From 56f15a5286fa2c4fadf877cb0e09db9e9ce25910 Mon Sep 17 00:00:00 2001
From: chkp-rivkas <123631865+chkp-rivkas@users.noreply.github.com>
Date: Mon, 8 Jan 2024 15:53:50 +0200
Subject: [PATCH] Azure Templates | Templates alignment
- Update the recommended version to R81.20
- Added support for 'Custom NSG deployment'
- Quick template deployment from a link
- Added sk156552 (How to increase the disk size of a CloudGuard VM) link next to the increase the disk size field
- Removed RA VPN from templates
---
.../README.md | 22 +++++
.../createUiDefinition.json | 2 +-
.../mainTemplate.json | 23 ++---
azure/templates/marketplace-ha/README.md | 21 +++++
.../marketplace-ha/createUiDefinition.json | 14 ++-
.../marketplace-ha/mainTemplate.json | 21 +++--
.../marketplace-management/README.md | 21 +++++
.../createUiDefinition.json | 14 ++-
.../marketplace-management/mainTemplate.json | 21 ++---
azure/templates/marketplace-mds/README.md | 21 +++++
.../marketplace-mds/createUiDefinition.json | 14 ++-
.../marketplace-mds/mainTemplate.json | 21 ++---
azure/templates/marketplace-single/README.md | 22 +++++
.../createUiDefinition.json | 14 ++-
.../marketplace-single/mainTemplate.json | 21 ++---
.../createUiDefinition.json | 2 +-
azure/templates/marketplace-vmss/README.md | 23 +++++
.../marketplace-vmss/createUiDefinition.json | 77 +---------------
.../marketplace-vmss/mainTemplate.json | 89 +++----------------
azure/templates/single-ipv6/README.md | 5 ++
azure/templates/single-ipv6/mainTemplate.json | 13 ++-
azure/templates/vmss-ipv6/README.md | 4 +
azure/templates/vmss-ipv6/mainTemplate.json | 75 ++--------------
23 files changed, 275 insertions(+), 285 deletions(-)
create mode 100644 azure/templates/marketplace-gateway-load-balancer/README.md
create mode 100644 azure/templates/marketplace-ha/README.md
create mode 100644 azure/templates/marketplace-management/README.md
create mode 100644 azure/templates/marketplace-mds/README.md
create mode 100644 azure/templates/marketplace-single/README.md
create mode 100644 azure/templates/marketplace-vmss/README.md
diff --git a/azure/templates/marketplace-gateway-load-balancer/README.md b/azure/templates/marketplace-gateway-load-balancer/README.md
new file mode 100644
index 00000000..a970e1a3
--- /dev/null
+++ b/azure/templates/marketplace-gateway-load-balancer/README.md
@@ -0,0 +1,22 @@
+# Check Point CloudGuard Network Security Gateway Load Balancer for Azure
+
+Check Point CloudGuard Network Security delivers advanced, multi-layered threat prevention to protect customer assets in Azure from malware and sophisticated threats. As a Microsoft Azure certified solution, CloudGuard Network Security enables you to easily and seamlessly secure your workloads while providing secure connectivity across your cloud and on-premises environments.
+
+Benefits:
+
+· Advanced threat prevention and traffic inspection
+
+· Integrated with Azure Security Center and Azure Sentinel
+
+· Provides consistent security policy management, enforcement, and reporting with a single pane of glass, using Check Point Unified Security Management
+
+
+
+ 
+
+
+
+To deploy with full control over all the template options use: [Full Control Deployment](https://portal.azure.com/#create/Microsoft.Template/uri/https%3A%2F%2Fraw.githubusercontent.com%2FCheckPointSW%2FCloudGuardIaaS%2Fmaster%2Fazure%2Ftemplates%2Fmarketplace-gateway-load-balancer%2FmainTemplate.json)
+
+
+
diff --git a/azure/templates/marketplace-gateway-load-balancer/createUiDefinition.json b/azure/templates/marketplace-gateway-load-balancer/createUiDefinition.json
index 64b30f66..f1f40e9a 100644
--- a/azure/templates/marketplace-gateway-load-balancer/createUiDefinition.json
+++ b/azure/templates/marketplace-gateway-load-balancer/createUiDefinition.json
@@ -349,7 +349,7 @@
"name": "cloudGuardVersion",
"type": "Microsoft.Common.DropDown",
"label": "Check Point CloudGuard version",
- "defaultValue": "R81.10",
+ "defaultValue": "R81.20",
"toolTip": "The version of Check Point CloudGuard.",
"constraints": {
"allowedValues": [
diff --git a/azure/templates/marketplace-gateway-load-balancer/mainTemplate.json b/azure/templates/marketplace-gateway-load-balancer/mainTemplate.json
index 5a56f00c..8e91fee9 100644
--- a/azure/templates/marketplace-gateway-load-balancer/mainTemplate.json
+++ b/azure/templates/marketplace-gateway-load-balancer/mainTemplate.json
@@ -26,7 +26,7 @@
"R81.20 - Pay As You Go (NGTP)",
"R81.20 - Pay As You Go (NGTX)"
],
- "defaultValue": "R81.10 - Bring Your Own License",
+ "defaultValue": "R81.20 - Bring Your Own License",
"metadata": {
"description": "Version of Check Point CloudGuard"
}
@@ -391,7 +391,7 @@
"variables": {
"resourceGroup": "[resourceGroup()]",
"templateName": "gwlb",
- "templateVersion": "20231002",
+ "templateVersion": "20230910",
"location": "[parameters('location')]",
"offers": {
"R81.10 - Bring Your Own License": "BYOL",
@@ -507,8 +507,9 @@
}
},
"upgrading": "[equals(parameters('upgrading'), 'yes')]",
- "networkSetupURL": "[uri(parameters('_artifactsLocation'), concat('nestedtemplates/vnet-1-subnet-', parameters('vnetNewOrExisting'), '.json', parameters('_artifactsLocationSasToken')))]",
- "loadBalacerSetupURL": "[uri(parameters('_artifactsLocation'), concat('nestedtemplates/gateway-load-balancers.json', parameters('_artifactsLocationSasToken')))]",
+ "_artifactsLocation": "[if(contains(parameters('_artifactsLocation'),'raw.githubusercontent.com/CheckPointSW/CloudGuardIaaS/master/azure/templates/marketplace'),'https://raw.githubusercontent.com/CheckPointSW/CloudGuardIaaS/master/azure/templates/',parameters('_artifactsLocation'))]",
+ "networkSetupURL": "[uri(variables('_artifactsLocation'), concat('nestedtemplates/vnet-1-subnet-', parameters('vnetNewOrExisting'), '.json', parameters('_artifactsLocationSasToken')))]",
+ "loadBalacerSetupURL": "[uri(variables('_artifactsLocation'), concat('nestedtemplates/gateway-load-balancers.json', parameters('_artifactsLocationSasToken')))]",
"lbsTargetRGName": "[parameters('lbsTargetRGName')]",
"lbRGName": "[if(variables('upgrading'), variables('lbsTargetRGName'), resourceGroup().name)]",
"loadBalancerSetupId": "[resourceId(variables('lbRGName'), 'Microsoft.Resources/deployments', 'loadBalancerSetup')]",
@@ -565,9 +566,7 @@
"customMetrics": "[parameters('customMetrics')]",
"monitoringMetricsPublisher": "[concat('/subscriptions/', parameters('subscriptionId'), '/providers/Microsoft.Authorization/roleDefinitions/', '3913510d-42f4-4e42-8a64-420c390055eb')]",
"identity": "[json('{\"type\": \"SystemAssigned\"}')]",
- "NewNsgReference": {
- "id": "[resourceId(variables('vnetRGName'),'Microsoft.Network/networkSecurityGroups', parameters('NewNsgName'))]"
- }
+ "NewNsgReference": {"id": "[resourceId(variables('vnetRGName'),'Microsoft.Network/networkSecurityGroups', parameters('NewNsgName'))]"}
},
"resources": [
{
@@ -632,8 +631,9 @@
"deployNsg": {
"value": "[parameters('deployNewNSG')]"
},
- "NewNsgName": {
- "value": "[parameters('NewNsgName')]"
+ "NewNsgName":
+ {
+ "value":"[parameters('NewNsgName')]"
},
"deployRouteTable": {
"value": true
@@ -675,8 +675,9 @@
"deployNsg": {
"value": "[parameters('deployNewNSG')]"
},
- "NewNsgName": {
- "value": "[parameters('NewNsgName')]"
+ "NewNsgName":
+ {
+ "value":"[parameters('NewNsgName')]"
},
"tagsByResource": {
"value": "[parameters('tagsByResource')]"
diff --git a/azure/templates/marketplace-ha/README.md b/azure/templates/marketplace-ha/README.md
new file mode 100644
index 00000000..e58bd802
--- /dev/null
+++ b/azure/templates/marketplace-ha/README.md
@@ -0,0 +1,21 @@
+# Check Point CloudGuard Network Security High Availability for Azure
+
+Check Point CloudGuard Network Security delivers advanced, multi-layered threat prevention to protect customer assets in Azure from malware and sophisticated threats. As a Microsoft Azure certified solution, CloudGuard Network Security enables you to easily and seamlessly secure your workloads while providing secure connectivity across your cloud and on-premises environments.
+
+Benefits:
+
+· Advanced threat prevention and traffic inspection
+
+· Integrated with Azure Security Center and Azure Sentinel
+
+· Provides consistent security policy management, enforcement, and reporting with a single pane of glass, using Check Point Unified Security Management
+
+
+
+
+
+
+
+To deploy with full control over all the template options use: [Full Control Deployment](https://portal.azure.com/#create/Microsoft.Template/uri/https%3A%2F%2Fraw.githubusercontent.com%2FCheckPointSW%2FCloudGuardIaaS%2Fmaster%2Fazure%2Ftemplates%2Fmarketplace-ha%2FmainTemplate.json)
+
+
diff --git a/azure/templates/marketplace-ha/createUiDefinition.json b/azure/templates/marketplace-ha/createUiDefinition.json
index c90cad74..92f2a4a0 100644
--- a/azure/templates/marketplace-ha/createUiDefinition.json
+++ b/azure/templates/marketplace-ha/createUiDefinition.json
@@ -64,7 +64,7 @@
"name": "cloudGuardVersion",
"type": "Microsoft.Common.DropDown",
"label": "Check Point CloudGuard version",
- "defaultValue": "R81.10",
+ "defaultValue": "R81.20",
"toolTip": "The version of Check Point CloudGuard.",
"constraints": {
"allowedValues": [
@@ -1721,6 +1721,18 @@
]
}
},
+ {
+ "name": "basics settings text block",
+ "type": "Microsoft.Common.TextBlock",
+ "visible": true,
+ "options": {
+ "text": "Please follow the Check Point referenced guide for adding disk space.",
+ "link": {
+ "label": "Additional disk space in CloudGuard",
+ "uri": "https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk156552"
+ }
+ }
+ },
{
"name": "additionalDiskSizeGB",
"type": "Microsoft.Common.TextBox",
diff --git a/azure/templates/marketplace-ha/mainTemplate.json b/azure/templates/marketplace-ha/mainTemplate.json
index 11c28301..2421f2cd 100644
--- a/azure/templates/marketplace-ha/mainTemplate.json
+++ b/azure/templates/marketplace-ha/mainTemplate.json
@@ -25,7 +25,7 @@
"R81.20 - Pay As You Go (NGTP)",
"R81.20 - Pay As You Go (NGTX)"
],
- "defaultValue": "R81.10 - Bring Your Own License",
+ "defaultValue": "R81.20 - Bring Your Own License",
"metadata": {
"description": "Check Point CloudGuard version"
}
@@ -356,7 +356,7 @@
"VIPs_Number": "[int(parameters('VipsNumber'))]",
"Vip_Names": "[split(parameters('VipNames'), ',')]",
"templateName": "ha",
- "templateVersion": "20231002",
+ "templateVersion": "20230910",
"location": "[parameters('location')]",
"elbPublicIPName": "frontend-lb-address",
"haPublicIPName": "[parameters('vmName')]",
@@ -505,8 +505,9 @@
"count": 2,
"bootstrapScript64": "[base64(parameters('bootstrapScript'))]",
"allowUploadDownload": "[parameters('allowDownloadFromUploadToCheckPoint')]",
- "networkSetupURL": "[uri(parameters('_artifactsLocation'), concat('nestedtemplates/vnet-2-subnet-ha2-', parameters('vnetNewOrExisting'), '.json', parameters('_artifactsLocationSasToken')))]",
- "ExsitingNsgRoleAssignmentURL": "[uri(parameters('_artifactsLocation'), concat('nestedtemplates/existing-nsg-RoleAssignment', '.json'))]",
+ "_artifactsLocation": "[if(contains(parameters('_artifactsLocation'),'raw.githubusercontent.com/CheckPointSW/CloudGuardIaaS/master/azure/templates/marketplace'),'https://raw.githubusercontent.com/CheckPointSW/CloudGuardIaaS/master/azure/templates/',parameters('_artifactsLocation'))]",
+ "networkSetupURL": "[uri(variables('_artifactsLocation'), concat('nestedtemplates/vnet-2-subnet-ha2-', parameters('vnetNewOrExisting'), '.json', parameters('_artifactsLocationSasToken')))]",
+ "ExsitingNsgRoleAssignmentURL": "[uri(variables('_artifactsLocation'), concat('nestedtemplates/existing-nsg-RoleAssignment', '.json'))]",
"sicKey": "[parameters('sicKey')]",
"installationType": "cluster",
"internalLBPrivateIPAddress": "[parameters('Subnet2StartAddress')]",
@@ -725,8 +726,9 @@
"deployNsg": {
"value": "[parameters('deployNewNSG')]"
},
- "NewNsgName": {
- "value": "[parameters('NewNsgName')]"
+ "NewNsgName":
+ {
+ "value":"[parameters('NewNsgName')]"
},
"tagsByResource": {
"value": "[parameters('tagsByResource')]"
@@ -758,8 +760,9 @@
"deployNsg": {
"value": "[parameters('deployNewNSG')]"
},
- "NewNsgName": {
- "value": "[parameters('NewNsgName')]"
+ "NewNsgName":
+ {
+ "value":"[parameters('NewNsgName')]"
},
"tagsByResource": {
"value": "[parameters('tagsByResource')]"
@@ -1245,4 +1248,4 @@
"value": "[reference(variables('gwPublicIPIds')[1]).dnsSettings.fqdn]"
}
}
-}
\ No newline at end of file
+}
diff --git a/azure/templates/marketplace-management/README.md b/azure/templates/marketplace-management/README.md
new file mode 100644
index 00000000..ae636acd
--- /dev/null
+++ b/azure/templates/marketplace-management/README.md
@@ -0,0 +1,21 @@
+# Check Point CloudGuard Network Security Management for Azure
+
+Check Point CloudGuard Network Security delivers advanced, multi-layered threat prevention to protect customer assets in Azure from malware and sophisticated threats. As a Microsoft Azure certified solution, CloudGuard Network Security enables you to easily and seamlessly secure your workloads while providing secure connectivity across your cloud and on-premises environments.
+
+Benefits:
+
+· Advanced threat prevention and traffic inspection
+
+· Integrated with Azure Security Center and Azure Sentinel
+
+· Provides consistent security policy management, enforcement, and reporting with a single pane of glass, using Check Point Unified Security Management
+
+
+
+
+
+
+
+To deploy with full control over all the template options use: [Full Control Deployment](https://portal.azure.com/#create/Microsoft.Template/uri/https%3A%2F%2Fraw.githubusercontent.com%2FCheckPointSW%2FCloudGuardIaaS%2Fmaster%2Fazure%2Ftemplates%2Fmarketplace-management%2FmainTemplate.json)
+
+
diff --git a/azure/templates/marketplace-management/createUiDefinition.json b/azure/templates/marketplace-management/createUiDefinition.json
index 6bc6e5af..0b64bbec 100644
--- a/azure/templates/marketplace-management/createUiDefinition.json
+++ b/azure/templates/marketplace-management/createUiDefinition.json
@@ -64,7 +64,7 @@
"name": "cloudGuardVersion",
"type": "Microsoft.Common.DropDown",
"label": "Check Point CloudGuard version",
- "defaultValue": "R81.10",
+ "defaultValue": "R81.20",
"toolTip": "The version of Check Point CloudGuard.",
"constraints": {
"allowedValues": [
@@ -591,6 +591,18 @@
]
}
},
+ {
+ "name": "basics settings text block",
+ "type": "Microsoft.Common.TextBlock",
+ "visible": true,
+ "options": {
+ "text": "Please follow the Check Point referenced guide for adding disk space.",
+ "link": {
+ "label": "Additional disk space in CloudGuard",
+ "uri": "https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk156552"
+ }
+ }
+ },
{
"name": "additionalDiskSizeGB",
"type": "Microsoft.Common.TextBox",
diff --git a/azure/templates/marketplace-management/mainTemplate.json b/azure/templates/marketplace-management/mainTemplate.json
index 0a3e5201..1103a8bb 100644
--- a/azure/templates/marketplace-management/mainTemplate.json
+++ b/azure/templates/marketplace-management/mainTemplate.json
@@ -21,7 +21,7 @@
"R81.20 - Bring Your Own License",
"R81.20 - Pay As You Go (MGMT25)"
],
- "defaultValue": "R81.10 - Bring Your Own License",
+ "defaultValue": "R81.20 - Bring Your Own License",
"metadata": {
"description": "Version of Check Point CloudGuard"
}
@@ -259,7 +259,7 @@
},
"variables": {
"templateName": "management",
- "templateVersion": "20231002",
+ "templateVersion": "20230910",
"location": "[parameters('location')]",
"offers": {
"R80.40 - Bring Your Own License": "BYOL",
@@ -342,13 +342,12 @@
"publicIPAddressId": "[resourceId('Microsoft.Network/publicIPAddresses', variables('publicIPAddressName'))]",
"bootstrapScript64": "[base64(parameters('bootstrapScript'))]",
"allowUploadDownload": "[parameters('allowDownloadFromUploadToCheckPoint')]",
- "networkSetupURL": "[uri(parameters('_artifactsLocation'), concat('nestedtemplates/vnet-1-subnet-', parameters('vnetNewOrExisting'), '.json', parameters('_artifactsLocationSasToken')))]",
+ "_artifactsLocation": "[if(contains(parameters('_artifactsLocation'),'raw.githubusercontent.com/CheckPointSW/CloudGuardIaaS/master/azure/templates/marketplace'),'https://raw.githubusercontent.com/CheckPointSW/CloudGuardIaaS/master/azure/templates/',parameters('_artifactsLocation'))]",
+ "networkSetupURL": "[uri(variables('_artifactsLocation'), concat('nestedtemplates/vnet-1-subnet-', parameters('vnetNewOrExisting'), '.json', parameters('_artifactsLocationSasToken')))]",
"managementGUIClientNetwork": "[parameters('managementGUIClientNetwork')]",
"deployNewVnet": "[equals(parameters('vnetNewOrExisting'), 'new')]",
"vnetRGName": "[if(variables('deployNewVnet'), resourceGroup().name, parameters('virtualNetworkExistingRGName'))]",
- "NewNsgReference": {
- "id": "[resourceId('Microsoft.Network/networkSecurityGroups', parameters('NewNsgName'))]"
- }
+ "NewNsgReference": {"id": "[resourceId('Microsoft.Network/networkSecurityGroups', parameters('NewNsgName'))]"}
},
"resources": [
{
@@ -410,8 +409,9 @@
"deployNsg": {
"value": false
},
- "NewNsgName": {
- "value": "[parameters('NewNsgName')]"
+ "NewNsgName":
+ {
+ "value":"[parameters('NewNsgName')]"
},
"tagsByResource": {
"value": "[parameters('tagsByResource')]"
@@ -446,8 +446,9 @@
"deployNsg": {
"value": false
},
- "NewNsgName": {
- "value": "[parameters('NewNsgName')]"
+ "NewNsgName":
+ {
+ "value":"[parameters('NewNsgName')]"
},
"tagsByResource": {
"value": "[parameters('tagsByResource')]"
diff --git a/azure/templates/marketplace-mds/README.md b/azure/templates/marketplace-mds/README.md
new file mode 100644
index 00000000..83bf14c5
--- /dev/null
+++ b/azure/templates/marketplace-mds/README.md
@@ -0,0 +1,21 @@
+# Check Point CloudGuard Network Security MDS for Azure
+
+Check Point CloudGuard Network Security delivers advanced, multi-layered threat prevention to protect customer assets in Azure from malware and sophisticated threats. As a Microsoft Azure certified solution, CloudGuard Network Security enables you to easily and seamlessly secure your workloads while providing secure connectivity across your cloud and on-premises environments.
+
+Benefits:
+
+· Advanced threat prevention and traffic inspection
+
+· Integrated with Azure Security Center and Azure Sentinel
+
+· Provides consistent security policy management, enforcement, and reporting with a single pane of glass, using Check Point Unified Security Management
+
+
+
+
+
+
+
+To deploy with full control over all the template options use: [Full Control Deployment](https://portal.azure.com/#create/Microsoft.Template/uri/https%3A%2F%2Fraw.githubusercontent.com%2FCheckPointSW%2FCloudGuardIaaS%2Fmaster%2Fazure%2Ftemplates%2Fmarketplace-mds%2FmainTemplate.json)
+
+
diff --git a/azure/templates/marketplace-mds/createUiDefinition.json b/azure/templates/marketplace-mds/createUiDefinition.json
index 617e60e9..333f8484 100644
--- a/azure/templates/marketplace-mds/createUiDefinition.json
+++ b/azure/templates/marketplace-mds/createUiDefinition.json
@@ -64,7 +64,7 @@
"name": "cloudGuardVersion",
"type": "Microsoft.Common.DropDown",
"label": "Check Point CloudGuard version",
- "defaultValue": "R81.10",
+ "defaultValue": "R81.20",
"toolTip": "The version of Check Point CloudGuard.",
"constraints": {
"allowedValues": [
@@ -428,6 +428,18 @@
]
}
},
+ {
+ "name": "basics settings text block",
+ "type": "Microsoft.Common.TextBlock",
+ "visible": true,
+ "options": {
+ "text": "Please follow the Check Point referenced guide for adding disk space.",
+ "link": {
+ "label": "Additional disk space in CloudGuard",
+ "uri": "https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk156552"
+ }
+ }
+ },
{
"name": "additionalDiskSizeGB",
"type": "Microsoft.Common.TextBox",
diff --git a/azure/templates/marketplace-mds/mainTemplate.json b/azure/templates/marketplace-mds/mainTemplate.json
index 359c48b9..3256924f 100644
--- a/azure/templates/marketplace-mds/mainTemplate.json
+++ b/azure/templates/marketplace-mds/mainTemplate.json
@@ -17,7 +17,7 @@
"R81.10 - Bring Your Own License",
"R81.20 - Bring Your Own License"
],
- "defaultValue": "R81.10 - Bring Your Own License",
+ "defaultValue": "R81.20 - Bring Your Own License",
"metadata": {
"description": "Version of Check Point CloudGuard"
}
@@ -250,7 +250,7 @@
},
"variables": {
"templateName": "mds",
- "templateVersion": "20231002",
+ "templateVersion": "20230910",
"location": "[parameters('location')]",
"offers": {
"R80.40 - Bring Your Own License": "BYOL",
@@ -317,13 +317,12 @@
"publicIPAddressId": "[resourceId('Microsoft.Network/publicIPAddresses', variables('publicIPAddressName'))]",
"bootstrapScript64": "[base64(parameters('bootstrapScript'))]",
"allowUploadDownload": "[parameters('allowDownloadFromUploadToCheckPoint')]",
- "networkSetupURL": "[uri(parameters('_artifactsLocation'), concat('nestedtemplates/vnet-1-subnet-', parameters('vnetNewOrExisting'), '.json', parameters('_artifactsLocationSasToken')))]",
+ "_artifactsLocation": "[if(contains(parameters('_artifactsLocation'),'raw.githubusercontent.com/CheckPointSW/CloudGuardIaaS/master/azure/templates/marketplace'),'https://raw.githubusercontent.com/CheckPointSW/CloudGuardIaaS/master/azure/templates/',parameters('_artifactsLocation'))]",
+ "networkSetupURL": "[uri(variables('_artifactsLocation'), concat('nestedtemplates/vnet-1-subnet-', parameters('vnetNewOrExisting'), '.json', parameters('_artifactsLocationSasToken')))]",
"managementGUIClientNetwork": "[parameters('managementGUIClientNetwork')]",
"deployNewVnet": "[equals(parameters('vnetNewOrExisting'), 'new')]",
"vnetRGName": "[if(variables('deployNewVnet'), resourceGroup().name, parameters('virtualNetworkExistingRGName'))]",
- "NewNsgReference": {
- "id": "[resourceId('Microsoft.Network/networkSecurityGroups', parameters('NewNsgName'))]"
- }
+ "NewNsgReference": {"id": "[resourceId('Microsoft.Network/networkSecurityGroups', parameters('NewNsgName'))]"}
},
"resources": [
{
@@ -388,8 +387,9 @@
"deployNsg": {
"value": false
},
- "NewNsgName": {
- "value": "[parameters('NewNsgName')]"
+ "NewNsgName":
+ {
+ "value":"[parameters('NewNsgName')]"
}
}
}
@@ -424,8 +424,9 @@
"deployNsg": {
"value": false
},
- "NewNsgName": {
- "value": "[parameters('NewNsgName')]"
+ "NewNsgName":
+ {
+ "value":"[parameters('NewNsgName')]"
}
}
}
diff --git a/azure/templates/marketplace-single/README.md b/azure/templates/marketplace-single/README.md
new file mode 100644
index 00000000..e092fdd8
--- /dev/null
+++ b/azure/templates/marketplace-single/README.md
@@ -0,0 +1,22 @@
+# Check Point CloudGuard Network Security Single Gateway for Azure
+
+Check Point CloudGuard Network Security delivers advanced, multi-layered threat prevention to protect customer assets in Azure from malware and sophisticated threats. As a Microsoft Azure certified solution, CloudGuard Network Security enables you to easily and seamlessly secure your workloads while providing secure connectivity across your cloud and on-premises environments.
+
+Benefits:
+
+· Advanced threat prevention and traffic inspection
+
+· Integrated with Azure Security Center and Azure Sentinel
+
+· Provides consistent security policy management, enforcement, and reporting with a single pane of glass, using Check Point Unified Security Management
+
+
+
+
+
+
+
+To deploy with full control over all the template options use: [Full Control Deployment](https://portal.azure.com/#create/Microsoft.Template/uri/https%3A%2F%2Fraw.githubusercontent.com%2FCheckPointSW%2FCloudGuardIaaS%2Fmaster%2Fazure%2Ftemplates%2Fmarketplace-single%2FmainTemplate.json)
+
+
+
diff --git a/azure/templates/marketplace-single/createUiDefinition.json b/azure/templates/marketplace-single/createUiDefinition.json
index 695fb81f..93230dd8 100644
--- a/azure/templates/marketplace-single/createUiDefinition.json
+++ b/azure/templates/marketplace-single/createUiDefinition.json
@@ -64,7 +64,7 @@
"name": "cloudGuardVersion",
"type": "Microsoft.Common.DropDown",
"label": "Check Point CloudGuard version",
- "defaultValue": "R81.10",
+ "defaultValue": "R81.20",
"toolTip": "The version of Check Point CloudGuard.",
"constraints": {
"allowedValues": [
@@ -1723,6 +1723,18 @@
]
}
},
+ {
+ "name": "basics settings text block",
+ "type": "Microsoft.Common.TextBlock",
+ "visible": true,
+ "options": {
+ "text": "Please follow the Check Point referenced guide for adding disk space.",
+ "link": {
+ "label": "Additional disk space in CloudGuard",
+ "uri": "https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk156552"
+ }
+ }
+ },
{
"name": "additionalDiskSizeGB",
"type": "Microsoft.Common.TextBox",
diff --git a/azure/templates/marketplace-single/mainTemplate.json b/azure/templates/marketplace-single/mainTemplate.json
index 9825e3df..4e57e59b 100644
--- a/azure/templates/marketplace-single/mainTemplate.json
+++ b/azure/templates/marketplace-single/mainTemplate.json
@@ -32,7 +32,7 @@
"R81.20 - Pay As You Go (NGTP)",
"R81.20 - Pay As You Go (NGTX)"
],
- "defaultValue": "R81.10 - Bring Your Own License",
+ "defaultValue": "R81.20 - Bring Your Own License",
"metadata": {
"description": "Version of Check Point CloudGuard"
}
@@ -298,7 +298,7 @@
},
"variables": {
"templateName": "single",
- "templateVersion": "20231002",
+ "templateVersion": "20230910",
"location": "[parameters('location')]",
"offers": {
"R80.40 - Bring Your Own License": "BYOL",
@@ -423,7 +423,8 @@
"publicIPAddressId": "[resourceId('Microsoft.Network/publicIPAddresses/', variables('publicIPAddressName'))]",
"bootstrapScript64": "[base64(parameters('bootstrapScript'))]",
"allowUploadDownload": "[parameters('allowDownloadFromUploadToCheckPoint')]",
- "networkSetupURL": "[uri(parameters('_artifactsLocation'), concat('nestedtemplates/vnet-', parameters('vnetNewOrExisting'), '.json', parameters('_artifactsLocationSasToken')))]",
+ "_artifactsLocation": "[if(contains(parameters('_artifactsLocation'),'raw.githubusercontent.com/CheckPointSW/CloudGuardIaaS/master/azure/templates/marketplace'),'https://raw.githubusercontent.com/CheckPointSW/CloudGuardIaaS/master/azure/templates/',parameters('_artifactsLocation'))]",
+ "networkSetupURL": "[uri(variables('_artifactsLocation'), concat('nestedtemplates/vnet-', parameters('vnetNewOrExisting'), '.json', parameters('_artifactsLocationSasToken')))]",
"sicKey": "[parameters('sicKey')]",
"managementGUIClientNetwork": "[parameters('managementGUIClientNetwork')]",
"vmID": "[resourceId('Microsoft.Compute/virtualMachines/', parameters('vmName'))]",
@@ -432,9 +433,7 @@
"monitoringMetricsPublisher": "[concat('/subscriptions/', parameters('subscriptionId'), '/providers/Microsoft.Authorization/roleDefinitions/', '3913510d-42f4-4e42-8a64-420c390055eb')]",
"deployNewVnet": "[equals(parameters('vnetNewOrExisting'), 'new')]",
"vnetRGName": "[if(variables('deployNewVnet'), resourceGroup().name, parameters('virtualNetworkExistingRGName'))]",
- "NewNsgReference": {
- "id": "[resourceId('Microsoft.Network/networkSecurityGroups', parameters('NewNsgName'))]"
- }
+ "NewNsgReference": {"id": "[resourceId('Microsoft.Network/networkSecurityGroups', parameters('NewNsgName'))]"}
},
"resources": [
{
@@ -511,8 +510,9 @@
"deployNsg": {
"value": "[parameters('deployNewNSG')]"
},
- "NewNsgName": {
- "value": "[parameters('NewNsgName')]"
+ "NewNsgName":
+ {
+ "value":"[parameters('NewNsgName')]"
}
}
}
@@ -544,8 +544,9 @@
"deployNsg": {
"value": "[parameters('deployNewNSG')]"
},
- "NewNsgName": {
- "value": "[parameters('NewNsgName')]"
+ "NewNsgName":
+ {
+ "value":"[parameters('NewNsgName')]"
}
}
}
diff --git a/azure/templates/marketplace-stack-single/createUiDefinition.json b/azure/templates/marketplace-stack-single/createUiDefinition.json
index fb1b75c7..0f5e5b38 100644
--- a/azure/templates/marketplace-stack-single/createUiDefinition.json
+++ b/azure/templates/marketplace-stack-single/createUiDefinition.json
@@ -825,7 +825,7 @@
"sku": "sg-ngtx"
},
"count": 1
- },
+ },
{
"name": "sicKeyUi",
"type": "Microsoft.Common.PasswordBox",
diff --git a/azure/templates/marketplace-vmss/README.md b/azure/templates/marketplace-vmss/README.md
new file mode 100644
index 00000000..3c632bf9
--- /dev/null
+++ b/azure/templates/marketplace-vmss/README.md
@@ -0,0 +1,23 @@
+# Check Point CloudGuard Network Security VMSS for Azure
+
+Check Point CloudGuard Network Security delivers advanced, multi-layered threat prevention to protect customer assets in Azure from malware and sophisticated threats. As a Microsoft Azure certified solution, CloudGuard Network Security enables you to easily and seamlessly secure your workloads while providing secure connectivity across your cloud and on-premises environments.
+
+Benefits:
+
+· Advanced threat prevention and traffic inspection
+
+· Integrated with Azure Security Center and Azure Sentinel
+
+· Provides consistent security policy management, enforcement, and reporting with a single pane of glass, using Check Point Unified Security Management
+
+
+
+
+
+
+
+
+To deploy with full control over all the template options use: [Full Control Deployment](https://portal.azure.com/#create/Microsoft.Template/uri/https%3A%2F%2Fraw.githubusercontent.com%2FCheckPointSW%2FCloudGuardIaaS%2Fmaster%2Fazure%2Ftemplates%2Fmarketplace-vmss%2FmainTemplate.json)
+
+
+
diff --git a/azure/templates/marketplace-vmss/createUiDefinition.json b/azure/templates/marketplace-vmss/createUiDefinition.json
index d46b1c81..72b21d92 100644
--- a/azure/templates/marketplace-vmss/createUiDefinition.json
+++ b/azure/templates/marketplace-vmss/createUiDefinition.json
@@ -543,69 +543,6 @@
]
}
},
- {
- "name": "remoteAccessVpn",
- "type": "Microsoft.Common.OptionsGroup",
- "label": "Use Remote Access VPN",
- "defaultValue": "No",
- "toolTip": "Use Remote Access VPN functionality. Remote Access VPN is supported from R80.40 Management Server or Multi-Domain Management Server until R81.10, and from R80.40 Gateway version until R81.10.",
- "constraints": {
- "allowedValues": [
- {
- "label": "No",
- "value": "no"
- },
- {
- "label": "Yes",
- "value": "yes"
- }
- ],
- "required": true
- }
- },
- {
- "name": "dnsZoneResourceId",
- "type": "Microsoft.Common.TextBox",
- "label": "DNS Zone Resource ID",
- "toolTip": "The Azure Dns Zone ID to be used for defining a Record Set with VMSS Instances' public IPs",
- "constraints": {
- "required": true,
- "regex": "^/subscriptions/.*/providers/Microsoft.Network/dnszones/",
- "validationMessage": "DNS Zone resource ID must strat with \"/subscriptions/\" and contain \"/providers/Microsoft.Network/dnszones\".The DNS Zone resource ID can be found in the DNS Zone Properties tab"
- },
- "visible": "[and(equals(steps('autoprovision').remoteAccessVpn, 'yes'), not(equals(steps('autoprovision').instanceLevelPublicIP, 'no')))]"
- },
- {
- "name": "remoteAccessExistingRecordSetInfoBox",
- "type": "Microsoft.Common.InfoBox",
- "visible": "[and(equals(steps('autoprovision').remoteAccessVpn, 'yes'), not(equals(steps('autoprovision').instanceLevelPublicIP, 'no')))]",
- "options": {
- "icon": "Warning",
- "text": "In case an existing Record Set is used, all its records will be replaced with VMSS Instances' public IPs."
- }
- },
- {
- "name": "dnsZoneRecordSetName",
- "type": "Microsoft.Common.TextBox",
- "label": "New or existing DNS Zone Record Set Name (Label)",
- "toolTip": "The DNS Zone Record Set contains VMSS Instances' public IPs. A new or an existing Record Set can be used. In case an existing Record Set is used, all its records will be replaced with VMSS Instances' public IPs.",
- "defaultValue": "remote-access-instances",
- "constraints": {
- "required": true,
- "regex": "^[a-z0-9A-Z_\\-]{1,63}$",
- "validationMessage": "Each Record Set must only contain letters, numbers, underscores, and/or dashes, the value must be 1-63 characters long. Each label should be separated from other labels by a period. A wildcard ('*' character) is permitted either as the single character in the name, or as the first label in the name. An empty value, or a single '@' character is permitted for record sets at the zone apex ."
- },
- "visible": "[and(equals(steps('autoprovision').remoteAccessVpn, 'yes'), not(equals(steps('autoprovision').instanceLevelPublicIP, 'no')))]"
- },
- {
- "name": "remoteAccessCommunicationInfoBox",
- "type": "Microsoft.Common.InfoBox",
- "visible": "[and(equals(steps('autoprovision').remoteAccessVpn, 'yes'), equals(steps('autoprovision').instanceLevelPublicIP, 'no'))]",
- "options": {
- "icon": "Error",
- "text": "For Remote Access VPN configuration it is mandatory to deploy instance level public IP addresses."
- }
- },
{
"name": "customMetrics",
"type": "Microsoft.Common.OptionsGroup",
@@ -625,15 +562,6 @@
]
},
"visible": true
- },
- {
- "name": "remoteAccessCustomMetricsInfoBox",
- "type": "Microsoft.Common.InfoBox",
- "visible": "[and(equals(steps('autoprovision').remoteAccessVpn, 'yes'), not(equals(steps('autoprovision').customMetrics, 'yes')))]",
- "options": {
- "icon": "Warning",
- "text": "When Remote Access VPN is enabled it is recommended to use Scaling policy that is based on the \"IPsec number of VPN-1 RA peers\" CloudGuard metric. See the VMSS admin guide for more information."
- }
}
]
},
@@ -650,7 +578,7 @@
"name": "cloudGuardVersion",
"type": "Microsoft.Common.DropDown",
"label": "Check Point CloudGuard version",
- "defaultValue": "R81.10",
+ "defaultValue": "R81.20",
"toolTip": "The version of Check Point CloudGuard.",
"constraints": {
"allowedValues": [
@@ -2459,9 +2387,6 @@
"appLoadDistribution": "[steps('autoprovision').appLoadDistribution]",
"ilbLoadDistribution": "[steps('autoprovision').ilbLoadDistribution]",
"availabilityZonesNum": "[coalesce(steps('autoprovision').availabilityZonesNum, int('0'))]",
- "remoteAccessVpn": "[steps('autoprovision').remoteAccessVpn]",
- "dnsZoneResourceId": "[steps('autoprovision').dnsZoneResourceId]",
- "dnsZoneRecordSetName": "[steps('autoprovision').dnsZoneRecordSetName]",
"customMetrics": "[steps('autoprovision').customMetrics]",
"cloudGuardVersion": "[concat(steps('chkp').cloudGuardVersion, ' - ', coalesce(steps('chkp').R80Offer, 'Bring Your Own License'))]",
"vmSize": "[coalesce(steps('chkp').R8040vmSizeUiBYOL, steps('chkp').R8040vmSizeUiNGTP, steps('chkp').R8040vmSizeUiNGTX, steps('chkp').R81vmSizeUiBYOL, steps('chkp').R81vmSizeUiNGTP, steps('chkp').R81vmSizeUiNGTX, steps('chkp').R8110vmSizeUiBYOL, steps('chkp').R8110vmSizeUiNGTP, steps('chkp').R8110vmSizeUiNGTX, steps('chkp').R8120vmSizeUiBYOL, steps('chkp').R8120vmSizeUiNGTP, steps('chkp').R8120vmSizeUiNGTX)]",
diff --git a/azure/templates/marketplace-vmss/mainTemplate.json b/azure/templates/marketplace-vmss/mainTemplate.json
index ed0b770b..8fe2fbce 100644
--- a/azure/templates/marketplace-vmss/mainTemplate.json
+++ b/azure/templates/marketplace-vmss/mainTemplate.json
@@ -32,7 +32,7 @@
"R81.20 - Pay As You Go (NGTP)",
"R81.20 - Pay As You Go (NGTX)"
],
- "defaultValue": "R81.10 - Bring Your Own License",
+ "defaultValue": "R81.20 - Bring Your Own License",
"metadata": {
"description": "Version of Check Point CloudGuard"
}
@@ -449,31 +449,6 @@
},
"defaultValue": ""
},
- "remoteAccessVpn": {
- "type": "string",
- "allowedValues": [
- "no",
- "yes"
- ],
- "defaultValue": "no",
- "metadata": {
- "Description": "Indicates whether the remote access VPN will be used"
- }
- },
- "dnsZoneResourceId": {
- "type": "string",
- "defaultValue": "Define a DNS Zone Resource ID only in case Remote Access VPN usage and DNS Zone(domain) is already exists",
- "metadata": {
- "description": "DNS Zone DNS Zone Resource ID"
- }
- },
- "dnsZoneRecordSetName": {
- "type": "string",
- "defaultValue": "remote-access-instances",
- "metadata": {
- "description": "DNS Zone Record Set name"
- }
- },
"customMetrics": {
"type": "string",
"allowedValues": [
@@ -510,7 +485,7 @@
"resourceGroup": "[resourceGroup()]",
"resourceGroupName": "[resourceGroup().name]",
"templateName": "vmss-v2",
- "templateVersion": "20231002",
+ "templateVersion": "20230910",
"location": "[parameters('location')]",
"offers": {
"R80.40 - Bring Your Own License": "BYOL",
@@ -633,9 +608,9 @@
"sicKey": "[parameters('sicKey')]",
"installationType": "vmss",
"upgrading": "[equals(parameters('upgrading'), 'yes')]",
- "networkSetupURL": "[uri(parameters('_artifactsLocation'), concat('nestedtemplates/vnet-2-subnet-ha-', parameters('vnetNewOrExisting'), '.json', parameters('_artifactsLocationSasToken')))]",
- "loadBalacerSetupURL": "[uri(parameters('_artifactsLocation'), concat('nestedtemplates/load-balancers.json', parameters('_artifactsLocationSasToken')))]",
- "azureFunctionSetupURL": "[uri(parameters('_artifactsLocation'), concat('nestedtemplates/azure-func-sami.json', parameters('_artifactsLocationSasToken')))]",
+ "_artifactsLocation": "[if(contains(parameters('_artifactsLocation'),'raw.githubusercontent.com/CheckPointSW/CloudGuardIaaS/master/azure/templates/marketplace'),'https://raw.githubusercontent.com/CheckPointSW/CloudGuardIaaS/master/azure/templates/',parameters('_artifactsLocation'))]",
+ "networkSetupURL": "[uri(variables('_artifactsLocation'), concat('nestedtemplates/vnet-2-subnet-ha-', parameters('vnetNewOrExisting'), '.json', parameters('_artifactsLocationSasToken')))]",
+ "loadBalacerSetupURL": "[uri(variables('_artifactsLocation'), concat('nestedtemplates/load-balancers.json', parameters('_artifactsLocationSasToken')))]",
"lbsTargetRGName": "[parameters('lbsTargetRGName')]",
"lbRGName": "[if(variables('upgrading'), variables('lbsTargetRGName'), resourceGroup().name)]",
"loadBalancerSetupId": "[resourceId(variables('lbRGName'), 'Microsoft.Resources/deployments', 'loadBalancerSetup')]",
@@ -690,9 +665,6 @@
"x-chkp-management-address": "[variables('mgmtIPaddress')]"
},
"vmssTags": "[if(equals(variables('mgmtIPaddress'), ''), variables('commomTags'), union(variables('commomTags'), variables('uniqueTags')))]",
- "dnsZoneResourceId": "[parameters('dnsZoneResourceId')]",
- "dnsZoneRecordSetName": "[parameters('dnsZoneRecordSetName')]",
- "numberOfRecordSetEntries": "20",
"customMetrics": "[parameters('customMetrics')]",
"monitoringMetricsPublisher": "[concat('/subscriptions/', parameters('subscriptionId'), '/providers/Microsoft.Authorization/roleDefinitions/', '3913510d-42f4-4e42-8a64-420c390055eb')]",
"identity": "[json('{\"type\": \"SystemAssigned\"}')]",
@@ -724,9 +696,7 @@
},
"publicIPPrefixLength": "[variables('IPv4Lengths')[parameters('IPv4Length')]]",
"useIpPrefix": "[if(equals(parameters('publicIPPrefix'), 'yes'), variables('publicIPPropertiesWithPrefix'), variables('publicIPPropertiesWithoutPrefix'))]",
- "NewNsgReference": {
- "id": "[resourceId(variables('vnetRGName'),'Microsoft.Network/networkSecurityGroups', parameters('NewNsgName'))]"
- }
+ "NewNsgReference": {"id": "[resourceId(variables('vnetRGName'),'Microsoft.Network/networkSecurityGroups', parameters('NewNsgName'))]"}
},
"resources": [
{
@@ -813,8 +783,9 @@
"deployNsg": {
"value": "[parameters('deployNewNSG')]"
},
- "NewNsgName": {
- "value": "[parameters('NewNsgName')]"
+ "NewNsgName":
+ {
+ "value":"[parameters('NewNsgName')]"
},
"tagsByResource": {
"value": "[parameters('tagsByResource')]"
@@ -850,45 +821,9 @@
"deployNsg": {
"value": "[parameters('deployNewNSG')]"
},
- "NewNsgName": {
- "value": "[parameters('NewNsgName')]"
- },
- "tagsByResource": {
- "value": "[parameters('tagsByResource')]"
- }
- }
- }
- },
- {
- "condition": "[and(equals(parameters('remoteAccessVpn'), 'yes'),or(contains(parameters('cloudGuardVersion'),'R80.40'),contains(parameters('cloudGuardVersion'),'R81')))]",
- "name": "azureFunctionSetup",
- "type": "Microsoft.Resources/deployments",
- "apiVersion": "2020-06-01",
- "resourceGroup": "[resourceGroup().name]",
- "properties": {
- "mode": "Incremental",
- "templateLink": {
- "uri": "[variables('azureFunctionSetupURL')]",
- "contentVersion": "1.0.0.0"
- },
- "parameters": {
- "location": {
- "value": "[variables('location')]"
- },
- "dnsZoneResourceId": {
- "value": "[variables('dnsZoneResourceId')]"
- },
- "dnsZoneRecordSetName": {
- "value": "[variables('dnsZoneRecordSetName')]"
- },
- "numberOfRecordSetEntries": {
- "value": "[variables('numberOfRecordSetEntries')]"
- },
- "vmssResourceGroupName": {
- "value": "[resourceGroup().name]"
- },
- "vmssName": {
- "value": "[parameters('vmName')]"
+ "NewNsgName":
+ {
+ "value":"[parameters('NewNsgName')]"
},
"tagsByResource": {
"value": "[parameters('tagsByResource')]"
diff --git a/azure/templates/single-ipv6/README.md b/azure/templates/single-ipv6/README.md
index 6ea54d37..57e098d6 100755
--- a/azure/templates/single-ipv6/README.md
+++ b/azure/templates/single-ipv6/README.md
@@ -3,3 +3,8 @@ Azure's IPv6 connectivity makes it easy to provide dual stack (IPv4/IPv6) Intern
It allows for simple deployment of VMs with load balanced IPv6 connectivity for both inbound and outbound initiated connections.
Follow [sk170760](https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk170760) instruction to deploy dual stack (IPv4/IPv6) CloudGuard IaaS Security Gateway in Azure.
+
+
+
+
+
diff --git a/azure/templates/single-ipv6/mainTemplate.json b/azure/templates/single-ipv6/mainTemplate.json
index 6e7bc275..1b2c9797 100755
--- a/azure/templates/single-ipv6/mainTemplate.json
+++ b/azure/templates/single-ipv6/mainTemplate.json
@@ -25,7 +25,7 @@
"R81.20 - Pay As You Go (NGTP)",
"R81.20 - Pay As You Go (NGTX)"
],
- "defaultValue": "R81.10 - Bring Your Own License",
+ "defaultValue": "R81.20 - Bring Your Own License",
"metadata": {
"description": "Version of Check Point CloudGuard"
}
@@ -288,7 +288,7 @@
"subnetName": "[parameters('Subnet1Name')]",
"subnet2Name": "[parameters('Subnet2Name')]",
"templateName": "singleIpv6",
- "templateVersion": "20230124",
+ "templateVersion": "20230910",
"location": "[parameters('location')]",
"subnet-id": "[resourceId(parameters('virtualNetworkExistingRGName'), 'Microsoft.Network/virtualNetworks/subnets', variables('virtualNetworkName'), variables('subnetName'))]",
"subnet2-id": "[resourceId(parameters('virtualNetworkExistingRGName'), 'Microsoft.Network/virtualNetworks/subnets', variables('virtualNetworkName'), variables('subnet2Name'))]",
@@ -416,9 +416,7 @@
"networkSetupURL": "[uri(parameters('_artifactsLocation'), concat('nestedtemplates/vnet-', parameters('vnetNewOrExisting'), '.json', parameters('_artifactsLocationSasToken')))]",
"sicKey": "[parameters('sicKey')]",
"managementGUIClientNetwork": "[parameters('managementGUIClientNetwork')]",
- "NewNsgReference": {
- "id": "[resourceId('Microsoft.Network/networkSecurityGroups', parameters('NewNsgName'))]"
- }
+ "NewNsgReference": {"id": "[resourceId('Microsoft.Network/networkSecurityGroups', parameters('NewNsgName'))]"}
},
"resources": [
{
@@ -662,8 +660,9 @@
"deployNsg": {
"value": "[parameters('deployNewNSG')]"
},
- "NewNsgName": {
- "value": "[parameters('NewNsgName')]"
+ "NewNsgName":
+ {
+ "value":"[parameters('NewNsgName')]"
}
}
}
diff --git a/azure/templates/vmss-ipv6/README.md b/azure/templates/vmss-ipv6/README.md
index 41c9dee4..6fbc5c3c 100755
--- a/azure/templates/vmss-ipv6/README.md
+++ b/azure/templates/vmss-ipv6/README.md
@@ -3,3 +3,7 @@ Azure's IPv6 connectivity makes it easy to provide dual stack (IPv4/IPv6) Intern
It allows for simple deployment of VMs with load balanced IPv6 connectivity for both inbound and outbound initiated connections.
Follow [sk170760](https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk170760) instruction to deploy CloudGuard IaaS virtual machine scale sets with IPv6 in Azure.
+
+
+
+
diff --git a/azure/templates/vmss-ipv6/mainTemplate.json b/azure/templates/vmss-ipv6/mainTemplate.json
index 0a214474..07cd60a7 100755
--- a/azure/templates/vmss-ipv6/mainTemplate.json
+++ b/azure/templates/vmss-ipv6/mainTemplate.json
@@ -32,7 +32,7 @@
"R81.20 - Pay As You Go (NGTP)",
"R81.20 - Pay As You Go (NGTX)"
],
- "defaultValue": "R81.10 - Bring Your Own License",
+ "defaultValue": "R81.20 - Bring Your Own License",
"metadata": {
"description": "Version of Check Point CloudGuard"
}
@@ -313,31 +313,6 @@
},
"defaultValue": ""
},
- "remoteAccessVpn": {
- "type": "string",
- "allowedValues": [
- "no",
- "yes"
- ],
- "defaultValue": "no",
- "metadata": {
- "Description": "Indicates whether the remote access VPN will be used"
- }
- },
- "dnsZoneResourceId": {
- "type": "string",
- "defaultValue": "Define a DNS Zone Resource ID only in case Remote Access VPN usage and DNS Zone(domain) is already exists",
- "metadata": {
- "description": "DNS Zone DNS Zone Resource ID"
- }
- },
- "dnsZoneRecordSetName": {
- "type": "string",
- "defaultValue": "remote-access-instances",
- "metadata": {
- "description": "DNS Zone Record Set name"
- }
- },
"customMetrics": {
"type": "string",
"allowedValues": [
@@ -382,7 +357,7 @@
"subnet2Name": "[parameters('Subnet2Name')]",
"resourceGroup": "[resourceGroup()]",
"templateName": "vmss-v2",
- "templateVersion": "20230124",
+ "templateVersion": "20230910",
"location": "[parameters('location')]",
"subnet-id": "[resourceId(parameters('virtualNetworkExistingRGName'), 'Microsoft.Network/virtualNetworks/subnets', variables('virtualNetworkName'), variables('subnetName'))]",
"subnet2-id": "[resourceId(parameters('virtualNetworkExistingRGName'), 'Microsoft.Network/virtualNetworks/subnets', variables('virtualNetworkName'), variables('subnet2Name'))]",
@@ -568,9 +543,7 @@
"customMetrics": "[parameters('customMetrics')]",
"monitoringMetricsPublisher": "[concat('/subscriptions/', parameters('subscriptionId'), '/providers/Microsoft.Authorization/roleDefinitions/', '3913510d-42f4-4e42-8a64-420c390055eb')]",
"identity": "[json('{\"type\": \"SystemAssigned\"}')]",
- "NewNsgReference": {
- "id": "[resourceId('Microsoft.Network/networkSecurityGroups', parameters('NewNsgName'))]"
- }
+ "NewNsgReference": {"id": "[resourceId('Microsoft.Network/networkSecurityGroups', parameters('NewNsgName'))]"}
},
"resources": [
{
@@ -906,45 +879,9 @@
"deployNsg": {
"value": "[parameters('deployNewNSG')]"
},
- "NewNsgName": {
- "value": "[parameters('NewNsgName')]"
- },
- "tagsByResource": {
- "value": "[parameters('tagsByResource')]"
- }
- }
- }
- },
- {
- "condition": "[and(equals(parameters('remoteAccessVpn'), 'yes'),or(contains(parameters('cloudGuardVersion'),'R80.40'),contains(parameters('cloudGuardVersion'),'R81')))]",
- "name": "azureFunctionSetup",
- "type": "Microsoft.Resources/deployments",
- "apiVersion": "2021-01-01",
- "resourceGroup": "[resourceGroup().name]",
- "properties": {
- "mode": "Incremental",
- "templateLink": {
- "uri": "[variables('azureFunctionSetupURL')]",
- "contentVersion": "1.0.0.0"
- },
- "parameters": {
- "location": {
- "value": "[variables('location')]"
- },
- "dnsZoneResourceId": {
- "value": "[variables('dnsZoneResourceId')]"
- },
- "dnsZoneRecordSetName": {
- "value": "[variables('dnsZoneRecordSetName')]"
- },
- "numberOfRecordSetEntries": {
- "value": "[variables('numberOfRecordSetEntries')]"
- },
- "vmssResourceGroupName": {
- "value": "[resourceGroup().name]"
- },
- "vmssName": {
- "value": "[parameters('vmName')]"
+ "NewNsgName":
+ {
+ "value":"[parameters('NewNsgName')]"
},
"tagsByResource": {
"value": "[parameters('tagsByResource')]"