diff --git a/terraform/aws/gwlb-master/README.md b/terraform/aws/gwlb-master/README.md
index df71a9fe..7e7a231d 100755
--- a/terraform/aws/gwlb-master/README.md
+++ b/terraform/aws/gwlb-master/README.md
@@ -195,8 +195,8 @@ secret_key = "my-secret-key"
| admin_cidr | (CIDR) Allow web, ssh, and graphical clients only from this network to communicate with the Management Server | string | valid CIDR | n/a | no |
| gateway_addresses | (CIDR) Allow gateways only from this network to communicate with the Management Server | string | valid CIDR | n/a | no |
| volume_type | General Purpose SSD Volume Type | string | - gp3
- gp2 | gp3 | no |
-| gateway_maintenance_mode_password_hash | (Optional) Gateway admin user's maintenance password hash (use command `openssl passwd -6 PASSWORD` to get the PASSWORD's hash), relevant only for R81.20 and higher versions | string | n/a | ""| no |
-| management_maintenance_mode_password_hash | (Optional) Management admin user's maintenance password hash (use command `openssl passwd -6 PASSWORD` to get the PASSWORD's hash), relevant only for R81.20 and higher versions | string | n/a | ""| no |
+| gateway_maintenance_mode_password_hash | Check Point recommends setting Admin user's password and maintenance-mode password for recovery purposes. For R81.10 and below the Admin user's password is used also as maintenance-mode password. (To generate a password hash use the command "grub2-mkpasswd-pbkdf2" on Linux and paste it here). (optional) | string | n/a | ""| no |
+| management_maintenance_mode_password_hash | Check Point recommends setting Admin user's password and maintenance-mode password for recovery purposes. For R81.10 and below the Admin user's password is used also as maintenance-mode password. (To generate a password hash use the command "grub2-mkpasswd-pbkdf2" on Linux and paste it here). (optional) | string | n/a | ""| no |
## Outputs
diff --git a/terraform/aws/gwlb/README.md b/terraform/aws/gwlb/README.md
index 8482b9d5..41a47ad4 100755
--- a/terraform/aws/gwlb/README.md
+++ b/terraform/aws/gwlb/README.md
@@ -187,8 +187,8 @@ secret_key = "my-secret-key"
| admin_cidr | (CIDR) Allow web, ssh, and graphical clients only from this network to communicate with the Management Server | string | valid CIDR | n/a | no |
| gateway_addresses | (CIDR) Allow gateways only from this network to communicate with the Management Server | string | valid CIDR | n/a | no |
| volume_type | General Purpose SSD Volume Type | string | - gp3
- gp2 | gp3 | no |
-| gateway_maintenance_mode_password_hash | (Optional) Gateway admin user's maintenance password hash (use command `openssl passwd -6 PASSWORD` to get the PASSWORD's hash), relevant only for R81.20 and higher versions | string | n/a | "" | no |
-| management_maintenance_mode_password_hash | (Optional) Management admin user's maintenance password hash (use command `openssl passwd -6 PASSWORD` to get the PASSWORD's hash), relevant only for R81.20 and higher versions | string | n/a | "" | no |
+| gateway_maintenance_mode_password_hash | Check Point recommends setting Admin user's password and maintenance-mode password for recovery purposes. For R81.10 and below the Admin user's password is used also as maintenance-mode password. (To generate a password hash use the command "grub2-mkpasswd-pbkdf2" on Linux and paste it here). (optional) | string | n/a | "" | no |
+| management_maintenance_mode_password_hash | Check Point recommends setting Admin user's password and maintenance-mode password for recovery purposes. For R81.10 and below the Admin user's password is used also as maintenance-mode password. (To generate a password hash use the command "grub2-mkpasswd-pbkdf2" on Linux and paste it here). (optional) | string | n/a | "" | no |
## Outputs
| Name | Description |
diff --git a/terraform/aws/management/README.md b/terraform/aws/management/README.md
index aefd1dba..012433e1 100755
--- a/terraform/aws/management/README.md
+++ b/terraform/aws/management/README.md
@@ -109,7 +109,7 @@ secret_key = "my-secret-key"
management_maintenance_mode_password_hash = "" # For R81.10 and below the management_password_hash is used also as maintenance-mode password.
// --- Security Management Server Settings ---
management_hostname = "mgmt-tf"
- is_primary_management = "true"
+ management_installation_type = "Primary management"
SICKey = ""
allow_upload_download = "true"
gateway_management = "Locally managed"
@@ -155,7 +155,7 @@ secret_key = "my-secret-key"
| admin_shell | Set the admin shell to enable advanced command line configuration | string | - /etc/cli.sh
- /bin/bash
- /bin/csh
- /bin/tcsh | /etc/cli.sh | no |
| management_password_hash | (Optional) Admin user's password hash (use command "openssl passwd -6 PASSWORD" to get the PASSWORD's hash) | string | n/a | "" | no |
| management_hostname | (Optional) Security Management Server prompt hostname. The name must not contain reserved words. For details, refer to sk40179. | string | n/a | "" | no |
-| is_primary_management | Determines if this is the primary management server or not | bool | true/false | true | no |
+| management_installation_type | Determines if this is the primary management server, secondary management server or log server | string | - Primary management
- Secondary management
- Log Server | Primary management | yes |
| SICKey | Mandatory only when deploying a secondary Management Server, the Secure Internal Communication key creates trusted connections between Check Point components. Choose a random string consisting of at least 8 alphanumeric characters | string | n/a | "" | no |
| allow_upload_download | Automatically download Blade Contracts and other important data. Improve product experience by sending data to Check Point | bool | true/false | true | no |
| gateway_management | Select 'Over the internet' if any of the gateways you wish to manage are not directly accessed via their private IP address | string | - Locally managed
- Over the internet | Locally managed | no |
@@ -164,7 +164,7 @@ secret_key = "my-secret-key"
| primary_ntp | (Optional) The IPv4 addresses of Network Time Protocol primary server | string | n/a | 169.254.169.123 | no |
| secondary_ntp | (Optional) The IPv4 addresses of Network Time Protocol secondary server | string | n/a | 0.pool.ntp.org | no |
| management_bootstrap_script | (Optional) Semicolon (;) separated commands to run on the initial boot | string | n/a | "" | no |
-| management_maintenance_mode_password_hash | (Optional) Management admin user's maintenance password hash (use command `openssl passwd -6 PASSWORD` to get the PASSWORD's hash), relevant only for R81.20 and higher versions | string | n/a | "" | no |
+| management_maintenance_mode_password_hash | Check Point recommends setting Admin user's password and maintenance-mode password for recovery purposes. For R81.10 and below the Admin user's password is used also as maintenance-mode password. (To generate a password hash use the command "grub2-mkpasswd-pbkdf2" on Linux and paste it here). (optional) | string | n/a | "" | no |
## Outputs
@@ -191,6 +191,7 @@ In order to check the template version, please refer to [sk116585](https://suppo
| 20230914 | Add support for maintenance mode password |
| 20230923 | Add support for C5d instance type |
| 20231012 | Update AWS Terraform provider version to 5.20.1 |
+| 20240207 | Added Log Server installation support |
## License
diff --git a/terraform/aws/management/locals.tf b/terraform/aws/management/locals.tf
index cc1d2194..896719ba 100755
--- a/terraform/aws/management/locals.tf
+++ b/terraform/aws/management/locals.tf
@@ -67,4 +67,10 @@ locals {
manage_over_the_internet = var.gateway_management == "Over the internet" ? true : false
manage_over_internet_and_EIP = var.allocate_and_associate_eip && local.manage_over_the_internet ? true : false
pub_mgmt = local.manage_over_internet_and_EIP ? true : false
+
+ management_installation_type_allowed_values = [
+ "Primary management",
+ "Secondary management",
+ "Log Server"]
+ validate_management_installation_type = index(local.management_installation_type_allowed_values, var.management_installation_type)
}
\ No newline at end of file
diff --git a/terraform/aws/management/main.tf b/terraform/aws/management/main.tf
index f1bf2f04..059aaaed 100755
--- a/terraform/aws/management/main.tf
+++ b/terraform/aws/management/main.tf
@@ -160,7 +160,7 @@ resource "aws_instance" "management-instance" {
NTPSecondary = var.secondary_ntp
Shell = var.admin_shell,
AdminSubnet = var.admin_cidr
- IsPrimary = var.is_primary_management
+ ManagementInstallationType = var.management_installation_type
SICKey = local.management_SICkey_base64,
OsVersion = local.version_split
EnableInstanceConnect = var.enable_instance_connect
diff --git a/terraform/aws/management/management_userdata.yaml b/terraform/aws/management/management_userdata.yaml
index a3c76baa..0f3801ff 100755
--- a/terraform/aws/management/management_userdata.yaml
+++ b/terraform/aws/management/management_userdata.yaml
@@ -1,4 +1,4 @@
#cloud-config
runcmd:
- |
- python3 /etc/cloud_config.py sicKey=\"${SICKey}\" installationType=\"management\" osVersion=\"${OsVersion}\" allowUploadDownload=\"${AllowUploadDownload}\" templateVersion=\"20231012\" templateName=\"management\" templateType=\"terraform\" shell=\"${Shell}\" enableInstanceConnect=\"${EnableInstanceConnect}\" hostName=\"${Hostname }\" ntpPrimary=\"${NTPPrimary}\" ntpSecondary=\"${NTPSecondary}\" passwordHash=\"${PasswordHash}\" MaintenanceModePassword=\"${MaintenanceModePassword}\" primary=\"${IsPrimary}\" adminSubnet=\"${AdminSubnet}\" allocatePublicAddress=\"${AllocateElasticIP}\" overTheInternet=\"${PubMgmt}\" bootstrapScript64=\"${BootstrapScript}\"
\ No newline at end of file
+ python3 /etc/cloud_config.py sicKey=\"${SICKey}\" installationType=\"management\" osVersion=\"${OsVersion}\" allowUploadDownload=\"${AllowUploadDownload}\" templateVersion=\"20231012\" templateName=\"management\" templateType=\"terraform\" shell=\"${Shell}\" enableInstanceConnect=\"${EnableInstanceConnect}\" hostName=\"${Hostname }\" ntpPrimary=\"${NTPPrimary}\" ntpSecondary=\"${NTPSecondary}\" passwordHash=\"${PasswordHash}\" MaintenanceModePassword=\"${MaintenanceModePassword}\" "management_installation_type=\"${ManagementInstallationType}\"" adminSubnet=\"${AdminSubnet}\" allocatePublicAddress=\"${AllocateElasticIP}\" overTheInternet=\"${PubMgmt}\" bootstrapScript64=\"${BootstrapScript}\"
\ No newline at end of file
diff --git a/terraform/aws/management/terraform.tfvars b/terraform/aws/management/terraform.tfvars
index 905db198..be24753c 100755
--- a/terraform/aws/management/terraform.tfvars
+++ b/terraform/aws/management/terraform.tfvars
@@ -30,7 +30,7 @@ management_password_hash = ""
management_maintenance_mode_password_hash = "" # For R81.10 and below the management_password_hash is used also as maintenance-mode password.
// --- Security Management Server Settings ---
management_hostname = "mgmt-tf"
-is_primary_management = "true"
+management_installation_type = "Primary management"
SICKey = ""
allow_upload_download = "true"
gateway_management = "Locally managed"
diff --git a/terraform/aws/management/variables.tf b/terraform/aws/management/variables.tf
index 469ef162..366ba2c2 100755
--- a/terraform/aws/management/variables.tf
+++ b/terraform/aws/management/variables.tf
@@ -133,10 +133,10 @@ variable "management_hostname" {
description = "(Optional) Security Management Server prompt hostname"
default = ""
}
-variable "is_primary_management" {
- type = bool
- description = "Determines if this is the primary management server or not"
- default = true
+variable "management_installation_type" {
+ type = string
+ description = "Determines the Management Server installation type: Primary management, Secondary management, Log Server"
+ default = "Primary management"
}
variable "SICKey" {
type = string
diff --git a/terraform/aws/qs-autoscale-master/README.md b/terraform/aws/qs-autoscale-master/README.md
index 4693cd1a..db6c44a6 100755
--- a/terraform/aws/qs-autoscale-master/README.md
+++ b/terraform/aws/qs-autoscale-master/README.md
@@ -206,8 +206,8 @@ secret_key = "my-secret-key"
| servers_subnets | Provide at least 2 private subnet IDs in the chosen VPC, separated by commas (e.g. subnet-0d72417c,subnet-1f61306f,subnet-1061d06f). | list(string) | n/a | n/a | yes |
| servers_instance_type | The EC2 instance type for the web servers | string | - t3.nano
- t3.micro
- t3.small
- t3.medium
- t3.large
- t3.xlarge
- t3.2xlarge | t3.micro | no |
| server_ami | The Amazon Machine Image ID of a preconfigured web server (e.g. ami-0dc7dc63) | string | n/a | n/a | yes |
-| gateway_maintenance_mode_password_hash | (Optional) Gateway admin user's maintenance password hash (use command `openssl passwd -6 PASSWORD` to get the PASSWORD's hash), relevant only for R81.20 and higher versions | string | n/a | "" | no |
-| management_maintenance_mode_password_hash | (Optional) Management admin user's maintenance password hash (use command `openssl passwd -6 PASSWORD` to get the PASSWORD's hash), relevant only for R81.20 and higher versions | string | n/a | "" | no |
+| gateway_maintenance_mode_password_hash | Check Point recommends setting Admin user's password and maintenance-mode password for recovery purposes. For R81.10 and below the Admin user's password is used also as maintenance-mode password. (To generate a password hash use the command "grub2-mkpasswd-pbkdf2" on Linux and paste it here). (optional) | string | n/a | "" | no |
+| management_maintenance_mode_password_hash | Check Point recommends setting Admin user's password and maintenance-mode password for recovery purposes. For R81.10 and below the Admin user's password is used also as maintenance-mode password. (To generate a password hash use the command "grub2-mkpasswd-pbkdf2" on Linux and paste it here). (optional) | string | n/a | "" | no |
diff --git a/terraform/aws/qs-autoscale/README.md b/terraform/aws/qs-autoscale/README.md
index 09acb87f..f28045e3 100755
--- a/terraform/aws/qs-autoscale/README.md
+++ b/terraform/aws/qs-autoscale/README.md
@@ -191,8 +191,8 @@ secret_key = "my-secret-key"
| servers_subnets | Provide at least 2 private subnet IDs in the chosen VPC, separated by commas (e.g. subnet-0d72417c,subnet-1f61306f,subnet-1061d06f). | list(string) | n/a | n/a | yes |
| servers_instance_type | The EC2 instance type for the web servers | string | - t3.nano
- t3.micro
- t3.small
- t3.medium
- t3.large
- t3.xlarge
- t3.2xlarge | t3.micro | no |
| server_ami | The Amazon Machine Image ID of a preconfigured web server (e.g. ami-0dc7dc63) | string | n/a | n/a | yes |
-| gateway_maintenance_mode_password_hash | (Optional) Gateway admin user's maintenance password hash (use command `openssl passwd -6 PASSWORD` to get the PASSWORD's hash), relevant only for R81.20 and higher versions | string | n/a | "" | no |
-| management_maintenance_mode_password_hash | (Optional) Management admin user's maintenance password hash (use command `openssl passwd -6 PASSWORD` to get the PASSWORD's hash), relevant only for R81.20 and higher versions | string | n/a | "" | no |
+| gateway_maintenance_mode_password_hash | Check Point recommends setting Admin user's password and maintenance-mode password for recovery purposes. For R81.10 and below the Admin user's password is used also as maintenance-mode password. (To generate a password hash use the command "grub2-mkpasswd-pbkdf2" on Linux and paste it here). (optional) | string | n/a | "" | no |
+| management_maintenance_mode_password_hash | Check Point recommends setting Admin user's password and maintenance-mode password for recovery purposes. For R81.10 and below the Admin user's password is used also as maintenance-mode password. (To generate a password hash use the command "grub2-mkpasswd-pbkdf2" on Linux and paste it here). (optional) | string | n/a | "" | no |
## Outputs
diff --git a/terraform/aws/standalone-master/README.md b/terraform/aws/standalone-master/README.md
index 7e118be8..4c5a25fe 100755
--- a/terraform/aws/standalone-master/README.md
+++ b/terraform/aws/standalone-master/README.md
@@ -163,7 +163,7 @@ secret_key = "my-secret-key"
| secondary_ntp | (Optional) The IPv4 addresses of Network Time Protocol secondary server | string | n/a | 0.pool.ntp.org | no |
| admin_cidr | (CIDR) Allow web, ssh, and graphical clients only from this network to communicate with the Management Server | string | n/a | 0.0.0.0/0 | no |
| gateway_addresses | (CIDR) Allow gateways only from this network to communicate with the Management Server | string | n/a | 0.0.0.0/0 | no |
-| standalone_maintenance_mode_password_hash | (Optional) Gateway admin user's maintenance password hash (use command `openssl passwd -6 PASSWORD` to get the PASSWORD's hash), relevant only for R81.20 and higher versions | string | n/a | "" | no |
+| standalone_maintenance_mode_password_hash | Check Point recommends setting Admin user's password and maintenance-mode password for recovery purposes. For R81.10 and below the Admin user's password is used also as maintenance-mode password. (To generate a password hash use the command "grub2-mkpasswd-pbkdf2" on Linux and paste it here). (optional) | string | n/a | "" | no |
## Outputs
diff --git a/terraform/aws/standalone/README.md b/terraform/aws/standalone/README.md
index ee831e6d..6ac70d94 100755
--- a/terraform/aws/standalone/README.md
+++ b/terraform/aws/standalone/README.md
@@ -140,7 +140,7 @@ secret_key = "my-secret-key"
| secondary_ntp | (Optional) The IPv4 addresses of Network Time Protocol secondary server | string | n/a | 0.pool.ntp.org | no |
| admin_cidr | (CIDR) Allow web, ssh, and graphical clients only from this network to communicate with the Management Server | string | n/a | 0.0.0.0/0 | no |
| gateway_addresses | (CIDR) Allow gateways only from this network to communicate with the Management Server | string | n/a | 0.0.0.0/0 | no |
-| standalone_maintenance_mode_password_hash | (Optional) Gateway admin user's maintenance password hash (use command `openssl passwd -6 PASSWORD` to get the PASSWORD's hash), relevant only for R81.20 and higher versions | string | n/a | "" | no |
+| standalone_maintenance_mode_password_hash | Check Point recommends setting Admin user's password and maintenance-mode password for recovery purposes. For R81.10 and below the Admin user's password is used also as maintenance-mode password. (To generate a password hash use the command "grub2-mkpasswd-pbkdf2" on Linux and paste it here). (optional) | string | n/a | "" | no |
## Outputs
diff --git a/terraform/aws/tgw-asg/README.md b/terraform/aws/tgw-asg/README.md
index 987b348b..d99a5781 100755
--- a/terraform/aws/tgw-asg/README.md
+++ b/terraform/aws/tgw-asg/README.md
@@ -176,8 +176,8 @@ secret_key = "my-secret-key"
| control_gateway_over_public_or_private_address | Determines if the gateways are provisioned using their private or public address | string | - private
- public | private | no |
| management_server | (Optional) The name that represents the Security Management Server in the automatic provisioning configuration | string | n/a | management-server | no |
| configuration_template | (Optional) A name of a Security Gateway configuration template in the automatic provisioning configuration | string | n/a | TGW-ASG-configuration | no |
-| gateway_maintenance_mode_password_hash | (Optional) Gateway admin user's maintenance password hash (use command `openssl passwd -6 PASSWORD` to get the PASSWORD's hash), relevant only for R81.20 and higher versions | string | n/a | "" | no |
-| management_maintenance_mode_password_hash | (Optional) Management admin user's maintenance password hash (use command `openssl passwd -6 PASSWORD` to get the PASSWORD's hash), relevant only for R81.20 and higher versions | string | n/a | "" | no |
+| gateway_maintenance_mode_password_hash | Check Point recommends setting Admin user's password and maintenance-mode password for recovery purposes. For R81.10 and below the Admin user's password is used also as maintenance-mode password. (To generate a password hash use the command "grub2-mkpasswd-pbkdf2" on Linux and paste it here). (optional) | string | n/a | "" | no |
+| management_maintenance_mode_password_hash | Check Point recommends setting Admin user's password and maintenance-mode password for recovery purposes. For R81.10 and below the Admin user's password is used also as maintenance-mode password. (To generate a password hash use the command "grub2-mkpasswd-pbkdf2" on Linux and paste it here). (optional) | string | n/a | "" | no |
## Outputs
diff --git a/terraform/aws/tgw-asg/variables.tf b/terraform/aws/tgw-asg/variables.tf
index 1000e03b..9f2885cb 100755
--- a/terraform/aws/tgw-asg/variables.tf
+++ b/terraform/aws/tgw-asg/variables.tf
@@ -150,6 +150,11 @@ variable "management_password_hash" {
description = "(Optional) Admin user's password hash (use command 'openssl passwd -6 PASSWORD' to get the PASSWORD's hash)"
default = ""
}
+variable "management_maintenance_mode_password_hash" {
+ description = "(optional) Check Point recommends setting Admin user's password and maintenance-mode password for recovery purposes. For R81.10 and below the Admin user's password is used also as maintenance-mode password. (To generate a password hash use the command 'grub2-mkpasswd-pbkdf2' on Linux and paste it here)."
+ type = string
+ default = ""
+}
variable "management_permissions" {
type = string
description = "IAM role to attach to the instance profile"
diff --git a/terraform/aws/tgw-cross-az-cluster-master/README.md b/terraform/aws/tgw-cross-az-cluster-master/README.md
index 23cd96ec..94402e3f 100755
--- a/terraform/aws/tgw-cross-az-cluster-master/README.md
+++ b/terraform/aws/tgw-cross-az-cluster-master/README.md
@@ -170,7 +170,7 @@ secret_key = "my-secret-key"
| gateway_bootstrap_script | (Optional) Semicolon (;) separated commands to run on the initial boot | string | n/a | "" | no |
| primary_ntp | (Optional) The IPv4 addresses of Network Time Protocol primary server | string | n/a | 169.254.169.123 | no |
| secondary_ntp | (Optional) The IPv4 addresses of Network Time Protocol secondary server | string | n/a | 0.pool.ntp.org | no |
-| gateway_maintenance_mode_password_hash | (Optional) Gateway admin user's maintenance password hash (use command `openssl passwd -6 PASSWORD` to get the PASSWORD's hash), relevant only for R81.20 and higher versions | string | n/a | "" | no |
+| gateway_maintenance_mode_password_hash | Check Point recommends setting Admin user's password and maintenance-mode password for recovery purposes. For R81.10 and below the Admin user's password is used also as maintenance-mode password. (To generate a password hash use the command "grub2-mkpasswd-pbkdf2" on Linux and paste it here). (optional) | string | n/a | "" | no |
## Outputs
diff --git a/terraform/aws/tgw-cross-az-cluster/README.md b/terraform/aws/tgw-cross-az-cluster/README.md
index 2161bc22..9cd581c2 100755
--- a/terraform/aws/tgw-cross-az-cluster/README.md
+++ b/terraform/aws/tgw-cross-az-cluster/README.md
@@ -166,8 +166,8 @@ secret_key = "my-secret-key"
| gateway_bootstrap_script | (Optional) Semicolon (;) separated commands to run on the initial boot | string | n/a | "" | no |
| primary_ntp | (Optional) The IPv4 addresses of Network Time Protocol primary server | string | n/a | 169.254.169.123 | no |
| secondary_ntp | (Optional) The IPv4 addresses of Network Time Protocol secondary server | string | n/a | 0.pool.ntp.org | no |
-| gateway_maintenance_mode_password_hash | (Optional) Gateway admin user's maintenance password hash (use command `openssl passwd -6 PASSWORD` to get the PASSWORD's hash), relevant only for R81.20 and higher versions | string | n/a | "" | no |
-| management_maintenance_mode_password_hash | (Optional) Management admin user's maintenance password hash (use command `openssl passwd -6 PASSWORD` to get the PASSWORD's hash), relevant only for R81.20 and higher versions | string | n/a | "" | no |
+| gateway_maintenance_mode_password_hash | Check Point recommends setting Admin user's password and maintenance-mode password for recovery purposes. For R81.10 and below the Admin user's password is used also as maintenance-mode password. (To generate a password hash use the command "grub2-mkpasswd-pbkdf2" on Linux and paste it here). (optional) | string | n/a | "" | no |
+| management_maintenance_mode_password_hash | Check Point recommends setting Admin user's password and maintenance-mode password for recovery purposes. For R81.10 and below the Admin user's password is used also as maintenance-mode password. (To generate a password hash use the command "grub2-mkpasswd-pbkdf2" on Linux and paste it here). (optional) | string | n/a | "" | no |
## Outputs
diff --git a/terraform/aws/tgw-gwlb-master/README.md b/terraform/aws/tgw-gwlb-master/README.md
index afb4e064..47c907c4 100755
--- a/terraform/aws/tgw-gwlb-master/README.md
+++ b/terraform/aws/tgw-gwlb-master/README.md
@@ -239,8 +239,8 @@ a
| admin_cidr | (CIDR) Allow web, ssh, and graphical clients only from this network to communicate with the Management Server | string | valid CIDR | n/a | no |
| gateway_addresses | (CIDR) Allow gateways only from this network to communicate with the Management Server | string | valid CIDR | n/a | no |
| volume_type | General Purpose SSD Volume Type | string | - gp3
- gp2 | gp3 | no |
-| gateway_maintenance_mode_password_hash | (Optional) Gateway admin user's maintenance password hash (use command `openssl passwd -6 PASSWORD` to get the PASSWORD's hash), relevant only for R81.20 and higher versions | string | n/a | "" | no |
-| management_maintenance_mode_password_hash | (Optional) Management admin user's maintenance password hash (use command `openssl passwd -6 PASSWORD` to get the PASSWORD's hash), relevant only for R81.20 and higher versions | string | n/a | "" | no |
+| gateway_maintenance_mode_password_hash | Check Point recommends setting Admin user's password and maintenance-mode password for recovery purposes. For R81.10 and below the Admin user's password is used also as maintenance-mode password. (To generate a password hash use the command "grub2-mkpasswd-pbkdf2" on Linux and paste it here). (optional) | string | n/a | "" | no |
+| management_maintenance_mode_password_hash | Check Point recommends setting Admin user's password and maintenance-mode password for recovery purposes. For R81.10 and below the Admin user's password is used also as maintenance-mode password. (To generate a password hash use the command "grub2-mkpasswd-pbkdf2" on Linux and paste it here). (optional) | string | n/a | "" | no |
## Outputs
diff --git a/terraform/aws/tgw-gwlb/README.md b/terraform/aws/tgw-gwlb/README.md
index b516740d..67f95566 100755
--- a/terraform/aws/tgw-gwlb/README.md
+++ b/terraform/aws/tgw-gwlb/README.md
@@ -239,8 +239,8 @@ secret_key = "my-secret-key"
| admin_cidr | (CIDR) Allow web, ssh, and graphical clients only from this network to communicate with the Management Server | string | valid CIDR | n/a | no |
| gateway_addresses | (CIDR) Allow gateways only from this network to communicate with the Management Server | string | valid CIDR | n/a | no |
| volume_type | General Purpose SSD Volume Type | string | - gp3
- gp2 | gp3 | no |
-| gateway_maintenance_mode_password_hash | (Optional) Gateway admin user's maintenance password hash (use command `openssl passwd -6 PASSWORD` to get the PASSWORD's hash), relevant only for R81.20 and higher versions | string | n/a | "" | no |
-| management_maintenance_mode_password_hash | (Optional) Management admin user's maintenance password hash (use command `openssl passwd -6 PASSWORD` to get the PASSWORD's hash), relevant only for R81.20 and higher versions | string | n/a | "" | no |
+| gateway_maintenance_mode_password_hash | Check Point recommends setting Admin user's password and maintenance-mode password for recovery purposes. For R81.10 and below the Admin user's password is used also as maintenance-mode password. (To generate a password hash use the command "grub2-mkpasswd-pbkdf2" on Linux and paste it here). (optional) | string | n/a | "" | no |
+| management_maintenance_mode_password_hash | Check Point recommends setting Admin user's password and maintenance-mode password for recovery purposes. For R81.10 and below the Admin user's password is used also as maintenance-mode password. (To generate a password hash use the command "grub2-mkpasswd-pbkdf2" on Linux and paste it here). (optional) | string | n/a | "" | no |
## Outputs