r8110"
+os_version = "PLEASE ENTER GAIA OS VERSION" # "R8110"
+bootstrap_script = "PLEASE ENTER CUSTOM SCRIPT OR LEAVE EMPTY DOUBLE QUOTES" # "touch /home/admin/bootstrap.txt; echo 'hello_world' > /home/admin/bootstrap.txt"
+allow_upload_download = "PLEASE ENTER true or false" # true
+authentication_type = "PLEASE ENTER AUTHENTICATION TYPE" # "Password"
+availability_type = "PLEASE ENTER AVAILABILITY TYPE" # "Availability Zone"
+enable_custom_metrics = "PLEASE ENTER true or false" # true
+enable_floating_ip = "PLEASE ENTER true or false" # false
+use_public_ip_prefix = "PLEASE ENTER true or false" # false
+create_public_ip_prefix = "PLEASE ENTER true or false" # false
+existing_public_ip_prefix_id = "PLEASE ENTER IP PREFIX RESOURCE ID" # ""
+admin_shell = "PLEASE ENTER ADMIN SHELL" # "/etc/cli.sh"
+serial_console_password_hash = "PLEASE ENTER SERIAL CONSOLE PASSWORD HASH" # "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"
+maintenance_mode_password_hash = "PLEASE ENTER MAINTENANCE MODE PASSWORD HASH" # "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"
+add_storage_account_ip_rules = "PLEASE ENTER true or false" # false
+storage_account_additional_ips = "PLEASE ENTER A LIST OF VALID IPS/CIDRS" # []
\ No newline at end of file
diff --git a/deprecated/terraform/azure/R8040-R81/high-availability-existing-vnet/variables.tf b/deprecated/terraform/azure/R8040-R81/high-availability-existing-vnet/variables.tf
new file mode 100644
index 00000000..c11fa238
--- /dev/null
+++ b/deprecated/terraform/azure/R8040-R81/high-availability-existing-vnet/variables.tf
@@ -0,0 +1,339 @@
+//********************** Basic Configuration Variables **************************//
+variable "cluster_name" {
+ description = "Cluster name"
+ type = string
+}
+
+variable "resource_group_name" {
+ description = "Azure Resource Group name to build into"
+ type = string
+}
+
+variable "location" {
+ description = "The location/region where resources will be created. The full list of Azure regions can be found at https://azure.microsoft.com/regions"
+ type = string
+}
+
+//********************** Virtual Machine Instances Variables **************************//
+variable "availability_type" {
+ description = "Specifies whether to deploy the solution based on Azure Availability Set or based on Azure Availability Zone."
+ type = string
+ default = "Availability Zone"
+}
+
+locals { // locals for 'availability_type' allowed values
+ availability_type_allowed_values = [
+ "Availability Zone",
+ "Availability Set"
+ ]
+ // will fail if [var.availability_type] is invalid:
+ validate_availability_type_value = index(local.availability_type_allowed_values, var.availability_type)
+}
+
+variable "source_image_vhd_uri" {
+ type = string
+ description = "The URI of the blob containing the development image. Please use noCustomUri if you want to use marketplace images."
+ default = "noCustomUri"
+}
+
+variable "admin_username" {
+ description = "Administrator username of deployed VM. Due to Azure limitations 'notused' name can be used"
+ default = "notused"
+}
+
+variable "admin_password" {
+ description = "Administrator password of deployed Virtual Machine. The password must meet the complexity requirements of Azure"
+ type = string
+}
+
+variable "serial_console_password_hash" {
+ description = "Optional parameter, used to enable serial console connection in case of SSH key as authentication type"
+ type = string
+}
+
+variable "maintenance_mode_password_hash" {
+ description = "Maintenance mode password hash, relevant only for R81.20 and higher versions"
+ type = string
+}
+
+variable "smart_1_cloud_token_a" {
+ description = "Smart-1 Cloud Token, for configuring member A"
+ type = string
+}
+
+variable "smart_1_cloud_token_b" {
+ description = "Smart-1 Cloud Token, for configuring member B"
+ type = string
+}
+
+variable "sic_key" {
+ description = "Secure Internal Communication(SIC) key"
+ type = string
+}
+resource "null_resource" "sic_key_invalid" {
+ count = length(var.sic_key) >= 12 ? 0 : "SIC key must be at least 12 characters long"
+}
+
+variable "template_name" {
+ description = "Template name. Should be defined according to deployment type(ha, vmss)"
+ type = string
+ default = "ha_terraform"
+}
+
+variable "template_version" {
+ description = "Template version. It is recommended to always use the latest template version"
+ type = string
+ default = "20230910"
+}
+
+variable "installation_type" {
+ description = "Installation type"
+ type = string
+ default = "cluster"
+}
+
+variable "number_of_vm_instances" {
+ description = "Number of VM instances to deploy "
+ type = string
+ default = "2"
+}
+
+variable "vm_size" {
+ description = "Specifies size of Virtual Machine"
+ type = string
+}
+
+variable "disk_size" {
+ description = "Storage data disk size size(GB). Select a number between 100 and 3995"
+ type = string
+}
+
+variable "os_version" {
+ description = "GAIA OS version"
+ type = string
+}
+
+locals { // locals for 'vm_os_offer' allowed values
+ os_version_allowed_values = [
+ "R8040",
+ "R81",
+ "R8110",
+ "R8120"
+ ]
+ // will fail if [var.os_version] is invalid:
+ validate_os_version_value = index(local.os_version_allowed_values, var.os_version)
+}
+
+variable "vm_os_sku" {
+ description = "The sku of the image to be deployed."
+ type = string
+}
+
+variable "vm_os_offer" {
+ description = "The name of the image offer to be deployed.Choose from: check-point-cg-r8040, check-point-cg-r81, check-point-cg-r8110, check-point-cg-r8120"
+ type = string
+}
+
+locals { // locals for 'vm_os_offer' allowed values
+ vm_os_offer_allowed_values = [
+ "check-point-cg-r8040",
+ "check-point-cg-r81",
+ "check-point-cg-r8110",
+ "check-point-cg-r8120"
+ ]
+ // will fail if [var.vm_os_offer] is invalid:
+ validate_os_offer_value = index(local.vm_os_offer_allowed_values, var.vm_os_offer)
+}
+
+variable "authentication_type" {
+ description = "Specifies whether a password authentication or SSH Public Key authentication should be used"
+ type = string
+}
+locals { // locals for 'authentication_type' allowed values
+ authentication_type_allowed_values = [
+ "Password",
+ "SSH Public Key"
+ ]
+ // will fail if [var.authentication_type] is invalid:
+ validate_authentication_type_value = index(local.authentication_type_allowed_values, var.authentication_type)
+}
+
+variable "allow_upload_download" {
+ description = "Automatically download Blade Contracts and other important data. Improve product experience by sending data to Check Point"
+ type = bool
+}
+
+variable "is_blink" {
+ description = "Define if blink image is used for deployment"
+ default = true
+}
+
+variable "admin_shell" {
+ description = "The admin shell to configure on machine or the first time"
+ type = string
+ default = "/etc/cli.sh"
+}
+
+locals {
+ admin_shell_allowed_values = [
+ "/etc/cli.sh",
+ "/bin/bash",
+ "/bin/csh",
+ "/bin/tcsh"
+ ]
+ // Will fail if [var.admin_shell] is invalid
+ validate_admin_shell_value = index(local.admin_shell_allowed_values, var.admin_shell)
+}
+
+//********************** Networking Variables **************************//
+variable "vnet_name" {
+ description = "Virtual Network name"
+ type = string
+}
+
+variable "vnet_resource_group" {
+ description = "Resource group of existing vnet"
+ type = string
+}
+
+variable "frontend_subnet_name" {
+ description = "Frontend subnet name"
+ type = string
+}
+
+variable "backend_subnet_name" {
+ description = "Backend subnet name"
+ type = string
+}
+
+variable "frontend_IP_addresses" {
+ description = "A list of three whole numbers representing the private ip addresses of the members eth0 NICs and the cluster vip ip addresses. The numbers can be represented as binary integers with no more than the number of digits remaining in the address after the given frontend subnet prefix. The IP addresses are defined by their position in the frontend subnet."
+ type = list(number)
+}
+
+variable "backend_IP_addresses" {
+ description = "A list of three whole numbers representing the private ip addresses of the members eth1 NICs and the backend lb ip addresses. The numbers can be represented as binary integers with no more than the number of digits remaining in the address after the given backend subnet prefix. The IP addresses are defined by their position in the backend subnet."
+ type = list(number)
+}
+
+variable "vnet_allocation_method" {
+ description = "IP address allocation method"
+ type = string
+ default = "Static"
+}
+
+variable "lb_probe_name" {
+ description = "Name to be used for lb health probe"
+ default = "health_prob_port"
+}
+
+variable "lb_probe_port" {
+ description = "Port to be used for load balancer health probes and rules"
+ default = "8117"
+}
+
+variable "lb_probe_protocol" {
+ description = "Protocols to be used for load balancer health probes and rules"
+ default = "Tcp"
+}
+
+variable "lb_probe_unhealthy_threshold" {
+ description = "Number of times load balancer health probe has an unsuccessful attempt before considering the endpoint unhealthy."
+ default = 2
+}
+
+variable "lb_probe_interval" {
+ description = "Interval in seconds load balancer health probe rule performs a check"
+ default = 5
+}
+
+variable "bootstrap_script" {
+ description = "An optional script to run on the initial boot"
+ #example:
+ #"touch /home/admin/bootstrap.txt; echo 'hello_world' > /home/admin/bootstrap.txt"
+}
+
+variable "add_storage_account_ip_rules" {
+ type = bool
+ default = false
+ description = "Add Storage Account IP rules that allow access to the Serial Console only for IPs based on their geographic location"
+}
+
+variable "storage_account_additional_ips" {
+ type = list(string)
+ description = "IPs/CIDRs that are allowed access to the Storage Account"
+ default = []
+}
+//********************** Credentials **************************//
+variable "tenant_id" {
+ description = "Tenant ID"
+ type = string
+}
+
+variable "subscription_id" {
+ description = "Subscription ID"
+ type = string
+}
+
+variable "client_id" {
+ description = "Application ID(Client ID)"
+ type = string
+}
+
+variable "client_secret" {
+ description = "A secret string that the application uses to prove its identity when requesting a token. Also can be referred to as application password."
+ type = string
+}
+
+variable "sku" {
+ description = "SKU"
+ type = string
+ default = "Standard"
+}
+
+variable "enable_custom_metrics" {
+ description = "Indicates whether CloudGuard Metrics will be use for Cluster members monitoring."
+ type = bool
+ default = true
+}
+
+variable "enable_floating_ip" {
+ description = "Indicates whether the load balancers will be deployed with floating IP."
+ type = bool
+ default = false
+}
+
+variable "use_public_ip_prefix" {
+ description = "Indicates whether the public IP resources will be deployed with public IP prefix."
+ type = bool
+ default = false
+}
+
+variable "create_public_ip_prefix" {
+ description = "Indicates whether the public IP prefix will created or an existing will be used."
+ type = bool
+ default = false
+}
+
+variable "existing_public_ip_prefix_id" {
+ description = "The existing public IP prefix resource id."
+ type = string
+ default = ""
+}
+
+locals{
+ # Validate both s1c tokens are used or both empty
+ is_both_tokens_used = length(var.smart_1_cloud_token_a) > 0 == length(var.smart_1_cloud_token_b) > 0
+ validation_message_both = "To connect to Smart-1 Cloud, you must provide two tokens (one per member)"
+ _ = regex("^$", (local.is_both_tokens_used ? "" : local.validation_message_both))
+
+ is_tokens_used = length(var.smart_1_cloud_token_a) > 0
+ # Validate both s1c tokens are unqiue
+ token_parts_a = split(" ",var.smart_1_cloud_token_a)
+ token_parts_b = split(" ",var.smart_1_cloud_token_b)
+ acutal_token_a = local.token_parts_a[length(local.token_parts_a) - 1]
+ acutal_token_b = local.token_parts_b[length(local.token_parts_b) - 1]
+ is_both_tokens_the_same = local.acutal_token_a == local.acutal_token_b
+ validation_message_unique = "Same Smart-1 Cloud token used for both memeber, you must provide unique token for each member"
+ __ = local.is_tokens_used ? regex("^$", (local.is_both_tokens_the_same ? local.validation_message_unique : "")) : ""
+}
\ No newline at end of file
diff --git a/deprecated/terraform/azure/R8040-R81/high-availability-existing-vnet/versions.tf b/deprecated/terraform/azure/R8040-R81/high-availability-existing-vnet/versions.tf
new file mode 100644
index 00000000..0d5ca4f3
--- /dev/null
+++ b/deprecated/terraform/azure/R8040-R81/high-availability-existing-vnet/versions.tf
@@ -0,0 +1,12 @@
+terraform {
+ required_version = ">= 0.14.3"
+ required_providers {
+ azurerm = {
+ source = "hashicorp/azurerm"
+ version = "~> 3.81.0"
+ }
+ random = {
+ version = "~> 3.5.1"
+ }
+ }
+}
\ No newline at end of file
diff --git a/deprecated/terraform/azure/R8040-R81/high-availability-new-vnet/README.md b/deprecated/terraform/azure/R8040-R81/high-availability-new-vnet/README.md
new file mode 100644
index 00000000..51153c0a
--- /dev/null
+++ b/deprecated/terraform/azure/R8040-R81/high-availability-new-vnet/README.md
@@ -0,0 +1,242 @@
+# Check Point CloudGuard IaaS High Availability Terraform deployment for Azure
+
+This Terraform module deploys Check Point CloudGuard IaaS High Availability solution into a new Vnet in Azure.
+As part of the deployment the following resources are created:
+- Resource group
+- Virtual network
+- Network security group
+- System assigned identity
+- Availability Set - conditional creation
+
+For additional information,
+please see the [CloudGuard Network for Azure High Availability Cluster Deployment Guide](https://sc1.checkpoint.com/documents/IaaS/WebAdminGuides/EN/CP_CloudGuard_Network_for_Azure_HA_Cluster/Default.htm)
+
+This solution uses the following modules:
+- /terraform/azure/modules/common - used for creating a resource group and defining common variables.
+- /terraform/azure/modules/vnet - used for creating new virtual network and subnets.
+- /terraform/azure/modules/network-security-group - used for creating new network security groups and rules.
+
+
+## Configurations
+- Install and configure Terraform to provision Azure resources: [Configure Terraform for Azure](https://docs.microsoft.com/en-us/azure/virtual-machines/linux/terraform-install-configure)
+- In order to use ssh connection to VMs, it is **required** to add a public key to the /terraform/azure/high-availability-new-vnet/azure_public_key file.
+
+## Usage
+- Choose the preferred login method to Azure in order to deploy the solution:
+
1. Using Service Principal:
+ - Create a [Service Principal](https://docs.microsoft.com/en-us/azure/active-directory/develop/howto-create-service-principal-portal) (or use the existing one)
+ - Grant the Service Principal at least "**Managed Application Contributor**", "**Storage Account Contributor**", "**Network Contributor**", "**Virtual Machine Contributor**", "**User Access Administrator**" permissions to the Azure subscription
+ - The Service Principal credentials can be stored either in the terraform.tfvars or as [Environment Variables](https://www.terraform.io/docs/providers/azuread/guides/service_principal_client_secret.html)
+
+ In case the Environment Variables are used, perform modifications described below:
+
+ a. The next lines in the main.tf file, in the provider azurerm resource, need to be deleted or commented:
+
+ provider "azurerm" {
+
+ // subscription_id = var.subscription_id
+ // client_id = var.client_id
+ // client_secret = var.client_secret
+ // tenant_id = var.tenant_id
+
+ features {}
+ }
+
+ b. In the terraform.tfvars file leave empty double quotes for client_secret, client_id , tenant_id and subscription_id variables:
+
+ client_secret = ""
+ client_id = ""
+ tenant_id = ""
+ subscription_id = ""
+
+
2. Using **az** commands from a command-line:
+ - Run **az login** command
+ - Sign in with your account credentials in the browser
+ - [Accept Azure Marketplace image terms](https://docs.microsoft.com/en-us/cli/azure/vm/image/terms?view=azure-cli-latest) by running:
+
**az vm image terms accept --urn publisher:offer:sku:version**, where:
+ - publisher = checkpoint;
+ - offer = vm_os_offer (see accepted values in the table below);
+ - sku = vm_os_sku (see accepted values in the table below);
+ - version = latest
+
Example:
+ az vm image terms accept --urn checkpoint:check-point-cg-r8040:sg-byol:latest
+
+ - In the terraform.tfvars file leave empty double quotes for client_secret, client_id and tenant_id variables.
+
+- Fill all variables in the /terraform/azure/high-availability-new-vnet/terraform.tfvars file with proper values (see below for variables descriptions).
+- From a command line initialize the Terraform configuration directory:
+
+ terraform init
+- Create an execution plan:
+
+ terraform plan
+- Create or modify the deployment:
+
+ terraform apply
+
+### terraform.tfvars variables:
+ | Name | Description | Type | Allowed values | Default |
+ | ------------- | ------------- |--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|---------| ------------- |
+ | **client_secret** | The client secret of the Service Principal used to deploy the solution | string | | n/a |
+ | | | | | |
+ | **client_id** | The client ID of the Service Principal used to deploy the solution | string | | n/a
+ | | | | | |
+ | **tenant_id** | The tenant ID of the Service Principal used to deploy the solution | string | | n/a
+ | | | | | |
+ | **subscription_id** | The subscription ID is used to pay for Azure cloud services | string | | n/a
+ | | | | | |
+ | **source_image_vhd_uri** | The URI of the blob containing the development image. Please use noCustomUri if you want to use marketplace images | string | | "noCustomUri"
+ | | | | | |
+ | **resource_group_name** | The name of the resource group that will contain the contents of the deployment | string | Resource group names only allow alphanumeric characters, periods, underscores, hyphens and parenthesis and cannot end in a period | n/a |
+ | | | | | |
+ | **location** | The region where the resources will be deployed at | string | The full list of Azure regions can be found at https://azure.microsoft.com/regions | n/a |
+ | | | | | |
+ | **cluster_name** | The name of the Check Point Cluster Object | string | Only alphanumeric characters are allowed, and the name must be 1-30 characters long | n/a |
+ | | | | | |
+ | **vnet_name** | The name of virtual network that will be created | string | The name must begin with a letter or number, end with a letter, number or underscore, and may contain only letters, numbers, underscores, periods, or hyphens | n/a |
+ | | | | | |
+ | **address_space** | The address prefixes of the virtual network | string | Valid CIDR block | "10.0.0.0/16" |
+ | | | | | |
+ | **subnet_prefixes** | The address prefixes to be used for created subnets | string | The subnets need to contain within the address space for this virtual network(defined by address_space variable) | ["10.0.0.0/24", "10.0.1.0/24"] |
+ | | | | | |
+ | **admin_password** | The password associated with the local administrator account on each cluster member | string | Password must have 3 of the following: 1 lower case character, 1 upper case character, 1 number, and 1 special character | n/a |
+ | | | | | |
+ | **smart_1_cloud_token_a** | Smart-1 Cloud token to connect automatically ***Member A*** to Check Point's Security Management as a Service.
Follow these instructions to quickly connect this member to Smart-1 Cloud - [SK180501](https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk180501) | string | A valid token copied from the Connect Gateway screen in Smart-1 Cloud portal | n/a | |
+ | | | | | |
+ | **smart_1_cloud_token_b** | Smart-1 Cloud token to connect automatically ***Member B*** to Check Point's Security Management as a Service.
Follow these instructions to quickly connect this member to Smart-1 Cloud - [SK180501](https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk180501) | string | A valid token copied from the Connect Gateway screen in Smart-1 Cloud portal | n/a | |
+ | | | | | |
+ | **sic_key** | The Secure Internal Communication one time secret used to set up trust between the cluster object and the management server | string | Only alphanumeric characters are allowed, and the value must be 12-30 characters long | n/a |
+ | | | | | |
+ | **vm_size** | Specifies the size of Virtual Machine | string | "Standard_DS2_v2", "Standard_DS3_v2", "Standard_DS4_v2", "Standard_DS5_v2", "Standard_F2s", "Standard_F4s", "Standard_F8s", "Standard_F16s", "Standard_D4s_v3", "Standard_D8s_v3", "Standard_D16s_v3", "Standard_D32s_v3", "Standard_D64s_v3", "Standard_E4s_v3", "Standard_E8s_v3", "Standard_E16s_v3", "Standard_E20s_v3", "Standard_E32s_v3", "Standard_E64s_v3", "Standard_E64is_v3", "Standard_F4s_v2", "Standard_F8s_v2", "Standard_F16s_v2", "Standard_F32s_v2", "Standard_F64s_v2", "Standard_M8ms", "Standard_M16ms", "Standard_M32ms", "Standard_M64ms", "Standard_M64s", "Standard_D2_v2", "Standard_D3_v2", "Standard_D4_v2", "Standard_D5_v2", "Standard_D11_v2", "Standard_D12_v2", "Standard_D13_v2", "Standard_D14_v2", "Standard_D15_v2", "Standard_F2", "Standard_F4", "Standard_F8", "Standard_F16", "Standard_D4_v3", "Standard_D8_v3", "Standard_D16_v3", "Standard_D32_v3", "Standard_D64_v3", "Standard_E4_v3", "Standard_E8_v3", "Standard_E16_v3", "Standard_E20_v3", "Standard_E32_v3", "Standard_E64_v3", "Standard_E64i_v3", "Standard_DS11_v2", "Standard_DS12_v2", "Standard_DS13_v2", "Standard_DS14_v2", "Standard_DS15_v2", "Standard_D2_v5", "Standard_D4_v5", "Standard_D8_v5", "Standard_D16_v5","Standard_D32_v5", "Standard_D2s_v5", "Standard_D4s_v5", "Standard_D8s_v5", "Standard_D16s_v5", "Standard_D2d_v5", "Standard_D4d_v5", "Standard_D8d_v5", "Standard_D16d_v5", "Standard_D32d_v5", "Standard_D2ds_v5", "Standard_D4ds_v5", "Standard_D8ds_v5", "Standard_D16ds_v5", "Standard_D32ds_v5" | n/a
+ | | | | | |
+ | **disk_size** | Storage data disk size size(GB) | string | A number in the range 100 - 3995 (GB) | n/a |
+ | | | | | |
+ | **vm_os_sku** | A sku of the image to be deployed | string | "sg-byol" - BYOL license;
"sg-ngtp" - NGTP PAYG license;
"sg-ngtx" - NGTX PAYG license;| n/a |
+ | | | | | |
+ | **vm_os_offer** | The name of the image offer to be deployed | string | "check-point-cg-r8040";
"check-point-cg-r81";
"check-point-cg-r8110";
"check-point-cg-r8120"; | n/a |
+ | | | | | |
+ | **os_version** | GAIA OS version | string | "R8040";
"R81";
"R8110";
"R8120"; | n/a |
+ | | | | | |
+ | **bootstrap_script** | An optional script to run on the initial boot | string | Bootstrap script example:
"touch /home/admin/bootstrap.txt; echo 'hello_world' > /home/admin/bootstrap.txt"
The script will create bootstrap.txt file in the /home/admin/ and add 'hello word' string into it | n/a |
+ | | | | | |
+ | **allow_upload_download** | Automatically download Blade Contracts and other important data. Improve product experience by sending data to Check Point | boolean | true;
false; | n/a |
+ | | | | | |
+ | **authentication_type** | Specifies whether a password authentication or SSH Public Key authentication should be used | string | "Password";
"SSH Public Key"; | n/a |
+ | | | | | |
+ | **availability_type** | Specifies whether to deploy the solution based on Azure Availability Set or based on Azure Availability Zone | string | "Availability Zone";
"Availability Set"; | "Availability Zone" |
+ | | | | | |
+ | **enable_custom_metrics** | Indicates whether CloudGuard Metrics will be use for Cluster members monitoring | boolean | true;
false; | true |
+ | | | | | |
+ | **enable_floating_ip** | Indicates whether the load balancers will be deployed with floating IP | boolean | true;
false; | false |
+ | | | | | |
+ | **use_public_ip_prefix** | Indicates whether the public IP resources will be deployed with public IP prefix | boolean | true;
false; | false|
+ | | | | | |
+ | **create_public_ip_prefix** | Indicates whether the public IP prefix will created or an existing will be used | boolean | true;
false; | false |
+ | | | | | |
+ | **existing_public_ip_prefix_id** | The existing public IP prefix resource id | string | Existing public IP prefix resource id | ""|
+ | | | | | |
+ | **admin_shell** | Enables to select different admin shells | string | /etc/cli.sh;
/bin/bash;
/bin/csh;
/bin/tcsh; | "/etc/cli.sh" |
+ | | | | | |
+ | **serial_console_password_hash** | Optional parameter, used to enable serial console connection in case of SSH key as authentication type, to generate password hash use the command 'openssl passwd -6 PASSWORD' on Linux and paste it here | string | | n/a
+ | | | | | |
+ | **maintenance_mode_password_hash** | Maintenance mode password hash, relevant only for R81.20 and higher versions, to generate a password hash use the command 'grub2-mkpasswd-pbkdf2' on Linux and paste it here | string | | n/a
+ | | | | | |
+ | **nsg_id** | Optional ID for a Network Security Group that already exists in Azure, if not provided, will create a default NSG | string | Existing NSG resource ID | "" |
+ | | | | | |
+ | **add_storage_account_ip_rules** | Add Storage Account IP rules that allow access to the Serial Console only for IPs based on their geographic location, if false then accses will be allowed from all networks | boolean | true;
false; | false
+ | | | | | |
+ | **storage_account_additional_ips** | IPs/CIDRs that are allowed access to the Storage Account | list(string) | A list of valid IPs and CIDRs | []
+
+
+## Conditional creation
+- To deploy the solution based on Azure Availability Set and create a new Availability Set for the virtual machines:
+```
+availability_type = "Availability Set"
+```
+ Otherwise, to deploy the solution based on Azure Availability Zone:
+```
+availability_type = "Availability Zone"
+```
+- To enable CloudGuard metrics in order to send statuses and statistics collected from HA instances to the Azure Monitor service:
+ ```
+ enable_custom_metrics = true
+ ```
+- To create new public IP prefix for the public IP:
+ ```
+ use_public_ip_prefix = true
+ create_public_ip_prefix = true
+ ```
+- To use an exisiting public IP prefix for the public IP:
+ ```
+ use_public_ip_prefix = true
+ create_public_ip_prefix = false
+ existing_public_ip_prefix_id = "public IP prefix resource id"
+ ```
+
+## Example
+ client_secret = "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"
+ client_id = "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"
+ tenant_id = "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"
+ subscription_id = "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"
+ source_image_vhd_uri = "noCustomUri"
+ resource_group_name = "checkpoint-ha-terraform"
+ cluster_name = "checkpoint-ha-terraform"
+ location = "eastus"
+ vnet_name = "checkpoint-ha-vnet"
+ address_space = "10.0.0.0/16"
+ subnet_prefixes = ["10.0.1.0/24","10.0.2.0/24"]
+ admin_password = "xxxxxxxxxxxx"
+ smart_1_cloud_token_a = "xxxxxxxxxxxx"
+ smart_1_cloud_token_b = "xxxxxxxxxxxx"
+ sic_key = "xxxxxxxxxxxx"
+ vm_size = "Standard_D3_v2"
+ disk_size = "110"
+ vm_os_sku = "sg-byol"
+ vm_os_offer = "check-point-cg-r8110"
+ os_version = "R8110"
+ bootstrap_script = "touch /home/admin/bootstrap.txt; echo 'hello_world' > /home/admin/bootstrap.txt"
+ allow_upload_download = true
+ authentication_type = "Password"
+ availability_type = "Availability Zone"
+ enable_custom_metrics = true
+ enable_floating_ip = false
+ use_public_ip_prefix = false
+ create_public_ip_prefix = false
+ existing_public_ip_prefix_id = ""
+ admin_shell = "/etc/cli.sh"
+ serial_console_password_hash = "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"
+ maintenance_mode_password_hash = "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"
+ nsg_id = ""
+ add_storage_account_ip_rules = false
+ storage_account_additional_ips = []
+
+## Revision History
+In order to check the template version refer to the [sk116585](https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk116585)
+
+| Template Version | Description |
+| ---------------- | ------------- |
+| 20240613 | - Updated Azure Terraform provider version
- Updated managed identity permissions
- Cosmetic fixes & default values
- Added option to limit storage account access by specify allowed sourcess
- Added validation for os_version & os_offer |
+| | | |
+| 20230910 | - R81.20 is the default version |
+| | | |
+| 20230212 | - Added Smart-1 Cloud support |
+| | | |
+| 20221124 | - Added R81.20 support
- Upgraded azurerm provider |
+| | | |
+| 20220111 | - Added support to select different shells |
+| | | |
+| 20210309 | - Add "source_image_vhd_uri" variable for using a custom development image |
+| | | |
+| 20210111 |- Update terraform version to 0.14.3
- Update azurerm version to 2.17.0
- Add authentication_type variable for choosing the authentication type.
- Merge ha-availability-set-new-vnet and ha-availability-zones-new-vnet deployments to one deployment.
- Adding support for R81.
- Add support to CloudGuards metrics.
- Update resources for NSG https://github.com/CheckPointSW/CloudGuardIaaS/issues/67
- The cluster member current state is kept when redeploying.
- Avoid role-assignment re-creation when re-apply |
+| | | |
+| 20200508 |- Add backend load balancer rules resource.
- Rename the health probe for the backend load balancer.
- Rename the template name to "ha" |
+| | | |
+| 20200305 | First release of Check Point CloudGuard IaaS High Availability Terraform deployment for Azure |
+| | | |
+| | Addition of "templateType" parameter to "cloud-version" files |
+| | | |
+
+## License
+
+See the [LICENSE](../../LICENSE) file for details
+
diff --git a/deprecated/terraform/azure/R8040-R81/high-availability-new-vnet/azure_public_key b/deprecated/terraform/azure/R8040-R81/high-availability-new-vnet/azure_public_key
new file mode 100644
index 00000000..e69de29b
diff --git a/deprecated/terraform/azure/R8040-R81/high-availability-new-vnet/cloud-init.sh b/deprecated/terraform/azure/R8040-R81/high-availability-new-vnet/cloud-init.sh
new file mode 100644
index 00000000..0609bfcf
--- /dev/null
+++ b/deprecated/terraform/azure/R8040-R81/high-availability-new-vnet/cloud-init.sh
@@ -0,0 +1,22 @@
+#!/usr/bin/python3 /etc/cloud_config.py
+
+installationType="${installation_type}"
+allowUploadDownload="${allow_upload_download}"
+osVersion="${os_version}"
+templateName="${template_name}"
+templateVersion="${template_version}"
+templateType="${template_type}"
+isBlink="${is_blink}"
+bootstrapScript64="${bootstrap_script64}"
+location="${location}"
+sicKey="${sic_key}"
+tenantId="${tenant_id}"
+virtualNetwork="${virtual_network}"
+clusterName="${cluster_name}"
+externalPrivateAddresses="${external_private_addresses}"
+customMetrics="${enable_custom_metrics}"
+adminShell="${admin_shell}"
+smart1CloudToken="${smart_1_cloud_token}"
+Vips='[{"name": "cluster-vip", "privateIPAddress": "${external_private_addresses}", "publicIPAddress": "${cluster_name}"}]'
+passwordHash="${serial_console_password_hash}"
+MaintenanceModePassword="${maintenance_mode_password_hash}"
diff --git a/deprecated/terraform/azure/R8040-R81/high-availability-new-vnet/main.tf b/deprecated/terraform/azure/R8040-R81/high-availability-new-vnet/main.tf
new file mode 100644
index 00000000..56495095
--- /dev/null
+++ b/deprecated/terraform/azure/R8040-R81/high-availability-new-vnet/main.tf
@@ -0,0 +1,550 @@
+//********************** Providers **************************//
+provider "azurerm" {
+ subscription_id = var.subscription_id
+ client_id = var.client_id
+ client_secret = var.client_secret
+ tenant_id = var.tenant_id
+
+ features {}
+}
+
+//********************** Basic Configuration **************************//
+module "common" {
+ source = "../modules/common"
+ resource_group_name = var.resource_group_name
+ location = var.location
+ admin_password = var.admin_password
+ installation_type = var.installation_type
+ template_name = var.template_name
+ template_version = var.template_version
+ number_of_vm_instances = var.number_of_vm_instances
+ allow_upload_download = var.allow_upload_download
+ vm_size = var.vm_size
+ disk_size = var.disk_size
+ is_blink = var.is_blink
+ os_version = var.os_version
+ vm_os_sku = var.vm_os_sku
+ vm_os_offer = var.vm_os_offer
+ authentication_type = var.authentication_type
+ serial_console_password_hash = var.serial_console_password_hash
+ maintenance_mode_password_hash = var.maintenance_mode_password_hash
+ storage_account_additional_ips = var.storage_account_additional_ips
+}
+
+//********************** Networking **************************//
+module "vnet" {
+ source = "../modules/vnet"
+ vnet_name = var.vnet_name
+ resource_group_name = module.common.resource_group_name
+ location = module.common.resource_group_location
+ nsg_id = var.nsg_id == "" ? module.network-security-group[0].network_security_group_id: var.nsg_id
+ address_space = var.address_space
+ subnet_prefixes = var.subnet_prefixes
+}
+
+module "network-security-group" {
+ source = "../modules/network-security-group"
+ count = var.nsg_id == "" ? 1 : 0
+ resource_group_name = module.common.resource_group_name
+ security_group_name = "${module.common.resource_group_name}_nsg"
+ location = module.common.resource_group_location
+ security_rules = [
+ {
+ name = "AllowAllInBound"
+ priority = "100"
+ direction = "Inbound"
+ access = "Allow"
+ protocol = "*"
+ source_port_ranges = "*"
+ destination_port_ranges = "*"
+ description = "Allow all inbound connections"
+ source_address_prefix = "*"
+ destination_address_prefix = "*"
+ }
+ ]
+}
+
+resource "random_id" "random_id" {
+ byte_length = 13
+ keepers = {
+ rg_id = module.common.resource_group_id
+ }
+}
+
+resource "azurerm_public_ip_prefix" "public_ip_prefix" {
+ count = var.use_public_ip_prefix && var.create_public_ip_prefix ? 1 : 0
+ name = "${module.common.resource_group_name}-ipprefix"
+ location = module.common.resource_group_location
+ resource_group_name = module.common.resource_group_name
+ prefix_length = 30
+}
+
+resource "azurerm_public_ip" "public-ip" {
+ count = 2
+ name = "${var.cluster_name}${count.index+1}_IP"
+ location = module.common.resource_group_location
+ resource_group_name = module.common.resource_group_name
+ allocation_method = module.vnet.allocation_method
+ sku = var.sku
+ domain_name_label = "${lower(var.cluster_name)}-${count.index+1}-${random_id.random_id.hex}"
+ public_ip_prefix_id = var.use_public_ip_prefix ? (var.create_public_ip_prefix ? azurerm_public_ip_prefix.public_ip_prefix[0].id : var.existing_public_ip_prefix_id) : null
+}
+
+resource "azurerm_public_ip" "cluster-vip" {
+ name = var.cluster_name
+ location = module.common.resource_group_location
+ resource_group_name = module.common.resource_group_name
+ allocation_method = module.vnet.allocation_method
+ sku = var.sku
+ domain_name_label = "${lower(var.cluster_name)}-vip-${random_id.random_id.hex}"
+ public_ip_prefix_id = var.use_public_ip_prefix ? (var.create_public_ip_prefix ? azurerm_public_ip_prefix.public_ip_prefix[0].id : var.existing_public_ip_prefix_id) : null
+}
+
+resource "azurerm_network_interface" "nic_vip" {
+ depends_on = [
+ azurerm_public_ip.cluster-vip,
+ azurerm_public_ip.public-ip]
+ name = "${var.cluster_name}1-eth0"
+ location = module.common.resource_group_location
+ resource_group_name = module.common.resource_group_name
+ enable_ip_forwarding = true
+ enable_accelerated_networking = true
+
+ ip_configuration {
+ name = "ipconfig1"
+ primary = true
+ subnet_id = module.vnet.vnet_subnets[0]
+ private_ip_address_allocation = module.vnet.allocation_method
+ private_ip_address = cidrhost(module.vnet.subnet_prefixes[0], 5)
+ public_ip_address_id = azurerm_public_ip.public-ip.0.id
+ }
+ ip_configuration {
+ name = "cluster-vip"
+ subnet_id = module.vnet.vnet_subnets[0]
+ primary = false
+ private_ip_address_allocation = module.vnet.allocation_method
+ private_ip_address = cidrhost(module.vnet.subnet_prefixes[0], 7)
+ public_ip_address_id = azurerm_public_ip.cluster-vip.id
+ }
+ lifecycle {
+ ignore_changes = [
+ # Ignore changes to ip_configuration when Re-applying, e.g. because a cluster failover and associating the cluster- vip with the other member.
+ # updates these based on some ruleset managed elsewhere.
+ ip_configuration
+ ]
+ }
+}
+
+resource "azurerm_network_interface_backend_address_pool_association" "nic_vip_lb_association" {
+ depends_on = [azurerm_network_interface.nic_vip, azurerm_lb_backend_address_pool.frontend-lb-pool]
+ network_interface_id = azurerm_network_interface.nic_vip.id
+ ip_configuration_name = "ipconfig1"
+ backend_address_pool_id = azurerm_lb_backend_address_pool.frontend-lb-pool.id
+}
+
+resource "azurerm_network_interface" "nic" {
+ depends_on = [
+ azurerm_public_ip.public-ip,
+ azurerm_lb.frontend-lb]
+ name = "${var.cluster_name}2-eth0"
+ location = module.common.resource_group_location
+ resource_group_name = module.common.resource_group_name
+ enable_ip_forwarding = true
+ enable_accelerated_networking = true
+
+ ip_configuration {
+ name = "ipconfig1"
+ primary = true
+ subnet_id = module.vnet.vnet_subnets[0]
+ private_ip_address_allocation = module.vnet.allocation_method
+ private_ip_address = cidrhost(module.vnet.subnet_prefixes[0], 6)
+ public_ip_address_id = azurerm_public_ip.public-ip.1.id
+ }
+ lifecycle {
+ ignore_changes = [
+ # Ignore changes to ip_configuration when Re-applying, e.g. because a cluster failover and associating the cluster- vip with the other member.
+ # updates these based on some ruleset managed elsewhere.
+ ip_configuration
+ ]
+ }
+}
+
+resource "azurerm_network_interface_backend_address_pool_association" "nic_lb_association" {
+ depends_on = [azurerm_network_interface.nic, azurerm_lb_backend_address_pool.frontend-lb-pool]
+ network_interface_id = azurerm_network_interface.nic.id
+ ip_configuration_name = "ipconfig1"
+ backend_address_pool_id = azurerm_lb_backend_address_pool.frontend-lb-pool.id
+}
+
+resource "azurerm_network_interface" "nic1" {
+ depends_on = [
+ azurerm_lb.backend-lb]
+ count = 2
+ name = "${var.cluster_name}${count.index+1}-eth1"
+ location = module.common.resource_group_location
+ resource_group_name = module.common.resource_group_name
+ enable_ip_forwarding = true
+ enable_accelerated_networking = true
+
+ ip_configuration {
+ name = "ipconfig2"
+ subnet_id = module.vnet.vnet_subnets[1]
+ private_ip_address_allocation = module.vnet.allocation_method
+ private_ip_address = cidrhost(module.vnet.subnet_prefixes[1], count.index+5)
+ }
+}
+
+resource "azurerm_network_interface_backend_address_pool_association" "nic1_lb_association" {
+ depends_on = [azurerm_network_interface.nic1, azurerm_lb_backend_address_pool.backend-lb-pool]
+ count = 2
+ network_interface_id = azurerm_network_interface.nic1[count.index].id
+ ip_configuration_name = "ipconfig2"
+ backend_address_pool_id = azurerm_lb_backend_address_pool.backend-lb-pool.id
+}
+
+//********************** Load Balancers **************************//
+resource "azurerm_public_ip" "public-ip-lb" {
+ name = "frontend_lb_ip"
+ location = module.common.resource_group_location
+ resource_group_name = module.common.resource_group_name
+ allocation_method = module.vnet.allocation_method
+ sku = var.sku
+ domain_name_label = "${lower(var.cluster_name)}-${random_id.random_id.hex}"
+ public_ip_prefix_id = var.use_public_ip_prefix ? (var.create_public_ip_prefix ? azurerm_public_ip_prefix.public_ip_prefix[0].id : var.existing_public_ip_prefix_id) : null
+}
+
+resource "azurerm_lb" "frontend-lb" {
+// depends_on = [
+// azurerm_public_ip.public-ip-lb]
+ name = "frontend-lb"
+ location = module.common.resource_group_location
+ resource_group_name = module.common.resource_group_name
+ sku = var.sku
+
+ frontend_ip_configuration {
+ name = "LoadBalancerFrontend"
+ public_ip_address_id = azurerm_public_ip.public-ip-lb.id
+ }
+}
+
+resource "azurerm_lb_backend_address_pool" "frontend-lb-pool" {
+ loadbalancer_id = azurerm_lb.frontend-lb.id
+ name = "frontend-lb-pool"
+}
+
+resource "azurerm_lb" "backend-lb" {
+ name = "backend-lb"
+ location = module.common.resource_group_location
+ resource_group_name = module.common.resource_group_name
+ sku = var.sku
+ frontend_ip_configuration {
+ name = "backend-lb"
+ subnet_id = module.vnet.vnet_subnets[1]
+ private_ip_address_allocation = module.vnet.allocation_method
+ private_ip_address = cidrhost(module.vnet.subnet_prefixes[1], 4)
+ }
+}
+
+resource "azurerm_lb_backend_address_pool" "backend-lb-pool" {
+ name = "backend-lb-pool"
+ loadbalancer_id = azurerm_lb.backend-lb.id
+}
+
+resource "azurerm_lb_probe" "azure_lb_healprob" {
+ count = 2
+ loadbalancer_id = count.index == 0 ? azurerm_lb.frontend-lb.id : azurerm_lb.backend-lb.id
+ name = var.lb_probe_name
+ protocol = var.lb_probe_protocol
+ port = var.lb_probe_port
+ interval_in_seconds = var.lb_probe_interval
+ number_of_probes = var.lb_probe_unhealthy_threshold
+}
+
+resource "azurerm_lb_rule" "backend_lb_rules" {
+ loadbalancer_id = azurerm_lb.backend-lb.id
+ name = "backend-lb"
+ protocol = "All"
+ frontend_port = 0
+ backend_port = 0
+ frontend_ip_configuration_name = "backend-lb"
+ load_distribution = "Default"
+ backend_address_pool_ids = [azurerm_lb_backend_address_pool.backend-lb-pool.id]
+ probe_id = azurerm_lb_probe.azure_lb_healprob[1].id
+ enable_floating_ip = var.enable_floating_ip
+}
+
+//********************** Availability Set **************************//
+locals {
+ availability_set_condition = var.availability_type == "Availability Set" ? true : false
+ SSH_authentication_type_condition = var.authentication_type == "SSH Public Key" ? true : false
+}
+resource "azurerm_availability_set" "availability-set" {
+ count = local.availability_set_condition ? 1 : 0
+ name = "${var.cluster_name}-AvailabilitySet"
+ location = module.common.resource_group_location
+ resource_group_name = module.common.resource_group_name
+ platform_fault_domain_count = 2
+ platform_update_domain_count = 5
+ managed = true
+}
+
+//********************** Storage accounts **************************//
+// Generate random text for a unique storage account name
+resource "random_id" "randomId" {
+ keepers = {
+ # Generate a new ID only when a new resource group is defined
+ resource_group = module.common.resource_group_name
+ }
+ byte_length = 8
+}
+resource "azurerm_storage_account" "vm-boot-diagnostics-storage" {
+ name = "bootdiag${random_id.randomId.hex}"
+ resource_group_name = module.common.resource_group_name
+ location = module.common.resource_group_location
+ account_tier = module.common.storage_account_tier
+ account_replication_type = module.common.account_replication_type
+ network_rules {
+ default_action = var.add_storage_account_ip_rules ? "Deny" : "Allow"
+ ip_rules = module.common.storage_account_ip_rules
+ }
+ blob_properties {
+ delete_retention_policy {
+ days = "15"
+ }
+ }
+}
+
+//********************** Virtual Machines **************************//
+locals {
+ custom_image_condition = var.source_image_vhd_uri == "noCustomUri" ? false : true
+}
+
+resource "azurerm_image" "custom-image" {
+ count = local.custom_image_condition ? 1 : 0
+ name = "custom-image"
+ location = var.location
+ resource_group_name = module.common.resource_group_name
+
+ os_disk {
+ os_type = "Linux"
+ os_state = "Generalized"
+ blob_uri = var.source_image_vhd_uri
+ }
+}
+resource "azurerm_virtual_machine" "vm-instance-availability-set" {
+ depends_on = [
+ azurerm_network_interface.nic,
+ azurerm_network_interface.nic1,
+ azurerm_network_interface.nic_vip]
+ count = local.availability_set_condition ? module.common.number_of_vm_instances : 0
+ name = "${var.cluster_name}${count.index+1}"
+ location = module.common.resource_group_location
+ resource_group_name = module.common.resource_group_name
+ availability_set_id = local.availability_set_condition ? azurerm_availability_set.availability-set[0].id : ""
+ vm_size = module.common.vm_size
+ network_interface_ids = count.index == 0 ? [
+ azurerm_network_interface.nic_vip.id,
+ azurerm_network_interface.nic1.0.id] : [
+ azurerm_network_interface.nic.id,
+ azurerm_network_interface.nic1.1.id]
+ delete_os_disk_on_termination = module.common.delete_os_disk_on_termination
+ primary_network_interface_id = count.index == 0 ? azurerm_network_interface.nic_vip.id : azurerm_network_interface.nic.id
+ identity {
+ type = module.common.vm_instance_identity
+ }
+ storage_image_reference {
+ id = local.custom_image_condition ? azurerm_image.custom-image[0].id : null
+ publisher = local.custom_image_condition ? null : module.common.publisher
+ offer = module.common.vm_os_offer
+ sku = module.common.vm_os_sku
+ version = module.common.vm_os_version
+ }
+
+ storage_os_disk {
+ name = "${var.cluster_name}-${count.index+1}"
+ create_option = module.common.storage_os_disk_create_option
+ caching = module.common.storage_os_disk_caching
+ managed_disk_type = module.common.storage_account_type
+ disk_size_gb = module.common.disk_size
+ }
+
+ dynamic "plan" {
+ for_each = local.custom_image_condition ? [
+ ] : [1]
+ content {
+ name = module.common.vm_os_sku
+ publisher = module.common.publisher
+ product = module.common.vm_os_offer
+ }
+ }
+
+ os_profile {
+ computer_name = "${var.cluster_name}${count.index+1}"
+ admin_username = module.common.admin_username
+ admin_password = module.common.admin_password
+ custom_data = templatefile("${path.module}/cloud-init.sh", {
+ installation_type = module.common.installation_type
+ allow_upload_download = module.common.allow_upload_download
+ os_version = module.common.os_version
+ template_name = module.common.template_name
+ template_version = module.common.template_version
+ template_type = "terraform"
+ is_blink = module.common.is_blink
+ bootstrap_script64 = base64encode(var.bootstrap_script)
+ location = module.common.resource_group_location
+ sic_key = var.sic_key
+ tenant_id = var.tenant_id
+ virtual_network = module.vnet.vnet_name
+ cluster_name = var.cluster_name
+ external_private_addresses = azurerm_network_interface.nic_vip.ip_configuration[1].private_ip_address
+ enable_custom_metrics = var.enable_custom_metrics ? "yes" : "no"
+ admin_shell = var.admin_shell
+ smart_1_cloud_token = count.index == 0 ? var.smart_1_cloud_token_a : var.smart_1_cloud_token_b
+ serial_console_password_hash = var.serial_console_password_hash
+ maintenance_mode_password_hash = var.maintenance_mode_password_hash
+ })
+ }
+
+ os_profile_linux_config {
+ disable_password_authentication = local.SSH_authentication_type_condition
+
+ dynamic "ssh_keys" {
+ for_each = local.SSH_authentication_type_condition ? [
+ 1] : []
+ content {
+ path = "/home/notused/.ssh/authorized_keys"
+ key_data = file("${path.module}/azure_public_key")
+ }
+ }
+ }
+
+ boot_diagnostics {
+ enabled = module.common.boot_diagnostics
+ storage_uri = module.common.boot_diagnostics ? join(",", azurerm_storage_account.vm-boot-diagnostics-storage.*.primary_blob_endpoint) : ""
+ }
+}
+
+resource "azurerm_virtual_machine" "vm-instance-availability-zone" {
+ depends_on = [
+ azurerm_network_interface.nic,
+ azurerm_network_interface.nic1,
+ azurerm_network_interface.nic_vip]
+ count = local.availability_set_condition ? 0 : module.common.number_of_vm_instances
+ name = "${var.cluster_name}${count.index+1}"
+ location = module.common.resource_group_location
+ resource_group_name = module.common.resource_group_name
+ zones = [
+ count.index+1]
+ vm_size = module.common.vm_size
+ network_interface_ids = count.index == 0 ? [
+ azurerm_network_interface.nic_vip.id,
+ azurerm_network_interface.nic1.0.id] : [
+ azurerm_network_interface.nic.id,
+ azurerm_network_interface.nic1.1.id]
+ delete_os_disk_on_termination = module.common.delete_os_disk_on_termination
+ primary_network_interface_id = count.index == 0 ? azurerm_network_interface.nic_vip.id : azurerm_network_interface.nic.id
+ identity {
+ type = module.common.vm_instance_identity
+ }
+ storage_image_reference {
+ id = local.custom_image_condition ? azurerm_image.custom-image[0].id : null
+ publisher = local.custom_image_condition ? null : module.common.publisher
+ offer = module.common.vm_os_offer
+ sku = module.common.vm_os_sku
+ version = module.common.vm_os_version
+ }
+
+ storage_os_disk {
+ name = "${var.cluster_name}-${count.index+1}"
+ create_option = module.common.storage_os_disk_create_option
+ caching = module.common.storage_os_disk_caching
+ managed_disk_type = module.common.storage_account_type
+ disk_size_gb = module.common.disk_size
+ }
+
+ dynamic "plan" {
+ for_each = local.custom_image_condition ? [
+ ] : [1]
+ content {
+ name = module.common.vm_os_sku
+ publisher = module.common.publisher
+ product = module.common.vm_os_offer
+ }
+ }
+
+ os_profile {
+ computer_name = "${var.cluster_name}${count.index+1}"
+ admin_username = module.common.admin_username
+ admin_password = module.common.admin_password
+ custom_data = templatefile("${path.module}/cloud-init.sh", {
+ installation_type = module.common.installation_type
+ allow_upload_download = module.common.allow_upload_download
+ os_version = module.common.os_version
+ template_name = module.common.template_name
+ template_version = module.common.template_version
+ template_type = "terraform"
+ is_blink = module.common.is_blink
+ bootstrap_script64 = base64encode(var.bootstrap_script)
+ location = module.common.resource_group_location
+ sic_key = var.sic_key
+ tenant_id = var.tenant_id
+ virtual_network = module.vnet.vnet_name
+ cluster_name = var.cluster_name
+ external_private_addresses = cidrhost(module.vnet.subnet_prefixes[0], 7)
+ enable_custom_metrics = var.enable_custom_metrics ? "yes" : "no"
+ admin_shell = var.admin_shell
+ smart_1_cloud_token = count.index == 0 ? var.smart_1_cloud_token_a : var.smart_1_cloud_token_b
+ serial_console_password_hash = var.serial_console_password_hash
+ maintenance_mode_password_hash = var.maintenance_mode_password_hash
+ })
+ }
+
+ os_profile_linux_config {
+ disable_password_authentication = local.SSH_authentication_type_condition
+
+ dynamic "ssh_keys" {
+ for_each = local.SSH_authentication_type_condition ? [
+ 1] : []
+ content {
+ path = "/home/notused/.ssh/authorized_keys"
+ key_data = file("${path.module}/azure_public_key")
+ }
+ }
+ }
+
+ boot_diagnostics {
+ enabled = module.common.boot_diagnostics
+ storage_uri = module.common.boot_diagnostics ? join(",", azurerm_storage_account.vm-boot-diagnostics-storage.*.primary_blob_endpoint) : ""
+ }
+}
+//********************** Role Assigments **************************//
+data "azurerm_role_definition" "virtual_machine_contributor_role_definition" {
+ name = "Virtual Machine Contributor"
+}
+data "azurerm_role_definition" "reader_role_definition" {
+ name = "Reader"
+}
+data "azurerm_client_config" "client_config" {
+}
+resource "azurerm_role_assignment" "cluster_virtual_machine_contributor_assignment" {
+ count = 2
+ lifecycle {
+ ignore_changes = [
+ role_definition_id, principal_id
+ ]
+ }
+ scope = module.common.resource_group_id
+ role_definition_id = data.azurerm_role_definition.virtual_machine_contributor_role_definition.id
+ principal_id = local.availability_set_condition ? lookup(azurerm_virtual_machine.vm-instance-availability-set[count.index].identity[0], "principal_id") : lookup(azurerm_virtual_machine.vm-instance-availability-zone[count.index].identity[0], "principal_id")
+}
+resource "azurerm_role_assignment" "cluster_reader_assigment" {
+ count = 2
+ lifecycle {
+ ignore_changes = [
+ role_definition_id, principal_id
+ ]
+ }
+ scope = module.common.resource_group_id
+ role_definition_id = data.azurerm_role_definition.reader_role_definition.id
+ principal_id = local.availability_set_condition ? lookup(azurerm_virtual_machine.vm-instance-availability-set[count.index].identity[0], "principal_id") : lookup(azurerm_virtual_machine.vm-instance-availability-zone[count.index].identity[0], "principal_id")
+}
\ No newline at end of file
diff --git a/deprecated/terraform/azure/R8040-R81/high-availability-new-vnet/terraform.tfvars b/deprecated/terraform/azure/R8040-R81/high-availability-new-vnet/terraform.tfvars
new file mode 100644
index 00000000..7cd8490e
--- /dev/null
+++ b/deprecated/terraform/azure/R8040-R81/high-availability-new-vnet/terraform.tfvars
@@ -0,0 +1,36 @@
+//#PLEASE refer to the README.md for accepted values FOR THE VARIABLES BELOW
+client_secret = "PLEASE ENTER CLIENT SECRET" # "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"
+client_id = "PLEASE ENTER CLIENT ID" # "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"
+tenant_id = "PLEASE ENTER TENANT ID" # "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"
+subscription_id = "PLEASE ENTER SUBSCRIPTION ID" # "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"
+source_image_vhd_uri = "PLEASE ENTER SOURCE IMAGE VHD URI OR noCustomUri" # "noCustomUri"
+resource_group_name = "PLEASE ENTER RESOURCE GROUP NAME" # "checkpoint-ha-terraform"
+cluster_name = "PLEASE ENTER CLUSTER NAME" # "checkpoint-ha-terraform"
+location = "PLEASE ENTER LOCATION" # "eastus"
+vnet_name = "PLEASE ENTER VIRTUAL NETWORK NAME" # "checkpoint-ha-vnet"
+address_space = "PLEASE ENTER VIRTUAL NETWORK ADDRESS SPACE" # "10.0.0.0/16"
+subnet_prefixes = "PLEASE ENTER ADDRESS PREFIXES FOR SUBNETS" # ["10.0.1.0/24","10.0.2.0/24"]
+admin_password = "PLEASE ENTER ADMIN PASSWORD" # "xxxxxxxxxxxx"
+smart_1_cloud_token_a = "PASTE TOKEN FROM SMART-1 CLOUD PORTAL" # ""
+smart_1_cloud_token_b = "PASTE TOKEN FROM SMART-1 CLOUD PORTAL" # ""
+sic_key = "PLEASE ENTER SIC KEY" # "xxxxxxxxxxxx"
+vm_size = "PLEASE ENTER VM SIZE" # "Standard_D3_v2"
+disk_size = "PLEASE ENTER DISK SIZE" # "110"
+vm_os_sku = "PLEASE ENTER VM SKU" # "sg-byol"
+vm_os_offer = "PLEASE ENTER VM OFFER" # "check-point-cg-r8110"
+os_version = "PLEASE ENTER GAIA OS VERSION" # "R8110"
+bootstrap_script = "PLEASE ENTER CUSTOM SCRIPT OR LEAVE EMPTY DOUBLE QUOTES" # "touch /home/admin/bootstrap.txt; echo 'hello_world' > /home/admin/bootstrap.txt"
+allow_upload_download = "PLEASE ENTER true or false" # true
+authentication_type = "PLEASE ENTER AUTHENTICATION TYPE" # "Password"
+availability_type = "PLEASE ENTER AVAILABILITY TYPE" # "Availability Zone"
+enable_custom_metrics = "PLEASE ENTER true or false" # true
+enable_floating_ip = "PLEASE ENTER true or false" # false
+use_public_ip_prefix = "PLEASE ENTER true or false" # false
+create_public_ip_prefix = "PLEASE ENTER true or false" # false
+existing_public_ip_prefix_id = "PLEASE ENTER IP PREFIX RESOURCE ID" # ""
+admin_shell = "PLEASE ENTER ADMIN SHELL" # "/etc/cli.sh"
+serial_console_password_hash = "PLEASE ENTER SERIAL CONSOLE PASSWORD HASH" # "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"
+maintenance_mode_password_hash = "PLEASE ENTER MAINTENANCE MODE PASSWORD HASH" # "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"
+nsg_id = "PLEASE ENTER NETWORK SECURITY GROUP ID" # ""
+add_storage_account_ip_rules = "PLEASE ENTER true or false" # false
+storage_account_additional_ips = "PLEASE ENTER A LIST OF VALID IPS/CIDRS" # []
\ No newline at end of file
diff --git a/deprecated/terraform/azure/R8040-R81/high-availability-new-vnet/variables.tf b/deprecated/terraform/azure/R8040-R81/high-availability-new-vnet/variables.tf
new file mode 100644
index 00000000..6bb79338
--- /dev/null
+++ b/deprecated/terraform/azure/R8040-R81/high-availability-new-vnet/variables.tf
@@ -0,0 +1,328 @@
+//********************** Basic Configuration Variables **************************//
+variable "cluster_name" {
+ description = "Cluster name"
+ type = string
+}
+
+variable "resource_group_name" {
+ description = "Azure Resource Group name to build into"
+ type = string
+}
+
+variable "location" {
+ description = "The location/region where resources will be created. The full list of Azure regions can be found at https://azure.microsoft.com/regions"
+ type = string
+}
+
+//********************** Virtual Machine Instances Variables **************************//
+variable "availability_type" {
+ description = "Specifies whether to deploy the solution based on Azure Availability Set or based on Azure Availability Zone."
+ type = string
+ default = "Availability Zone"
+}
+
+locals { // locals for 'availability_type' allowed values
+ availability_type_allowed_values = [
+ "Availability Zone",
+ "Availability Set"
+ ]
+ // will fail if [var.availability_type] is invalid:
+ validate_availability_type_value = index(local.availability_type_allowed_values, var.availability_type)
+}
+
+variable "source_image_vhd_uri" {
+ type = string
+ description = "The URI of the blob containing the development image. Please use noCustomUri if you want to use marketplace images."
+ default = "noCustomUri"
+}
+
+variable "admin_username" {
+ description = "Administrator username of deployed VM. Due to Azure limitations 'notused' name can be used"
+ default = "notused"
+}
+
+variable "admin_password" {
+ description = "Administrator password of deployed Virtual Macine. The password must meet the complexity requirements of Azure"
+ type = string
+}
+
+variable "serial_console_password_hash" {
+ description = "Optional parameter, used to enable serial console connection in case of SSH key as authentication type"
+ type = string
+}
+
+variable "maintenance_mode_password_hash" {
+ description = "Maintenance mode password hash, relevant only for R81.20 and higher versions"
+ type = string
+}
+
+variable "smart_1_cloud_token_a" {
+ description = "Smart-1 Cloud Token, for configuring member A"
+ type = string
+}
+
+variable "smart_1_cloud_token_b" {
+ description = "Smart-1 Cloud Token, for configuring member B"
+ type = string
+}
+
+variable "sic_key" {
+ description = "Secure Internal Communication(SIC) key"
+ type = string
+}
+resource "null_resource" "sic_key_invalid" {
+ count = length(var.sic_key) >= 12 ? 0 : "SIC key must be at least 12 characters long"
+}
+
+variable "template_name" {
+ description = "Template name. Should be defined according to deployment type(ha, vmss)"
+ type = string
+ default = "ha_terraform"
+}
+
+variable "template_version" {
+ description = "Template version. It is reccomended to always use the latest template version"
+ type = string
+ default = "20230910"
+}
+
+variable "installation_type" {
+ description = "Installaiton type"
+ type = string
+ default = "cluster"
+}
+
+variable "number_of_vm_instances" {
+ description = "Number of VM instances to deploy "
+ type = string
+ default = "2"
+}
+
+variable "vm_size" {
+ description = "Specifies size of Virtual Machine"
+ type = string
+}
+
+variable "disk_size" {
+ description = "Storage data disk size size(GB). Select a number between 100 and 3995"
+ type = string
+}
+
+variable "os_version" {
+ description = "GAIA OS version"
+ type = string
+}
+
+locals { // locals for 'vm_os_offer' allowed values
+ os_version_allowed_values = [
+ "R8040",
+ "R81",
+ "R8110",
+ "R8120"
+ ]
+ // will fail if [var.os_version] is invalid:
+ validate_os_version_value = index(local.os_version_allowed_values, var.os_version)
+}
+
+variable "vm_os_sku" {
+ description = "The sku of the image to be deployed."
+ type = string
+}
+
+variable "vm_os_offer" {
+ description = "The name of the image offer to be deployed.Choose from: check-point-cg-r8040, check-point-cg-r81, check-point-cg-r8110, check-point-cg-r8120"
+ type = string
+}
+
+locals { // locals for 'vm_os_offer' allowed values
+ vm_os_offer_allowed_values = [
+ "check-point-cg-r8040",
+ "check-point-cg-r81",
+ "check-point-cg-r8110",
+ "check-point-cg-r8120"
+ ]
+ // will fail if [var.vm_os_offer] is invalid:
+ validate_os_offer_value = index(local.vm_os_offer_allowed_values, var.vm_os_offer)
+}
+
+variable "authentication_type" {
+ description = "Specifies whether a password authentication or SSH Public Key authentication should be used"
+ type = string
+}
+locals { // locals for 'authentication_type' allowed values
+ authentication_type_allowed_values = [
+ "Password",
+ "SSH Public Key"
+ ]
+ // will fail if [var.authentication_type] is invalid:
+ validate_authentication_type_value = index(local.authentication_type_allowed_values, var.authentication_type)
+}
+
+variable "allow_upload_download" {
+ description = "Automatically download Blade Contracts and other important data. Improve product experience by sending data to Check Point"
+ type = bool
+}
+
+variable "is_blink" {
+ description = "Define if blink image is used for deployment"
+ default = true
+}
+
+variable "admin_shell" {
+ description = "The admin shell to configure on machine or the first time"
+ type = string
+ default = "/etc/cli.sh"
+}
+
+locals {
+ admin_shell_allowed_values = [
+ "/etc/cli.sh",
+ "/bin/bash",
+ "/bin/csh",
+ "/bin/tcsh"
+ ]
+ // Will fail if [var.admin_shell] is invalid
+ validate_admin_shell_value = index(local.admin_shell_allowed_values, var.admin_shell)
+}
+
+//********************** Natworking Variables **************************//
+variable "vnet_name" {
+ description = "Virtual Network name"
+ type = string
+}
+
+variable "address_space" {
+ description = "The address space that is used by a Virtual Network."
+ type = string
+ default = "10.0.0.0/16"
+}
+
+variable "subnet_prefixes" {
+ description = "Address prefix to be used for netwok subnets"
+ type = list(string)
+ default = [
+ "10.0.0.0/24",
+ "10.0.1.0/24"]
+}
+
+variable "lb_probe_name" {
+ description = "Name to be used for lb health probe"
+ default = "health_prob_port"
+}
+
+variable "lb_probe_port" {
+ description = "Port to be used for load balancer health probes and rules"
+ default = "8117"
+}
+
+variable "lb_probe_protocol" {
+ description = "Protocols to be used for load balancer health probes and rules"
+ default = "Tcp"
+}
+
+variable "lb_probe_unhealthy_threshold" {
+ description = "Number of times load balancer health probe has an unsuccessful attempt before considering the endpoint unhealthy."
+ default = 2
+}
+
+variable "lb_probe_interval" {
+ description = "Interval in seconds load balancer health probe rule perfoms a check"
+ default = 5
+}
+
+variable "bootstrap_script" {
+ description = "An optional script to run on the initial boot"
+ #example:
+ #"touch /home/admin/bootstrap.txt; echo 'hello_world' > /home/admin/bootstrap.txt"
+}
+
+variable "nsg_id" {
+ description = "NSG ID - Optional - if empty use default NSG"
+ default = ""
+}
+
+variable "add_storage_account_ip_rules" {
+ type = bool
+ default = false
+ description = "Add Storage Account IP rules that allow access to the Serial Console only for IPs based on their geographic location"
+}
+
+variable "storage_account_additional_ips" {
+ type = list(string)
+ description = "IPs/CIDRs that are allowed access to the Storage Account"
+ default = []
+}
+//********************** Credentials **************************//
+
+variable "tenant_id" {
+ description = "Tenant ID"
+ type = string
+}
+
+variable "subscription_id" {
+ description = "Subscription ID"
+ type = string
+}
+
+variable "client_id" {
+ description = "Aplication ID(Client ID)"
+ type = string
+}
+
+variable "client_secret" {
+ description = "A secret string that the application uses to prove its identity when requesting a token. Also can be referred to as application password."
+ type = string
+}
+
+variable "sku" {
+ description = "SKU"
+ type = string
+ default = "Standard"
+}
+
+variable "enable_custom_metrics" {
+ description = "Indicates whether CloudGuard Metrics will be use for Cluster members monitoring."
+ type = bool
+ default = true
+}
+
+variable "enable_floating_ip" {
+ description = "Indicates whether the load balancers will be deployed with floating IP."
+ type = bool
+ default = false
+}
+
+variable "use_public_ip_prefix" {
+ description = "Indicates whether the public IP resources will be deployed with public IP prefix."
+ type = bool
+ default = false
+}
+
+variable "create_public_ip_prefix" {
+ description = "Indicates whether the public IP prefix will created or an existing will be used."
+ type = bool
+ default = false
+}
+
+variable "existing_public_ip_prefix_id" {
+ description = "The existing public IP prefix resource id."
+ type = string
+ default = ""
+}
+
+locals{
+ # Validate both s1c tokens are used or both empty
+ is_both_tokens_used = length(var.smart_1_cloud_token_a) > 0 == length(var.smart_1_cloud_token_b) > 0
+ validation_message_both = "To connect to Smart-1 Cloud, you must provide two tokens (one per member)"
+ _ = regex("^$", (local.is_both_tokens_used ? "" : local.validation_message_both))
+
+ is_tokens_used = length(var.smart_1_cloud_token_a) > 0
+ # Validate both s1c tokens are unqiue
+ token_parts_a = split(" ",var.smart_1_cloud_token_a)
+ token_parts_b = split(" ",var.smart_1_cloud_token_b)
+ acutal_token_a = local.token_parts_a[length(local.token_parts_a) - 1]
+ acutal_token_b = local.token_parts_b[length(local.token_parts_b) - 1]
+ is_both_tokens_the_same = local.acutal_token_a == local.acutal_token_b
+ validation_message_unique = "Same Smart-1 Cloud token used for both memeber, you must provide unique token for each member"
+ __ = local.is_tokens_used ? regex("^$", (local.is_both_tokens_the_same ? local.validation_message_unique : "")) : ""
+}
\ No newline at end of file
diff --git a/deprecated/terraform/azure/R8040-R81/high-availability-new-vnet/versions.tf b/deprecated/terraform/azure/R8040-R81/high-availability-new-vnet/versions.tf
new file mode 100644
index 00000000..0d5ca4f3
--- /dev/null
+++ b/deprecated/terraform/azure/R8040-R81/high-availability-new-vnet/versions.tf
@@ -0,0 +1,12 @@
+terraform {
+ required_version = ">= 0.14.3"
+ required_providers {
+ azurerm = {
+ source = "hashicorp/azurerm"
+ version = "~> 3.81.0"
+ }
+ random = {
+ version = "~> 3.5.1"
+ }
+ }
+}
\ No newline at end of file
diff --git a/deprecated/terraform/azure/R8040-R81/management-existing-vnet/README.md b/deprecated/terraform/azure/R8040-R81/management-existing-vnet/README.md
new file mode 100644
index 00000000..3ab73dbd
--- /dev/null
+++ b/deprecated/terraform/azure/R8040-R81/management-existing-vnet/README.md
@@ -0,0 +1,189 @@
+# Check Point CloudGuard IaaS Management Terraform deployment for Azure
+
+This Terraform module deploys Check Point CloudGuard IaaS Management solution into an existing Vnet in Azure.
+As part of the deployment the following resources are created:
+- Resource group
+- Network security group
+- Virtual Machine
+- System assigned identity
+
+This solution uses the following modules:
+- /terraform/azure/modules/common - used for creating a resource group and defining common variables.
+- /terraform/azure/modules/network-security-group - used for creating new network security groups and rules.
+
+
+## Configurations
+- Install and configure Terraform to provision Azure resources: [Configure Terraform for Azure](https://docs.microsoft.com/en-us/azure/virtual-machines/linux/terraform-install-configure)
+- In order to use ssh connection to VMs, it is **required** to add a public key to the /terraform/azure/management-existing-vnet/azure_public_key file.
+
+## Usage
+- Choose the preferred login method to Azure in order to deploy the solution:
+
1. Using Service Principal:
+ - Create a [Service Principal](https://docs.microsoft.com/en-us/azure/active-directory/develop/howto-create-service-principal-portal) (or use the existing one)
+ - Grant the Service Principal at least "**Managed Application Contributor**", "**Storage Account Contributor**", "**Network Contributor**", "**Virtual Machine Contributor**" permissions to the Azure subscription
+ - The Service Principal credentials can be stored either in the terraform.tfvars or as [Environment Variables](https://www.terraform.io/docs/providers/azuread/guides/service_principal_client_secret.html)
+
+ In case the Environment Variables are used, perform modifications described below:
+
+ a. The next lines in the main.tf file, in the provider azurerm resource, need to be deleted or commented:
+
+ provider "azurerm" {
+
+ // subscription_id = var.subscription_id
+ // client_id = var.client_id
+ // client_secret = var.client_secret
+ // tenant_id = var.tenant_id
+
+ features {}
+ }
+
+ b. In the terraform.tfvars file leave empty double quotes for client_secret, client_id , tenant_id and subscription_id variables:
+
+ client_secret = ""
+ client_id = ""
+ tenant_id = ""
+ subscription_id = ""
+
+
2. Using **az** commands from a command-line:
+ - Run **az login** command
+ - Sign in with your account credentials in the browser
+ - [Accept Azure Marketplace image terms](https://docs.microsoft.com/en-us/cli/azure/vm/image/terms?view=azure-cli-latest) by running:
+
**az vm image terms accept --urn publisher:offer:sku:version**, where:
+ - publisher = checkpoint;
+ - offer = vm_os_offer (see accepted values in the table below);
+ - sku = vm_os_sku (see accepted values in the table below);
+ - version = latest
+
Example:
+ az vm image terms accept --urn checkpoint:check-point-cg-r8040:sg-byol:latest
+
+ - In the terraform.tfvars file leave empty double quotes for client_secret, client_id and tenant_id variables.
+
+- Fill all variables in the /terraform/azure/management-existing-vnet/terraform.tfvars file with proper values (see below for variables descriptions).
+- From a command line initialize the Terraform configuration directory:
+
+ terraform init
+- Create an execution plan:
+
+ terraform plan
+- Create or modify the deployment:
+
+ terraform apply
+
+### terraform.tfvars variables:
+ | Name | Description | Type | Allowed values | Default |
+ | ------------- | ------------- | ------------- | ------------- | ------------- |
+ | **client_secret** | The client secret of the Service Principal used to deploy the solution | string | | n/a
+ | | | | | |
+ | **client_id** | The client ID of the Service Principal used to deploy the solution | string | | n/a
+ | | | | | |
+ | **tenant_id** | The tenant ID of the Service Principal used to deploy the solution | string | | n/a
+ | | | | | |
+ | **subscription_id** | The subscription ID is used to pay for Azure cloud services | string | | n/a
+ | | | | | |
+ | **source_image_vhd_uri** | The URI of the blob containing the development image. Please use noCustomUri if you want to use marketplace images | string | | "noCustomUri"
+ | | | | | |
+ | **resource_group_name** | The name of the resource group that will contain the contents of the deployment | string | Resource group names only allow alphanumeric characters, periods, underscores, hyphens and parenthesis and cannot end in a period | n/a
+ | | | | | |
+ | **mgmt_name** | Management name | string | | n/a
+ | | | | | |
+ | **location** | The region where the resources will be deployed at | string | The full list of Azure regions can be found at https://azure.microsoft.com/regions | n/a
+ | | | | | |
+ | **vnet_name** | Virtual Network name | string | The name must begin with a letter or number, end with a letter, number or underscore, and may contain only letters, numbers, underscores, periods, or hyphens | n/a
+ | | | | | |
+ | **vnet_resource_group** | Resource Group of the existing virtual network | string | The exact name of the existing vnet's resource group | n/a
+ | | | | | |
+ | **management_subnet_name** | Management subnet name | string | The exact name of the existing subnet | n/a
+ | | | | | |
+ | **subnet_1st_Address** | The first available address of the subnet | string | | n/a
+ | | | | | |
+ | **management_GUI_client_network** | Allowed GUI clients - GUI clients network CIDR | string | | n/a
+ | | | | | |
+ | **mgmt_enable_api** | Enable api access to the management | string | - "all";
- "management_only";
- "gui_clients"
- "disable"; | "disable"
+ | | | | | |
+ | **admin_password** | The password associated with the local administrator account on each cluster member | string | Password must have 3 of the following: 1 lower case character, 1 upper case character, 1 number, and 1 special character | n/a
+ | | | | | |
+ | **vm_size** | Specifies the size of Virtual Machine | string | "Standard_DS2_v2", "Standard_DS3_v2", "Standard_DS4_v2", "Standard_DS5_v2", "Standard_F2s", "Standard_F4s", "Standard_F8s", "Standard_F16s", "Standard_D4s_v3", "Standard_D8s_v3", "Standard_D16s_v3", "Standard_D32s_v3", "Standard_D64s_v3", "Standard_E4s_v3", "Standard_E8s_v3", "Standard_E16s_v3", "Standard_E20s_v3", "Standard_E32s_v3", "Standard_E64s_v3", "Standard_E64is_v3", "Standard_F4s_v2", "Standard_F8s_v2", "Standard_F16s_v2", "Standard_F32s_v2", "Standard_F64s_v2", "Standard_M8ms", "Standard_M16ms", "Standard_M32ms", "Standard_M64ms", "Standard_M64s", "Standard_D2_v2", "Standard_D3_v2", "Standard_D4_v2", "Standard_D5_v2", "Standard_D11_v2", "Standard_D12_v2", "Standard_D13_v2", "Standard_D14_v2", "Standard_D15_v2", "Standard_F2", "Standard_F4", "Standard_F8", "Standard_F16", "Standard_D4_v3", "Standard_D8_v3", "Standard_D16_v3", "Standard_D32_v3", "Standard_D64_v3", "Standard_E4_v3", "Standard_E8_v3", "Standard_E16_v3", "Standard_E20_v3", "Standard_E32_v3", "Standard_E64_v3", "Standard_E64i_v3", "Standard_DS11_v2", "Standard_DS12_v2", "Standard_DS13_v2", "Standard_DS14_v2", "Standard_DS15_v2", "Standard_D2_v5", "Standard_D4_v5", "Standard_D8_v5", "Standard_D16_v5","Standard_D32_v5", "Standard_D2s_v5", "Standard_D4s_v5", "Standard_D8s_v5", "Standard_D16s_v5", "Standard_D2d_v5", "Standard_D4d_v5", "Standard_D8d_v5", "Standard_D16d_v5", "Standard_D32d_v5", "Standard_D2ds_v5", "Standard_D4ds_v5", "Standard_D8ds_v5", "Standard_D16ds_v5", "Standard_D32ds_v5" | n/a
+ | | | | | |
+ | **disk_size** | Storage data disk size size(GB) | string | A number in the range 100 - 3995 (GB) | n/a
+ | | | | | |
+ | **vm_os_sku** | A sku of the image to be deployed | string | "mgmt-byol" - BYOL license;
"mgmt-25" - PAYG; | n/a
+ | | | | | |
+ | **vm_os_offer** | The name of the image offer to be deployed | string | "check-point-cg-r8040";
"check-point-cg-r81";
"check-point-cg-r8110";
"check-point-cg-r8120"; | n/a
+ | | | | | |
+ | **os_version** | GAIA OS version | string | "R8040";
"R81";
"R8110";
"R8120";| n/a
+ | | | | | |
+ | **bootstrap_script** | An optional script to run on the initial boot | string | Bootstrap script example:
"touch /home/admin/bootstrap.txt; echo 'hello_world' > /home/admin/bootstrap.txt"
The script will create bootstrap.txt file in the /home/admin/ and add 'hello word' string into it | ""
+ | | | | | |
+ | **allow_upload_download** | Automatically download Blade Contracts and other important data. Improve product experience by sending data to Check Point | boolean | true;
false; | n/a
+ | | | | | |
+ | **authentication_type** | Specifies whether a password authentication or SSH Public Key authentication should be used | string | "Password";
"SSH Public Key"; | n/a
+ | | | | | |
+ | **admin_shell** | Enables to select different admin shells | string | /etc/cli.sh;
/bin/bash;
/bin/csh;
/bin/tcsh; | "/etc/cli.sh"
+ | | | | | |
+ | **serial_console_password_hash** | Optional parameter, used to enable serial console connection in case of SSH key as authentication type, to generate password hash use the command 'openssl passwd -6 PASSWORD' on Linux and paste it here | string | | n/a
+ | | | | | |
+ | **maintenance_mode_password_hash** | Maintenance mode password hash, relevant only for R81.20 and higher versions, to generate a password hash use the command 'grub2-mkpasswd-pbkdf2' on Linux and paste it here | string | | n/a
+ | | | | | |
+ | **nsg_id** | Optional ID for a Network Security Group that already exists in Azure, if not provided, will create a default NSG | string | Existing NSG resource ID | ""
+ | | | | | |
+ | **add_storage_account_ip_rules** | Add Storage Account IP rules that allow access to the Serial Console only for IPs based on their geographic location, if false then accses will be allowed from all networks | boolean | true;
false; | false
+ | | | | | |
+ | **storage_account_additional_ips** | IPs/CIDRs that are allowed access to the Storage Account | list(string) | A list of valid IPs and CIDRs | []
+
+
+## Example
+ client_secret = "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"
+ client_id = "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"
+ tenant_id = "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"
+ subscription_id = "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"
+ source_image_vhd_uri = "noCustomUri"
+ resource_group_name = "checkpoint-mgmt-terraform"
+ mgmt_name = "checkpoint-mgmt-terraform"
+ location = "eastus"
+ vnet_name = "checkpoint-mgmt-vnet"
+ vnet_resource_group = "existing-vnet"
+ management_subnet_name = "mgmt-subnet"
+ subnet_1st_Address = "10.0.1.4"
+ management_GUI_client_network = "0.0.0.0/0"
+ mgmt_enable_api = "disable"
+ admin_password = "xxxxxxxxxxxx"
+ vm_size = "Standard_D3_v2"
+ disk_size = "110"
+ vm_os_sku = "mgmt-byol"
+ vm_os_offer = "check-point-cg-r8110"
+ os_version = "R8110"
+ bootstrap_script = "touch /home/admin/bootstrap.txt; echo 'hello_world' > /home/admin/bootstrap.txt"
+ allow_upload_download = true
+ authentication_type = "Password"
+ admin_shell = "/etc/cli.sh"
+ serial_console_password_hash = "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"
+ maintenance_mode_password_hash = "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"
+ nsg_id = ""
+ add_storage_account_ip_rules = false
+ storage_account_additional_ips = []
+
+
+## Revision History
+In order to check the template version refer to the [sk116585](https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk116585)
+
+| Template Version | Description |
+| ---------------- | ------------- |
+| 20240613 | - Updated Azure Terraform provider version
- Cosmetic fixes & default values
- Added option to limit storage account access by specify allowed sourcess
- Updated Public IP sku to Standard
- Added validation for os_version & os_offer |
+| | | |
+| 20230910 | - R81.20 is the default version |
+| | | |
+| 20221124 | - Added R81.20 support
- Upgraded azurerm provider |
+| | | |
+| 20220111 | - Added support to select different shells |
+| | | |
+| 20210309 | - Add "source_image_vhd_uri" variable for using a custom development image |
+| | | |
+| 20210111 | First release of Check Point CloudGuard IaaS Management Terraform deployment into an existing Vnet in Azure |
+| | | |
+| | Addition of "templateType" parameter to "cloud-version" files |
+| | | |
+
+## License
+
+See the [LICENSE](../../LICENSE) file for details
+
diff --git a/deprecated/terraform/azure/R8040-R81/management-existing-vnet/azure_public_key b/deprecated/terraform/azure/R8040-R81/management-existing-vnet/azure_public_key
new file mode 100644
index 00000000..e69de29b
diff --git a/deprecated/terraform/azure/R8040-R81/management-existing-vnet/cloud-init.sh b/deprecated/terraform/azure/R8040-R81/management-existing-vnet/cloud-init.sh
new file mode 100644
index 00000000..4639554e
--- /dev/null
+++ b/deprecated/terraform/azure/R8040-R81/management-existing-vnet/cloud-init.sh
@@ -0,0 +1,16 @@
+#!/usr/bin/python3 /etc/cloud_config.py
+
+installationType="${installation_type}"
+allowUploadDownload="${allow_upload_download}"
+osVersion="${os_version}"
+templateName="${template_name}"
+templateVersion="${template_version}"
+templateType="${template_type}"
+isBlink="${is_blink}"
+bootstrapScript64="${bootstrap_script64}"
+location="${location}"
+managementGUIClientNetwork="${management_GUI_client_network}"
+enableApi="${enable_api}"
+adminShell="${admin_shell}"
+passwordHash="${serial_console_password_hash}"
+MaintenanceModePassword="${maintenance_mode_password_hash}"
diff --git a/deprecated/terraform/azure/R8040-R81/management-existing-vnet/main.tf b/deprecated/terraform/azure/R8040-R81/management-existing-vnet/main.tf
new file mode 100644
index 00000000..7b0d1ffe
--- /dev/null
+++ b/deprecated/terraform/azure/R8040-R81/management-existing-vnet/main.tf
@@ -0,0 +1,312 @@
+//********************** Providers **************************//
+provider "azurerm" {
+ subscription_id = var.subscription_id
+ client_id = var.client_id
+ client_secret = var.client_secret
+ tenant_id = var.tenant_id
+
+ features {}
+}
+
+//********************** Basic Configuration **************************//
+module "common" {
+ source = "../modules/common"
+ resource_group_name = var.resource_group_name
+ location = var.location
+ admin_password = var.admin_password
+ installation_type = var.installation_type
+ template_name = var.template_name
+ template_version = var.template_version
+ number_of_vm_instances = 1
+ allow_upload_download = var.allow_upload_download
+ vm_size = var.vm_size
+ disk_size = var.disk_size
+ is_blink = false
+ os_version = var.os_version
+ vm_os_sku = var.vm_os_sku
+ vm_os_offer = var.vm_os_offer
+ authentication_type = var.authentication_type
+ serial_console_password_hash = var.serial_console_password_hash
+ maintenance_mode_password_hash = var.maintenance_mode_password_hash
+ storage_account_additional_ips = var.storage_account_additional_ips
+}
+
+//********************** Networking **************************//
+data "azurerm_subnet" "mgmt_subnet" {
+ name = var.management_subnet_name
+ virtual_network_name = var.vnet_name
+ resource_group_name = var.vnet_resource_group
+}
+
+resource "azurerm_public_ip" "public-ip" {
+ name = var.mgmt_name
+ location = module.common.resource_group_location
+ resource_group_name = module.common.resource_group_name
+ allocation_method = var.vnet_allocation_method
+ sku = var.sku
+ idle_timeout_in_minutes = 30
+ domain_name_label = join("", [
+ lower(var.mgmt_name),
+ "-",
+ random_id.randomId.hex])
+}
+
+module "network-security-group" {
+ source = "../modules/network-security-group"
+ count = var.nsg_id == "" ? 1 : 0
+ resource_group_name = module.common.resource_group_name
+ security_group_name = "${module.common.resource_group_name}-nsg"
+ location = module.common.resource_group_location
+ security_rules = [
+ {
+ name = "SSH"
+ priority = "100"
+ direction = "Inbound"
+ access = "Allow"
+ protocol = "Tcp"
+ source_port_ranges = "*"
+ destination_port_ranges = "22"
+ description = "Allow inbound SSH connection"
+ source_address_prefix = var.management_GUI_client_network
+ destination_address_prefix = "*"
+ },
+ {
+ name = "GAiA-portal"
+ priority = "110"
+ direction = "Inbound"
+ access = "Allow"
+ protocol = "Tcp"
+ source_port_ranges = "*"
+ destination_port_ranges = "443"
+ description = "Allow inbound HTTPS access to the GAiA portal"
+ source_address_prefix = var.management_GUI_client_network
+ destination_address_prefix = "*"
+ },
+ {
+ name = "SmartConsole-1"
+ priority = "120"
+ direction = "Inbound"
+ access = "Allow"
+ protocol = "Tcp"
+ source_port_ranges = "*"
+ destination_port_ranges = "18190"
+ description = "Allow inbound access using the SmartConsole GUI client"
+ source_address_prefix = var.management_GUI_client_network
+ destination_address_prefix = "*"
+ },
+ {
+ name = "SmartConsole-2"
+ priority = "130"
+ direction = "Inbound"
+ access = "Allow"
+ protocol = "Tcp"
+ source_port_ranges = "*"
+ destination_port_ranges = "19009"
+ description = "Allow inbound access using the SmartConsole GUI client"
+ source_address_prefix = var.management_GUI_client_network
+ destination_address_prefix = "*"
+ },
+ {
+ name = "Logs"
+ priority = "140"
+ direction = "Inbound"
+ access = "Allow"
+ protocol = "Tcp"
+ source_port_ranges = "*"
+ destination_port_ranges = "257"
+ description = "Allow inbound logging connections from managed gateways"
+ source_address_prefix = "*"
+ destination_address_prefix = "*"
+ },
+ {
+ name = "ICA-pull"
+ priority = "150"
+ direction = "Inbound"
+ access = "Allow"
+ protocol = "Tcp"
+ source_port_ranges = "*"
+ destination_port_ranges = "18210"
+ description = "Allow security gateways to pull a SIC certificate"
+ source_address_prefix = "*"
+ destination_address_prefix = "*"
+ },
+ {
+ name = "CRL-fetch"
+ priority = "160"
+ direction = "Inbound"
+ access = "Allow"
+ protocol = "Tcp"
+ source_port_ranges = "*"
+ destination_port_ranges = "18264"
+ description = "Allow security gateways to fetch CRLs"
+ source_address_prefix = "*"
+ destination_address_prefix = "*"
+ },
+ {
+ name = "Policy-fetch"
+ priority = "170"
+ direction = "Inbound"
+ access = "Allow"
+ protocol = "Tcp"
+ source_port_ranges = "*"
+ destination_port_ranges = "18191"
+ description = "Allow security gateways to fetch policy"
+ source_address_prefix = "*"
+ destination_address_prefix = "*"
+ }
+ ]
+}
+
+resource "azurerm_network_interface_security_group_association" "security_group_association" {
+ depends_on = [azurerm_network_interface.nic]
+ network_interface_id = azurerm_network_interface.nic.id
+ network_security_group_id = var.nsg_id == "" ? module.network-security-group[0].network_security_group_id: var.nsg_id
+}
+
+resource "azurerm_network_interface" "nic" {
+ depends_on = [
+ azurerm_public_ip.public-ip]
+ name = "${var.mgmt_name}-eth0"
+ location = module.common.resource_group_location
+ resource_group_name = module.common.resource_group_name
+ enable_ip_forwarding = false
+
+ ip_configuration {
+ name = "ipconfig1"
+ subnet_id = data.azurerm_subnet.mgmt_subnet.id
+ private_ip_address_allocation = var.vnet_allocation_method
+ private_ip_address = var.subnet_1st_Address
+ public_ip_address_id = azurerm_public_ip.public-ip.id
+ }
+}
+
+//********************** Storage accounts **************************//
+// Generate random text for a unique storage account name
+resource "random_id" "randomId" {
+ keepers = {
+ # Generate a new ID only when a new resource group is defined
+ resource_group = module.common.resource_group_name
+ }
+ byte_length = 8
+}
+resource "azurerm_storage_account" "vm-boot-diagnostics-storage" {
+ name = "bootdiag${random_id.randomId.hex}"
+ resource_group_name = module.common.resource_group_name
+ location = module.common.resource_group_location
+ account_tier = module.common.storage_account_tier
+ account_replication_type = module.common.account_replication_type
+ account_kind = "Storage"
+ network_rules {
+ default_action = var.add_storage_account_ip_rules ? "Deny" : "Allow"
+ ip_rules = module.common.storage_account_ip_rules
+ }
+ blob_properties {
+ delete_retention_policy {
+ days = "15"
+ }
+ }
+
+}
+
+//********************** Virtual Machines **************************//
+locals {
+ SSH_authentication_type_condition = var.authentication_type == "SSH Public Key" ? true : false
+ custom_image_condition = var.source_image_vhd_uri == "noCustomUri" ? false : true
+}
+
+resource "azurerm_image" "custom-image" {
+ count = local.custom_image_condition ? 1 : 0
+ name = "custom-image"
+ location = var.location
+ resource_group_name = module.common.resource_group_name
+
+ os_disk {
+ os_type = "Linux"
+ os_state = "Generalized"
+ blob_uri = var.source_image_vhd_uri
+ }
+}
+
+resource "azurerm_virtual_machine" "mgmt-vm-instance" {
+ depends_on = [
+ azurerm_network_interface.nic]
+ location = module.common.resource_group_location
+ name = var.mgmt_name
+ network_interface_ids = [
+ azurerm_network_interface.nic.id]
+ resource_group_name = module.common.resource_group_name
+ vm_size = module.common.vm_size
+ delete_os_disk_on_termination = module.common.delete_os_disk_on_termination
+ primary_network_interface_id = azurerm_network_interface.nic.id
+
+ identity {
+ type = module.common.vm_instance_identity
+ }
+
+ dynamic "plan" {
+ for_each = local.custom_image_condition ? [
+ ] : [1]
+ content {
+ name = module.common.vm_os_sku
+ publisher = module.common.publisher
+ product = module.common.vm_os_offer
+ }
+ }
+
+ boot_diagnostics {
+ enabled = module.common.boot_diagnostics
+ storage_uri = module.common.boot_diagnostics ? join(",", azurerm_storage_account.vm-boot-diagnostics-storage.*.primary_blob_endpoint) : ""
+ }
+
+ os_profile {
+ computer_name = var.mgmt_name
+ admin_username = module.common.admin_username
+ admin_password = module.common.admin_password
+ custom_data = templatefile("${path.module}/cloud-init.sh", {
+ installation_type = module.common.installation_type
+ allow_upload_download = module.common.allow_upload_download
+ os_version = module.common.os_version
+ template_name = module.common.template_name
+ template_version = module.common.template_version
+ template_type = "terraform"
+ is_blink = module.common.is_blink
+ bootstrap_script64 = base64encode(var.bootstrap_script)
+ location = module.common.resource_group_location
+ management_GUI_client_network = var.management_GUI_client_network
+ enable_api = var.mgmt_enable_api
+ admin_shell = var.admin_shell
+ serial_console_password_hash = var.serial_console_password_hash
+ maintenance_mode_password_hash = var.maintenance_mode_password_hash
+ })
+ }
+
+
+ os_profile_linux_config {
+ disable_password_authentication = local.SSH_authentication_type_condition
+
+ dynamic "ssh_keys" {
+ for_each = local.SSH_authentication_type_condition ? [
+ 1] : []
+ content {
+ path = "/home/notused/.ssh/authorized_keys"
+ key_data = file("${path.module}/azure_public_key")
+ }
+ }
+ }
+
+ storage_image_reference {
+ id = local.custom_image_condition ? azurerm_image.custom-image[0].id : null
+ publisher = local.custom_image_condition ? null : module.common.publisher
+ offer = module.common.vm_os_offer
+ sku = module.common.vm_os_sku
+ version = module.common.vm_os_version
+ }
+
+ storage_os_disk {
+ name = var.mgmt_name
+ create_option = module.common.storage_os_disk_create_option
+ caching = module.common.storage_os_disk_caching
+ managed_disk_type = module.common.storage_account_type
+ disk_size_gb = module.common.disk_size
+ }
+}
\ No newline at end of file
diff --git a/deprecated/terraform/azure/R8040-R81/management-existing-vnet/terraform.tfvars b/deprecated/terraform/azure/R8040-R81/management-existing-vnet/terraform.tfvars
new file mode 100644
index 00000000..ea2f8f7e
--- /dev/null
+++ b/deprecated/terraform/azure/R8040-R81/management-existing-vnet/terraform.tfvars
@@ -0,0 +1,30 @@
+#PLEASE refer to the README.md for accepted values FOR THE VARIABLES BELOW
+client_secret = "PLEASE ENTER CLIENT SECRET" # "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"
+client_id = "PLEASE ENTER CLIENT ID" # "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"
+tenant_id = "PLEASE ENTER TENANT ID" # "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"
+subscription_id = "PLEASE ENTER SUBSCRIPTION ID" # "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"
+source_image_vhd_uri = "PLEASE ENTER SOURCE IMAGE VHD URI OR noCustomUri" # "noCustomUri"
+resource_group_name = "PLEASE ENTER RESOURCE GROUP NAME" # "checkpoint-mgmt-terraform"
+mgmt_name = "PLEASE ENTER MANAGEMENT NAME" # "checkpoint-mgmt-terraform"
+location = "PLEASE ENTER LOCATION" # "eastus"
+vnet_name = "PLEASE ENTER VIRTUAL NETWORK NAME" # "checkpoint-mgmt-vnet"
+vnet_resource_group = "PLEASE ENTER VIRTUAL NETWORK'S RESOURCE GROUP NAME" # "existing-vnet"
+management_subnet_name = "PLEASE ENTER MGMT SUBNET NAME" # "mgmt-subnet"
+subnet_1st_Address = "PLEASE ENTER AVAILABLE ADDRESS OF THE SUBNET" # "10.0.1.4"
+management_GUI_client_network = "PLEASE ENTER A MANAGEMENT GUI CLIENT NETWORK" # "0.0.0.0/0"
+mgmt_enable_api = "PLEASE ENTER FOR WHOM TO ENABLE API ACCESS OR disable" # "disable"
+admin_password = "PLEASE ENTER ADMIN PASSWORD" # "xxxxxxxxxxxx"
+vm_size = "PLEASE ENTER VM SIZE" # "Standard_D3_v2"
+disk_size = "PLEASE ENTER DISK SIZE" # "110"
+vm_os_sku = "PLEASE ENTER VM SKU" # "mgmt-byol"
+vm_os_offer = "PLEASE ENTER VM OFFER" # "check-point-cg-r8110"
+os_version = "PLEASE ENTER GAIA OS VERSION" # "R8110"
+bootstrap_script = "PLEASE ENTER CUSTOM SCRIPT OR LEAVE EMPTY DOUBLE QUOTES" # "touch /home/admin/bootstrap.txt; echo 'hello_world' > /home/admin/bootstrap.txt"
+allow_upload_download = "PLEASE ENTER true or false" # true
+authentication_type = "PLEASE ENTER AUTHENTICATION TYPE" # "Password"
+admin_shell = "PLEASE ENTER ADMIN SHELL" # "/etc/cli.sh"
+serial_console_password_hash = "PLEASE ENTER SERIAL CONSOLE PASSWORD HASH" # "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"
+maintenance_mode_password_hash = "PLEASE ENTER MAINTENANCE MODE PASSWORD HASH" # "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"
+nsg_id = "PLEASE ENTER NETWORK SECURITY GROUP ID" # ""
+add_storage_account_ip_rules = "PLEASE ENTER true or false" # false
+storage_account_additional_ips = "PLEASE ENTER A LIST OF VALID IPS/CIDRS" # []
\ No newline at end of file
diff --git a/deprecated/terraform/azure/R8040-R81/management-existing-vnet/variables.tf b/deprecated/terraform/azure/R8040-R81/management-existing-vnet/variables.tf
new file mode 100644
index 00000000..6030652b
--- /dev/null
+++ b/deprecated/terraform/azure/R8040-R81/management-existing-vnet/variables.tf
@@ -0,0 +1,251 @@
+//********************** Basic Configuration Variables **************************//
+variable "mgmt_name" {
+ description = "Management name"
+ type = string
+}
+
+variable "resource_group_name" {
+ description = "Azure Resource Group name to build into"
+ type = string
+}
+
+variable "location" {
+ description = "The location/region where resource will be created. The full list of Azure regions can be found at https://azure.microsoft.com/regions"
+ type = string
+}
+
+//********************** Virtual Machine Instances Variables **************************//
+variable "source_image_vhd_uri" {
+ type = string
+ description = "The URI of the blob containing the development image. Please use noCustomUri if you want to use marketplace images."
+ default = "noCustomUri"
+}
+
+variable "admin_username" {
+ description = "Administrator username of deployed VM. Due to Azure limitations 'notused' name can be used"
+ default = "notused"
+}
+
+variable "admin_password" {
+ description = "Administrator password of deployed Virtual Machine. The password must meet the complexity requirements of Azure"
+ type = string
+}
+
+variable "serial_console_password_hash" {
+ description = "Optional parameter, used to enable serial console connection in case of SSH key as authentication type"
+ type = string
+}
+
+variable "maintenance_mode_password_hash" {
+ description = "Maintenance mode password hash, relevant only for R81.20 and higher versions"
+ type = string
+}
+
+variable "authentication_type" {
+ description = "Specifies whether a password authentication or SSH Public Key authentication should be used"
+ type = string
+}
+locals { // locals for 'authentication_type' allowed values
+ authentication_type_allowed_values = [
+ "Password",
+ "SSH Public Key"
+ ]
+ // will fail if [var.authentication_type] is invalid:
+ validate_authentication_type_value = index(local.authentication_type_allowed_values, var.authentication_type)
+}
+
+variable "template_name" {
+ description = "Template name. Should be defined according to deployment type(mgmt, ha, vmss)"
+ type = string
+ default = "mgmt_terraform"
+}
+
+variable "template_version" {
+ description = "Template version. It is recommended to always use the latest template version"
+ type = string
+ default = "20230910"
+}
+
+variable "installation_type" {
+ description = "Installation type"
+ type = string
+ default = "management"
+}
+
+variable "vm_size" {
+ description = "Specifies size of Virtual Machine"
+ type = string
+}
+
+variable "disk_size" {
+ description = "Storage data disk size size(GB). Select a number between 100 and 3995"
+ type = string
+}
+
+variable "os_version" {
+ description = "GAIA OS version"
+ type = string
+}
+
+locals { // locals for 'vm_os_offer' allowed values
+ os_version_allowed_values = [
+ "R8040",
+ "R81",
+ "R8110",
+ "R8120"
+ ]
+ // will fail if [var.os_version] is invalid:
+ validate_os_version_value = index(local.os_version_allowed_values, var.os_version)
+}
+
+variable "vm_os_sku" {
+ description = "The sku of the image to be deployed."
+ type = string
+}
+
+variable "vm_os_offer" {
+ description = "The name of the image offer to be deployed.Choose from: check-point-cg-r8040, check-point-cg-r81, check-point-cg-r8110, check-point-cg-r8120"
+ type = string
+}
+
+locals { // locals for 'vm_os_offer' allowed values
+ vm_os_offer_allowed_values = [
+ "check-point-cg-r8040",
+ "check-point-cg-r81",
+ "check-point-cg-r8110",
+ "check-point-cg-r8120",
+ ]
+ // will fail if [var.vm_os_offer] is invalid:
+ validate_os_offer_value = index(local.vm_os_offer_allowed_values, var.vm_os_offer)
+}
+
+variable "allow_upload_download" {
+ description = "Automatically download Blade Contracts and other important data. Improve product experience by sending data to Check Point"
+ type = bool
+}
+
+variable "admin_shell" {
+ description = "The admin shell to configure on machine or the first time"
+ type = string
+ default = "/etc/cli.sh"
+}
+
+locals {
+ admin_shell_allowed_values = [
+ "/etc/cli.sh",
+ "/bin/bash",
+ "/bin/csh",
+ "/bin/tcsh"
+ ]
+ // Will fail if [var.admin_shell] is invalid
+ validate_admin_shell_value = index(local.admin_shell_allowed_values, var.admin_shell)
+}
+
+//********************** Networking Variables **************************//
+variable "vnet_name" {
+ description = "Virtual Network name"
+ type = string
+}
+
+variable "management_subnet_name" {
+ description = "management subnet name"
+ type = string
+}
+
+variable "subnet_1st_Address" {
+ description = "The first available address of the subnet"
+ type = string
+}
+
+variable "vnet_resource_group" {
+ description = "Resource group of existing vnet"
+ type = string
+}
+
+variable "vnet_allocation_method" {
+ description = "IP address allocation method"
+ type = string
+ default = "Static"
+}
+
+variable "management_GUI_client_network" {
+ description = "Allowed GUI clients - GUI clients network CIDR"
+ type = string
+}
+
+variable "mgmt_enable_api" {
+ description = "Enable api access to the management. allowed values: all, management_only, gui_clients, disable"
+ type = string
+ default = "disable"
+}
+
+locals {
+ regex_valid_management_GUI_client_network = "^((25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\\.){3}(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)(/(3[0-2]|2[0-9]|1[0-9]|[0-9]))$"
+ // Will fail if var.management_GUI_client_network is invalid
+ regex_management_GUI_client_network = regex(local.regex_valid_management_GUI_client_network, var.management_GUI_client_network) == var.management_GUI_client_network ? 0 : "Variable [management_GUI_client_network] must be a valid IPv4 network CIDR."
+
+ mgmt_enable_api_allowed_values = [
+ "disable",
+ "all",
+ "management_only",
+ "gui_clients"
+ ]
+ // will fail if [var.mgmt_enable_api] is invalid:
+ validate_mgmt_enable_api_value = index(local.mgmt_enable_api_allowed_values, var.mgmt_enable_api)
+
+ regex_valid_subnet_1st_Address = "^((25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\\.){3}(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)$"
+ // Will fail if var.subnet_1st_Address is invalid
+ regex_subnet_1st_Address = regex(local.regex_valid_subnet_1st_Address, var.subnet_1st_Address) == var.subnet_1st_Address ? 0 : "Variable [subnet_1st_Address] must be a valid address."
+}
+
+variable "bootstrap_script" {
+ description = "An optional script to run on the initial boot"
+ default = ""
+ type = string
+ #example:
+ #"touch /home/admin/bootstrap.txt; echo 'hello_world' > /home/admin/bootstrap.txt"
+}
+
+variable "nsg_id" {
+ description = "NSG ID - Optional - if empty use default NSG"
+ default = ""
+}
+
+variable "add_storage_account_ip_rules" {
+ type = bool
+ default = false
+ description = "Add Storage Account IP rules that allow access to the Serial Console only for IPs based on their geographic location"
+}
+
+variable "storage_account_additional_ips" {
+ type = list(string)
+ description = "IPs/CIDRs that are allowed access to the Storage Account"
+ default = []
+}
+//********************** Credentials **************************//
+
+variable "tenant_id" {
+ description = "Tenant ID"
+ type = string
+}
+
+variable "subscription_id" {
+ description = "Subscription ID"
+ type = string
+}
+
+variable "client_id" {
+ description = "Application ID(Client ID)"
+ type = string
+}
+
+variable "client_secret" {
+ description = "A secret string that the application uses to prove its identity when requesting a token. Also can be referred to as application password."
+ type = string
+}
+
+variable "sku" {
+ description = "SKU"
+ type = string
+ default = "Standard"
+}
diff --git a/deprecated/terraform/azure/R8040-R81/management-existing-vnet/versions.tf b/deprecated/terraform/azure/R8040-R81/management-existing-vnet/versions.tf
new file mode 100644
index 00000000..0d5ca4f3
--- /dev/null
+++ b/deprecated/terraform/azure/R8040-R81/management-existing-vnet/versions.tf
@@ -0,0 +1,12 @@
+terraform {
+ required_version = ">= 0.14.3"
+ required_providers {
+ azurerm = {
+ source = "hashicorp/azurerm"
+ version = "~> 3.81.0"
+ }
+ random = {
+ version = "~> 3.5.1"
+ }
+ }
+}
\ No newline at end of file
diff --git a/deprecated/terraform/azure/R8040-R81/management-new-vnet/README.md b/deprecated/terraform/azure/R8040-R81/management-new-vnet/README.md
new file mode 100644
index 00000000..f744dccc
--- /dev/null
+++ b/deprecated/terraform/azure/R8040-R81/management-new-vnet/README.md
@@ -0,0 +1,187 @@
+# Check Point CloudGuard IaaS Management Terraform deployment for Azure
+
+This Terraform module deploys Check Point CloudGuard IaaS Management solution into a new Vnet in Azure.
+As part of the deployment the following resources are created:
+- Resource group
+- Virtual network
+- Network security group
+- Virtual Machine
+- System assigned identity
+
+This solution uses the following modules:
+- /terraform/azure/modules/common - used for creating a resource group and defining common variables.
+- /terraform/azure/modules/vnet - used for creating new virtual network and subnets.
+- /terraform/azure/modules/network-security-group - used for creating new network security groups and rules.
+
+
+## Configurations
+- Install and configure Terraform to provision Azure resources: [Configure Terraform for Azure](https://docs.microsoft.com/en-us/azure/virtual-machines/linux/terraform-install-configure)
+- In order to use ssh connection to VMs, it is **required** to add a public key to the /terraform/azure/management-new-vnet/azure_public_key file.
+
+## Usage
+- Choose the preferred login method to Azure in order to deploy the solution:
+
1. Using Service Principal:
+ - Create a [Service Principal](https://docs.microsoft.com/en-us/azure/active-directory/develop/howto-create-service-principal-portal) (or use the existing one)
+ - Grant the Service Principal at least "**Managed Application Contributor**", "**Storage Account Contributor**", "**Network Contributor**", "**Virtual Machine Contributor**" permissions to the Azure subscription
+ - The Service Principal credentials can be stored either in the terraform.tfvars or as [Environment Variables](https://www.terraform.io/docs/providers/azuread/guides/service_principal_client_secret.html)
+
+ In case the Environment Variables are used, perform modifications described below:
+
+ a. The next lines in the main.tf file, in the provider azurerm resource, need to be deleted or commented:
+
+ provider "azurerm" {
+
+ // subscription_id = var.subscription_id
+ // client_id = var.client_id
+ // client_secret = var.client_secret
+ // tenant_id = var.tenant_id
+
+ features {}
+ }
+
+ b. In the terraform.tfvars file leave empty double quotes for client_secret, client_id , tenant_id and subscription_id variables:
+
+ client_secret = ""
+ client_id = ""
+ tenant_id = ""
+ subscription_id = ""
+
+
2. Using **az** commands from a command-line:
+ - Run **az login** command
+ - Sign in with your account credentials in the browser
+ - [Accept Azure Marketplace image terms](https://docs.microsoft.com/en-us/cli/azure/vm/image/terms?view=azure-cli-latest) by running:
+
**az vm image terms accept --urn publisher:offer:sku:version**, where:
+ - publisher = checkpoint;
+ - offer = vm_os_offer (see accepted values in the table below);
+ - sku = vm_os_sku (see accepted values in the table below);
+ - version = latest
+
Example:
+ az vm image terms accept --urn checkpoint:check-point-cg-r8040:sg-byol:latest
+
+ - In the terraform.tfvars file leave empty double quotes for client_secret, client_id and tenant_id variables.
+
+- Fill all variables in the /terraform/azure/management-new-vnet/terraform.tfvars file with proper values (see below for variables descriptions).
+- From a command line initialize the Terraform configuration directory:
+
+ terraform init
+- Create an execution plan:
+
+ terraform plan
+- Create or modify the deployment:
+
+ terraform apply
+
+### terraform.tfvars variables:
+ | Name | Description | Type | Allowed values | Default |
+ | ------------- | ------------- | ------------- | ------------- | ------------- |
+ | **client_secret** | The client secret of the Service Principal used to deploy the solution | string | | n/a
+ | | | | | |
+ | **client_id** | The client ID of the Service Principal used to deploy the solution | string | | n/a
+ | | | | | |
+ | **tenant_id** | The tenant ID of the Service Principal used to deploy the solution | string | | n/a
+ | | | | | |
+ | **subscription_id** | The subscription ID is used to pay for Azure cloud services | string | | n/a
+ | | | | | |
+ | **source_image_vhd_uri** | The URI of the blob containing the development image. Please use noCustomUri if you want to use marketplace images | string | | "noCustomUri"
+ | | | | | |
+ | **resource_group_name** | The name of the resource group that will contain the contents of the deployment | string | Resource group names only allow alphanumeric characters, periods, underscores, hyphens and parenthesis and cannot end in a period | n/a
+ | | | | | |
+ | **mgmt_name** | Management name | string | | n/a
+ | | | | | |
+ | **location** | The region where the resources will be deployed at | string | The full list of Azure regions can be found at https://azure.microsoft.com/regions | n/a
+ | | | | | |
+ | **vnet_name** | The name of virtual network that will be created | string | The name must begin with a letter or number, end with a letter, number or underscore, and may contain only letters, numbers, underscores, periods, or hyphens | n/a
+ | | | | | |
+ | **address_space** | The address space that is used by a Virtual Network | string | A valid address in CIDR notation | "10.0.0.0/16"
+ | | | | | |
+ | **subnet_prefix** | Address prefix to be used for network subnet | string | A valid address in CIDR notation | "10.0.0.0/24"
+ | | | | | |
+ | **management_GUI_client_network** | Allowed GUI clients - GUI clients network CIDR | string | | n/a
+ | | | | | |
+ | **mgmt_enable_api** | Enable api access to the management | string | - "all";
- "management_only";
- "gui_clients"
- "disable"; | "disable"
+ | | | | | |
+ | **admin_password** | The password associated with the local administrator account on each cluster member | string | Password must have 3 of the following: 1 lower case character, 1 upper case character, 1 number, and 1 special character | n/a
+ | | | | | |
+ | **vm_size** | Specifies the size of Virtual Machine | string | "Standard_DS2_v2", "Standard_DS3_v2", "Standard_DS4_v2", "Standard_DS5_v2", "Standard_F2s", "Standard_F4s", "Standard_F8s", "Standard_F16s", "Standard_D4s_v3", "Standard_D8s_v3", "Standard_D16s_v3", "Standard_D32s_v3", "Standard_D64s_v3", "Standard_E4s_v3", "Standard_E8s_v3", "Standard_E16s_v3", "Standard_E20s_v3", "Standard_E32s_v3", "Standard_E64s_v3", "Standard_E64is_v3", "Standard_F4s_v2", "Standard_F8s_v2", "Standard_F16s_v2", "Standard_F32s_v2", "Standard_F64s_v2", "Standard_M8ms", "Standard_M16ms", "Standard_M32ms", "Standard_M64ms", "Standard_M64s", "Standard_D2_v2", "Standard_D3_v2", "Standard_D4_v2", "Standard_D5_v2", "Standard_D11_v2", "Standard_D12_v2", "Standard_D13_v2", "Standard_D14_v2", "Standard_D15_v2", "Standard_F2", "Standard_F4", "Standard_F8", "Standard_F16", "Standard_D4_v3", "Standard_D8_v3", "Standard_D16_v3", "Standard_D32_v3", "Standard_D64_v3", "Standard_E4_v3", "Standard_E8_v3", "Standard_E16_v3", "Standard_E20_v3", "Standard_E32_v3", "Standard_E64_v3", "Standard_E64i_v3", "Standard_DS11_v2", "Standard_DS12_v2", "Standard_DS13_v2", "Standard_DS14_v2", "Standard_DS15_v2", "Standard_D2_v5", "Standard_D4_v5", "Standard_D8_v5", "Standard_D16_v5","Standard_D32_v5", "Standard_D2s_v5", "Standard_D4s_v5", "Standard_D8s_v5", "Standard_D16s_v5", "Standard_D2d_v5", "Standard_D4d_v5", "Standard_D8d_v5", "Standard_D16d_v5", "Standard_D32d_v5", "Standard_D2ds_v5", "Standard_D4ds_v5", "Standard_D8ds_v5", "Standard_D16ds_v5", "Standard_D32ds_v5" | n/a
+ | | | | | |
+ | **disk_size** | Storage data disk size size(GB) | string | A number in the range 100 - 3995 (GB) | n/a
+ | | | | | |
+ | **vm_os_sku** | A sku of the image to be deployed | string | "mgmt-byol" - BYOL license;
"mgmt-25" - PAYG; | n/a
+ | | | | | |
+ | **vm_os_offer** | The name of the image offer to be deployed | string | "check-point-cg-r8040";
"check-point-cg-r81";
"check-point-cg-r8110";
"check-point-cg-r8120"; | n/a
+ | | | | | |
+ | **os_version** | GAIA OS version | string | "R8040";
"R81";
"R8110";
"R8120";| n/a
+ | | | | | |
+ | **bootstrap_script** | An optional script to run on the initial boot | string | Bootstrap script example:
"touch /home/admin/bootstrap.txt; echo 'hello_world' > /home/admin/bootstrap.txt"
The script will create bootstrap.txt file in the /home/admin/ and add 'hello word' string into it | ""
+ | | | | | |
+ | **allow_upload_download** | Automatically download Blade Contracts and other important data. Improve product experience by sending data to Check Point | boolean | true;
false; | n/a
+ | | | | | |
+ | **authentication_type** | Specifies whether a password authentication or SSH Public Key authentication should be used | string | "Password";
"SSH Public Key"; | n/a
+ | | | | | |
+ | **admin_shell** | Enables to select different admin shells | string | /etc/cli.sh;
/bin/bash;
/bin/csh;
/bin/tcsh; | "/etc/cli.sh"
+ | | | | | |
+ | **serial_console_password_hash** | Optional parameter, used to enable serial console connection in case of SSH key as authentication type, to generate password hash use the command 'openssl passwd -6 PASSWORD' on Linux and paste it here | string | | n/a
+ | | | | | |
+ | **maintenance_mode_password_hash** | Maintenance mode password hash, relevant only for R81.20 and higher versions, to generate a password hash use the command 'grub2-mkpasswd-pbkdf2' on Linux and paste it here | string | | n/a
+ | | | | | |
+ | **nsg_id** | Optional ID for a Network Security Group that already exists in Azure, if not provided, will create a default NSG | string | Existing NSG resource ID | ""
+ | | | | | |
+ | **add_storage_account_ip_rules** | Add Storage Account IP rules that allow access to the Serial Console only for IPs based on their geographic location, if false then accses will be allowed from all networks | boolean | true;
false; | false
+ | | | | | |
+ | **storage_account_additional_ips** | IPs/CIDRs that are allowed access to the Storage Account | list(string) | A list of valid IPs and CIDRs | []
+
+
+## Example
+ client_secret = "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"
+ client_id = "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"
+ tenant_id = "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"
+ subscription_id = "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"
+ source_image_vhd_uri = "noCustomUri"
+ resource_group_name = "checkpoint-mgmt-terraform"
+ mgmt_name = "checkpoint-mgmt-terraform"
+ location = "eastus"
+ vnet_name = "checkpoint-mgmt-vnet"
+ address_space = "10.0.0.0/16"
+ subnet_prefix = "10.0.0.0/24"
+ management_GUI_client_network = "0.0.0.0/0"
+ mgmt_enable_api = "disable"
+ admin_password = "xxxxxxxxxxxx"
+ vm_size = "Standard_D3_v2"
+ disk_size = "110"
+ vm_os_sku = "mgmt-byol"
+ vm_os_offer = "check-point-cg-r8110"
+ os_version = "R8110"
+ bootstrap_script = "touch /home/admin/bootstrap.txt; echo 'hello_world' > /home/admin/bootstrap.txt"
+ allow_upload_download = true
+ authentication_type = "Password"
+ admin_shell = "/etc/cli.sh"
+ serial_console_password_hash = "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"
+ maintenance_mode_password_hash = "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"
+ nsg_id = ""
+ add_storage_account_ip_rules = false
+ storage_account_additional_ips = []
+
+## Revision History
+In order to check the template version refer to the [sk116585](https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk116585)
+
+| Template Version | Description |
+| ---------------- | ------------- |
+| 20240613 | - Updated Azure Terraform provider version
- Cosmetic fixes & default values
- Added option to limit storage account access by specify allowed sourcess
- Updated Public IP sku to Standard
- Added validation for os_version & os_offer |
+| | | |
+| 20230910 | - R81.20 is the default version |
+| | | |
+| 20221124 | - Added R81.20 support
- Upgraded azurerm provider |
+| | | |
+| 20220111 | - Added support to select different shells |
+| | | |
+| 20210309 | - Add "source_image_vhd_uri" variable for using a custom development image |
+| | | |
+| 20210111 | First release of Check Point CloudGuard IaaS Management Terraform deployment into a new Vnet in Azure |
+| | | |
+| | Addition of "templateType" parameter to "cloud-version" files |
+| | | |
+
+## License
+
+See the [LICENSE](../../LICENSE) file for details
+
diff --git a/deprecated/terraform/azure/R8040-R81/management-new-vnet/azure_public_key b/deprecated/terraform/azure/R8040-R81/management-new-vnet/azure_public_key
new file mode 100644
index 00000000..e69de29b
diff --git a/deprecated/terraform/azure/R8040-R81/management-new-vnet/cloud-init.sh b/deprecated/terraform/azure/R8040-R81/management-new-vnet/cloud-init.sh
new file mode 100644
index 00000000..4639554e
--- /dev/null
+++ b/deprecated/terraform/azure/R8040-R81/management-new-vnet/cloud-init.sh
@@ -0,0 +1,16 @@
+#!/usr/bin/python3 /etc/cloud_config.py
+
+installationType="${installation_type}"
+allowUploadDownload="${allow_upload_download}"
+osVersion="${os_version}"
+templateName="${template_name}"
+templateVersion="${template_version}"
+templateType="${template_type}"
+isBlink="${is_blink}"
+bootstrapScript64="${bootstrap_script64}"
+location="${location}"
+managementGUIClientNetwork="${management_GUI_client_network}"
+enableApi="${enable_api}"
+adminShell="${admin_shell}"
+passwordHash="${serial_console_password_hash}"
+MaintenanceModePassword="${maintenance_mode_password_hash}"
diff --git a/deprecated/terraform/azure/R8040-R81/management-new-vnet/main.tf b/deprecated/terraform/azure/R8040-R81/management-new-vnet/main.tf
new file mode 100644
index 00000000..969a62cc
--- /dev/null
+++ b/deprecated/terraform/azure/R8040-R81/management-new-vnet/main.tf
@@ -0,0 +1,316 @@
+//********************** Providers **************************//
+provider "azurerm" {
+ subscription_id = var.subscription_id
+ client_id = var.client_id
+ client_secret = var.client_secret
+ tenant_id = var.tenant_id
+
+ features {}
+}
+
+//********************** Basic Configuration **************************//
+module "common" {
+ source = "../modules/common"
+ resource_group_name = var.resource_group_name
+ location = var.location
+ admin_password = var.admin_password
+ installation_type = var.installation_type
+ template_name = var.template_name
+ template_version = var.template_version
+ number_of_vm_instances = 1
+ allow_upload_download = var.allow_upload_download
+ vm_size = var.vm_size
+ disk_size = var.disk_size
+ is_blink = false
+ os_version = var.os_version
+ vm_os_sku = var.vm_os_sku
+ vm_os_offer = var.vm_os_offer
+ authentication_type = var.authentication_type
+ serial_console_password_hash = var.serial_console_password_hash
+ maintenance_mode_password_hash = var.maintenance_mode_password_hash
+ storage_account_additional_ips = var.storage_account_additional_ips
+}
+
+//********************** Networking **************************//
+module "vnet" {
+ source = "../modules/vnet"
+
+ vnet_name = var.vnet_name
+ resource_group_name = module.common.resource_group_name
+ location = module.common.resource_group_location
+ address_space = var.address_space
+ subnet_prefixes = [var.subnet_prefix]
+ subnet_names = ["${var.mgmt_name}-subnet"]
+ nsg_id = var.nsg_id == "" ? module.network-security-group[0].network_security_group_id: var.nsg_id
+}
+
+module "network-security-group" {
+ source = "../modules/network-security-group"
+ count = var.nsg_id == "" ? 1 : 0
+ resource_group_name = module.common.resource_group_name
+ security_group_name = "${module.common.resource_group_name}-nsg"
+ location = module.common.resource_group_location
+ security_rules = [
+ {
+ name = "SSH"
+ priority = "100"
+ direction = "Inbound"
+ access = "Allow"
+ protocol = "Tcp"
+ source_port_ranges = "*"
+ destination_port_ranges = "22"
+ description = "Allow inbound SSH connection"
+ source_address_prefix = var.management_GUI_client_network
+ destination_address_prefix = "*"
+ },
+ {
+ name = "GAiA-portal"
+ priority = "110"
+ direction = "Inbound"
+ access = "Allow"
+ protocol = "Tcp"
+ source_port_ranges = "*"
+ destination_port_ranges = "443"
+ description = "Allow inbound HTTPS access to the GAiA portal"
+ source_address_prefix = var.management_GUI_client_network
+ destination_address_prefix = "*"
+ },
+ {
+ name = "SmartConsole-1"
+ priority = "120"
+ direction = "Inbound"
+ access = "Allow"
+ protocol = "Tcp"
+ source_port_ranges = "*"
+ destination_port_ranges = "18190"
+ description = "Allow inbound access using the SmartConsole GUI client"
+ source_address_prefix = var.management_GUI_client_network
+ destination_address_prefix = "*"
+ },
+ {
+ name = "SmartConsole-2"
+ priority = "130"
+ direction = "Inbound"
+ access = "Allow"
+ protocol = "Tcp"
+ source_port_ranges = "*"
+ destination_port_ranges = "19009"
+ description = "Allow inbound access using the SmartConsole GUI client"
+ source_address_prefix = var.management_GUI_client_network
+ destination_address_prefix = "*"
+ },
+ {
+ name = "Logs"
+ priority = "140"
+ direction = "Inbound"
+ access = "Allow"
+ protocol = "Tcp"
+ source_port_ranges = "*"
+ destination_port_ranges = "257"
+ description = "Allow inbound logging connections from managed gateways"
+ source_address_prefix = "*"
+ destination_address_prefix = "*"
+ },
+ {
+ name = "ICA-pull"
+ priority = "150"
+ direction = "Inbound"
+ access = "Allow"
+ protocol = "Tcp"
+ source_port_ranges = "*"
+ destination_port_ranges = "18210"
+ description = "Allow security gateways to pull a SIC certificate"
+ source_address_prefix = "*"
+ destination_address_prefix = "*"
+ },
+ {
+ name = "CRL-fetch"
+ priority = "160"
+ direction = "Inbound"
+ access = "Allow"
+ protocol = "Tcp"
+ source_port_ranges = "*"
+ destination_port_ranges = "18264"
+ description = "Allow security gateways to fetch CRLs"
+ source_address_prefix = "*"
+ destination_address_prefix = "*"
+ },
+ {
+ name = "Policy-fetch"
+ priority = "170"
+ direction = "Inbound"
+ access = "Allow"
+ protocol = "Tcp"
+ source_port_ranges = "*"
+ destination_port_ranges = "18191"
+ description = "Allow security gateways to fetch policy"
+ source_address_prefix = "*"
+ destination_address_prefix = "*"
+ }
+ ]
+}
+
+resource "azurerm_public_ip" "public-ip" {
+ name = var.mgmt_name
+ location = module.common.resource_group_location
+ resource_group_name = module.common.resource_group_name
+ allocation_method = var.vnet_allocation_method
+ sku = var.sku
+ idle_timeout_in_minutes = 30
+ domain_name_label = join("", [
+ lower(var.mgmt_name),
+ "-",
+ random_id.randomId.hex])
+}
+
+resource "azurerm_network_interface_security_group_association" "security_group_association" {
+ depends_on = [azurerm_network_interface.nic, module.network-security-group]
+ network_interface_id = azurerm_network_interface.nic.id
+ network_security_group_id = var.nsg_id == "" ? module.network-security-group[0].network_security_group_id: var.nsg_id
+}
+
+resource "azurerm_network_interface" "nic" {
+ depends_on = [
+ azurerm_public_ip.public-ip]
+ name = "${var.mgmt_name}-eth0"
+ location = module.common.resource_group_location
+ resource_group_name = module.common.resource_group_name
+ enable_ip_forwarding = false
+
+ ip_configuration {
+ name = "ipconfig1"
+ subnet_id = module.vnet.vnet_subnets[0]
+ private_ip_address_allocation = var.vnet_allocation_method
+ private_ip_address = cidrhost(var.subnet_prefix, 4)
+ public_ip_address_id = azurerm_public_ip.public-ip.id
+ }
+}
+
+//********************** Storage accounts **************************//
+// Generate random text for a unique storage account name
+resource "random_id" "randomId" {
+ keepers = {
+ # Generate a new ID only when a new resource group is defined
+ resource_group = module.common.resource_group_name
+ }
+ byte_length = 8
+}
+resource "azurerm_storage_account" "vm-boot-diagnostics-storage" {
+ name = "bootdiag${random_id.randomId.hex}"
+ resource_group_name = module.common.resource_group_name
+ location = module.common.resource_group_location
+ account_tier = module.common.storage_account_tier
+ account_replication_type = module.common.account_replication_type
+ account_kind = "Storage"
+ network_rules {
+ default_action = var.add_storage_account_ip_rules ? "Deny" : "Allow"
+ ip_rules = module.common.storage_account_ip_rules
+ }
+ blob_properties {
+ delete_retention_policy {
+ days = "15"
+ }
+ }
+}
+
+//********************** Virtual Machines **************************//
+locals {
+ SSH_authentication_type_condition = var.authentication_type == "SSH Public Key" ? true : false
+ custom_image_condition = var.source_image_vhd_uri == "noCustomUri" ? false : true
+}
+
+resource "azurerm_image" "custom-image" {
+ count = local.custom_image_condition ? 1 : 0
+ name = "custom-image"
+ location = var.location
+ resource_group_name = module.common.resource_group_name
+
+ os_disk {
+ os_type = "Linux"
+ os_state = "Generalized"
+ blob_uri = var.source_image_vhd_uri
+ }
+}
+
+resource "azurerm_virtual_machine" "mgmt-vm-instance" {
+ depends_on = [
+ azurerm_network_interface.nic]
+ location = module.common.resource_group_location
+ name = var.mgmt_name
+ network_interface_ids = [
+ azurerm_network_interface.nic.id]
+ resource_group_name = module.common.resource_group_name
+ vm_size = module.common.vm_size
+ delete_os_disk_on_termination = module.common.delete_os_disk_on_termination
+ primary_network_interface_id = azurerm_network_interface.nic.id
+
+ identity {
+ type = module.common.vm_instance_identity
+ }
+
+ dynamic "plan" {
+ for_each = local.custom_image_condition ? [
+ ] : [1]
+ content {
+ name = module.common.vm_os_sku
+ publisher = module.common.publisher
+ product = module.common.vm_os_offer
+ }
+ }
+
+ boot_diagnostics {
+ enabled = module.common.boot_diagnostics
+ storage_uri = module.common.boot_diagnostics ? join(",", azurerm_storage_account.vm-boot-diagnostics-storage.*.primary_blob_endpoint) : ""
+ }
+
+ os_profile {
+ computer_name = var.mgmt_name
+ admin_username = module.common.admin_username
+ admin_password = module.common.admin_password
+ custom_data = templatefile("${path.module}/cloud-init.sh", {
+ installation_type = module.common.installation_type
+ allow_upload_download = module.common.allow_upload_download
+ os_version = module.common.os_version
+ template_name = module.common.template_name
+ template_version = module.common.template_version
+ template_type = "terraform"
+ is_blink = module.common.is_blink
+ bootstrap_script64 = base64encode(var.bootstrap_script)
+ location = module.common.resource_group_location
+ management_GUI_client_network = var.management_GUI_client_network
+ enable_api = var.mgmt_enable_api
+ admin_shell = var.admin_shell
+ serial_console_password_hash = var.serial_console_password_hash
+ maintenance_mode_password_hash = var.maintenance_mode_password_hash
+ })
+ }
+
+ os_profile_linux_config {
+ disable_password_authentication = local.SSH_authentication_type_condition
+
+ dynamic "ssh_keys" {
+ for_each = local.SSH_authentication_type_condition ? [
+ 1] : []
+ content {
+ path = "/home/notused/.ssh/authorized_keys"
+ key_data = file("${path.module}/azure_public_key")
+ }
+ }
+ }
+
+ storage_image_reference {
+ id = local.custom_image_condition ? azurerm_image.custom-image[0].id : null
+ publisher = local.custom_image_condition ? null : module.common.publisher
+ offer = module.common.vm_os_offer
+ sku = module.common.vm_os_sku
+ version = module.common.vm_os_version
+ }
+
+ storage_os_disk {
+ name = var.mgmt_name
+ create_option = module.common.storage_os_disk_create_option
+ caching = module.common.storage_os_disk_caching
+ managed_disk_type = module.common.storage_account_type
+ disk_size_gb = module.common.disk_size
+ }
+}
diff --git a/deprecated/terraform/azure/R8040-R81/management-new-vnet/terraform.tfvars b/deprecated/terraform/azure/R8040-R81/management-new-vnet/terraform.tfvars
new file mode 100644
index 00000000..163314eb
--- /dev/null
+++ b/deprecated/terraform/azure/R8040-R81/management-new-vnet/terraform.tfvars
@@ -0,0 +1,29 @@
+#PLEASE refer to the README.md for accepted values FOR THE VARIABLES BELOW
+client_secret = "PLEASE ENTER CLIENT SECRET" # "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"
+client_id = "PLEASE ENTER CLIENT ID" # "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"
+tenant_id = "PLEASE ENTER TENANT ID" # "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"
+subscription_id = "PLEASE ENTER SUBSCRIPTION ID" # "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"
+source_image_vhd_uri = "PLEASE ENTER SOURCE IMAGE VHD URI OR noCustomUri" # "noCustomUri"
+resource_group_name = "PLEASE ENTER RESOURCE GROUP NAME" # "checkpoint-mgmt-terraform"
+mgmt_name = "PLEASE ENTER MANAGEMENT NAME" # "checkpoint-mgmt-terraform"
+location = "PLEASE ENTER LOCATION" # "eastus"
+vnet_name = "PLEASE ENTER VIRTUAL NETWORK NAME" # "checkpoint-mgmt-vnet"
+address_space = "PLEASE ENTER VIRTUAL NETWORK ADDRESS SPACE" # "10.0.0.0/16"
+subnet_prefix = "PLEASE ENTER ADDRESS PREFIX FOR SUBNET" # "10.0.0.0/24"
+management_GUI_client_network = "PLEASE ENTER A MANAGEMENT GUI CLIENT NETWORK" # "0.0.0.0/0"
+mgmt_enable_api = "PLEASE ENTER FOR WHOM TO ENABLE API ACCESS OR disable" # "disable"
+admin_password = "PLEASE ENTER ADMIN PASSWORD" # "xxxxxxxxxxxx"
+vm_size = "PLEASE ENTER VM SIZE" # "Standard_D3_v2"
+disk_size = "PLEASE ENTER DISK SIZE" # "110"
+vm_os_sku = "PLEASE ENTER VM SKU" # "mgmt-byol"
+vm_os_offer = "PLEASE ENTER VM OFFER" # "check-point-cg-r8110"
+os_version = "PLEASE ENTER GAIA OS VERSION" # "R8110"
+bootstrap_script = "PLEASE ENTER CUSTOM SCRIPT OR LEAVE EMPTY DOUBLE QUOTES" # "touch /home/admin/bootstrap.txt; echo 'hello_world' > /home/admin/bootstrap.txt"
+allow_upload_download = "PLEASE ENTER true or false" # true
+authentication_type = "PLEASE ENTER AUTHENTICATION TYPE" # "Password"
+admin_shell = "PLEASE ENTER ADMIN SHELL" # "/etc/cli.sh"
+serial_console_password_hash = "PLEASE ENTER SERIAL CONSOLE PASSWORD HASH" # "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"
+maintenance_mode_password_hash = "PLEASE ENTER MAINTENANCE MODE PASSWORD HASH" # "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"
+nsg_id = "PLEASE ENTER NETWORK SECURITY GROUP ID" # ""
+add_storage_account_ip_rules = "PLEASE ENTER true or false" # false
+storage_account_additional_ips = "PLEASE ENTER A LIST OF VALID IPS/CIDRS" # []
\ No newline at end of file
diff --git a/deprecated/terraform/azure/R8040-R81/management-new-vnet/variables.tf b/deprecated/terraform/azure/R8040-R81/management-new-vnet/variables.tf
new file mode 100644
index 00000000..63839bd0
--- /dev/null
+++ b/deprecated/terraform/azure/R8040-R81/management-new-vnet/variables.tf
@@ -0,0 +1,249 @@
+//********************** Basic Configuration Variables **************************//
+variable "mgmt_name" {
+ description = "Management name"
+ type = string
+}
+
+variable "resource_group_name" {
+ description = "Azure Resource Group name to build into"
+ type = string
+}
+
+variable "location" {
+ description = "The location/region where resource will be created. The full list of Azure regions can be found at https://azure.microsoft.com/regions"
+ type = string
+}
+
+//********************** Virtual Machine Instances Variables **************************//
+variable "source_image_vhd_uri" {
+ type = string
+ description = "The URI of the blob containing the development image. Please use noCustomUri if you want to use marketplace images."
+ default = "noCustomUri"
+}
+
+variable "admin_username" {
+ description = "Administrator username of deployed VM. Due to Azure limitations 'notused' name can be used"
+ default = "notused"
+}
+
+variable "admin_password" {
+ description = "Administrator password of deployed Virtual Macine. The password must meet the complexity requirements of Azure"
+ type = string
+}
+
+variable "serial_console_password_hash" {
+ description = "Optional parameter, used to enable serial console connection in case of SSH key as authentication type"
+ type = string
+}
+
+variable "maintenance_mode_password_hash" {
+ description = "Maintenance mode password hash, relevant only for R81.20 and higher versions"
+ type = string
+}
+
+variable "authentication_type" {
+ description = "Specifies whether a password authentication or SSH Public Key authentication should be used"
+ type = string
+}
+locals { // locals for 'authentication_type' allowed values
+ authentication_type_allowed_values = [
+ "Password",
+ "SSH Public Key"
+ ]
+ // will fail if [var.authentication_type] is invalid:
+ validate_authentication_type_value = index(local.authentication_type_allowed_values, var.authentication_type)
+}
+variable "template_name" {
+ description = "Template name. Should be defined according to deployment type(mgmt, ha, vmss)"
+ type = string
+ default = "mgmt_terraform"
+}
+
+variable "template_version" {
+ description = "Template version. It is reccomended to always use the latest template version"
+ type = string
+ default = "20230910"
+}
+
+variable "installation_type" {
+ description = "Installaiton type"
+ type = string
+ default = "management"
+}
+
+variable "vm_size" {
+ description = "Specifies size of Virtual Machine"
+ type = string
+}
+
+variable "disk_size" {
+ description = "Storage data disk size size(GB). Select a number between 100 and 3995"
+ type = string
+}
+
+variable "os_version" {
+ description = "GAIA OS version"
+ type = string
+}
+
+locals { // locals for 'vm_os_offer' allowed values
+ os_version_allowed_values = [
+ "R8040",
+ "R81",
+ "R8110",
+ "R8120",
+ ]
+ // will fail if [var.os_version] is invalid:
+ validate_os_version_value = index(local.os_version_allowed_values, var.os_version)
+}
+
+variable "vm_os_sku" {
+ description = "The sku of the image to be deployed."
+ type = string
+}
+
+variable "vm_os_offer" {
+ description = "The name of the image offer to be deployed.Choose from: check-point-cg-r8040, check-point-cg-r81, check-point-cg-r8110, check-point-cg-r8120"
+ type = string
+}
+
+locals { // locals for 'vm_os_offer' allowed values
+ vm_os_offer_allowed_values = [
+ "check-point-cg-r8040",
+ "check-point-cg-r81",
+ "check-point-cg-r8110",
+ "check-point-cg-r8120"
+ ]
+ // will fail if [var.vm_os_offer] is invalid:
+ validate_os_offer_value = index(local.vm_os_offer_allowed_values, var.vm_os_offer)
+}
+
+variable "allow_upload_download" {
+ description = "Automatically download Blade Contracts and other important data. Improve product experience by sending data to Check Point"
+ type = bool
+}
+
+variable "admin_shell" {
+ description = "The admin shell to configure on machine or the first time"
+ type = string
+ default = "/etc/cli.sh"
+}
+
+locals {
+ admin_shell_allowed_values = [
+ "/etc/cli.sh",
+ "/bin/bash",
+ "/bin/csh",
+ "/bin/tcsh"
+ ]
+ // Will fail if [var.admin_shell] is invalid
+ validate_admin_shell_value = index(local.admin_shell_allowed_values, var.admin_shell)
+}
+
+//********************** Natworking Variables **************************//
+variable "vnet_name" {
+ description = "Virtual Network name"
+ type = string
+}
+
+variable "address_space" {
+ description = "The address space that is used by a Virtual Network."
+ type = string
+ default = "10.0.0.0/16"
+}
+
+variable "subnet_prefix" {
+ description = "Address prefix to be used for network subnet"
+ type = string
+ default = "10.0.0.0/24"
+}
+
+variable "vnet_allocation_method" {
+ description = "IP address allocation method"
+ type = string
+ default = "Static"
+}
+
+variable "management_GUI_client_network" {
+ description = "Allowed GUI clients - GUI clients network CIDR"
+ type = string
+}
+
+variable "mgmt_enable_api" {
+ description = "Enable api access to the management. allowed values: all, management_only, gui_clients, disable"
+ type = string
+ default = "disable"
+}
+
+locals {
+ regex_valid_management_GUI_client_network = "^((25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\\.){3}(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)(/(3[0-2]|2[0-9]|1[0-9]|[0-9]))$"
+ // Will fail if var.management_GUI_client_network is invalid
+ regex_management_GUI_client_network = regex(local.regex_valid_management_GUI_client_network, var.management_GUI_client_network) == var.management_GUI_client_network ? 0 : "Variable [management_GUI_client_network] must be a valid IPv4 network CIDR."
+
+ mgmt_enable_api_allowed_values = [
+ "disable",
+ "all",
+ "management_only",
+ "gui_clients"
+ ]
+ // will fail if [var.mgmt_enable_api] is invalid:
+ validate_mgmt_enable_api_value = index(local.mgmt_enable_api_allowed_values, var.mgmt_enable_api)
+
+ regex_valid_network_cidr = "^((25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\\.){3}(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)(/(3[0-2]|2[0-9]|1[0-9]|[0-9]))|$"
+ // Will fail if var.address_space is invalid
+ regex_address_space = regex(local.regex_valid_network_cidr, var.address_space) == var.address_space ? 0 : "Variable [address_space] must be a valid address in CIDR notation."
+ // Will fail if var.subnet_prefix is invalid
+ regex_subnet_prefix = regex(local.regex_valid_network_cidr, var.subnet_prefix) == var.subnet_prefix ? 0 : "Variable [subnet_prefix] must be a valid address in CIDR notation."
+}
+
+variable "bootstrap_script" {
+ description = "An optional script to run on the initial boot"
+ default = ""
+ type = string
+ #example:
+ #"touch /home/admin/bootstrap.txt; echo 'hello_world' > /home/admin/bootstrap.txt"
+}
+
+variable "nsg_id" {
+ description = "NSG ID - Optional - if empty use default NSG"
+ default = ""
+}
+
+variable "add_storage_account_ip_rules" {
+ type = bool
+ default = false
+ description = "Add Storage Account IP rules that allow access to the Serial Console only for IPs based on their geographic location"
+}
+
+variable "storage_account_additional_ips" {
+ type = list(string)
+ description = "IPs/CIDRs that are allowed access to the Storage Account"
+ default = []
+}
+//********************** Credentials **************************//
+
+variable "tenant_id" {
+ description = "Tenant ID"
+ type = string
+}
+
+variable "subscription_id" {
+ description = "Subscription ID"
+ type = string
+}
+
+variable "client_id" {
+ description = "Aplication ID(Client ID)"
+ type = string
+}
+
+variable "client_secret" {
+ description = "A secret string that the application uses to prove its identity when requesting a token. Also can be referred to as application password."
+ type = string
+}
+
+variable "sku" {
+ description = "SKU"
+ type = string
+ default = "Standard"
+}
diff --git a/deprecated/terraform/azure/R8040-R81/management-new-vnet/versions.tf b/deprecated/terraform/azure/R8040-R81/management-new-vnet/versions.tf
new file mode 100644
index 00000000..0d5ca4f3
--- /dev/null
+++ b/deprecated/terraform/azure/R8040-R81/management-new-vnet/versions.tf
@@ -0,0 +1,12 @@
+terraform {
+ required_version = ">= 0.14.3"
+ required_providers {
+ azurerm = {
+ source = "hashicorp/azurerm"
+ version = "~> 3.81.0"
+ }
+ random = {
+ version = "~> 3.5.1"
+ }
+ }
+}
\ No newline at end of file
diff --git a/deprecated/terraform/azure/R8040-R81/mds-existing-vnet/README.md b/deprecated/terraform/azure/R8040-R81/mds-existing-vnet/README.md
new file mode 100644
index 00000000..7c8003fd
--- /dev/null
+++ b/deprecated/terraform/azure/R8040-R81/mds-existing-vnet/README.md
@@ -0,0 +1,195 @@
+# Check Point CloudGuard Network Security MDS Terraform deployment for Azure
+
+This Terraform module deploys Check Point CloudGuard Network Security Management solution into a new Vnet in Azure.
+As part of the deployment the following resources are created:
+- Resource group
+- Network security group
+- Virtual Machine
+- System assigned identity
+
+This solution uses the following modules:
+- /terraform/azure/modules/common - used for creating a resource group and defining common variables.
+- /terraform/azure/modules/network-security-group - used for creating new network security groups and rules.
+
+
+## Configurations
+- Install and configure Terraform to provision Azure resources: [Configure Terraform for Azure](https://docs.microsoft.com/en-us/azure/virtual-machines/linux/terraform-install-configure)
+- In order to use ssh connection to VMs, it is **required** to add a public key to the /terraform/azure/mds-existing-vnet/azure_public_key file.
+
+## Usage
+- Choose the preferred login method to Azure in order to deploy the solution:
+
1. Using Service Principal:
+ - Create a [Service Principal](https://docs.microsoft.com/en-us/azure/active-directory/develop/howto-create-service-principal-portal) (or use the existing one)
+ - Grant the Service Principal at least "**Managed Application Contributor**", "**Storage Account Contributor**", "**Network Contributor**", "**Virtual Machine Contributor**" permissions to the Azure subscription
+ - The Service Principal credentials can be stored either in the terraform.tfvars or as [Environment Variables](https://www.terraform.io/docs/providers/azuread/guides/service_principal_client_secret.html)
+
+ In case the Environment Variables are used, perform modifications described below:
+
+ a. The next lines in the main.tf file, in the provider azurerm resource, need to be deleted or commented:
+
+ provider "azurerm" {
+
+ // subscription_id = var.subscription_id
+ // client_id = var.client_id
+ // client_secret = var.client_secret
+ // tenant_id = var.tenant_id
+
+ features {}
+ }
+
+ b. In the terraform.tfvars file leave empty double quotes for client_secret, client_id , tenant_id and subscription_id variables:
+
+ client_secret = ""
+ client_id = ""
+ tenant_id = ""
+ subscription_id = ""
+
+
2. Using **az** commands from a command-line:
+ - Run **az login** command
+ - Sign in with your account credentials in the browser
+ - [Accept Azure Marketplace image terms](https://docs.microsoft.com/en-us/cli/azure/vm/image/terms?view=azure-cli-latest) by running:
+
**az vm image terms accept --urn publisher:offer:sku:version**, where:
+ - publisher = checkpoint;
+ - offer = vm_os_offer (see accepted values in the table below);
+ - sku = vm_os_sku (see accepted values in the table below);
+ - version = latest
+
Example:
+ az vm image terms accept --urn checkpoint:check-point-cg-r8040:sg-byol:latest
+
+ - In the terraform.tfvars file leave empty double quotes for client_secret, client_id and tenant_id variables.
+
+- Fill all variables in the /terraform/azure/mds-existing-vnet/terraform.tfvars file with proper values (see below for variables descriptions).
+- From a command line initialize the Terraform configuration directory:
+
+ terraform init
+- Create an execution plan:
+
+ terraform plan
+- Create or modify the deployment:
+
+ terraform apply
+
+### terraform.tfvars variables:
+ | Name | Description | Type | Allowed values | Default |
+ | ------------- | ------------- | ------------- | ------------- | ------------- |
+ | **client_secret** | The client secret value of the Service Principal used to deploy the solution | string | | n/a
+ | | | | | |
+ | **client_id** | The client ID of the Service Principal used to deploy the solution | string | | n/a
+ | | | | | |
+ | **tenant_id** | The tenant ID of the Service Principal used to deploy the solution | string | | n/a
+ | | | | | |
+ | **subscription_id** | The subscription ID is used to pay for Azure cloud services | string | | n/a
+ | | | | | |
+ | **source_image_vhd_uri** | The URI of the blob containing the development image. Please use noCustomUri if you want to use marketplace images | string | | "noCustomUri"
+ | | | | | |
+ | **resource_group_name** | The name of the resource group that will contain the contents of the deployment | string | Resource group names only allow alphanumeric characters, periods, underscores, hyphens and parenthesis and cannot end in a period | n/a
+ | | | | | |
+ | **mds_name** | MDS name | string | | n/a
+ | | | | | |
+ | **location** | The region where the resources will be deployed at | string | The full list of Azure regions can be found at https://azure.microsoft.com/regions | n/a
+ | | | | | |
+ | **vnet_name** | The name of virtual network that will be created | string | The name must begin with a letter or number, end with a letter, number or underscore, and may contain only letters, numbers, underscores, periods, or hyphens | n/a
+ | | | | | |
+ | **vnet_resource_group** | Resource Group of the existing virtual network | string | The exact name of the existing vnet's resource group | n/a
+ | | | | | |
+ | **management_subnet_name** | Specifies the name of the external subnet | string | The exact name of the existing external subnet | n/a
+ | | | | | |
+ | **subnet_1st_Address** | First available address in management subnet | string | | n/a
+ | | | | | |
+ | **management_GUI_client_network** | Allowed GUI clients - GUI clients network CIDR | string | | n/a
+ | | | | | |
+ | **mds_enable_api** | Enable api access to the mds | string | - "all";
- "management_only";
- "gui_clients"
- "disable"; | "disable"
+ | | | | | |
+ | **admin_password** | The password associated with the local administrator account on the mds | string | Password must have 3 of the following: 1 lower case character, 1 upper case character, 1 number, and 1 special character | n/a
+ | | | | | |
+ | **vm_size** | Specifies the size of Virtual Machine | string | "Standard_DS2_v2", "Standard_DS3_v2", "Standard_DS4_v2", "Standard_DS5_v2", "Standard_F2s", "Standard_F4s", "Standard_F8s", "Standard_F16s", "Standard_D4s_v3", "Standard_D8s_v3", "Standard_D16s_v3", "Standard_D32s_v3", "Standard_D64s_v3", "Standard_E4s_v3", "Standard_E8s_v3", "Standard_E16s_v3", "Standard_E20s_v3", "Standard_E32s_v3", "Standard_E64s_v3", "Standard_E64is_v3", "Standard_F4s_v2", "Standard_F8s_v2", "Standard_F16s_v2", "Standard_F32s_v2", "Standard_F64s_v2", "Standard_M8ms", "Standard_M16ms", "Standard_M32ms", "Standard_M64ms", "Standard_M64s", "Standard_D2_v2", "Standard_D3_v2", "Standard_D4_v2", "Standard_D5_v2", "Standard_D11_v2", "Standard_D12_v2", "Standard_D13_v2", "Standard_D14_v2", "Standard_D15_v2", "Standard_F2", "Standard_F4", "Standard_F8", "Standard_F16", "Standard_D4_v3", "Standard_D8_v3", "Standard_D16_v3", "Standard_D32_v3", "Standard_D64_v3", "Standard_E4_v3", "Standard_E8_v3", "Standard_E16_v3", "Standard_E20_v3", "Standard_E32_v3", "Standard_E64_v3", "Standard_E64i_v3", "Standard_DS11_v2", "Standard_DS12_v2", "Standard_DS13_v2", "Standard_DS14_v2", "Standard_DS15_v2", "Standard_D2_v5", "Standard_D4_v5", "Standard_D8_v5", "Standard_D16_v5","Standard_D32_v5", "Standard_D2s_v5", "Standard_D4s_v5", "Standard_D8s_v5", "Standard_D16s_v5", "Standard_D2d_v5", "Standard_D4d_v5", "Standard_D8d_v5", "Standard_D16d_v5", "Standard_D32d_v5", "Standard_D2ds_v5", "Standard_D4ds_v5", "Standard_D8ds_v5", "Standard_D16ds_v5", "Standard_D32ds_v5" | n/a
+ | | | | | |
+ | **disk_size** | Storage data disk size size(GB) | string | A number in the range 100 - 3995 (GB) | n/a
+ | | | | | |
+ | **vm_os_sku** | A sku of the image to be deployed | string | "mgmt-byol" - BYOL license;
"mgmt-25" - PAYG; | n/a
+ | | | | | |
+ | **vm_os_offer** | The name of the image offer to be deployed | string | "check-point-cg-r8040";
"check-point-cg-r81";
"check-point-cg-r8110";
"check-point-cg-r8120"; | n/a
+ | | | | | |
+ | **os_version** | GAIA OS version | string | "R8040";
"R81";
"R8110";
"R8120";| n/a
+ | | | | | |
+ | **bootstrap_script** | An optional script to run on the initial boot | string | Bootstrap script example:
"touch /home/admin/bootstrap.txt; echo 'hello_world' > /home/admin/bootstrap.txt"
The script will create bootstrap.txt file in the /home/admin/ and add 'hello word' string into it | ""
+ | | | | | |
+ | **allow_upload_download** | Automatically download Blade Contracts and other important data. Improve product experience by sending data to Check Point | boolean | true;
false; | n/a
+ | | | | | |
+ | **authentication_type** | Specifies whether a password authentication or SSH Public Key authentication should be used | string | "Password";
"SSH Public Key"; | n/a
+ | | | | | |
+ | **admin_shell** | Enables to select different admin shells | string | /etc/cli.sh;
/bin/bash;
/bin/csh;
/bin/tcsh; | "/etc/cli.sh"
+ | | | | | |
+ | **sic_key** | Set the Secure Internal Communication one time secret used to set up trust between the primary and secondary servers. SIC key must be provided if installing a secondary Multi-Domain Server | string | Only alphanumeric characters are allowed, and the value must be 12-30 characters long | n/a
+ | | | | | |
+ | **installation_type** | Enables to select installation type - gateway/standalone | string | mds-primary;
mds-secondary;
mds-logserver; | n/a
+ | | | | | |
+ | **primary** | Indicates if the installation type is mds-primary | boolean | true;
false; | n/a
+ | | | | | |
+ | **secondary** | Indicates if the installation type is mds-secondary | boolean | true;
false; | n/a
+ | | | | | |
+ | **logserver** | Indicates if the installation type is mds-logserver | boolean | true;
false; | n/a
+ | | | | | |
+ | **serial_console_password_hash** | Optional parameter, used to enable serial console connection in case of SSH key as authentication type, to generate password hash use the command 'openssl passwd -6 PASSWORD' on Linux and paste it here | string | | n/a
+ | | | | | |
+ | **maintenance_mode_password_hash** | Maintenance mode password hash, relevant only for R81.20 and higher versions, to generate a password hash use the command 'grub2-mkpasswd-pbkdf2' on Linux and paste it here | string | | n/a
+ | | | | | |
+ | **nsg_id** | Optional ID for a Network Security Group that already exists in Azure, if not provided, will create a default NSG | string | Existing NSG resource ID | ""
+ | | | | | |
+ | **add_storage_account_ip_rules** | Add Storage Account IP rules that allow access to the Serial Console only for IPs based on their geographic location, if false then accses will be allowed from all networks | boolean | true;
false; | false
+ | | | | | |
+ | **storage_account_additional_ips** | IPs/CIDRs that are allowed access to the Storage Account | list(string) | A list of valid IPs and CIDRs | []
+
+
+## Example
+ client_secret = "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"
+ client_id = "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"
+ tenant_id = "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"
+ subscription_id = "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"
+ source_image_vhd_uri = "noCustomUri"
+ resource_group_name = "checkpoint-mds-rg-terraform"
+ mds_name = "checkpoint-mds-terraform"
+ location = "eastus"
+ vnet_name = "checkpoint-mds-vnet"
+ vnet_resource_group = "existing-vnet"
+ management_subnet_name = "mgmt-subnet"
+ subnet_1st_Address = "10.0.1.4"
+ management_GUI_client_network = "0.0.0.0/0"
+ mds_enable_api = "disable"
+ admin_password = "xxxxxxxxxxxx"
+ vm_size = "Standard_D3_v2"
+ disk_size = "110"
+ vm_os_sku = "mgmt-byol"
+ vm_os_offer = "check-point-cg-r8110"
+ os_version = "R8110"
+ bootstrap_script = "touch /home/admin/bootstrap.txt; echo 'hello_world' > /home/admin/bootstrap.txt"
+ allow_upload_download = true
+ authentication_type = "Password"
+ admin_shell = "/etc/cli.sh"
+ sic_key = "xxxxxxxxxxxx"
+ installation_type = "mds-primary"
+ primary = "true"
+ secondary = "false"
+ logserver = "false"
+ serial_console_password_hash = "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"
+ maintenance_mode_password_hash = "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"
+ nsg_id = ""
+ add_storage_account_ip_rules = false
+ storage_account_additional_ips = []
+
+## Revision History
+In order to check the template version refer to the [sk116585](https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk116585)
+
+| Template Version | Description |
+|------------------|---------------------------------------------------------------------------------------------|
+| 20240613 | - Updated Azure Terraform provider version
- Cosmetic fixes & default values
- Added option to limit storage account access by specify allowed sourcess
- Updated Public IP sku to Standard
- Added validation for os_version & os_offer |
+| | | |
+| 20230910 | - R81.20 is the default version |
+| | | |
+| 20230629 | First release of Check Point CloudGuard Network Security MDS Terraform deployment for Azure |
+| | | |
+
+## License
+
+See the [LICENSE](../../LICENSE) file for details
+
diff --git a/deprecated/terraform/azure/R8040-R81/mds-existing-vnet/azure_public_key b/deprecated/terraform/azure/R8040-R81/mds-existing-vnet/azure_public_key
new file mode 100644
index 00000000..e69de29b
diff --git a/deprecated/terraform/azure/R8040-R81/mds-existing-vnet/cloud-init.sh b/deprecated/terraform/azure/R8040-R81/mds-existing-vnet/cloud-init.sh
new file mode 100644
index 00000000..627de012
--- /dev/null
+++ b/deprecated/terraform/azure/R8040-R81/mds-existing-vnet/cloud-init.sh
@@ -0,0 +1,20 @@
+#!/usr/bin/python3 /etc/cloud_config.py
+
+installationType="${installation_type}"
+allowUploadDownload="${allow_upload_download}"
+osVersion="${os_version}"
+templateName="${template_name}"
+templateVersion="${template_version}"
+templateType="${template_type}"
+isBlink="${is_blink}"
+bootstrapScript64="${bootstrap_script64}"
+location="${location}"
+managementGUIClientNetwork="${management_GUI_client_network}"
+enableApi="${enable_api}"
+adminShell="${admin_shell}"
+sicKey="${sic_key}"
+primary="${primary}"
+secondary="${secondary}"
+logserver="${logserver}"
+passwordHash="${serial_console_password_hash}"
+MaintenanceModePassword="${maintenance_mode_password_hash}"
diff --git a/deprecated/terraform/azure/R8040-R81/mds-existing-vnet/main.tf b/deprecated/terraform/azure/R8040-R81/mds-existing-vnet/main.tf
new file mode 100644
index 00000000..ff654c86
--- /dev/null
+++ b/deprecated/terraform/azure/R8040-R81/mds-existing-vnet/main.tf
@@ -0,0 +1,316 @@
+//********************** Providers **************************//
+provider "azurerm" {
+ subscription_id = var.subscription_id
+ client_id = var.client_id
+ client_secret = var.client_secret
+ tenant_id = var.tenant_id
+
+ features {}
+}
+
+//********************** Basic Configuration **************************//
+module "common" {
+ source = "../modules/common"
+ resource_group_name = var.resource_group_name
+ location = var.location
+ admin_password = var.admin_password
+ template_name = var.template_name
+ installation_type = var.installation_type
+ template_version = var.template_version
+ number_of_vm_instances = 1
+ allow_upload_download = var.allow_upload_download
+ vm_size = var.vm_size
+ disk_size = var.disk_size
+ is_blink = false
+ os_version = var.os_version
+ vm_os_sku = var.vm_os_sku
+ vm_os_offer = var.vm_os_offer
+ authentication_type = var.authentication_type
+ serial_console_password_hash = var.serial_console_password_hash
+ maintenance_mode_password_hash = var.maintenance_mode_password_hash
+ storage_account_additional_ips = var.storage_account_additional_ips
+}
+
+//********************** Networking **************************//
+data "azurerm_subnet" "mds_subnet" {
+ name = var.management_subnet_name
+ virtual_network_name = var.vnet_name
+ resource_group_name = var.vnet_resource_group
+}
+
+resource "azurerm_public_ip" "public-ip" {
+ name = var.mds_name
+ location = module.common.resource_group_location
+ resource_group_name = module.common.resource_group_name
+ allocation_method = var.vnet_allocation_method
+ sku = var.sku
+ idle_timeout_in_minutes = 30
+ domain_name_label = join("", [
+ lower(var.mds_name),
+ "-",
+ random_id.randomId.hex])
+}
+
+module "network-security-group" {
+ source = "../modules/network-security-group"
+ count = var.nsg_id == "" ? 1 : 0
+ resource_group_name = module.common.resource_group_name
+ security_group_name = "${module.common.resource_group_name}-nsg"
+ location = module.common.resource_group_location
+ security_rules = [
+ {
+ name = "SSH"
+ priority = "100"
+ direction = "Inbound"
+ access = "Allow"
+ protocol = "Tcp"
+ source_port_ranges = "*"
+ destination_port_ranges = "22"
+ description = "Allow inbound SSH connection"
+ source_address_prefix = var.management_GUI_client_network
+ destination_address_prefix = "*"
+ },
+ {
+ name = "GAiA-portal"
+ priority = "110"
+ direction = "Inbound"
+ access = "Allow"
+ protocol = "Tcp"
+ source_port_ranges = "*"
+ destination_port_ranges = "443"
+ description = "Allow inbound HTTPS access to the GAiA portal"
+ source_address_prefix = var.management_GUI_client_network
+ destination_address_prefix = "*"
+ },
+ {
+ name = "SmartConsole-1"
+ priority = "120"
+ direction = "Inbound"
+ access = "Allow"
+ protocol = "Tcp"
+ source_port_ranges = "*"
+ destination_port_ranges = "18190"
+ description = "Allow inbound access using the SmartConsole GUI client"
+ source_address_prefix = var.management_GUI_client_network
+ destination_address_prefix = "*"
+ },
+ {
+ name = "SmartConsole-2"
+ priority = "130"
+ direction = "Inbound"
+ access = "Allow"
+ protocol = "Tcp"
+ source_port_ranges = "*"
+ destination_port_ranges = "19009"
+ description = "Allow inbound access using the SmartConsole GUI client"
+ source_address_prefix = var.management_GUI_client_network
+ destination_address_prefix = "*"
+ },
+ {
+ name = "Logs"
+ priority = "140"
+ direction = "Inbound"
+ access = "Allow"
+ protocol = "Tcp"
+ source_port_ranges = "*"
+ destination_port_ranges = "257"
+ description = "Allow inbound logging connections from managed gateways"
+ source_address_prefix = "*"
+ destination_address_prefix = "*"
+ },
+ {
+ name = "ICA-pull"
+ priority = "150"
+ direction = "Inbound"
+ access = "Allow"
+ protocol = "Tcp"
+ source_port_ranges = "*"
+ destination_port_ranges = "18210"
+ description = "Allow security gateways to pull a SIC certificate"
+ source_address_prefix = "*"
+ destination_address_prefix = "*"
+ },
+ {
+ name = "CRL-fetch"
+ priority = "160"
+ direction = "Inbound"
+ access = "Allow"
+ protocol = "Tcp"
+ source_port_ranges = "*"
+ destination_port_ranges = "18264"
+ description = "Allow security gateways to fetch CRLs"
+ source_address_prefix = "*"
+ destination_address_prefix = "*"
+ },
+ {
+ name = "Policy-fetch"
+ priority = "170"
+ direction = "Inbound"
+ access = "Allow"
+ protocol = "Tcp"
+ source_port_ranges = "*"
+ destination_port_ranges = "18191"
+ description = "Allow security gateways to fetch policy"
+ source_address_prefix = "*"
+ destination_address_prefix = "*"
+ }
+ ]
+}
+
+resource "azurerm_network_interface_security_group_association" "security_group_association" {
+ depends_on = [azurerm_network_interface.nic]
+ network_interface_id = azurerm_network_interface.nic.id
+ network_security_group_id = var.nsg_id == "" ? module.network-security-group[0].network_security_group_id: var.nsg_id
+}
+
+resource "azurerm_network_interface" "nic" {
+ depends_on = [
+ azurerm_public_ip.public-ip]
+ name = "${var.mds_name}-eth0"
+ location = module.common.resource_group_location
+ resource_group_name = module.common.resource_group_name
+ enable_ip_forwarding = false
+
+ ip_configuration {
+ name = "ipconfig1"
+ subnet_id = data.azurerm_subnet.mds_subnet.id
+ private_ip_address_allocation = var.vnet_allocation_method
+ private_ip_address = var.subnet_1st_Address
+ public_ip_address_id = azurerm_public_ip.public-ip.id
+ }
+}
+
+//********************** Storage accounts **************************//
+// Generate random text for a unique storage account name
+resource "random_id" "randomId" {
+ keepers = {
+ # Generate a new ID only when a new resource group is defined
+ resource_group = module.common.resource_group_name
+ }
+ byte_length = 8
+}
+resource "azurerm_storage_account" "vm-boot-diagnostics-storage" {
+ name = "bootdiag${random_id.randomId.hex}"
+ resource_group_name = module.common.resource_group_name
+ location = module.common.resource_group_location
+ account_tier = module.common.storage_account_tier
+ account_replication_type = module.common.account_replication_type
+ account_kind = "Storage"
+ network_rules {
+ default_action = var.add_storage_account_ip_rules ? "Deny" : "Allow"
+ ip_rules = module.common.storage_account_ip_rules
+ }
+ blob_properties {
+ delete_retention_policy {
+ days = "15"
+ }
+ }
+
+}
+
+//********************** Virtual Machines **************************//
+locals {
+ SSH_authentication_type_condition = var.authentication_type == "SSH Public Key" ? true : false
+ custom_image_condition = var.source_image_vhd_uri == "noCustomUri" ? false : true
+}
+
+resource "azurerm_image" "custom-image" {
+ count = local.custom_image_condition ? 1 : 0
+ name = "custom-image"
+ location = var.location
+ resource_group_name = module.common.resource_group_name
+
+ os_disk {
+ os_type = "Linux"
+ os_state = "Generalized"
+ blob_uri = var.source_image_vhd_uri
+ }
+}
+
+resource "azurerm_virtual_machine" "mds-vm-instance" {
+ depends_on = [
+ azurerm_network_interface.nic]
+ location = module.common.resource_group_location
+ name = var.mds_name
+ network_interface_ids = [
+ azurerm_network_interface.nic.id]
+ resource_group_name = module.common.resource_group_name
+ vm_size = module.common.vm_size
+ delete_os_disk_on_termination = module.common.delete_os_disk_on_termination
+ primary_network_interface_id = azurerm_network_interface.nic.id
+
+ identity {
+ type = module.common.vm_instance_identity
+ }
+
+ dynamic "plan" {
+ for_each = local.custom_image_condition ? [
+ ] : [1]
+ content {
+ name = module.common.vm_os_sku
+ publisher = module.common.publisher
+ product = module.common.vm_os_offer
+ }
+ }
+
+ boot_diagnostics {
+ enabled = module.common.boot_diagnostics
+ storage_uri = module.common.boot_diagnostics ? join(",", azurerm_storage_account.vm-boot-diagnostics-storage.*.primary_blob_endpoint) : ""
+ }
+
+ os_profile {
+ computer_name = var.mds_name
+ admin_username = module.common.admin_username
+ admin_password = module.common.admin_password
+ custom_data = templatefile("${path.module}/cloud-init.sh", {
+ installation_type = var.installation_type
+ allow_upload_download = module.common.allow_upload_download
+ os_version = module.common.os_version
+ template_name = module.common.template_name
+ template_version = module.common.template_version
+ template_type = "terraform"
+ is_blink = module.common.is_blink
+ bootstrap_script64 = base64encode(var.bootstrap_script)
+ location = module.common.resource_group_location
+ management_GUI_client_network = var.management_GUI_client_network
+ enable_api = var.mds_enable_api
+ admin_shell = var.admin_shell
+ sic_key = var.sic_key
+ primary = var.primary
+ secondary = var.secondary
+ logserver = var.logserver
+ serial_console_password_hash = var.serial_console_password_hash
+ maintenance_mode_password_hash = var.maintenance_mode_password_hash
+ })
+ }
+
+
+ os_profile_linux_config {
+ disable_password_authentication = local.SSH_authentication_type_condition
+
+ dynamic "ssh_keys" {
+ for_each = local.SSH_authentication_type_condition ? [
+ 1] : []
+ content {
+ path = "/home/notused/.ssh/authorized_keys"
+ key_data = file("${path.module}/azure_public_key")
+ }
+ }
+ }
+
+ storage_image_reference {
+ id = local.custom_image_condition ? azurerm_image.custom-image[0].id : null
+ publisher = local.custom_image_condition ? null : module.common.publisher
+ offer = module.common.vm_os_offer
+ sku = module.common.vm_os_sku
+ version = module.common.vm_os_version
+ }
+
+ storage_os_disk {
+ name = var.mds_name
+ create_option = module.common.storage_os_disk_create_option
+ caching = module.common.storage_os_disk_caching
+ managed_disk_type = module.common.storage_account_type
+ disk_size_gb = module.common.disk_size
+ }
+}
\ No newline at end of file
diff --git a/deprecated/terraform/azure/R8040-R81/mds-existing-vnet/terraform.tfvars b/deprecated/terraform/azure/R8040-R81/mds-existing-vnet/terraform.tfvars
new file mode 100644
index 00000000..61547ee1
--- /dev/null
+++ b/deprecated/terraform/azure/R8040-R81/mds-existing-vnet/terraform.tfvars
@@ -0,0 +1,35 @@
+#PLEASE refer to the README.md for accepted values for the variables below
+client_secret = "PLEASE ENTER CLIENT SECRET" # "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"
+client_id = "PLEASE ENTER CLIENT ID" # "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"
+tenant_id = "PLEASE ENTER TENANT ID" # "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"
+subscription_id = "PLEASE ENTER SUBSCRIPTION ID" # "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"
+source_image_vhd_uri = "PLEASE ENTER SOURCE IMAGE VHD URI OR noCustomUri" # "noCustomUri"
+resource_group_name = "PLEASE ENTER RESOURCE GROUP NAME" # "checkpoint-mds-rg-terraform"
+mds_name = "PLEASE ENTER MDS NAME" # "checkpoint-mds-terraform"
+location = "PLEASE ENTER LOCATION" # "eastus"
+vnet_name = "PLEASE ENTER VIRTUAL NETWORK NAME" # "checkpoint-mds-vnet"
+vnet_resource_group = "PLEASE ENTER VIRTUAL NETWORK RESOURCE GROUP NAME" # "existing-vnet"
+management_subnet_name = "PLEASE ENTER MANAGEMENT SUBNET NAME" # "mgmt-subnet"
+subnet_1st_Address = "PLEASE ENTER SUBNET FIRST ADDRESS" # "10.0.1.4"
+management_GUI_client_network = "PLEASE ENTER A MANAGEMENT GUI CLIENT NETWORK" # "0.0.0.0/0"
+mds_enable_api = "PLEASE ENTER FOR WHOM TO ENABLE API ACCESS OR disable" # "disable"
+admin_password = "PLEASE ENTER ADMIN PASSWORD" # "xxxxxxxxxxxx"
+vm_size = "PLEASE ENTER VM SIZE" # "Standard_D3_v2"
+disk_size = "PLEASE ENTER DISK SIZE" # "110"
+vm_os_sku = "PLEASE ENTER VM SKU" # "mgmt-byol"
+vm_os_offer = "PLEASE ENTER VM OFFER" # "check-point-cg-r8110"
+os_version = "PLEASE ENTER GAIA OS VERSION" # "R8110"
+bootstrap_script = "PLEASE ENTER CUSTOM SCRIPT OR LEAVE EMPTY DOUBLE QUOTES" # "touch /home/admin/bootstrap.txt; echo 'hello_world' > /home/admin/bootstrap.txt"
+allow_upload_download = "PLEASE ENTER true or false" # true
+authentication_type = "PLEASE ENTER AUTHENTICATION TYPE" # "Password"
+admin_shell = "PLEASE ENTER ADMIN SHELL" # "/etc/cli.sh"
+sic_key = "PLEASE ENTER SIC KEY" # "xxxxxxxxxxxx"
+installation_type = "PLEASE ENTER INSTALLATION TYPE" # "mds-primary"
+primary = "PLEASE ENTER true or false" # "true"
+secondary = "PLEASE ENTER true or false" # "false"
+logserver = "PLEASE ENTER true or false" # "false"
+serial_console_password_hash = "PLEASE ENTER SERIAL CONSOLE PASSWORD HASH" # "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"
+maintenance_mode_password_hash = "PLEASE ENTER MAINTENANCE MODE PASSWORD HASH" # "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"
+nsg_id = "PLEASE ENTER NETWORK SECURITY GROUP ID" # ""
+add_storage_account_ip_rules = "PLEASE ENTER true or false" # false
+storage_account_additional_ips = "PLEASE ENTER A LIST OF VALID IPS/CIDRS" # []
\ No newline at end of file
diff --git a/deprecated/terraform/azure/R8040-R81/mds-existing-vnet/variables.tf b/deprecated/terraform/azure/R8040-R81/mds-existing-vnet/variables.tf
new file mode 100644
index 00000000..8896ceae
--- /dev/null
+++ b/deprecated/terraform/azure/R8040-R81/mds-existing-vnet/variables.tf
@@ -0,0 +1,280 @@
+//********************** Basic Configuration Variables **************************//
+variable "mds_name" {
+ description = "MDS name"
+ type = string
+}
+
+variable "resource_group_name" {
+ description = "Azure Resource Group name to build into"
+ type = string
+}
+
+variable "location" {
+ description = "The location/region where resource will be created. The full list of Azure regions can be found at https://azure.microsoft.com/regions"
+ type = string
+}
+
+//********************** Virtual Machine Instances Variables **************************//
+variable "source_image_vhd_uri" {
+ type = string
+ description = "The URI of the blob containing the development image. Please use noCustomUri if you want to use marketplace images."
+ default = "noCustomUri"
+}
+
+variable "admin_username" {
+ description = "Administrator username of deployed VM. Due to Azure limitations 'notused' name can be used"
+ default = "notused"
+}
+
+variable "admin_password" {
+ description = "Administrator password of deployed Virtual Machine. The password must meet the complexity requirements of Azure"
+ type = string
+}
+
+variable "serial_console_password_hash" {
+ description = "Optional parameter, used to enable serial console connection in case of SSH key as authentication type"
+ type = string
+}
+
+variable "maintenance_mode_password_hash" {
+ description = "Maintenance mode password hash, relevant only for R81.20 and higher versions"
+ type = string
+}
+
+variable "authentication_type" {
+ description = "Specifies whether a password authentication or SSH Public Key authentication should be used"
+ type = string
+}
+locals { // locals for 'authentication_type' allowed values
+ authentication_type_allowed_values = [
+ "Password",
+ "SSH Public Key"
+ ]
+ // will fail if [var.authentication_type] is invalid:
+ validate_authentication_type_value = index(local.authentication_type_allowed_values, var.authentication_type)
+}
+
+variable "template_name" {
+ description = "Template name. Should be defined according to deployment type(mds, ha, vmss)"
+ type = string
+ default = "mds_terraform"
+}
+
+variable "template_version" {
+ description = "Template version. It is recommended to always use the latest template version"
+ type = string
+ default = "20230910"
+}
+
+variable "installation_type" {
+ description = "Installaiton type"
+ type = string
+ default = "mds-primary"
+}
+
+variable "primary" {
+ type = string
+}
+
+variable "secondary" {
+ type = string
+}
+
+variable "logserver" {
+ type = string
+}
+
+locals { //locals for 'installation_type'
+ isntallation_type_allowed_values = [
+ "mds-primary",
+ "mds-secondary",
+ "mds-logserver"
+ ]
+}
+
+variable "vm_size" {
+ description = "Specifies size of Virtual Machine"
+ type = string
+}
+
+variable "disk_size" {
+ description = "Storage data disk size size(GB). Select a number between 100 and 3995"
+ type = string
+}
+
+variable "os_version" {
+ description = "GAIA OS version"
+ type = string
+}
+
+locals { // locals for 'vm_os_offer' allowed values
+ os_version_allowed_values = [
+ "R8040",
+ "R81",
+ "R8110",
+ "R8120"
+ ]
+ // will fail if [var.os_version] is invalid:
+ validate_os_version_value = index(local.os_version_allowed_values, var.os_version)
+}
+
+variable "vm_os_sku" {
+ description = "The sku of the image to be deployed."
+ type = string
+}
+
+variable "vm_os_offer" {
+ description = "The name of the image offer to be deployed.Choose from: check-point-cg-r8040, check-point-cg-r81, check-point-cg-r8110, check-point-cg-r8120"
+ type = string
+}
+
+locals { // locals for 'vm_os_offer' allowed values
+ vm_os_offer_allowed_values = [
+ "check-point-cg-r8040",
+ "check-point-cg-r81",
+ "check-point-cg-r8110",
+ "check-point-cg-r8120"
+ ]
+ // will fail if [var.vm_os_offer] is invalid:
+ validate_os_offer_value = index(local.vm_os_offer_allowed_values, var.vm_os_offer)
+}
+
+variable "allow_upload_download" {
+ description = "Automatically download Blade Contracts and other important data. Improve product experience by sending data to Check Point"
+ type = bool
+}
+
+variable "admin_shell" {
+ description = "The admin shell to configure on machine or the first time"
+ type = string
+ default = "/etc/cli.sh"
+}
+
+locals {
+ admin_shell_allowed_values = [
+ "/etc/cli.sh",
+ "/bin/bash",
+ "/bin/csh",
+ "/bin/tcsh"
+ ]
+ // Will fail if [var.admin_shell] is invalid
+ validate_admin_shell_value = index(local.admin_shell_allowed_values, var.admin_shell)
+}
+
+//********************** Networking Variables **************************//
+variable "vnet_name" {
+ description = "Virtual Network name"
+ type = string
+}
+
+variable "management_subnet_name" {
+ description = "management subnet name"
+ type = string
+}
+
+variable "subnet_1st_Address" {
+ description = "The first available address of the subnet"
+ type = string
+}
+
+variable "vnet_resource_group" {
+ description = "Resource group of existing vnet"
+ type = string
+}
+
+variable "vnet_allocation_method" {
+ description = "IP address allocation method"
+ type = string
+ default = "Static"
+}
+
+variable "management_GUI_client_network" {
+ description = "Allowed GUI clients - GUI clients network CIDR"
+ type = string
+ validation {
+ condition = can(regex("(^0\\.0\\.0\\.0\\/0$)|(^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\\/32)?$)", var.management_GUI_client_network)) && var.management_GUI_client_network != "0.0.0.0/32"
+ error_message = "Variable [management_GUI_client_network] must be a valid IPv4 network CIDR (only 0.0.0.0/0, X.X.X.X/32 or X.X.X.X are acceptable)."
+ }
+}
+
+variable "mds_enable_api" {
+ description = "Enable api access to the management. allowed values: all, management_only, gui_clients, disable"
+ type = string
+ default = "disable"
+}
+
+locals {
+ mds_enable_api_allowed_values = [
+ "disable",
+ "all",
+ "management_only",
+ "gui_clients"
+ ]
+ // will fail if [var.mds_enable_api] is invalid:
+ validate_mds_enable_api_value = index(local.mds_enable_api_allowed_values, var.mds_enable_api)
+
+ regex_valid_subnet_1st_Address = "^((25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\\.){3}(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)$"
+ // Will fail if var.subnet_1st_Address is invalid
+ regex_subnet_1st_Address = regex(local.regex_valid_subnet_1st_Address, var.subnet_1st_Address) == var.subnet_1st_Address ? 0 : "Variable [subnet_1st_Address] must be a valid address."
+}
+
+variable "bootstrap_script" {
+ description = "An optional script to run on the initial boot"
+ default = ""
+ type = string
+ #example:
+ #"touch /home/admin/bootstrap.txt; echo 'hello_world' > /home/admin/bootstrap.txt"
+}
+
+variable "nsg_id" {
+ description = "NSG ID - Optional - if empty use default NSG"
+ default = ""
+}
+
+variable "add_storage_account_ip_rules" {
+ type = bool
+ default = false
+ description = "Add Storage Account IP rules that allow access to the Serial Console only for IPs based on their geographic location"
+}
+
+variable "storage_account_additional_ips" {
+ type = list(string)
+ description = "IPs/CIDRs that are allowed access to the Storage Account"
+ default = []
+}
+//********************** Credentials **************************//
+
+variable "tenant_id" {
+ description = "Tenant ID"
+ type = string
+}
+
+variable "subscription_id" {
+ description = "Subscription ID"
+ type = string
+}
+
+variable "client_id" {
+ description = "Application ID(Client ID)"
+ type = string
+}
+
+variable "client_secret" {
+ description = "A secret string that the application uses to prove its identity when requesting a token. Also can be referred to as application password."
+ type = string
+}
+
+variable sic_key {
+ description = "sic_key"
+ type = string
+}
+
+resource "null_resource" "sic_key_invalid" {
+ count = length(var.sic_key) >= 12 ? 0 : "SIC key must be at least 12 characters long"
+}
+
+variable "sku" {
+ description = "SKU"
+ type = string
+ default = "Standard"
+}
diff --git a/deprecated/terraform/azure/R8040-R81/mds-existing-vnet/versions.tf b/deprecated/terraform/azure/R8040-R81/mds-existing-vnet/versions.tf
new file mode 100644
index 00000000..0d5ca4f3
--- /dev/null
+++ b/deprecated/terraform/azure/R8040-R81/mds-existing-vnet/versions.tf
@@ -0,0 +1,12 @@
+terraform {
+ required_version = ">= 0.14.3"
+ required_providers {
+ azurerm = {
+ source = "hashicorp/azurerm"
+ version = "~> 3.81.0"
+ }
+ random = {
+ version = "~> 3.5.1"
+ }
+ }
+}
\ No newline at end of file
diff --git a/deprecated/terraform/azure/R8040-R81/mds-new-vnet/README.md b/deprecated/terraform/azure/R8040-R81/mds-new-vnet/README.md
new file mode 100644
index 00000000..293c3862
--- /dev/null
+++ b/deprecated/terraform/azure/R8040-R81/mds-new-vnet/README.md
@@ -0,0 +1,188 @@
+# Check Point CloudGuard Network Security MDS Terraform deployment for Azure
+
+This Terraform module deploys Check Point CloudGuard Network Security Management solution into a new Vnet in Azure.
+As part of the deployment the following resources are created:
+- Resource group
+- Virtual network
+- Network security group
+- Virtual Machine
+- System assigned identity
+
+This solution uses the following modules:
+- /terraform/azure/modules/common - used for creating a resource group and defining common variables.
+- /terraform/azure/modules/vnet - used for creating new virtual network and subnets.
+- /terraform/azure/modules/network-security-group - used for creating new network security groups and rules.
+
+
+## Configurations
+- Install and configure Terraform to provision Azure resources: [Configure Terraform for Azure](https://docs.microsoft.com/en-us/azure/virtual-machines/linux/terraform-install-configure)
+- In order to use ssh connection to VMs, it is **required** to add a public key to the /terraform/azure/mds-new-vnet/azure_public_key file.
+
+## Usage
+- Choose the preferred login method to Azure in order to deploy the solution:
+
1. Using Service Principal:
+ - Create a [Service Principal](https://docs.microsoft.com/en-us/azure/active-directory/develop/howto-create-service-principal-portal) (or use the existing one)
+ - Grant the Service Principal at least "**Managed Application Contributor**", "**Storage Account Contributor**", "**Network Contributor**", "**Virtual Machine Contributor**" permissions to the Azure subscription
+ - The Service Principal credentials can be stored either in the terraform.tfvars or as [Environment Variables](https://www.terraform.io/docs/providers/azuread/guides/service_principal_client_secret.html)
+
+ In case the Environment Variables are used, perform modifications described below:
+
+ a. The next lines in the main.tf file, in the provider azurerm resource, need to be deleted or commented:
+
+ provider "azurerm" {
+
+ // subscription_id = var.subscription_id
+ // client_id = var.client_id
+ // client_secret = var.client_secret
+ // tenant_id = var.tenant_id
+
+ features {}
+ }
+
+ b. In the terraform.tfvars file leave empty double quotes for client_secret, client_id , tenant_id and subscription_id variables:
+
+ client_secret = ""
+ client_id = ""
+ tenant_id = ""
+ subscription_id = ""
+
+
2. Using **az** commands from a command-line:
+ - Run **az login** command
+ - Sign in with your account credentials in the browser
+ - [Accept Azure Marketplace image terms](https://docs.microsoft.com/en-us/cli/azure/vm/image/terms?view=azure-cli-latest) by running:
+
**az vm image terms accept --urn publisher:offer:sku:version**, where:
+ - publisher = checkpoint;
+ - offer = vm_os_offer (see accepted values in the table below);
+ - sku = vm_os_sku (see accepted values in the table below);
+ - version = latest
+
Example:
+ az vm image terms accept --urn checkpoint:check-point-cg-r8040:sg-byol:latest
+
+ - In the terraform.tfvars file leave empty double quotes for client_secret, client_id and tenant_id variables.
+
+- Fill all variables in the /terraform/azure/mds-new-vnet/terraform.tfvars file with proper values (see below for variables descriptions).
+- From a command line initialize the Terraform configuration directory:
+
+ terraform init
+- Create an execution plan:
+
+ terraform plan
+- Create or modify the deployment:
+
+ terraform apply
+
+### terraform.tfvars variables:
+ | Name | Description | Type | Allowed values | Default |
+ | ------------- | ------------- | ------------- | ------------- | ------------- |
+ | **client_secret** | The client secret value of the Service Principal used to deploy the solution | string | | n/a
+ | | | | | |
+ | **client_id** | The client ID of the Service Principal used to deploy the solution | string | | n/a
+ | | | | | |
+ | **tenant_id** | The tenant ID of the Service Principal used to deploy the solution | string | | n/a
+ | | | | | |
+ | **subscription_id** | The subscription ID is used to pay for Azure cloud services | string | | n/a
+ | | | | | |
+ | **source_image_vhd_uri** | The URI of the blob containing the development image. Please use noCustomUri if you want to use marketplace images | string | | "noCustomUri"
+ | | | | | |
+ | **resource_group_name** | The name of the resource group that will contain the contents of the deployment | string | Resource group names only allow alphanumeric characters, periods, underscores, hyphens and parenthesis and cannot end in a period | n/a
+ | | | | | |
+ | **mds_name** | MDS name | string | | n/a
+ | | | | | |
+ | **location** | The region where the resources will be deployed at | string | The full list of Azure regions can be found at https://azure.microsoft.com/regions | n/a
+ | | | | | |
+ | **vnet_name** | The name of virtual network that will be created | string | The name must begin with a letter or number, end with a letter, number or underscore, and may contain only letters, numbers, underscores, periods, or hyphens | n/a
+ | | | | | |
+ | **address_space** | The address space that is used by a Virtual Network | string | A valid address in CIDR notation | "10.0.0.0/16"
+ | | | | | |
+ | **subnet_prefix** | Address prefix to be used for network subnet | string | A valid address in CIDR notation | "10.0.0.0/24"
+ | | | | | |
+ | **management_GUI_client_network** | Allowed GUI clients - GUI clients network CIDR | string | | n/a
+ | | | | | |
+ | **mds_enable_api** | Enable api access to the mds | string | - "all";
- "management_only";
- "gui_clients"
- "disable"; | "disable"
+ | | | | | |
+ | **admin_password** | The password associated with the local administrator account on the mds | string | Password must have 3 of the following: 1 lower case character, 1 upper case character, 1 number, and 1 special character | n/a
+ | | | | | |
+ | **vm_size** | Specifies the size of Virtual Machine | string | "Standard_DS2_v2", "Standard_DS3_v2", "Standard_DS4_v2", "Standard_DS5_v2", "Standard_F2s", "Standard_F4s", "Standard_F8s", "Standard_F16s", "Standard_D4s_v3", "Standard_D8s_v3", "Standard_D16s_v3", "Standard_D32s_v3", "Standard_D64s_v3", "Standard_E4s_v3", "Standard_E8s_v3", "Standard_E16s_v3", "Standard_E20s_v3", "Standard_E32s_v3", "Standard_E64s_v3", "Standard_E64is_v3", "Standard_F4s_v2", "Standard_F8s_v2", "Standard_F16s_v2", "Standard_F32s_v2", "Standard_F64s_v2", "Standard_M8ms", "Standard_M16ms", "Standard_M32ms", "Standard_M64ms", "Standard_M64s", "Standard_D2_v2", "Standard_D3_v2", "Standard_D4_v2", "Standard_D5_v2", "Standard_D11_v2", "Standard_D12_v2", "Standard_D13_v2", "Standard_D14_v2", "Standard_D15_v2", "Standard_F2", "Standard_F4", "Standard_F8", "Standard_F16", "Standard_D4_v3", "Standard_D8_v3", "Standard_D16_v3", "Standard_D32_v3", "Standard_D64_v3", "Standard_E4_v3", "Standard_E8_v3", "Standard_E16_v3", "Standard_E20_v3", "Standard_E32_v3", "Standard_E64_v3", "Standard_E64i_v3", "Standard_DS11_v2", "Standard_DS12_v2", "Standard_DS13_v2", "Standard_DS14_v2", "Standard_DS15_v2", "Standard_D2_v5", "Standard_D4_v5", "Standard_D8_v5", "Standard_D16_v5","Standard_D32_v5", "Standard_D2s_v5", "Standard_D4s_v5", "Standard_D8s_v5", "Standard_D16s_v5", "Standard_D2d_v5", "Standard_D4d_v5", "Standard_D8d_v5", "Standard_D16d_v5", "Standard_D32d_v5", "Standard_D2ds_v5", "Standard_D4ds_v5", "Standard_D8ds_v5", "Standard_D16ds_v5", "Standard_D32ds_v5" | n/a
+ | | | | | |
+ | **disk_size** | Storage data disk size size(GB) | string | A number in the range 100 - 3995 (GB) | n/a
+ | | | | | |
+ | **vm_os_sku** | A sku of the image to be deployed | string | "mgmt-byol" - BYOL license;
"mgmt-25" - PAYG; | n/a
+ | | | | | |
+ | **vm_os_offer** | The name of the image offer to be deployed | string | "check-point-cg-r8040";
"check-point-cg-r81";
"check-point-cg-r8110";
"check-point-cg-r8120"; | n/a
+ | | | | | |
+ | **os_version** | GAIA OS version | string | "R8040";
"R81";
"R8110";
"R8120";| n/a
+ | | | | | |
+ | **bootstrap_script** | An optional script to run on the initial boot | string | Bootstrap script example:
"touch /home/admin/bootstrap.txt; echo 'hello_world' > /home/admin/bootstrap.txt"
The script will create bootstrap.txt file in the /home/admin/ and add 'hello word' string into it | ""
+ | | | | | |
+ | **allow_upload_download** | Automatically download Blade Contracts and other important data. Improve product experience by sending data to Check Point | boolean | true;
false; | n/a
+ | | | | | |
+ | **authentication_type** | Specifies whether a password authentication or SSH Public Key authentication should be used | string | "Password";
"SSH Public Key"; | n/a
+ | | | | | |
+ | **admin_shell** | Enables to select different admin shells | string | /etc/cli.sh;
/bin/bash;
/bin/csh;
/bin/tcsh; | "/etc/cli.sh"
+ | | | | | |
+ | **sic_key** | Set the Secure Internal Communication one time secret used to set up trust between the primary and secondary servers. SIC key must be provided if installing a secondary Multi-Domain Server | string | Only alphanumeric characters are allowed, and the value must be 12-30 characters long | n/a
+ | | | | | |
+ | **installation_type** | Enables to select installation type- gateway/standalone | string | mds-primary;
mds-secondary;
mds-logserver; | n/a
+ | | | | | |
+ | **serial_console_password_hash** | Optional parameter, used to enable serial console connection in case of SSH key as authentication type, to generate password hash use the command 'openssl passwd -6 PASSWORD' on Linux and paste it here | string | | n/a
+ | | | | | |
+ | **maintenance_mode_password_hash** | Maintenance mode password hash, relevant only for R81.20 and higher versions, to generate a password hash use the command 'grub2-mkpasswd-pbkdf2' on Linux and paste it here | string | | n/a
+ | | | | | |
+ | **nsg_id** | Optional ID for a Network Security Group that already exists in Azure, if not provided, will create a default NSG | string | Existing NSG resource ID | ""
+ | | | | | |
+ | **add_storage_account_ip_rules** | Add Storage Account IP rules that allow access to the Serial Console only for IPs based on their geographic location, if false then accses will be allowed from all networks | boolean | true;
false; | false
+ | | | | | |
+ | **storage_account_additional_ips** | IPs/CIDRs that are allowed access to the Storage Account | list(string) | A list of valid IPs and CIDRs | []
+
+
+## Example
+ client_secret = "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"
+ client_id = "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"
+ tenant_id = "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"
+ subscription_id = "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"
+ source_image_vhd_uri = "noCustomUri"
+ resource_group_name = "checkpoint-mds-rg-terraform"
+ mds_name = "checkpoint-mds-terraform"
+ location = "eastus"
+ vnet_name = "checkpoint-mds-vnet"
+ address_space = "10.0.0.0/16"
+ subnet_prefix = "10.0.0.0/24"
+ management_GUI_client_network = "0.0.0.0/0"
+ mds_enable_api = "disable"
+ admin_password = "xxxxxxxxxxxx"
+ vm_size = "Standard_D3_v2"
+ disk_size = "110"
+ vm_os_sku = "mgmt-byol"
+ vm_os_offer = "check-point-cg-r8110"
+ os_version = "R8110"
+ bootstrap_script = "touch /home/admin/bootstrap.txt; echo 'hello_world' > /home/admin/bootstrap.txt"
+ allow_upload_download = true
+ authentication_type = "Password"
+ admin_shell = "/etc/cli.sh"
+ sic_key = "xxxxxxxxxxxx"
+ installation_type = "mds-primary"
+ primary = "true"
+ secondary = "false"
+ logserver = "false"
+ serial_console_password_hash = "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"
+ maintenance_mode_password_hash = "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"
+ nsg_id = ""
+ add_storage_account_ip_rules = false
+ storage_account_additional_ips = []
+
+## Revision History
+In order to check the template version refer to the [sk116585](https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk116585)
+
+| Template Version | Description |
+|------------------|---------------------------------------------------------------------------------------------|
+| 20240613 | - Updated Azure Terraform provider version
- Cosmetic fixes & default values
- Added option to limit storage account access by specify allowed sourcess
- Updated Public IP sku to Standard
- Added validation for os_version & os_offer |
+| | | |
+| 20230910 | - R81.20 is the default version |
+| | | |
+| 20230629 | First release of Check Point CloudGuard Network Security MDS Terraform deployment for Azure |
+| | | |
+
+## License
+
+See the [LICENSE](../../LICENSE) file for details
+
diff --git a/deprecated/terraform/azure/R8040-R81/mds-new-vnet/azure_public_key b/deprecated/terraform/azure/R8040-R81/mds-new-vnet/azure_public_key
new file mode 100644
index 00000000..e69de29b
diff --git a/deprecated/terraform/azure/R8040-R81/mds-new-vnet/cloud-init.sh b/deprecated/terraform/azure/R8040-R81/mds-new-vnet/cloud-init.sh
new file mode 100644
index 00000000..627de012
--- /dev/null
+++ b/deprecated/terraform/azure/R8040-R81/mds-new-vnet/cloud-init.sh
@@ -0,0 +1,20 @@
+#!/usr/bin/python3 /etc/cloud_config.py
+
+installationType="${installation_type}"
+allowUploadDownload="${allow_upload_download}"
+osVersion="${os_version}"
+templateName="${template_name}"
+templateVersion="${template_version}"
+templateType="${template_type}"
+isBlink="${is_blink}"
+bootstrapScript64="${bootstrap_script64}"
+location="${location}"
+managementGUIClientNetwork="${management_GUI_client_network}"
+enableApi="${enable_api}"
+adminShell="${admin_shell}"
+sicKey="${sic_key}"
+primary="${primary}"
+secondary="${secondary}"
+logserver="${logserver}"
+passwordHash="${serial_console_password_hash}"
+MaintenanceModePassword="${maintenance_mode_password_hash}"
diff --git a/deprecated/terraform/azure/R8040-R81/mds-new-vnet/main.tf b/deprecated/terraform/azure/R8040-R81/mds-new-vnet/main.tf
new file mode 100644
index 00000000..f3162e70
--- /dev/null
+++ b/deprecated/terraform/azure/R8040-R81/mds-new-vnet/main.tf
@@ -0,0 +1,321 @@
+//********************** Providers **************************//
+provider "azurerm" {
+ subscription_id = var.subscription_id
+ client_id = var.client_id
+ client_secret = var.client_secret
+ tenant_id = var.tenant_id
+
+ features {}
+}
+
+//********************** Basic Configuration **************************//
+module "common" {
+ source = "../modules/common"
+ resource_group_name = var.resource_group_name
+ location = var.location
+ admin_password = var.admin_password
+ installation_type = var.installation_type
+ template_name = var.template_name
+ template_version = var.template_version
+ number_of_vm_instances = 1
+ allow_upload_download = var.allow_upload_download
+ vm_size = var.vm_size
+ disk_size = var.disk_size
+ is_blink = false
+ os_version = var.os_version
+ vm_os_sku = var.vm_os_sku
+ vm_os_offer = var.vm_os_offer
+ authentication_type = var.authentication_type
+ serial_console_password_hash = var.serial_console_password_hash
+ maintenance_mode_password_hash = var.maintenance_mode_password_hash
+ storage_account_additional_ips = var.storage_account_additional_ips
+}
+
+//********************** Networking **************************//
+module "vnet" {
+ source = "../modules/vnet"
+
+ vnet_name = var.vnet_name
+ resource_group_name = module.common.resource_group_name
+ location = module.common.resource_group_location
+ address_space = var.address_space
+ subnet_prefixes = [var.subnet_prefix]
+ subnet_names = ["${var.mds_name}-subnet"]
+ nsg_id = var.nsg_id == "" ? module.network-security-group[0].network_security_group_id: var.nsg_id
+}
+
+module "network-security-group" {
+ source = "../modules/network-security-group"
+ count = var.nsg_id == "" ? 1 : 0
+ resource_group_name = module.common.resource_group_name
+ security_group_name = "${module.common.resource_group_name}-nsg"
+ location = module.common.resource_group_location
+ security_rules = [
+ {
+ name = "SSH"
+ priority = "100"
+ direction = "Inbound"
+ access = "Allow"
+ protocol = "Tcp"
+ source_port_ranges = "*"
+ destination_port_ranges = "22"
+ description = "Allow inbound SSH connection"
+ source_address_prefix = var.management_GUI_client_network
+ destination_address_prefix = "*"
+ },
+ {
+ name = "GAiA-portal"
+ priority = "110"
+ direction = "Inbound"
+ access = "Allow"
+ protocol = "Tcp"
+ source_port_ranges = "*"
+ destination_port_ranges = "443"
+ description = "Allow inbound HTTPS access to the GAiA portal"
+ source_address_prefix = var.management_GUI_client_network
+ destination_address_prefix = "*"
+ },
+ {
+ name = "SmartConsole-1"
+ priority = "120"
+ direction = "Inbound"
+ access = "Allow"
+ protocol = "Tcp"
+ source_port_ranges = "*"
+ destination_port_ranges = "18190"
+ description = "Allow inbound access using the SmartConsole GUI client"
+ source_address_prefix = var.management_GUI_client_network
+ destination_address_prefix = "*"
+ },
+ {
+ name = "SmartConsole-2"
+ priority = "130"
+ direction = "Inbound"
+ access = "Allow"
+ protocol = "Tcp"
+ source_port_ranges = "*"
+ destination_port_ranges = "19009"
+ description = "Allow inbound access using the SmartConsole GUI client"
+ source_address_prefix = var.management_GUI_client_network
+ destination_address_prefix = "*"
+ },
+ {
+ name = "Logs"
+ priority = "140"
+ direction = "Inbound"
+ access = "Allow"
+ protocol = "Tcp"
+ source_port_ranges = "*"
+ destination_port_ranges = "257"
+ description = "Allow inbound logging connections from managed gateways"
+ source_address_prefix = "*"
+ destination_address_prefix = "*"
+ },
+ {
+ name = "ICA-pull"
+ priority = "150"
+ direction = "Inbound"
+ access = "Allow"
+ protocol = "Tcp"
+ source_port_ranges = "*"
+ destination_port_ranges = "18210"
+ description = "Allow security gateways to pull a SIC certificate"
+ source_address_prefix = "*"
+ destination_address_prefix = "*"
+ },
+ {
+ name = "CRL-fetch"
+ priority = "160"
+ direction = "Inbound"
+ access = "Allow"
+ protocol = "Tcp"
+ source_port_ranges = "*"
+ destination_port_ranges = "18264"
+ description = "Allow security gateways to fetch CRLs"
+ source_address_prefix = "*"
+ destination_address_prefix = "*"
+ },
+ {
+ name = "Policy-fetch"
+ priority = "170"
+ direction = "Inbound"
+ access = "Allow"
+ protocol = "Tcp"
+ source_port_ranges = "*"
+ destination_port_ranges = "18191"
+ description = "Allow security gateways to fetch policy"
+ source_address_prefix = "*"
+ destination_address_prefix = "*"
+ }
+ ]
+}
+
+resource "azurerm_public_ip" "public-ip" {
+ name = var.mds_name
+ location = module.common.resource_group_location
+ resource_group_name = module.common.resource_group_name
+ allocation_method = var.vnet_allocation_method
+ sku = var.sku
+ idle_timeout_in_minutes = 30
+ domain_name_label = join("", [
+ lower(var.mds_name),
+ "-",
+ random_id.randomId.hex])
+}
+
+resource "azurerm_network_interface_security_group_association" "security_group_association" {
+ depends_on = [azurerm_network_interface.nic, module.network-security-group]
+ network_interface_id = azurerm_network_interface.nic.id
+ network_security_group_id = var.nsg_id == "" ? module.network-security-group[0].network_security_group_id: var.nsg_id
+}
+
+resource "azurerm_network_interface" "nic" {
+ depends_on = [
+ azurerm_public_ip.public-ip]
+ name = "${var.mds_name}-eth0"
+ location = module.common.resource_group_location
+ resource_group_name = module.common.resource_group_name
+ enable_ip_forwarding = false
+
+ ip_configuration {
+ name = "ipconfig1"
+ subnet_id = module.vnet.vnet_subnets[0]
+ private_ip_address_allocation = var.vnet_allocation_method
+ private_ip_address = cidrhost(var.subnet_prefix, 4)
+ public_ip_address_id = azurerm_public_ip.public-ip.id
+ }
+}
+
+//********************** Storage accounts **************************//
+// Generate random text for a unique storage account name
+resource "random_id" "randomId" {
+ keepers = {
+ # Generate a new ID only when a new resource group is defined
+ resource_group = module.common.resource_group_name
+ }
+ byte_length = 8
+}
+resource "azurerm_storage_account" "vm-boot-diagnostics-storage" {
+ name = "bootdiag${random_id.randomId.hex}"
+ resource_group_name = module.common.resource_group_name
+ location = module.common.resource_group_location
+ account_tier = module.common.storage_account_tier
+ account_replication_type = module.common.account_replication_type
+ account_kind = "Storage"
+ network_rules {
+ default_action = var.add_storage_account_ip_rules ? "Deny" : "Allow"
+ ip_rules = module.common.storage_account_ip_rules
+ }
+ blob_properties {
+ delete_retention_policy {
+ days = "15"
+ }
+ }
+
+}
+
+//********************** Virtual Machines **************************//
+locals {
+ SSH_authentication_type_condition = var.authentication_type == "SSH Public Key" ? true : false
+ custom_image_condition = var.source_image_vhd_uri == "noCustomUri" ? false : true
+}
+
+resource "azurerm_image" "custom-image" {
+ count = local.custom_image_condition ? 1 : 0
+ name = "custom-image"
+ location = var.location
+ resource_group_name = module.common.resource_group_name
+
+ os_disk {
+ os_type = "Linux"
+ os_state = "Generalized"
+ blob_uri = var.source_image_vhd_uri
+ }
+}
+
+resource "azurerm_virtual_machine" "mds-vm-instance" {
+ depends_on = [
+ azurerm_network_interface.nic]
+ location = module.common.resource_group_location
+ name = var.mds_name
+ network_interface_ids = [
+ azurerm_network_interface.nic.id]
+ resource_group_name = module.common.resource_group_name
+ vm_size = module.common.vm_size
+ delete_os_disk_on_termination = module.common.delete_os_disk_on_termination
+ primary_network_interface_id = azurerm_network_interface.nic.id
+
+ identity {
+ type = module.common.vm_instance_identity
+ }
+
+ dynamic "plan" {
+ for_each = local.custom_image_condition ? [
+ ] : [1]
+ content {
+ name = module.common.vm_os_sku
+ publisher = module.common.publisher
+ product = module.common.vm_os_offer
+ }
+ }
+
+ boot_diagnostics {
+ enabled = module.common.boot_diagnostics
+ storage_uri = module.common.boot_diagnostics ? join(",", azurerm_storage_account.vm-boot-diagnostics-storage.*.primary_blob_endpoint) : ""
+ }
+
+ os_profile {
+ computer_name = var.mds_name
+ admin_username = module.common.admin_username
+ admin_password = module.common.admin_password
+ custom_data = templatefile("${path.module}/cloud-init.sh", {
+ installation_type = var.installation_type
+ allow_upload_download = module.common.allow_upload_download
+ os_version = module.common.os_version
+ template_name = module.common.template_name
+ template_version = module.common.template_version
+ template_type = "terraform"
+ is_blink = module.common.is_blink
+ bootstrap_script64 = base64encode(var.bootstrap_script)
+ location = module.common.resource_group_location
+ management_GUI_client_network = var.management_GUI_client_network
+ enable_api = var.mds_enable_api
+ admin_shell = var.admin_shell
+ sic_key = var.sic_key
+ primary = var.primary
+ secondary = var.secondary
+ logserver = var.logserver
+ serial_console_password_hash = var.serial_console_password_hash
+ maintenance_mode_password_hash = var.maintenance_mode_password_hash
+ })
+ }
+
+ os_profile_linux_config {
+ disable_password_authentication = local.SSH_authentication_type_condition
+
+ dynamic "ssh_keys" {
+ for_each = local.SSH_authentication_type_condition ? [
+ 1] : []
+ content {
+ path = "/home/notused/.ssh/authorized_keys"
+ key_data = file("${path.module}/azure_public_key")
+ }
+ }
+ }
+
+ storage_image_reference {
+ id = local.custom_image_condition ? azurerm_image.custom-image[0].id : null
+ publisher = local.custom_image_condition ? null : module.common.publisher
+ offer = module.common.vm_os_offer
+ sku = module.common.vm_os_sku
+ version = module.common.vm_os_version
+ }
+
+ storage_os_disk {
+ name = var.mds_name
+ create_option = module.common.storage_os_disk_create_option
+ caching = module.common.storage_os_disk_caching
+ managed_disk_type = module.common.storage_account_type
+ disk_size_gb = module.common.disk_size
+ }
+}
diff --git a/deprecated/terraform/azure/R8040-R81/mds-new-vnet/terraform.tfvars b/deprecated/terraform/azure/R8040-R81/mds-new-vnet/terraform.tfvars
new file mode 100644
index 00000000..7a1045b3
--- /dev/null
+++ b/deprecated/terraform/azure/R8040-R81/mds-new-vnet/terraform.tfvars
@@ -0,0 +1,34 @@
+#PLEASE refer to the README.md for accepted values for the variables below
+client_secret = "PLEASE ENTER CLIENT SECRET" # "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"
+client_id = "PLEASE ENTER CLIENT ID" # "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"
+tenant_id = "PLEASE ENTER TENANT ID" # "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"
+subscription_id = "PLEASE ENTER SUBSCRIPTION ID" # "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"
+source_image_vhd_uri = "PLEASE ENTER SOURCE IMAGE VHD URI OR noCustomUri" # "noCustomUri"
+resource_group_name = "PLEASE ENTER RESOURCE GROUP NAME" # "checkpoint-mds-rg-terraform"
+mds_name = "PLEASE ENTER MDS NAME" # "checkpoint-mds-terraform"
+location = "PLEASE ENTER LOCATION" # "eastus"
+vnet_name = "PLEASE ENTER VIRTUAL NETWORK NAME" # "checkpoint-mds-vnet"
+address_space = "PLEASE ENTER VIRTUAL NETWORK ADDRESS SPACE" # "10.0.0.0/16"
+subnet_prefix = "PLEASE ENTER ADDRESS PREFIX FOR SUBNET" # "10.0.0.0/24"
+management_GUI_client_network = "PLEASE ENTER A MANAGEMENT GUI CLIENT NETWORK" # "0.0.0.0/0"
+mds_enable_api = "PLEASE ENTER FOR WHOM TO ENABLE API ACCESS OR disable" # "disable"
+admin_password = "PLEASE ENTER ADMIN PASSWORD" # "xxxxxxxxxxxx"
+vm_size = "PLEASE ENTER VM SIZE" # "Standard_D3_v2"
+disk_size = "PLEASE ENTER DISK SIZE" # "110"
+vm_os_sku = "PLEASE ENTER VM SKU" # "mgmt-byol"
+vm_os_offer = "PLEASE ENTER VM OFFER" # "check-point-cg-r8110"
+os_version = "PLEASE ENTER GAIA OS VERSION" # "R8110"
+bootstrap_script = "PLEASE ENTER CUSTOM SCRIPT OR LEAVE EMPTY DOUBLE QUOTES" # "touch /home/admin/bootstrap.txt; echo 'hello_world' > /home/admin/bootstrap.txt"
+allow_upload_download = "PLEASE ENTER true or false" # true
+authentication_type = "PLEASE ENTER AUTHENTICATION TYPE" # "Password"
+admin_shell = "PLEASE ENTER ADMIN SHELL" # "/etc/cli.sh"
+sic_key = "PLEASE ENTER SIC KEY" # "xxxxxxxxxxxx"
+installation_type = "PLEASE ENTER INSTALLATION TYPE" # "mds-primary"
+primary = "PLEASE ENTER true or false" # "true"
+secondary = "PLEASE ENTER true or false" # "false"
+logserver = "PLEASE ENTER true or false" # "false"
+serial_console_password_hash = "PLEASE ENTER SERIAL CONSOLE PASSWORD HASH" # "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"
+maintenance_mode_password_hash = "PLEASE ENTER MAINTENANCE MODE PASSWORD HASH" # "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"
+nsg_id = "PLEASE ENTER NETWORK SECURITY GROUP ID" # ""
+add_storage_account_ip_rules = "PLEASE ENTER true or false" # false
+storage_account_additional_ips = "PLEASE ENTER A LIST OF VALID IPS/CIDRS" # []
\ No newline at end of file
diff --git a/deprecated/terraform/azure/R8040-R81/mds-new-vnet/variables.tf b/deprecated/terraform/azure/R8040-R81/mds-new-vnet/variables.tf
new file mode 100644
index 00000000..9ce9d0ba
--- /dev/null
+++ b/deprecated/terraform/azure/R8040-R81/mds-new-vnet/variables.tf
@@ -0,0 +1,278 @@
+//********************** Basic Configuration Variables **************************//
+variable "mds_name" {
+ description = "MDS name"
+ type = string
+}
+
+variable "resource_group_name" {
+ description = "Azure Resource Group name to build into"
+ type = string
+}
+
+variable "location" {
+ description = "The location/region where resource will be created. The full list of Azure regions can be found at https://azure.microsoft.com/regions"
+ type = string
+}
+
+//********************** Virtual Machine Instances Variables **************************//
+variable "source_image_vhd_uri" {
+ type = string
+ description = "The URI of the blob containing the development image. Please use noCustomUri if you want to use marketplace images."
+ default = "noCustomUri"
+}
+
+variable "admin_username" {
+ description = "Administrator username of deployed VM. Due to Azure limitations 'notused' name can be used"
+ default = "notused"
+}
+
+variable "admin_password" {
+ description = "Administrator password of deployed Virtual Machine. The password must meet the complexity requirements of Azure"
+ type = string
+}
+
+variable "serial_console_password_hash" {
+ description = "Optional parameter, used to enable serial console connection in case of SSH key as authentication type"
+ type = string
+}
+
+variable "maintenance_mode_password_hash" {
+ description = "Maintenance mode password hash, relevant only for R81.20 and higher versions"
+ type = string
+}
+
+variable "authentication_type" {
+ description = "Specifies whether a password authentication or SSH Public Key authentication should be used"
+ type = string
+}
+locals { // locals for 'authentication_type' allowed values
+ authentication_type_allowed_values = [
+ "Password",
+ "SSH Public Key"
+ ]
+ // will fail if [var.authentication_type] is invalid:
+ validate_authentication_type_value = index(local.authentication_type_allowed_values, var.authentication_type)
+}
+variable "template_name" {
+ description = "Template name. Should be defined according to deployment type(mds, ha, vmss)"
+ type = string
+ default = "mds_terraform"
+}
+
+variable "template_version" {
+ description = "Template version. It is recommended to always use the latest template version"
+ type = string
+ default = "20230910"
+}
+
+variable "installation_type" {
+ description = "Installaiton type"
+ type = string
+ default = "mds-primary"
+}
+
+variable "primary" {
+ type = string
+}
+
+variable "secondary" {
+ type = string
+}
+
+variable "logserver" {
+ type = string
+}
+
+locals { //locals for 'installation_type'
+ isntallation_type_allowed_values = [
+ "mds-primary",
+ "mds-secondary",
+ "mds-logserver"
+ ]
+}
+
+variable "vm_size" {
+ description = "Specifies size of Virtual Machine"
+ type = string
+}
+
+variable "disk_size" {
+ description = "Storage data disk size size(GB). Select a number between 100 and 3995"
+ type = string
+}
+
+variable "os_version" {
+ description = "GAIA OS version"
+ type = string
+}
+
+locals { // locals for 'vm_os_offer' allowed values
+ os_version_allowed_values = [
+ "R8040",
+ "R81",
+ "R8110",
+ "R8120"
+ ]
+ // will fail if [var.os_version] is invalid:
+ validate_os_version_value = index(local.os_version_allowed_values, var.os_version)
+}
+
+variable "vm_os_sku" {
+ description = "The sku of the image to be deployed."
+ type = string
+}
+
+variable "vm_os_offer" {
+ description = "The name of the image offer to be deployed.Choose from: check-point-cg-r8040, check-point-cg-r81, check-point-cg-r8110, check-point-cg-r8120"
+ type = string
+}
+
+locals { // locals for 'vm_os_offer' allowed values
+ vm_os_offer_allowed_values = [
+ "check-point-cg-r8040",
+ "check-point-cg-r81",
+ "check-point-cg-r8110",
+ "check-point-cg-r8120"
+ ]
+ // will fail if [var.vm_os_offer] is invalid:
+ validate_os_offer_value = index(local.vm_os_offer_allowed_values, var.vm_os_offer)
+}
+
+variable "allow_upload_download" {
+ description = "Automatically download Blade Contracts and other important data. Improve product experience by sending data to Check Point"
+ type = bool
+}
+
+variable "admin_shell" {
+ description = "The admin shell to configure on machine or the first time"
+ type = string
+ default = "/etc/cli.sh"
+}
+
+locals {
+ admin_shell_allowed_values = [
+ "/etc/cli.sh",
+ "/bin/bash",
+ "/bin/csh",
+ "/bin/tcsh"
+ ]
+ // Will fail if [var.admin_shell] is invalid
+ validate_admin_shell_value = index(local.admin_shell_allowed_values, var.admin_shell)
+}
+
+//********************** Networking Variables **************************//
+variable "vnet_name" {
+ description = "Virtual Network name"
+ type = string
+}
+
+variable "address_space" {
+ description = "The address space that is used by a Virtual Network."
+ type = string
+ default = "10.0.0.0/16"
+}
+
+variable "subnet_prefix" {
+ description = "Address prefix to be used for network subnet"
+ type = string
+ default = "10.0.0.0/24"
+}
+
+variable "vnet_allocation_method" {
+ description = "IP address allocation method"
+ type = string
+ default = "Static"
+}
+
+variable "management_GUI_client_network" {
+ description = "Allowed GUI clients - GUI clients network CIDR"
+ type = string
+ validation {
+ condition = can(regex("(^0\\.0\\.0\\.0\\/0$)|(^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\\/32)?$)", var.management_GUI_client_network)) && var.management_GUI_client_network != "0.0.0.0/32"
+ error_message = "Variable [management_GUI_client_network] must be a valid IPv4 network CIDR (only 0.0.0.0/0, X.X.X.X/32 or X.X.X.X are acceptable)."
+ }
+}
+
+variable "mds_enable_api" {
+ description = "Enable api access to the management. allowed values: all, management_only, gui_clients, disable"
+ type = string
+ default = "disable"
+}
+
+locals {
+ mds_enable_api_allowed_values = [
+ "disable",
+ "all",
+ "management_only",
+ "gui_clients"
+ ]
+ // will fail if [var.mds_enable_api] is invalid:
+ validate_mds_enable_api_value = index(local.mds_enable_api_allowed_values, var.mds_enable_api)
+
+ regex_valid_network_cidr = "^((25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\\.){3}(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)(/(3[0-2]|2[0-9]|1[0-9]|[0-9]))|$"
+ // Will fail if var.address_space is invalid
+ regex_address_space = regex(local.regex_valid_network_cidr, var.address_space) == var.address_space ? 0 : "Variable [address_space] must be a valid address in CIDR notation."
+ // Will fail if var.subnet_prefix is invalid
+ regex_subnet_prefix = regex(local.regex_valid_network_cidr, var.subnet_prefix) == var.subnet_prefix ? 0 : "Variable [subnet_prefix] must be a valid address in CIDR notation."
+}
+
+variable "bootstrap_script" {
+ description = "An optional script to run on the initial boot"
+ default = ""
+ type = string
+ #example:
+ #"touch /home/admin/bootstrap.txt; echo 'hello_world' > /home/admin/bootstrap.txt"
+}
+
+variable "nsg_id" {
+ description = "NSG ID - Optional - if empty use default NSG"
+ default = ""
+}
+
+variable "add_storage_account_ip_rules" {
+ type = bool
+ default = false
+ description = "Add Storage Account IP rules that allow access to the Serial Console only for IPs based on their geographic location"
+}
+
+variable "storage_account_additional_ips" {
+ type = list(string)
+ description = "IPs/CIDRs that are allowed access to the Storage Account"
+ default = []
+}
+
+//********************** Credentials **************************//
+variable "tenant_id" {
+ description = "Tenant ID"
+ type = string
+}
+
+variable "subscription_id" {
+ description = "Subscription ID"
+ type = string
+}
+
+variable "client_id" {
+ description = "Application ID(Client ID)"
+ type = string
+}
+
+variable "client_secret" {
+ description = "A secret string that the application uses to prove its identity when requesting a token. Also can be referred to as application password."
+ type = string
+}
+
+variable "sic_key" {
+ description = "sic key"
+ type = string
+}
+
+resource "null_resource" "sic_key_invalid" {
+ count = length(var.sic_key) >= 12 ? 0 : "SIC key must be at least 12 characters long"
+}
+
+variable "sku" {
+ description = "SKU"
+ type = string
+ default = "Standard"
+}
\ No newline at end of file
diff --git a/deprecated/terraform/azure/R8040-R81/mds-new-vnet/versions.tf b/deprecated/terraform/azure/R8040-R81/mds-new-vnet/versions.tf
new file mode 100644
index 00000000..de940e72
--- /dev/null
+++ b/deprecated/terraform/azure/R8040-R81/mds-new-vnet/versions.tf
@@ -0,0 +1,12 @@
+terraform {
+ required_version = ">= 0.14.3"
+ required_providers {
+ azurerm = {
+ source = "hashicorp/azurerm"
+ version = "~> 3.81.0"
+ }
+ random = {
+ version = "~> 3.5.1"
+ }
+ }
+}
diff --git a/deprecated/terraform/azure/R8040-R81/modules/add-routing-intent.py b/deprecated/terraform/azure/R8040-R81/modules/add-routing-intent.py
new file mode 100644
index 00000000..87437061
--- /dev/null
+++ b/deprecated/terraform/azure/R8040-R81/modules/add-routing-intent.py
@@ -0,0 +1,29 @@
+import json
+import requests
+import sys
+
+
+def perform_put_request(url, data, headers=None):
+ """
+ This function perform the PUT request to Azure in order to edit the vWAN Hub Routing-Intent
+ """
+ result = {"status": "success", "message": ""}
+ try:
+ response = requests.put(url, json=data, headers=headers)
+ result["message"] = response.text
+ except Exception as e:
+ result["status"] = "error"
+ result["message"] = f"An error occurred: {str(e)}"
+ return result
+
+
+if __name__ == "__main__":
+ """
+ This script receives url, body, and authorization token as arguments and set vWAN Hub Routing-Intent
+ """
+ api_url = sys.argv[1]
+ api_data = eval(sys.argv[2])
+ auth_token = sys.argv[3]
+ api_headers = {"Authorization": f'Bearer {auth_token}'}
+ result = perform_put_request(api_url, api_data, api_headers)
+ print(json.dumps(result))
diff --git a/deprecated/terraform/azure/R8040-R81/modules/common/main.tf b/deprecated/terraform/azure/R8040-R81/modules/common/main.tf
new file mode 100644
index 00000000..08bc5f97
--- /dev/null
+++ b/deprecated/terraform/azure/R8040-R81/modules/common/main.tf
@@ -0,0 +1,5 @@
+resource "azurerm_resource_group" "resource_group" {
+ name = var.resource_group_name
+ location = var.location
+}
+
diff --git a/deprecated/terraform/azure/R8040-R81/modules/common/outputs.tf b/deprecated/terraform/azure/R8040-R81/modules/common/outputs.tf
new file mode 100644
index 00000000..1d4ad2b0
--- /dev/null
+++ b/deprecated/terraform/azure/R8040-R81/modules/common/outputs.tf
@@ -0,0 +1,130 @@
+output "resource_group_name" {
+ value = azurerm_resource_group.resource_group.name
+}
+
+output "resource_group_id" {
+ value = azurerm_resource_group.resource_group.id
+}
+
+output "resource_group_location" {
+ value = azurerm_resource_group.resource_group.location
+}
+
+output "azurerm_resource_group_id" {
+ value = azurerm_resource_group.resource_group.id
+}
+
+output "admin_username" {
+ value = var.admin_username
+}
+
+output "admin_password"{
+ value = var.admin_password
+}
+
+output "vm_instance_identity" {
+ value = var.vm_instance_identity_type
+}
+
+output "template_name"{
+ value = var.template_name
+}
+
+output "template_version" {
+ value = var.template_version
+}
+
+output "bootstrap_script"{
+ value = var.bootstrap_script
+}
+
+output "os_version" {
+ value = var.os_version
+}
+
+output "installation_type" {
+ value = var.installation_type
+}
+
+output "number_of_vm_instances" {
+ value = var.number_of_vm_instances
+}
+
+output "allow_upload_download" {
+ value = var.allow_upload_download
+}
+
+output "is_blink" {
+ value = var.is_blink
+}
+
+output "vm_size" {
+ value = var.vm_size
+}
+
+output "delete_os_disk_on_termination" {
+ value = var.delete_os_disk_on_termination
+}
+
+output "vm_os_offer" {
+ value = var.vm_os_offer
+}
+
+output "vm_os_sku" {
+ value = var.vm_os_sku
+}
+
+output "vm_os_version" {
+ value = var.vm_os_version
+}
+
+output "storage_account_type" {
+ value = var.storage_account_type
+}
+
+output "storage_account_tier" {
+ value = var.storage_account_tier
+}
+
+output "account_replication_type" {
+ value = var.account_replication_type
+}
+
+output "disk_size" {
+ value = var.disk_size
+}
+
+output "publisher" {
+ value = var.publisher
+}
+
+output "storage_os_disk_create_option" {
+ value = var.storage_os_disk_create_option
+}
+
+output "storage_os_disk_caching" {
+ value = var.storage_os_disk_caching
+}
+
+output "managed_disk_type" {
+ value = var.managed_disk_type
+}
+
+output "authentication_type" {
+ value = var.authentication_type
+}
+
+output "tags" {
+ value = var.tags
+}
+
+output "boot_diagnostics" {
+ value = var.boot_diagnostics
+}
+
+output "storage_account_ip_rules" {
+ value = local.storage_account_ip_rules
+}
+output "role_definition" {
+ value = var.role_definition
+}
\ No newline at end of file
diff --git a/deprecated/terraform/azure/R8040-R81/modules/common/variables.tf b/deprecated/terraform/azure/R8040-R81/modules/common/variables.tf
new file mode 100644
index 00000000..e768159b
--- /dev/null
+++ b/deprecated/terraform/azure/R8040-R81/modules/common/variables.tf
@@ -0,0 +1,369 @@
+//************** Basic config variables**************//
+variable "resource_group_name" {
+ description = "Azure Resource Group name to build into"
+ type = string
+}
+
+variable "resource_group_id" {
+ description = "Azure Resource Group ID to use."
+ type = string
+ default = ""
+}
+
+variable "location" {
+ description = "The location/region where resources will be created. The full list of Azure regions can be found at https://azure.microsoft.com/regions"
+ type = string
+}
+//************** Virtual machine instance variables **************
+variable "admin_username" {
+ description = "Administrator username of deployed VM. Due to Azure limitations 'notused' name can be used"
+ type = string
+ default = "notused"
+}
+
+variable "admin_password" {
+ description = "Administrator password of deployed Virtual Machine. The password must meet the complexity requirements of Azure"
+ type = string
+}
+
+variable "serial_console_password_hash" {
+ description = "Optional parameter, used to enable serial console connection in case of SSH key as authentication type"
+ type = string
+}
+
+variable "maintenance_mode_password_hash" {
+ description = "Maintenance mode password hash, relevant only for R81.20 and higher versions"
+ type = string
+}
+
+variable "tags" {
+ type = map(string)
+ description = "A map of the tags to use on the resources that are deployed with this module."
+ default = {}
+}
+
+variable "boot_diagnostics" {
+ type = bool
+ description = "Enable or Disable boot diagnostics"
+ default = true
+}
+
+variable "storage_account_additional_ips" {
+ type = list(string)
+ description = "IPs/CIDRs that are allowed access to the Storage Account"
+ default = []
+ validation {
+ condition = !contains(var.storage_account_additional_ips, "0.0.0.0") && can([for ip in var.storage_account_additional_ips: regex("^(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)$", ip)])
+ error_message = "Invalid IPv4 address."
+ }
+}
+locals {
+ serial_console_ips_per_location = {
+ "eastasia" : ["20.205.69.28", "20.195.85.180"],
+ "southeastasia" : ["20.205.69.28", "20.195.85.180"],
+ "australiacentral" : ["20.53.53.224", "20.70.222.112"],
+ "australiacentral2" : ["20.53.53.224", "20.70.222.112"],
+ "australiaeast" : ["20.53.53.224", "20.70.222.112"],
+ "australiasoutheast" : ["20.53.53.224", "20.70.222.112"],
+ "brazilsouth" : ["91.234.136.63", "20.206.0.194"],
+ "brazilsoutheast" : ["91.234.136.63", "20.206.0.194"],
+ "canadacentral" : ["52.228.86.177", "52.242.40.90"],
+ "canadaeast" : ["52.228.86.177", "52.242.40.90"],
+ "northeurope" : ["52.146.139.220", "20.105.209.72"],
+ "westeurope" : ["52.146.139.220", "20.105.209.72"],
+ "francecentral" : ["20.111.0.244", "52.136.191.10"],
+ "francesouth" : ["20.111.0.244", "52.136.191.10"],
+ "germanynorth" : ["51.116.75.88", "20.52.95.48"],
+ "germanywestcentral" : ["51.116.75.88", "20.52.95.48"],
+ "centralindia" : ["20.192.168.150", "20.192.153.104"],
+ "southindia" : ["20.192.168.150", "20.192.153.104"],
+ "westindia" : ["20.192.168.150", "20.192.153.104"],
+ "japaneast" : ["20.43.70.205", "20.189.228.222"],
+ "japanwest" : ["20.43.70.205", "20.189.228.222"],
+ "koreacentral" : ["20.200.196.96", "52.147.119.29"],
+ "koreasouth" : ["20.200.196.96", "52.147.119.29"],
+ "norwaywest" : ["20.100.1.184", "51.13.138.76"],
+ "norwayeast" : ["20.100.1.184", "51.13.138.76"],
+ "switzerlandnorth" : ["20.208.4.98", "51.107.251.190"],
+ "switzerlandwest" : ["20.208.4.98", "51.107.251.190"],
+ "uaecentral" : ["20.45.95.66", "20.38.141.5"],
+ "uaenorth" : ["20.45.95.66", "20.38.141.5"],
+ "uksouth" : ["20.90.132.144", "20.58.68.62"],
+ "ukwest" : ["20.90.132.144", "20.58.68.62"],
+ "swedencentral" : ["51.12.72.223", "51.12.22.174"],
+ "swedensouth" : ["51.12.72.223", "51.12.22.174"],
+ "centralus" : ["20.98.146.84", "20.98.194.64", "20.69.5.162", "20.83.222.102"],
+ "eastus2" : ["20.98.146.84", "20.98.194.64", "20.69.5.162", "20.83.222.102"],
+ "eastus" : ["20.98.146.84", "20.98.194.64", "20.69.5.162", "20.83.222.102"],
+ "northcentralus" : ["20.98.146.84", "20.98.194.64", "20.69.5.162", "20.83.222.102"],
+ "southcentralus" : ["20.98.146.84", "20.98.194.64", "20.69.5.162", "20.83.222.102"],
+ "westus2" : ["20.98.146.84", "20.98.194.64", "20.69.5.162", "20.83.222.102"],
+ "westus3" : ["20.98.146.84", "20.98.194.64", "20.69.5.162", "20.83.222.102"],
+ "westcentralus" : ["20.98.146.84", "20.98.194.64", "20.69.5.162", "20.83.222.102"],
+ "westus" : ["20.98.146.84", "20.98.194.64", "20.69.5.162", "20.83.222.102"],
+ "eastus2euap" : ["20.45.242.18", "20.51.21.252"],
+ "centraluseuap" : ["20.45.242.18", "20.51.21.252"]
+ }
+ serial_console_ips = contains(keys(local.serial_console_ips_per_location),var.location) ? local.serial_console_ips_per_location[var.location] : []
+ storage_account_ip_rules = concat(local.serial_console_ips, var.storage_account_additional_ips)
+}
+variable "vm_instance_identity_type" {
+ description = "Managed Service Identity type"
+ type = string
+ default = "SystemAssigned"
+}
+
+variable "template_name"{
+ description = "Template name. Should be defined according to deployment type(ha, vmss)"
+ type = string
+}
+
+variable "template_version"{
+ description = "Template name. Should be defined according to deployment type(e.g. ha, vmss)"
+ type = string
+}
+
+variable "bootstrap_script" {
+ description = "An optional script to run on the initial boot"
+ type = string
+ default = ""
+}
+
+variable "os_version"{
+ description = "GAIA OS version"
+ type = string
+}
+
+locals { // locals for 'os_version' allowed values
+ os_version_allowed_values = [
+ "R8040",
+ "R81",
+ "R8110",
+ "R8120"
+ ]
+ // will fail if [var.installation_type] is invalid:
+ validate_os_version_value = index(local.os_version_allowed_values, var.os_version)
+}
+
+variable "installation_type"{
+ description = "Installation type. Allowed values: cluster, vmss"
+ type = string
+}
+
+locals { // locals for 'installation_type' allowed values
+ installation_type_allowed_values = [
+ "cluster",
+ "vmss",
+ "management",
+ "standalone",
+ "gateway",
+ "mds-primary",
+ "mds-secondary",
+ "mds-logserver"
+ ]
+ // will fail if [var.installation_type] is invalid:
+ validate_installation_type_value = index(local.installation_type_allowed_values, var.installation_type)
+}
+
+variable "number_of_vm_instances"{
+ description = "Number of VM instances to deploy"
+ type = string
+}
+
+variable "allow_upload_download" {
+ description = "Allow upload/download to Check Point"
+ type = bool
+}
+
+variable "is_blink" {
+ description = "Define if blink image is used for deployment"
+}
+
+variable "vm_size" {
+ description = "Specifies size of Virtual Machine"
+ type = string
+}
+
+locals {// locals for 'vm_size' allowed values
+ allowed_vm_sizes = ["Standard_DS2_v2", "Standard_DS3_v2", "Standard_DS4_v2", "Standard_DS5_v2", "Standard_F2s",
+ "Standard_F4s", "Standard_F8s", "Standard_F16s", "Standard_D4s_v3", "Standard_D8s_v3",
+ "Standard_D16s_v3", "Standard_D32s_v3", "Standard_D64s_v3", "Standard_E4s_v3", "Standard_E8s_v3",
+ "Standard_E16s_v3", "Standard_E20s_v3", "Standard_E32s_v3", "Standard_E64s_v3", "Standard_E64is_v3",
+ "Standard_F4s_v2", "Standard_F8s_v2", "Standard_F16s_v2", "Standard_F32s_v2", "Standard_F64s_v2",
+ "Standard_M8ms", "Standard_M16ms", "Standard_M32ms", "Standard_M64ms", "Standard_M64s",
+ "Standard_D2_v2", "Standard_D3_v2", "Standard_D4_v2", "Standard_D5_v2", "Standard_D11_v2",
+ "Standard_D12_v2", "Standard_D13_v2", "Standard_D14_v2", "Standard_D15_v2", "Standard_F2",
+ "Standard_F4", "Standard_F8", "Standard_F16", "Standard_D4_v3", "Standard_D8_v3", "Standard_D16_v3",
+ "Standard_D32_v3", "Standard_D64_v3", "Standard_E4_v3", "Standard_E8_v3", "Standard_E16_v3",
+ "Standard_E20_v3", "Standard_E32_v3", "Standard_E64_v3", "Standard_E64i_v3", "Standard_DS11_v2",
+ "Standard_DS12_v2", "Standard_DS13_v2", "Standard_DS14_v2", "Standard_DS15_v2", "Standard_D2_v5", "Standard_D4_v5",
+ "Standard_D8_v5", "Standard_D16_v5","Standard_D32_v5", "Standard_D2s_v5", "Standard_D4s_v5", "Standard_D8s_v5",
+ "Standard_D16s_v5", "Standard_D2d_v5", "Standard_D4d_v5", "Standard_D8d_v5", "Standard_D16d_v5", "Standard_D32d_v5",
+ "Standard_D2ds_v5", "Standard_D4ds_v5", "Standard_D8ds_v5", "Standard_D16ds_v5", "Standard_D32ds_v5"
+ ]
+ // will fail if [var.vm_size] is invalid:
+ validate_vm_size_value = index(local.allowed_vm_sizes, var.vm_size)
+}
+variable "delete_os_disk_on_termination" {
+ type = bool
+ description = "Delete datadisk when VM is terminated"
+ default = true
+}
+
+variable "publisher" {
+ description = "CheckPoint publisher"
+ default = "checkpoint"
+}
+
+//************** Storage image reference and plan variables ****************//
+variable "vm_os_offer" {
+ description = "The name of the image offer to be deployed.Choose from: check-point-cg-r8040, check-point-cg-r81, check-point-cg-r8110, check-point-cg-r8120"
+ type = string
+}
+
+locals { // locals for 'vm_os_offer' allowed values
+ vm_os_offer_allowed_values = [
+ "check-point-cg-r8040",
+ "check-point-cg-r81",
+ "check-point-cg-r8110",
+ "check-point-cg-r8120"
+ ]
+ // will fail if [var.vm_os_offer] is invalid:
+ validate_os_offer_value = index(local.vm_os_offer_allowed_values, var.vm_os_offer)
+ validate_os_version_match = regex(split("-", var.vm_os_offer)[3], lower(var.os_version))
+}
+
+variable "vm_os_sku" {
+ /*
+ Choose from:
+ - "sg-byol"
+ - "sg-ngtp" (for R80.40 and above)
+ - "sg-ngtx" (for R80.40 and above)
+ - "mgmt-byol"
+ - "mgmt-25"
+ */
+ description = "The sku of the image to be deployed"
+ type = string
+}
+
+locals { // locals for 'vm_os_sku' allowed values
+ vm_os_sku_allowed_values = [
+ "sg-byol",
+ "sg-ngtp",
+ "sg-ngtx",
+ "mgmt-byol",
+ "mgmt-25"
+ ]
+ // will fail if [var.vm_os_sku] is invalid:
+ validate_vm_os_sku_value = index(local.vm_os_sku_allowed_values, var.vm_os_sku)
+}
+
+variable "vm_os_version" {
+ description = "The version of the image that you want to deploy. "
+ type = string
+ default = "latest"
+}
+
+variable "storage_account_type" {
+ description = "Defines the type of storage account to be created. Valid options is Standard_LRS, Premium_LRS"
+ type = string
+ default = "Standard_LRS"
+}
+
+locals { // locals for 'storage_account_type' allowed values
+ storage_account_type_allowed_values = [
+ "Standard_LRS",
+ "Premium_LRS"
+ ]
+ // will fail if [var.storage_account_type] is invalid:
+ validate_storage_account_type_value = index(local.storage_account_type_allowed_values, var.storage_account_type)
+}
+
+variable "storage_account_tier" {
+ description = "Defines the Tier to use for this storage account.Valid options are Standard and Premium"
+ default = "Standard"
+}
+
+locals { // locals for 'storage_account_tier' allowed values
+ storage_account_tier_allowed_values = [
+ "Standard",
+ "Premium"
+ ]
+ // will fail if [var.storage_account_tier] is invalid:
+ validate_storage_account_tier_value = index(local.storage_account_tier_allowed_values, var.storage_account_tier)
+}
+
+variable "account_replication_type" {
+ description = "Defines the type of replication to use for this storage account.Valid options are LRS, GRS, RAGRS and ZRS"
+ type = string
+ default = "LRS"
+}
+
+locals { // locals for 'account_replication_type' allowed values
+ account_replication_type_allowed_values = [
+ "LRS",
+ "GRS",
+ "RAGRS",
+ "ZRS"
+ ]
+ // will fail if [var.account_replication_type] is invalid:
+ validate_account_replication_type_value = index(local.account_replication_type_allowed_values, var.account_replication_type)
+}
+
+variable "disk_size" {
+ description = "Storage data disk size size(GB). Select a number between 100 and 3995"
+ type = string
+}
+
+resource "null_resource" "disk_size_validation" {
+ // Will fail if var.disk_size is less than 100 or more than 3995
+ count = tonumber(var.disk_size) >= 100 && tonumber(var.disk_size) <= 3995 ? 0 : "variable disk_size must be a number between 100 and 3995"
+}
+
+//************** Storage OS disk variables **************//
+variable "storage_os_disk_create_option" {
+ description = "The method to use when creating the managed disk"
+ type = string
+ default = "FromImage"
+}
+
+variable "storage_os_disk_caching" {
+ description = "Specifies the caching requirements for the OS Disk"
+ default = "ReadWrite"
+}
+
+variable "managed_disk_type" {
+ description = "Specifies the type of managed disk to create. Possible values are either Standard_LRS, StandardSSD_LRS, Premium_LRS"
+ type = string
+ default = "Standard_LRS"
+}
+
+locals { // locals for 'managed_disk_type' allowed values
+ managed_disk_type_allowed_values = [
+ "Standard_LRS",
+ "Premium_LRS"
+ ]
+ // will fail if [var.managed_disk_type] is invalid:
+ validate_managed_disk_type_value = index(local.managed_disk_type_allowed_values, var.managed_disk_type)
+}
+
+variable "authentication_type" {
+ description = "Specifies whether a password authentication or SSH Public Key authentication should be used"
+ type = string
+}
+locals { // locals for 'authentication_type' allowed values
+ authentication_type_allowed_values = [
+ "Password",
+ "SSH Public Key"
+ ]
+ // will fail if [var.authentication_type] is invalid:
+ validate_authentication_type_value = index(local.authentication_type_allowed_values, var.authentication_type)
+}
+
+
+//********************** Role Assignments variables**************************//
+variable "role_definition" {
+ description = "Role definition. The full list of Azure Built-in role descriptions can be found at https://docs.microsoft.com/bs-latn-ba/azure/role-based-access-control/built-in-roles"
+ type = string
+ default = "Contributor"
+}
\ No newline at end of file
diff --git a/deprecated/terraform/azure/R8040-R81/modules/common/versions.tf b/deprecated/terraform/azure/R8040-R81/modules/common/versions.tf
new file mode 100644
index 00000000..0ec4dcca
--- /dev/null
+++ b/deprecated/terraform/azure/R8040-R81/modules/common/versions.tf
@@ -0,0 +1,3 @@
+terraform {
+ required_version = ">= 0.14.3"
+}
\ No newline at end of file
diff --git a/deprecated/terraform/azure/R8040-R81/modules/network-security-group/main.tf b/deprecated/terraform/azure/R8040-R81/modules/network-security-group/main.tf
new file mode 100644
index 00000000..1beeaf14
--- /dev/null
+++ b/deprecated/terraform/azure/R8040-R81/modules/network-security-group/main.tf
@@ -0,0 +1,23 @@
+resource "azurerm_network_security_group" "nsg" {
+ name = var.security_group_name
+ location = var.location
+ resource_group_name = var.resource_group_name
+ tags = var.tags
+ }
+
+//************ Security Rule Example **************//
+resource "azurerm_network_security_rule" "security_rule" {
+ count = length(var.security_rules)
+ name = lookup(var.security_rules[count.index], "name")
+ priority = lookup(var.security_rules[count.index], "priority", 4096 - length(var.security_rules) + count.index)
+ direction = lookup(var.security_rules[count.index], "direction")
+ access = lookup(var.security_rules[count.index], "access")
+ protocol = lookup(var.security_rules[count.index], "protocol")
+ source_port_range = lookup(var.security_rules[count.index], "source_port_ranges")
+ destination_port_range = lookup(var.security_rules[count.index], "destination_port_ranges")
+ description = lookup(var.security_rules[count.index], "description")
+ source_address_prefix = lookup(var.security_rules[count.index], "source_address_prefix")
+ destination_address_prefix = lookup(var.security_rules[count.index], "destination_address_prefix")
+ resource_group_name = var.resource_group_name
+ network_security_group_name = azurerm_network_security_group.nsg.name
+}
diff --git a/deprecated/terraform/azure/R8040-R81/modules/network-security-group/output.tf b/deprecated/terraform/azure/R8040-R81/modules/network-security-group/output.tf
new file mode 100644
index 00000000..c1aa127d
--- /dev/null
+++ b/deprecated/terraform/azure/R8040-R81/modules/network-security-group/output.tf
@@ -0,0 +1,7 @@
+output "network_security_group_id" {
+ value = azurerm_network_security_group.nsg.id
+}
+
+output "network_security_group_name" {
+ value = azurerm_network_security_group.nsg.name
+}
\ No newline at end of file
diff --git a/deprecated/terraform/azure/R8040-R81/modules/network-security-group/variables.tf b/deprecated/terraform/azure/R8040-R81/modules/network-security-group/variables.tf
new file mode 100644
index 00000000..363489e3
--- /dev/null
+++ b/deprecated/terraform/azure/R8040-R81/modules/network-security-group/variables.tf
@@ -0,0 +1,43 @@
+variable "resource_group_name" {
+ description = "Azure Resource Group name to build into"
+ type = string
+}
+
+variable "location" {
+ type = string
+ description = "The location/region where Network Security Group will be created. The full list of Azure regions can be found at https://azure.microsoft.com/regions"
+}
+
+variable "security_group_name" {
+ description = "Network Security Group name"
+ default = "nsg"
+}
+
+variable "tags" {
+ description = "The tags to associate with Network Security Group"
+ type = map(string)
+ default = {}
+}
+
+# Security Rules definition
+
+variable "security_rules" {
+ description = "Security rules for the Network Security Group using this format name = [priority, direction, access, protocol, source_port_range, destination_port_range, source_address_prefix, destination_address_prefix, description]"
+ type = list(any)
+ default = []
+}
+
+variable "source_address_prefix" {
+ description = "Source address prefix to be applied to all rules"
+ type = list(string)
+ default = ["*"]
+ # Example ["10.0.3.0/24"] or ["VirtualNetwork"]
+}
+
+variable "destination_address_prefix" {
+ description = "Destination address prefix to be applied to all rules"
+ type = list(string)
+ default = ["*"]
+ # Example ["10.0.3.0/32","10.0.3.128/32"] or ["VirtualNetwork"]
+}
+
diff --git a/deprecated/terraform/azure/R8040-R81/modules/network-security-group/versions.tf b/deprecated/terraform/azure/R8040-R81/modules/network-security-group/versions.tf
new file mode 100644
index 00000000..0ec4dcca
--- /dev/null
+++ b/deprecated/terraform/azure/R8040-R81/modules/network-security-group/versions.tf
@@ -0,0 +1,3 @@
+terraform {
+ required_version = ">= 0.14.3"
+}
\ No newline at end of file
diff --git a/deprecated/terraform/azure/R8040-R81/modules/vnet/main.tf b/deprecated/terraform/azure/R8040-R81/modules/vnet/main.tf
new file mode 100644
index 00000000..2c67fc4f
--- /dev/null
+++ b/deprecated/terraform/azure/R8040-R81/modules/vnet/main.tf
@@ -0,0 +1,80 @@
+resource "azurerm_virtual_network" "vnet" {
+ name = var.vnet_name
+ location = var.location
+ address_space = [var.address_space]
+ resource_group_name = var.resource_group_name
+ dns_servers = var.dns_servers
+ tags = var.tags
+}
+
+resource "azurerm_subnet" "subnet" {
+ depends_on = [azurerm_virtual_network.vnet]
+ count = length(var.subnet_names)
+ name = var.subnet_names[count.index]
+ virtual_network_name = azurerm_virtual_network.vnet.name
+ resource_group_name = var.resource_group_name
+ address_prefixes = [var.subnet_prefixes[count.index]]
+}
+
+resource "azurerm_subnet_network_security_group_association" "security_group_frontend_association" {
+ depends_on = [azurerm_virtual_network.vnet, azurerm_subnet.subnet[0]]
+ subnet_id = azurerm_subnet.subnet[0].id
+ network_security_group_id = var.nsg_id
+}
+resource "azurerm_subnet_network_security_group_association" "security_group_backend_association" {
+ count = length(var.subnet_names) >= 2 ? 1 : 0
+ depends_on = [azurerm_virtual_network.vnet, azurerm_subnet.subnet[1]]
+ subnet_id = azurerm_subnet.subnet[1].id
+ network_security_group_id = var.nsg_id
+}
+
+locals { // locals for 'next_hop_type' allowed values
+ next_hop_type_allowed_values = [
+ "VirtualNetworkGateway",
+ "VnetLocal",
+ "Internet",
+ "VirtualAppliance",
+ "None"
+ ]
+}
+
+resource "azurerm_route_table" "frontend" {
+ name = azurerm_subnet.subnet[0].name
+ location = var.location
+ resource_group_name = var.resource_group_name
+
+ route {
+ name = "Local-Subnet"
+ address_prefix = azurerm_subnet.subnet[0].address_prefixes[0]
+ next_hop_type = local.next_hop_type_allowed_values[1]
+ }
+ route {
+ name = "To-Internal"
+ address_prefix = var.address_space
+ next_hop_type = local.next_hop_type_allowed_values[4]
+ }
+}
+
+resource "azurerm_subnet_route_table_association" "frontend_association" {
+ subnet_id = azurerm_subnet.subnet[0].id
+ route_table_id = azurerm_route_table.frontend.id
+}
+
+resource "azurerm_route_table" "backend" {
+ count = length(var.subnet_names) >= 2 ? 1 : 0
+ name = azurerm_subnet.subnet[1].name
+ location = var.location
+ resource_group_name = var.resource_group_name
+
+ route {
+ name = "To-Internet"
+ address_prefix = "0.0.0.0/0"
+ next_hop_type = local.next_hop_type_allowed_values[4]
+ }
+}
+
+resource "azurerm_subnet_route_table_association" "backend_association" {
+ count = length(var.subnet_names) >= 2 ? 1 : 0
+ subnet_id = azurerm_subnet.subnet[1].id
+ route_table_id = azurerm_route_table.backend[count.index].id
+}
diff --git a/deprecated/terraform/azure/R8040-R81/modules/vnet/outputs.tf b/deprecated/terraform/azure/R8040-R81/modules/vnet/outputs.tf
new file mode 100644
index 00000000..9dc8e206
--- /dev/null
+++ b/deprecated/terraform/azure/R8040-R81/modules/vnet/outputs.tf
@@ -0,0 +1,27 @@
+output "vnet_id" {
+ value = azurerm_virtual_network.vnet.id
+}
+
+output "vnet_name" {
+ value = azurerm_virtual_network.vnet.name
+}
+
+output "vnet_location" {
+ value = azurerm_virtual_network.vnet.location
+}
+
+output "vnet_address_space" {
+ value = azurerm_virtual_network.vnet.address_space
+}
+
+output "vnet_subnets" {
+ value = azurerm_subnet.subnet.*.id
+}
+
+output "subnet_prefixes" {
+ value = var.subnet_prefixes
+}
+
+output "allocation_method" {
+ value = var.allocation_method
+}
\ No newline at end of file
diff --git a/deprecated/terraform/azure/R8040-R81/modules/vnet/variables.tf b/deprecated/terraform/azure/R8040-R81/modules/vnet/variables.tf
new file mode 100644
index 00000000..1f64d28e
--- /dev/null
+++ b/deprecated/terraform/azure/R8040-R81/modules/vnet/variables.tf
@@ -0,0 +1,63 @@
+variable "vnet_name" {
+ description = "Name of Virtual Network"
+ type = string
+ default = "vnet01"
+}
+
+variable "resource_group_name" {
+ description = "Azure Resource Group name to build into"
+ type = string
+}
+
+variable "location" {
+ description = "The location/region where the core network will be created. The full list of Azure regions can be found at https://azure.microsoft.com/regions"
+ type = string
+}
+
+variable "address_space" {
+ description = "The address prefixes of the virtual network"
+ type = string
+ default = "10.0.0.0/16"
+}
+
+variable "dns_servers" {
+ description = " DNS servers to be used with a Virtual Network. If no values specified, this defaults to Azure DNS"
+ type = list(string)
+ default = []
+}
+
+variable "subnet_prefixes" {
+ description = "The address prefixes to be used for subnets"
+ type = list(string)
+ default = ["10.0.0.0/24","10.0.1.0/24"]
+}
+
+variable "subnet_names" {
+ description = "A list of subnet names in a Virtual Network"
+ type = list(string)
+ default = ["Frontend","Backend"]
+}
+
+variable "tags" {
+ description = "Tags to be associated with Virtual Network and subnets"
+ type = map(string)
+ default = {}
+}
+variable "nsg_id" {
+ description = "Network security group to be associated with a Virtual Network and subnets"
+ type = string
+}
+
+variable "allocation_method" {
+ description = "IP address allocation method"
+ type = string
+ default = "Static"
+}
+
+locals { // locals for 'allocation_method' allowed values
+ allocation_method_allowed_values = [
+ "Static"
+ ]
+ // will fail if [var.allocation_method] is invalid:
+ validate_method_allowed_value = index(local.allocation_method_allowed_values, var.allocation_method)
+}
\ No newline at end of file
diff --git a/deprecated/terraform/azure/R8040-R81/modules/vnet/versions.tf b/deprecated/terraform/azure/R8040-R81/modules/vnet/versions.tf
new file mode 100644
index 00000000..0ec4dcca
--- /dev/null
+++ b/deprecated/terraform/azure/R8040-R81/modules/vnet/versions.tf
@@ -0,0 +1,3 @@
+terraform {
+ required_version = ">= 0.14.3"
+}
\ No newline at end of file
diff --git a/deprecated/terraform/azure/R8040-R81/nva-into-existing-hub/README.md b/deprecated/terraform/azure/R8040-R81/nva-into-existing-hub/README.md
new file mode 100644
index 00000000..a2765298
--- /dev/null
+++ b/deprecated/terraform/azure/R8040-R81/nva-into-existing-hub/README.md
@@ -0,0 +1,172 @@
+# Check Point CloudGuard Network Security Virtual WAN Terraform deployment for Azure
+
+This Terraform module deploys Check Point CloudGuard Network Security Virtual WAN NVA solution into an existing vWAN Hub in Azure.
+As part of the deployment the following resources are created:
+- Resource groups
+- Azure Managed Application:
+ - NVA
+ - Managed identity
+
+For additional information,
+please see the [CloudGuard Network for Azure Virtual WAN Deployment Guide](https://sc1.checkpoint.com/documents/IaaS/WebAdminGuides/EN/CP_CloudGuard_Network_for_Azure_vWAN/Default.htm)
+
+## Configurations
+- Install and configure Terraform to provision Azure resources: [Configure Terraform for Azure](https://docs.microsoft.com/en-us/azure/virtual-machines/linux/terraform-install-configure).
+- In order to configure hub routing-intent policies it is **required** to have Python and 'requests' library installed.
+
+## Usage
+- Choose the preferred login method to Azure in order to deploy the solution:
+
1. Using Service Principal:
+ - Create a [Service Principal](https://docs.microsoft.com/en-us/azure/active-directory/develop/howto-create-service-principal-portal) (or use the existing one)
+ - Grant the Service Principal at least "**Contributor**" permissions to the Azure subscription
+ - The Service Principal credentials can be stored either in the terraform.tfvars or as [Environment Variables](https://www.terraform.io/docs/providers/azuread/guides/service_principal_client_secret.html)
+
+ In case the Environment Variables are used, perform modifications described below:
+
+ a. The next lines in the versions.tf file, in the provider azurerm resource, need to be deleted or commented:
+
+ provider "azurerm" {
+
+ // subscription_id = var.subscription_id
+ // client_id = var.client_id
+ // client_secret = var.client_secret
+ // tenant_id = var.tenant_id
+
+ features {}
+ }
+
+ b. In the terraform.tfvars file leave empty double quotes for client_secret, client_id , tenant_id and subscription_id variables:
+
+ client_secret = ""
+ client_id = ""
+ tenant_id = ""
+ subscription_id = ""
+
+
2. Using **az** commands from a command-line:
+ - Run **az login** command
+ - Sign in with your account credentials in the browser
+ - In the terraform.tfvars file leave empty double quotes for client_secret, client_id and tenant_id variables.
+
+- Fill all variables in the /terraform/azure/nva-into-existing-hub/terraform.tfvars file with proper values (see below for variables descriptions).
+- From a command line initialize the Terraform configuration directory:
+
+ terraform init
+- Create an execution plan:
+
+ terraform plan
+- Create or modify the deployment:
+
+ terraform apply
+
+### terraform.tfvars variables:
+ | Name | Description | Type | Allowed values | Default |
+ |-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|--------|-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| ------------- | ------------- |
+ | **authentication_method** | The authentication method used to deploy the solution | string | "Service Principal";
"Azure CLI"; | n/a
+ | |
+ | **client_secret** | The client secret value of the Service Principal used to deploy the solution | string | | n/a
+ | | | | | |
+ | **client_id** | The client ID of the Service Principal used to deploy the solution | string | | n/a
+ | | | | | |
+ | **tenant_id** | The tenant ID of the Service Principal used to deploy the solution | string | | n/a
+ | | | | | |
+ | **subscription_id** | The subscription ID is used to pay for Azure cloud services | string | | n/a
+ | | | | | |
+ | **resource-group-name** | The name of the resource group that will contain the managed application | string | Resource group names only allow alphanumeric characters, periods, underscores, hyphens and parenthesis and cannot end in a period| "tf-managed-app-resource-group" |
+ | | | | | |
+ | **location** | The region where the resources will be deployed at | string | The full list of supported Azure regions can be found at https://learn.microsoft.com/en-us/azure/virtual-wan/virtual-wan-locations-partners#locations | "westcentralus" |
+ | | | | | |
+ | **vwan-hub-name** | The name of the virtual WAN hub that will be created | string | The name must begin with a letter or number, end with a letter, number or underscore, and may contain only letters, numbers, underscores, periods, or hyphens | n/a |
+ | | | | | |
+ | **vwan-hub-resource-group** | The virtual WAN hub resource group name | string | | n/a |
+ | | | | | |
+ | **managed-app-name** | The name of the managed application that will be created | string | The name must begin with a letter or number, end with a letter, number or underscore, and may contain only letters, numbers, underscores, periods, or hyphens | "tf-vwan-managed-app-nva" |
+ | | | | | |
+ | **nva-name** | The name of the NVA that will be created | string | The name must begin with a letter or number, end with a letter, number or underscore, and may contain only letters, numbers, underscores, periods, or hyphens | "tf-vwan-nva" |
+ | | | | | |
+ | **nva-rg-name** | The name of the resource group that will contain the NVA | string | Resource group names only allow alphanumeric characters, periods, underscores, hyphens and parenthesis and cannot end in a period | "tf-vwan-nva-rg"|
+ | | | | | |
+ | **os-version** | The GAIA os version | string | "R8110"
"R8120" | "R8120" |
+ | | | | | |
+ | **license-type** | The Check Point licence type | string | "Security Enforcement (NGTP)"
"Full Package (NGTX + S1C)"
"Full Package Premium (NGTX + S1C++)" | "Security Enforcement (NGTP)" |
+ | | | | | | | | | |
+ | **scale-unit** | The scale unit determines the size and number of resources deployed. The higher the scale unit, the greater the amount of traffic that can be handled. | string | "2"
"4"
"10"
"20"
"30"
"60"
"80"
| "2" |
+ | | | | | |
+ | **bootstrap_script** | An optional script to run on the initial boot | string | Bootstrap script example:
"touch /home/admin/bootstrap.txt; echo 'hello_world' > /home/admin/bootstrap.txt"
The script will create bootstrap.txt file in the /home/admin/ and add 'hello word' string into it | ""
+ | | | | | | | | | |
+ | **admin_shell** | Enables to select different admin shells | string | /etc/cli.sh;
/bin/bash;
/bin/csh;
/bin/tcsh; | "/etc/cli.sh" |
+ | | | | | |
+ | **sic-key** | The Secure Internal Communication one time secret used to set up trust between the gateway object and the management server | string | Only alphanumeric characters are allowed, and the value must be 12-30 characters long | n/a |
+ | | | | | |
+ | **ssh-public-key** | The public ssh key used for ssh connection to the NVA GW instances | string | ssh-rsa xxxxxxxxxxxxxxxxxxxxxxxx generated-by-azure; | n/a | | string | gateway;
standalone; |
+ | | | | | |
+ | **bgp-asn** | The BGP autonomous system number | string | 64512 | "64512" ||
+ | | | | | |
+ | **custom-metrics** | Indicates whether CloudGuard Metrics will be use for gateway monitoring | string | yes;
no; | "yes" |
+ | | | | | |
+ | **routing-intent-internet-traffic** | Set routing intent policy to allow internet traffic through the new nva | string | yes;
no;
Please verify routing-intent is configured successfully post-deployment | "yes" |
+ | | | | | |
+ | **routing-intent-private-traffic** | Set routing intent policy to allow private traffic through the new nva | string | yes;
no;
Please verify routing-intent is configured successfully post-deployment | "yes" |
+ | | | | | |
+ | **smart1-cloud-token-a** | Smart-1 Cloud token to connect automatically ***NVA instance a*** to Check Point's Security Management as a Service.
Follow these instructions to quickly connect this member to Smart-1 Cloud - [SK180501](https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk180501) | string | A valid token copied from the Connect Gateway screen in Smart-1 Cloud portal | n/a | |
+ | | | | | |
+ | **smart1-cloud-token-b** | Smart-1 Cloud token to connect automatically ***NVA instance b*** to Check Point's Security Management as a Service.
Follow these instructions to quickly connect this member to Smart-1 Cloud - [SK180501](https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk180501) | string | A valid token copied from the Connect Gateway screen in Smart-1 Cloud portal | n/a | |
+ | | | | | |
+ | **smart1-cloud-token-c** | Smart-1 Cloud token to connect automatically ***NVA instance c*** to Check Point's Security Management as a Service.
Follow these instructions to quickly connect this member to Smart-1 Cloud - [SK180501](https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk180501) | string | A valid token copied from the Connect Gateway screen in Smart-1 Cloud portal | n/a | |
+ | | | | | |
+ | **smart1-cloud-token-d** | Smart-1 Cloud token to connect automatically ***NVA instance d*** to Check Point's Security Management as a Service.
Follow these instructions to quickly connect this member to Smart-1 Cloud - [SK180501](https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk180501) | string | A valid token copied from the Connect Gateway screen in Smart-1 Cloud portal | n/a | |
+ | | | | | |
+ | **smart1-cloud-token-e** | Smart-1 Cloud token to connect automatically ***NVA instance e*** to Check Point's Security Management as a Service.
Follow these instructions to quickly connect this member to Smart-1 Cloud - [SK180501](https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk180501) | string | A valid token copied from the Connect Gateway screen in Smart-1 Cloud portal | n/a | |
+ | |
+
+## Conditional creation
+- To enable CloudGuard metrics in order to send statuses and statistics collected from the gateway instance to the Azure Monitor service:
+ ```
+ custom-metrics = yes
+ ```
+
+## Example
+ authentication_method = "Service Principal"
+ client_secret = "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"
+ client_id = "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"
+ tenant_id = "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"
+ subscription_id = "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"
+ resource-group-name = "tf-managed-app-resource-group"
+ location = "westcentralus"
+ vwan-hub-name = "tf-vwan-hub"
+ vwan-hub-resource-group = "tf-vwan-hub-rg"
+ managed-app-name = "tf-vwan-managed-app-nva"
+ nva-rg-name = "tf-vwan-nva-rg"
+ nva-name = "tf-vwan-nva"
+ os-version = "R8120"
+ license-type = "Security Enforcement (NGTP)"
+ scale-unit = "2"
+ bootstrap-script = "touch /home/admin/bootstrap.txt; echo 'hello_world' > /home/admin/bootstrap.txt"
+ admin-shell = "/etc/cli.sh"
+ sic-key = "xxxxxxxxxxxx"
+ ssh-public-key = "ssh-rsa xxxxxxxxxxxxxxxxxxxxxxxx imported-openssh-key"
+ bgp-asn = "64512"
+ custom-metrics = "yes"
+ routing-intent-internet-traffic = "yes"
+ routing-intent-private-traffic = "yes"
+ smart1-cloud-token-a = ""
+ smart1-cloud-token-b = ""
+ smart1-cloud-token-c = ""
+ smart1-cloud-token-d = ""
+ smart1-cloud-token-e = ""
+ existing-public-ip = ""
+ new-public-ip = "yes"
+
+## Revision History
+In order to check the template version refer to the [sk116585](https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk116585)
+
+| Template Version | Description |
+|------------------|-------------------|
+| 20240613 | Cosmetic fixes & default values |
+| 20240228 | Added public IP for ingress support | | |
+| 20231226 | First release of Check Point CloudGuard Network Security Virtual WAN Terraform deployment for Azure | |
+
+
+## License
+
+See the [LICENSE](../../LICENSE) file for details
+
diff --git a/deprecated/terraform/azure/R8040-R81/nva-into-existing-hub/main.tf b/deprecated/terraform/azure/R8040-R81/nva-into-existing-hub/main.tf
new file mode 100644
index 00000000..5987c76b
--- /dev/null
+++ b/deprecated/terraform/azure/R8040-R81/nva-into-existing-hub/main.tf
@@ -0,0 +1,195 @@
+//********************** Basic Configuration **************************//
+resource "azurerm_resource_group" "managed-app-rg" {
+ name = var.resource-group-name
+ location = var.location
+}
+
+data "azurerm_virtual_hub" "vwan-hub" {
+ name = var.vwan-hub-name
+ resource_group_name = var.vwan-hub-resource-group
+}
+
+//********************** Image Version **************************//
+
+data "external" "az_access_token" {
+ count = var.authentication_method == "Azure CLI" ? 1 : 0
+ program = ["az", "account", "get-access-token", "--resource=https://management.azure.com", "--query={accessToken: accessToken}", "--output=json"]
+}
+
+data "http" "azure_auth" {
+ count = var.authentication_method == "Service Principal" ? 1 : 0
+ url = "https://login.microsoftonline.com/${var.tenant_id}/oauth2/v2.0/token"
+ method = "POST"
+ request_headers = {
+ "Content-Type" = "application/x-www-form-urlencoded"
+ }
+ request_body = "grant_type=client_credentials&client_id=${var.client_id}&client_secret=${var.client_secret}&scope=https://management.azure.com/.default"
+}
+
+locals {
+ access_token = var.authentication_method == "Service Principal" ? jsondecode(data.http.azure_auth[0].response_body).access_token : data.external.az_access_token[0].result.accessToken
+}
+
+data "http" "image-versions" {
+ method = "GET"
+ url = "https://management.azure.com/subscriptions/${var.subscription_id}/providers/Microsoft.Network/networkVirtualApplianceSKUs/checkpoint${var.license-type == "Full Package (NGTX + S1C)" ? "-ngtx" : var.license-type == "Full Package Premium (NGTX + S1C++)" ? "-premium" : ""}?api-version=2020-05-01"
+ request_headers = {
+ Accept = "application/json"
+ "Authorization" = "Bearer ${local.access_token}"
+ }
+}
+
+locals {
+ image_versions = tolist([for version in jsondecode(data.http.image-versions.response_body).properties.availableVersions : version if substr(version, 0, 4) == substr(lower(var.os-version), 1, 4)])
+ routing_intent-internet-policy = {
+ "name": "InternetTraffic",
+ "destinations": [
+ "Internet"
+ ],
+ "nextHop": "/subscriptions/${var.subscription_id}/resourcegroups/${var.nva-rg-name}/providers/Microsoft.Network/networkVirtualAppliances/${var.nva-name}"
+ }
+ routing_intent-private-policy = {
+ "name": "PrivateTrafficPolicy",
+ "destinations": [
+ "PrivateTraffic"
+ ],
+ "nextHop": "/subscriptions/${var.subscription_id}/resourcegroups/${var.nva-rg-name}/providers/Microsoft.Network/networkVirtualAppliances/${var.nva-name}"
+ }
+ routing-intent-policies = var.routing-intent-internet-traffic == "yes" ? (var.routing-intent-private-traffic == "yes" ? tolist([local.routing_intent-internet-policy, local.routing_intent-private-policy]) : tolist([local.routing_intent-internet-policy])) : (var.routing-intent-private-traffic == "yes" ? tolist([local.routing_intent-private-policy]) : [])
+ req_body = jsonencode({"properties": {"routingPolicies": local.routing-intent-policies}})
+ req_url = "https://management.azure.com/subscriptions/${var.subscription_id}/resourceGroups/${var.vwan-hub-resource-group}/providers/Microsoft.Network/virtualHubs/${var.vwan-hub-name}/routingIntent/hubRoutingIntent?api-version=2022-01-01"
+}
+
+//********************** Marketplace Terms & Solution Registration **************************//
+data "http" "accept-marketplace-terms-existing-agreement" {
+ method = "GET"
+ url = "https://management.azure.com/subscriptions/${var.subscription_id}/providers/Microsoft.MarketplaceOrdering/agreements/checkpoint/offers/cp-vwan-managed-app/plans/vwan-app?api-version=2021-01-01"
+ request_headers = {
+ Accept = "application/json"
+ "Authorization" = "Bearer ${local.access_token}"
+ }
+}
+
+resource "azurerm_marketplace_agreement" "accept-marketplace-terms" {
+ count = can(jsondecode(data.http.accept-marketplace-terms-existing-agreement.response_body).id) ? (jsondecode(data.http.accept-marketplace-terms-existing-agreement.response_body).properties.state == "Active" ? 0 : 1) : 1
+ publisher = "checkpoint"
+ offer = "cp-vwan-managed-app"
+ plan = "vwan-app"
+}
+
+data "http" "azurerm_resource_provider_registration-exist" {
+ method = "GET"
+ url = "https://management.azure.com/subscriptions/${var.subscription_id}/providers/Microsoft.Solutions?api-version=2021-01-01"
+ request_headers = {
+ Accept = "application/json"
+ "Authorization" = "Bearer ${local.access_token}"
+ }
+}
+
+resource "azurerm_resource_provider_registration" "solutions" {
+ count = jsondecode(data.http.azurerm_resource_provider_registration-exist.response_body).registrationState == "Registered" ? 0 : 1
+ name = "Microsoft.Solutions"
+}
+
+
+//********************** Managed Application Configuration **************************//
+resource "azurerm_managed_application" "nva" {
+ depends_on = [azurerm_marketplace_agreement.accept-marketplace-terms, azurerm_resource_provider_registration.solutions]
+ name = var.managed-app-name
+ location = azurerm_resource_group.managed-app-rg.location
+ resource_group_name = azurerm_resource_group.managed-app-rg.name
+ kind = "MarketPlace"
+ managed_resource_group_name = var.nva-rg-name
+
+ plan {
+ name = "vwan-app"
+ product = "cp-vwan-managed-app"
+ publisher = "checkpoint"
+ version = "1.0.14"
+ }
+ parameter_values = jsonencode({
+ location = {
+ value = azurerm_resource_group.managed-app-rg.location
+ },
+ hubId = {
+ value = data.azurerm_virtual_hub.vwan-hub.id
+ },
+ osVersion = {
+ value = var.os-version
+ },
+ LicenseType = {
+ value = var.license-type
+ },
+ imageVersion = {
+ value = element(local.image_versions, length(local.image_versions) -1)
+ },
+ scaleUnit = {
+ value = var.scale-unit
+ },
+ bootstrapScript = {
+ value = var.bootstrap-script
+ },
+ adminShell = {
+ value = var.admin-shell
+ },
+ sicKey = {
+ value = var.sic-key
+ },
+ sshPublicKey = {
+ value = var.ssh-public-key
+ },
+ BGP = {
+ value = var.bgp-asn
+ },
+ NVA = {
+ value = var.nva-name
+ },
+ customMetrics = {
+ value = var.custom-metrics
+ },
+ hubASN = {
+ value = data.azurerm_virtual_hub.vwan-hub.virtual_router_asn
+ },
+ hubPeers = {
+ value = data.azurerm_virtual_hub.vwan-hub.virtual_router_ips
+ },
+ smart1CloudTokenA = {
+ value = var.smart1-cloud-token-a
+ },
+ smart1CloudTokenB = {
+ value = var.smart1-cloud-token-b
+ },
+ smart1CloudTokenC = {
+ value = var.smart1-cloud-token-c
+ },
+ smart1CloudTokenD = {
+ value = var.smart1-cloud-token-d
+ },
+ smart1CloudTokenE = {
+ value = var.smart1-cloud-token-e
+ },
+ publicIPIngress = {
+ value = (var.new-public-ip == "yes" || length(var.existing-public-ip) > 0) ? "yes" : "no"
+ },
+ createNewIPIngress = {
+ value = var.new-public-ip
+ }
+ ipIngressExistingResourceId = {
+ value = var.existing-public-ip
+ }
+ })
+}
+
+//********************** Routing Intent **************************//
+
+
+data "external" "update-routing-intent" {
+ count = length(local.routing-intent-policies) != 0 ? 1 : 0
+ depends_on = [azurerm_managed_application.nva]
+ program = ["python", "../modules/add-routing-intent.py", "${local.req_url}", "${local.req_body}", "${local.access_token}"]
+}
+
+output "api_request_result" {
+ value = length(local.routing-intent-policies) != 0 ? data.external.update-routing-intent[0].result : {routing-intent: "not changed"}
+}
+
diff --git a/deprecated/terraform/azure/R8040-R81/nva-into-existing-hub/terraform.tfvars b/deprecated/terraform/azure/R8040-R81/nva-into-existing-hub/terraform.tfvars
new file mode 100644
index 00000000..268fb4c1
--- /dev/null
+++ b/deprecated/terraform/azure/R8040-R81/nva-into-existing-hub/terraform.tfvars
@@ -0,0 +1,31 @@
+#PLEASE refer to the README.md for accepted values for the variables below
+authentication_method = "PLEASE ENTER AUTHENTICATION METHOD" # "Service Principal"
+client_secret = "PLEASE ENTER CLIENT SECRET" # "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"
+client_id = "PLEASE ENTER CLIENT ID" # "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"
+tenant_id = "PLEASE ENTER TENANT ID" # "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"
+subscription_id = "PLEASE ENTER SUBSCRIPTION ID" # "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"
+resource-group-name = "PLEASE ENTER RESOURCE GROUP NAME" # "tf-managed-app-resource-group"
+location = "PLEASE ENTER LOCATION" # "westcentralus"
+vwan-hub-name = "PLEASE ENTER VWAN HUB NAME" # "tf-vwan-hub"
+vwan-hub-resource-group = "PLEASE ENTER VWAN HUB RESOURCE GROUP" # "tf-vwan-hub-rg"
+managed-app-name = "PLEASE ENTER MANAGED APPLICATION NAME" # "tf-vwan-managed-app-nva"
+nva-rg-name = "PLEASE ENTER NVA RESOURCE GROUP NAME" # "tf-vwan-nva-rg"
+nva-name = "PLEASE ENTER NVA NAME" # "tf-vwan-nva"
+os-version = "PLEASE ENTER GAIA OS VERSION" # "R8120"
+license-type = "PLEASE ENTER LICENSE TYPE" # "Security Enforcement (NGTP)"
+scale-unit = "PLEASE ENTER SCALE UNIT" # "2"
+bootstrap-script = "PLEASE ENTER CUSTOM SCRIPT OR LEAVE EMPTY DOUBLE QUOTES" # "touch /home/admin/bootstrap.txt; echo 'hello_world' > /home/admin/bootstrap.txt"
+admin-shell = "PLEASE ENTER ADMIN SHELL" # "/etc/cli.sh"
+sic-key = "PLEASE ENTER SIC KEY" # "xxxxxxxxxx"
+ssh-public-key = "PLEASE ENTER SSH PUBLIC KEY" # "ssh-rsa xxxxxxxxxxxxxxxxxxxxxxxx imported-openssh-key"
+bgp-asn = "PLEASE ENTER BGP AUTONOMOUS SYSTEM NUMBER" # "64512"
+custom-metrics = "PLEASE ENTER yes or no" # "yes"
+routing-intent-internet-traffic = "PLEASE ENTER yes or no" # "yes"
+routing-intent-private-traffic = "PLEASE ENTER yes or no" # "yes"
+smart1-cloud-token-a = "PASTE TOKEN FROM SMART-1 CLOUD PORTAL FOR INSTANCE A OR LEAVE EMPTY DOUBLE QUOTES" # "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"
+smart1-cloud-token-b = "PASTE TOKEN FROM SMART-1 CLOUD PORTAL FOR INSTANCE B OR LEAVE EMPTY DOUBLE QUOTES" # "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"
+smart1-cloud-token-c = "PASTE TOKEN FROM SMART-1 CLOUD PORTAL FOR INSTANCE C OR LEAVE EMPTY DOUBLE QUOTES" # "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"
+smart1-cloud-token-d = "PASTE TOKEN FROM SMART-1 CLOUD PORTAL FOR INSTANCE D OR LEAVE EMPTY DOUBLE QUOTES" # "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"
+smart1-cloud-token-e = "PASTE TOKEN FROM SMART-1 CLOUD PORTAL FOR INSTANCE E OR LEAVE EMPTY DOUBLE QUOTES" # "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"
+existing-public-ip = "PLEASE ENTER THE RESOURCE ID OF A PUBLIC IP RESOURCE OR LEAVE EMPTY DOUBLE QUOTES" # "/subscription/123/resourceGroups/rg1/providers/Microsoft.Network/publicIPAddresses/pip1"
+new-public-ip = "PLEASE ENTER yes or no" # "no"
\ No newline at end of file
diff --git a/deprecated/terraform/azure/R8040-R81/nva-into-existing-hub/variables.tf b/deprecated/terraform/azure/R8040-R81/nva-into-existing-hub/variables.tf
new file mode 100644
index 00000000..d00283d4
--- /dev/null
+++ b/deprecated/terraform/azure/R8040-R81/nva-into-existing-hub/variables.tf
@@ -0,0 +1,198 @@
+variable "authentication_method" {
+ description = "Azure authentication method"
+ type = string
+ validation {
+ condition = contains(["Azure CLI", "Service Principal"], var.authentication_method)
+ error_message = "Valid values for authentication_method are 'Azure CLI','Service Principal'"
+ }
+}
+
+variable "subscription_id" {
+ description = "Subscription ID"
+ type = string
+}
+
+variable "tenant_id" {
+ description = "Tenant ID"
+ type = string
+}
+
+variable "client_id" {
+ description = "Application ID(Client ID)"
+ type = string
+}
+
+variable "client_secret" {
+ description = "A secret string that the application uses to prove its identity when requesting a token. Also can be referred to as application password."
+ type = string
+}
+
+variable "resource-group-name" {
+ type = string
+ default = "tf-managed-app-resource-group"
+}
+
+variable "location" {
+ type = string
+ default = "westcentralus"
+}
+
+variable "managed-app-name" {
+ type = string
+ default = "tf-vwan-managed-app-nva"
+}
+
+variable "vwan-hub-name" {
+ type = string
+}
+
+variable "vwan-hub-resource-group" {
+ type = string
+}
+
+variable "nva-rg-name" {
+ type = string
+ default = "tf-vwan-nva-rg"
+}
+
+variable "nva-name" {
+ type = string
+ default = "tf-vwan-nva"
+}
+
+variable "os-version" {
+ description = "GAIA OS version"
+ type = string
+ default = "R8120"
+ validation {
+ condition = contains(["R8110", "R8120"], var.os-version)
+ error_message = "Allowed values for os-version are 'R8110', 'R8120'"
+ }
+}
+
+variable "license-type" {
+ type = string
+ default = "Security Enforcement (NGTP)"
+ validation {
+ condition = contains(["Security Enforcement (NGTP)", "Full Package (NGTX + S1C)", "Full Package Premium (NGTX + S1C++)"], var.license-type)
+ error_message = "Allowed values for License Type are 'Security Enforcement (NGTP)', 'Full Package (NGTX + S1C)', 'Full Package Premium (NGTX + S1C++)'"
+ }
+}
+
+variable "scale-unit" {
+ type = string
+ default = "2"
+ validation {
+ condition = contains(["2", "4", "10", "20", "30", "60", "80"], var.scale-unit)
+ error_message = "Valid values for CloudGuard version are '2', '4', '10', '20', '30', '60', '80'"
+ }
+}
+
+variable "bootstrap-script" {
+ type = string
+ default = ""
+}
+
+variable "admin-shell" {
+ type = string
+ default = "/etc/cli.sh"
+ validation {
+ condition = contains(["/etc/cli.sh", "/bin/bash", "/bin/tcsh", "/bin/csh"], var.admin-shell)
+ error_message = "Valid shells are '/etc/cli.sh', '/bin/bash', '/bin/tcsh', '/bin/csh'"
+ }
+}
+
+variable "sic-key" {
+ type = string
+ default = ""
+ sensitive = true
+ validation {
+ condition = can(regex("^[a-z0-9A-Z]{12,30}$", var.sic-key))
+ error_message = "Only alphanumeric characters are allowed, and the value must be 12-30 characters long."
+ }
+}
+
+variable "ssh-public-key" {
+ type = string
+ default = ""
+}
+
+variable "bgp-asn" {
+ type = string
+ default = "64512"
+ validation {
+ condition = tonumber(var.bgp-asn) >= 64512 && tonumber(var.bgp-asn) <= 65534 && !contains([65515, 65520], tonumber(var.bgp-asn))
+ error_message = "Only numbers between 64512 to 65534 are allowed excluding 65515, 65520."
+ }
+}
+
+variable "custom-metrics" {
+ type = string
+ default = "yes"
+ validation {
+ condition = contains(["yes", "no"], var.custom-metrics)
+ error_message = "Valid options are string('yes' or 'no')"
+ }
+}
+
+variable "routing-intent-internet-traffic" {
+ default = "yes"
+ validation {
+ condition = contains(["yes", "no"], var.routing-intent-internet-traffic)
+ error_message = "Valid options are string('yes' or 'no')"
+ }
+}
+
+variable "routing-intent-private-traffic" {
+ default = "yes"
+ validation {
+ condition = contains(["yes", "no"], var.routing-intent-private-traffic)
+ error_message = "Valid options are string('yes' or 'no')"
+ }
+}
+
+variable "smart1-cloud-token-a" {
+ type = string
+ default = ""
+}
+
+variable "smart1-cloud-token-b" {
+ type = string
+ default = ""
+}
+
+variable "smart1-cloud-token-c" {
+ type = string
+ default = ""
+}
+
+variable "smart1-cloud-token-d" {
+ type = string
+ default = ""
+}
+
+variable "smart1-cloud-token-e" {
+ type = string
+ default = ""
+}
+
+variable "existing-public-ip" {
+ type = string
+ default = ""
+}
+
+variable "new-public-ip" {
+ type = string
+ default = "no"
+ validation {
+ condition = contains(["yes", "no"], var.new-public-ip)
+ error_message = "Valid options are string('yes' or 'no')"
+ }
+}
+
+locals{
+ # Validate that new-public-ip is false when existing-public-ip is used
+ is_both_params_used = length(var.existing-public-ip) > 0 && var.new-public-ip == "yes"
+ validation_message_both = "Only one parameter of existing-public-ip or new-public-ip can be used"
+ _ = regex("^$", (!local.is_both_params_used ? "" : local.validation_message_both))
+}
\ No newline at end of file
diff --git a/deprecated/terraform/azure/R8040-R81/nva-into-existing-hub/versions.tf b/deprecated/terraform/azure/R8040-R81/nva-into-existing-hub/versions.tf
new file mode 100644
index 00000000..1c68a298
--- /dev/null
+++ b/deprecated/terraform/azure/R8040-R81/nva-into-existing-hub/versions.tf
@@ -0,0 +1,17 @@
+terraform {
+ required_version = ">= 1.5.0"
+ required_providers {
+ azurerm = {
+ source = "hashicorp/azurerm"
+ version = " 3.79.0"
+ }
+ }
+}
+
+provider "azurerm" {
+ subscription_id = var.subscription_id
+ client_id = var.client_id
+ client_secret = var.client_secret
+ tenant_id = var.tenant_id
+ features {}
+}
diff --git a/deprecated/terraform/azure/R8040-R81/nva-into-new-vwan/README.md b/deprecated/terraform/azure/R8040-R81/nva-into-new-vwan/README.md
new file mode 100644
index 00000000..52cc1b17
--- /dev/null
+++ b/deprecated/terraform/azure/R8040-R81/nva-into-new-vwan/README.md
@@ -0,0 +1,182 @@
+# Check Point CloudGuard Network Security Virtual WAN Terraform deployment for Azure
+
+This Terraform module deploys Check Point CloudGuard Network Security Virtual WAN NVA solution into a new vWAN Hub in Azure.
+As part of the deployment the following resources are created:
+- Resource groups
+- Virtual WAN
+- Virtual WAN Hub
+- Azure Managed Application:
+ - NVA
+ - Managed identity
+
+For additional information,
+please see the [CloudGuard Network for Azure Virtual WAN Deployment Guide](https://sc1.checkpoint.com/documents/IaaS/WebAdminGuides/EN/CP_CloudGuard_Network_for_Azure_vWAN/Default.htm)
+
+
+## Configurations
+- Install and configure Terraform to provision Azure resources: [Configure Terraform for Azure](https://docs.microsoft.com/en-us/azure/virtual-machines/linux/terraform-install-configure).
+- In order to configure hub routing-intent policies it is **required** to have Python and 'requests' library installed.
+
+## Usage
+- Choose the preferred login method to Azure in order to deploy the solution:
+
1. Using Service Principal:
+ - Create a [Service Principal](https://docs.microsoft.com/en-us/azure/active-directory/develop/howto-create-service-principal-portal) (or use the existing one)
+ - Grant the Service Principal at least "**Contributor**" permissions to the Azure subscription
+ - The Service Principal credentials can be stored either in the terraform.tfvars or as [Environment Variables](https://www.terraform.io/docs/providers/azuread/guides/service_principal_client_secret.html)
+
+ In case the Environment Variables are used, perform modifications described below:
+
+ a. The next lines in the versions.tf file, in the provider azurerm resource, need to be deleted or commented:
+
+ provider "azurerm" {
+
+ // subscription_id = var.subscription_id
+ // client_id = var.client_id
+ // client_secret = var.client_secret
+ // tenant_id = var.tenant_id
+
+ features {}
+ }
+
+ b. In the terraform.tfvars file leave empty double quotes for client_secret, client_id , tenant_id and subscription_id variables:
+
+ client_secret = ""
+ client_id = ""
+ tenant_id = ""
+ subscription_id = ""
+
+
2. Using **az** commands from a command-line:
+ - Run **az login** command
+ - Sign in with your account credentials in the browser
+ - In the terraform.tfvars file leave empty double quotes for client_secret, client_id and tenant_id variables.
+
+- Fill all variables in the /terraform/azure/nva-into-new-vwan/terraform.tfvars file with proper values (see below for variables descriptions).
+- From a command line initialize the Terraform configuration directory:
+
+ terraform init
+- Create an execution plan:
+
+ terraform plan
+- Create or modify the deployment:
+
+ terraform apply
+
+### terraform.tfvars variables:
+ | Name | Description | Type | Allowed values | Default |
+ |--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|--------|-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| ------------- | ------------- |
+ | **authentication_method** | The authentication method used to deploy the solution | string | "Service Principal";
"Azure CLI"; | n/a
+ | |
+ | **client_secret** | The client secret value of the Service Principal used to deploy the solution | string | | n/a
+ | || | | |
+ | **client_id** | The client ID of the Service Principal used to deploy the solution | string | | n/a
+ | || | | |
+ | **tenant_id** | The tenant ID of the Service Principal used to deploy the solution | string | | n/a
+ | || | | |
+ | **subscription_id** | The subscription ID is used to pay for Azure cloud services | string | | n/a
+ | || | | |
+ | **resource-group-name** | The name of the resource group that will contain the managed application | string | Resource group names only allow alphanumeric characters, periods, underscores, hyphens and parenthesis and cannot end in a period | "managed-app-resource-group" |
+ | || | | |
+ | **location** | The region where the resources will be deployed at | string | The full list of supported Azure regions can be found at https://learn.microsoft.com/en-us/azure/virtual-wan/virtual-wan-locations-partners#locations | "westcentralus" |
+ | || | | |
+ | **vwan-name** | The name of the virtual WAN that will be created | string | The name must begin with a letter or number, end with a letter, number or underscore, and may contain only letters, numbers, underscores, periods, or hyphens | "tf-vwan" |
+ | || | | |
+ | **vwan-hub-name** | The name of the virtual WAN hub that will be created | string | The name must begin with a letter or number, end with a letter, number or underscore, and may contain only letters, numbers, underscores, periods, or hyphens | "tf-vwan-hub" |
+ | || | | |
+ | **vwan-hub-address-prefix** | The address prefixes of the virtual hub | string | Valid CIDR block | "10.0.0.0/16" |
+ | || | | |
+ | **managed-app-name** | The name of the managed application that will be created | string | The name must begin with a letter or number, end with a letter, number or underscore, and may contain only letters, numbers, underscores, periods, or hyphens | tf-vwan-managed-app |
+ | || | | |
+ | **nva-name** | The name of the NVA that will be created | string | The name must begin with a letter or number, end with a letter, number or underscore, and may contain only letters, numbers, underscores, periods, or hyphens | tf-vwan-nva |
+ | || | | |
+ | **nva-rg-name** | The name of the resource group that will contain the NVA | string | Resource group names only allow alphanumeric characters, periods, underscores, hyphens and parenthesis and cannot end in a period | tf-vwan-nva-rg |
+ | || | | |
+ | **os-version** | The GAIA os version| string | "R8110"
"R8120" | "R8120" |
+ | || | | |
+ | **license-type** | The Check Point licence type | string | "Security Enforcement (NGTP)"
"Full Package (NGTX + S1C)"
"Full Package Premium (NGTX + S1C++)" | "Security Enforcement (NGTP)" |
+ | || | | |
+ | **scale-unit** | The scale unit determines the size and number of resources deployed. The higher the scale unit, the greater the amount of traffic that can be handled. | string | "2"
"4"
"10"
"20"
"30"
"60"
"80"
| "2" |
+ | || | | |
+ | **bootstrap_script** | An optional script to run on the initial boot | string | Bootstrap script example:
"touch /home/admin/bootstrap.txt; echo 'hello_world' > /home/admin/bootstrap.txt"
The script will create bootstrap.txt file in the /home/admin/ and add 'hello word' string into it | ""
+ | || | | | | | | |
+ | **admin_shell** | Enables to select different admin shells | string | /etc/cli.sh;
/bin/bash;
/bin/csh;
/bin/tcsh; | "/etc/cli.sh" |
+ | || | | |
+ | **sic-key** | The Secure Internal Communication one time secret used to set up trust between the gateway object and the management server | string | Only alphanumeric characters are allowed, and the value must be 12-30 characters long | n/a |
+ | || | | |
+ | **ssh-public-key** | The public ssh key used for ssh connection to the NVA GW instances | string | ssh-rsa xxxxxxxxxxxxxxxxxxxxxxxx generated-by-azure; | n/a | | string | gateway;
standalone; |
+ | || | | |
+ | **bgp-asn** | The BGP autonomous system number. | string | 64512 | "64512" ||
+ | || | | |
+ | **custom-metrics** | Indicates whether CloudGuard Metrics will be use for gateway monitoring | string | yes;
no; | "yes" |
+ | || | | |
+ | **routing-intent-internet-traffic** | Set routing intent policy to allow internet traffic through the new nva | string | yes;
no;
Please verify routing-intent is configured successfully post-deployment | "yes" |
+ | || | | |
+ | **routing-intent-private-traffic** | Set routing intent policy to allow private traffic through the new nva | string | yes;
no;
Please verify routing-intent is configured successfully post-deployment | "yes" |
+ | || | | |
+ | **smart1-cloud-token-a** | Smart-1 Cloud token to connect automatically ***NVA instance a*** to Check Point's Security Management as a Service.
Follow these instructions to quickly connect this member to Smart-1 Cloud - [SK180501](https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk180501) | string | A valid token copied from the Connect Gateway screen in Smart-1 Cloud portal | n/a | |
+ | || | | |
+ | **smart1-cloud-token-b** | Smart-1 Cloud token to connect automatically ***NVA instance b*** to Check Point's Security Management as a Service.
Follow these instructions to quickly connect this member to Smart-1 Cloud - [SK180501](https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk180501) | string | A valid token copied from the Connect Gateway screen in Smart-1 Cloud portal | n/a | |
+ | || | | |
+ | **smart1-cloud-token-c** | Smart-1 Cloud token to connect automatically ***NVA instance c*** to Check Point's Security Management as a Service.
Follow these instructions to quickly connect this member to Smart-1 Cloud - [SK180501](https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk180501) | string | A valid token copied from the Connect Gateway screen in Smart-1 Cloud portal | n/a | |
+ | || | | |
+ | **smart1-cloud-token-d** | Smart-1 Cloud token to connect automatically ***NVA instance d*** to Check Point's Security Management as a Service.
Follow these instructions to quickly connect this member to Smart-1 Cloud - [SK180501](https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk180501) | string | A valid token copied from the Connect Gateway screen in Smart-1 Cloud portal | n/a | |
+ | || | | |
+ | **smart1-cloud-token-e** | Smart-1 Cloud token to connect automatically ***NVA instance e*** to Check Point's Security Management as a Service.
Follow these instructions to quickly connect this member to Smart-1 Cloud - [SK180501](https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk180501) | string | A valid token copied from the Connect Gateway screen in Smart-1 Cloud portal | n/a | |
+ | |
+ | **existing-public-ip** | Existing public IP reosurce to attach to the newly deployed NVA | string | A resource ID of the public IP resource | |
+ | | | | | |
+ | **new-public-ip** | Deploy a new public IP resource as part of the managed app and attach to the NVA | string | yes;
no;| |
+ | |
+
+## Conditional creation
+- To enable CloudGuard metrics in order to send statuses and statistics collected from the gateway instance to the Azure Monitor service:
+ ```
+ custom-metrics = yes
+ ```
+
+## Example
+ authentication_method = "Service Principal"
+ client_secret = "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"
+ client_id = "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"
+ tenant_id = "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"
+ subscription_id = "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"
+ resource-group-name = "tf-managed-app-resource-group"
+ location = "westcentralus"
+ vwan-name = "tf-vwan"
+ vwan-hub-name = "tf-vwan-hub"
+ vwan-hub-address-prefix = "10.0.0.0/16"
+ managed-app-name = "tf-vwan-managed-app-nva"
+ nva-rg-name = "tf-vwan-nva-rg"
+ nva-name = "tf-vwan-nva"
+ os-version = "R8120"
+ license-type = "Security Enforcement (NGTP)"
+ scale-unit = "2"
+ bootstrap-script = "touch /home/admin/bootstrap.txt; echo 'hello_world' > /home/admin/bootstrap.txt"
+ admin-shell = "/etc/cli.sh"
+ sic-key = "xxxxxxxxxxxx"
+ ssh-public-key = "ssh-rsa xxxxxxxxxxxxxxxxxxxxxxxx imported-openssh-key"
+ bgp-asn = "64512"
+ custom-metrics = "yes"
+ routing-intent-internet-traffic = "yes"
+ routing-intent-private-traffic = "yes"
+ smart1-cloud-token-a = ""
+ smart1-cloud-token-b = ""
+ smart1-cloud-token-c = ""
+ smart1-cloud-token-d = ""
+ smart1-cloud-token-e = ""
+ existing-public-ip = ""
+ new-public-ip = "yes"
+
+## Revision History
+In order to check the template version refer to the [sk116585](https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk116585)
+
+| Template Version | Description |
+|------------------|-----------------------------------------------------------------------------------------------|
+| 20240613 | Cosmetic fixes & default values |
+| 20240228 | Added public IP for ingress support | | |
+| 20231226 | First release of Check Point CloudGuard Network Security Virtual WAN Terraform deployment for Azure | | |
+
+
+## License
+
+See the [LICENSE](../../LICENSE) file for details
+
diff --git a/deprecated/terraform/azure/R8040-R81/nva-into-new-vwan/main.tf b/deprecated/terraform/azure/R8040-R81/nva-into-new-vwan/main.tf
new file mode 100644
index 00000000..43a409c3
--- /dev/null
+++ b/deprecated/terraform/azure/R8040-R81/nva-into-new-vwan/main.tf
@@ -0,0 +1,202 @@
+//********************** Basic Configuration **************************//
+resource "azurerm_resource_group" "managed-app-rg" {
+ name = var.resource-group-name
+ location = var.location
+}
+
+resource "azurerm_virtual_wan" "vwan" {
+ name = var.vwan-name
+ resource_group_name = azurerm_resource_group.managed-app-rg.name
+ location = var.location
+}
+
+resource "azurerm_virtual_hub" "vwan-hub" {
+ name = var.vwan-hub-name
+ resource_group_name = azurerm_resource_group.managed-app-rg.name
+ location = azurerm_resource_group.managed-app-rg.location
+ address_prefix = var.vwan-hub-address-prefix
+ virtual_wan_id = azurerm_virtual_wan.vwan.id
+}
+
+//********************** Image Version **************************//
+
+data "external" "az_access_token" {
+ count = var.authentication_method == "Azure CLI" ? 1 : 0
+ program = ["az", "account", "get-access-token", "--resource=https://management.azure.com", "--query={accessToken: accessToken}", "--output=json"]
+}
+
+data "http" "azure_auth" {
+ count = var.authentication_method == "Service Principal" ? 1 : 0
+ url = "https://login.microsoftonline.com/${var.tenant_id}/oauth2/v2.0/token"
+ method = "POST"
+ request_headers = {
+ "Content-Type" = "application/x-www-form-urlencoded"
+ }
+ request_body = "grant_type=client_credentials&client_id=${var.client_id}&client_secret=${var.client_secret}&scope=https://management.azure.com/.default"
+}
+
+locals {
+ access_token = var.authentication_method == "Service Principal" ? jsondecode(data.http.azure_auth[0].response_body).access_token : data.external.az_access_token[0].result.accessToken
+}
+
+data "http" "image-versions" {
+ method = "GET"
+ url = "https://management.azure.com/subscriptions/${var.subscription_id}/providers/Microsoft.Network/networkVirtualApplianceSKUs/checkpoint${var.license-type == "Full Package (NGTX + S1C)" ? "-ngtx" : var.license-type == "Full Package Premium (NGTX + S1C++)" ? "-premium" : ""}?api-version=2020-05-01"
+ request_headers = {
+ Accept = "application/json"
+ "Authorization" = "Bearer ${local.access_token}"
+ }
+}
+
+locals {
+ image_versions = tolist([for version in jsondecode(data.http.image-versions.response_body).properties.availableVersions : version if substr(version, 0, 4) == substr(lower(var.os-version), 1, 4)])
+ routing_intent-internet-policy = {
+ "name": "InternetTraffic",
+ "destinations": [
+ "Internet"
+ ],
+ "nextHop": "/subscriptions/${var.subscription_id}/resourcegroups/${var.nva-rg-name}/providers/Microsoft.Network/networkVirtualAppliances/${var.nva-name}"
+ }
+ routing_intent-private-policy = {
+ "name": "PrivateTrafficPolicy",
+ "destinations": [
+ "PrivateTraffic"
+ ],
+ "nextHop": "/subscriptions/${var.subscription_id}/resourcegroups/${var.nva-rg-name}/providers/Microsoft.Network/networkVirtualAppliances/${var.nva-name}"
+ }
+ routing-intent-policies = var.routing-intent-internet-traffic == "yes" ? (var.routing-intent-private-traffic == "yes" ? tolist([local.routing_intent-internet-policy, local.routing_intent-private-policy]) : tolist([local.routing_intent-internet-policy])) : (var.routing-intent-private-traffic == "yes" ? tolist([local.routing_intent-private-policy]) : [])
+ req_body = jsonencode({"properties": {"routingPolicies": local.routing-intent-policies}})
+ req_url = "https://management.azure.com/subscriptions/${var.subscription_id}/resourceGroups/${azurerm_resource_group.managed-app-rg.name}/providers/Microsoft.Network/virtualHubs/${var.vwan-hub-name}/routingIntent/hubRoutingIntent?api-version=2022-01-01"
+
+}
+
+//********************** Marketplace Terms & Solution Registration **************************//
+data "http" "accept-marketplace-terms-existing-agreement" {
+ method = "GET"
+ url = "https://management.azure.com/subscriptions/${var.subscription_id}/providers/Microsoft.MarketplaceOrdering/agreements/checkpoint/offers/cp-vwan-managed-app/plans/vwan-app?api-version=2021-01-01"
+ request_headers = {
+ Accept = "application/json"
+ "Authorization" = "Bearer ${local.access_token}"
+ }
+}
+
+resource "azurerm_marketplace_agreement" "accept-marketplace-terms" {
+ count = can(jsondecode(data.http.accept-marketplace-terms-existing-agreement.response_body).id) ? (jsondecode(data.http.accept-marketplace-terms-existing-agreement.response_body).properties.state == "Active" ? 0 : 1) : 1
+ publisher = "checkpoint"
+ offer = "cp-vwan-managed-app"
+ plan = "vwan-app"
+}
+
+
+data "http" "azurerm_resource_provider_registration-exist" {
+ method = "GET"
+ url = "https://management.azure.com/subscriptions/${var.subscription_id}/providers/Microsoft.Solutions?api-version=2021-01-01"
+ request_headers = {
+ Accept = "application/json"
+ "Authorization" = "Bearer ${local.access_token}"
+ }
+}
+
+resource "azurerm_resource_provider_registration" "solutions" {
+ count = jsondecode(data.http.azurerm_resource_provider_registration-exist.response_body).registrationState == "Registered" ? 0 : 1
+ name = "Microsoft.Solutions"
+}
+
+//********************** Managed Application Configuration **************************//
+resource "azurerm_managed_application" "nva" {
+ depends_on = [azurerm_marketplace_agreement.accept-marketplace-terms, azurerm_resource_provider_registration.solutions]
+ name = var.managed-app-name
+ location = azurerm_resource_group.managed-app-rg.location
+ resource_group_name = azurerm_resource_group.managed-app-rg.name
+ kind = "MarketPlace"
+ managed_resource_group_name = var.nva-rg-name
+
+ plan {
+ name = "vwan-app"
+ product = "cp-vwan-managed-app"
+ publisher = "checkpoint"
+ version = "1.0.14"
+ }
+ parameter_values = jsonencode({
+ location = {
+ value = azurerm_resource_group.managed-app-rg.location
+ },
+ hubId = {
+ value = azurerm_virtual_hub.vwan-hub.id
+ },
+ osVersion = {
+ value = var.os-version
+ },
+ LicenseType = {
+ value = var.license-type
+ },
+ imageVersion = {
+ value = element(local.image_versions, length(local.image_versions) -1)
+ },
+ scaleUnit = {
+ value = var.scale-unit
+ },
+ bootstrapScript = {
+ value = var.bootstrap-script
+ },
+ adminShell = {
+ value = var.admin-shell
+ },
+ sicKey = {
+ value = var.sic-key
+ },
+ sshPublicKey = {
+ value = var.ssh-public-key
+ },
+ BGP = {
+ value = var.bgp-asn
+ },
+ NVA = {
+ value = var.nva-name
+ },
+ customMetrics = {
+ value = var.custom-metrics
+ },
+ hubASN = {
+ value = azurerm_virtual_hub.vwan-hub.virtual_router_asn
+ },
+ hubPeers = {
+ value = azurerm_virtual_hub.vwan-hub.virtual_router_ips
+ },
+ smart1CloudTokenA = {
+ value = var.smart1-cloud-token-a
+ },
+ smart1CloudTokenB = {
+ value = var.smart1-cloud-token-b
+ },
+ smart1CloudTokenC = {
+ value = var.smart1-cloud-token-c
+ },
+ smart1CloudTokenD = {
+ value = var.smart1-cloud-token-d
+ },
+ smart1CloudTokenE = {
+ value = var.smart1-cloud-token-e
+ },
+ publicIPIngress = {
+ value = (var.new-public-ip == "yes" || length(var.existing-public-ip) > 0) ? "yes" : "no"
+ },
+ createNewIPIngress = {
+ value = var.new-public-ip
+ }
+ ipIngressExistingResourceId = {
+ value = var.existing-public-ip
+ }
+ })
+}
+
+//********************** Routing Intent **************************//
+data "external" "update-routing-intent" {
+ count = length(local.routing-intent-policies) != 0 ? 1 : 0
+ depends_on = [azurerm_managed_application.nva]
+ program = ["python", "../modules/add-routing-intent.py", "${local.req_url}", "${local.req_body}", "${local.access_token}"]
+}
+
+output "api_request_result" {
+ value = length(local.routing-intent-policies) != 0 ? data.external.update-routing-intent[0].result : {routing-intent: "not changed"}
+}
diff --git a/deprecated/terraform/azure/R8040-R81/nva-into-new-vwan/terraform.tfvars b/deprecated/terraform/azure/R8040-R81/nva-into-new-vwan/terraform.tfvars
new file mode 100644
index 00000000..8473e72c
--- /dev/null
+++ b/deprecated/terraform/azure/R8040-R81/nva-into-new-vwan/terraform.tfvars
@@ -0,0 +1,32 @@
+#PLEASE refer to the README.md for accepted values for the variables below
+authentication_method = "PLEASE ENTER AUTHENTICATION METHOD" # "Service Principal"
+client_secret = "PLEASE ENTER CLIENT SECRET" # "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"
+client_id = "PLEASE ENTER CLIENT ID" # "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"
+tenant_id = "PLEASE ENTER TENANT ID" # "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"
+subscription_id = "PLEASE ENTER SUBSCRIPTION ID" # "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"
+resource-group-name = "PLEASE ENTER RESOURCE GROUP NAME" # "tf-managed-app-resource-group"
+location = "PLEASE ENTER LOCATION" # "westcentralus"
+vwan-name = "PLEASE ENTER VIRTUAL WAN NAME" # "tf-cp-vwan"
+vwan-hub-name = "PLEASE ENTER VWAN HUB NAME" # "tf-cp-vwan-hub"
+vwan-hub-address-prefix = "PLEASE ENTER VWAN HUB ADDRESS PREFIX" # "10.0.0.0/16"
+managed-app-name = "PLEASE ENTER MANAGED APPLICATION NAME" # "tf-vwan-managed-app-nva"
+nva-rg-name = "PLEASE ENTER NVA RESOURCE GROUP NAME" # "tf-vwan-nva-rg"
+nva-name = "PLEASE ENTER NVA NAME" # "tf-vwan-nva"
+os-version = "PLEASE ENTER GAIA OS VERSION" # "R8120"
+license-type = "PLEASE ENTER LICENSE TYPE" # "Security Enforcement (NGTP)"
+scale-unit = "PLEASE ENTER SCALE UNIT" # "2"
+bootstrap-script = "PLEASE ENTER CUSTOM SCRIPT OR LEAVE EMPTY DOUBLE QUOTES" # "touch /home/admin/bootstrap.txt; echo 'hello_world' > /home/admin/bootstrap.txt"
+admin-shell = "PLEASE ENTER ADMIN SHELL" # "/etc/cli.sh"
+sic-key = "PLEASE ENTER SIC KEY" # "xxxxxxxxxx"
+ssh-public-key = "PLEASE ENTER SSH PUBLIC KEY" # "ssh-rsa xxxxxxxxxxxxxxxxxxxxxxxx imported-openssh-key"
+bgp-asn = "PLEASE ENTER BGP AUTONOMOUS SYSTEM NUMBER" # "64512"
+custom-metrics = "PLEASE ENTER yes or no" # "yes"
+routing-intent-internet-traffic = "PLEASE ENTER yes or no" # "yes"
+routing-intent-private-traffic = "PLEASE ENTER yes or no" # "yes"
+smart1-cloud-token-a = "PASTE TOKEN FROM SMART-1 CLOUD PORTAL FOR INSTANCE A OR LEAVE EMPTY DOUBLE QUOTES" # "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"
+smart1-cloud-token-b = "PASTE TOKEN FROM SMART-1 CLOUD PORTAL FOR INSTANCE B OR LEAVE EMPTY DOUBLE QUOTES" # "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"
+smart1-cloud-token-c = "PASTE TOKEN FROM SMART-1 CLOUD PORTAL FOR INSTANCE C OR LEAVE EMPTY DOUBLE QUOTES" # "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"
+smart1-cloud-token-d = "PASTE TOKEN FROM SMART-1 CLOUD PORTAL FOR INSTANCE D OR LEAVE EMPTY DOUBLE QUOTES" # "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"
+smart1-cloud-token-e = "PASTE TOKEN FROM SMART-1 CLOUD PORTAL FOR INSTANCE E OR LEAVE EMPTY DOUBLE QUOTES" # "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"
+existing-public-ip = "PLEASE ENTER THE RESOURCE ID OF A PUBLIC IP RESOURCE OR LEAVE EMPTY DOUBLE QUOTES" # "/subscription/123/resourceGroups/rg1/providers/Microsoft.Network/publicIPAddresses/pip1"
+new-public-ip = "PLEASE ENTER yes or no" # "no"
\ No newline at end of file
diff --git a/deprecated/terraform/azure/R8040-R81/nva-into-new-vwan/variables.tf b/deprecated/terraform/azure/R8040-R81/nva-into-new-vwan/variables.tf
new file mode 100644
index 00000000..927592c9
--- /dev/null
+++ b/deprecated/terraform/azure/R8040-R81/nva-into-new-vwan/variables.tf
@@ -0,0 +1,209 @@
+variable "authentication_method" {
+ description = "Azure authentication method"
+ type = string
+ validation {
+ condition = contains(["Azure CLI", "Service Principal"], var.authentication_method)
+ error_message = "Valid values for authentication_method are 'Azure CLI','Service Principal'"
+ }
+}
+
+variable "subscription_id" {
+ description = "Subscription ID"
+ type = string
+}
+
+variable "tenant_id" {
+ description = "Tenant ID"
+ type = string
+}
+
+variable "client_id" {
+ description = "Application ID(Client ID)"
+ type = string
+}
+
+variable "client_secret" {
+ description = "A secret string that the application uses to prove its identity when requesting a token. Also can be referred to as application password."
+ type = string
+}
+
+variable "resource-group-name" {
+ type = string
+ default = "managed-app-resource-group"
+}
+
+variable "location" {
+ type = string
+ default = "westcentralus"
+}
+
+variable "vwan-name" {
+ type = string
+ default = "tf-vwan"
+}
+
+variable "vwan-hub-name" {
+ type = string
+ default = "tf-vwan-hub"
+}
+
+variable "vwan-hub-address-prefix" {
+ type = string
+ default = "10.0.0.0/16"
+ validation {
+ condition = can(cidrhost(var.vwan-hub-address-prefix, 0))
+ error_message = "Please provide a valid CIDR specification for the VWAN address space"
+ }
+}
+
+variable "managed-app-name" {
+ type = string
+ default = "tf-vwan-managed-app"
+}
+
+variable "nva-rg-name" {
+ type = string
+ default = "tf-vwan-nva-rg"
+}
+
+variable "nva-name" {
+ type = string
+ default = "tf-vwan-nva"
+}
+
+variable "os-version" {
+ description = "GAIA OS version"
+ type = string
+ default = "R8120"
+ validation {
+ condition = contains(["R8110", "R8120"], var.os-version)
+ error_message = "Allowed values for os-version are 'R8110', 'R8120'"
+ }
+}
+
+variable "license-type" {
+ type = string
+ default = "Security Enforcement (NGTP)"
+ validation {
+ condition = contains(["Security Enforcement (NGTP)", "Full Package (NGTX + S1C)", "Full Package Premium (NGTX + S1C++)"], var.license-type)
+ error_message = "Allowed values for License Type are 'Security Enforcement (NGTP)', 'Full Package (NGTX + S1C)', 'Full Package Premium (NGTX + S1C++)'"
+ }
+}
+
+variable "scale-unit" {
+ type = string
+ default = "2"
+ validation {
+ condition = contains(["2", "4", "10", "20", "30", "60", "80"], var.scale-unit)
+ error_message = "Valid values for CloudGuard version are '2', '4', '10', '20', '30', '60', '80'"
+ }
+}
+
+variable "bootstrap-script" {
+ type = string
+ default = ""
+}
+
+variable "admin-shell" {
+ type = string
+ default = "/etc/cli.sh"
+ validation {
+ condition = contains(["/etc/cli.sh", "/bin/bash", "/bin/tcsh", "/bin/csh"], var.admin-shell)
+ error_message = "Valid shells are '/etc/cli.sh', '/bin/bash', '/bin/tcsh', '/bin/csh'"
+ }
+}
+
+variable "sic-key" {
+ type = string
+ default = ""
+ sensitive = true
+ validation {
+ condition = can(regex("^[a-z0-9A-Z]{12,30}$", var.sic-key))
+ error_message = "Only alphanumeric characters are allowed, and the value must be 12-30 characters long."
+ }
+}
+
+variable "ssh-public-key" {
+ type = string
+ default = ""
+}
+
+variable "bgp-asn" {
+ type = string
+ default = "64512"
+ validation {
+ condition = tonumber(var.bgp-asn) >= 64512 && tonumber(var.bgp-asn) <= 65534 && !contains([65515, 65520], tonumber(var.bgp-asn))
+ error_message = "Only numbers between 64512 to 65534 are allowed excluding 65515, 65520."
+ }
+}
+
+variable "custom-metrics" {
+ type = string
+ default = "yes"
+ validation {
+ condition = contains(["yes", "no"], var.custom-metrics)
+ error_message = "Valid options are string('yes' or 'no')"
+ }
+}
+
+variable "routing-intent-internet-traffic" {
+ default = "yes"
+ validation {
+ condition = contains(["yes", "no"], var.routing-intent-internet-traffic)
+ error_message = "Valid options are string('yes' or 'no')"
+ }
+}
+
+variable "routing-intent-private-traffic" {
+ default = "yes"
+ validation {
+ condition = contains(["yes", "no"], var.routing-intent-private-traffic)
+ error_message = "Valid options are string('yes' or 'no')"
+ }
+}
+
+variable "smart1-cloud-token-a" {
+ type = string
+ default = ""
+}
+
+variable "smart1-cloud-token-b" {
+ type = string
+ default = ""
+}
+
+variable "smart1-cloud-token-c" {
+ type = string
+ default = ""
+}
+
+variable "smart1-cloud-token-d" {
+ type = string
+ default = ""
+}
+
+variable "smart1-cloud-token-e" {
+ type = string
+ default = ""
+}
+
+variable "existing-public-ip" {
+ type = string
+ default = ""
+}
+
+variable "new-public-ip" {
+ type = string
+ default = "no"
+ validation {
+ condition = contains(["yes", "no"], var.new-public-ip)
+ error_message = "Valid options are string('yes' or 'no')"
+ }
+}
+
+locals{
+ # Validate that new-public-ip is false when existing-public-ip is used
+ is_both_params_used = length(var.existing-public-ip) > 0 && var.new-public-ip == "yes"
+ validation_message_both = "Only one parameter of existing-public-ip or new-public-ip can be used"
+ _ = regex("^$", (!local.is_both_params_used ? "" : local.validation_message_both))
+}
\ No newline at end of file
diff --git a/deprecated/terraform/azure/R8040-R81/nva-into-new-vwan/versions.tf b/deprecated/terraform/azure/R8040-R81/nva-into-new-vwan/versions.tf
new file mode 100644
index 00000000..40d04f16
--- /dev/null
+++ b/deprecated/terraform/azure/R8040-R81/nva-into-new-vwan/versions.tf
@@ -0,0 +1,17 @@
+terraform {
+ required_version = ">= 1.5.0"
+ required_providers {
+ azurerm = {
+ source = "hashicorp/azurerm"
+ version = " 3.79.0"
+ }
+ }
+}
+
+provider "azurerm" {
+ subscription_id = var.subscription_id
+ client_id = var.client_id
+ client_secret = var.client_secret
+ tenant_id = var.tenant_id
+ features {}
+}
\ No newline at end of file
diff --git a/deprecated/terraform/azure/R8040-R81/single-gateway-existing-vnet/README.md b/deprecated/terraform/azure/R8040-R81/single-gateway-existing-vnet/README.md
new file mode 100644
index 00000000..73fa074d
--- /dev/null
+++ b/deprecated/terraform/azure/R8040-R81/single-gateway-existing-vnet/README.md
@@ -0,0 +1,200 @@
+# Check Point CloudGuard Network Security Single Gateway Terraform deployment for Azure
+
+This Terraform module deploys Check Point CloudGuard Network Security Single Gateway solution into an existing Vnet in Azure.
+As part of the deployment the following resources are created:
+- Resource group
+- System assigned identity
+
+
+This solution uses the following modules:
+- /terraform/azure/modules/common - used for creating a resource group and defining common variables.
+
+
+## Configurations
+- Install and configure Terraform to provision Azure resources: [Configure Terraform for Azure](https://docs.microsoft.com/en-us/azure/virtual-machines/linux/terraform-install-configure)
+- In order to use ssh connection to VMs, it is **required** to add a public key to the /terraform/azure/single-gateway-existing-vnet/azure_public_key file.
+
+## Usage
+- Choose the preferred login method to Azure in order to deploy the solution:
+
1. Using Service Principal:
+ - Create a [Service Principal](https://docs.microsoft.com/en-us/azure/active-directory/develop/howto-create-service-principal-portal) (or use the existing one)
+ - Grant the Service Principal at least "**Managed Application Contributor**", "**Storage Account Contributor**", "**Network Contributor**", "**Virtual Machine Contributor**" permissions to the Azure subscription
+ - The Service Principal credentials can be stored either in the terraform.tfvars or as [Environment Variables](https://www.terraform.io/docs/providers/azuread/guides/service_principal_client_secret.html)
+
+ In case the Environment Variables are used, perform modifications described below:
+
+ a. The next lines in the main.tf file, in the provider azurerm resource, need to be deleted or commented:
+
+ provider "azurerm" {
+
+ // subscription_id = var.subscription_id
+ // client_id = var.client_id
+ // client_secret = var.client_secret
+ // tenant_id = var.tenant_id
+
+ features {}
+ }
+
+ b. In the terraform.tfvars file leave empty double quotes for client_secret, client_id , tenant_id and subscription_id variables:
+
+ client_secret = ""
+ client_id = ""
+ tenant_id = ""
+ subscription_id = ""
+
+
2. Using **az** commands from a command-line:
+ - Run **az login** command
+ - Sign in with your account credentials in the browser
+ - [Accept Azure Marketplace image terms](https://docs.microsoft.com/en-us/cli/azure/vm/image/terms?view=azure-cli-latest) by running:
+
**az vm image terms accept --urn publisher:offer:sku:version**, where:
+ - publisher = checkpoint;
+ - offer = vm_os_offer (see accepted values in the table below);
+ - sku = vm_os_sku (see accepted values in the table below);
+ - version = latest
+
Example:
+ az vm image terms accept --urn checkpoint:check-point-cg-r8040:sg-byol:latest
+
+ - In the terraform.tfvars file leave empty double quotes for client_secret, client_id and tenant_id variables.
+
+- Fill all variables in the /terraform/azure/single-gateway-existing-vnet/terraform.tfvars file with proper values (see below for variables descriptions).
+- From a command line initialize the Terraform configuration directory:
+
+ terraform init
+- Create an execution plan:
+
+ terraform plan
+- Create or modify the deployment:
+
+ terraform apply
+
+### terraform.tfvars variables:
+ | Name | Description | Type | Allowed values | Default |
+ |---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| ------------- | ------------- |---------| ------------- |
+ | **client_secret** | The client secret value of the Service Principal used to deploy the solution | string | | n/a
+ | | | | | |
+ | **client_id** | The client ID of the Service Principal used to deploy the solution | string | | n/a
+ | | | | | |
+ | **tenant_id** | The tenant ID of the Service Principal used to deploy the solution | string | | n/a
+ | | | | | |
+ | **subscription_id** | The subscription ID is used to pay for Azure cloud services | string | | n/a
+ | | | | | |
+ | **source_image_vhd_uri** | The URI of the blob containing the development image. Please use noCustomUri if you want to use marketplace images | string | | "noCustomUri"
+ | | | | | |
+ | **resource_group_name** | The name of the resource group that will contain the contents of the deployment | string | Resource group names only allow alphanumeric characters, periods, underscores, hyphens and parenthesis and cannot end in a period | n/a
+ | | | | | |
+ | **single_gateway_name** | The name of the Check Point single GW Object | string | Only alphanumeric characters are allowed, and the name must be 1-30 characters long | n/a
+ | | | | | |
+ | **location** | The region where the resources will be deployed at | string | The full list of Azure regions can be found at https://azure.microsoft.com/regions | n/a
+ | | | | | |
+ | **vnet_name** | The name of virtual network that will be created | string | The name must begin with a letter or number, end with a letter, number or underscore, and may contain only letters, numbers, underscores, periods, or hyphens | n/a
+ | | | | | |
+ | **vnet_resource_group** | Resource Group of the existing virtual network | string | The exact name of the existing vnet's resource group | n/a
+ | | | | | |
+ | **frontend_subnet_name** | Specifies the name of the external subnet | string | The exact name of the existing external subnet | n/a
+ | | | | | |
+ | **backend_subnet_name** | Specifies the name of the internal subnet | string | The exact name of the existing internal subnet | n/a
+ | | | | | |
+ | **subnet_frontend_1st_Address** | First available address in frontend subnet | string | | n/a
+ | | | | | |
+ | **subnet_backend_1st_Address** | First available address in backend subnet | string | | n/a
+ | | | | | |
+ | **management_GUI_client_network** | Allowed GUI clients - GUI clients network CIDR | string | | n/a
+ | | | | | |
+ | **admin_password** | The password associated with the local administrator account on the gateway | string | Password must have 3 of the following: 1 lower case character, 1 upper case character, 1 number, and 1 special character | n/a
+ | | | | | |
+ | **smart_1_cloud_token** | Smart-1 Cloud token to connect automatically ***Gateway*** to Check Point's Security Management as a Service.
Follow these instructions to quickly connect this member to Smart-1 Cloud - [SK180501](https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk180501) | string | A valid token copied from the Connect Gateway screen in Smart-1 Cloud portal | n/a |
+ | | | | | |
+ | **sic_key** | The Secure Internal Communication one time secret used to set up trust between the gateway object and the management server | string | Only alphanumeric characters are allowed, and the value must be 12-30 characters long | n/a
+ | | | | | |
+ | **vm_size** | Specifies the size of Virtual Machine | string | "Standard_DS2_v2", "Standard_DS3_v2", "Standard_DS4_v2", "Standard_DS5_v2", "Standard_F2s", "Standard_F4s", "Standard_F8s", "Standard_F16s", "Standard_D4s_v3", "Standard_D8s_v3", "Standard_D16s_v3", "Standard_D32s_v3", "Standard_D64s_v3", "Standard_E4s_v3", "Standard_E8s_v3", "Standard_E16s_v3", "Standard_E20s_v3", "Standard_E32s_v3", "Standard_E64s_v3", "Standard_E64is_v3", "Standard_F4s_v2", "Standard_F8s_v2", "Standard_F16s_v2", "Standard_F32s_v2", "Standard_F64s_v2", "Standard_M8ms", "Standard_M16ms", "Standard_M32ms", "Standard_M64ms", "Standard_M64s", "Standard_D2_v2", "Standard_D3_v2", "Standard_D4_v2", "Standard_D5_v2", "Standard_D11_v2", "Standard_D12_v2", "Standard_D13_v2", "Standard_D14_v2", "Standard_D15_v2", "Standard_F2", "Standard_F4", "Standard_F8", "Standard_F16", "Standard_D4_v3", "Standard_D8_v3", "Standard_D16_v3", "Standard_D32_v3", "Standard_D64_v3", "Standard_E4_v3", "Standard_E8_v3", "Standard_E16_v3", "Standard_E20_v3", "Standard_E32_v3", "Standard_E64_v3", "Standard_E64i_v3", "Standard_DS11_v2", "Standard_DS12_v2", "Standard_DS13_v2", "Standard_DS14_v2", "Standard_DS15_v2", "Standard_D2_v5", "Standard_D4_v5", "Standard_D8_v5", "Standard_D16_v5","Standard_D32_v5", "Standard_D2s_v5", "Standard_D4s_v5", "Standard_D8s_v5", "Standard_D16s_v5", "Standard_D2d_v5", "Standard_D4d_v5", "Standard_D8d_v5", "Standard_D16d_v5", "Standard_D32d_v5", "Standard_D2ds_v5", "Standard_D4ds_v5", "Standard_D8ds_v5", "Standard_D16ds_v5", "Standard_D32ds_v5" | n/a
+ | | | | | |
+ | **disk_size** | Storage data disk size size(GB) | string | A number in the range 100 - 3995 (GB) | n/a
+ | | | | | |
+ | **vm_os_sku** | A sku of the image to be deployed | string | "sg-byol" - BYOL license;
"sg-ngtp" - NGTP PAYG license;
"sg-ngtx" - NGTX PAYG license | n/a
+ | | | | | |
+ | **vm_os_offer** | The name of the image offer to be deployed | string | "check-point-cg-r8040";
"check-point-cg-r81";
"check-point-cg-r8110";
"check-point-cg-r8120"; | n/a
+ | | | | | |
+ | **os_version** | GAIA OS version | string | "R8040";
"R81";
"R8110";
"R8120"; | n/a
+ | | | | | |
+ | **bootstrap_script** | An optional script to run on the initial boot | string | Bootstrap script example:
"touch /home/admin/bootstrap.txt; echo 'hello_world' > /home/admin/bootstrap.txt"
The script will create bootstrap.txt file in the /home/admin/ and add 'hello word' string into it | ""
+ | | | | | |
+ | **allow_upload_download** | Automatically download Blade Contracts and other important data. Improve product experience by sending data to Check Point | boolean | true;
false; | n/a
+ | | | | | |
+ | **authentication_type** | Specifies whether a password authentication or SSH Public Key authentication should be used | string | "Password";
"SSH Public Key"; | n/a
+ | | | | | |
+ | **enable_custom_metrics** | Indicates whether CloudGuard Metrics will be use for gateways monitoring | boolean | true;
false; | true
+ | | | | | |
+ | **admin_shell** | Enables to select different admin shells | string | /etc/cli.sh;
/bin/bash;
/bin/csh;
/bin/tcsh; | "/etc/cli.sh"
+ | | | | | |
+ | **installation_type** | Enables to select installation type- gateway/standalone | string | gateway;
standalone; | n/a
+ | | | | | |
+ | **serial_console_password_hash** | Optional parameter, used to enable serial console connection in case of SSH key as authentication type, to generate password hash use the command 'openssl passwd -6 PASSWORD' on Linux and paste it here | string | | n/a
+ | | | | | |
+ | **maintenance_mode_password_hash** | Maintenance mode password hash, relevant only for R81.20 and higher versions, to generate a password hash use the command 'grub2-mkpasswd-pbkdf2' on Linux and paste it here | string | | n/a
+ | | | | | |
+ | **nsg_id** | Optional ID for a Network Security Group that already exists in Azure, if not provided, will create a default NSG | string | Existing NSG resource ID | ""
+ | | | | | |
+ | **add_storage_account_ip_rules** | Add Storage Account IP rules that allow access to the Serial Console only for IPs based on their geographic location, if false then accses will be allowed from all networks | boolean | true;
false; | false
+ | | | | | |
+ | **storage_account_additional_ips** | IPs/CIDRs that are allowed access to the Storage Account | list(string) | A list of valid IPs and CIDRs | []
+
+## Conditional creation
+- To enable CloudGuard metrics in order to send statuses and statistics collected from the gateway instance to the Azure Monitor service:
+ ```
+ enable_custom_metrics = true
+ ```
+
+## Example
+ client_secret = "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"
+ client_id = "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"
+ tenant_id = "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"
+ subscription_id = "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"
+ source_image_vhd_uri = "noCustomUri"
+ resource_group_name = "checkpoint-single-gw-terraform"
+ single_gateway_name = "checkpoint-single-gw-terraform"
+ location = "eastus"
+ vnet_name = "checkpoint-single-gw-vnet"
+ vnet_resource_group = "existing-vnet-rg"
+ subnet_frontend_name = "frontend"
+ subnet_backend_name = "backend"
+ subnet_frontend_1st_Address = "10.0.1.4"
+ subnet_backend_1st_Address = "10.12.1.5"
+ management_GUI_client_network = "0.0.0.0/0"
+ admin_password = "xxxxxxxxxxxx"
+ smart_1_cloud_token = "xxxxxxxxxxxx"
+ sic_key = "xxxxxxxxxxxx"
+ vm_size = "Standard_D3_v2"
+ disk_size = "110"
+ vm_os_sku = "sg-byol"
+ vm_os_offer = "check-point-cg-r8110"
+ os_version = "R8110"
+ bootstrap_script = "touch /home/admin/bootstrap.txt; echo 'hello_world' > /home/admin/bootstrap.txt"
+ allow_upload_download = true
+ authentication_type = "Password"
+ enable_custom_metrics = true
+ admin_shell = "/etc/cli.sh"
+ installation_type = "gateway"
+ serial_console_password_hash = "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"
+ maintenance_mode_password_hash = "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"
+ nsg_id = ""
+ add_storage_account_ip_rules = false
+ storage_account_additional_ips = []
+
+## Revision History
+In order to check the template version refer to the [sk116585](https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk116585)
+
+| Template Version | Description |
+|------------------|---------------------------------------------------------------------------------------------------|
+| 20240613 | - Updated Azure Terraform provider version
- Cosmetic fixes & default values
- Added option to limit storage account access by specify allowed sourcess
- Added accelerated networking to SGW Terraform templates
- Updated Public IP sku to Standard
- Added validation for os_version & os_offer |
+| | | |
+| 20230910 | - R81.20 is the default version |
+| | | |
+| 20230629 | First release of Check Point CloudGuard Network Security Single GW Terraform deployment for Azure |
+| | | |
+
+
+
+## License
+
+See the [LICENSE](../../LICENSE) file for details
+
diff --git a/deprecated/terraform/azure/R8040-R81/single-gateway-existing-vnet/azure_public_key b/deprecated/terraform/azure/R8040-R81/single-gateway-existing-vnet/azure_public_key
new file mode 100644
index 00000000..e69de29b
diff --git a/deprecated/terraform/azure/R8040-R81/single-gateway-existing-vnet/cloud-init.sh b/deprecated/terraform/azure/R8040-R81/single-gateway-existing-vnet/cloud-init.sh
new file mode 100644
index 00000000..71bf3916
--- /dev/null
+++ b/deprecated/terraform/azure/R8040-R81/single-gateway-existing-vnet/cloud-init.sh
@@ -0,0 +1,18 @@
+#!/usr/bin/python3 /etc/cloud_config.py
+
+installationType="${installation_type}"
+allowUploadDownload="${allow_upload_download}"
+osVersion="${os_version}"
+templateName="${template_name}"
+templateVersion="${template_version}"
+templateType="${template_type}"
+isBlink="${is_blink}"
+bootstrapScript64="${bootstrap_script64}"
+location="${location}"
+adminShell="${admin_shell}"
+sicKey="${sic_key}"
+managementGUIClientNetwork="${management_GUI_client_network}"
+smart1CloudToken="${smart_1_cloud_token}"
+customMetrics="${enable_custom_metrics}"
+passwordHash="${serial_console_password_hash}"
+MaintenanceModePassword="${maintenance_mode_password_hash}"
\ No newline at end of file
diff --git a/deprecated/terraform/azure/R8040-R81/single-gateway-existing-vnet/main.tf b/deprecated/terraform/azure/R8040-R81/single-gateway-existing-vnet/main.tf
new file mode 100644
index 00000000..5a61f135
--- /dev/null
+++ b/deprecated/terraform/azure/R8040-R81/single-gateway-existing-vnet/main.tf
@@ -0,0 +1,257 @@
+//********************** Providers **************************//
+provider "azurerm" {
+ subscription_id = var.subscription_id
+ client_id = var.client_id
+ client_secret = var.client_secret
+ tenant_id = var.tenant_id
+
+ features {}
+}
+
+//********************** Basic Configuration **************************//
+module "common" {
+ source = "../modules/common"
+ resource_group_name = var.resource_group_name
+ location = var.location
+ admin_password = var.admin_password
+ installation_type = var.installation_type
+ template_name = var.template_name
+ template_version = var.template_version
+ number_of_vm_instances = 1
+ allow_upload_download = var.allow_upload_download
+ vm_size = var.vm_size
+ disk_size = var.disk_size
+ is_blink = var.is_blink
+ os_version = var.os_version
+ vm_os_sku = var.vm_os_sku
+ vm_os_offer = var.vm_os_offer
+ authentication_type = var.authentication_type
+ serial_console_password_hash = var.serial_console_password_hash
+ maintenance_mode_password_hash = var.maintenance_mode_password_hash
+ storage_account_additional_ips = var.storage_account_additional_ips
+}
+
+//********************** Networking **************************//
+data "azurerm_subnet" "frontend_subnet" {
+ name = var.subnet_frontend_name
+ virtual_network_name = var.vnet_name
+ resource_group_name = var.vnet_resource_group
+}
+
+data "azurerm_subnet" "backend_subnet" {
+ name = var.subnet_backend_name
+ virtual_network_name = var.vnet_name
+ resource_group_name = var.vnet_resource_group
+}
+
+resource "azurerm_public_ip" "public-ip" {
+ name = var.single_gateway_name
+ location = module.common.resource_group_location
+ resource_group_name = module.common.resource_group_name
+ allocation_method = var.vnet_allocation_method
+ sku = var.sku
+ idle_timeout_in_minutes = 30
+ domain_name_label = join("", [
+ lower(var.single_gateway_name),
+ "-",
+ random_id.randomId.hex])
+}
+
+module "network-security-group" {
+ source = "../modules/network-security-group"
+ count = var.nsg_id == "" ? 1 : 0
+ resource_group_name = module.common.resource_group_name
+ security_group_name = "${module.common.resource_group_name}-nsg"
+ location = module.common.resource_group_location
+ security_rules = [
+ {
+ name = "AllowAllInBound"
+ priority = "100"
+ direction = "Inbound"
+ access = "Allow"
+ protocol = "*"
+ source_port_ranges = "*"
+ destination_port_ranges = "*"
+ description = "Allow all inbound connections"
+ source_address_prefix = "*"
+ destination_address_prefix = "*"
+ }
+ ]
+}
+
+resource "azurerm_network_interface_security_group_association" "security_group_association" {
+ depends_on = [azurerm_network_interface.nic]
+ network_interface_id = azurerm_network_interface.nic.id
+ network_security_group_id = var.nsg_id == "" ? module.network-security-group[0].network_security_group_id: var.nsg_id
+}
+
+resource "azurerm_network_interface" "nic" {
+ depends_on = [
+ azurerm_public_ip.public-ip]
+ name = "${var.single_gateway_name}-eth0"
+ location = module.common.resource_group_location
+ resource_group_name = module.common.resource_group_name
+ enable_ip_forwarding = true
+ enable_accelerated_networking = true
+
+
+ ip_configuration {
+ name = "ipconfig1"
+ subnet_id = data.azurerm_subnet.frontend_subnet.id
+ private_ip_address_allocation = var.vnet_allocation_method
+ private_ip_address = var.subnet_frontend_1st_Address
+ public_ip_address_id = azurerm_public_ip.public-ip.id
+ }
+}
+
+resource "azurerm_network_interface" "nic1" {
+ depends_on = []
+ name = "${var.single_gateway_name}-eth1"
+ location = module.common.resource_group_location
+ resource_group_name = module.common.resource_group_name
+ enable_ip_forwarding = true
+ enable_accelerated_networking = true
+
+
+ ip_configuration {
+ name = "ipconfig2"
+ subnet_id = data.azurerm_subnet.backend_subnet.id
+ private_ip_address_allocation = var.vnet_allocation_method
+ private_ip_address = var.subnet_backend_1st_Address
+ }
+}
+
+//********************** Storage accounts **************************//
+// Generate random text for a unique storage account name
+resource "random_id" "randomId" {
+ keepers = {
+ # Generate a new ID only when a new resource group is defined
+ resource_group = module.common.resource_group_name
+ }
+ byte_length = 8
+}
+resource "azurerm_storage_account" "vm-boot-diagnostics-storage" {
+ name = "bootdiag${random_id.randomId.hex}"
+ resource_group_name = module.common.resource_group_name
+ location = module.common.resource_group_location
+ account_tier = module.common.storage_account_tier
+ account_replication_type = module.common.account_replication_type
+ account_kind = "Storage"
+ network_rules {
+ default_action = var.add_storage_account_ip_rules ? "Deny" : "Allow"
+ ip_rules = module.common.storage_account_ip_rules
+ }
+ blob_properties {
+ delete_retention_policy {
+ days = "15"
+ }
+ }
+
+}
+
+//********************** Virtual Machines **************************//
+locals {
+ SSH_authentication_type_condition = var.authentication_type == "SSH Public Key" ? true : false
+ custom_image_condition = var.source_image_vhd_uri == "noCustomUri" ? false : true
+}
+
+resource "azurerm_image" "custom-image" {
+ count = local.custom_image_condition ? 1 : 0
+ name = "custom-image"
+ location = var.location
+ resource_group_name = module.common.resource_group_name
+
+ os_disk {
+ os_type = "Linux"
+ os_state = "Generalized"
+ blob_uri = var.source_image_vhd_uri
+ }
+}
+
+resource "azurerm_virtual_machine" "single-gateway-vm-instance" {
+ depends_on = [
+ azurerm_network_interface.nic,
+ azurerm_network_interface.nic1]
+ location = module.common.resource_group_location
+ name = var.single_gateway_name
+ network_interface_ids = [
+ azurerm_network_interface.nic.id,
+ azurerm_network_interface.nic1.id]
+ resource_group_name = module.common.resource_group_name
+ vm_size = module.common.vm_size
+ delete_os_disk_on_termination = module.common.delete_os_disk_on_termination
+ primary_network_interface_id = azurerm_network_interface.nic.id
+
+ identity {
+ type = module.common.vm_instance_identity
+ }
+
+ dynamic "plan" {
+ for_each = local.custom_image_condition ? [
+ ] : [1]
+ content {
+ name = module.common.vm_os_sku
+ publisher = module.common.publisher
+ product = module.common.vm_os_offer
+ }
+ }
+
+ boot_diagnostics {
+ enabled = module.common.boot_diagnostics
+ storage_uri = module.common.boot_diagnostics ? join(",", azurerm_storage_account.vm-boot-diagnostics-storage.*.primary_blob_endpoint) : ""
+ }
+
+ os_profile {
+ computer_name = var.single_gateway_name
+ admin_username = module.common.admin_username
+ admin_password = module.common.admin_password
+ custom_data = templatefile("${path.module}/cloud-init.sh", {
+ installation_type = module.common.installation_type
+ allow_upload_download = module.common.allow_upload_download
+ os_version = module.common.os_version
+ template_name = module.common.template_name
+ template_version = module.common.template_version
+ template_type = "terraform"
+ is_blink = module.common.is_blink
+ bootstrap_script64 = base64encode(var.bootstrap_script)
+ location = module.common.resource_group_location
+ admin_shell = var.admin_shell
+ sic_key = var.sic_key
+ management_GUI_client_network = var.management_GUI_client_network
+ smart_1_cloud_token = var.smart_1_cloud_token
+ enable_custom_metrics = var.enable_custom_metrics ? "yes" : "no"
+ serial_console_password_hash = var.serial_console_password_hash
+ maintenance_mode_password_hash = var.maintenance_mode_password_hash
+ })
+ }
+
+
+ os_profile_linux_config {
+ disable_password_authentication = local.SSH_authentication_type_condition
+
+ dynamic "ssh_keys" {
+ for_each = local.SSH_authentication_type_condition ? [
+ 1] : []
+ content {
+ path = "/home/notused/.ssh/authorized_keys"
+ key_data = file("${path.module}/azure_public_key")
+ }
+ }
+ }
+
+ storage_image_reference {
+ id = local.custom_image_condition ? azurerm_image.custom-image[0].id : null
+ publisher = local.custom_image_condition ? null : module.common.publisher
+ offer = module.common.vm_os_offer
+ sku = module.common.vm_os_sku
+ version = module.common.vm_os_version
+ }
+
+ storage_os_disk {
+ name = var.single_gateway_name
+ create_option = module.common.storage_os_disk_create_option
+ caching = module.common.storage_os_disk_caching
+ managed_disk_type = module.common.storage_account_type
+ disk_size_gb = module.common.disk_size
+ }
+}
diff --git a/deprecated/terraform/azure/R8040-R81/single-gateway-existing-vnet/terraform.tfvars b/deprecated/terraform/azure/R8040-R81/single-gateway-existing-vnet/terraform.tfvars
new file mode 100644
index 00000000..0a186633
--- /dev/null
+++ b/deprecated/terraform/azure/R8040-R81/single-gateway-existing-vnet/terraform.tfvars
@@ -0,0 +1,35 @@
+ #PLEASE refer to the README.md for accepted values for the variables below
+client_secret = "PLEASE ENTER CLIENT SECRET" # "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"
+client_id = "PLEASE ENTER CLIENT ID" # "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"
+tenant_id = "PLEASE ENTER TENANT ID" # "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"
+subscription_id = "PLEASE ENTER SUBSCRIPTION ID" # "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"
+source_image_vhd_uri = "PLEASE ENTER SOURCE IMAGE VHD URI OR noCustomUri" # "noCustomUri"
+resource_group_name = "PLEASE ENTER RESOURCE GROUP NAME" # "checkpoint-single-terraform"
+single_gateway_name = "PLEASE ENTER GW NAME" # "checkpoint-single-terraform"
+location = "PLEASE ENTER LOCATION" # "eastus"
+vnet_name = "PLEASE ENTER VIRTUAL NETWORK NAME" # "checkpoint-single-vnet"
+vnet_resource_group = "PLEASE ENTER VIRTUAL NETWORK RG NAME" # "existing-vnet-rg"
+subnet_frontend_name = "PLEASE ENTER VIRTUAL NETWORK FRONTEND SUBNET NAME" # "frontend"
+subnet_backend_name = "PLEASE ENTER VIRTUAL NETWORK BACKEND SUBNET NAME" # "backend"
+subnet_frontend_1st_Address = "PLEASE ENTER VIRTUAL NETWORK FRONTEND SUBNET FIRST ADDRESS" # "10.0.1.4"
+subnet_backend_1st_Address = "PLEASE ENTER VIRTUAL NETWORK BACKEND SUBNET FIRST ADDRESS" # "10.0.2.5"
+management_GUI_client_network = "PLEASE ENTER A MANAGEMENT GUI CLIENT NETWORK" # "0.0.0.0/0"
+admin_password = "PLEASE ENTER ADMIN PASSWORD" # "xxxxxxxxxxxx"
+smart_1_cloud_token = "PASTE TOKEN FROM SMART-1 CLOUD PORTAL" # ""
+sic_key = "PLEASE ENTER SIC KEY" # "xxxxxxxxxxxx"
+vm_size = "PLEASE ENTER VM SIZE" # "Standard_D3_v2"
+disk_size = "PLEASE ENTER DISK SIZE" # "110"
+vm_os_sku = "PLEASE ENTER VM SKU" # "sg-byol"
+vm_os_offer = "PLEASE ENTER VM OFFER" # "check-point-cg-r8110"
+os_version = "PLEASE ENTER GAIA OS VERSION" # "R8110"
+bootstrap_script = "PLEASE ENTER CUSTOM SCRIPT OR LEAVE EMPTY DOUBLE QUOTES" # "touch /home/admin/bootstrap.txt; echo 'hello_world' > /home/admin/bootstrap.txt"
+allow_upload_download = "PLEASE ENTER true or false" # true
+authentication_type = "PLEASE ENTER AUTHENTICATION TYPE" # "Password"
+enable_custom_metrics = "PLEASE ENTER true or false" # true
+admin_shell = "PLEASE ENTER ADMIN SHELL" # "/etc/cli.sh"
+installation_type = "PLEASE ENTER INSTALLATION TYPE" # "gateway"
+serial_console_password_hash = "PLEASE ENTER SERIAL CONSOLE PASSWORD HASH" # "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"
+maintenance_mode_password_hash = "PLEASE ENTER MAINTENANCE MODE PASSWORD HASH" # "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"
+nsg_id = "PLEASE ENTER NETWORK SECURITY GROUP ID" # ""
+add_storage_account_ip_rules = "PLEASE ENTER true or false" # false
+storage_account_additional_ips = "PLEASE ENTER A LIST OF VALID IPS/CIDRS" # []
diff --git a/deprecated/terraform/azure/R8040-R81/single-gateway-existing-vnet/variables.tf b/deprecated/terraform/azure/R8040-R81/single-gateway-existing-vnet/variables.tf
new file mode 100644
index 00000000..dd4dc15e
--- /dev/null
+++ b/deprecated/terraform/azure/R8040-R81/single-gateway-existing-vnet/variables.tf
@@ -0,0 +1,281 @@
+//********************** Basic Configuration Variables **************************//
+variable "single_gateway_name" {
+ description = "Single gateway name"
+ type = string
+}
+
+variable "resource_group_name" {
+ description = "Azure Resource Group name to build into"
+ type = string
+}
+
+variable "location" {
+ description = "The location/region where resource will be created. The full list of Azure regions can be found at https://azure.microsoft.com/regions"
+ type = string
+}
+
+
+//********************** Virtual Machine Instances Variables **************************//
+variable "source_image_vhd_uri" {
+ type = string
+ description = "The URI of the blob containing the development image. Please use noCustomUri if you want to use marketplace images."
+ default = "noCustomUri"
+}
+
+variable "admin_username" {
+ description = "Administrator username of deployed VM. Due to Azure limitations 'notused' name can be used"
+ default = "notused"
+}
+
+variable "admin_password" {
+ description = "Administrator password of deployed Virtual Machine. The password must meet the complexity requirements of Azure"
+ type = string
+}
+
+variable "serial_console_password_hash" {
+ description = "Optional parameter, used to enable serial console connection in case of SSH key as authentication type"
+ type = string
+}
+
+variable "maintenance_mode_password_hash" {
+ description = "Maintenance mode password hash, relevant only for R81.20 and higher versions"
+ type = string
+}
+
+variable "smart_1_cloud_token" {
+ description = "Smart-1 Cloud Token"
+ type = string
+}
+
+variable "authentication_type" {
+ description = "Specifies whether a password authentication or SSH Public Key authentication should be used"
+ type = string
+}
+locals { // locals for 'authentication_type' allowed values
+ authentication_type_allowed_values = [
+ "Password",
+ "SSH Public Key"
+ ]
+ // will fail if [var.authentication_type] is invalid:
+ validate_authentication_type_value = index(local.authentication_type_allowed_values, var.authentication_type)
+}
+
+variable "template_name" {
+ description = "Template name. Should be defined according to deployment type(mgmt, ha, vmss, sg)"
+ type = string
+ default = "single"
+}
+
+variable "template_version" {
+ description = "Template version. It is recommended to always use the latest template version"
+ type = string
+ default = "20230910"
+}
+
+variable "installation_type" {
+ description = "Installation type"
+ type = string
+ default = "gateway"
+}
+
+locals { // locals for 'installation_type' allowed values
+ installation_type_allowed_values = [
+ "gateway",
+ "standalone"
+ ]
+}
+
+variable "vm_size" {
+ description = "Specifies size of Virtual Machine"
+ type = string
+}
+
+variable "disk_size" {
+ description = "Storage data disk size size(GB). Select a number between 100 and 3995"
+ type = string
+}
+
+variable "os_version" {
+ description = "GAIA OS version"
+ type = string
+}
+
+locals { // locals for 'vm_os_offer' allowed values
+ os_version_allowed_values = [
+ "R8040",
+ "R81",
+ "R8110",
+ "R8120"
+ ]
+ // will fail if [var.os_version] is invalid:
+ validate_os_version_value = index(local.os_version_allowed_values, var.os_version)
+}
+
+variable "vm_os_sku" {
+ description = "The sku of the image to be deployed."
+ type = string
+}
+
+variable "vm_os_offer" {
+ description = "The name of the image offer to be deployed.Choose from: check-point-cg-r8040, check-point-cg-r81, check-point-cg-r8110, check-point-cg-r8120"
+ type = string
+}
+
+locals { // locals for 'vm_os_offer' allowed values
+ vm_os_offer_allowed_values = [
+ "check-point-cg-r8040",
+ "check-point-cg-r81",
+ "check-point-cg-r8110",
+ "check-point-cg-r8120"
+ ]
+ // will fail if [var.vm_os_offer] is invalid:
+ validate_os_offer_value = index(local.vm_os_offer_allowed_values, var.vm_os_offer)
+}
+
+variable "allow_upload_download" {
+ description = "Automatically download Blade Contracts and other important data. Improve product experience by sending data to Check Point"
+ type = bool
+}
+
+variable "enable_custom_metrics" {
+ description = "Indicates whether CloudGuard Metrics will be use for Cluster members monitoring."
+ type = bool
+ default = true
+}
+
+variable "is_blink" {
+ description = "Define if blink image is used for deployment"
+ default = true
+}
+
+variable "admin_shell" {
+ description = "The admin shell to configure on machine or the first time"
+ type = string
+ default = "/etc/cli.sh"
+}
+
+locals {
+ admin_shell_allowed_values = [
+ "/etc/cli.sh",
+ "/bin/bash",
+ "/bin/csh",
+ "/bin/tcsh"
+ ]
+ // Will fail if [var.admin_shell] is invalid
+ validate_admin_shell_value = index(local.admin_shell_allowed_values, var.admin_shell)
+}
+
+//********************** Networking Variables **************************//
+variable "vnet_name" {
+ description = "Virtual Network name"
+ type = string
+}
+
+variable "subnet_frontend_name" {
+ description = "management subnet name"
+ type = string
+}
+
+variable "subnet_backend_name" {
+ description = "management subnet name"
+ type = string
+}
+
+variable "subnet_frontend_1st_Address" {
+ description = "The first available address of the frontend subnet"
+ type = string
+}
+
+variable "subnet_backend_1st_Address" {
+ description = "The first available address of the backend subnet"
+ type = string
+}
+
+variable "vnet_resource_group" {
+ description = "Resource group of existing vnet"
+ type = string
+}
+
+variable "vnet_allocation_method" {
+ description = "IP address allocation method"
+ type = string
+ default = "Static"
+}
+
+variable "management_GUI_client_network" {
+ description = "Allowed GUI clients - GUI clients network CIDR"
+ type = string
+}
+
+locals {
+ regex_valid_single_GUI_client_network = "^((25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\\.){3}(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)(/(3[0-2]|2[0-9]|1[0-9]|[0-9]))$"
+ // Will fail if var.management_GUI_client_network is invalid
+ regex_single_GUI_client_network = regex(local.regex_valid_single_GUI_client_network, var.management_GUI_client_network) == var.management_GUI_client_network ? 0 : "Variable [management_GUI_client_network] must be a valid IPv4 network CIDR."
+
+
+ regex_valid_subnet_1st_Address = "^((25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\\.){3}(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)$"
+ // Will fail if var.subnet_1st_Address is invalid
+ regex_subnet_frontend_1st_Address = regex(local.regex_valid_subnet_1st_Address, var.subnet_frontend_1st_Address) == var.subnet_frontend_1st_Address ? 0 : "Variable [subnet_1st_Address] must be a valid address."
+
+ regex_subnet_backend_1st_Address = regex(local.regex_valid_subnet_1st_Address, var.subnet_backend_1st_Address) == var.subnet_backend_1st_Address ? 0 : "Variable [subnet_1st_Address] must be a valid address."
+}
+
+variable "bootstrap_script" {
+ description = "An optional script to run on the initial boot"
+ default = ""
+ type = string
+ #example:
+ #"touch /home/admin/bootstrap.txt; echo 'hello_world' > /home/admin/bootstrap.txt"
+}
+
+variable "nsg_id" {
+ description = "NSG ID - Optional - if empty use default NSG"
+ default = ""
+}
+
+variable "add_storage_account_ip_rules" {
+ type = bool
+ default = false
+ description = "Add Storage Account IP rules that allow access to the Serial Console only for IPs based on their geographic location"
+}
+
+variable "storage_account_additional_ips" {
+ type = list(string)
+ description = "IPs/CIDRs that are allowed access to the Storage Account"
+ default = []
+}
+
+//********************** Credentials **************************//
+variable "tenant_id" {
+ description = "Tenant ID"
+ type = string
+}
+
+variable "subscription_id" {
+ description = "Subscription ID"
+ type = string
+}
+
+variable "client_id" {
+ description = "Application ID(Client ID)"
+ type = string
+}
+
+variable "client_secret" {
+ description = "A secret string that the application uses to prove its identity when requesting a token. Also can be referred to as application password."
+ type = string
+}
+
+variable "sic_key" {
+ type = string
+}
+
+resource "null_resource" "sic_key_invalid" {
+ count = length(var.sic_key) >= 12 ? 0 : "SIC key must be at least 12 characters long"
+}
+
+variable "sku" {
+ description = "SKU"
+ type = string
+ default = "Standard"
+}
\ No newline at end of file
diff --git a/deprecated/terraform/azure/R8040-R81/single-gateway-existing-vnet/versions.tf b/deprecated/terraform/azure/R8040-R81/single-gateway-existing-vnet/versions.tf
new file mode 100644
index 00000000..0d5ca4f3
--- /dev/null
+++ b/deprecated/terraform/azure/R8040-R81/single-gateway-existing-vnet/versions.tf
@@ -0,0 +1,12 @@
+terraform {
+ required_version = ">= 0.14.3"
+ required_providers {
+ azurerm = {
+ source = "hashicorp/azurerm"
+ version = "~> 3.81.0"
+ }
+ random = {
+ version = "~> 3.5.1"
+ }
+ }
+}
\ No newline at end of file
diff --git a/deprecated/terraform/azure/R8040-R81/single-gateway-new-vnet/README.md b/deprecated/terraform/azure/R8040-R81/single-gateway-new-vnet/README.md
new file mode 100644
index 00000000..d4d821ac
--- /dev/null
+++ b/deprecated/terraform/azure/R8040-R81/single-gateway-new-vnet/README.md
@@ -0,0 +1,197 @@
+# Check Point CloudGuard Network Security Single Gateway Terraform deployment for Azure
+
+This Terraform module deploys Check Point CloudGuard Network Security Single Gateway solution into a new Vnet in Azure.
+As part of the deployment the following resources are created:
+- Resource group
+- Virtual network
+- Network security group
+- System assigned identity
+
+
+This solution uses the following modules:
+- /terraform/azure/modules/common - used for creating a resource group and defining common variables.
+- /terraform/azure/modules/vnet - used for creating new virtual network and subnets.
+- /terraform/azure/modules/network-security-group - used for creating new network security groups and rules.
+
+
+## Configurations
+- Install and configure Terraform to provision Azure resources: [Configure Terraform for Azure](https://docs.microsoft.com/en-us/azure/virtual-machines/linux/terraform-install-configure)
+- In order to use ssh connection to VMs, it is **required** to add a public key to the /terraform/azure/single-gateway-new-vnet/azure_public_key file.
+
+## Usage
+- Choose the preferred login method to Azure in order to deploy the solution:
+
1. Using Service Principal:
+ - Create a [Service Principal](https://docs.microsoft.com/en-us/azure/active-directory/develop/howto-create-service-principal-portal) (or use the existing one)
+ - Grant the Service Principal at least "**Managed Application Contributor**", "**Storage Account Contributor**", "**Network Contributor**", "**Virtual Machine Contributor**" permissions to the Azure subscription
+ - The Service Principal credentials can be stored either in the terraform.tfvars or as [Environment Variables](https://www.terraform.io/docs/providers/azuread/guides/service_principal_client_secret.html)
+
+ In case the Environment Variables are used, perform modifications described below:
+
+ a. The next lines in the main.tf file, in the provider azurerm resource, need to be deleted or commented:
+
+ provider "azurerm" {
+
+ // subscription_id = var.subscription_id
+ // client_id = var.client_id
+ // client_secret = var.client_secret
+ // tenant_id = var.tenant_id
+
+ features {}
+ }
+
+ b. In the terraform.tfvars file leave empty double quotes for client_secret, client_id , tenant_id and subscription_id variables:
+
+ client_secret = ""
+ client_id = ""
+ tenant_id = ""
+ subscription_id = ""
+
+
2. Using **az** commands from a command-line:
+ - Run **az login** command
+ - Sign in with your account credentials in the browser
+ - [Accept Azure Marketplace image terms](https://docs.microsoft.com/en-us/cli/azure/vm/image/terms?view=azure-cli-latest) by running:
+
**az vm image terms accept --urn publisher:offer:sku:version**, where:
+ - publisher = checkpoint;
+ - offer = vm_os_offer (see accepted values in the table below);
+ - sku = vm_os_sku (see accepted values in the table below);
+ - version = latest
+
Example:
+ az vm image terms accept --urn checkpoint:check-point-cg-r8040:sg-byol:latest
+
+ - In the terraform.tfvars file leave empty double quotes for client_secret, client_id and tenant_id variables.
+
+- Fill all variables in the /terraform/azure/single-gateway-new-vnet/terraform.tfvars file with proper values (see below for variables descriptions).
+- From a command line initialize the Terraform configuration directory:
+
+ terraform init
+- Create an execution plan:
+
+ terraform plan
+- Create or modify the deployment:
+
+ terraform apply
+
+### terraform.tfvars variables:
+ | Name | Description | Type | Allowed values | Default |
+ |---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| ------------- | ------------- |----------------| ------------- |
+ | **client_secret** | The client secret value of the Service Principal used to deploy the solution | string | | n/a
+ | | | | | |
+ | **client_id** | The client ID of the Service Principal used to deploy the solution | string | | n/a
+ | | | | | |
+ | **tenant_id** | The tenant ID of the Service Principal used to deploy the solution | string | | n/a
+ | | | | | |
+ | **subscription_id** | The subscription ID is used to pay for Azure cloud services | string | | n/a
+ | | | | | |
+ | **source_image_vhd_uri** | The URI of the blob containing the development image. Please use noCustomUri if you want to use marketplace images | string | | "noCustomUri"
+ | | | | | |
+ | **resource_group_name** | The name of the resource group that will contain the contents of the deployment | string | Resource group names only allow alphanumeric characters, periods, underscores, hyphens and parenthesis and cannot end in a period | n/a
+ | | | | | |
+ | **single_gateway_name** | The name of the Check Point single GW Object | string | Only alphanumeric characters are allowed, and the name must be 1-30 characters long | n/a
+ | | | | | |
+ | **location** | The region where the resources will be deployed at | string | The full list of Azure regions can be found at https://azure.microsoft.com/regions | n/a
+ | | | | | |
+ | **vnet_name** | The name of virtual network that will be created | string | The name must begin with a letter or number, end with a letter, number or underscore, and may contain only letters, numbers, underscores, periods, or hyphens | n/a
+ | | | | | |
+ | **address_space** | The address prefixes of the virtual network | string | Valid CIDR block | "10.12.0.0/16"
+ | | | | | |
+ | **frontend_subnet_prefix** | The address prefix to be used for created frontend subnet | string | The subnets need to contain within the address space for this virtual network(defined by address_space variable) | "10.12.0.0/24"
+ | | | | | |
+ | **backend_subnet_prefix** | The address prefix to be used for created backend subnet | string | The subnets need to contain within the address space for this virtual network(defined by address_space variable) | "10.12.1.0/24"
+ | | | | | |
+ | **management_GUI_client_network** | Allowed GUI clients - GUI clients network CIDR | string | | n/a
+ | | | | | |
+ | **admin_password** | The password associated with the local administrator account on the gateway | string | Password must have 3 of the following: 1 lower case character, 1 upper case character, 1 number, and 1 special character | n/a
+ | | | | | |
+ | **smart_1_cloud_token** | Smart-1 Cloud token to connect automatically ***Gateway*** to Check Point's Security Management as a Service.
Follow these instructions to quickly connect this member to Smart-1 Cloud - [SK180501](https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk180501) | string | A valid token copied from the Connect Gateway screen in Smart-1 Cloud portal | n/a
+ | | | | | |
+ | **sic_key** | The Secure Internal Communication one time secret used to set up trust between the gateway object and the management server | string | Only alphanumeric characters are allowed, and the value must be 12-30 characters long | n/a
+ | | | | | |
+ | **vm_size** | Specifies the size of Virtual Machine | string | "Standard_DS2_v2", "Standard_DS3_v2", "Standard_DS4_v2", "Standard_DS5_v2", "Standard_F2s", "Standard_F4s", "Standard_F8s", "Standard_F16s", "Standard_D4s_v3", "Standard_D8s_v3", "Standard_D16s_v3", "Standard_D32s_v3", "Standard_D64s_v3", "Standard_E4s_v3", "Standard_E8s_v3", "Standard_E16s_v3", "Standard_E20s_v3", "Standard_E32s_v3", "Standard_E64s_v3", "Standard_E64is_v3", "Standard_F4s_v2", "Standard_F8s_v2", "Standard_F16s_v2", "Standard_F32s_v2", "Standard_F64s_v2", "Standard_M8ms", "Standard_M16ms", "Standard_M32ms", "Standard_M64ms", "Standard_M64s", "Standard_D2_v2", "Standard_D3_v2", "Standard_D4_v2", "Standard_D5_v2", "Standard_D11_v2", "Standard_D12_v2", "Standard_D13_v2", "Standard_D14_v2", "Standard_D15_v2", "Standard_F2", "Standard_F4", "Standard_F8", "Standard_F16", "Standard_D4_v3", "Standard_D8_v3", "Standard_D16_v3", "Standard_D32_v3", "Standard_D64_v3", "Standard_E4_v3", "Standard_E8_v3", "Standard_E16_v3", "Standard_E20_v3", "Standard_E32_v3", "Standard_E64_v3", "Standard_E64i_v3", "Standard_DS11_v2", "Standard_DS12_v2", "Standard_DS13_v2", "Standard_DS14_v2", "Standard_DS15_v2", "Standard_D2_v5", "Standard_D4_v5", "Standard_D8_v5", "Standard_D16_v5","Standard_D32_v5", "Standard_D2s_v5", "Standard_D4s_v5", "Standard_D8s_v5", "Standard_D16s_v5", "Standard_D2d_v5", "Standard_D4d_v5", "Standard_D8d_v5", "Standard_D16d_v5", "Standard_D32d_v5", "Standard_D2ds_v5", "Standard_D4ds_v5", "Standard_D8ds_v5", "Standard_D16ds_v5", "Standard_D32ds_v5" | n/a
+ | | | | | |
+ | **disk_size** | Storage data disk size size(GB) | string | A number in the range 100 - 3995 (GB) | n/a
+ | | | | | |
+ | **vm_os_sku** | A sku of the image to be deployed | string | "sg-byol" - BYOL license;
"sg-ngtp" - NGTP PAYG license;
"sg-ngtx" - NGTX PAYG license | n/a
+ | | | | | |
+ | **vm_os_offer** | The name of the image offer to be deployed | string | "check-point-cg-r8040";
"check-point-cg-r81";
"check-point-cg-r8110";
"check-point-cg-r8120"; | n/a
+ | | | | | |
+ | **os_version** | GAIA OS version | string | "R8040";
"R81";
"R8110";
"R8120"; | n/a |
+ | | | | | |
+ | **bootstrap_script** | An optional script to run on the initial boot | string | Bootstrap script example:
"touch /home/admin/bootstrap.txt; echo 'hello_world' > /home/admin/bootstrap.txt"
The script will create bootstrap.txt file in the /home/admin/ and add 'hello word' string into it | ""
+ | | | | | |
+ | **allow_upload_download** | Automatically download Blade Contracts and other important data. Improve product experience by sending data to Check Point | boolean | true;
false; | n/a
+ | | | | | |
+ | **authentication_type** | Specifies whether a password authentication or SSH Public Key authentication should be used | string | "Password";
"SSH Public Key"; | n/a
+ | | | | | |
+ | **enable_custom_metrics** | Indicates whether CloudGuard Metrics will be use for gateway monitoring | boolean | true;
false; | true
+ | | | | | |
+ | **admin_shell** | Enables to select different admin shells | string | /etc/cli.sh;
/bin/bash;
/bin/csh;
/bin/tcsh; | "/etc/cli.sh"
+ | | | | | |
+ | **installation_type** | Enables to select installation type- gateway/standalone | string | gateway;
standalone; | n/a | string | gateway;
standalone; |
+ | | | | | |
+ | **serial_console_password_hash** | Optional parameter, used to enable serial console connection in case of SSH key as authentication type, to generate password hash use the command 'openssl passwd -6 PASSWORD' on Linux and paste it here | string | | n/a
+ | | | | | |
+ | **maintenance_mode_password_hash** | Maintenance mode password hash, relevant only for R81.20 and higher versions, to generate a password hash use the command 'grub2-mkpasswd-pbkdf2' on Linux and paste it here | string | | n/a
+ | | | | | |
+ | **nsg_id** | Optional ID for a Network Security Group that already exists in Azure, if isn't provided will create a default NSG | string | Existing NSG resource ID | ""
+ | | | | | |
+ | **add_storage_account_ip_rules** | Add Storage Account IP rules that allow access to the Serial Console only for IPs based on their geographic location, if false then accses will be allowed from all networks | boolean | true;
false; | false
+ | | | | | |
+ | **storage_account_additional_ips** | IPs/CIDRs that are allowed access to the Storage Account | list(string) | A list of valid IPs and CIDRs | []
+
+## Conditional creation
+- To enable CloudGuard metrics in order to send statuses and statistics collected from the gateway instance to the Azure Monitor service:
+ ```
+ enable_custom_metrics = true
+ ```
+
+## Example
+ client_secret = "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"
+ client_id = "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"
+ tenant_id = "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"
+ subscription_id = "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"
+ source_image_vhd_uri = "noCustomUri"
+ resource_group_name = "checkpoint-single-gw-terraform"
+ single_gateway_name = "checkpoint-single-gw-terraform"
+ location = "eastus"
+ vnet_name = "checkpoint-single-gw-vnet"
+ address_space = "10.0.0.0/16"
+ frontend_subnet_prefix = "10.0.1.0/24"
+ backend_subnet_prefix = "10.0.2.0/24"
+ management_GUI_client_network = "0.0.0.0/0"
+ admin_password = "xxxxxxxxxxxx"
+ smart_1_cloud_token = "xxxxxxxxxxxx"
+ sic_key = "xxxxxxxxxxxx"
+ vm_size = "Standard_D3_v2"
+ disk_size = "110"
+ vm_os_sku = "sg-byol"
+ vm_os_offer = "check-point-cg-r8110"
+ os_version = "R8110"
+ bootstrap_script = "touch /home/admin/bootstrap.txt; echo 'hello_world' > /home/admin/bootstrap.txt"
+ allow_upload_download = true
+ authentication_type = "Password"
+ enable_custom_metrics = true
+ admin_shell = "/etc/cli.sh"
+ installation_type = "gateway"
+ serial_console_password_hash = "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"
+ maintenance_mode_password_hash = "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"
+ nsg_id = ""
+ add_storage_account_ip_rules = false
+ storage_account_additional_ips = []
+
+## Revision History
+In order to check the template version refer to the [sk116585](https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk116585)
+
+| Template Version | Description |
+|------------------|---------------------------------------------------------------------------------------------------|
+| 20240613 | - Updated Azure Terraform provider version
- Cosmetic fixes & default values
- Added option to limit storage account access by specify allowed sourcess
- Added accelerated networking to SGW Terraform templates
- Updated Public IP sku to Standard
- Added validation for os_version & os_offer |
+| | | |
+| 20230910 | - R81.20 is the default version |
+| | | |
+| 20230629 | First release of Check Point CloudGuard Network Security Single GW Terraform deployment for Azure |
+| | | |
+
+
+## License
+
+See the [LICENSE](../../LICENSE) file for details
+
diff --git a/deprecated/terraform/azure/R8040-R81/single-gateway-new-vnet/azure_public_key b/deprecated/terraform/azure/R8040-R81/single-gateway-new-vnet/azure_public_key
new file mode 100644
index 00000000..e69de29b
diff --git a/deprecated/terraform/azure/R8040-R81/single-gateway-new-vnet/cloud-init.sh b/deprecated/terraform/azure/R8040-R81/single-gateway-new-vnet/cloud-init.sh
new file mode 100644
index 00000000..71bf3916
--- /dev/null
+++ b/deprecated/terraform/azure/R8040-R81/single-gateway-new-vnet/cloud-init.sh
@@ -0,0 +1,18 @@
+#!/usr/bin/python3 /etc/cloud_config.py
+
+installationType="${installation_type}"
+allowUploadDownload="${allow_upload_download}"
+osVersion="${os_version}"
+templateName="${template_name}"
+templateVersion="${template_version}"
+templateType="${template_type}"
+isBlink="${is_blink}"
+bootstrapScript64="${bootstrap_script64}"
+location="${location}"
+adminShell="${admin_shell}"
+sicKey="${sic_key}"
+managementGUIClientNetwork="${management_GUI_client_network}"
+smart1CloudToken="${smart_1_cloud_token}"
+customMetrics="${enable_custom_metrics}"
+passwordHash="${serial_console_password_hash}"
+MaintenanceModePassword="${maintenance_mode_password_hash}"
\ No newline at end of file
diff --git a/deprecated/terraform/azure/R8040-R81/single-gateway-new-vnet/main.tf b/deprecated/terraform/azure/R8040-R81/single-gateway-new-vnet/main.tf
new file mode 100644
index 00000000..b4642666
--- /dev/null
+++ b/deprecated/terraform/azure/R8040-R81/single-gateway-new-vnet/main.tf
@@ -0,0 +1,256 @@
+//********************** Providers **************************//
+provider "azurerm" {
+ subscription_id = var.subscription_id
+ client_id = var.client_id
+ client_secret = var.client_secret
+ tenant_id = var.tenant_id
+
+ features {}
+}
+
+//********************** Basic Configuration **************************//
+module "common" {
+ source = "../modules/common"
+ resource_group_name = var.resource_group_name
+ location = var.location
+ admin_password = var.admin_password
+ installation_type = var.installation_type
+ template_name = var.template_name
+ template_version = var.template_version
+ number_of_vm_instances = 1
+ allow_upload_download = var.allow_upload_download
+ vm_size = var.vm_size
+ disk_size = var.disk_size
+ os_version = var.os_version
+ vm_os_sku = var.vm_os_sku
+ vm_os_offer = var.vm_os_offer
+ is_blink = var.is_blink
+ authentication_type = var.authentication_type
+ serial_console_password_hash = var.serial_console_password_hash
+ maintenance_mode_password_hash = var.maintenance_mode_password_hash
+ storage_account_additional_ips = var.storage_account_additional_ips
+}
+
+//********************** Networking **************************//
+module "vnet" {
+ source = "../modules/vnet"
+
+ vnet_name = var.vnet_name
+ resource_group_name = module.common.resource_group_name
+ location = module.common.resource_group_location
+ address_space = var.address_space
+ subnet_prefixes = [var.frontend_subnet_prefix, var.backend_subnet_prefix]
+ subnet_names = ["${var.single_gateway_name}-frontend-subnet", "${var.single_gateway_name}-backend-subnet"]
+ nsg_id = var.nsg_id == "" ? module.network-security-group[0].network_security_group_id: var.nsg_id
+}
+
+module "network-security-group" {
+ source = "../modules/network-security-group"
+ count = var.nsg_id == "" ? 1 : 0
+ resource_group_name = module.common.resource_group_name
+ security_group_name = "${module.common.resource_group_name}-nsg"
+ location = module.common.resource_group_location
+ security_rules = [
+ {
+ name = "AllowAllInBound"
+ priority = "100"
+ direction = "Inbound"
+ access = "Allow"
+ protocol = "*"
+ source_port_ranges = "*"
+ destination_port_ranges = "*"
+ description = "Allow all inbound connections"
+ source_address_prefix = "*"
+ destination_address_prefix = "*"
+ }
+ ]
+}
+
+resource "azurerm_public_ip" "public-ip" {
+ name = var.single_gateway_name
+ location = module.common.resource_group_location
+ resource_group_name = module.common.resource_group_name
+ allocation_method = var.vnet_allocation_method
+ sku = var.sku
+ idle_timeout_in_minutes = 30
+ domain_name_label = join("", [
+ lower(var.single_gateway_name),
+ "-",
+ random_id.randomId.hex])
+}
+
+resource "azurerm_network_interface_security_group_association" "security_group_association" {
+ depends_on = [azurerm_network_interface.nic, module.network-security-group]
+ network_interface_id = azurerm_network_interface.nic.id
+ network_security_group_id = var.nsg_id == "" ? module.network-security-group[0].network_security_group_id: var.nsg_id
+}
+
+resource "azurerm_network_interface" "nic" {
+ depends_on = [
+ azurerm_public_ip.public-ip]
+ name = "${var.single_gateway_name}-eth0"
+ location = module.common.resource_group_location
+ resource_group_name = module.common.resource_group_name
+ enable_ip_forwarding = true
+ enable_accelerated_networking = true
+
+
+ ip_configuration {
+ name = "ipconfig1"
+ subnet_id = module.vnet.vnet_subnets[0]
+ private_ip_address_allocation = var.vnet_allocation_method
+ private_ip_address = cidrhost(var.frontend_subnet_prefix, 4)
+ public_ip_address_id = azurerm_public_ip.public-ip.id
+ }
+}
+
+resource "azurerm_network_interface" "nic1" {
+ depends_on = []
+ name = "${var.single_gateway_name}-eth1"
+ location = module.common.resource_group_location
+ resource_group_name = module.common.resource_group_name
+ enable_ip_forwarding = true
+ enable_accelerated_networking = true
+
+
+ ip_configuration {
+ name = "ipconfig2"
+ subnet_id = module.vnet.vnet_subnets[1]
+ private_ip_address_allocation = var.vnet_allocation_method
+ private_ip_address = cidrhost(var.backend_subnet_prefix, 4)
+ }
+}
+
+//********************** Storage accounts **************************//
+// Generate random text for a unique storage account name
+resource "random_id" "randomId" {
+ keepers = {
+ # Generate a new ID only when a new resource group is defined
+ resource_group = module.common.resource_group_name
+ }
+ byte_length = 8
+}
+resource "azurerm_storage_account" "vm-boot-diagnostics-storage" {
+ name = "bootdiag${random_id.randomId.hex}"
+ resource_group_name = module.common.resource_group_name
+ location = module.common.resource_group_location
+ account_tier = module.common.storage_account_tier
+ account_replication_type = module.common.account_replication_type
+ account_kind = "Storage"
+ network_rules {
+ default_action = var.add_storage_account_ip_rules ? "Deny" : "Allow"
+ ip_rules = module.common.storage_account_ip_rules
+ }
+ blob_properties {
+ delete_retention_policy {
+ days = "15"
+ }
+ }
+
+}
+
+//********************** Virtual Machines **************************//
+locals {
+ SSH_authentication_type_condition = var.authentication_type == "SSH Public Key" ? true : false
+ custom_image_condition = var.source_image_vhd_uri == "noCustomUri" ? false : true
+}
+
+resource "azurerm_image" "custom-image" {
+ count = local.custom_image_condition ? 1 : 0
+ name = "custom-image"
+ location = var.location
+ resource_group_name = module.common.resource_group_name
+
+ os_disk {
+ os_type = "Linux"
+ os_state = "Generalized"
+ blob_uri = var.source_image_vhd_uri
+ }
+}
+
+resource "azurerm_virtual_machine" "single-gateway-vm-instance" {
+ depends_on = [
+ azurerm_network_interface.nic,
+ azurerm_network_interface.nic1]
+ location = module.common.resource_group_location
+ name = var.single_gateway_name
+ network_interface_ids = [
+ azurerm_network_interface.nic.id,
+ azurerm_network_interface.nic1.id]
+ resource_group_name = module.common.resource_group_name
+ vm_size = module.common.vm_size
+ delete_os_disk_on_termination = module.common.delete_os_disk_on_termination
+ primary_network_interface_id = azurerm_network_interface.nic.id
+
+ identity {
+ type = module.common.vm_instance_identity
+ }
+
+ dynamic "plan" {
+ for_each = local.custom_image_condition ? [
+ ] : [1]
+ content {
+ name = module.common.vm_os_sku
+ publisher = module.common.publisher
+ product = module.common.vm_os_offer
+ }
+ }
+
+ boot_diagnostics {
+ enabled = module.common.boot_diagnostics
+ storage_uri = module.common.boot_diagnostics ? join(",", azurerm_storage_account.vm-boot-diagnostics-storage.*.primary_blob_endpoint) : ""
+ }
+
+ os_profile {
+ computer_name = var.single_gateway_name
+ admin_username = module.common.admin_username
+ admin_password = module.common.admin_password
+ custom_data = templatefile("${path.module}/cloud-init.sh", {
+ installation_type = module.common.installation_type
+ allow_upload_download = module.common.allow_upload_download
+ os_version = module.common.os_version
+ template_name = module.common.template_name
+ template_version = module.common.template_version
+ template_type = "terraform"
+ is_blink = module.common.is_blink
+ bootstrap_script64 = base64encode(var.bootstrap_script)
+ location = module.common.resource_group_location
+ admin_shell = var.admin_shell
+ sic_key = var.sic_key
+ management_GUI_client_network = var.management_GUI_client_network
+ smart_1_cloud_token = var.smart_1_cloud_token
+ enable_custom_metrics = var.enable_custom_metrics ? "yes" : "no"
+ serial_console_password_hash = var.serial_console_password_hash
+ maintenance_mode_password_hash = var.maintenance_mode_password_hash
+ })
+ }
+
+ os_profile_linux_config {
+ disable_password_authentication = local.SSH_authentication_type_condition
+
+ dynamic "ssh_keys" {
+ for_each = local.SSH_authentication_type_condition ? [
+ 1] : []
+ content {
+ path = "/home/notused/.ssh/authorized_keys"
+ key_data = file("${path.module}/azure_public_key")
+ }
+ }
+ }
+
+ storage_image_reference {
+ id = local.custom_image_condition ? azurerm_image.custom-image[0].id : null
+ publisher = local.custom_image_condition ? null : module.common.publisher
+ offer = module.common.vm_os_offer
+ sku = module.common.vm_os_sku
+ version = module.common.vm_os_version
+ }
+
+ storage_os_disk {
+ name = var.single_gateway_name
+ create_option = module.common.storage_os_disk_create_option
+ caching = module.common.storage_os_disk_caching
+ managed_disk_type = module.common.storage_account_type
+ disk_size_gb = module.common.disk_size
+ }
+}
diff --git a/deprecated/terraform/azure/R8040-R81/single-gateway-new-vnet/terraform.tfvars b/deprecated/terraform/azure/R8040-R81/single-gateway-new-vnet/terraform.tfvars
new file mode 100644
index 00000000..636e9491
--- /dev/null
+++ b/deprecated/terraform/azure/R8040-R81/single-gateway-new-vnet/terraform.tfvars
@@ -0,0 +1,33 @@
+#PLEASE refer to the README.md for accepted values for the variables below
+client_secret = "PLEASE ENTER CLIENT SECRET" # "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"
+client_id = "PLEASE ENTER CLIENT ID" # "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"
+tenant_id = "PLEASE ENTER TENANT ID" # "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"
+subscription_id = "PLEASE ENTER SUBSCRIPTION ID" # "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"
+source_image_vhd_uri = "PLEASE ENTER SOURCE IMAGE VHD URI OR noCustomUri" # "noCustomUri"
+resource_group_name = "PLEASE ENTER RESOURCE GROUP NAME" # "checkpoint-single-terraform"
+single_gateway_name = "PLEASE ENTER GW NAME" # "checkpoint-single-terraform"
+location = "PLEASE ENTER LOCATION" # "eastus"
+vnet_name = "PLEASE ENTER VIRTUAL NETWORK NAME" # "checkpoint-single-vnet"
+address_space = "PLEASE ENTER VIRTUAL NETWORK ADDRESS SPACE" # "10.0.0.0/16"
+frontend_subnet_prefix = "PLEASE ENTER ADDRESS PREFIX FOR FRONTEND SUBNET" # "10.0.0.0/24"
+backend_subnet_prefix = "PLEASE ENTER ADDRESS PREFIX FOR BACKEND SUBNET" # "10.0.1.0/24"
+management_GUI_client_network = "PLEASE ENTER A MANAGEMENT GUI CLIENT NETWORK" # "0.0.0.0/0"
+admin_password = "PLEASE ENTER ADMIN PASSWORD" # "xxxxxxxxxxxx"
+smart_1_cloud_token = "PASTE TOKEN FROM SMART-1 CLOUD PORTAL" # ""
+sic_key = "PLEASE ENTER SIC KEY" # "xxxxxxxxxxxx"
+vm_size = "PLEASE ENTER VM SIZE" # "Standard_D3_v2"
+disk_size = "PLEASE ENTER DISK SIZE" # "110"
+vm_os_sku = "PLEASE ENTER VM SKU" # "sg-byol"
+vm_os_offer = "PLEASE ENTER VM OFFER" # "check-point-cg-r8110"
+os_version = "PLEASE ENTER GAIA OS VERSION" # "R8110"
+bootstrap_script = "PLEASE ENTER CUSTOM SCRIPT OR LEAVE EMPTY DOUBLE QUOTES" # "touch /home/admin/bootstrap.txt; echo 'hello_world' > /home/admin/bootstrap.txt"
+allow_upload_download = "PLEASE ENTER true or false" # true
+authentication_type = "PLEASE ENTER AUTHENTICATION TYPE" # "Password"
+enable_custom_metrics = "PLEASE ENTER true or false" # true
+admin_shell = "PLEASE ENTER ADMIN SHELL" # "/etc/cli.sh"
+installation_type = "PLEASE ENTER INSTALLATION TYPE" # "gateway"
+serial_console_password_hash = "PLEASE ENTER SERIAL CONSOLE PASSWORD HASH" # "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"
+maintenance_mode_password_hash = "PLEASE ENTER MAINTENANCE MODE PASSWORD HASH" # "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"
+nsg_id = "PLEASE ENTER NETWORK SECURITY GROUP ID" # ""
+add_storage_account_ip_rules = "PLEASE ENTER true or false" # false
+storage_account_additional_ips = "PLEASE ENTER A LIST OF VALID IPS/CIDRS" # []
\ No newline at end of file
diff --git a/deprecated/terraform/azure/R8040-R81/single-gateway-new-vnet/variables.tf b/deprecated/terraform/azure/R8040-R81/single-gateway-new-vnet/variables.tf
new file mode 100644
index 00000000..65076afc
--- /dev/null
+++ b/deprecated/terraform/azure/R8040-R81/single-gateway-new-vnet/variables.tf
@@ -0,0 +1,280 @@
+//********************** Basic Configuration Variables **************************//
+variable "single_gateway_name" {
+ description = "Single gateway name"
+ type = string
+}
+
+variable "resource_group_name" {
+ description = "Azure Resource Group name to build into"
+ type = string
+}
+
+variable "location" {
+ description = "The location/region where resource will be created. The full list of Azure regions can be found at https://azure.microsoft.com/regions"
+ type = string
+}
+
+//********************** Virtual Machine Instances Variables **************************//
+variable "source_image_vhd_uri" {
+ type = string
+ description = "The URI of the blob containing the development image. Please use noCustomUri if you want to use marketplace images."
+ default = "noCustomUri"
+}
+
+variable "admin_username" {
+ description = "Administrator username of deployed VM. Due to Azure limitations 'notused' name can be used"
+ default = "notused"
+}
+
+variable "admin_password" {
+ description = "Administrator password of deployed Virtual Machine. The password must meet the complexity requirements of Azure"
+ type = string
+}
+
+variable "smart_1_cloud_token" {
+ description = "Smart-1 Cloud Token"
+ type = string
+}
+
+variable "serial_console_password_hash" {
+ description = "Optional parameter, used to enable serial console connection in case of SSH key as authentication type"
+ type = string
+}
+
+variable "maintenance_mode_password_hash" {
+ description = "Maintenance mode password hash, relevant only for R81.20 and higher versions"
+ type = string
+}
+
+variable "authentication_type" {
+ description = "Specifies whether a password authentication or SSH Public Key authentication should be used"
+ type = string
+}
+locals { // locals for 'authentication_type' allowed values
+ authentication_type_allowed_values = [
+ "Password",
+ "SSH Public Key"
+ ]
+ // will fail if [var.authentication_type] is invalid:
+ validate_authentication_type_value = index(local.authentication_type_allowed_values, var.authentication_type)
+}
+
+variable "template_name" {
+ description = "Template name. Should be defined according to deployment type(mgmt, ha, vmss, sg)"
+ type = string
+ default = "single"
+}
+
+variable "template_version" {
+ description = "Template version. It is recommended to always use the latest template version"
+ type = string
+ default = "20230910"
+}
+
+variable "installation_type" {
+ description = "installation type"
+ type = string
+ default = "gateway"
+}
+
+locals { // locals for 'installation_type' allowed values
+ installation_type_allowed_values = [
+ "gateway",
+ "standalone"
+ ]
+}
+
+variable "vm_size" {
+ description = "Specifies size of Virtual Machine"
+ type = string
+}
+
+variable "disk_size" {
+ description = "Storage data disk size size(GB). Select a number between 100 and 3995"
+ type = string
+}
+
+variable "os_version" {
+ description = "GAIA OS version"
+ type = string
+}
+
+locals { // locals for 'vm_os_offer' allowed values
+ os_version_allowed_values = [
+ "R8040",
+ "R81",
+ "R8110",
+ "R8120"
+ ]
+ // will fail if [var.os_version] is invalid:
+ validate_os_version_value = index(local.os_version_allowed_values, var.os_version)
+}
+
+variable "vm_os_sku" {
+ description = "The sku of the image to be deployed."
+ type = string
+}
+
+variable "vm_os_offer" {
+ description = "The name of the image offer to be deployed.Choose from: check-point-cg-r8040, check-point-cg-r81, check-point-cg-r8110, check-point-cg-r8120"
+ type = string
+}
+
+locals { // locals for 'vm_os_offer' allowed values
+ vm_os_offer_allowed_values = [
+ "check-point-cg-r8040",
+ "check-point-cg-r81",
+ "check-point-cg-r8110",
+ "check-point-cg-r8120"
+ ]
+ // will fail if [var.vm_os_offer] is invalid:
+ validate_os_offer_value = index(local.vm_os_offer_allowed_values, var.vm_os_offer)
+}
+
+variable "allow_upload_download" {
+ description = "Automatically download Blade Contracts and other important data. Improve product experience by sending data to Check Point"
+ type = bool
+}
+
+variable "enable_custom_metrics" {
+ description = "Indicates whether CloudGuard Metrics will be use for Cluster members monitoring."
+ type = bool
+ default = true
+}
+
+variable "is_blink" {
+ description = "Define if blink image is used for deployment"
+ default = true
+}
+
+variable "admin_shell" {
+ description = "The admin shell to configure on machine or the first time"
+ type = string
+ default = "/etc/cli.sh"
+}
+
+locals {
+ admin_shell_allowed_values = [
+ "/etc/cli.sh",
+ "/bin/bash",
+ "/bin/csh",
+ "/bin/tcsh"
+ ]
+ // Will fail if [var.admin_shell] is invalid
+ validate_admin_shell_value = index(local.admin_shell_allowed_values, var.admin_shell)
+}
+
+//********************** Networking Variables **************************//
+variable "vnet_name" {
+ description = "Virtual Network name"
+ type = string
+}
+
+variable "address_space" {
+ description = "The address space that is used by a Virtual Network."
+ type = string
+ default = "10.12.0.0/16"
+}
+
+variable "frontend_subnet_prefix" {
+ description = "Address prefix to be used for network frontend subnet"
+ type = string
+ default = "10.12.0.0/24"
+}
+
+variable "backend_subnet_prefix" {
+ description = "Address prefix to be used for network backend subnet"
+ type = string
+ default = "10.12.1.0/24"
+}
+
+variable "vnet_subnets" {
+ description = "Subnets in vnet"
+ type = list(string)
+ default = ["10.12.0.0/24", "10.12.1.0/24"]
+}
+
+variable "vnet_allocation_method" {
+ description = "IP address allocation method"
+ type = string
+ default = "Static"
+}
+
+variable "management_GUI_client_network" {
+ description = "Allowed GUI clients - GUI clients network CIDR"
+ type = string
+}
+
+variable "nsg_id" {
+ description = "NSG ID - Optional - if empty use default NSG"
+ default = ""
+}
+
+variable "add_storage_account_ip_rules" {
+ type = bool
+ default = false
+ description = "Add Storage Account IP rules that allow access to the Serial Console only for IPs based on their geographic location"
+}
+
+variable "storage_account_additional_ips" {
+ type = list(string)
+ description = "IPs/CIDRs that are allowed access to the Storage Account"
+ default = []
+}
+locals {
+ regex_valid_management_GUI_client_network = "^((25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\\.){3}(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)(/(3[0-2]|2[0-9]|1[0-9]|[0-9]))$"
+ // Will fail if var.management_GUI_client_network is invalid
+ regex_management_GUI_client_network = regex(local.regex_valid_management_GUI_client_network, var.management_GUI_client_network) == var.management_GUI_client_network ? 0 : "Variable [management_GUI_client_network] must be a valid IPv4 network CIDR."
+
+
+ regex_valid_network_cidr = "^((25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\\.){3}(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)(/(3[0-2]|2[0-9]|1[0-9]|[0-9]))|$"
+ // Will fail if var.address_space is invalid
+ regex_address_space = regex(local.regex_valid_network_cidr, var.address_space) == var.address_space ? 0 : "Variable [address_space] must be a valid address in CIDR notation."
+ // Will fail if var.subnet_prefix is invalid
+ regex_frontend_subnet_prefix = regex(local.regex_valid_network_cidr, var.frontend_subnet_prefix) == var.frontend_subnet_prefix ? 0 : "Variable [subnet_prefix] must be a valid address in CIDR notation."
+ // Will fail if var.subnet_prefix is invalid
+ regex_backend_subnet_prefix = regex(local.regex_valid_network_cidr, var.backend_subnet_prefix) == var.backend_subnet_prefix ? 0 : "Variable [subnet_prefix] must be a valid address in CIDR notation."
+}
+
+variable "bootstrap_script" {
+ description = "An optional script to run on the initial boot"
+ default = ""
+ type = string
+ #example:
+ #"touch /home/admin/bootstrap.txt; echo 'hello_world' > /home/admin/bootstrap.txt"
+}
+
+//********************** Credentials **************************//
+variable "tenant_id" {
+ description = "Tenant ID"
+ type = string
+}
+
+variable "subscription_id" {
+ description = "Subscription ID"
+ type = string
+}
+
+variable "client_id" {
+ description = "Application ID(Client ID)"
+ type = string
+}
+
+variable "client_secret" {
+ description = "A secret string that the application uses to prove its identity when requesting a token. Also can be referred to as application password."
+ type = string
+}
+
+variable "sic_key" {
+ type = string
+}
+
+resource "null_resource" "sic_key_invalid" {
+ count = length(var.sic_key) >= 12 ? 0 : "SIC key must be at least 12 characters long"
+}
+
+variable "sku" {
+ description = "SKU"
+ type = string
+ default = "Standard"
+}
\ No newline at end of file
diff --git a/deprecated/terraform/azure/R8040-R81/single-gateway-new-vnet/versions.tf b/deprecated/terraform/azure/R8040-R81/single-gateway-new-vnet/versions.tf
new file mode 100644
index 00000000..0d5ca4f3
--- /dev/null
+++ b/deprecated/terraform/azure/R8040-R81/single-gateway-new-vnet/versions.tf
@@ -0,0 +1,12 @@
+terraform {
+ required_version = ">= 0.14.3"
+ required_providers {
+ azurerm = {
+ source = "hashicorp/azurerm"
+ version = "~> 3.81.0"
+ }
+ random = {
+ version = "~> 3.5.1"
+ }
+ }
+}
\ No newline at end of file
diff --git a/deprecated/terraform/azure/R8040-R81/vmss-existing-vnet/README.md b/deprecated/terraform/azure/R8040-R81/vmss-existing-vnet/README.md
new file mode 100644
index 00000000..dca0361a
--- /dev/null
+++ b/deprecated/terraform/azure/R8040-R81/vmss-existing-vnet/README.md
@@ -0,0 +1,247 @@
+# Check Point CloudGuard IaaS VMSS Terraform deployment for Azure
+
+This Terraform module deploys Check Point CloudGuard IaaS VMSS solution into an existing Vnet in Azure.
+As part of the deployment the following resources are created:
+- Resource group
+- Role assignment - conditional creation
+
+
+For additional information,
+please see the [CloudGuard Network for Azure Virtual Machine Scale Sets (VMSS) Deployment Guide](https://sc1.checkpoint.com/documents/IaaS/WebAdminGuides/EN/CP_VMSS_for_Azure/Default.htm)
+
+This solution uses the following modules:
+- /terraform/azure/modules/common - used for creating a resource group and defining common variables.
+
+
+## Configurations
+- Install and configure Terraform to provision Azure resources: [Configure Terraform for Azure](https://docs.microsoft.com/en-us/azure/virtual-machines/linux/terraform-install-configure)
+- In order to use ssh connection to VMs, it is **required** to add a public key to the /terraform/azure/vmss-existing-vnet/azure_public_key file
+
+## Usage
+- Choose the preferred login method to Azure in order to deploy the solution:
+
1. Using Service Principal:
+ - Create a [Service Principal](https://docs.microsoft.com/en-us/azure/active-directory/develop/howto-create-service-principal-portal) (or use the existing one)
+ - Grant the Service Principal at least "**Managed Application Contributor**", "**Storage Account Contributor**", "**Network Contributor**", "**Virtual Machine Contributor**" permissions to the Azure subscription
+ - The Service Principal credentials can be stored either in the terraform.tfvars or as [Environment Variables](https://www.terraform.io/docs/providers/azuread/guides/service_principal_client_secret.html)
+
+ In case the Environment Variables are used, perform modifications described below:
+
+ a. The next lines in the main.tf file, in the provider azurerm resource, need to be deleted or commented:
+
+ provider "azurerm" {
+
+ // subscription_id = var.subscription_id
+ // client_id = var.client_id
+ // client_secret = var.client_secret
+ // tenant_id = var.tenant_id
+
+ features {}
+ }
+
+ b. In the terraform.tfvars file leave empty double quotes for client_secret, client_id, tenant_id and subscription_id variables:
+
+ client_secret = ""
+ client_id = ""
+ tenant_id = ""
+ subscription_id = ""
+
+
2. Using **az** commands from a command-line:
+ - Run **az login** command
+ - Sign in with your account credentials in the browser
+ - [Accept Azure Marketplace image terms](https://docs.microsoft.com/en-us/cli/azure/vm/image/terms?view=azure-cli-latest) by running:
+
**az vm image terms accept --urn publisher:offer:sku:version**, where:
+ - publisher = checkpoint;
+ - offer = vm_os_offer (see accepted values in the table below);
+ - sku = vm_os_sku (see accepted values in the table below);
+ - version = latest
+
Example:
+ az vm image terms accept --urn checkpoint:check-point-cg-r8040:sg-byol:latest
+
+ - In the terraform.tfvars file leave empty double quotes for client_secret, client_id and tenant_id variables.
+
+- Fill all variables in the /terraform/azure/vmss-existing-vnet/terraform.tfvars file with proper values (see below for variables descriptions).
+- From a command line initialize the Terraform configuration directory:
+
+ terraform init
+- Create an execution plan:
+
+ terraform plan
+- Create or modify the deployment:
+
+ terraform apply
+
+### terraform.tfvars variables:
+ | Name | Description | Type | Allowed values | Default |
+ | ------------- |-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| ------------- | ------------- | ------------- |
+ | **client_secret** | The client secret of the Service Principal used to deploy the solution | string | | n/a
+ | | | | | |
+ | **client_id** | The client ID of the Service Principal used to deploy the solution | string | | n/a
+ | | | | | |
+ | **tenant_id** | The tenant ID of the Service Principal used to deploy the solution | string | | n/a
+ | | | | | |
+ | **subscription_id** | The subsscription ID is used to pay for Azure cloud services | string | | n/a
+ | | | | | |
+ | **source_image_vhd_uri** | The URI of the blob containing the development image. Please use noCustomUri if you want to use marketplace images | string | | "noCustomUri"
+ | | | | | |
+ | **resource_group_name** | The name of the resource group that will contain the contents of the deployment | string | Resource group names only allow alphanumeric characters, periods, underscores, hyphens and parenthesis and cannot end in a period
Note: Resource group name must not contain reserved words based on: sk40179| n/a
+ | | | | | |
+ | **location** | The region where the resources will be deployed at | string | The full list of Azure regions can be found at https://azure.microsoft.com/regions | n/a
+ | | | | | |
+ | **vmss_name** | The name of the Check Point VMSS Object | string | Only alphanumeric characters are allowed, and the name must be 1-30 characters long
Note: vmss_name name must not contain reserved words based on: sk40179 | n/a
+ | | | | | |
+ | **vnet_name** | Virtual Network name | string | The name must begin with a letter or number, end with a letter, number or underscore, and may contain only letters, numbers, underscores, periods, or hyphens | n/a
+ | | | | | |
+ | **vnet_resource_group** | Resource Group of the existing virtual network | string | The exact name of the existing vnet's resource group | n/a
+ | | | | | |
+ | **frontend_subnet_name** | Specifies the name of the external subnet | string | The exact name of the existing external subnet | n/a
+ | | | | | |
+ | **backend_subnet_name** | Specifies the name of the internal subnet | string | The exact name of the existing internal subnet | n/a
+ | | | | | |
+ | **backend_lb_IP_address** | Is a whole number that can be represented as a binary integer with no more than the number of digits remaining in the address after the given prefix | string | Starting from 5-th IP address in a subnet. For example: subnet - 10.0.1.0/24, backend_lb_IP_address = 4 , the LB IP is 10.0.1.4 | n/a
+ | | | | | |
+ | **admin_password** | The password associated with the local administrator account on each cluster member | string | Password must have 3 of the following: 1 lower case character, 1 upper case character, 1 number, and 1 special character | n/a
+ | | | | | |
+ | **sic_key** | The Secure Internal Communication one time secret used to set up trust between the cluster object and the management server | string | Only alphanumeric characters are allowed, and the value must be 12-30 characters long | n/a
+ | | | | | |
+ | **vm_size** | Specifies the size of Virtual Machine | string | "Standard_DS2_v2", "Standard_DS3_v2", "Standard_DS4_v2", "Standard_DS5_v2", "Standard_F2s", "Standard_F4s", "Standard_F8s", "Standard_F16s", "Standard_D4s_v3", "Standard_D8s_v3", "Standard_D16s_v3", "Standard_D32s_v3", "Standard_D64s_v3", "Standard_E4s_v3", "Standard_E8s_v3", "Standard_E16s_v3", "Standard_E20s_v3", "Standard_E32s_v3", "Standard_E64s_v3", "Standard_E64is_v3", "Standard_F4s_v2", "Standard_F8s_v2", "Standard_F16s_v2", "Standard_F32s_v2", "Standard_F64s_v2", "Standard_M8ms", "Standard_M16ms", "Standard_M32ms", "Standard_M64ms", "Standard_M64s", "Standard_D2_v2", "Standard_D3_v2", "Standard_D4_v2", "Standard_D5_v2", "Standard_D11_v2", "Standard_D12_v2", "Standard_D13_v2", "Standard_D14_v2", "Standard_D15_v2", "Standard_F2", "Standard_F4", "Standard_F8", "Standard_F16", "Standard_D4_v3", "Standard_D8_v3", "Standard_D16_v3", "Standard_D32_v3", "Standard_D64_v3", "Standard_E4_v3", "Standard_E8_v3", "Standard_E16_v3", "Standard_E20_v3", "Standard_E32_v3", "Standard_E64_v3", "Standard_E64i_v3", "Standard_DS11_v2", "Standard_DS12_v2", "Standard_DS13_v2", "Standard_DS14_v2", "Standard_DS15_v2", "Standard_D2_v5", "Standard_D4_v5", "Standard_D8_v5", "Standard_D16_v5","Standard_D32_v5", "Standard_D2s_v5", "Standard_D4s_v5", "Standard_D8s_v5", "Standard_D16s_v5", "Standard_D2d_v5", "Standard_D4d_v5", "Standard_D8d_v5", "Standard_D16d_v5", "Standard_D32d_v5", "Standard_D2ds_v5", "Standard_D4ds_v5", "Standard_D8ds_v5", "Standard_D16ds_v5", "Standard_D32ds_v5" | n/a
+ | | | | | |
+ | **disk_size** | Storage data disk size size(GB) must be 100 for versions R81.20 and below | string | A number in the range 100 - 3995 (GB) | 100
+ | | | | | |
+ | **vm_os_sku** | A sku of the image to be deployed | string | "sg-byol" - BYOL license;
"sg-ngtp" - NGTP PAYG license;
"sg-ngtx" - NGTX PAYG license; | n/a
+ | | | | | |
+ | **vm_os_offer** | The name of the image offer to be deployed | string | "check-point-cg-r8040";
"check-point-cg-r81";
"check-point-cg-r8110";
"check-point-cg-r8120"; | n/a
+ | | | | | |
+ | **os_version** | GAIA OS version | string | "R8040";
"R81";
"R8110";
"R8120"; | n/a
+ | | | | | |
+ | **bootstrap_script** | An optional script to run on the initial boot | string | Bootstrap script example:
"touch /home/admin/bootstrap.txt; echo 'hello_world' > /home/admin/bootstrap.txt"
The script will create bootstrap.txt file in the /home/admin/ and add 'hello word' string into it | n/a
+ | | | | | |
+ | **allow_upload_download** | Automatically download Blade Contracts and other important data. Improve product experience by sending data to Check Point | boolean | true;
false; | n/a
+ | | | | | |
+ | **authentication_type** | Specifies whether a password authentication or SSH Public Key authentication should be used | string | "Password";
"SSH Public Key"; | n/a
+ | | | | | |
+ | **availability_zones_num** | A list of a single item of the Availability Zone which the Virtual Machine should be allocated in | string | "centralus", "eastus2", "francecentral", "northeurope", "southeastasia", "westeurope", "westus2", "eastus", "uksouth" | n/a
+ | | | | | |
+ | **minimum_number_of_vm_instances** | The minimum number of VMSS instances for this resource | number | Valid values are in the range 0 - 10 | n/a
+ | | | | | |
+ | **maximum_number_of_vm_instances** | The maximum number of VMSS instances for this resource | number | Valid values are in the range 0 - 10 | n/a
+ | | | | | |
+ | **management_name** | The name of the management server as it appears in the configuration file | string | Field cannot be empty. Only alphanumeric characters or '_'/'-' are allowed, and the name must be 1-30 characters long | n/a
+ | | | | | |
+ | **management_IP** | The IP address used to manage the VMSS instances | string | A valid IP address | n/a
+ | | | | | |
+ | **management_interface** | Management option for the Gateways in the VMSS | string | "eth0-public" - Manages the GWs using their external NIC's public IP address;
"eth0-private" -Manages the GWs using their external NIC's private IP address;
"eth1-private" - Manages the GWs using their internal NIC's private IP address | "eth1-private"
+ | | | | | |
+ | **configuration_template_name** | The configuration template name as it appears in the configuration file | string | Field cannot be empty. Only alphanumeric characters or '_'/'-' are allowed, and the name must be 1-30 characters long | n/a
+ | | | | | |
+ | **frontend_load_distribution** | The load balancing distribution method for the External Load Balancer | string | "Default" - None(5-tuple);
"SourceIP" - ClientIP(2-tuple);
"SourceIPProtocol" - ClientIP and protocol(3-tuple) | n/a
+ | | | | | |
+ | **backend_load_distribution** | The load balancing distribution method for the Internal Load Balancer | string | "Default" - None(5-tuple);
"SourceIP" - ClientIP(2-tuple);
"SourceIPProtocol" - ClientIP and protocol(3-tuple) | n/a
+ | | | | | |
+ | **notification_email** | An email address to notify about scaling operations | string | Leave empty double quotes or enter a valid email address | n/a
+ | | | | | |
+ | **enable_custom_metrics** | Indicates whether Custom Metrics will be used for VMSS Scaling policy and VM monitoring | boolean | true;
false; | true
+ | | | | | |
+ | **enable_floating_ip** | Indicates whether the load balancers will be deployed with floating IP | boolean | true;
false; | false
+ | | | | | |
+ | **deployment_mode** | Indicates which load balancer need to be deployed. External + Internal(Standard), only External, only Internal | string | Standard ;
External;
Internal; | "Standard"
+ | | | | | |
+ | **admin_shell** | Enables to select different admin shells | string | /etc/cli.sh;
/bin/bash;
/bin/csh;
/bin/tcsh; | "/etc/cli.sh"
+ | | | | | |
+ | **serial_console_password_hash** | Optional parameter, used to enable serial console connection in case of SSH key as authentication type, to generate password hash use the command 'openssl passwd -6 PASSWORD' on Linux and paste it here | string | | n/a
+ | | | | | |
+ | **maintenance_mode_password_hash** | Maintenance mode password hash, relevant only for R81.20 and higher versions, to generate a password hash use the command 'grub2-mkpasswd-pbkdf2' on Linux and paste it here | string | | n/a
+ | | | | | |
+ | **nsg_id** | Optional ID for a Network Security Group that already exists in Azure, if not provided, will create a default NSG | string | Existing NSG resource ID | ""
+ | | | | | |
+ | **add_storage_account_ip_rules** | Add Storage Account IP rules that allow access to the Serial Console only for IPs based on their geographic location, if false then accses will be allowed from all networks | boolean | true;
false; | false
+ | | | | | |
+ | **storage_account_additional_ips** | IPs/CIDRs that are allowed access to the Storage Account | list(string) | A list of valid IPs and CIDRs | []
+
+## Conditional creation
+To create role assignment and enable CloudGuard metrics in order to send statuses and statistics collected from VMSS instances to the Azure Monitor service:
+```
+enable_custom_metrics = true
+```
+
+## Example
+ client_secret = "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"
+ client_id = "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"
+ tenant_id = "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"
+ subscription_id = "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"
+ source_image_vhd_uri = "noCustomUri"
+ resource_group_name = "checkpoint-vmss-terraform"
+ location = "eastus"
+ vmss_name = "checkpoint-vmss-terraform"
+ vnet_name = "checkpoint-vmss-vnet"
+ vnet_resource_group = "existing-vnet"
+ frontend_subnet_name = "frontend"
+ backend_subnet_name = "backend"
+ backend_lb_IP_address = 4
+ admin_password = "xxxxxxxxxxxx"
+ sic_key = "xxxxxxxxxxxx"
+ vm_size = "Standard_D3_v2"
+ disk_size = "100"
+ vm_os_sku = "sg-byol"
+ vm_os_offer = "check-point-cg-r8110"
+ os_version = "R8110"
+ bootstrap_script = "touch /home/admin/bootstrap.txt; echo 'hello_world' > /home/admin/bootstrap.txt"
+ allow_upload_download = true
+ authentication_type = "Password"
+ availability_zones_num = "1"
+ minimum_number_of_vm_instances = 2
+ maximum_number_of_vm_instances = 10
+ management_name = "mgmt"
+ management_IP = "13.92.42.181"
+ management_interface = "eth1-private"
+ configuration_template_name = "vmss_template"
+ notification_email = ""
+ frontend_load_distribution = "Default"
+ backend_load_distribution = "Default"
+ enable_custom_metrics = true
+ enable_floating_ip = false
+ deployment_mode = "Standard"
+ admin_shell = "/etc/cli.sh"
+ serial_console_password_hash = "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"
+ maintenance_mode_password_hash = "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"
+ nsg_id = ""
+ add_storage_account_ip_rules = false
+ storage_account_additional_ips = []
+
+
+## Deploy Without Public IP
+
+1. By default, the VMSS is deployed with public IP
+2. To deploy without public IP, remove the "public_ip_address_configuration" block in main.tf
+
+## Known limitations
+
+## Revision History
+
+In order to check the template version refer to the [sk116585](https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk116585)
+
+| Template Version | Description |
+| ---------------- | ------------- |
+| 20240613 | - Updated Azure Terraform provider version
- Cosmetic fixes & default values
- Added option to limit storage account access by specify allowed sourcess
- Updated diskSizeGB
- Added validation for os_version & os_offer |
+| | | |
+| 20230910 | - R81.20 is the default version |
+| | | |
+| 20221124 | - Added R81.20 support
- Upgraded azurerm provider |
+| | | |
+| 20220111 | - Added support to select different shells |
+| | | |
+| 20210309 | - Add "source_image_vhd_uri" variable for using a custom development image
- Fix zones filed for scale set be installed as multi-zone
- Modify "management_interface" variable and tags regarding managing the Gateways in the Scale Set |
+| | | |
+| 20210111 |- Update terraform version to 0.14.3
- Update azurerm version to 2.17.0
- Add authentication_type variable for choosing the authentication type.
- Adding support for R81.
- Add public IP addresses support.
- Add support to CloudGuards metrics.
- Avoid role-assignment re-creation when re-apply |
+| | | |
+| 20200323 | Remove the domain_name_label variable from the azurerm_public_ip resource; |
+| | | |
+| 20200305 | First release of Check Point CloudGuard IaaS VMSS Terraform deployment for Azure |
+| | | |
+| | Addition of "templateType" parameter to "cloud-version" files |
+| | | |
+
+
+## License
+
+See the [LICENSE](../../LICENSE) file for details
+
diff --git a/deprecated/terraform/azure/R8040-R81/vmss-existing-vnet/azure_public_key b/deprecated/terraform/azure/R8040-R81/vmss-existing-vnet/azure_public_key
new file mode 100644
index 00000000..e69de29b
diff --git a/deprecated/terraform/azure/R8040-R81/vmss-existing-vnet/cloud-init.sh b/deprecated/terraform/azure/R8040-R81/vmss-existing-vnet/cloud-init.sh
new file mode 100644
index 00000000..f11f72c3
--- /dev/null
+++ b/deprecated/terraform/azure/R8040-R81/vmss-existing-vnet/cloud-init.sh
@@ -0,0 +1,17 @@
+#!/usr/bin/python3 /etc/cloud_config.py
+
+installationType="${installation_type}"
+allowUploadDownload="${allow_upload_download}"
+osVersion="${os_version}"
+templateName="${template_name}"
+templateVersion="${template_version}"
+templateType="${template_type}"
+isBlink="${is_blink}"
+bootstrapScript64="${bootstrap_script64}"
+location="${location}"
+sicKey="${sic_key}"
+vnet="${vnet}"
+customMetrics="${enable_custom_metrics}"
+adminShell="${admin_shell}"
+passwordHash="${serial_console_password_hash}"
+MaintenanceModePassword="${maintenance_mode_password_hash}"
diff --git a/deprecated/terraform/azure/R8040-R81/vmss-existing-vnet/main.tf b/deprecated/terraform/azure/R8040-R81/vmss-existing-vnet/main.tf
new file mode 100644
index 00000000..7cc4399a
--- /dev/null
+++ b/deprecated/terraform/azure/R8040-R81/vmss-existing-vnet/main.tf
@@ -0,0 +1,446 @@
+provider "azurerm" {
+ subscription_id = var.subscription_id
+ client_id = var.client_id
+ client_secret = var.client_secret
+ tenant_id = var.tenant_id
+
+ features {}
+}
+
+//********************** Basic Configuration **************************//
+module "common" {
+ source = "../modules/common"
+ resource_group_name = var.resource_group_name
+ location = var.location
+ admin_password = var.authentication_type == "SSH Public Key" ? random_id.random_id.hex : var.admin_password
+ installation_type = var.installation_type
+ template_name = var.template_name
+ template_version = var.template_version
+ number_of_vm_instances = var.number_of_vm_instances
+ allow_upload_download = var.allow_upload_download
+ vm_size = var.vm_size
+ disk_size = var.disk_size
+ is_blink = var.is_blink
+ os_version = var.os_version
+ vm_os_sku = var.vm_os_sku
+ vm_os_offer = var.vm_os_offer
+ authentication_type = var.authentication_type
+ serial_console_password_hash = var.serial_console_password_hash
+ maintenance_mode_password_hash = var.maintenance_mode_password_hash
+ storage_account_additional_ips = var.storage_account_additional_ips
+}
+
+//********************** Networking **************************//
+
+data "azurerm_subnet" "frontend" {
+ name = var.frontend_subnet_name
+ virtual_network_name = var.vnet_name
+ resource_group_name = var.vnet_resource_group
+}
+
+data "azurerm_subnet" "backend" {
+ name = var.backend_subnet_name
+ virtual_network_name = var.vnet_name
+ resource_group_name = var.vnet_resource_group
+}
+
+module "network-security-group" {
+ source = "../modules/network-security-group"
+ count = var.nsg_id == "" ? 1 : 0
+ resource_group_name = module.common.resource_group_name
+ security_group_name = "${module.common.resource_group_name}_nsg"
+ location = module.common.resource_group_location
+ security_rules = [
+ {
+ name = "AllowAllInBound"
+ priority = "100"
+ direction = "Inbound"
+ access = "Allow"
+ protocol = "*"
+ source_port_ranges = "*"
+ destination_port_ranges = "*"
+ description = "Allow all inbound connections"
+ source_address_prefix = "*"
+ destination_address_prefix = "*"
+ }
+ ]
+}
+
+//********************** Load Balancers **************************//
+resource "random_id" "random_id" {
+ byte_length = 13
+ keepers = {
+ rg_id = module.common.resource_group_id
+ }
+}
+
+resource "azurerm_public_ip" "public-ip-lb" {
+ count = var.deployment_mode != "Internal" ? 1 : 0
+ name = "${var.vmss_name}-app-1"
+ location = module.common.resource_group_location
+ resource_group_name = module.common.resource_group_name
+ allocation_method = var.vnet_allocation_method
+ sku = var.sku
+ domain_name_label = "${lower(var.vmss_name)}-${random_id.random_id.hex}"
+}
+
+resource "azurerm_lb" "frontend-lb" {
+ count = var.deployment_mode != "Internal" ? 1 : 0
+ depends_on = [azurerm_public_ip.public-ip-lb]
+ name = "frontend-lb"
+ location = module.common.resource_group_location
+ resource_group_name = module.common.resource_group_name
+ sku = var.sku
+
+ frontend_ip_configuration {
+ name = "${var.vmss_name}-app-1"
+ public_ip_address_id = azurerm_public_ip.public-ip-lb[0].id
+ }
+}
+
+resource "azurerm_lb_backend_address_pool" "frontend-lb-pool" {
+ count = var.deployment_mode != "Internal" ? 1 : 0
+ loadbalancer_id = azurerm_lb.frontend-lb[0].id
+ name = "${var.vmss_name}-app-1"
+}
+
+resource "azurerm_lb" "backend-lb" {
+ count = var.deployment_mode != "External" ? 1 : 0
+ name = "backend-lb"
+ location = module.common.resource_group_location
+ resource_group_name = module.common.resource_group_name
+ sku = var.sku
+ frontend_ip_configuration {
+ name = "backend-lb"
+ subnet_id = data.azurerm_subnet.backend.id
+ private_ip_address_allocation = "Static"
+ private_ip_address = cidrhost(data.azurerm_subnet.backend.address_prefixes[0],var.backend_lb_IP_address)
+ }
+}
+
+resource "azurerm_lb_backend_address_pool" "backend-lb-pool" {
+ count = var.deployment_mode != "External" ? 1 : 0
+ name = "backend-lb-pool"
+ loadbalancer_id = azurerm_lb.backend-lb[0].id
+}
+
+resource "azurerm_lb_probe" "azure_lb_healprob" {
+ count = var.deployment_mode == "Standard" ? 2 : 1
+ depends_on = [azurerm_lb.frontend-lb, azurerm_lb.backend-lb]
+ loadbalancer_id = var.deployment_mode == "Standard" ? (count.index == 0 ? azurerm_lb.frontend-lb[0].id : azurerm_lb.backend-lb[0].id) : (var.deployment_mode == "External" ? azurerm_lb.frontend-lb[0].id : azurerm_lb.backend-lb[0].id)
+ name = var.deployment_mode == "Standard" ? (count.index == 0 ? "${var.vmss_name}-app-1" : "backend-lb") : (var.deployment_mode == "External" ? "${var.vmss_name}-app-1" : "backend-lb")
+ protocol = var.lb_probe_protocol
+ port = var.lb_probe_port
+ interval_in_seconds = var.lb_probe_interval
+ number_of_probes = var.lb_probe_unhealthy_threshold
+}
+
+// Standard deployment
+resource "azurerm_lb_rule" "lbnatrule-standard" {
+ count = var.deployment_mode == "Standard" ? 2 : 0
+ depends_on = [azurerm_lb.frontend-lb[0],azurerm_lb_probe.azure_lb_healprob,azurerm_lb.backend-lb[0]]
+ loadbalancer_id = count.index == 0 ? azurerm_lb.frontend-lb[0].id : azurerm_lb.backend-lb[0].id
+ name = count.index == 0 ? "${var.vmss_name}-app-1" : "backend-lb"
+ protocol = count.index == 0 ? "Tcp" : "All"
+ frontend_port = count.index == 0 ? var.frontend_port : "0"
+ backend_port = count.index == 0 ? var.backend_port : "0"
+ backend_address_pool_ids = count.index == 0 ? [azurerm_lb_backend_address_pool.frontend-lb-pool[0].id] : [azurerm_lb_backend_address_pool.backend-lb-pool[0].id]
+ frontend_ip_configuration_name = count.index == 0 ? azurerm_lb.frontend-lb[0].frontend_ip_configuration[0].name : azurerm_lb.backend-lb[0].frontend_ip_configuration[0].name
+ probe_id = azurerm_lb_probe.azure_lb_healprob[count.index].id
+ load_distribution = count.index == 0 ? var.frontend_load_distribution : var.backend_load_distribution
+ enable_floating_ip = var.enable_floating_ip
+}
+
+// External deployment
+resource "azurerm_lb_rule" "lbnatrule-external" {
+ count = var.deployment_mode == "External" ? 1 : 0
+ depends_on = [azurerm_lb.frontend-lb[0],azurerm_lb_probe.azure_lb_healprob]
+ loadbalancer_id = azurerm_lb.frontend-lb[0].id
+ name = "${var.vmss_name}-app-1"
+ protocol = "Tcp"
+ frontend_port = var.frontend_port
+ backend_port = var.backend_port
+ backend_address_pool_ids = [azurerm_lb_backend_address_pool.frontend-lb-pool[0].id]
+ frontend_ip_configuration_name = azurerm_lb.frontend-lb[0].frontend_ip_configuration[0].name
+ probe_id = azurerm_lb_probe.azure_lb_healprob[0].id
+ load_distribution = var.frontend_load_distribution
+ enable_floating_ip = var.enable_floating_ip
+}
+
+// Internal deployment
+resource "azurerm_lb_rule" "lbnatrule-internal" {
+ count = var.deployment_mode == "Internal" ? 1 : 0
+ depends_on = [azurerm_lb_probe.azure_lb_healprob,azurerm_lb.backend-lb[0]]
+ loadbalancer_id = azurerm_lb.backend-lb[0].id
+ name = "backend-lb"
+ protocol = "All"
+ frontend_port = "0"
+ backend_port = "0"
+ backend_address_pool_ids = [azurerm_lb_backend_address_pool.backend-lb-pool[0].id]
+ frontend_ip_configuration_name = azurerm_lb.backend-lb[0].frontend_ip_configuration[0].name
+ probe_id = azurerm_lb_probe.azure_lb_healprob[0].id
+ load_distribution = var.backend_load_distribution
+ enable_floating_ip = var.enable_floating_ip
+}
+
+//********************** Storage accounts **************************//
+// Generate random text for a unique storage account name
+resource "random_id" "randomId" {
+ keepers = {
+ # Generate a new ID only when a new resource group is defined
+ resource_group = module.common.resource_group_name
+ }
+ byte_length = 8
+}
+resource "azurerm_storage_account" "vm-boot-diagnostics-storage" {
+ name = "diag${random_id.randomId.hex}"
+ resource_group_name = module.common.resource_group_name
+ location = module.common.resource_group_location
+ account_tier = module.common.storage_account_tier
+ account_replication_type = module.common.account_replication_type
+ network_rules {
+ default_action = var.add_storage_account_ip_rules ? "Deny" : "Allow"
+ ip_rules = module.common.storage_account_ip_rules
+ }
+ blob_properties {
+ delete_retention_policy {
+ days = "15"
+ }
+ }
+}
+
+
+//********************** Virtual Machines **************************//
+locals {
+ SSH_authentication_type_condition = var.authentication_type == "SSH Public Key" ? true : false
+ availability_zones_num_condition = var.availability_zones_num == "0" ? null : var.availability_zones_num == "1" ? ["1"] : var.availability_zones_num == "2" ? ["1", "2"] : ["1", "2", "3"]
+ custom_image_condition = var.source_image_vhd_uri == "noCustomUri" ? false : true
+ management_interface_name = split("-", var.management_interface)[0]
+ management_ip_address_type = split("-", var.management_interface)[1]
+}
+
+resource "azurerm_image" "custom-image" {
+ count = local.custom_image_condition ? 1 : 0
+ name = "custom-image"
+ location = var.location
+ resource_group_name = module.common.resource_group_name
+
+ os_disk {
+ os_type = "Linux"
+ os_state = "Generalized"
+ blob_uri = var.source_image_vhd_uri
+ }
+}
+
+resource "azurerm_linux_virtual_machine_scale_set" "vmss" {
+ name = var.vmss_name
+ location = module.common.resource_group_location
+ resource_group_name = module.common.resource_group_name
+ sku = module.common.vm_size
+ zones = local.availability_zones_num_condition
+ instances = var.number_of_vm_instances
+ overprovision = false
+
+ dynamic "identity" {
+ for_each = var.enable_custom_metrics ? [1] : []
+ content {
+ type = "SystemAssigned"
+ }
+ }
+
+ dynamic "source_image_reference" {
+ for_each = local.custom_image_condition ? [] : [1]
+ content {
+ publisher = module.common.publisher
+ offer = module.common.vm_os_offer
+ sku = module.common.vm_os_sku
+ version = module.common.vm_os_version
+ }
+ }
+ source_image_id = local.custom_image_condition? azurerm_image.custom-image[0].id : null
+
+ os_disk {
+ disk_size_gb = module.common.disk_size
+ caching = module.common.storage_os_disk_caching
+ storage_account_type = module.common.storage_account_type
+ }
+
+ dynamic "plan" {
+ for_each = local.custom_image_condition ? [] : [1]
+ content {
+ name = module.common.vm_os_sku
+ publisher = module.common.publisher
+ product = module.common.vm_os_offer
+ }
+ }
+
+ computer_name_prefix = var.vmss_name
+ admin_username = module.common.admin_username
+ admin_password = module.common.admin_password
+ custom_data = base64encode(templatefile("${path.module}/cloud-init.sh", {
+ installation_type = module.common.installation_type
+ allow_upload_download = module.common.allow_upload_download
+ os_version = module.common.os_version
+ template_name = module.common.template_name
+ template_version = module.common.template_version
+ template_type = "terraform"
+ is_blink = module.common.is_blink
+ bootstrap_script64 = base64encode(var.bootstrap_script)
+ location = module.common.resource_group_location
+ sic_key = var.sic_key
+ vnet = data.azurerm_subnet.frontend.address_prefixes[0]
+ enable_custom_metrics = var.enable_custom_metrics ? "yes" : "no"
+ admin_shell = var.admin_shell
+ serial_console_password_hash = var.serial_console_password_hash
+ maintenance_mode_password_hash = var.maintenance_mode_password_hash
+ }))
+
+
+ disable_password_authentication = local.SSH_authentication_type_condition
+
+ dynamic "admin_ssh_key" {
+ for_each = local.SSH_authentication_type_condition ? [
+ 1] : []
+ content {
+ public_key = file("azure_public_key")
+ username = "notused"
+ }
+ }
+
+
+ boot_diagnostics {
+ storage_account_uri = module.common.boot_diagnostics ? join(",", azurerm_storage_account.vm-boot-diagnostics-storage.*.primary_blob_endpoint) : ""
+ }
+
+ upgrade_mode = "Manual"
+
+ network_interface {
+ name = "eth0"
+ primary = true
+ enable_ip_forwarding = true
+ enable_accelerated_networking = true
+ network_security_group_id = module.network-security-group[0].network_security_group_id
+ ip_configuration {
+ name = "ipconfig1"
+ subnet_id = data.azurerm_subnet.frontend.id
+ load_balancer_backend_address_pool_ids = var.deployment_mode != "Internal" ? [azurerm_lb_backend_address_pool.frontend-lb-pool[0].id]: null
+ primary = true
+ public_ip_address {
+ name = "${var.vmss_name}-public-ip"
+ idle_timeout_in_minutes = 15
+ domain_name_label = "${lower(var.vmss_name)}-dns-name"
+ }
+ }
+ }
+
+ network_interface {
+ name = "eth1"
+ primary = false
+ enable_ip_forwarding = true
+ enable_accelerated_networking = true
+ ip_configuration {
+ name = "ipconfig2"
+ subnet_id = data.azurerm_subnet.backend.id
+ load_balancer_backend_address_pool_ids = var.deployment_mode != "External" ? [azurerm_lb_backend_address_pool.backend-lb-pool[0].id] : null
+ primary = true
+ }
+ }
+
+ tags = var.management_interface == "eth0"?{
+ x-chkp-management = var.management_name,
+ x-chkp-template = var.configuration_template_name,
+ x-chkp-ip-address = local.management_ip_address_type,
+ x-chkp-management-interface = local.management_interface_name,
+ x-chkp-management-address = var.management_IP,
+ x-chkp-topology = "eth0:external,eth1:internal",
+ x-chkp-anti-spoofing = "eth0:false,eth1:false",
+ x-chkp-srcImageUri = var.source_image_vhd_uri
+ }:{
+ x-chkp-management = var.management_name,
+ x-chkp-template = var.configuration_template_name,
+ x-chkp-ip-address = local.management_ip_address_type,
+ x-chkp-management-interface = local.management_interface_name,
+ x-chkp-topology = "eth0:external,eth1:internal",
+ x-chkp-anti-spoofing = "eth0:false,eth1:false",
+ x-chkp-srcImageUri = var.source_image_vhd_uri
+ }
+}
+
+resource "azurerm_monitor_autoscale_setting" "vmss_settings" {
+ depends_on = [azurerm_linux_virtual_machine_scale_set.vmss]
+ name = var.vmss_name
+ resource_group_name = module.common.resource_group_name
+ location = module.common.resource_group_location
+ target_resource_id = azurerm_linux_virtual_machine_scale_set.vmss.id
+
+ profile {
+ name = "Profile1"
+
+ capacity {
+ default = module.common.number_of_vm_instances
+ minimum = var.minimum_number_of_vm_instances
+ maximum = var.maximum_number_of_vm_instances
+ }
+
+ rule {
+ metric_trigger {
+ metric_name = "Percentage CPU"
+ metric_resource_id = azurerm_linux_virtual_machine_scale_set.vmss.id
+ time_grain = "PT1M"
+ statistic = "Average"
+ time_window = "PT5M"
+ time_aggregation = "Average"
+ operator = "GreaterThan"
+ threshold = 80
+ }
+
+ scale_action {
+ direction = "Increase"
+ type = "ChangeCount"
+ value = "1"
+ cooldown = "PT5M"
+ }
+ }
+
+ rule {
+ metric_trigger {
+ metric_name = "Percentage CPU"
+ metric_resource_id = azurerm_linux_virtual_machine_scale_set.vmss.id
+ time_grain = "PT1M"
+ statistic = "Average"
+ time_window = "PT5M"
+ time_aggregation = "Average"
+ operator = "LessThan"
+ threshold = 60
+ }
+
+ scale_action {
+ direction = "Decrease"
+ type = "ChangeCount"
+ value = "1"
+ cooldown = "PT5M"
+ }
+ }
+ }
+
+ notification {
+ email {
+ send_to_subscription_administrator = false
+ send_to_subscription_co_administrator = false
+ custom_emails = var.notification_email == "" ? [] : [var.notification_email]
+ }
+ }
+}
+
+resource "azurerm_role_assignment" "custom_metrics_role_assignment"{
+ depends_on = [azurerm_linux_virtual_machine_scale_set.vmss]
+ count = var.enable_custom_metrics ? 1 : 0
+ role_definition_id = join("", ["/subscriptions/", var.subscription_id, "/providers/Microsoft.Authorization/roleDefinitions/", "3913510d-42f4-4e42-8a64-420c390055eb"])
+ principal_id = lookup(azurerm_linux_virtual_machine_scale_set.vmss.identity[0], "principal_id")
+ scope = module.common.resource_group_id
+ lifecycle {
+ ignore_changes = [
+ role_definition_id, principal_id
+ ]
+ }
+}
diff --git a/deprecated/terraform/azure/R8040-R81/vmss-existing-vnet/terraform.tfvars b/deprecated/terraform/azure/R8040-R81/vmss-existing-vnet/terraform.tfvars
new file mode 100644
index 00000000..66836af3
--- /dev/null
+++ b/deprecated/terraform/azure/R8040-R81/vmss-existing-vnet/terraform.tfvars
@@ -0,0 +1,43 @@
+#PLEASE refer to the README.md for accepted values FOR THE VARIABLES BELOW
+client_secret = "PLEASE ENTER CLIENT SECRET" # "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"
+client_id = "PLEASE ENTER CLIENT ID" # "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"
+tenant_id = "PLEASE ENTER TENANT ID" # "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"
+subscription_id = "PLEASE ENTER SUBSCRIPTION ID" # "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"
+source_image_vhd_uri = "PLEASE ENTER SOURCE IMAGE VHD URI OR noCustomUri" # "noCustomUri"
+resource_group_name = "PLEASE ENTER RESOURCE GROUP NAME" # "checkpoint-vmss-terraform"
+vmss_name = "PLEASE ENTER SCALE SET NAME" # "checkpoint-vmss-terraform"
+location = "PLEASE ENTER LOCATION" # "eastus"
+vnet_name = "PLEASE ENTER VIRTUAL NETWORK NAME" # "checkpoint-vmss-vnet"
+vnet_resource_group = "PLEASE ENTER VIRTUAL NETWORK'S RESOURCE GROUP NAME" # "existing-vnet"
+frontend_subnet_name = "PLEASE ENTER EXTERNAL SUBNET NAME" # "frontend"
+backend_subnet_name = "PLEASE ENTER INTERNAL SUBNET NAME" # "backend"
+backend_lb_IP_address = "PLEASE ENTER BACKEND LB IP ADDRESS POSITIONAL NUMBER" # 4
+admin_password = "PLEASE ENTER ADMIN PASSWORD" # "xxxxxxxxxxxx"
+sic_key = "PLEASE ENTER SIC KEY" # "xxxxxxxxxxxx"
+vm_size = "PLEASE ENTER VM SIZE" # "Standard_D3_v2"
+disk_size = "PLEASE ENTER DISK SIZE MUST BE 100 FOR VERSIONS R81.20 AND BELOW" # "100"
+vm_os_sku = "PLEASE ENTER VM SKU" # "sg-byol"
+vm_os_offer = "PLEASE ENTER VM OFFER" # "check-point-cg-r8110"
+os_version = "PLEASE ENTER GAIA OS VERSION" # "R8110"
+bootstrap_script = "PLEASE ENTER CUSTOM SCRIPT OR LEAVE EMPTY DOUBLE QUOTES" # "touch /home/admin/bootstrap.txt; echo 'hello_world' > /home/admin/bootstrap.txt"
+allow_upload_download = "PLEASE ENTER true or false" # true
+authentication_type = "PLEASE ENTER AUTHENTICATION TYPE" # "Password"
+availability_zones_num = "PLEASE ENTER NUMBER OF AVAILABILITY ZONES" # "1"
+minimum_number_of_vm_instances = "PLEASE ENTER MINIMUM NUMBER OF VM INSTANCES" # 2
+maximum_number_of_vm_instances = "PLEASE ENTER MAXIMUM NUMBER OF VM INSTANCES" # 10
+management_name = "PLEASE ENTER MANAGEMENT NAME" # "mgmt"
+management_IP = "PLEASE ENTER MANAGEMENT IP" # "13.92.42.181"
+management_interface = "PLEASE ENTER MANAGEMENT INTERFACE" # "eth1-private"
+configuration_template_name = "PLEASE ENTER CONFIGURATION TEMPLATE NAME" # "vmss_template"
+notification_email = "PLEASE ENTER NOTIFICATION MAIL OR LEAVE EMPTY DOUBLE QUOTES" # ""
+frontend_load_distribution = "PLEASE ENTER EXTERNAL LOAD BALANCER SESSION PERSISTENCE" # "Default"
+backend_load_distribution = "PLEASE ENTER INTERNAL LOAD BALANCER SESSION PERSISTENCE" # "Default"
+enable_custom_metrics = "PLEASE ENTER true or false" # true
+enable_floating_ip = "PLEASE ENTER true or false" # false
+deployment_mode = "PLEASE ENTER DEPLOYMENT MODE" # "Standard"
+admin_shell = "PLEASE ENTER ADMIN SHELL" # "/etc/cli.sh"
+serial_console_password_hash = "PLEASE ENTER SERIAL CONSOLE PASSWORD HASH" # "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"
+maintenance_mode_password_hash = "PLEASE ENTER MAINTENANCE MODE PASSWORD HASH" # "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"
+add_storage_account_ip_rules = "PLEASE ENTER true or false" # false
+storage_account_additional_ips = "PLEASE ENTER A LIST OF VALID IPS/CIDRS" # []
+nsg_id = "PLEASE ENTER NETWORK SECURITY GROUP ID" # ""
\ No newline at end of file
diff --git a/deprecated/terraform/azure/R8040-R81/vmss-existing-vnet/variables.tf b/deprecated/terraform/azure/R8040-R81/vmss-existing-vnet/variables.tf
new file mode 100644
index 00000000..9ef598a3
--- /dev/null
+++ b/deprecated/terraform/azure/R8040-R81/vmss-existing-vnet/variables.tf
@@ -0,0 +1,404 @@
+//********************** Basic Configuration Variables **************************//
+variable "vmss_name"{
+ description = "vmss name"
+ type = string
+}
+
+variable "resource_group_name" {
+ description = "Azure Resource Group name to build into"
+ type = string
+}
+
+variable "location" {
+ description = "The location/region where resources will be created. The full list of Azure regions can be found at https://azure.microsoft.com/regions"
+ type = string
+}
+
+//********************** Virtual Machine Instances Variables **************************//
+variable "source_image_vhd_uri" {
+ type = string
+ description = "The URI of the blob containing the development image. Please use noCustomUri if you want to use marketplace images."
+ default = "noCustomUri"
+}
+
+variable "admin_username" {
+ description = "Administrator username of deployed VM. Due to Azure limitations 'notused' name can be used"
+ default = "notused"
+}
+
+variable "admin_password" {
+ description = "Administrator password of deployed Virtual Machine. The password must meet the complexity requirements of Azure"
+ type = string
+}
+
+variable "serial_console_password_hash" {
+ description = "Optional parameter, used to enable serial console connection in case of SSH key as authentication type"
+ type = string
+}
+
+variable "maintenance_mode_password_hash" {
+ description = "Maintenance mode password hash, relevant only for R81.20 and higher versions"
+ type = string
+}
+
+variable "availability_zones_num" {
+ description = "The number of availability zones to use for Scale Set. Note that the load balancers and their IP addresses will be redundant in any case"
+ #Availability Zones are only supported in several regions at this time
+ #"centralus", "eastus2", "francecentral", "northeurope", "southeastasia", "westeurope", "westus2", "eastus", "uksouth"
+ #type = list(string)
+}
+
+locals { // locals for 'availability_zones_num' allowed values
+ availability_zones_num_allowed_values = [
+ "0",
+ "1",
+ "2",
+ "3"
+ ]
+ // will fail if [var.availability_zones_num] is invalid:
+ validate_availability_zones_num_value = index(local.availability_zones_num_allowed_values, var.availability_zones_num)
+}
+
+variable "sic_key" {
+ description = "Secure Internal Communication(SIC) key"
+ type = string
+}
+resource "null_resource" "sic_key_invalid" {
+ count = length(var.sic_key) >= 12 ? 0 : "SIC key must be at least 12 characters long"
+}
+
+variable "template_name"{
+ description = "Template name. Should be defined according to deployment type(ha, vmss)"
+ type = string
+ default = "vmss-terraform"
+}
+
+variable "template_version"{
+ description = "Template version. It is recommended to always use the latest template version"
+ type = string
+ default = "20230910"
+}
+
+variable "installation_type"{
+ description = "Installation type"
+ type = string
+ default = "vmss"
+}
+
+variable "number_of_vm_instances"{
+ description = "Default number of VM instances to deploy"
+ type = string
+ default = "2"
+}
+
+variable "minimum_number_of_vm_instances" {
+ description = "Minimum number of VM instances to deploy"
+ type = string
+}
+
+variable "maximum_number_of_vm_instances" {
+ description = "Maximum number of VM instances to deploy"
+ type = string
+}
+
+variable "vm_size" {
+ description = "Specifies size of Virtual Machine"
+ type = string
+}
+
+
+variable "os_version" {
+ description = "GAIA OS version"
+ type = string
+}
+
+locals { // locals for 'vm_os_offer' allowed values
+ os_version_allowed_values = [
+ "R8040",
+ "R81",
+ "R8110",
+ "R8120"
+ ]
+ // will fail if [var.os_version] is invalid:
+ validate_os_version_value = index(local.os_version_allowed_values, var.os_version)
+}
+variable "disk_size" {
+ description = "Storage data disk size size(GB). Select a number between 100 and 3995, if you are using R81.20 or below, the disk size must be 100"
+ type = string
+ default = 100
+}
+resource "null_resource" "disk_size_validation" {
+ // Will fail if var.disk_size is not 100 and the version is R81.20 or below
+ count = tonumber(var.disk_size) != 100 && contains(["R8040", "R81", "R8110", "R8120"], var.os_version) ? "variable disk_size can not be changed for R81.20 and below" : 0
+}
+variable "vm_os_sku" {
+ description = "The sku of the image to be deployed."
+ type = string
+}
+
+variable "authentication_type" {
+ description = "Specifies whether a password authentication or SSH Public Key authentication should be used"
+ type = string
+}
+locals { // locals for 'authentication_type' allowed values
+ authentication_type_allowed_values = [
+ "Password",
+ "SSH Public Key"
+ ]
+ // will fail if [var.authentication_type] is invalid:
+ validate_authentication_type_value = index(local.authentication_type_allowed_values, var.authentication_type)
+}
+
+variable "allow_upload_download" {
+ description = "Automatically download Blade Contracts and other important data. Improve product experience by sending data to Check Point"
+ type = bool
+}
+
+variable "is_blink" {
+ description = "Define if blink image is used for deployment"
+ default = true
+}
+
+variable "management_name" {
+ description = "The name of the management server as it appears in the configuration file"
+ type = string
+}
+
+variable "management_IP" {
+ description = "The IP address used to manage the VMSS instances"
+ type = string
+}
+
+variable "management_interface" {
+ description = "Manage the Gateways in the Scale Set via the instance's external (eth0) or internal (eth1) NIC's private IP address"
+ type = string
+ default = "eth1-private"
+}
+locals { // locals for 'management_interface' allowed values
+ management_interface_allowed_values = [
+ "eth0-public",
+ "eth0-private",
+ "eth1-private"
+ ]
+ // will fail if [var.management_interface] is invalid:
+ validate_management_interface_value = index(local.management_interface_allowed_values, var.management_interface)
+}
+
+variable "configuration_template_name" {
+ description = "The configuration template name as it appears in the configuration file"
+ type = string
+}
+
+variable "admin_shell" {
+ description = "The admin shell to configure on machine or the first time"
+ type = string
+ default = "/etc/cli.sh"
+}
+
+locals {
+ admin_shell_allowed_values = [
+ "/etc/cli.sh",
+ "/bin/bash",
+ "/bin/csh",
+ "/bin/tcsh"
+ ]
+ // Will fail if [var.admin_shell] is invalid
+ validate_admin_shell_value = index(local.admin_shell_allowed_values, var.admin_shell)
+}
+
+//********************** Networking Variables **************************//
+variable "vnet_name" {
+ description = "Virtual Network name"
+ type = string
+}
+
+variable "frontend_subnet_name" {
+ description = "Frontend subnet name"
+ type = string
+}
+
+variable "backend_subnet_name" {
+ description = "Backend subnet name"
+ type = string
+}
+
+variable "vnet_resource_group" {
+ description = "Resource group of existing vnet"
+ type = string
+}
+
+variable "vnet_allocation_method" {
+ description = "IP address allocation method"
+ type = string
+ default = "Static"
+}
+
+variable "add_storage_account_ip_rules" {
+ type = bool
+ default = false
+ description = "Add Storage Account IP rules that allow access to the Serial Console only for IPs based on their geographic location"
+}
+
+variable "storage_account_additional_ips" {
+ type = list(string)
+ description = "IPs/CIDRs that are allowed access to the Storage Account"
+ default = []
+}
+
+//********************* Load Balancers Variables **********************//
+
+variable "deployment_mode" {
+ description = "The type of the deployment, can be 'Standard' for both load balancers or 'External' for external load balancer or 'Internal for internal load balancer"
+ type = string
+ default = "Standard"
+}
+
+locals { // locals for 'deployment_mode' allowed values
+ deployment_mode_allowd_values = [
+ "Standard",
+ "External",
+ "Internal"
+ ]
+ // will fail if [var.deployment_mode] is invalid:
+ validate_deployment_mode_value = index(local.deployment_mode_allowd_values, var.deployment_mode)
+}
+
+variable "backend_lb_IP_address" {
+ description = "The IP address is defined by its position in the subnet"
+ type = number
+}
+
+variable "lb_probe_port" {
+ description = "Port to be used for load balancer health probes and rules"
+ default = "8117"
+}
+
+variable "lb_probe_protocol" {
+ description = "Protocols to be used for load balancer health probes and rules"
+ default = "Tcp"
+}
+
+variable "lb_probe_unhealthy_threshold" {
+ description = "Number of times load balancer health probe has an unsuccessful attempt before considering the endpoint unhealthy."
+ default = 2
+}
+
+variable "lb_probe_interval" {
+ description = "Interval in seconds load balancer health probe rule performs a check"
+ default = 5
+}
+
+variable "frontend_port" {
+ description = "Port that will be exposed to the external Load Balancer"
+ type = string
+ default = "80"
+}
+
+variable "backend_port" {
+ description = "Port that will be exposed to the external Load Balance"
+ type = string
+ default = "8081"
+}
+
+variable "frontend_load_distribution" {
+ description = "Specifies the load balancing distribution type to be used by the frontend load balancer"
+ type = string
+}
+
+locals { // locals for 'frontend_load_distribution' allowed values
+ frontend_load_distribution_allowed_values = [
+ "Default",
+ "SourceIP",
+ "SourceIPProtocol"
+ ]
+ // will fail if [var.frontend_load_distribution] is invalid:
+ validate_frontend_load_distribution_value = index(local.frontend_load_distribution_allowed_values, var.frontend_load_distribution)
+}
+
+variable "backend_load_distribution" {
+ description = "Specifies the load balancing distribution type to be used by the backend load balancer"
+ type = string
+}
+
+locals { // locals for 'frontend_load_distribution' allowed values
+ backend_load_distribution_allowed_values = [
+ "Default",
+ "SourceIP",
+ "SourceIPProtocol"
+ ]
+ // will fail if [var.backend_load_distribution] is invalid:
+ validate_backend_load_distribution_value = index(local.backend_load_distribution_allowed_values, var.backend_load_distribution)
+}
+
+//********************** Scale Set variables *******************//
+
+variable "vm_os_offer" {
+ description = "The name of the offer of the image that you want to deploy.Choose from: check-point-cg-r8040, check-point-cg-r81, check-point-cg-r8110, check-point-cg-r8120"
+ type = string
+}
+
+locals { // locals for 'vm_os_offer' allowed values
+ vm_os_offer_allowed_values = [
+ "check-point-cg-r8040",
+ "check-point-cg-r81",
+ "check-point-cg-r8110",
+ "check-point-cg-r8120",
+ ]
+ // will fail if [var.vm_os_offer] is invalid:
+ validate_os_offer_value = index(local.vm_os_offer_allowed_values, var.vm_os_offer)
+}
+
+variable "bootstrap_script"{
+ description = "An optional script to run on the initial boot"
+ #example:
+ #"touch /home/admin/bootstrap.txt; echo 'hello_world' > /home/admin/bootstrap.txt"
+}
+
+variable "notification_email" {
+ description = "Specifies a list of custom email addresses to which the email notifications will be sent"
+ type = string
+}
+
+//********************** Credentials **************************//
+variable "tenant_id" {
+ description = "Tenant ID"
+ type = string
+}
+
+variable "subscription_id" {
+ description = "Subscription ID"
+ type = string
+}
+
+variable "client_id" {
+ description = "Application ID(Client ID)"
+ type = string
+}
+
+variable "client_secret" {
+ description = "A secret string that the application uses to prove its identity when requesting a token. Also can be referred to as application password."
+ type = string
+}
+
+variable "sku" {
+ description = "SKU"
+ type = string
+ default = "Standard"
+}
+
+variable "enable_custom_metrics" {
+ description = "Enable CloudGuard metrics in order to send statuses and statistics collected from VMSS instances to the Azure Monitor service."
+ type = bool
+ default = true
+}
+
+variable "enable_floating_ip" {
+ description = "Indicates whether the load balancers will be deployed with floating IP."
+ type = bool
+ default = false
+}
+
+variable "nsg_id" {
+ description = "NSG ID - Optional - if empty use default NSG"
+ default = ""
+}
diff --git a/deprecated/terraform/azure/R8040-R81/vmss-existing-vnet/versions.tf b/deprecated/terraform/azure/R8040-R81/vmss-existing-vnet/versions.tf
new file mode 100644
index 00000000..df4caa26
--- /dev/null
+++ b/deprecated/terraform/azure/R8040-R81/vmss-existing-vnet/versions.tf
@@ -0,0 +1,14 @@
+terraform {
+ required_version = ">= 0.14.3"
+ required_providers {
+ azurerm = {
+ source = "hashicorp/azurerm"
+ version = "~> 3.81.0"
+ }
+ random = {
+ version = "~> 3.5.1"
+ }
+ }
+}
+
+
diff --git a/deprecated/terraform/azure/R8040-R81/vmss-new-vnet/README.md b/deprecated/terraform/azure/R8040-R81/vmss-new-vnet/README.md
new file mode 100644
index 00000000..b57e3011
--- /dev/null
+++ b/deprecated/terraform/azure/R8040-R81/vmss-new-vnet/README.md
@@ -0,0 +1,247 @@
+# Check Point CloudGuard IaaS VMSS Terraform deployment for Azure
+
+This Terraform module deploys Check Point CloudGuard IaaS VMSS solution into a new Vnet in Azure.
+As part of the deployment the following resources are created:
+- Resource group
+- Virtual network
+- Network security group
+- Role assignment - conditional creation
+
+
+For additional information,
+please see the [CloudGuard Network for Azure Virtual Machine Scale Sets (VMSS) Deployment Guide](https://sc1.checkpoint.com/documents/IaaS/WebAdminGuides/EN/CP_VMSS_for_Azure/Default.htm)
+
+This solution uses the following modules:
+- /terraform/azure/modules/common - used for creating a resource group and defining common variables.
+- /terraform/azure/modules/vnet - used for creating new virtual network and subnets.
+- /terraform/azure/modules/network-security-group - used for creating new network security groups and rules.
+
+
+## Configurations
+- Install and configure Terraform to provision Azure resources: [Configure Terraform for Azure](https://docs.microsoft.com/en-us/azure/virtual-machines/linux/terraform-install-configure)
+- In order to use ssh connection to VMs, it is **required** to add a public key to the /terraform/azure/vmss-new-vnet/azure_public_key file
+
+## Usage
+- Choose the preferred login method to Azure in order to deploy the solution:
+
1. Using Service Principal:
+ - Create a [Service Principal](https://docs.microsoft.com/en-us/azure/active-directory/develop/howto-create-service-principal-portal) (or use the existing one)
+ - Grant the Service Principal at least "**Managed Application Contributor**", "**Storage Account Contributor**", "**Network Contributor**", "**Virtual Machine Contributor**" permissions to the Azure subscription
+ - The Service Principal credentials can be stored either in the terraform.tfvars or as [Environment Variables](https://www.terraform.io/docs/providers/azuread/guides/service_principal_client_secret.html)
+
+ In case the Environment Variables are used, perform modifications described below:
+
+ a. The next lines in the main.tf file, in the provider azurerm resource, need to be deleted or commented:
+
+ provider "azurerm" {
+
+ // subscription_id = var.subscription_id
+ // client_id = var.client_id
+ // client_secret = var.client_secret
+ // tenant_id = var.tenant_id
+
+ features {}
+ }
+
+ b. In the terraform.tfvars file leave empty double quotes for client_secret, client_id , tenant_id and subscription_id variables:
+
+ client_secret = ""
+ client_id = ""
+ tenant_id = ""
+ subscription_id = ""
+
+
2. Using **az** commands from a command-line:
+ - Run **az login** command
+ - Sign in with your account credentials in the browser
+ - [Accept Azure Marketplace image terms](https://docs.microsoft.com/en-us/cli/azure/vm/image/terms?view=azure-cli-latest) by running:
+
**az vm image terms accept --urn publisher:offer:sku:version**, where:
+ - publisher = checkpoint;
+ - offer = vm_os_offer (see accepted values in the table below);
+ - sku = vm_os_sku (see accepted values in the table below);
+ - version = latest
+
Example:
+ az vm image terms accept --urn checkpoint:check-point-cg-r8040:sg-byol:latest
+
+ - In the terraform.tfvars file leave empty double quotes for client_secret, client_id and tenant_id variables.
+
+- Fill all variables in the /terraform/azure/vmss-new-vnet/terraform.tfvars file with proper values (see below for variables descriptions).
+- From a command line initialize the Terraform configuration directory:
+
+ terraform init
+- Create an execution plan:
+
+ terraform plan
+- Create or modify the deployment:
+
+ terraform apply
+
+### terraform.tfvars variables:
+ | Name | Description | Type | Allowed values | Default |
+ | ------------- | ------------- | ------------- |---------| ------------- |
+ | **client_secret** | The client secret of the Service Principal used to deploy the solution | string | | n/a
+ | | | | | |
+ | **client_id** | The client ID of the Service Principal used to deploy the solution | string | | n/a
+ | | | | | |
+ | **tenant_id** | The tenant ID of the Service Principal used to deploy the solution | string | | n/a
+ | | | | | |
+ | **subscription_id** | The subscription ID is used to pay for Azure cloud services | string | | n/a
+ | | | | | |
+ | **source_image_vhd_uri** | The URI of the blob containing the development image. Please use noCustomUri if you want to use marketplace images | string | | "noCustomUri"
+ | | | | | |
+ | **resource_group_name** | The name of the resource group that will contain the contents of the deployment | string | Resource group names only allow alphanumeric characters, periods, underscores, hyphens and parenthesis and cannot end in a period
Note: Resource group name must not contain reserved words based on: sk40179| n/a
+ | | | | | |
+ | **location** | The region where the resources will be deployed at | string | The full list of Azure regions can be found at https://azure.microsoft.com/regions | n/a
+ | | | | | |
+ | **vmss_name** | The name of the Check Point VMSS Object | string | Only alphanumeric characters are allowed, and the name must be 1-30 characters long
Note: vmss name must not contain reserved words based on: sk40179 | n/a
+ | | | | | |
+ | **vnet_name** | The name of virtual network that will be created | string | The name must begin with a letter or number, end with a letter, number or underscore, and may contain only letters, numbers, underscores, periods, or hyphens | n/a
+ | | | | | |
+ | **address_space** | The address prefixes of the virtual network | string | Valid CIDR block | "10.0.0.0/16"
+ | | | | | |
+ | **subnet_prefixes** | The address prefixes to be used for created subnets | string | The subnets need to contain within the address space for this virtual network(defined by address_space variable) | ["10.0.0.0/24","10.0.1.0/24"]
+ | | | | | |
+ | **backend_lb_IP_address** | Is a whole number that can be represented as a binary integer with no more than the number of digits remaining in the address after the given prefix| number | Starting from 5-th IP address in a subnet. For example: subnet - 10.0.1.0/24, backend_lb_IP_address = 4 , the LB IP is 10.0.1.4 | n/a
+ | | | | | |
+ | **admin_password** | The password associated with the local administrator account on each cluster member | string | Password must have 3 of the following: 1 lower case character, 1 upper case character, 1 number, and 1 special character | n/a
+ | | | | | |
+ | **sic_key** | The Secure Internal Communication one time secret used to set up trust between the cluster object and the management server | string | Only alphanumeric characters are allowed, and the value must be 12-30 characters long | n/a
+ | | | | | |
+ | **vm_size** | Specifies the size of Virtual Machine | string | "Standard_DS2_v2", "Standard_DS3_v2", "Standard_DS4_v2", "Standard_DS5_v2", "Standard_F2s", "Standard_F4s", "Standard_F8s", "Standard_F16s", "Standard_D4s_v3", "Standard_D8s_v3", "Standard_D16s_v3", "Standard_D32s_v3", "Standard_D64s_v3", "Standard_E4s_v3", "Standard_E8s_v3", "Standard_E16s_v3", "Standard_E20s_v3", "Standard_E32s_v3", "Standard_E64s_v3", "Standard_E64is_v3", "Standard_F4s_v2", "Standard_F8s_v2", "Standard_F16s_v2", "Standard_F32s_v2", "Standard_F64s_v2", "Standard_M8ms", "Standard_M16ms", "Standard_M32ms", "Standard_M64ms", "Standard_M64s", "Standard_D2_v2", "Standard_D3_v2", "Standard_D4_v2", "Standard_D5_v2", "Standard_D11_v2", "Standard_D12_v2", "Standard_D13_v2", "Standard_D14_v2", "Standard_D15_v2", "Standard_F2", "Standard_F4", "Standard_F8", "Standard_F16", "Standard_D4_v3", "Standard_D8_v3", "Standard_D16_v3", "Standard_D32_v3", "Standard_D64_v3", "Standard_E4_v3", "Standard_E8_v3", "Standard_E16_v3", "Standard_E20_v3", "Standard_E32_v3", "Standard_E64_v3", "Standard_E64i_v3", "Standard_DS11_v2", "Standard_DS12_v2", "Standard_DS13_v2", "Standard_DS14_v2", "Standard_DS15_v2", "Standard_D2_v5", "Standard_D4_v5", "Standard_D8_v5", "Standard_D16_v5","Standard_D32_v5", "Standard_D2s_v5", "Standard_D4s_v5", "Standard_D8s_v5", "Standard_D16s_v5", "Standard_D2d_v5", "Standard_D4d_v5", "Standard_D8d_v5", "Standard_D16d_v5", "Standard_D32d_v5", "Standard_D2ds_v5", "Standard_D4ds_v5", "Standard_D8ds_v5", "Standard_D16ds_v5", "Standard_D32ds_v5" | n/a
+ | | | | | |
+ | **disk_size** | Storage data disk size size(GB) must be 100 for versions R81.20 and below | string | A number in the range 100 - 3995 (GB) | 100
+ | | | | | |
+ | **vm_os_sku** | A sku of the image to be deployed | string | "sg-byol" - BYOL license;
"sg-ngtp" - NGTP PAYG license;
"sg-ngtx" - NGTX PAYG license; | n/a
+ | | | | | |
+ | **vm_os_offer** | The name of the image offer to be deployed | string | "check-point-cg-r8040";
"check-point-cg-r81";
"check-point-cg-r8110";
"check-point-cg-r8120"; | n/a
+ | | | | | |
+ | **os_version** | GAIA OS version | string | "R8040";
"R81";
"R8110";
"R8120"; | n/a
+ | | | | | |
+ | **bootstrap_script** | An optional script to run on the initial boot | string | Bootstrap script example:
"touch /home/admin/bootstrap.txt; echo 'hello_world' > /home/admin/bootstrap.txt"
The script will create bootstrap.txt file in the /home/admin/ and add 'hello word' string into it | n/a
+ | | | | | |
+ | **allow_upload_download** | Automatically download Blade Contracts and other important data. Improve product experience by sending data to Check Point | boolean | true;
false; | n/a
+ | | | | | |
+ | **authentication_type** | Specifies whether a password authentication or SSH Public Key authentication should be used | string | "Password";
"SSH Public Key"; | n/a
+ | | | | | |
+ | **availability_zones_num** | A list of a single item of the Availability Zone which the Virtual Machine should be allocated in | string | "centralus", "eastus2", "francecentral", "northeurope", "southeastasia", "westeurope", "westus2", "eastus", "uksouth" | n/a
+ | | | | | |
+ | **minimum_number_of_vm_instances** | The minimum number of VMSS instances for this resource | number | Valid values are in the range 0 - 10 | n/a
+ | | | | | |
+ | **maximum_number_of_vm_instances** | The maximum number of VMSS instances for this resource | number | Valid values are in the range 0 - 10 | n/a
+ | | | | | |
+ | **management_name** | The name of the management server as it appears in the configuration file | string | Field cannot be empty. Only alphanumeric characters or '_'/'-' are allowed, and the name must be 1-30 characters long | n/a
+ | | | | | |
+ | **management_IP** | The IP address used to manage the VMSS instances | string | A valid IP address | n/a
+ | | | | | |
+ | **management_interface** | Management option for the Gateways in the VMSS | string | "eth0-public" - Manages the GWs using their external NIC's public IP address;
"eth0-private" -Manages the GWs using their external NIC's private IP address;
"eth1-private" - Manages the GWs using their internal NIC's private IP address | "eth1-private"
+ | | | | | |
+ | **configuration_template_name** | The configuration template name as it appears in the configuration file | string | Field cannot be empty. Only alphanumeric characters or '_'/'-' are allowed, and the name must be 1-30 characters long | n/a
+ | | | | | |
+ | **frontend_load_distribution** | The load balancing distribution method for the External Load Balancer | string | "Default" - None(5-tuple);
"SourceIP" - ClientIP(2-tuple);
"SourceIPProtocol" - ClientIP and protocol(3-tuple) | n/a
+ | | | | | |
+ | **backend_load_distribution** | The load balancing distribution method for the Internal Load Balancer | string | "Default" - None(5-tuple);
"SourceIP" - ClientIP(2-tuple);
"SourceIPProtocol" - ClientIP and protocol(3-tuple) | n/a
+ | | | | | |
+ | **notification_email** | An email address to notify about scaling operations | string | Leave empty double quotes or enter a valid email address | n/a
+ | | | | | |
+ | **enable_custom_metrics** | Indicates whether Custom Metrics will be used for VMSS Scaling policy and VM monitoring | boolean | true;
false; | n/a
+ | | | | | |
+ | **enable_floating_ip** | Indicates whether the load balancers will be deployed with floating IP | boolean | true;
false; | n/a
+ | | | | | |
+ | **deployment_mode** | Indicates which load balancer need to be deployed. External + Internal(Standard), only External, only Internal | string | Standard ;
External;
Internal; | "Standard"
+ | | | | | |
+ | **admin_shell** | Enables to select different admin shells | string | /etc/cli.sh;
/bin/bash;
/bin/csh;
/bin/tcsh; | "/etc/cli.sh"
+ | | | | | |
+ | **serial_console_password_hash** | Optional parameter, used to enable serial console connection in case of SSH key as authentication type, to generate password hash use the command 'openssl passwd -6 PASSWORD' on Linux and paste it here | string | | n/a
+ | | | | | |
+ | **maintenance_mode_password_hash** | Maintenance mode password hash, relevant only for R81.20 and higher versions, to generate a password hash use the command 'grub2-mkpasswd-pbkdf2' on Linux and paste it here | string | | n/a
+ | | | | | |
+ | **nsg_id** | Optional ID for a Network Security Group that already exists in Azure, if not provided, will create a default NSG | string | Existing NSG resource ID | ""
+ | | | | | |
+ | **add_storage_account_ip_rules** | Add Storage Account IP rules that allow access to the Serial Console only for IPs based on their geographic location, if false then accses will be allowed from all networks | boolean | true;
false; | false
+ | | | | | |
+ | **storage_account_additional_ips** | IPs/CIDRs that are allowed access to the Storage Account | list(string) | A list of valid IPs and CIDRs | []
+
+## Conditional creation
+To create role assignment and enable CloudGuard metrics in order to send statuses and statistics collected from VMSS instances to the Azure Monitor service:
+```
+enable_custom_metrics = true
+```
+
+## Example
+ client_secret = "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"
+ client_id = "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"
+ tenant_id = "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"
+ subscription_id = "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"
+ source_image_vhd_uri = "noCustomUri"
+ resource_group_name = "checkpoint-vmss-terraform"
+ location = "eastus"
+ vmss_name = "checkpoint-vmss-terraform"
+ vnet_name = "checkpoint-vmss-vnet"
+ address_space = "10.0.0.0/16"
+ subnet_prefixes = ["10.0.1.0/24","10.0.2.0/24"]
+ backend_lb_IP_address = 4
+ admin_password = "xxxxxxxxxxxx"
+ sic_key = "xxxxxxxxxxxx"
+ vm_size = "Standard_D3_v2"
+ disk_size = "100"
+ vm_os_sku = "sg-byol"
+ vm_os_offer = "check-point-cg-r8110"
+ os_version = "R8110"
+ bootstrap_script = "touch /home/admin/bootstrap.txt; echo 'hello_world' > /home/admin/bootstrap.txt"
+ allow_upload_download = true
+ authentication_type = "Password"
+ availability_zones_num = "1"
+ minimum_number_of_vm_instances = 2
+ maximum_number_of_vm_instances = 10
+ management_name = "mgmt"
+ management_IP = "13.92.42.181"
+ management_interface = "eth1-private"
+ configuration_template_name = "vmss_template"
+ notification_email = ""
+ frontend_load_distribution = "Default"
+ backend_load_distribution = "Default"
+ enable_custom_metrics = true
+ enable_floating_ip = false
+ deployment_mode = "Standard"
+ admin_shell = "/etc/cli.sh"
+ serial_console_password_hash = "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"
+ maintenance_mode_password_hash = "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"
+ nsg_id = ""
+ add_storage_account_ip_rules = false
+ storage_account_additional_ips = []
+
+## Deploy Without Public IP
+
+1. By default, the VMSS is deployed with public IP
+2. To deploy without public IP, remove the "public_ip_address_configuration" block in main.tf
+
+## Known limitations
+
+## Revision History
+
+In order to check the template version refer to the [sk116585](https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk116585)
+
+| Template Version | Description |
+| ---------------- | --------- |
+| 20240613 | - Updated Azure Terraform provider version
- Cosmetic fixes & default values
- Added option to limit storage account access by specify allowed sourcess
- Updated diskSizeGB
- Added validation for os_version & os_offer |
+| | | |
+| 20230910 | - R81.20 is the default version |
+| | | |
+| 20221124 | - Added R81.20 support
- Upgraded azurerm provider |
+| | | |
+| 20220111 | - Added support to select different shells |
+| | | |
+| 20210309 | - Add "source_image_vhd_uri" variable for using a custom development image
- Fix zones filed for scale set be installed as multi-zone
- Modify "management_interface" variable and tags regarding managing the Gateways in the Scale Set |
+| | | |
+| 20210111 |- Update terraform version to 0.14.3
- Update azurerm version to 2.17.0
- Add authentication_type variable for choosing the authentication type.
- Add support for R81.
- Add public IP addresses support.
- Add support to CloudGuards metrics.
- Update resources for NSG https://github.com/CheckPointSW/CloudGuardIaaS/issues/67
- Avoid role-assignment re-creation when re-applying |
+| | | |
+| 20200323 | Remove the domain_name_label variable from the azurerm_public_ip resource |
+| | | |
+| 20200305 | First release of Check Point CloudGuard IaaS VMSS Terraform deployment for Azure |
+| | | |
+| | Addition of "templateType" parameter to "cloud-version" files |
+| | | |
+
+
+## License
+
+See the [LICENSE](../../LICENSE) file for details
+
diff --git a/deprecated/terraform/azure/R8040-R81/vmss-new-vnet/azure_public_key b/deprecated/terraform/azure/R8040-R81/vmss-new-vnet/azure_public_key
new file mode 100644
index 00000000..e69de29b
diff --git a/deprecated/terraform/azure/R8040-R81/vmss-new-vnet/cloud-init.sh b/deprecated/terraform/azure/R8040-R81/vmss-new-vnet/cloud-init.sh
new file mode 100644
index 00000000..f11f72c3
--- /dev/null
+++ b/deprecated/terraform/azure/R8040-R81/vmss-new-vnet/cloud-init.sh
@@ -0,0 +1,17 @@
+#!/usr/bin/python3 /etc/cloud_config.py
+
+installationType="${installation_type}"
+allowUploadDownload="${allow_upload_download}"
+osVersion="${os_version}"
+templateName="${template_name}"
+templateVersion="${template_version}"
+templateType="${template_type}"
+isBlink="${is_blink}"
+bootstrapScript64="${bootstrap_script64}"
+location="${location}"
+sicKey="${sic_key}"
+vnet="${vnet}"
+customMetrics="${enable_custom_metrics}"
+adminShell="${admin_shell}"
+passwordHash="${serial_console_password_hash}"
+MaintenanceModePassword="${maintenance_mode_password_hash}"
diff --git a/deprecated/terraform/azure/R8040-R81/vmss-new-vnet/main.tf b/deprecated/terraform/azure/R8040-R81/vmss-new-vnet/main.tf
new file mode 100644
index 00000000..967fd8c8
--- /dev/null
+++ b/deprecated/terraform/azure/R8040-R81/vmss-new-vnet/main.tf
@@ -0,0 +1,442 @@
+provider "azurerm" {
+ subscription_id = var.subscription_id
+ client_id = var.client_id
+ client_secret = var.client_secret
+ tenant_id = var.tenant_id
+
+ features {}
+}
+
+//********************** Basic Configuration **************************//
+module "common" {
+ source = "../modules/common"
+ resource_group_name = var.resource_group_name
+ location = var.location
+ admin_password = var.authentication_type == "SSH Public Key" ? random_id.random_id.hex : var.admin_password
+ installation_type = var.installation_type
+ template_name = var.template_name
+ template_version = var.template_version
+ number_of_vm_instances = var.number_of_vm_instances
+ allow_upload_download = var.allow_upload_download
+ vm_size = var.vm_size
+ disk_size = var.disk_size
+ is_blink = var.is_blink
+ os_version = var.os_version
+ vm_os_sku = var.vm_os_sku
+ vm_os_offer = var.vm_os_offer
+ authentication_type = var.authentication_type
+ serial_console_password_hash = var.serial_console_password_hash
+ maintenance_mode_password_hash = var.maintenance_mode_password_hash
+ storage_account_additional_ips = var.storage_account_additional_ips
+}
+
+//********************** Networking **************************//
+module "vnet" {
+ source = "../modules/vnet"
+ vnet_name = var.vnet_name
+ resource_group_name = module.common.resource_group_name
+ location = module.common.resource_group_location
+ nsg_id = var.nsg_id == "" ? module.network-security-group[0].network_security_group_id: var.nsg_id
+ address_space = var.address_space
+ subnet_prefixes = var.subnet_prefixes
+}
+
+module "network-security-group" {
+ source = "../modules/network-security-group"
+ count = var.nsg_id == "" ? 1 : 0
+ resource_group_name = module.common.resource_group_name
+ security_group_name = "${module.common.resource_group_name}_nsg"
+ location = module.common.resource_group_location
+ security_rules = [
+ {
+ name = "AllowAllInBound"
+ priority = "100"
+ direction = "Inbound"
+ access = "Allow"
+ protocol = "*"
+ source_port_ranges = "*"
+ destination_port_ranges = "*"
+ description = "Allow all inbound connections"
+ source_address_prefix = "*"
+ destination_address_prefix = "*"
+ }
+ ]
+}
+
+//********************** Load Balancers **************************//
+resource "random_id" "random_id" {
+ byte_length = 13
+ keepers = {
+ rg_id = module.common.resource_group_id
+ }
+}
+
+resource "azurerm_public_ip" "public-ip-lb" {
+ count = var.deployment_mode != "Internal" ? 1 : 0
+ name = "${var.vmss_name}-app-1"
+ location = module.common.resource_group_location
+ resource_group_name = module.common.resource_group_name
+ allocation_method = module.vnet.allocation_method
+ sku = var.sku
+ domain_name_label = "${lower(var.vmss_name)}-${random_id.random_id.hex}"
+}
+
+resource "azurerm_lb" "frontend-lb" {
+ count = var.deployment_mode != "Internal" ? 1 : 0
+ depends_on = [azurerm_public_ip.public-ip-lb]
+ name = "frontend-lb"
+ location = module.common.resource_group_location
+ resource_group_name = module.common.resource_group_name
+ sku = var.sku
+
+ frontend_ip_configuration {
+ name = "${var.vmss_name}-app-1"
+ public_ip_address_id = azurerm_public_ip.public-ip-lb[0].id
+ }
+}
+
+resource "azurerm_lb_backend_address_pool" "frontend-lb-pool" {
+ count = var.deployment_mode != "Internal" ? 1 : 0
+ loadbalancer_id = azurerm_lb.frontend-lb[0].id
+ name = "${var.vmss_name}-app-1"
+}
+
+resource "azurerm_lb" "backend-lb" {
+ count = var.deployment_mode != "External" ? 1 : 0
+ name = "backend-lb"
+ location = module.common.resource_group_location
+ resource_group_name = module.common.resource_group_name
+ sku = var.sku
+ frontend_ip_configuration {
+ name = "backend-lb"
+ subnet_id = module.vnet.vnet_subnets[1]
+ private_ip_address_allocation = module.vnet.allocation_method
+ private_ip_address = cidrhost(module.vnet.subnet_prefixes[1], var.backend_lb_IP_address)
+ }
+}
+
+resource "azurerm_lb_backend_address_pool" "backend-lb-pool" {
+ count = var.deployment_mode != "External" ? 1 : 0
+ name = "backend-lb-pool"
+ loadbalancer_id = azurerm_lb.backend-lb[0].id
+}
+
+resource "azurerm_lb_probe" "azure_lb_healprob" {
+ count = var.deployment_mode == "Standard" ? 2 : 1
+ depends_on = [azurerm_lb.frontend-lb, azurerm_lb.backend-lb]
+ loadbalancer_id = var.deployment_mode == "Standard" ? (count.index == 0 ? azurerm_lb.frontend-lb[0].id : azurerm_lb.backend-lb[0].id) : (var.deployment_mode == "External" ? azurerm_lb.frontend-lb[0].id : azurerm_lb.backend-lb[0].id)
+ name = var.deployment_mode == "Standard" ? (count.index == 0 ? "${var.vmss_name}-app-1" : "backend-lb") : (var.deployment_mode == "External" ? "${var.vmss_name}-app-1" : "backend-lb")
+ protocol = var.lb_probe_protocol
+ port = var.lb_probe_port
+ interval_in_seconds = var.lb_probe_interval
+ number_of_probes = var.lb_probe_unhealthy_threshold
+}
+
+// Standard deployment
+resource "azurerm_lb_rule" "lbnatrule-standard" {
+ count = var.deployment_mode == "Standard" ? 2 : 0
+ depends_on = [azurerm_lb.frontend-lb[0],azurerm_lb_probe.azure_lb_healprob,azurerm_lb.backend-lb[0]]
+ loadbalancer_id = count.index == 0 ? azurerm_lb.frontend-lb[0].id : azurerm_lb.backend-lb[0].id
+ name = count.index == 0 ? "${var.vmss_name}-app-1" : "backend-lb"
+ protocol = count.index == 0 ? "Tcp" : "All"
+ frontend_port = count.index == 0 ? var.frontend_port : "0"
+ backend_port = count.index == 0 ? var.backend_port : "0"
+ backend_address_pool_ids = count.index == 0 ? [azurerm_lb_backend_address_pool.frontend-lb-pool[0].id] : [azurerm_lb_backend_address_pool.backend-lb-pool[0].id]
+ frontend_ip_configuration_name = count.index == 0 ? azurerm_lb.frontend-lb[0].frontend_ip_configuration[0].name : azurerm_lb.backend-lb[0].frontend_ip_configuration[0].name
+ probe_id = azurerm_lb_probe.azure_lb_healprob[count.index].id
+ load_distribution = count.index == 0 ? var.frontend_load_distribution : var.backend_load_distribution
+ enable_floating_ip = var.enable_floating_ip
+}
+
+// External deployment
+resource "azurerm_lb_rule" "lbnatrule-external" {
+ count = var.deployment_mode == "External" ? 1 : 0
+ depends_on = [azurerm_lb.frontend-lb[0],azurerm_lb_probe.azure_lb_healprob]
+ loadbalancer_id = azurerm_lb.frontend-lb[0].id
+ name = "${var.vmss_name}-app-1"
+ protocol = "Tcp"
+ frontend_port = var.frontend_port
+ backend_port = var.backend_port
+ backend_address_pool_ids = [azurerm_lb_backend_address_pool.frontend-lb-pool[0].id]
+ frontend_ip_configuration_name = azurerm_lb.frontend-lb[0].frontend_ip_configuration[0].name
+ probe_id = azurerm_lb_probe.azure_lb_healprob[0].id
+ load_distribution = var.frontend_load_distribution
+ enable_floating_ip = var.enable_floating_ip
+}
+
+// Internal deployment
+resource "azurerm_lb_rule" "lbnatrule-internal" {
+ count = var.deployment_mode == "Internal" ? 1 : 0
+ depends_on = [azurerm_lb_probe.azure_lb_healprob,azurerm_lb.backend-lb[0]]
+ loadbalancer_id = azurerm_lb.backend-lb[0].id
+ name = "backend-lb"
+ protocol = "All"
+ frontend_port = "0"
+ backend_port = "0"
+ backend_address_pool_ids = [azurerm_lb_backend_address_pool.backend-lb-pool[0].id]
+ frontend_ip_configuration_name = azurerm_lb.backend-lb[0].frontend_ip_configuration[0].name
+ probe_id = azurerm_lb_probe.azure_lb_healprob[0].id
+ load_distribution = var.backend_load_distribution
+ enable_floating_ip = var.enable_floating_ip
+}
+
+//********************** Storage accounts **************************//
+// Generate random text for a unique storage account name
+resource "random_id" "randomId" {
+ keepers = {
+ # Generate a new ID only when a new resource group is defined
+ resource_group = module.common.resource_group_name
+ }
+ byte_length = 8
+}
+resource "azurerm_storage_account" "vm-boot-diagnostics-storage" {
+ name = "diag${random_id.randomId.hex}"
+ resource_group_name = module.common.resource_group_name
+ location = module.common.resource_group_location
+ account_tier = module.common.storage_account_tier
+ account_replication_type = module.common.account_replication_type
+ network_rules {
+ default_action = var.add_storage_account_ip_rules ? "Deny" : "Allow"
+ ip_rules = module.common.storage_account_ip_rules
+ }
+ blob_properties {
+ delete_retention_policy {
+ days = "15"
+ }
+ }
+}
+
+//********************** Virtual Machines **************************//
+locals {
+ SSH_authentication_type_condition = var.authentication_type == "SSH Public Key" ? true : false
+ availability_zones_num_condition = var.availability_zones_num == "0" ? null : var.availability_zones_num == "1" ? ["1"] : var.availability_zones_num == "2" ? ["1", "2"] : ["1", "2", "3"]
+ custom_image_condition = var.source_image_vhd_uri == "noCustomUri" ? false : true
+ management_interface_name = split("-", var.management_interface)[0]
+ management_ip_address_type = split("-", var.management_interface)[1]
+}
+
+resource "azurerm_image" "custom-image" {
+ count = local.custom_image_condition ? 1 : 0
+ name = "custom-image"
+ location = var.location
+ resource_group_name = module.common.resource_group_name
+
+ os_disk {
+ os_type = "Linux"
+ os_state = "Generalized"
+ blob_uri = var.source_image_vhd_uri
+ }
+}
+
+resource "azurerm_linux_virtual_machine_scale_set" "vmss" {
+ name = var.vmss_name
+ location = module.common.resource_group_location
+ resource_group_name = module.common.resource_group_name
+ sku = module.common.vm_size
+ zones = local.availability_zones_num_condition
+ instances = var.number_of_vm_instances
+ overprovision = false
+
+ dynamic "identity" {
+ for_each = var.enable_custom_metrics ? [1] : []
+ content {
+ type = "SystemAssigned"
+ }
+ }
+
+ dynamic "source_image_reference" {
+ for_each = local.custom_image_condition ? [] : [1]
+ content {
+ publisher = module.common.publisher
+ offer = module.common.vm_os_offer
+ sku = module.common.vm_os_sku
+ version = module.common.vm_os_version
+ }
+ }
+ source_image_id = local.custom_image_condition? azurerm_image.custom-image[0].id : null
+
+ os_disk {
+ disk_size_gb = module.common.disk_size
+ caching = module.common.storage_os_disk_caching
+ storage_account_type = module.common.storage_account_type
+ }
+
+ dynamic "plan" {
+ for_each = local.custom_image_condition ? [] : [1]
+ content {
+ name = module.common.vm_os_sku
+ publisher = module.common.publisher
+ product = module.common.vm_os_offer
+ }
+ }
+
+ computer_name_prefix = var.vmss_name
+ admin_username = module.common.admin_username
+ admin_password = module.common.admin_password
+ custom_data = base64encode(templatefile("${path.module}/cloud-init.sh", {
+ installation_type = module.common.installation_type
+ allow_upload_download = module.common.allow_upload_download
+ os_version = module.common.os_version
+ template_name = module.common.template_name
+ template_version = module.common.template_version
+ template_type = "terraform"
+ is_blink = module.common.is_blink
+ bootstrap_script64 = base64encode(var.bootstrap_script)
+ location = module.common.resource_group_location
+ sic_key = var.sic_key
+ vnet = module.vnet.subnet_prefixes[0]
+ enable_custom_metrics = var.enable_custom_metrics ? "yes" : "no"
+ admin_shell = var.admin_shell
+ serial_console_password_hash = var.serial_console_password_hash
+ maintenance_mode_password_hash = var.maintenance_mode_password_hash
+ }))
+
+
+ disable_password_authentication = local.SSH_authentication_type_condition
+
+ dynamic "admin_ssh_key" {
+ for_each = local.SSH_authentication_type_condition ? [
+ 1] : []
+ content {
+ public_key = file("azure_public_key")
+ username = "notused"
+ }
+ }
+
+
+ boot_diagnostics {
+ storage_account_uri = module.common.boot_diagnostics ? join(",", azurerm_storage_account.vm-boot-diagnostics-storage.*.primary_blob_endpoint) : ""
+ }
+
+ upgrade_mode = "Manual"
+
+ network_interface {
+ name = "eth0"
+ primary = true
+ enable_ip_forwarding = true
+ enable_accelerated_networking = true
+ network_security_group_id = module.network-security-group[0].network_security_group_id
+ ip_configuration {
+ name = "ipconfig1"
+ subnet_id = module.vnet.vnet_subnets[0]
+ load_balancer_backend_address_pool_ids = var.deployment_mode != "Internal" ? [azurerm_lb_backend_address_pool.frontend-lb-pool[0].id]: null
+ primary = true
+ public_ip_address {
+ name = "${var.vmss_name}-public-ip"
+ idle_timeout_in_minutes = 15
+ domain_name_label = "${lower(var.vmss_name)}-dns-name"
+ }
+ }
+ }
+
+ network_interface {
+ name = "eth1"
+ primary = false
+ enable_ip_forwarding = true
+ enable_accelerated_networking = true
+ ip_configuration {
+ name = "ipconfig2"
+ subnet_id = module.vnet.vnet_subnets[1]
+ load_balancer_backend_address_pool_ids = var.deployment_mode != "External" ? [azurerm_lb_backend_address_pool.backend-lb-pool[0].id] : null
+ primary = true
+ }
+ }
+
+ tags = var.management_interface == "eth0"?{
+ x-chkp-management = var.management_name,
+ x-chkp-template = var.configuration_template_name,
+ x-chkp-ip-address = local.management_ip_address_type,
+ x-chkp-management-interface = local.management_interface_name,
+ x-chkp-management-address = var.management_IP,
+ x-chkp-topology = "eth0:external,eth1:internal",
+ x-chkp-anti-spoofing = "eth0:false,eth1:false",
+ x-chkp-srcImageUri = var.source_image_vhd_uri
+ }:{
+ x-chkp-management = var.management_name,
+ x-chkp-template = var.configuration_template_name,
+ x-chkp-ip-address = local.management_ip_address_type,
+ x-chkp-management-interface = local.management_interface_name,
+ x-chkp-topology = "eth0:external,eth1:internal",
+ x-chkp-anti-spoofing = "eth0:false,eth1:false",
+ x-chkp-srcImageUri = var.source_image_vhd_uri
+ }
+}
+
+resource "azurerm_monitor_autoscale_setting" "vmss_settings" {
+ depends_on = [azurerm_linux_virtual_machine_scale_set.vmss]
+ name = var.vmss_name
+ resource_group_name = module.common.resource_group_name
+ location = module.common.resource_group_location
+ target_resource_id = azurerm_linux_virtual_machine_scale_set.vmss.id
+
+ profile {
+ name = "Profile1"
+
+ capacity {
+ default = module.common.number_of_vm_instances
+ minimum = var.minimum_number_of_vm_instances
+ maximum = var.maximum_number_of_vm_instances
+ }
+
+ rule {
+ metric_trigger {
+ metric_name = "Percentage CPU"
+ metric_resource_id = azurerm_linux_virtual_machine_scale_set.vmss.id
+ time_grain = "PT1M"
+ statistic = "Average"
+ time_window = "PT5M"
+ time_aggregation = "Average"
+ operator = "GreaterThan"
+ threshold = 80
+ }
+
+ scale_action {
+ direction = "Increase"
+ type = "ChangeCount"
+ value = "1"
+ cooldown = "PT5M"
+ }
+ }
+
+ rule {
+ metric_trigger {
+ metric_name = "Percentage CPU"
+ metric_resource_id = azurerm_linux_virtual_machine_scale_set.vmss.id
+ time_grain = "PT1M"
+ statistic = "Average"
+ time_window = "PT5M"
+ time_aggregation = "Average"
+ operator = "LessThan"
+ threshold = 60
+ }
+
+ scale_action {
+ direction = "Decrease"
+ type = "ChangeCount"
+ value = "1"
+ cooldown = "PT5M"
+ }
+ }
+ }
+
+ notification {
+ email {
+ send_to_subscription_administrator = false
+ send_to_subscription_co_administrator = false
+ custom_emails = var.notification_email == "" ? [] : [var.notification_email]
+ }
+ }
+}
+
+resource "azurerm_role_assignment" "custom_metrics_role_assignment"{
+ depends_on = [azurerm_linux_virtual_machine_scale_set.vmss]
+ count = var.enable_custom_metrics ? 1 : 0
+ role_definition_id = join("", ["/subscriptions/", var.subscription_id, "/providers/Microsoft.Authorization/roleDefinitions/", "3913510d-42f4-4e42-8a64-420c390055eb"])
+ principal_id = lookup(azurerm_linux_virtual_machine_scale_set.vmss.identity[0], "principal_id")
+ scope = module.common.resource_group_id
+ lifecycle {
+ ignore_changes = [
+ role_definition_id, principal_id
+ ]
+ }
+}
diff --git a/deprecated/terraform/azure/R8040-R81/vmss-new-vnet/terraform.tfvars b/deprecated/terraform/azure/R8040-R81/vmss-new-vnet/terraform.tfvars
new file mode 100644
index 00000000..73266464
--- /dev/null
+++ b/deprecated/terraform/azure/R8040-R81/vmss-new-vnet/terraform.tfvars
@@ -0,0 +1,42 @@
+//#PLEASE refer to the README.md for accepted values FOR THE VARIABLES BELOW
+client_secret = "PLEASE ENTER CLIENT SECRET" # "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"
+client_id = "PLEASE ENTER CLIENT ID" # "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"
+tenant_id = "PLEASE ENTER TENANT ID" # "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"
+subscription_id = "PLEASE ENTER SUBSCRIPTION ID" # "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"
+source_image_vhd_uri = "PLEASE ENTER SOURCE IMAGE VHD URI OR noCustomUri" # "noCustomUri"
+resource_group_name = "PLEASE ENTER RESOURCE GROUP NAME" # "checkpoint-vmss-terraform"
+vmss_name = "PLEASE ENTER SCALE SET NAME" # "checkpoint-vmss-terraform"
+location = "PLEASE ENTER LOCATION" # "eastus"
+vnet_name = "PLEASE ENTER VIRTUAL NETWORK NAME" # "checkpoint-vmss-vnet"
+address_space = "PLEASE ENTER VIRTUAL NETWORK ADDRESS SPACE" # "10.0.0.0/16"
+subnet_prefixes = "PLEASE ENTER ADDRESS PREFIXES FOR SUBNETS" # ["10.0.1.0/24","10.0.2.0/24"]
+backend_lb_IP_address = "PLEASE ENTER BACKEND LB IP ADDRESS POSITIONAL NUMBER" # 4
+admin_password = "PLEASE ENTER ADMIN PASSWORD" # "xxxxxxxxxxxx"
+sic_key = "PLEASE ENTER SIC KEY" # "xxxxxxxxxxxx"
+vm_size = "PLEASE ENTER VM SIZE" # "Standard_D3_v2"
+disk_size = "PLEASE ENTER DISK SIZE MUST BE 100 FOR VERSIONS R81.20 AND BELOW" # "100"
+vm_os_sku = "PLEASE ENTER VM SKU" # "sg-byol"
+vm_os_offer = "PLEASE ENTER VM OFFER" # "check-point-cg-r8110"
+os_version = "PLEASE ENTER GAIA OS VERSION" # "R8110"
+bootstrap_script = "PLEASE ENTER CUSTOM SCRIPT OR LEAVE EMPTY DOUBLE QUOTES" # "touch /home/admin/bootstrap.txt; echo 'hello_world' > /home/admin/bootstrap.txt"
+allow_upload_download = "PLEASE ENTER true or false" # true
+authentication_type = "PLEASE ENTER AUTHENTICATION TYPE" # "Password"
+availability_zones_num = "PLEASE ENTER NUMBER OF AVAILABILITY ZONES" # "1"
+minimum_number_of_vm_instances = "PLEASE ENTER MINIMUM NUMBER OF VM INSTANCES" # 2
+maximum_number_of_vm_instances = "PLEASE ENTER MAXIMUM NUMBER OF VM INSTANCES" # 10
+management_name = "PLEASE ENTER MANAGEMENT NAME" # "mgmt"
+management_IP = "PLEASE ENTER MANAGEMENT IP" # "13.92.42.181"
+management_interface = "PLEASE ENTER MANAGEMENT INTERFACE" # "eth1-private"
+configuration_template_name = "PLEASE ENTER CONFIGURATION TEMPLATE NAME" # "vmss_template"
+notification_email = "PLEASE ENTER NOTIFICATION MAIL OR LEAVE EMPTY DOUBLE QUOTES" # ""
+frontend_load_distribution = "PLEASE ENTER EXTERNAL LOAD BALANCER SESSION PERSISTENCE" # "Default"
+backend_load_distribution = "PLEASE ENTER INTERNAL LOAD BALANCER SESSION PERSISTENCE" # "Default"
+enable_custom_metrics = "PLEASE ENTER true or false" # true
+enable_floating_ip = "PLEASE ENTER true or false" # false
+deployment_mode = "PLEASE ENTER DEPLOYMENT MODE" # "Standard"
+admin_shell = "PLEASE ENTER ADMIN SHELL" # "/etc/cli.sh"
+serial_console_password_hash = "PLEASE ENTER SERIAL CONSOLE PASSWORD HASH" # "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"
+maintenance_mode_password_hash = "PLEASE ENTER MAINTENANCE MODE PASSWORD HASH" # "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"
+nsg_id = "PLEASE ENTER NETWORK SECURITY GROUP ID" # ""
+add_storage_account_ip_rules = "PLEASE ENTER true or false" # false
+storage_account_additional_ips = "PLEASE ENTER A LIST OF VALID IPS/CIDRS" # []
\ No newline at end of file
diff --git a/deprecated/terraform/azure/R8040-R81/vmss-new-vnet/variables.tf b/deprecated/terraform/azure/R8040-R81/vmss-new-vnet/variables.tf
new file mode 100644
index 00000000..1760b8a2
--- /dev/null
+++ b/deprecated/terraform/azure/R8040-R81/vmss-new-vnet/variables.tf
@@ -0,0 +1,393 @@
+//********************** Basic Configuration Variables **************************//
+variable "vmss_name"{
+ description = "vmss name"
+ type = string
+}
+
+variable "resource_group_name" {
+ description = "Azure Resource Group name to build into"
+ type = string
+}
+
+variable "location" {
+ description = "The location/region where resources will be created. The full list of Azure regions can be found at https://azure.microsoft.com/regions"
+ type = string
+}
+
+//********************** Virtual Machine Instances Variables **************************//
+variable "source_image_vhd_uri" {
+ type = string
+ description = "The URI of the blob containing the development image. Please use noCustomUri if you want to use marketplace images."
+ default = "noCustomUri"
+}
+
+variable "admin_username" {
+ description = "Administrator username of deployed VM. Due to Azure limitations 'notused' name can be used"
+ default = "notused"
+}
+
+variable "admin_password" {
+ description = "Administrator password of deployed Virtual Machine. The password must meet the complexity requirements of Azure"
+ type = string
+}
+
+variable "serial_console_password_hash" {
+ description = "Optional parameter, used to enable serial console connection in case of SSH key as authentication type"
+ type = string
+}
+
+variable "maintenance_mode_password_hash" {
+ description = "Maintenance mode password hash, relevant only for R81.20 and higher versions"
+ type = string
+}
+
+variable "availability_zones_num" {
+ description = "The number of availability zones to use for Scale Set. Note that the load balancers and their IP addresses will be redundant in any case"
+ #Availability Zones are only supported in several regions at this time
+ #"centralus", "eastus2", "francecentral", "northeurope", "southeastasia", "westeurope", "westus2", "eastus", "uksouth"
+ #type = list(string)
+}
+
+locals { // locals for 'availability_zones_num' allowed values
+ availability_zones_num_allowed_values = [
+ "0",
+ "1",
+ "2",
+ "3"
+ ]
+ // will fail if [var.availability_zones_num] is invalid:
+ validate_availability_zones_num_value = index(local.availability_zones_num_allowed_values, var.availability_zones_num)
+}
+
+variable "sic_key" {
+ description = "Secure Internal Communication(SIC) key"
+ type = string
+}
+resource "null_resource" "sic_key_invalid" {
+ count = length(var.sic_key) >= 12 ? 0 : "SIC key must be at least 12 characters long"
+}
+
+variable "template_name"{
+ description = "Template name. Should be defined according to deployment type(ha, vmss)"
+ type = string
+ default = "vmss-terraform"
+}
+
+variable "template_version"{
+ description = "Template version. It is recommended to always use the latest template version"
+ type = string
+ default = "20230910"
+}
+
+variable "installation_type"{
+ description = "Installation type"
+ type = string
+ default = "vmss"
+}
+
+variable "number_of_vm_instances"{
+ description = "Default number of VM instances to deploy"
+ type = string
+ default = "2"
+}
+
+variable "minimum_number_of_vm_instances" {
+ description = "Minimum number of VM instances to deploy"
+ type = string
+}
+
+variable "maximum_number_of_vm_instances" {
+ description = "Maximum number of VM instances to deploy"
+ type = string
+}
+
+variable "vm_size" {
+ description = "Specifies size of Virtual Machine"
+ type = string
+}
+
+
+variable "os_version" {
+ description = "GAIA OS version"
+ type = string
+}
+
+locals { // locals for 'vm_os_offer' allowed values
+ os_version_allowed_values = [
+ "R8040",
+ "R81",
+ "R8110",
+ "R8120",
+ ]
+ // will fail if [var.os_version] is invalid:
+ validate_os_version_value = index(local.os_version_allowed_values, var.os_version)
+}
+variable "disk_size" {
+ description = "Storage data disk size size(GB). Select a number between 100 and 3995, if you are using R81.20 or below, the disk size must be 100"
+ type = string
+ default = 100
+}
+resource "null_resource" "disk_size_validation" {
+ // Will fail if var.disk_size is not 100 and the version is R81.20 or below
+ count = tonumber(var.disk_size) != 100 && contains(["R8040", "R81", "R8110", "R8120"], var.os_version) ? "variable disk_size can not be changed for R81.20 and below" : 0
+}
+variable "vm_os_sku" {
+ description = "The sku of the image to be deployed."
+ type = string
+}
+
+variable "authentication_type" {
+ description = "Specifies whether a password authentication or SSH Public Key authentication should be used"
+ type = string
+}
+locals { // locals for 'authentication_type' allowed values
+ authentication_type_allowed_values = [
+ "Password",
+ "SSH Public Key"
+ ]
+ // will fail if [var.authentication_type] is invalid:
+ validate_authentication_type_value = index(local.authentication_type_allowed_values, var.authentication_type)
+}
+
+variable "allow_upload_download" {
+ description = "Automatically download Blade Contracts and other important data. Improve product experience by sending data to Check Point"
+ type = bool
+}
+
+variable "is_blink" {
+ description = "Define if blink image is used for deployment"
+ default = true
+}
+
+variable "management_name" {
+ description = "The name of the management server as it appears in the configuration file"
+ type = string
+}
+
+variable "management_IP" {
+ description = "The IP address used to manage the VMSS instances"
+ type = string
+}
+
+variable "management_interface" {
+ description = "Manage the Gateways in the Scale Set via the instance's external (eth0) or internal (eth1) NIC's private IP address"
+ type = string
+ default = "eth1-private"
+}
+locals { // locals for 'management_interface' allowed values
+ management_interface_allowed_values = [
+ "eth0-public",
+ "eth0-private",
+ "eth1-private"
+ ]
+ // will fail if [var.management_interface] is invalid:
+ validate_management_interface_value = index(local.management_interface_allowed_values, var.management_interface)
+}
+
+variable "configuration_template_name" {
+ description = "The configuration template name as it appears in the configuration file"
+ type = string
+}
+
+variable "admin_shell" {
+ description = "The admin shell to configure on machine or the first time"
+ type = string
+ default = "/etc/cli.sh"
+}
+
+locals {
+ admin_shell_allowed_values = [
+ "/etc/cli.sh",
+ "/bin/bash",
+ "/bin/csh",
+ "/bin/tcsh"
+ ]
+ // Will fail if [var.admin_shell] is invalid
+ validate_admin_shell_value = index(local.admin_shell_allowed_values, var.admin_shell)
+}
+
+//********************** Networking Variables **************************//
+variable "vnet_name" {
+ description = "Virtual Network name"
+ type = string
+}
+
+variable "address_space" {
+ description = "The address space that is used by a Virtual Network."
+ type = string
+ default = "10.0.0.0/16"
+}
+
+variable "subnet_prefixes" {
+ description = "Address prefix to be used for network subnets"
+ type = list(string)
+ default = ["10.0.0.0/24","10.0.1.0/24"]
+}
+
+variable "nsg_id" {
+ description = "NSG ID - Optional - if empty use default NSG"
+ default = ""
+}
+
+variable "add_storage_account_ip_rules" {
+ type = bool
+ default = false
+ description = "Add Storage Account IP rules that allow access to the Serial Console only for IPs based on their geographic location"
+}
+
+variable "storage_account_additional_ips" {
+ type = list(string)
+ description = "IPs/CIDRs that are allowed access to the Storage Account"
+ default = []
+}
+//********************* Load Balancers Variables **********************//
+variable "deployment_mode" {
+ description = "The type of the deployment, can be 'Standard' for both load balancers or 'External' for external load balancer or 'Internal for internal load balancer"
+ type = string
+ default = "Standard"
+}
+
+locals { // locals for 'deployment_mode' allowed values
+ deployment_mode_allowd_values = [
+ "Standard",
+ "External",
+ "Internal"
+ ]
+ // will fail if [var.deployment_mode] is invalid:
+ validate_deployment_mode_value = index(local.deployment_mode_allowd_values, var.deployment_mode)
+}
+
+variable "backend_lb_IP_address" {
+ description = "The IP address is defined by its position in the subnet"
+ type = number
+}
+
+variable "lb_probe_port" {
+ description = "Port to be used for load balancer health probes and rules"
+ default = "8117"
+}
+
+variable "lb_probe_protocol" {
+ description = "Protocols to be used for load balancer health probes and rules"
+ default = "Tcp"
+}
+
+variable "lb_probe_unhealthy_threshold" {
+ description = "Number of times load balancer health probe has an unsuccessful attempt before considering the endpoint unhealthy."
+ default = 2
+}
+
+variable "lb_probe_interval" {
+ description = "Interval in seconds load balancer health probe rule performs a check"
+ default = 5
+}
+
+variable "frontend_port" {
+ description = "Port that will be exposed to the external Load Balancer"
+ type = string
+ default = "80"
+}
+
+variable "backend_port" {
+ description = "Port that will be exposed to the external Load Balance"
+ type = string
+ default = "8081"
+}
+
+variable "frontend_load_distribution" {
+ description = "Specifies the load balancing distribution type to be used by the frontend load balancer"
+ type = string
+}
+
+locals { // locals for 'frontend_load_distribution' allowed values
+ frontend_load_distribution_allowed_values = [
+ "Default",
+ "SourceIP",
+ "SourceIPProtocol"
+ ]
+ // will fail if [var.frontend_load_distribution] is invalid:
+ validate_frontend_load_distribution_value = index(local.frontend_load_distribution_allowed_values, var.frontend_load_distribution)
+}
+
+variable "backend_load_distribution" {
+ description = "Specifies the load balancing distribution type to be used by the backend load balancer"
+ type = string
+}
+
+locals { // locals for 'frontend_load_distribution' allowed values
+ backend_load_distribution_allowed_values = [
+ "Default",
+ "SourceIP",
+ "SourceIPProtocol"
+ ]
+ // will fail if [var.backend_load_distribution] is invalid:
+ validate_backend_load_distribution_value = index(local.backend_load_distribution_allowed_values, var.backend_load_distribution)
+}
+
+//********************** Scale Set variables *******************//
+
+variable "vm_os_offer" {
+ description = "The name of the offer of the image that you want to deploy.Choose from: check-point-cg-r8040, check-point-cg-r81, check-point-cg-r8110, check-point-cg-r8120"
+ type = string
+}
+
+locals { // locals for 'vm_os_offer' allowed values
+ vm_os_offer_allowed_values = [
+ "check-point-cg-r8040",
+ "check-point-cg-r81",
+ "check-point-cg-r8110",
+ "check-point-cg-r8120",
+ ]
+ // will fail if [var.vm_os_offer] is invalid:
+ validate_os_offer_value = index(local.vm_os_offer_allowed_values, var.vm_os_offer)
+}
+
+variable "bootstrap_script"{
+ description = "An optional script to run on the initial boot"
+ #example:
+ #"touch /home/admin/bootstrap.txt; echo 'hello_world' > /home/admin/bootstrap.txt"
+}
+
+variable "notification_email" {
+ description = "Specifies a list of custom email addresses to which the email notifications will be sent"
+ type = string
+}
+
+//********************** Credentials **************************//
+variable "tenant_id" {
+ description = "Tenant ID"
+ type = string
+}
+
+variable "subscription_id" {
+ description = "Subscription ID"
+ type = string
+}
+
+variable "client_id" {
+ description = "Application ID(Client ID)"
+ type = string
+}
+
+variable "client_secret" {
+ description = "A secret string that the application uses to prove its identity when requesting a token. Also can be referred to as application password."
+ type = string
+}
+
+variable "sku" {
+ description = "SKU"
+ type = string
+ default = "Standard"
+}
+
+variable "enable_custom_metrics" {
+ description = "Enable CloudGuard metrics in order to send statuses and statistics collected from VMSS instances to the Azure Monitor service."
+ type = bool
+ default = true
+}
+
+variable "enable_floating_ip" {
+ description = "Indicates whether the load balancers will be deployed with floating IP."
+ type = bool
+ default = false
+}
diff --git a/deprecated/terraform/azure/R8040-R81/vmss-new-vnet/versions.tf b/deprecated/terraform/azure/R8040-R81/vmss-new-vnet/versions.tf
new file mode 100644
index 00000000..df4caa26
--- /dev/null
+++ b/deprecated/terraform/azure/R8040-R81/vmss-new-vnet/versions.tf
@@ -0,0 +1,14 @@
+terraform {
+ required_version = ">= 0.14.3"
+ required_providers {
+ azurerm = {
+ source = "hashicorp/azurerm"
+ version = "~> 3.81.0"
+ }
+ random = {
+ version = "~> 3.5.1"
+ }
+ }
+}
+
+
diff --git a/deprecated/terraform/azure/README.md b/deprecated/terraform/azure/README.md
new file mode 100644
index 00000000..c24588d9
--- /dev/null
+++ b/deprecated/terraform/azure/README.md
@@ -0,0 +1,12 @@
+# Check Point Terraform deployment modules for Azure
+
+This project was developed to allow Terraform deployments for Check Point CloudGuard IaaS solutions on Azure.
+
+
+These modules use Terraform's [Azurerm provider](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs) in order to create and provision resources on Azure.
+
+
+ ## Prerequisites
+
+1. [Download Terraform](https://www.terraform.io/downloads.html) and follow the instructions according to your OS.
+2. Get started with Terraform Azurerm provider - refer to [Terraform Azurerm provider best practices](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs).
\ No newline at end of file