diff --git a/aws/templates/asg/autoscale.yaml b/aws/templates/asg/autoscale.yaml
index 2aee1a22..50e98b74 100755
--- a/aws/templates/asg/autoscale.yaml
+++ b/aws/templates/asg/autoscale.yaml
@@ -274,7 +274,7 @@ Parameters:
Default: ''
GatewayVersion:
Type: String
- Default: R81.10-BYOL
+ Default: R81.20-BYOL
AllowedValues:
- R80.40-BYOL
- R80.40-PAYG-NGTP
diff --git a/aws/templates/cluster/cluster-master.yaml b/aws/templates/cluster/cluster-master.yaml
index 948b2371..bfc478f2 100755
--- a/aws/templates/cluster/cluster-master.yaml
+++ b/aws/templates/cluster/cluster-master.yaml
@@ -1,5 +1,5 @@
AWSTemplateFormatVersion: 2010-09-09
-Description: Deploy a Check Point Cluster in a new VPC (20230503)
+Description: Deploy a Check Point Cluster in a new VPC (20230830)
Metadata:
AWS::CloudFormation::Interface:
ParameterGroups:
@@ -281,7 +281,7 @@ Parameters:
- false
GatewayVersion:
Type: String
- Default: R81.10-BYOL
+ Default: R81.20-BYOL
AllowedValues:
- R80.40-BYOL
- R80.40-PAYG-NGTP
diff --git a/aws/templates/cluster/cluster.yaml b/aws/templates/cluster/cluster.yaml
index ff2bb8bd..01eca783 100755
--- a/aws/templates/cluster/cluster.yaml
+++ b/aws/templates/cluster/cluster.yaml
@@ -1,5 +1,5 @@
AWSTemplateFormatVersion: 2010-09-09
-Description: Deploys a Check Point Cluster into an existing VPC (20230503)
+Description: Deploys a Check Point Cluster into an existing VPC (20230830)
Metadata:
AWS::CloudFormation::Interface:
ParameterGroups:
@@ -276,7 +276,7 @@ Parameters:
- false
GatewayVersion:
Type: String
- Default: R81.10-BYOL
+ Default: R81.20-BYOL
AllowedValues:
- R80.40-BYOL
- R80.40-PAYG-NGTP
@@ -542,7 +542,7 @@ Resources:
- !Join ['', [' pwd_hash="$(echo ', 'Fn::Base64': !Ref GatewayPasswordHash, ')"']]
- !Join ['', [' bootstrap="$(echo ', 'Fn::Base64': !Ref GatewayBootstrapScript, ')"']]
- !Sub [' version=${Version}', {Version: !Select [0, !Split ['-', !Ref GatewayVersion]]}]
- - ' python3 /etc/cloud_config.py enableCloudWatch=\"${cw}\" waitHandle=\"${wait_handle}\" sicKey=\"${sic}\" "smart1CloudToken=\"${tokenA}\"" installationType=\"cluster\" osVersion=\"${version}\" allowUploadDownload=\"${allow_info}\" templateVersion=\"20230503\" templateName=\"cluster\" shell=\"${admin_shell}\" enableInstanceConnect=\"${eic}\" hostName=\"${hostname}\" ntpPrimary=\"${ntp1}\" ntpSecondary=\"${ntp2}\" passwordHash=\"${pwd_hash}\" elasticIp=\"${eip}\" bootstrapScript64=\"${bootstrap}\"'
+ - ' python3 /etc/cloud_config.py enableCloudWatch=\"${cw}\" waitHandle=\"${wait_handle}\" sicKey=\"${sic}\" "smart1CloudToken=\"${tokenA}\"" installationType=\"cluster\" osVersion=\"${version}\" allowUploadDownload=\"${allow_info}\" templateVersion=\"20230830\" templateName=\"cluster\" shell=\"${admin_shell}\" enableInstanceConnect=\"${eic}\" hostName=\"${hostname}\" ntpPrimary=\"${ntp1}\" ntpSecondary=\"${ntp2}\" passwordHash=\"${pwd_hash}\" elasticIp=\"${eip}\" bootstrapScript64=\"${bootstrap}\"'
MemberBInstance:
Type: AWS::EC2::Instance
DependsOn: [MemberBExternalInterface, MemberBInternalInterface]
@@ -584,7 +584,7 @@ Resources:
- !Join ['', [' pwd_hash="$(echo ', 'Fn::Base64': !Ref GatewayPasswordHash, ')"']]
- !Join ['', [' bootstrap="$(echo ', 'Fn::Base64': !Ref GatewayBootstrapScript, ')"']]
- !Sub [' version=${Version}', {Version: !Select [0, !Split ['.', !Select [0, !Split ['-', !Ref GatewayVersion]]]]}]
- - ' python3 /etc/cloud_config.py enableCloudWatch=\"${cw}\" waitHandle=\"${wait_handle}\" sicKey=\"${sic}\" "smart1CloudToken=\"${tokenB}\"" installationType=\"cluster\" osVersion=\"${version}\" allowUploadDownload=\"${allow_info}\" templateVersion=\"20230503\" templateName=\"cluster\" shell=\"${admin_shell}\" enableInstanceConnect=\"${eic}\" hostName=\"${hostname}\" ntpPrimary=\"${ntp1}\" ntpSecondary=\"${ntp2}\" passwordHash=\"${pwd_hash}\" elasticIp=\"${eip}\" bootstrapScript64=\"${bootstrap}\"'
+ - ' python3 /etc/cloud_config.py enableCloudWatch=\"${cw}\" waitHandle=\"${wait_handle}\" sicKey=\"${sic}\" "smart1CloudToken=\"${tokenB}\"" installationType=\"cluster\" osVersion=\"${version}\" allowUploadDownload=\"${allow_info}\" templateVersion=\"20230830\" templateName=\"cluster\" shell=\"${admin_shell}\" enableInstanceConnect=\"${eic}\" hostName=\"${hostname}\" ntpPrimary=\"${ntp1}\" ntpSecondary=\"${ntp2}\" passwordHash=\"${pwd_hash}\" elasticIp=\"${eip}\" bootstrapScript64=\"${bootstrap}\"'
ClusterPublicAddress:
Type: AWS::EC2::EIP
Properties:
diff --git a/aws/templates/cross-az-cluster/cross-az-cluster.yaml b/aws/templates/cross-az-cluster/cross-az-cluster.yaml
index ccccc85a..977d6fbe 100755
--- a/aws/templates/cross-az-cluster/cross-az-cluster.yaml
+++ b/aws/templates/cross-az-cluster/cross-az-cluster.yaml
@@ -1,5 +1,5 @@
AWSTemplateFormatVersion: 2010-09-09
-Description: Deploys a Check Point Cluster into an existing VPC (20230503)
+Description: Deploys a Check Point Cluster into an existing VPC (20230830)
Metadata:
AWS::CloudFormation::Interface:
ParameterGroups:
@@ -597,7 +597,7 @@ Resources:
- !Join ['', [' pwd_hash="$(echo ', 'Fn::Base64': !Ref GatewayPasswordHash, ')"']]
- !Join ['', [' bootstrap="$(echo ', 'Fn::Base64': !Ref GatewayBootstrapScript, ')"']]
- !Sub [' version=${Version}', {Version: !Select [0, !Split ['-', !Ref GatewayVersion]]}]
- - ' python3 /etc/cloud_config.py enableCloudWatch=\"${cw}\" waitHandle=\"${wait_handle}\" sicKey=\"${sic}\" "smart1CloudToken=\"${tokenA}\"" installationType=\"cross-az-cluster\" osVersion=\"${version}\" allowUploadDownload=\"${allow_info}\" templateVersion=\"20230503\" templateName=\"cross_az_cluster\" shell=\"${admin_shell}\" enableInstanceConnect=\"${eic}\" hostName=\"${hostname}\" ntpPrimary=\"${ntp1}\" ntpSecondary=\"${ntp2}\" passwordHash=\"${pwd_hash}\" elasticIp=\"${eip}\" otherMemberIp=\"${other_member_ip}\" clusterIp=\"${cluster_ip}\" secondaryIp=\"${secondary_ip}\" otherMemberPrivateClusterIp=\"${remote_secondary_ip}\" bootstrapScript64=\"${bootstrap}\"'
+ - ' python3 /etc/cloud_config.py enableCloudWatch=\"${cw}\" waitHandle=\"${wait_handle}\" sicKey=\"${sic}\" "smart1CloudToken=\"${tokenA}\"" installationType=\"cross-az-cluster\" osVersion=\"${version}\" allowUploadDownload=\"${allow_info}\" templateVersion=\"20230830\" templateName=\"cross_az_cluster\" shell=\"${admin_shell}\" enableInstanceConnect=\"${eic}\" hostName=\"${hostname}\" ntpPrimary=\"${ntp1}\" ntpSecondary=\"${ntp2}\" passwordHash=\"${pwd_hash}\" elasticIp=\"${eip}\" otherMemberIp=\"${other_member_ip}\" clusterIp=\"${cluster_ip}\" secondaryIp=\"${secondary_ip}\" otherMemberPrivateClusterIp=\"${remote_secondary_ip}\" bootstrapScript64=\"${bootstrap}\"'
MemberBInstance:
Type: AWS::EC2::Instance
DependsOn: [MemberBExternalInterface, MemberBInternalInterface, ClusterPublicAddress, MemberAInternalInterface, MemberAExternalInterface]
@@ -643,7 +643,7 @@ Resources:
- !Join ['', [' pwd_hash="$(echo ', 'Fn::Base64': !Ref GatewayPasswordHash, ')"']]
- !Join ['', [' bootstrap="$(echo ', 'Fn::Base64': !Ref GatewayBootstrapScript, ')"']]
- !Sub [' version=${Version}', {Version: !Select [0, !Split ['-', !Ref GatewayVersion]]}]
- - ' python3 /etc/cloud_config.py enableCloudWatch=\"${cw}\" waitHandle=\"${wait_handle}\" sicKey=\"${sic}\" "smart1CloudToken=\"${tokenB}\"" installationType=\"cross-az-cluster\" osVersion=\"${version}\" allowUploadDownload=\"${allow_info}\" templateVersion=\"20230503\" templateName=\"cross_az_cluster\" shell=\"${admin_shell}\" enableInstanceConnect=\"${eic}\" hostName=\"${hostname}\" ntpPrimary=\"${ntp1}\" ntpSecondary=\"${ntp2}\" passwordHash=\"${pwd_hash}\" elasticIp=\"${eip}\" otherMemberIp=\"${other_member_ip}\" clusterIp=\"${cluster_ip}\" secondaryIp=\"${secondary_ip}\" otherMemberPrivateClusterIp=\"${remote_secondary_ip}\" bootstrapScript64=\"${bootstrap}\"'
+ - ' python3 /etc/cloud_config.py enableCloudWatch=\"${cw}\" waitHandle=\"${wait_handle}\" sicKey=\"${sic}\" "smart1CloudToken=\"${tokenB}\"" installationType=\"cross-az-cluster\" osVersion=\"${version}\" allowUploadDownload=\"${allow_info}\" templateVersion=\"20230830\" templateName=\"cross_az_cluster\" shell=\"${admin_shell}\" enableInstanceConnect=\"${eic}\" hostName=\"${hostname}\" ntpPrimary=\"${ntp1}\" ntpSecondary=\"${ntp2}\" passwordHash=\"${pwd_hash}\" elasticIp=\"${eip}\" otherMemberIp=\"${other_member_ip}\" clusterIp=\"${cluster_ip}\" secondaryIp=\"${secondary_ip}\" otherMemberPrivateClusterIp=\"${remote_secondary_ip}\" bootstrapScript64=\"${bootstrap}\"'
Outputs:
ClusterPublicAddress:
Description: The public address of the cluster.
diff --git a/aws/templates/gwlb-asg/gwlb-master.yaml b/aws/templates/gwlb-asg/gwlb-master.yaml
index 809c34eb..f784be99 100755
--- a/aws/templates/gwlb-asg/gwlb-master.yaml
+++ b/aws/templates/gwlb-asg/gwlb-master.yaml
@@ -400,7 +400,7 @@ Parameters:
GatewayVersion:
Description: The version and license to install on the Security Gateways.
Type: String
- Default: R80.40-BYOL
+ Default: R81.20-BYOL
AllowedValues:
- R80.40-BYOL
- R80.40-PAYG-NGTP
@@ -557,7 +557,7 @@ Parameters:
ManagementVersion:
Description: The license to install on the Security Management Server.
Type: String
- Default: R81.10-BYOL
+ Default: R81.20-BYOL
AllowedValues:
- R80.40-BYOL
- R80.40-PAYG
diff --git a/aws/templates/gwlb-asg/gwlb.yaml b/aws/templates/gwlb-asg/gwlb.yaml
index fb2baa35..e628463f 100644
--- a/aws/templates/gwlb-asg/gwlb.yaml
+++ b/aws/templates/gwlb-asg/gwlb.yaml
@@ -350,7 +350,7 @@ Parameters:
GatewayVersion:
Description: The version and license to install on the Security Gateways.
Type: String
- Default: R80.40-BYOL
+ Default: R81.20-BYOL
AllowedValues:
- R80.40-BYOL
- R80.40-PAYG-NGTP
@@ -507,7 +507,7 @@ Parameters:
ManagementVersion:
Description: The license to install on the Security Management Server.
Type: String
- Default: R81.10-BYOL
+ Default: R81.20-BYOL
AllowedValues:
- R80.40-BYOL
- R80.40-PAYG
diff --git a/aws/templates/gwlb-asg/tgw-gwlb-master.yaml b/aws/templates/gwlb-asg/tgw-gwlb-master.yaml
index 5750972d..6e2dfa13 100755
--- a/aws/templates/gwlb-asg/tgw-gwlb-master.yaml
+++ b/aws/templates/gwlb-asg/tgw-gwlb-master.yaml
@@ -1,5 +1,5 @@
AWSTemplateFormatVersion: 2010-09-09
-Description: Deploy a Gateway Load Balancer, Check Point CloudGuard IaaS Security Gateway Auto Scaling Group, and optionally a Security Management Server, Gateway Load Balancer Endpoints and NAT Gateways for each AZ, in a new VPC for Transit Gateway (20211212)
+Description: Deploy a Gateway Load Balancer, Check Point CloudGuard IaaS Security Gateway Auto Scaling Group, and optionally a Security Management Server, Gateway Load Balancer Endpoints and NAT Gateways for each AZ, in a new VPC for Transit Gateway (20230830)
Metadata:
AWS::CloudFormation::Interface:
ParameterGroups:
@@ -493,7 +493,7 @@ Parameters:
GatewayVersion:
Description: The version and license to install on the Security Gateways.
Type: String
- Default: R80.40-BYOL
+ Default: R81.20-BYOL
AllowedValues:
- R80.40-BYOL
- R80.40-PAYG-NGTP
@@ -650,7 +650,7 @@ Parameters:
ManagementVersion:
Description: The license to install on the Security Management Server.
Type: String
- Default: R81.10-BYOL
+ Default: R81.20-BYOL
AllowedValues:
- R80.40-BYOL
- R80.40-PAYG
diff --git a/aws/templates/gwlb-asg/tgw-gwlb.yaml b/aws/templates/gwlb-asg/tgw-gwlb.yaml
index d5f7cc0d..5b78f218 100644
--- a/aws/templates/gwlb-asg/tgw-gwlb.yaml
+++ b/aws/templates/gwlb-asg/tgw-gwlb.yaml
@@ -444,7 +444,7 @@ Parameters:
GatewayVersion:
Description: The version and license to install on the Security Gateways.
Type: String
- Default: R80.40-BYOL
+ Default: R81.20-BYOL
AllowedValues:
- R80.40-BYOL
- R80.40-PAYG-NGTP
@@ -618,7 +618,7 @@ Parameters:
ManagementVersion:
Description: The license to install on the Security Management Server.
Type: String
- Default: R81.10-BYOL
+ Default: R81.20-BYOL
AllowedValues:
- R80.40-BYOL
- R80.40-PAYG
diff --git a/aws/templates/management/management.yaml b/aws/templates/management/management.yaml
index 91c9ba36..97eda24a 100755
--- a/aws/templates/management/management.yaml
+++ b/aws/templates/management/management.yaml
@@ -1,5 +1,5 @@
AWSTemplateFormatVersion: 2010-09-09
-Description: Deploys a Check Point Management Server (20211212)
+Description: Deploys a Check Point Management Server (20230830)
Metadata:
AWS::CloudFormation::Interface:
ParameterGroups:
@@ -286,7 +286,7 @@ Parameters:
ManagementVersion:
Description: The license to install on the Security Management Server.
Type: String
- Default: R81.10-BYOL
+ Default: R81.20-BYOL
AllowedValues:
- R80.40-BYOL
- R80.40-PAYG
diff --git a/aws/templates/mds/mds.yaml b/aws/templates/mds/mds.yaml
index cc0db416..42f722ab 100755
--- a/aws/templates/mds/mds.yaml
+++ b/aws/templates/mds/mds.yaml
@@ -1,5 +1,5 @@
AWSTemplateFormatVersion: '2010-09-09'
-Description: Deploys a Check Point Multi-Domain Server (20211212)
+Description: Deploys a Check Point Multi-Domain Server (20230830)
Metadata:
AWS::CloudFormation::Interface:
ParameterGroups:
@@ -273,7 +273,7 @@ Parameters:
MDSVersion:
Description: The license to install on the Multi-Domain Server.
Type: String
- Default: R81.10-BYOL
+ Default: R81.20-BYOL
AllowedValues:
- R80.40-BYOL
- R81-BYOL
diff --git a/aws/templates/single-gw/gateway-master.yaml b/aws/templates/single-gw/gateway-master.yaml
index 36f10e59..61c76d42 100755
--- a/aws/templates/single-gw/gateway-master.yaml
+++ b/aws/templates/single-gw/gateway-master.yaml
@@ -1,5 +1,5 @@
AWSTemplateFormatVersion: 2010-09-09
-Description: Deploys a Check Point Security Gateway into a new VPC (20230503)
+Description: Deploys a Check Point Security Gateway into a new VPC (20230830)
Metadata:
AWS::CloudFormation::Interface:
ParameterGroups:
@@ -278,7 +278,7 @@ Parameters:
- false
GatewayVersion:
Type: String
- Default: R81.10-BYOL
+ Default: R81.20-BYOL
AllowedValues:
- R80.40-BYOL
- R80.40-PAYG-NGTP
diff --git a/aws/templates/single-gw/gateway.yaml b/aws/templates/single-gw/gateway.yaml
index 5f8ec62f..6ae3ffaa 100755
--- a/aws/templates/single-gw/gateway.yaml
+++ b/aws/templates/single-gw/gateway.yaml
@@ -1,5 +1,5 @@
AWSTemplateFormatVersion: 2010-09-09
-Description: Deploys a Check Point Security Gateway into an existing VPC (20230503)
+Description: Deploys a Check Point Security Gateway into an existing VPC (20230830)
Metadata:
AWS::CloudFormation::Interface:
ParameterGroups:
@@ -276,7 +276,7 @@ Parameters:
- false
GatewayVersion:
Type: String
- Default: R81.10-BYOL
+ Default: R81.20-BYOL
AllowedValues:
- R80.40-BYOL
- R80.40-PAYG-NGTP
@@ -518,7 +518,7 @@ Resources:
- !Join ['', [' pwd_hash="$(echo ', 'Fn::Base64': !Ref GatewayPasswordHash, ')"']]
- !Join ['', [' bootstrap="$(echo ', 'Fn::Base64': !Ref GatewayBootstrapScript, ')"']]
- !Sub [' version=${Version}', {Version: !Select [0, !Split ['-', !Ref GatewayVersion]]}]
- - ' python3 /etc/cloud_config.py enableCloudWatch=\"${cw}\" waitHandle=\"${wait_handle}\" sicKey=\"${sic}\" "smart1CloudToken=\"${token}\"" installationType=\"gateway\" osVersion=\"${version}\" allowUploadDownload=\"${allow_info}\" templateVersion=\"20230503\" templateName=\"gateway\" shell=\"${admin_shell}\" enableInstanceConnect=\"${eic}\" hostName=\"${hostname}\" ntpPrimary=\"${ntp1}\" ntpSecondary=\"${ntp2}\" passwordHash=\"${pwd_hash}\" allocatePublicAddress=\"${eip}\" bootstrapScript64=\"${bootstrap}\"'
+ - ' python3 /etc/cloud_config.py enableCloudWatch=\"${cw}\" waitHandle=\"${wait_handle}\" sicKey=\"${sic}\" "smart1CloudToken=\"${token}\"" installationType=\"gateway\" osVersion=\"${version}\" allowUploadDownload=\"${allow_info}\" templateVersion=\"20230830\" templateName=\"gateway\" shell=\"${admin_shell}\" enableInstanceConnect=\"${eic}\" hostName=\"${hostname}\" ntpPrimary=\"${ntp1}\" ntpSecondary=\"${ntp2}\" passwordHash=\"${pwd_hash}\" allocatePublicAddress=\"${eip}\" bootstrapScript64=\"${bootstrap}\"'
KeyName: !Ref KeyName
NetworkInterfaces:
- DeviceIndex: 0
diff --git a/aws/templates/standalone/standalone-master.yaml b/aws/templates/standalone/standalone-master.yaml
index 0bd5348b..fd9f47b8 100755
--- a/aws/templates/standalone/standalone-master.yaml
+++ b/aws/templates/standalone/standalone-master.yaml
@@ -1,6 +1,6 @@
AWSTemplateFormatVersion: 2010-09-09
Description: Deploys either a manually configurable or a Check Point CloudGuard IaaS
- Security Gateway & Management (Standalone) instance in a new VPC (20211212)
+ Security Gateway & Management (Standalone) instance in a new VPC (20230830)
Metadata:
AWS::CloudFormation::Interface:
ParameterGroups:
@@ -157,7 +157,7 @@ Parameters:
StandaloneVersion:
Description: Standalone Version & License.
Type: String
- Default: R81.10-PAYG-NGTP
+ Default: R81.20-PAYG-NGTP
AllowedValues:
- R80.40-PAYG-NGTP
- R81-PAYG-NGTP
diff --git a/aws/templates/standalone/standalone.yaml b/aws/templates/standalone/standalone.yaml
index 09761090..de2221ef 100755
--- a/aws/templates/standalone/standalone.yaml
+++ b/aws/templates/standalone/standalone.yaml
@@ -1,6 +1,6 @@
AWSTemplateFormatVersion: 2010-09-09
Description: Deploys either a manually configurable or a Check Point CloudGuard IaaS
- Security Gateway & Management (Standalone) instance into an existing VPC (20211212)
+ Security Gateway & Management (Standalone) instance into an existing VPC (20230830)
Metadata:
AWS::CloudFormation::Interface:
ParameterGroups:
@@ -262,7 +262,7 @@ Parameters:
StandaloneVersion:
Description: Standalone Version & License.
Type: String
- Default: R81.10-PAYG-NGTP
+ Default: R81.20-PAYG-NGTP
AllowedValues:
- R80.40-PAYG-NGTP
- R81-PAYG-NGTP
diff --git a/aws/templates/tgw-asg/tgw-asg-master.yaml b/aws/templates/tgw-asg/tgw-asg-master.yaml
index adc2bbfc..87810f00 100755
--- a/aws/templates/tgw-asg/tgw-asg-master.yaml
+++ b/aws/templates/tgw-asg/tgw-asg-master.yaml
@@ -1,5 +1,5 @@
AWSTemplateFormatVersion: 2010-09-09
-Description: Deploy an Auto Scaling Group of CloudGuard Security Gateways for Transit Gateway with an optional Management Server in a new VPC (20211212)
+Description: Deploy an Auto Scaling Group of CloudGuard Security Gateways for Transit Gateway with an optional Management Server in a new VPC (20230830)
Metadata:
AWS::CloudFormation::Interface:
ParameterGroups:
@@ -340,7 +340,7 @@ Parameters:
GatewayVersion:
Description: The version and license to install on the Security Gateways.
Type: String
- Default: R81.10-BYOL
+ Default: R81.20-BYOL
AllowedValues:
- R80.40-BYOL
- R80.40-PAYG-NGTP
@@ -500,7 +500,7 @@ Parameters:
ManagementVersion:
Description: The version and license to install on the Security Management Server.
Type: String
- Default: R81.10-BYOL
+ Default: R81.20-BYOL
AllowedValues:
- R80.40-BYOL
- R80.40-PAYG
diff --git a/aws/templates/tgw-asg/tgw-asg.yaml b/aws/templates/tgw-asg/tgw-asg.yaml
index 30adba40..645c513f 100755
--- a/aws/templates/tgw-asg/tgw-asg.yaml
+++ b/aws/templates/tgw-asg/tgw-asg.yaml
@@ -1,5 +1,5 @@
AWSTemplateFormatVersion: '2010-09-09'
-Description: Deploy an Auto Scaling Group of CloudGuard Security Gateways for Transit Gateway with an optional Management Server into an existing VPC (20211212)
+Description: Deploy an Auto Scaling Group of CloudGuard Security Gateways for Transit Gateway with an optional Management Server into an existing VPC (20230830)
Metadata:
AWS::CloudFormation::Interface:
ParameterGroups:
@@ -294,7 +294,7 @@ Parameters:
GatewayVersion:
Description: The version and license to install on the Security Gateways.
Type: String
- Default: R81.10-BYOL
+ Default: R81.20-BYOL
AllowedValues:
- R80.40-BYOL
- R80.40-PAYG-NGTP
@@ -454,7 +454,7 @@ Parameters:
ManagementVersion:
Description: The version and license to install on the Security Management Server.
Type: String
- Default: R81.10-BYOL
+ Default: R81.20-BYOL
AllowedValues:
- R80.40-BYOL
- R80.40-PAYG
diff --git a/terraform/alicloud/cluster-master/README.md b/terraform/alicloud/cluster-master/README.md
index 73a8b96b..8c16dc10 100755
--- a/terraform/alicloud/cluster-master/README.md
+++ b/terraform/alicloud/cluster-master/README.md
@@ -63,8 +63,8 @@ Configure envrionment variables in Windows:
| volume_size | Root volume size (GB) - minimum 100 | number | n/a | 100 | no |
| disk_category | The ECS disk category | string | - cloud
- cloud_efficiency
- cloud_ssd,
- cloud_essd | "cloud_efficiency" | no |
| ram_role_name | A predefined RAM role name to attach to the cluster's security gateway instances | string | n/a | "" | no |
-| instance_tags | (Optional) A map of tags as key=value pairs. All tags will be added to the Gateway ECS Instances | map(string) | n/a | {}} | no |
-| gateway_version | Gateway version and license | string | - R81-BYOL
- R81.10-BYOL
- R81.20-BYOL | R81-BYOL | no |
+| instance_tags | (Optional) A map of tags as key=value pairs. All tags will be added to the Gateway ECS Instances | map(string) | n/a | {} | no |
+| gateway_version | Gateway version and license | string | - R81-BYOL
- R81.10-BYOL
- R81.20-BYOL | R81.20-BYOL | no |
| admin_shell | Set the admin shell to enable advanced command line configuration. | string | - /etc/cli.sh
- /bin/bash
- /bin/csh
- /bin/tcsh | "/etc/cli.sh" | no |
| gateway_SIC_Key | The Secure Internal Communication key for trusted connection between Check Point components. Choose a random string consisting of at least 8 alphanumeric characters | string | n/a | n/a | yes |
| gateway_password_hash | (optional) Admin user's password hash (use command \"openssl passwd -6 PASSWORD\" to get the PASSWORD's hash) | string | n/a | "" | no |
@@ -109,7 +109,7 @@ instance_tags = {
}
// --- Check Point Settings ---
-gateway_version = "R81-BYOL"
+gateway_version = "R81.20-BYOL"
admin_shell = "/etc/cli.sh"
gateway_SICKey = "12345678"
gateway_password_hash = ""
@@ -161,6 +161,7 @@ ram_role_name = ""
| Template Version | Description |
|------------------|--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
+| 20230830 | Change default Check Point version to R81.20 |
| 20230615 | - Improved userdata quality and stability by moving to cloud-config
- Define default primary and secondary NTP servers
- Improved deployment experience for gateways and clusters managed by Smart-1 Cloud |
| 20230521 | - Change default shell for the admin user to /etc/cli.sh
- Add description for reserved words in hostname |
| 20230420 | Change alicloud terraform provider version to 1.203.0 |
diff --git a/terraform/alicloud/cluster-master/terraform.tfvars b/terraform/alicloud/cluster-master/terraform.tfvars
index 969bf66b..42dd5743 100755
--- a/terraform/alicloud/cluster-master/terraform.tfvars
+++ b/terraform/alicloud/cluster-master/terraform.tfvars
@@ -28,7 +28,7 @@ instance_tags = {
}
// --- Check Point Settings ---
-gateway_version = "R81-BYOL"
+gateway_version = "R81.20-BYOL"
admin_shell = "/etc/cli.sh"
gateway_SICKey = "12345678"
gateway_password_hash = ""
diff --git a/terraform/alicloud/cluster-master/variables.tf b/terraform/alicloud/cluster-master/variables.tf
index 21cd9ec8..c20366aa 100755
--- a/terraform/alicloud/cluster-master/variables.tf
+++ b/terraform/alicloud/cluster-master/variables.tf
@@ -81,7 +81,7 @@ default = {}
variable "gateway_version" {
type = string
description = "Gateway version and license"
- default = "R81-BYOL"
+ default = "R81.20-BYOL"
}
module "validate_gateway_version" {
source = "../modules/common/version_license"
diff --git a/terraform/alicloud/cluster/README.md b/terraform/alicloud/cluster/README.md
index ef0e6371..a703b75c 100755
--- a/terraform/alicloud/cluster/README.md
+++ b/terraform/alicloud/cluster/README.md
@@ -55,8 +55,8 @@ Configure envrionment variables in Windows:
| volume_size | Root volume size (GB) - minimum 100 | number | n/a | 100 | no |
| disk_category | The ECS disk category | string | - cloud
- cloud_efficiency
- cloud_ssd,
- cloud_essd | "cloud_efficiency" | no |
| ram_role_name | A predefined RAM role name to attach to the cluster's security gateway instances | string | n/a | "" | no |
-| instance_tags | (Optional) A map of tags as key=value pairs. All tags will be added to the Gateway ECS Instances | map(string) | n/a | {}} | no |
-| gateway_version | Gateway version and license | string | - R81-BYOL
- R81.10-BYOL
- R81.20-BYOL | R81-BYOL | no |
+| instance_tags | (Optional) A map of tags as key=value pairs. All tags will be added to the Gateway ECS Instances | map(string) | n/a | {} | no |
+| gateway_version | Gateway version and license | string | - R81-BYOL
- R81.10-BYOL
- R81.20-BYOL | R81.20-BYOL | no |
| admin_shell | Set the admin shell to enable advanced command line configuration. | string | - /etc/cli.sh
- /bin/bash
- /bin/csh
- /bin/tcsh | "/etc/cli.sh" | no |
| gateway_SIC_Key | The Secure Internal Communication key for trusted connection between Check Point components. Choose a random string consisting of at least 8 alphanumeric characters | string | n/a | n/a | yes |
| gateway_password_hash | (optional) Admin user's password hash (use command \"openssl passwd -6 PASSWORD\" to get the PASSWORD's hash) | string | n/a | "" | no |
@@ -93,7 +93,7 @@ instance_tags = {
}
// --- Check Point Settings ---
-gateway_version = "R81-BYOL"
+gateway_version = "R81.20-BYOL"
admin_shell = "/etc/cli.sh"
gateway_SICKey = "12345678"
gateway_password_hash = ""
@@ -145,6 +145,7 @@ ram_role_name = ""
| Template Version | Description |
|------------------|--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
+| 20230830 | Change default Check Point version to R81.20 |
| 20230615 | - Improved userdata quality and stability by moving to cloud-config
- Define default primary and secondary NTP servers
- Improved deployment experience for gateways and clusters managed by Smart-1 Cloud |
| 20230521 | - Change default shell for the admin user to /etc/cli.sh
- Add description for reserved words in hostname |
| 20230420 | Change alicloud terraform provider version to 1.203.0 |
diff --git a/terraform/alicloud/cluster/cluster_member_a_userdata.yaml b/terraform/alicloud/cluster/cluster_member_a_userdata.yaml
index 06dcd99f..534d8e42 100644
--- a/terraform/alicloud/cluster/cluster_member_a_userdata.yaml
+++ b/terraform/alicloud/cluster/cluster_member_a_userdata.yaml
@@ -1,4 +1,4 @@
#cloud-config
runcmd:
- |
- python3 /etc/cloud_config.py managementIpAddress=\"${ManagementIpAddress}\" sicKey=\"${SICKey}\" installationType=\"cluster\" osVersion=\"${OsVersion}\" allowUploadDownload=\"${AllowUploadDownload}\" templateVersion=\"20230615\" templateName=\"cluster\" templateType=\"terraform\" shell=\"${Shell}\" hostName=\"${Hostname}\" ntpPrimary=\"${NTPPrimary}\" ntpSecondary=\"${NTPSecondary}\" passwordHash=\"${PasswordHash}\" "smart1CloudToken=\"${TokenA}\"" bootstrapScript64=\"${GatewayBootstrapScript}\"
\ No newline at end of file
+ python3 /etc/cloud_config.py managementIpAddress=\"${ManagementIpAddress}\" sicKey=\"${SICKey}\" installationType=\"cluster\" osVersion=\"${OsVersion}\" allowUploadDownload=\"${AllowUploadDownload}\" templateVersion=\"20230830\" templateName=\"cluster\" templateType=\"terraform\" shell=\"${Shell}\" hostName=\"${Hostname}\" ntpPrimary=\"${NTPPrimary}\" ntpSecondary=\"${NTPSecondary}\" passwordHash=\"${PasswordHash}\" "smart1CloudToken=\"${TokenA}\"" bootstrapScript64=\"${GatewayBootstrapScript}\"
\ No newline at end of file
diff --git a/terraform/alicloud/cluster/cluster_member_b_userdata.yaml b/terraform/alicloud/cluster/cluster_member_b_userdata.yaml
index 20cc6e30..43c69a99 100644
--- a/terraform/alicloud/cluster/cluster_member_b_userdata.yaml
+++ b/terraform/alicloud/cluster/cluster_member_b_userdata.yaml
@@ -1,4 +1,4 @@
#cloud-config
runcmd:
- |
- python3 /etc/cloud_config.py managementIpAddress=\"${ManagementIpAddress}\" sicKey=\"${SICKey}\" installationType=\"cluster\" osVersion=\"{OsVersion}\" allowUploadDownload=\"${AllowUploadDownload}\" templateVersion=\"20230615\" templateName=\"cluster\" templateType=\"terraform\" shell=\"${Shell}\" hostName=\"${Hostname }\" ntpPrimary=\"${NTPPrimary}\" ntpSecondary=\"${NTPSecondary}\" passwordHash=\"${PasswordHash}\" "smart1CloudToken=\"${TokenB}\"" bootstrapScript64=\"${GatewayBootstrapScript}\"
\ No newline at end of file
+ python3 /etc/cloud_config.py managementIpAddress=\"${ManagementIpAddress}\" sicKey=\"${SICKey}\" installationType=\"cluster\" osVersion=\"{OsVersion}\" allowUploadDownload=\"${AllowUploadDownload}\" templateVersion=\"20230830\" templateName=\"cluster\" templateType=\"terraform\" shell=\"${Shell}\" hostName=\"${Hostname }\" ntpPrimary=\"${NTPPrimary}\" ntpSecondary=\"${NTPSecondary}\" passwordHash=\"${PasswordHash}\" "smart1CloudToken=\"${TokenB}\"" bootstrapScript64=\"${GatewayBootstrapScript}\"
\ No newline at end of file
diff --git a/terraform/alicloud/cluster/terraform.tfvars b/terraform/alicloud/cluster/terraform.tfvars
index c70899b1..35d0209a 100755
--- a/terraform/alicloud/cluster/terraform.tfvars
+++ b/terraform/alicloud/cluster/terraform.tfvars
@@ -21,7 +21,7 @@ instance_tags = {
}
// --- Check Point Settings ---
-gateway_version = "R81-BYOL"
+gateway_version = "R81.20-BYOL"
admin_shell = "/etc/cli.sh"
gateway_SICKey = "12345678"
gateway_password_hash = ""
diff --git a/terraform/alicloud/cluster/variables.tf b/terraform/alicloud/cluster/variables.tf
index 9d2462ac..51042420 100755
--- a/terraform/alicloud/cluster/variables.tf
+++ b/terraform/alicloud/cluster/variables.tf
@@ -75,7 +75,7 @@ variable "instance_tags" {
variable "gateway_version" {
type = string
description = "Gateway version and license"
- default = "R81-BYOL"
+ default = "R81.20-BYOL"
}
module "validate_gateway_version" {
source = "../modules/common/version_license"
diff --git a/terraform/alicloud/gateway-master/README.md b/terraform/alicloud/gateway-master/README.md
index 23050024..301c12a6 100755
--- a/terraform/alicloud/gateway-master/README.md
+++ b/terraform/alicloud/gateway-master/README.md
@@ -61,7 +61,7 @@ Configure envrionment variables in Windows:
| volume_size | Root volume size (GB) - minimum 100 | number | n/a | 100 | no |
| disk_category | The ECS disk category | string | - cloud
- cloud_efficiency
- cloud_ssd,
- cloud_essd | "cloud_efficiency" | no |
| ram_role_name | A predefined RAM role name to attach to the security gateway instance | string | n/a | "" | no |
-| gateway_version | Gateway version and license | string | - R81-BYOL
- R81.10-BYOL
- R81.20-BYOL | R81-BYOL | no |
+| gateway_version | Gateway version and license | string | - R81-BYOL
- R81.10-BYOL
- R81.20-BYOL | R81.20-BYOL | no |
| admin_shell | Set the admin shell to enable advanced command line configuration. | string | - /etc/cli.sh
- /bin/bash
- /bin/csh
- /bin/tcsh | "/etc/cli.sh" | no |
| gateway_SIC_Key | The Secure Internal Communication key for trusted connection between Check Point components. Choose a random string consisting of at least 8 alphanumeric characters | string | n/a | n/a | yes |
| password_hash | Admin user's password hash (use command \"openssl passwd -6 PASSWORD\" to get the PASSWORD's hash) (optional) | string | n/a | "" | no |
@@ -101,7 +101,7 @@ instance_tags = {
}
// --- Check Point Settings ---
-gateway_version = "R81-BYOL"
+gateway_version = "R81.20-BYOL"
admin_shell = "/etc/cli.sh"
gateway_SICKey = "12345678"
gateway_password_hash = ""
@@ -142,6 +142,7 @@ allocate_and_associate_eip = true
| Template Version | Description |
|------------------|--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
+| 20230830 | Change default Check Point version to R81.20 |
| 20230615 | - Improved userdata quality and stability by moving to cloud-config
- Define default primary and secondary NTP servers
- Improved deployment experience for gateways and clusters managed by Smart-1 Cloud |
| 20230521 | - Change default shell for the admin user to /etc/cli.sh
- Add description for reserved words in hostname |
| 20230420 | Change alicloud terraform provider version to 1.203.0 |
diff --git a/terraform/alicloud/gateway-master/terraform.tfvars b/terraform/alicloud/gateway-master/terraform.tfvars
index 143cfbf1..c43d3d8d 100755
--- a/terraform/alicloud/gateway-master/terraform.tfvars
+++ b/terraform/alicloud/gateway-master/terraform.tfvars
@@ -25,7 +25,7 @@ instance_tags = {
}
// --- Check Point Settings ---
-gateway_version = "R81-BYOL"
+gateway_version = "R81.20-BYOL"
admin_shell = "/etc/cli.sh"
gateway_SICKey = "12345678"
gateway_password_hash = ""
diff --git a/terraform/alicloud/gateway-master/variables.tf b/terraform/alicloud/gateway-master/variables.tf
index 1b9636d4..68b88ac6 100755
--- a/terraform/alicloud/gateway-master/variables.tf
+++ b/terraform/alicloud/gateway-master/variables.tf
@@ -78,7 +78,7 @@ default = {}
variable "gateway_version" {
type = string
description = "Gateway version and license"
- default = "R81-BYOL"
+ default = "R81.20-BYOL"
}
module "validate_gateway_version" {
source = "../modules/common/version_license"
diff --git a/terraform/alicloud/gateway/README.md b/terraform/alicloud/gateway/README.md
index 283c809c..db7c32e2 100755
--- a/terraform/alicloud/gateway/README.md
+++ b/terraform/alicloud/gateway/README.md
@@ -53,7 +53,7 @@ Configure envrionment variables in Windows:
| volume_size | Root volume size (GB) - minimum 100 | number | n/a | 100 | no |
| disk_category | The ECS disk category | string | - cloud
- cloud_efficiency
- cloud_ssd,
- cloud_essd | "cloud_efficiency" | no |
| ram_role_name | A predefined RAM role name to attach to the security gateway instance | string | n/a | "" | no |
-| gateway_version | Gateway version and license | string | - R81-BYOL
- R81.10-BYOL
- R81.20-BYOL | R81-BYOL | no |
+| gateway_version | Gateway version and license | string | - R81-BYOL
- R81.10-BYOL
- R81.20-BYOL | R81.20-BYOL | no |
| admin_shell | Set the admin shell to enable advanced command line configuration. | string | - /etc/cli.sh
- /bin/bash
- /bin/csh
- /bin/tcsh | "/etc/cli.sh" | no |
| gateway_SIC_Key | The Secure Internal Communication key for trusted connection between Check Point components. Choose a random string consisting of at least 8 alphanumeric characters | string | n/a | n/a | yes |
| password_hash | Admin user's password hash (use command \"openssl passwd -6 PASSWORD\" to get the PASSWORD's hash) (optional) | string | n/a | "" | no |
@@ -87,7 +87,7 @@ instance_tags = {
}
// --- Check Point Settings ---
-gateway_version = "R81-BYOL"
+gateway_version = "R81.20-BYOL"
admin_shell = "/etc/cli.sh"
gateway_SICKey = "12345678"
gateway_password_hash = ""
@@ -128,6 +128,7 @@ private_route_table = "rtb-12345678"
| Template Version | Description |
|------------------|--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
+| 20230830 | Change default Check Point version to R81.20 |
| 20230615 | - Improved userdata quality and stability by moving to cloud-config
- Define default primary and secondary NTP servers
- Improved deployment experience for gateways and clusters managed by Smart-1 Cloud |
| 20230521 | - Change default shell for the admin user to /etc/cli.sh
- Add description for reserved words in hostname |
| 20230420 | Change alicloud terraform provider version to 1.203.0 |
diff --git a/terraform/alicloud/gateway/terraform.tfvars b/terraform/alicloud/gateway/terraform.tfvars
index 8b5e2ea0..4d02e623 100755
--- a/terraform/alicloud/gateway/terraform.tfvars
+++ b/terraform/alicloud/gateway/terraform.tfvars
@@ -20,7 +20,7 @@ instance_tags = {
}
// --- Check Point Settings ---
-gateway_version = "R81-BYOL"
+gateway_version = "R81.20-BYOL"
admin_shell = "/etc/cli.sh"
gateway_SICKey = "12345678"
gateway_password_hash = ""
diff --git a/terraform/alicloud/gateway/variables.tf b/terraform/alicloud/gateway/variables.tf
index ea0ac2f2..a141b140 100755
--- a/terraform/alicloud/gateway/variables.tf
+++ b/terraform/alicloud/gateway/variables.tf
@@ -71,7 +71,7 @@ default = {}
variable "gateway_version" {
type = string
description = "Gateway version and license"
- default = "R81-BYOL"
+ default = "R81.20-BYOL"
}
module "validate_gateway_version" {
source = "../modules/common/version_license"
diff --git a/terraform/alicloud/management-master/README.md b/terraform/alicloud/management-master/README.md
index 21cf4cec..ec200646 100755
--- a/terraform/alicloud/management-master/README.md
+++ b/terraform/alicloud/management-master/README.md
@@ -49,7 +49,7 @@ Configure envrionment variables in Windows:
| disk_category | The ECS disk category | string | - cloud
- cloud_efficiency
- cloud_ssd,
- cloud_essd | "cloud_essd" | no |
| ram_role_name | RAM role name to attach to the instance profile, leave it empty for automatic creation | string | n/a | "" | no |
| instance_tags | (Optional) A map of tags as key=value pairs. All tags will be added to the Management ECS Instance | map(string) | n/a | {} | no |
-| version_license | Version and license of the Check Point Security Management | string | - R81-BYOL
- R81.10-BYOL
- R81.20-BYOL | R81-BYOL | no |
+| version_license | Version and license of the Check Point Security Management | string | - R81-BYOL
- R81.10-BYOL
- R81.20-BYOL | R81.20-BYOL | no |
| admin_shell | Set the admin shell to enable advanced command line configuration | string | - /etc/cli.sh
- /bin/bash
- /bin/csh
- /bin/tcsh | /etc/cli.sh | no |
| password_hash | (Optional) Admin user's password hash (use command \"openssl passwd -6 PASSWORD\" to get the PASSWORD's hash) | string | n/a | "" | no |
| hostname | (Optional) Management prompt hostname. The name must not contain reserved words. For details, refer to sk40179. | string | n/a | n/a | no |
@@ -88,7 +88,7 @@ instance_tags = {
}
// --- Check Point Settings ---
-version_license = "R81-BYOL"
+version_license = "R81.20-BYOL"
admin_shell = "/etc/cli.sh"
password_hash = ""
hostname = "mgmt-tf"
@@ -121,6 +121,7 @@ bootstrap_script = "echo 'this is bootstrap script' > /home/admin/testfile.txt"
| Template Version | Description |
|------------------|--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
+| 20230830 | Change default Check Point version to R81.20 |
| 20230615 | - Improved userdata quality and stability by moving to cloud-config
- Define default primary and secondary NTP servers
- Improved deployment experience for gateways and clusters managed by Smart-1 Cloud |
| 20230521 | - Change default shell for the admin user to /etc/cli.sh
- Add description for reserved words in hostname |
| 20230512 | New images with Jumbo Hotfix |
diff --git a/terraform/alicloud/management-master/terraform.tfvars b/terraform/alicloud/management-master/terraform.tfvars
index faa5bd44..bf6cb990 100755
--- a/terraform/alicloud/management-master/terraform.tfvars
+++ b/terraform/alicloud/management-master/terraform.tfvars
@@ -23,7 +23,7 @@ instance_tags = {
}
// --- Check Point Settings ---
-version_license = "R81-BYOL"
+version_license = "R81.20-BYOL"
admin_shell = "/etc/cli.sh"
password_hash = ""
hostname = "mgmt-tf"
diff --git a/terraform/alicloud/management-master/variables.tf b/terraform/alicloud/management-master/variables.tf
index 470a4abc..aa9954f7 100755
--- a/terraform/alicloud/management-master/variables.tf
+++ b/terraform/alicloud/management-master/variables.tf
@@ -67,7 +67,7 @@ default = {}
variable "version_license" {
type = string
description = "version and license"
- default = "R81-BYOL"
+ default = "R81.20-BYOL"
}
module "validate_management_version" {
source = "../modules/common/version_license"
diff --git a/terraform/alicloud/management/README.md b/terraform/alicloud/management/README.md
index 984a39b9..ccff6e8f 100755
--- a/terraform/alicloud/management/README.md
+++ b/terraform/alicloud/management/README.md
@@ -49,7 +49,7 @@ Configure envrionment variables in Windows:
| disk_category | The ECS disk category | string | - cloud
- cloud_efficiency
- cloud_ssd,
- cloud_essd | "cloud_essd" | no |
| ram_role_name | RAM role name to attach to the instance profile, leave it empty for automatic creation | string | n/a | "" | no |
| instance_tags | (Optional) A map of tags as key=value pairs. All tags will be added to the Management ECS Instance | map(string) | n/a | {} | no |
-| version_license | Version and license of the Check Point Security Management | string | - R81-BYOL
- R81.10-BYOL
- R81.20-BYOL | R81-BYOL | |
+| version_license | Version and license of the Check Point Security Management | string | - R81-BYOL
- R81.10-BYOL
- R81.20-BYOL | R81.20-BYOL | |
| admin_shell | Set the admin shell to enable advanced command line configuration | string | - /etc/cli.sh
- /bin/bash
- /bin/csh
- /bin/tcsh | /etc/cli.sh | no |
| password_hash | (Optional) Admin user's password hash (use command \"openssl passwd -6 PASSWORD\" to get the PASSWORD's hash) | string | n/a | "" | no |
| hostname | (Optional) Management prompt hostname. The name must not contain reserved words. For details, refer to sk40179. | string | n/a | n/a | no |
@@ -84,7 +84,7 @@ instance_tags = {
}
// --- Check Point Settings ---
-version_license = "R81-BYOL"
+version_license = "R81.20-BYOL"
admin_shell = "/etc/cli.sh"
password_hash = ""
hostname = "mgmt-tf"
@@ -114,6 +114,7 @@ bootstrap_script = "echo 'this is bootstrap script' > /home/admin/testfile.txt"
| Template Version | Description |
|------------------|--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
+| 20230830 | Change default Check Point version to R81.20 |
| 20230615 | - Improved userdata quality and stability by moving to cloud-config
- Define default primary and secondary NTP servers
- Improved deployment experience for gateways and clusters managed by Smart-1 Cloud |
| 20230521 | - Change default shell for the admin user to /etc/cli.sh
- Add description for reserved words in hostname |
| 20230512 | New images with Jumbo Hotfix |
diff --git a/terraform/alicloud/management/management_userdata.yaml b/terraform/alicloud/management/management_userdata.yaml
index f65a203e..9d957968 100644
--- a/terraform/alicloud/management/management_userdata.yaml
+++ b/terraform/alicloud/management/management_userdata.yaml
@@ -1,4 +1,4 @@
#cloud-config
runcmd:
- |
- python3 /etc/cloud_config.py sicKey=\"${SICKey}\" installationType=\"management\" osVersion=\"${OsVersion}\" allowUploadDownload=\"${AllowUploadDownload}\" templateVersion=\"20230615\" templateName=\"management\" templateType=\"terraform\" shell=\"${Shell}\" hostName=\"${Hostname}\" ntpPrimary=\"${NTPPrimary}\" ntpSecondary=\"${NTPSecondary}\" passwordHash=\"${PasswordHash}\" primary=\"${IsPrimary}\" adminSubnet=\"${AdminSubnet}\" allocatePublicAddress=\"${AllocateElasticIP}\" "overTheInternet=\"${GatewayManagement}\"" bootstrapScript64=\"${BootstrapScript}\"
+ python3 /etc/cloud_config.py sicKey=\"${SICKey}\" installationType=\"management\" osVersion=\"${OsVersion}\" allowUploadDownload=\"${AllowUploadDownload}\" templateVersion=\"20230830\" templateName=\"management\" templateType=\"terraform\" shell=\"${Shell}\" hostName=\"${Hostname}\" ntpPrimary=\"${NTPPrimary}\" ntpSecondary=\"${NTPSecondary}\" passwordHash=\"${PasswordHash}\" primary=\"${IsPrimary}\" adminSubnet=\"${AdminSubnet}\" allocatePublicAddress=\"${AllocateElasticIP}\" "overTheInternet=\"${GatewayManagement}\"" bootstrapScript64=\"${BootstrapScript}\"
diff --git a/terraform/alicloud/management/terraform.tfvars b/terraform/alicloud/management/terraform.tfvars
index 932bc0b4..9758387c 100755
--- a/terraform/alicloud/management/terraform.tfvars
+++ b/terraform/alicloud/management/terraform.tfvars
@@ -18,7 +18,7 @@ instance_tags = {
}
// --- Check Point Settings ---
-version_license = "R81-BYOL"
+version_license = "R81.20-BYOL"
admin_shell = "/etc/cli.sh"
password_hash = ""
hostname = "mgmt-tf"
diff --git a/terraform/alicloud/management/variables.tf b/terraform/alicloud/management/variables.tf
index a0e59547..c91dd06e 100755
--- a/terraform/alicloud/management/variables.tf
+++ b/terraform/alicloud/management/variables.tf
@@ -58,7 +58,7 @@ default = {}
variable "version_license" {
type = string
description = "version and license"
- default = "R81-BYOL"
+ default = "R81.20-BYOL"
}
module "validate_management_version" {
source = "../modules/common/version_license"
diff --git a/terraform/alicloud/modules/common/gateway_instance/gateway_userdata.yaml b/terraform/alicloud/modules/common/gateway_instance/gateway_userdata.yaml
index c823b3ae..312ca453 100644
--- a/terraform/alicloud/modules/common/gateway_instance/gateway_userdata.yaml
+++ b/terraform/alicloud/modules/common/gateway_instance/gateway_userdata.yaml
@@ -1,4 +1,4 @@
#cloud-config
runcmd:
- |
- python3 /etc/cloud_config.py sicKey=\"${SICKey}\" "smart1CloudToken=\"${TokenKey}\"" installationType=\"gateway\" osVersion=\"${OsVersion}\" allowUploadDownload=\"${AllowUploadDownload}\" templateVersion=\"20230615\" templateName=\"gateway\" templateType=\"terraform\" shell=\"${Shell}\" hostName=\"${Hostname}\" ntpPrimary=\"${NTPPrimary}\" ntpSecondary=\"${NTPSecondary}\" passwordHash=\"${PasswordHash}\" bootstrapScript64=\"${GatewayBootstrapScript}\"
\ No newline at end of file
+ python3 /etc/cloud_config.py sicKey=\"${SICKey}\" "smart1CloudToken=\"${TokenKey}\"" installationType=\"gateway\" osVersion=\"${OsVersion}\" allowUploadDownload=\"${AllowUploadDownload}\" templateVersion=\"20230830\" templateName=\"gateway\" templateType=\"terraform\" shell=\"${Shell}\" hostName=\"${Hostname}\" ntpPrimary=\"${NTPPrimary}\" ntpSecondary=\"${NTPSecondary}\" passwordHash=\"${PasswordHash}\" bootstrapScript64=\"${GatewayBootstrapScript}\"
\ No newline at end of file
diff --git a/terraform/alicloud/modules/common/gateway_instance/variables.tf b/terraform/alicloud/modules/common/gateway_instance/variables.tf
index f46f3e17..c97af611 100755
--- a/terraform/alicloud/modules/common/gateway_instance/variables.tf
+++ b/terraform/alicloud/modules/common/gateway_instance/variables.tf
@@ -24,7 +24,7 @@ variable "disk_category" {
variable "gateway_version" {
type = string
description = "Gateway version and license"
- default = "R81-BYOL"
+ default = "R81.20-BYOL"
}
variable "gateway_instance_type" {
type = string
diff --git a/terraform/alicloud/modules/images/images.yaml b/terraform/alicloud/modules/images/images.yaml
index 1c5e2570..396ee423 100755
--- a/terraform/alicloud/modules/images/images.yaml
+++ b/terraform/alicloud/modules/images/images.yaml
@@ -3,7 +3,7 @@ Parameters:
Version:
Description: Security Gateway or Management Server version
Type: String
- Default: R81-BYOL-GW
+ Default: R81.20-BYOL-GW
AllowedValues:
- R81-BYOL-GW
- R81-BYOL-MGMT
diff --git a/terraform/alicloud/modules/images/main.tf b/terraform/alicloud/modules/images/main.tf
index a1747c60..86231617 100755
--- a/terraform/alicloud/modules/images/main.tf
+++ b/terraform/alicloud/modules/images/main.tf
@@ -4,10 +4,10 @@ locals {
// Variables example:
- // version_license = "R81-BYOL-GW"
+ // version_license = "R81.20-BYOL"
// RESULT:
- // version_license_key = "R81-BYOL-GW"
- // version_license_value = "R81BYOLGW"
+ // version_license_key = "R81.20-BYOL-GW"
+ // version_license_value = "R8120BYOLGW"
version_license_key = format("%s%s", var.version_license, var.chkp_type == "gateway" ? "-GW" : var.chkp_type == "management" ? "-MGMT" : "")
version_license_value = local.images_yaml_converterMap[local.version_license_key]["Value"]
diff --git a/terraform/alicloud/modules/images/variables.tf b/terraform/alicloud/modules/images/variables.tf
index 86fc88bd..0c646605 100755
--- a/terraform/alicloud/modules/images/variables.tf
+++ b/terraform/alicloud/modules/images/variables.tf
@@ -15,5 +15,6 @@ variable "chkp_type" {
variable "version_license" {
type = string
description = "Version and license"
+ default = "R81.20-BYOL"
}
diff --git a/terraform/aws/autoscale-gwlb/README.md b/terraform/aws/autoscale-gwlb/README.md
index 5b98d2f6..363b48d7 100755
--- a/terraform/aws/autoscale-gwlb/README.md
+++ b/terraform/aws/autoscale-gwlb/README.md
@@ -90,7 +90,7 @@ secret_key = "my-secret-key"
target_groups = ["arn:aws:tg1/abc123", "arn:aws:tg2/def456"]
// --- Check Point Settings ---
- gateway_version = "R80.40-BYOL"
+ gateway_version = "R81.20-BYOL"
admin_shell = "/etc/cli.sh"
gateway_password_hash = ""
gateway_SICKey = "12345678"
@@ -134,7 +134,7 @@ secret_key = "my-secret-key"
| minimum_group_size | The minimum number of instances in the Auto Scaling group | number | n/a | 2 | no |
| maximum_group_size | The maximum number of instances in the Auto Scaling group | number | n/a | 10 | no |
| target_groups | (Optional) List of Target Group ARNs to associate with the Auto Scaling group | list(string) | n/a | [] | no |
-| gateway_version | Gateway version and license | string | - R80.40-BYOL
- R80.40-PAYG-NGTP
- R80.40-PAYG-NGTX
- R81.20-BYOL
- R81.20-PAYG-NGTP
- R81.20-PAYG-NGTX | R80.40-BYOL | no |
+| gateway_version | Gateway version and license | string | - R80.40-BYOL
- R80.40-PAYG-NGTP
- R80.40-PAYG-NGTX
- R81.20-BYOL
- R81.20-PAYG-NGTP
- R81.20-PAYG-NGTX | R81.20-BYOL | no |
| admin_shell | Set the admin shell to enable advanced command line configuration | string | - /etc/cli.sh
- /bin/bash
- /bin/csh
- /bin/tcsh | /etc/cli.sh | no |
| gateway_password_hash | (Optional) Admin user's password hash (use command 'openssl passwd -6 PASSWORD' to get the PASSWORD's hash) | string | n/a | "" | no |
| gateway_SICKey | The Secure Internal Communication key for trusted connection between Check Point components (at least 8 alphanumeric characters) | string | n/a | "12345678" | yes |
@@ -171,6 +171,7 @@ In order to check the template version, please refer to [sk116585](https://suppo
| 20221226 | Support ASG Launch Template instead of Launch Configuration |
| 20230521 | - Change default shell for the admin user to /etc/cli.sh
- Add description for reserved words in hostname |
| 20230806 | Add support for c6in instance type |
+| 20230830 | Change default Check Point version to R81.20 |
## License
diff --git a/terraform/aws/autoscale-gwlb/asg_userdata.yaml b/terraform/aws/autoscale-gwlb/asg_userdata.yaml
index 05865eb7..a63822f7 100755
--- a/terraform/aws/autoscale-gwlb/asg_userdata.yaml
+++ b/terraform/aws/autoscale-gwlb/asg_userdata.yaml
@@ -26,4 +26,4 @@ bootcmd:
- echo "cpprod_util CPPROD_SetValue \"fw1\" \"AwsGwlb\" 4 1 1" >> /etc/rc.local
runcmd:
- |
- python3 /etc/cloud_config.py enableCloudWatch=\"${EnableCloudWatch}\" sicKey=\"${SICKey}\" installationType=\"autoscale\" osVersion=\"${OsVersion}\" allowUploadDownload=\"${AllowUploadDownload}\" templateVersion=\"20230521\" templateName=\"autoscale_gwlb\" templateType=\"terraform\" shell=\"${Shell}\" enableInstanceConnect=\"${EnableInstanceConnect}\" passwordHash=\"${PasswordHash}\" bootstrapScript64=\"${BootstrapScript}\"
+ python3 /etc/cloud_config.py enableCloudWatch=\"${EnableCloudWatch}\" sicKey=\"${SICKey}\" installationType=\"autoscale\" osVersion=\"${OsVersion}\" allowUploadDownload=\"${AllowUploadDownload}\" templateVersion=\"20230830\" templateName=\"autoscale_gwlb\" templateType=\"terraform\" shell=\"${Shell}\" enableInstanceConnect=\"${EnableInstanceConnect}\" passwordHash=\"${PasswordHash}\" bootstrapScript64=\"${BootstrapScript}\"
diff --git a/terraform/aws/autoscale-gwlb/terraform.tfvars b/terraform/aws/autoscale-gwlb/terraform.tfvars
index 4a4bf0f8..e8b5b1d7 100755
--- a/terraform/aws/autoscale-gwlb/terraform.tfvars
+++ b/terraform/aws/autoscale-gwlb/terraform.tfvars
@@ -29,7 +29,7 @@ maximum_group_size = 10
target_groups = ["arn:aws:tg1/abc123", "arn:aws:tg2/def456"]
// --- Check Point Settings ---
-gateway_version = "R80.40-BYOL"
+gateway_version = "R81.20-BYOL"
admin_shell = "/etc/cli.sh"
gateway_password_hash = ""
gateway_SICKey = "12345678"
diff --git a/terraform/aws/autoscale-gwlb/varialbles.tf b/terraform/aws/autoscale-gwlb/varialbles.tf
index 6311638e..66ef7151 100755
--- a/terraform/aws/autoscale-gwlb/varialbles.tf
+++ b/terraform/aws/autoscale-gwlb/varialbles.tf
@@ -127,7 +127,7 @@ variable "target_groups" {
variable "gateway_version" {
type = string
description = "Gateway version and license"
- default = "R80.40-BYOL"
+ default = "R81.20-BYOL"
}
module "validate_gateway_version" {
source = "../modules/common/version_license"
diff --git a/terraform/aws/autoscale/README.md b/terraform/aws/autoscale/README.md
index 8c0f9580..ec91facc 100755
--- a/terraform/aws/autoscale/README.md
+++ b/terraform/aws/autoscale/README.md
@@ -91,7 +91,7 @@ secret_key = "my-secret-key"
target_groups = ["arn:aws:tg1/abc123", "arn:aws:tg2/def456"]
// --- Check Point Settings ---
- gateway_version = "R81-BYOL"
+ gateway_version = "R81.20-BYOL"
admin_shell = "/etc/cli.sh"
gateway_password_hash = ""
gateway_SICKey = "12345678"
@@ -142,7 +142,7 @@ secret_key = "my-secret-key"
| minimum_group_size | The minimum number of instances in the Auto Scaling group | number | n/a | 2 | no |
| maximum_group_size | The maximum number of instances in the Auto Scaling group | number | n/a | 10 | no |
| target_groups | (Optional) List of Target Group ARNs to associate with the Auto Scaling group | list(string) | n/a | [] | no |
-| gateway_version | Gateway version and license | string | - R80.40-BYOL
- R80.40-PAYG-NGTP
- R80.40-PAYG-NGTX
- R81-BYOL
- R81-PAYG-NGTP
- R81-PAYG-NGTX
- R81.10-BYOL
- R81.10-PAYG-NGTP
- R81.10-PAYG-NGTX
- R81.20-BYOL
- R81.20-PAYG-NGTP
- R81.20-PAYG-NGTX | R81-BYOL | no |
+| gateway_version | Gateway version and license | string | - R80.40-BYOL
- R80.40-PAYG-NGTP
- R80.40-PAYG-NGTX
- R81-BYOL
- R81-PAYG-NGTP
- R81-PAYG-NGTX
- R81.10-BYOL
- R81.10-PAYG-NGTP
- R81.10-PAYG-NGTX
- R81.20-BYOL
- R81.20-PAYG-NGTP
- R81.20-PAYG-NGTX | R81.20-BYOL | no |
| admin_shell | Set the admin shell to enable advanced command line configuration | string | - /etc/cli.sh
- /bin/bash
- /bin/csh
- /bin/tcsh | /etc/cli.sh | no |
| gateway_password_hash | (Optional) Admin user's password hash (use command 'openssl passwd -6 PASSWORD' to get the PASSWORD's hash) | string | n/a | "" | no |
| gateway_SICKey | The Secure Internal Communication key for trusted connection between Check Point components (at least 8 alphanumeric characters) | string | n/a | "12345678" | yes |
@@ -184,6 +184,7 @@ In order to check the template version, please refer to [sk116585](https://suppo
| 20221226 | Support ASG Launch Template instead of Launch Configuration |
| 20230521 | Change default shell for the admin user to /etc/cli.sh |
| 20230806 | Add support for c6in instance type |
+| 20230830 | Change default Check Point version to R81.20 |
## License
diff --git a/terraform/aws/autoscale/asg_userdata.yaml b/terraform/aws/autoscale/asg_userdata.yaml
index 08194ffd..fb709a62 100755
--- a/terraform/aws/autoscale/asg_userdata.yaml
+++ b/terraform/aws/autoscale/asg_userdata.yaml
@@ -1,5 +1,4 @@
#cloud-config
runcmd:
- |
- python3 /etc/cloud_config.py enableCloudWatch=\"${EnableCloudWatch}\" sicKey=\"${SICKey}\" installationType=\"autoscale\" osVersion=\"${OsVersion}\" allowUploadDownload=\"${AllowUploadDownload}\" templateVersion=\"20230806\" templateName=\"autoscale\" templateType=\"terraform\" shell=\"${Shell}\" enableInstanceConnect=\"${EnableInstanceConnect}\" passwordHash=\"${PasswordHash}\" bootstrapScript64=\"${BootstrapScript}\"
-
+ python3 /etc/cloud_config.py enableCloudWatch=\"${EnableCloudWatch}\" sicKey=\"${SICKey}\" installationType=\"autoscale\" osVersion=\"${OsVersion}\" allowUploadDownload=\"${AllowUploadDownload}\" templateVersion=\"20230830\" templateName=\"autoscale\" templateType=\"terraform\" shell=\"${Shell}\" enableInstanceConnect=\"${EnableInstanceConnect}\" passwordHash=\"${PasswordHash}\" bootstrapScript64=\"${BootstrapScript}\"
diff --git a/terraform/aws/autoscale/terraform.tfvars b/terraform/aws/autoscale/terraform.tfvars
index 19c9fea4..905d24f3 100755
--- a/terraform/aws/autoscale/terraform.tfvars
+++ b/terraform/aws/autoscale/terraform.tfvars
@@ -28,7 +28,7 @@ maximum_group_size = 10
target_groups = ["arn:aws:tg1/abc123", "arn:aws:tg2/def456"]
// --- Check Point Settings ---
-gateway_version = "R81-BYOL"
+gateway_version = "R81.20-BYOL"
admin_shell = "/etc/cli.sh"
gateway_password_hash = ""
gateway_SICKey = "12345678"
diff --git a/terraform/aws/autoscale/variables.tf b/terraform/aws/autoscale/variables.tf
index 8b06ef31..0057c41b 100755
--- a/terraform/aws/autoscale/variables.tf
+++ b/terraform/aws/autoscale/variables.tf
@@ -115,7 +115,7 @@ variable "target_groups" {
variable "gateway_version" {
type = string
description = "Gateway version and license"
- default = "R81-BYOL"
+ default = "R81.20-BYOL"
}
module "validate_gateway_version" {
source = "../modules/common/version_license"
diff --git a/terraform/aws/cluster-master/README.md b/terraform/aws/cluster-master/README.md
index bb1ba09f..a6610225 100755
--- a/terraform/aws/cluster-master/README.md
+++ b/terraform/aws/cluster-master/README.md
@@ -112,7 +112,7 @@ secret_key = "my-secret-key"
predefined_role = ""
// --- Check Point Settings ---
- gateway_version = "R81-BYOL"
+ gateway_version = "R81.20-BYOL"
admin_shell = "/etc/cli.sh"
gateway_SICKey = "12345678"
gateway_password_hash = ""
@@ -169,7 +169,7 @@ secret_key = "my-secret-key"
| disable_instance_termination | Prevents an instance from accidental termination. Note: Once this attribute is true terraform destroy won't work properly | bool | true/false | false | no |
| instance_tags | (Optional) A map of tags as key=value pairs. All tags will be added to the Gateway EC2 Instances | map(string) | n/a | {} | no |
| predefined_role | (Optional) A predefined IAM role to attach to the cluster profile | string | n/a | "" | no |
-| gateway_version | Gateway version and license | string | - R80.40-BYOL
- R80.40-PAYG-NGTP
- R80.40-PAYG-NGTX
- R81-BYOL
- R81-PAYG-NGTP
- R81-PAYG-NGTX
- R81.10-BYOL
- R81.10-PAYG-NGTP
- R81.10-PAYG-NGTX
- R81.20-BYOL
- R81.20-PAYG-NGTP
- R81.20-PAYG-NGTX | R81-BYOL | no |
+| gateway_version | Gateway version and license | string | - R80.40-BYOL
- R80.40-PAYG-NGTP
- R80.40-PAYG-NGTX
- R81-BYOL
- R81-PAYG-NGTP
- R81-PAYG-NGTX
- R81.10-BYOL
- R81.10-PAYG-NGTP
- R81.10-PAYG-NGTX
- R81.20-BYOL
- R81.20-PAYG-NGTP
- R81.20-PAYG-NGTX | R81.20-BYOL | no |
| admin_shell | Set the admin shell to enable advanced command line configuration | string | - /etc/cli.sh
- /bin/bash
- /bin/csh
- /bin/tcsh | /etc/cli.sh | no |
| gateway_SICKey | The Secure Internal Communication key for trusted connection between Check Point components. Choose a random string consisting of at least 8 alphanumeric characters | string | n/a | "12345678" | yes |
| gateway_password_hash | (Optional) Admin user's password hash (use command 'openssl passwd -6 PASSWORD' to get the PASSWORD's hash) | string | n/a | "" | no |
@@ -207,7 +207,8 @@ In order to check the template version, please refer to [sk116585](https://suppo
| 20230411 | Improved deployment experience for gateways and clusters managed by Smart-1 Cloud |
| 20230503 | Smart-1 Cloud token validation |
| 20230521 | - Change default shell for the admin user to /etc/cli.sh
- Add description for reserved words in hostname |
-| 20230806 | Add support for c6in instance type |
+| 20230806 | Add support for c6in instance type |
+| 20230830 | Change default Check Point version to R81.20 |
## License
diff --git a/terraform/aws/cluster-master/terraform.tfvars b/terraform/aws/cluster-master/terraform.tfvars
index aba4df74..2d6216d8 100755
--- a/terraform/aws/cluster-master/terraform.tfvars
+++ b/terraform/aws/cluster-master/terraform.tfvars
@@ -26,7 +26,7 @@ instance_tags = {
predefined_role = ""
// --- Check Point Settings ---
-gateway_version = "R81-BYOL"
+gateway_version = "R81.20-BYOL"
admin_shell = "/etc/cli.sh"
gateway_SICKey = "12345678"
gateway_password_hash = ""
diff --git a/terraform/aws/cluster-master/variables.tf b/terraform/aws/cluster-master/variables.tf
index ca6d0b57..57794633 100755
--- a/terraform/aws/cluster-master/variables.tf
+++ b/terraform/aws/cluster-master/variables.tf
@@ -102,7 +102,7 @@ variable "predefined_role" {
variable "gateway_version" {
type = string
description = "Gateway version and license"
- default = "R81-BYOL"
+ default = "R81.20-BYOL"
}
module "validate_gateway_version" {
source = "../modules/common/version_license"
diff --git a/terraform/aws/cluster/README.md b/terraform/aws/cluster/README.md
index 750cb748..5bd6d209 100755
--- a/terraform/aws/cluster/README.md
+++ b/terraform/aws/cluster/README.md
@@ -86,7 +86,7 @@ secret_key = "my-secret-key"
predefined_role = ""
// --- Check Point Settings ---
- gateway_version = "R81-BYOL"
+ gateway_version = "R81.20-BYOL"
admin_shell = "/etc/cli.sh"
gateway_SICKey = "12345678"
gateway_password_hash = ""
@@ -147,7 +147,7 @@ secret_key = "my-secret-key"
| disable_instance_termination | Prevents an instance from accidental termination. Note: Once this attribute is true terraform destroy won't work properly | bool | true/false | false | no |
| instance_tags | (Optional) A map of tags as key=value pairs. All tags will be added to the Gateway EC2 Instances | map(string) | n/a | {} | no |
| predefined_role | (Optional) A predefined IAM role to attach to the cluster profile | string | n/a | "" | no |
-| gateway_version | Gateway version and license | string | - R80.40-BYOL
- R80.40-PAYG-NGTP
- R80.40-PAYG-NGTX
- R81-BYOL
- R81-PAYG-NGTP
- R81-PAYG-NGTX
- R81.10-BYOL
- R81.10-PAYG-NGTP
- R81.10-PAYG-NGTX
- R81.20-BYOL
- R81.20-PAYG-NGTP
- R81.20-PAYG-NGTX | R81-BYOL | no |
+| gateway_version | Gateway version and license | string | - R80.40-BYOL
- R80.40-PAYG-NGTP
- R80.40-PAYG-NGTX
- R81-BYOL
- R81-PAYG-NGTP
- R81-PAYG-NGTX
- R81.10-BYOL
- R81.10-PAYG-NGTP
- R81.10-PAYG-NGTX
- R81.20-BYOL
- R81.20-PAYG-NGTP
- R81.20-PAYG-NGTX | R81.20-BYOL | no |
| admin_shell | Set the admin shell to enable advanced command line configuration | string | - /etc/cli.sh
- /bin/bash
- /bin/csh
- /bin/tcsh | /etc/cli.sh | no |
| gateway_SICKey | The Secure Internal Communication key for trusted connection between Check Point components. Choose a random string consisting of at least 8 alphanumeric characters | string | n/a | "12345678" | no |
| gateway_password_hash | (Optional) Admin user's password hash (use command 'openssl passwd -6 PASSWORD' to get the PASSWORD's hash) | string | n/a | "" | no |
@@ -186,6 +186,7 @@ In order to check the template version, please refer to [sk116585](https://suppo
| 20230503 | Smart-1 Cloud token validation |
| 20230521 | - Change default shell for the admin user to /etc/cli.sh
- Add description for reserved words in hostname |
| 20230806 | Add support for c6in instance type |
+| 20230830 | Change default Check Point version to R81.20 |
## License
diff --git a/terraform/aws/cluster/cluster_member_a_userdata.yaml b/terraform/aws/cluster/cluster_member_a_userdata.yaml
index a9672f8e..d8b4bf91 100755
--- a/terraform/aws/cluster/cluster_member_a_userdata.yaml
+++ b/terraform/aws/cluster/cluster_member_a_userdata.yaml
@@ -1,4 +1,4 @@
#cloud-config
runcmd:
- |
- python3 /etc/cloud_config.py enableCloudWatch=\"${EnableCloudWatch}\" sicKey=\"${SICKey}\" "smart1CloudToken=\"${TokenA}\"" installationType=\"cluster\" osVersion=\"${OsVersion}\" allowUploadDownload=\"${AllowUploadDownload}\" elasticIp=\"${MemberAPublicAddress}\" templateVersion=\"20230521\" templateName=\"cluster\" templateType=\"terraform\" shell=\"${Shell}\" enableInstanceConnect=\"${EnableInstanceConnect}\" hostName=\"${Hostname}\" ntpPrimary=\"${NTPPrimary}\" ntpSecondary=\"${NTPSecondary}\" passwordHash=\"${PasswordHash}\" allocatePublicAddress=\"${AllocateAddress}\" bootstrapScript64=\"${GatewayBootstrapScript}\"
\ No newline at end of file
+ python3 /etc/cloud_config.py enableCloudWatch=\"${EnableCloudWatch}\" sicKey=\"${SICKey}\" "smart1CloudToken=\"${TokenA}\"" installationType=\"cluster\" osVersion=\"${OsVersion}\" allowUploadDownload=\"${AllowUploadDownload}\" elasticIp=\"${MemberAPublicAddress}\" templateVersion=\"20230830\" templateName=\"cluster\" templateType=\"terraform\" shell=\"${Shell}\" enableInstanceConnect=\"${EnableInstanceConnect}\" hostName=\"${Hostname}\" ntpPrimary=\"${NTPPrimary}\" ntpSecondary=\"${NTPSecondary}\" passwordHash=\"${PasswordHash}\" allocatePublicAddress=\"${AllocateAddress}\" bootstrapScript64=\"${GatewayBootstrapScript}\"
\ No newline at end of file
diff --git a/terraform/aws/cluster/cluster_member_b_userdata.yaml b/terraform/aws/cluster/cluster_member_b_userdata.yaml
index 04e279b5..cab2c426 100755
--- a/terraform/aws/cluster/cluster_member_b_userdata.yaml
+++ b/terraform/aws/cluster/cluster_member_b_userdata.yaml
@@ -1,4 +1,4 @@
#cloud-config
runcmd:
- |
- python3 /etc/cloud_config.py enableCloudWatch=\"${EnableCloudWatch}\" sicKey=\"${SICKey}\" "smart1CloudToken=\"${TokenB}\"" installationType=\"cluster\" osVersion=\"${OsVersion}\" allowUploadDownload=\"${AllowUploadDownload}\" elasticIp=\"${MemberBPublicAddress}\" templateVersion=\"20230521\" templateName=\"cluster\" templateType=\"terraform\" shell=\"${Shell}\" enableInstanceConnect=\"${EnableInstanceConnect}\" hostName=\"${Hostname }\" ntpPrimary=\"${NTPPrimary}\" ntpSecondary=\"${NTPSecondary}\" passwordHash=\"${PasswordHash}\" allocatePublicAddress=\"${AllocateAddress}\" bootstrapScript64=\"${GatewayBootstrapScript}\"
\ No newline at end of file
+ python3 /etc/cloud_config.py enableCloudWatch=\"${EnableCloudWatch}\" sicKey=\"${SICKey}\" "smart1CloudToken=\"${TokenB}\"" installationType=\"cluster\" osVersion=\"${OsVersion}\" allowUploadDownload=\"${AllowUploadDownload}\" elasticIp=\"${MemberBPublicAddress}\" templateVersion=\"20230830\" templateName=\"cluster\" templateType=\"terraform\" shell=\"${Shell}\" enableInstanceConnect=\"${EnableInstanceConnect}\" hostName=\"${Hostname }\" ntpPrimary=\"${NTPPrimary}\" ntpSecondary=\"${NTPSecondary}\" passwordHash=\"${PasswordHash}\" allocatePublicAddress=\"${AllocateAddress}\" bootstrapScript64=\"${GatewayBootstrapScript}\"
\ No newline at end of file
diff --git a/terraform/aws/cluster/terraform.tfvars b/terraform/aws/cluster/terraform.tfvars
index 3ba5543c..bcab4b0c 100755
--- a/terraform/aws/cluster/terraform.tfvars
+++ b/terraform/aws/cluster/terraform.tfvars
@@ -22,7 +22,7 @@ instance_tags = {
predefined_role = ""
// --- Check Point Settings ---
-gateway_version = "R81-BYOL"
+gateway_version = "R81.20-BYOL"
admin_shell = "/etc/cli.sh"
gateway_SICKey = "12345678"
gateway_password_hash = ""
diff --git a/terraform/aws/cluster/variables.tf b/terraform/aws/cluster/variables.tf
index 6ec28341..d9030cd8 100755
--- a/terraform/aws/cluster/variables.tf
+++ b/terraform/aws/cluster/variables.tf
@@ -100,7 +100,7 @@ variable "predefined_role" {
variable "gateway_version" {
type = string
description = "Gateway version and license"
- default = "R81-BYOL"
+ default = "R81.20-BYOL"
}
module "validate_gateway_version" {
source = "../modules/common/version_license"
diff --git a/terraform/aws/cross-az-cluster/cluster_member_a_userdata.yaml b/terraform/aws/cross-az-cluster/cluster_member_a_userdata.yaml
index 7662dd98..045ce1d8 100755
--- a/terraform/aws/cross-az-cluster/cluster_member_a_userdata.yaml
+++ b/terraform/aws/cross-az-cluster/cluster_member_a_userdata.yaml
@@ -1,4 +1,4 @@
#cloud-config
runcmd:
- |
- python3 /etc/cloud_config.py enableCloudWatch=\"${EnableCloudWatch}\" sicKey=\"${SICKey}\" "smart1CloudToken=\"${TokenA}\"" installationType=\"cross-az-cluster\" osVersion=\"${OsVersion}\" allowUploadDownload=\"${AllowUploadDownload}\" templateVersion=\"20230521\" templateName=\"cross_az_cluster\" templateType=\"terraform\" shell=\"${Shell}\" enableInstanceConnect=\"${EnableInstanceConnect}\" hostName=\"${Hostname}\" ntpPrimary=\"${NTPPrimary}\" ntpSecondary=\"${NTPSecondary}\" passwordHash=\"${PasswordHash}\" elasticIp=\"${MemberAPublicAddress}\" otherMemberIp=\"${MemberBPrivateAddressCluster}\" clusterIp=\"${PublicAddressCluster}\" secondaryIp=\"${MemberAPrivateAddressSecondary}\" otherMemberPrivateClusterIp=\"${MemberBPrivateAddressSecondary}\" bootstrapScript64=\"${GatewayBootstrapScript}\"
\ No newline at end of file
+ python3 /etc/cloud_config.py enableCloudWatch=\"${EnableCloudWatch}\" sicKey=\"${SICKey}\" "smart1CloudToken=\"${TokenA}\"" installationType=\"cross-az-cluster\" osVersion=\"${OsVersion}\" allowUploadDownload=\"${AllowUploadDownload}\" templateVersion=\"20230830\" templateName=\"cross_az_cluster\" templateType=\"terraform\" shell=\"${Shell}\" enableInstanceConnect=\"${EnableInstanceConnect}\" hostName=\"${Hostname}\" ntpPrimary=\"${NTPPrimary}\" ntpSecondary=\"${NTPSecondary}\" passwordHash=\"${PasswordHash}\" elasticIp=\"${MemberAPublicAddress}\" otherMemberIp=\"${MemberBPrivateAddressCluster}\" clusterIp=\"${PublicAddressCluster}\" secondaryIp=\"${MemberAPrivateAddressSecondary}\" otherMemberPrivateClusterIp=\"${MemberBPrivateAddressSecondary}\" bootstrapScript64=\"${GatewayBootstrapScript}\"
\ No newline at end of file
diff --git a/terraform/aws/cross-az-cluster/cluster_member_b_userdata.yaml b/terraform/aws/cross-az-cluster/cluster_member_b_userdata.yaml
index a0e82ea1..5fd0e9bc 100755
--- a/terraform/aws/cross-az-cluster/cluster_member_b_userdata.yaml
+++ b/terraform/aws/cross-az-cluster/cluster_member_b_userdata.yaml
@@ -1,4 +1,4 @@
#cloud-config
runcmd:
- |
- python3 /etc/cloud_config.py enableCloudWatch=\"${EnableCloudWatch}\" sicKey=\"${SICKey}\" "smart1CloudToken=\"${TokenB}\"" installationType=\"cross-az-cluster\" osVersion=\"${OsVersion}\" allowUploadDownload=\"${AllowUploadDownload}\" templateVersion=\"20230521\" templateName=\"cross_az_cluster\" templateType=\"terraform\" shell=\"${Shell}\" enableInstanceConnect=\"${EnableInstanceConnect}\" hostName=\"${Hostname}\" ntpPrimary=\"${NTPPrimary}\" ntpSecondary=\"${NTPSecondary}\" passwordHash=\"${PasswordHash}\" elasticIp=\"${MemberBPublicAddress}\" otherMemberIp=\"${MemberAPrivateAddressCluster}\" clusterIp=\"${PublicAddressCluster}\" secondaryIp=\"${MemberBPrivateAddressSecondary}\" otherMemberPrivateClusterIp=\"${MemberAPrivateAddressSecondary}\" bootstrapScript64=\"${GatewayBootstrapScript}\"
\ No newline at end of file
+ python3 /etc/cloud_config.py enableCloudWatch=\"${EnableCloudWatch}\" sicKey=\"${SICKey}\" "smart1CloudToken=\"${TokenB}\"" installationType=\"cross-az-cluster\" osVersion=\"${OsVersion}\" allowUploadDownload=\"${AllowUploadDownload}\" templateVersion=\"20230830\" templateName=\"cross_az_cluster\" templateType=\"terraform\" shell=\"${Shell}\" enableInstanceConnect=\"${EnableInstanceConnect}\" hostName=\"${Hostname}\" ntpPrimary=\"${NTPPrimary}\" ntpSecondary=\"${NTPSecondary}\" passwordHash=\"${PasswordHash}\" elasticIp=\"${MemberBPublicAddress}\" otherMemberIp=\"${MemberAPrivateAddressCluster}\" clusterIp=\"${PublicAddressCluster}\" secondaryIp=\"${MemberBPrivateAddressSecondary}\" otherMemberPrivateClusterIp=\"${MemberAPrivateAddressSecondary}\" bootstrapScript64=\"${GatewayBootstrapScript}\"
\ No newline at end of file
diff --git a/terraform/aws/gateway-master/README.md b/terraform/aws/gateway-master/README.md
index b9187885..5ae8fff3 100755
--- a/terraform/aws/gateway-master/README.md
+++ b/terraform/aws/gateway-master/README.md
@@ -109,7 +109,7 @@ secret_key = "my-secret-key"
}
// --- Check Point Settings ---
- gateway_version = "R81-BYOL"
+ gateway_version = "R81.20-BYOL"
admin_shell = "/etc/cli.sh"
gateway_SICKey = "12345678"
gateway_password_hash = ""
@@ -160,7 +160,7 @@ secret_key = "my-secret-key"
| enable_instance_connect | Enable SSH connection over AWS web console. Supporting regions can be found [here](https://aws.amazon.com/about-aws/whats-new/2019/06/introducing-amazon-ec2-instance-connect/) | bool | true/false | false | no |
| disable_instance_termination | Prevents an instance from accidental termination. Note: Once this attribute is true terraform destroy won't work properly | bool | true/false | false | no |
| instance_tags | (Optional) A map of tags as key=value pairs. All tags will be added to the Security Gateway EC2 Instance | map(string) | n/a | {} | no |
-| gateway_version | Gateway version and license | string | - R80.40-BYOL
- R80.40-PAYG-NGTP
- R80.40-PAYG-NGTX
- R81-BYOL
- R81-PAYG-NGTP
- R81-PAYG-NGTX
- R81.10-BYOL
- R81.10-PAYG-NGTP
- R81.10-PAYG-NGTX
- R81.20-BYOL
- R81.20-PAYG-NGTP
- R81.20-PAYG-NGTX | R81-BYOL | no |
+| gateway_version | Gateway version and license | string | - R80.40-BYOL
- R80.40-PAYG-NGTP
- R80.40-PAYG-NGTX
- R81-BYOL
- R81-PAYG-NGTP
- R81-PAYG-NGTX
- R81.10-BYOL
- R81.10-PAYG-NGTP
- R81.10-PAYG-NGTX
- R81.20-BYOL
- R81.20-PAYG-NGTP
- R81.20-PAYG-NGTX | R81.20-BYOL | no |
| admin_shell | Set the admin shell to enable advanced command line configuration | string | - /etc/cli.sh
- /bin/bash
- /bin/csh
- /bin/tcsh | /etc/cli.sh | no |
| gateway_SIC_Key | The Secure Internal Communication key for trusted connection between Check Point components. Choose a random string consisting of at least 8 alphanumeric characters | string | n/a | "12345678" | yes |
| gateway_password_hash | (Optional) Admin user's password hash (use command 'openssl passwd -6 PASSWORD' to get the PASSWORD's hash) | string | n/a | "" | no |
@@ -203,7 +203,8 @@ In order to check the template version, please refer to [sk116585](https://suppo
| 20230411 | Improved deployment experience for gateways and clusters managed by Smart-1 Cloud |
| 20230503 | Smart-1 Cloud token validation |
| 20230521 | - Change default shell for the admin user to /etc/cli.sh
- Add description for reserved words in hostname |
-| 20230806 | Add support for c6in instance type |
+| 20230806 | Add support for c6in instance type |
+| 20230830 | Change default Check Point version to R81.20 |
## License
diff --git a/terraform/aws/gateway-master/terraform.tfvars b/terraform/aws/gateway-master/terraform.tfvars
index 4946f8c6..ce051c4a 100755
--- a/terraform/aws/gateway-master/terraform.tfvars
+++ b/terraform/aws/gateway-master/terraform.tfvars
@@ -25,7 +25,7 @@ instance_tags = {
}
// --- Check Point Settings ---
-gateway_version = "R81-BYOL"
+gateway_version = "R81.20-BYOL"
admin_shell = "/etc/cli.sh"
gateway_SICKey = "12345678"
gateway_password_hash = ""
diff --git a/terraform/aws/gateway-master/variables.tf b/terraform/aws/gateway-master/variables.tf
index bb4205c9..71ed7be6 100755
--- a/terraform/aws/gateway-master/variables.tf
+++ b/terraform/aws/gateway-master/variables.tf
@@ -97,7 +97,7 @@ variable "instance_tags" {
variable "gateway_version" {
type = string
description = "Gateway version and license"
- default = "R81-BYOL"
+ default = "R81.20-BYOL"
}
module "validate_gateway_version" {
source = "../modules/common/version_license"
diff --git a/terraform/aws/gateway/README.md b/terraform/aws/gateway/README.md
index 9cd8ceba..df37fe73 100755
--- a/terraform/aws/gateway/README.md
+++ b/terraform/aws/gateway/README.md
@@ -82,7 +82,7 @@ secret_key = "my-secret-key"
}
// --- Check Point Settings ---
- gateway_version = "R81-BYOL"
+ gateway_version = "R81.20-BYOL"
admin_shell = "/etc/cli.sh"
gateway_SICKey = "12345678"
gateway_password_hash = ""
@@ -137,7 +137,7 @@ secret_key = "my-secret-key"
| enable_instance_connect | Enable SSH connection over AWS web console. Supporting regions can be found [here](https://aws.amazon.com/about-aws/whats-new/2019/06/introducing-amazon-ec2-instance-connect/) | bool | true/false | false | no |
| disable_instance_termination | Prevents an instance from accidental termination. Note: Once this attribute is true terraform destroy won't work properly | bool | true/false | false | no |
| instance_tags | (Optional) A map of tags as key=value pairs. All tags will be added to the Security Gateway EC2 Instance | map(string) | n/a | {} | no |
-| gateway_version | Gateway version and license | string | - R80.40-BYOL
- R80.40-PAYG-NGTP
- R80.40-PAYG-NGTX
- R81-BYOL
- R81-PAYG-NGTP
- R81-PAYG-NGTX
- R81.10-BYOL
- R81.10-PAYG-NGTP
- R81.10-PAYG-NGTX
- R81.20-BYOL
- R81.20-PAYG-NGTP
- R81.20-PAYG-NGTX | R81-BYOL | no |
+| gateway_version | Gateway version and license | string | - R80.40-BYOL
- R80.40-PAYG-NGTP
- R80.40-PAYG-NGTX
- R81-BYOL
- R81-PAYG-NGTP
- R81-PAYG-NGTX
- R81.10-BYOL
- R81.10-PAYG-NGTP
- R81.10-PAYG-NGTX
- R81.20-BYOL
- R81.20-PAYG-NGTP
- R81.20-PAYG-NGTX | R81.20-BYOL | no |
| admin_shell | Set the admin shell to enable advanced command line configuration | string | - /etc/cli.sh
- /bin/bash
- /bin/csh
- /bin/tcsh | /etc/cli.sh | no |
| gateway_SIC_Key | The Secure Internal Communication key for trusted connection between Check Point components. Choose a random string consisting of at least 8 alphanumeric characters | string | n/a | "12345678" | yes |
| gateway_password_hash | (Optional) Admin user's password hash (use command 'openssl passwd -6 PASSWORD' to get the PASSWORD's hash) | string | n/a | "" | no |
@@ -176,7 +176,8 @@ In order to check the template version, please refer to [sk116585](https://suppo
| 20230411 | Improved deployment experience for gateways and clusters managed by Smart-1 Cloud |
| 20230503 | Smart-1 Cloud token validation |
| 20230521 | - Change default shell for the admin user to /etc/cli.sh
- Add description for reserved words in hostname |
-| 20230806 | Add support for c6in instance type |
+| 20230806 | Add support for c6in instance type |
+| 20230830 | Change default Check Point version to R81.20 |
## License
diff --git a/terraform/aws/gateway/terraform.tfvars b/terraform/aws/gateway/terraform.tfvars
index e4e46e01..09dc0a69 100755
--- a/terraform/aws/gateway/terraform.tfvars
+++ b/terraform/aws/gateway/terraform.tfvars
@@ -21,7 +21,7 @@ instance_tags = {
}
// --- Check Point Settings ---
-gateway_version = "R81-BYOL"
+gateway_version = "R81.20-BYOL"
admin_shell = "/etc/cli.sh"
gateway_SICKey = "12345678"
gateway_password_hash = ""
diff --git a/terraform/aws/gateway/variables.tf b/terraform/aws/gateway/variables.tf
index e91b566b..f6a55134 100755
--- a/terraform/aws/gateway/variables.tf
+++ b/terraform/aws/gateway/variables.tf
@@ -95,7 +95,7 @@ variable "instance_tags" {
variable "gateway_version" {
type = string
description = "Gateway version and license"
- default = "R81-BYOL"
+ default = "R81.20-BYOL"
}
module "validate_gateway_version" {
source = "../modules/common/version_license"
diff --git a/terraform/aws/gwlb-master/README.md b/terraform/aws/gwlb-master/README.md
index 6a4248ae..3c59fd6b 100755
--- a/terraform/aws/gwlb-master/README.md
+++ b/terraform/aws/gwlb-master/README.md
@@ -115,7 +115,7 @@ secret_key = "my-secret-key"
gateway_instance_type = "c5.xlarge"
minimum_group_size = 2
maximum_group_size = 10
- gateway_version = "R80.40-BYOL"
+ gateway_version = "R81.20-BYOL"
gateway_password_hash = ""
gateway_SICKey = "12345678"
gateways_provision_address_type = "private"
@@ -125,7 +125,7 @@ secret_key = "my-secret-key"
// --- Check Point CloudGuard IaaS Security Management Server Configuration ---
management_deploy = true
management_instance_type = "m5.xlarge"
- management_version = "R81.10-BYOL"
+ management_version = "R81.20-BYOL"
management_password_hash = ""
gateways_policy = "Standard"
gateway_management = "Locally managed"
@@ -176,7 +176,7 @@ secret_key = "my-secret-key"
| gateway_instance_type | The instance type of the Security Gateways | string | - c4.large
- c4.xlarge
- c5.large
- c5.xlarge
- c5.2xlarge
- c5.4xlarge
- c5.9xlarge
- c5.12xlarge
- c5.18xlarge
- c5.24xlarge
- c5n.large
- c5n.xlarge
- c5n.2xlarge
- c5n.4xlarge
- c5n.9xlarge
- c5n.18xlarge
- m5.large
- m5.xlarge
- m5.2xlarge
- m5.4xlarge
- m5.8xlarge
- m5.12xlarge
- m5.16xlarge
- m5.24xlarge
- m6i.large
- m6i.xlarge
- m6i.2xlarge
- m6i.4xlarge
- m6i.8xlarge
- m6i.12xlarge
- m6i.16xlarge
- m6i.24xlarge
- m6i.32xlarge
- c6i.large
- c6i.xlarge
- c6i.2xlarge
- c6i.4xlarge
- c6i.8xlarge
- c6i.12xlarge
- c6i.16xlarge
- c6i.24xlarge
- c6i.32xlarge
- c6in.large
- c6in.xlarge
- c6in.2xlarge
- c6in.4xlarge
- c6in.8xlarge
- c6in.12xlarge
- c6in.16xlarge
- c6in.24xlarge
- c6in.32xlarge
- r5.large
- r5.xlarge
- r5.2xlarge
- r5.4xlarge
- r5.8xlarge
- r5.12xlarge
- r5.16xlarge
- r5.24xlarge
- r5a.large
- r5a.xlarge
- r5a.2xlarge
- r5a.4xlarge
- r5a.8xlarge
- r5a.12xlarge
- r5a.16xlarge
- r5a.24xlarge
- r5b.large
- r5b.xlarge
- r5b.2xlarge
- r5b.4xlarge
- r5b.8xlarge
- r5b.12xlarge
- r5b.16xlarge
- r5b.24xlarge
- r5n.large
- r5n.xlarge
- r5n.2xlarge
- r5n.4xlarge
- r5n.8xlarge
- r5n.12xlarge
- r5n.16xlarge
- r5n.24xlarge
- r6i.large
- r6i.xlarge
- r6i.2xlarge
- r6i.4xlarge
- r6i.8xlarge
- r6i.12xlarge
- r6i.16xlarge
- r6i.24xlarge
- r6i.32xlarge
- m6a.large
- m6a.xlarge
- m6a.2xlarge
- m6a.4xlarge
- m6a.8xlarge
- m6a.12xlarge
- m6a.16xlarge
- m6a.24xlarge - m6a.32xlarge
- m6a.48xlarge
| c5.xlarge | no |
| gateways_min_group_size | The minimal number of Security Gateways | number | n/a | 2 | no |
| gateways_max_group_size | The maximal number of Security Gateways | number | n/a | 10 | no |
-| gateway_version | Gateway version and license | string | - R80.40-BYOL
- R80.40-PAYG-NGTP
- R80.40-PAYG-NGTX
- R81.20-BYOL
- R81.20-PAYG-NGTP
- R81.20-PAYG-NGTX | R80.40-BYOL | no |
+| gateway_version | Gateway version and license | string | - R80.40-BYOL
- R80.40-PAYG-NGTP
- R80.40-PAYG-NGTX
- R81.20-BYOL
- R81.20-PAYG-NGTP
- R81.20-PAYG-NGTX | R81.20-BYOL | no |
| gateway_password_hash | (Optional) Admin user's password hash (use command 'openssl passwd -6 PASSWORD' to get the PASSWORD's hash) | string | n/a | "" | no |
| gateway_SICKey | The Secure Internal Communication key for trusted connection between Check Point components. Choose a random string consisting of at least 8 alphanumeric characters | string | n/a | "12345678" | yes |
| enable_cloudwatch | Report Check Point specific CloudWatch metrics | bool | true/false | false | no |
@@ -184,7 +184,7 @@ secret_key = "my-secret-key"
| allocate_public_IP | Allocate a Public IP for gateway members. | bool | true/false | false | no |
| management_deploy | Select 'false' to use an existing Security Management Server or to deploy one later and to ignore the other parameters of this section | bool | true/false | true | no |
| management_instance_type | The EC2 instance type of the Security Management Server | string | - c5.large
- c5.xlarge
- c5.2xlarge
- c5.4xlarge
- c5.9xlarge
- c5.12xlarge
- c5.18xlarge
- c5.24xlarge
- c5n.large
- c5n.xlarge
- c5n.2xlarge
- c5n.4xlarge
- c5n.9xlarge
- c5n.18xlarge
- m5.large
- m5.xlarge
- m5.2xlarge
- m5.4xlarge
- m5.8xlarge
- m5.12xlarge
- m5.16xlarge
- m5.24xlarge
- m6i.large
- m6i.xlarge
- m6i.2xlarge
- m6i.4xlarge
- m6i.8xlarge
- m6i.12xlarge
- m6i.16xlarge
- m6i.24xlarge
- m6i.32xlarge
- c6i.large
- c6i.xlarge
- c6i.2xlarge
- c6i.4xlarge
- c6i.8xlarge
- c6i.12xlarge
- c6i.16xlarge
- c6i.24xlarge
- c6i.32xlarge
- c6in.large
- c6in.xlarge
- c6in.2xlarge
- c6in.4xlarge
- c6in.8xlarge
- c6in.12xlarge
- c6in.16xlarge
- c6in.24xlarge
- c6in.32xlarge
- r5.large
- r5.xlarge
- r5.2xlarge
- r5.4xlarge
- r5.8xlarge
- r5.12xlarge
- r5.16xlarge
- r5.24xlarge
- r5a.large
- r5a.xlarge
- r5a.2xlarge
- r5a.4xlarge
- r5a.8xlarge
- r5a.12xlarge
- r5a.16xlarge
- r5a.24xlarge
- r5b.large
- r5b.xlarge
- r5b.2xlarge
- r5b.4xlarge
- r5b.8xlarge
- r5b.12xlarge
- r5b.16xlarge
- r5b.24xlarge
- r5n.large
- r5n.xlarge
- r5n.2xlarge
- r5n.4xlarge
- r5n.8xlarge
- r5n.12xlarge
- r5n.16xlarge
- r5n.24xlarge
- r6i.large
- r6i.xlarge
- r6i.2xlarge
- r6i.4xlarge
- r6i.8xlarge
- r6i.12xlarge
- r6i.16xlarge
- r6i.24xlarge
- r6i.32xlarge
- m6a.large
- m6a.xlarge
- m6a.2xlarge
- m6a.4xlarge
- m6a.8xlarge
- m6a.12xlarge
- m6a.16xlarge
- m6a.24xlarge - m6a.32xlarge
- m6a.48xlarge
| m5.xlarge | no |
-| management_version | The license to install on the Security Management Server | string | - R80.40-BYOL
- R80.40-PAYG
- R81-BYOL
- R81-PAYG
- R81.10-BYOL
- R81.10-PAYG | R81.10-BYOL | no |
+| management_version | The license to install on the Security Management Server | string | - R80.40-BYOL
- R80.40-PAYG
- R81-BYOL
- R81-PAYG
- R81.10-BYOL
- R81.10-PAYG | R81.20-BYOL | no |
| management_password_hash | (Optional) Admin user's password hash (use command 'openssl passwd -6 PASSWORD' to get the PASSWORD's hash) | string | n/a | "" | no |
| gateways_policy | The name of the Security Policy package to be installed on the gateways in the Security Gateways Auto Scaling group | string | n/a | Standard | no |
| gateway_management | Select 'Over the internet' if any of the gateways you wish to manage are not directly accessed via their private IP address. | string | - Locally managed
- Over the internet | Locally managed | no |
@@ -216,6 +216,7 @@ In order to check the template version, please refer to [sk116585](https://suppo
| 20221215 | Support ASG Launch Template instead of Launch Configuration |
| 20230521 | Change default shell for the admin user to /etc/cli.sh |
| 20230806 | Add support for c6in instance type |
+| 20230830 | Change default Check Point version to R81.20 |
## License
diff --git a/terraform/aws/gwlb-master/terraform.tfvars b/terraform/aws/gwlb-master/terraform.tfvars
index c50328ab..a28b6985 100755
--- a/terraform/aws/gwlb-master/terraform.tfvars
+++ b/terraform/aws/gwlb-master/terraform.tfvars
@@ -30,7 +30,7 @@ gateway_name = "Check-Point-GW-tf"
gateway_instance_type = "c5.xlarge"
minimum_group_size = 2
maximum_group_size = 10
-gateway_version = "R80.40-BYOL"
+gateway_version = "R81.20-BYOL"
gateway_password_hash = ""
gateway_SICKey = "12345678"
gateways_provision_address_type = "private"
@@ -40,7 +40,7 @@ enable_cloudwatch = false
// --- Check Point CloudGuard IaaS Security Management Server Configuration ---
management_deploy = true
management_instance_type = "m5.xlarge"
-management_version = "R81.10-BYOL"
+management_version = "R81.20-BYOL"
management_password_hash = ""
gateways_policy = "Standard"
gateway_management = "Locally managed"
diff --git a/terraform/aws/gwlb-master/variables.tf b/terraform/aws/gwlb-master/variables.tf
index 6eb1f147..56406a3c 100755
--- a/terraform/aws/gwlb-master/variables.tf
+++ b/terraform/aws/gwlb-master/variables.tf
@@ -147,7 +147,7 @@ variable "maximum_group_size" {
variable "gateway_version" {
type = string
description = "The version and license to install on the Security Gateways."
- default = "R80.40-BYOL"
+ default = "R81.20-BYOL"
}
module "validate_gateway_version" {
source = "../modules/common/version_license"
@@ -209,7 +209,7 @@ module "validate_management_instance_type" {
variable "management_version" {
type = string
description = "The license to install on the Security Management Server"
- default = "R81.10-BYOL"
+ default = "R81.20-BYOL"
}
module "validate_management_version" {
source = "../modules/common/version_license"
diff --git a/terraform/aws/gwlb/README.md b/terraform/aws/gwlb/README.md
index 2161f23e..513f5ff8 100755
--- a/terraform/aws/gwlb/README.md
+++ b/terraform/aws/gwlb/README.md
@@ -108,7 +108,7 @@ secret_key = "my-secret-key"
gateway_instance_type = "c5.xlarge"
minimum_group_size = 2
maximum_group_size = 10
- gateway_version = "R80.40-BYOL"
+ gateway_version = "R81.20-BYOL"
gateway_password_hash = ""
gateway_SICKey = "12345678"
gateways_provision_address_type = "private"
@@ -118,7 +118,7 @@ secret_key = "my-secret-key"
// --- Check Point CloudGuard IaaS Security Management Server Configuration ---
management_deploy = true
management_instance_type = "m5.xlarge"
- management_version = "R81.10-BYOL"
+ management_version = "R81.20-BYOL"
management_password_hash = ""
gateways_policy = "Standard"
gateway_management = "Locally managed"
@@ -168,7 +168,7 @@ secret_key = "my-secret-key"
| gateway_instance_type | The instance type of the Security Gateways | string | - c4.large
- c4.xlarge
- c5.large
- c5.xlarge
- c5.2xlarge
- c5.4xlarge
- c5.9xlarge
- c5.12xlarge
- c5.18xlarge
- c5.24xlarge
- c5n.large
- c5n.xlarge
- c5n.2xlarge
- c5n.4xlarge
- c5n.9xlarge
- c5n.18xlarge
- m5.large
- m5.xlarge
- m5.2xlarge
- m5.4xlarge
- m5.8xlarge
- m5.12xlarge
- m5.16xlarge
- m5.24xlarge
- m6i.large
- m6i.xlarge
- m6i.2xlarge
- m6i.4xlarge
- m6i.8xlarge
- m6i.12xlarge
- m6i.16xlarge
- m6i.24xlarge
- m6i.32xlarge
- c6i.large
- c6i.xlarge
- c6i.2xlarge
- c6i.4xlarge
- c6i.8xlarge
- c6i.12xlarge
- c6i.16xlarge
- c6i.24xlarge
- c6i.32xlarge
- c6in.large
- c6in.xlarge
- c6in.2xlarge
- c6in.4xlarge
- c6in.8xlarge
- c6in.12xlarge
- c6in.16xlarge
- c6in.24xlarge
- c6in.32xlarge
- r5.large
- r5.xlarge
- r5.2xlarge
- r5.4xlarge
- r5.8xlarge
- r5.12xlarge
- r5.16xlarge
- r5.24xlarge
- r5a.large
- r5a.xlarge
- r5a.2xlarge
- r5a.4xlarge
- r5a.8xlarge
- r5a.12xlarge
- r5a.16xlarge
- r5a.24xlarge
- r5b.large
- r5b.xlarge
- r5b.2xlarge
- r5b.4xlarge
- r5b.8xlarge
- r5b.12xlarge
- r5b.16xlarge
- r5b.24xlarge
- r5n.large
- r5n.xlarge
- r5n.2xlarge
- r5n.4xlarge
- r5n.8xlarge
- r5n.12xlarge
- r5n.16xlarge
- r5n.24xlarge
- r6i.large
- r6i.xlarge
- r6i.2xlarge
- r6i.4xlarge
- r6i.8xlarge
- r6i.12xlarge
- r6i.16xlarge
- r6i.24xlarge
- r6i.32xlarge
- m6a.large
- m6a.xlarge
- m6a.2xlarge
- m6a.4xlarge
- m6a.8xlarge
- m6a.12xlarge
- m6a.16xlarge
- m6a.24xlarge - m6a.32xlarge
- m6a.48xlarge
| c5.xlarge | no |
| gateways_min_group_size | The minimal number of Security Gateways | number | n/a | 2 | no |
| gateways_max_group_size | The maximal number of Security Gateways | number | n/a | 10 | no |
-| gateway_version | Gateway version and license | string | - R80.40-BYOL
- R80.40-PAYG-NGTP
- R80.40-PAYG-NGTX
- R81.20-BYOL
- R81.20-PAYG-NGTP
- R81.20-PAYG-NGTX | R80.40-BYOL | no |
+| gateway_version | Gateway version and license | string | - R80.40-BYOL
- R80.40-PAYG-NGTP
- R80.40-PAYG-NGTX
- R81.20-BYOL
- R81.20-PAYG-NGTP
- R81.20-PAYG-NGTX | R81.20-BYOL | no |
| gateway_password_hash | (Optional) Admin user's password hash (use command 'openssl passwd -6 PASSWORD' to get the PASSWORD's hash) | string | n/a | "" | no |
| gateway_SICKey | The Secure Internal Communication key for trusted connection between Check Point components. Choose a random string consisting of at least 8 alphanumeric characters | string | n/a | "12345678" | yes |
| enable_cloudwatch | Report Check Point specific CloudWatch metrics | bool | true/false | false | no |
@@ -176,7 +176,7 @@ secret_key = "my-secret-key"
| allocate_public_IP | Allocate a Public IP for gateway members. | bool | true/false | false | no |
| management_deploy | Select 'false' to use an existing Security Management Server or to deploy one later and to ignore the other parameters of this section | bool | true/false | true | no |
| management_instance_type | The EC2 instance type of the Security Management Server | string | - c5.large
- c5.xlarge
- c5.2xlarge
- c5.4xlarge
- c5.9xlarge
- c5.12xlarge
- c5.18xlarge
- c5.24xlarge
- c5n.large
- c5n.xlarge
- c5n.2xlarge
- c5n.4xlarge
- c5n.9xlarge
- c5n.18xlarge
- m5.large
- m5.xlarge
- m5.2xlarge
- m5.4xlarge
- m5.8xlarge
- m5.12xlarge
- m5.16xlarge
- m5.24xlarge
- m6i.large
- m6i.xlarge
- m6i.2xlarge
- m6i.4xlarge
- m6i.8xlarge
- m6i.12xlarge
- m6i.16xlarge
- m6i.24xlarge
- m6i.32xlarge
- c6i.large
- c6i.xlarge
- c6i.2xlarge
- c6i.4xlarge
- c6i.8xlarge
- c6i.12xlarge
- c6i.16xlarge
- c6i.24xlarge
- c6i.32xlarge
- c6in.large
- c6in.xlarge
- c6in.2xlarge
- c6in.4xlarge
- c6in.8xlarge
- c6in.12xlarge
- c6in.16xlarge
- c6in.24xlarge
- c6in.32xlarge
- r5.large
- r5.xlarge
- r5.2xlarge
- r5.4xlarge
- r5.8xlarge
- r5.12xlarge
- r5.16xlarge
- r5.24xlarge
- r5a.large
- r5a.xlarge
- r5a.2xlarge
- r5a.4xlarge
- r5a.8xlarge
- r5a.12xlarge
- r5a.16xlarge
- r5a.24xlarge
- r5b.large
- r5b.xlarge
- r5b.2xlarge
- r5b.4xlarge
- r5b.8xlarge
- r5b.12xlarge
- r5b.16xlarge
- r5b.24xlarge
- r5n.large
- r5n.xlarge
- r5n.2xlarge
- r5n.4xlarge
- r5n.8xlarge
- r5n.12xlarge
- r5n.16xlarge
- r5n.24xlarge
- r6i.large
- r6i.xlarge
- r6i.2xlarge
- r6i.4xlarge
- r6i.8xlarge
- r6i.12xlarge
- r6i.16xlarge
- r6i.24xlarge
- r6i.32xlarge
- m6a.large
- m6a.xlarge
- m6a.2xlarge
- m6a.4xlarge
- m6a.8xlarge
- m6a.12xlarge
- m6a.16xlarge
- m6a.24xlarge - m6a.32xlarge
- m6a.48xlarge
| m5.xlarge | no |
-| management_version | The license to install on the Security Management Server | string | - R80.40-BYOL
- R80.40-PAYG
- R81-BYOL
- R81-PAYG
- R81.10-BYOL
- R81.10-PAYG | R81.10-BYOL | no |
+| management_version | The license to install on the Security Management Server | string | - R80.40-BYOL
- R80.40-PAYG
- R81-BYOL
- R81-PAYG
- R81.10-BYOL
- R81.10-PAYG | R81.20-BYOL | no |
| management_password_hash | (Optional) Admin user's password hash (use command 'openssl passwd -6 PASSWORD' to get the PASSWORD's hash) | string | n/a | "" | no |
| gateways_policy | The name of the Security Policy package to be installed on the gateways in the Security Gateways Auto Scaling group | string | n/a | Standard | no |
| gateway_management | Select 'Over the internet' if any of the gateways you wish to manage are not directly accessed via their private IP address. | string | - Locally managed
- Over the internet | Locally managed | no |
@@ -209,6 +209,7 @@ In order to check the template version, please refer to [sk116585](https://suppo
| 20221226 | Support ASG Launch Template instead of Launch Configuration |
| 20230521 | Change default shell for the admin user to /etc/cli.sh |
| 20230806 | Add support for c6in instance type |
+| 20230830 | Change default Check Point version to R81.20 |
## License
diff --git a/terraform/aws/gwlb/terraform.tfvars b/terraform/aws/gwlb/terraform.tfvars
index 4d0f7bd5..8abbcd70 100755
--- a/terraform/aws/gwlb/terraform.tfvars
+++ b/terraform/aws/gwlb/terraform.tfvars
@@ -26,7 +26,7 @@ gateway_name = "Check-Point-GW-tf"
gateway_instance_type = "c5.xlarge"
minimum_group_size = 2
maximum_group_size = 10
-gateway_version = "R80.40-BYOL"
+gateway_version = "R81.20-BYOL"
gateway_password_hash = ""
gateway_SICKey = "12345678"
gateways_provision_address_type = "private"
@@ -36,7 +36,7 @@ enable_cloudwatch = false
// --- Check Point CloudGuard IaaS Security Management Server Configuration ---
management_deploy = true
management_instance_type = "m5.xlarge"
-management_version = "R81.10-BYOL"
+management_version = "R81.20-BYOL"
management_password_hash = ""
gateways_policy = "Standard"
gateway_management = "Locally managed"
diff --git a/terraform/aws/gwlb/variables.tf b/terraform/aws/gwlb/variables.tf
index 99451347..84cf333c 100755
--- a/terraform/aws/gwlb/variables.tf
+++ b/terraform/aws/gwlb/variables.tf
@@ -136,7 +136,7 @@ variable "maximum_group_size" {
variable "gateway_version" {
type = string
description = "The version and license to install on the Security Gateways."
- default = "R80.40-BYOL"
+ default = "R81.20-BYOL"
}
module "validate_gateway_version" {
source = "../modules/common/version_license"
@@ -198,7 +198,7 @@ module "validate_management_instance_type" {
variable "management_version" {
type = string
description = "The license to install on the Security Management Server"
- default = "R81.10-BYOL"
+ default = "R81.20-BYOL"
}
module "validate_management_version" {
source = "../modules/common/version_license"
diff --git a/terraform/aws/management/README.md b/terraform/aws/management/README.md
index 83b8db1b..06a03630 100755
--- a/terraform/aws/management/README.md
+++ b/terraform/aws/management/README.md
@@ -103,7 +103,7 @@ secret_key = "my-secret-key"
sts_roles = []
// --- Check Point Settings ---
- management_version = "R81-BYOL"
+ management_version = "R81.20-BYOL"
admin_shell = "/etc/cli.sh"
management_password_hash = ""
@@ -151,7 +151,7 @@ secret_key = "my-secret-key"
| iam_permissions | IAM role to attach to the instance profile | string | - None (configure later)
- Use existing (specify an existing IAM role name)
- Create with assume role permissions (specify an STS role ARN)
- Create with read permissions
- Create with read-write permissions | Create with read permissions | no |
| predefined_role | (Optional) A predefined IAM role to attach to the instance profile. Ignored if var.iam_permissions is not set to 'Use existing' | string | n/a | "" | no |
| sts_roles | (Optional) The IAM role will be able to assume these STS Roles (list of ARNs). Ignored if var.iam_permissions is set to 'None' or 'Use existing' | list(string) | n/a | [] | no |
-| management_version | Management version and license | string | - R80.40-BYOL
- R80.40-PAYG
- R81-BYOL
- R81-PAYG
- R81.10-BYOL
- R81.10-PAYG
- R81.20-BYOL
- R81.20-PAYG | R81-BYOL | no |
+| management_version | Management version and license | string | - R80.40-BYOL
- R80.40-PAYG
- R81-BYOL
- R81-PAYG
- R81.10-BYOL
- R81.10-PAYG
- R81.20-BYOL
- R81.20-PAYG | R81.20-BYOL | no |
| admin_shell | Set the admin shell to enable advanced command line configuration | string | - /etc/cli.sh
- /bin/bash
- /bin/csh
- /bin/tcsh | /etc/cli.sh | no |
| management_password_hash | (Optional) Admin user's password hash (use command "openssl passwd -6 PASSWORD" to get the PASSWORD's hash) | string | n/a | "" | no |
| management_hostname | (Optional) Security Management Server prompt hostname. The name must not contain reserved words. For details, refer to sk40179. | string | n/a | "" | no |
@@ -186,6 +186,7 @@ In order to check the template version, please refer to [sk116585](https://suppo
| 20221123 | R81.20 version support |
| 20230521 | - Change default shell for the admin user to /etc/cli.sh
- Add description for reserved words in hostname |
| 20230806 | Add support for c6in instance type |
+| 20230830 | Change default Check Point version to R81.20 |
## License
diff --git a/terraform/aws/management/management_userdata.yaml b/terraform/aws/management/management_userdata.yaml
index e27f3309..1b4c2eb8 100755
--- a/terraform/aws/management/management_userdata.yaml
+++ b/terraform/aws/management/management_userdata.yaml
@@ -1,4 +1,4 @@
#cloud-config
runcmd:
- |
- python3 /etc/cloud_config.py sicKey=\"${SICKey}\" installationType=\"management\" osVersion=\"${OsVersion}\" allowUploadDownload=\"${AllowUploadDownload}\" templateVersion=\"20230521\" templateName=\"management\" templateType=\"terraform\" shell=\"${Shell}\" enableInstanceConnect=\"${EnableInstanceConnect}\" hostName=\"${Hostname }\" ntpPrimary=\"${NTPPrimary}\" ntpSecondary=\"${NTPSecondary}\" passwordHash=\"${PasswordHash}\" primary=\"${IsPrimary}\" adminSubnet=\"${AdminSubnet}\" allocatePublicAddress=\"${AllocateElasticIP}\" overTheInternet=\"${PubMgmt}\" bootstrapScript64=\"${BootstrapScript}\"
\ No newline at end of file
+ python3 /etc/cloud_config.py sicKey=\"${SICKey}\" installationType=\"management\" osVersion=\"${OsVersion}\" allowUploadDownload=\"${AllowUploadDownload}\" templateVersion=\"20230830\" templateName=\"management\" templateType=\"terraform\" shell=\"${Shell}\" enableInstanceConnect=\"${EnableInstanceConnect}\" hostName=\"${Hostname }\" ntpPrimary=\"${NTPPrimary}\" ntpSecondary=\"${NTPSecondary}\" passwordHash=\"${PasswordHash}\" primary=\"${IsPrimary}\" adminSubnet=\"${AdminSubnet}\" allocatePublicAddress=\"${AllocateElasticIP}\" overTheInternet=\"${PubMgmt}\" bootstrapScript64=\"${BootstrapScript}\"
\ No newline at end of file
diff --git a/terraform/aws/management/terraform.tfvars b/terraform/aws/management/terraform.tfvars
index 5c9ffea4..4112f1d5 100755
--- a/terraform/aws/management/terraform.tfvars
+++ b/terraform/aws/management/terraform.tfvars
@@ -24,7 +24,7 @@ predefined_role = ""
sts_roles = []
// --- Check Point Settings ---
-management_version = "R81-BYOL"
+management_version = "R81.20-BYOL"
admin_shell = "/etc/cli.sh"
management_password_hash = ""
diff --git a/terraform/aws/management/variables.tf b/terraform/aws/management/variables.tf
index d7c58296..b283e917 100755
--- a/terraform/aws/management/variables.tf
+++ b/terraform/aws/management/variables.tf
@@ -103,7 +103,7 @@ variable "sts_roles" {
variable "management_version" {
type = string
description = "Management version and license"
- default = "R81-BYOL"
+ default = "R81.20-BYOL"
}
module "validate_management_version" {
source = "../modules/common/version_license"
diff --git a/terraform/aws/mds/README.md b/terraform/aws/mds/README.md
index 0d5c6d24..0383d785 100755
--- a/terraform/aws/mds/README.md
+++ b/terraform/aws/mds/README.md
@@ -101,7 +101,7 @@ secret_key = "my-secret-key"
sts_roles = []
// --- Check Point Settings ---
- mds_version = "R81-BYOL"
+ mds_version = "R81.20-BYOL"
mds_admin_shell = "/etc/cli.sh"
mds_password_hash = ""
@@ -145,7 +145,7 @@ secret_key = "my-secret-key"
| iam_permissions | IAM role to attach to the instance profile | string | - None (configure later)
- Use existing (specify an existing IAM role name)
- Create with assume role permissions (specify an STS role ARN)
- Create with read permissions
- Create with read-write permissions | Create with read permissions | no |
| predefined_role | (Optional) A predefined IAM role to attach to the instance profile. Ignored if var.iam_permissions is not set to 'Use existing' | string | n/a | "" | no |
| sts_roles | (Optional) The IAM role will be able to assume these STS Roles (list of ARNs). Ignored if var.iam_permissions is set to 'None' or 'Use existing' | list(string) | n/a | [] | no |
-| mds_version | Multi-Domain Server version and license | string | - R80.40-BYOL
- R81-BYOL
- R81.10-BYOL
- R81.20-BYOL | R81-BYOL | no |
+| mds_version | Multi-Domain Server version and license | string | - R80.40-BYOL
- R81-BYOL
- R81.10-BYOL
- R81.20-BYOL | R81.20-BYOL | no |
| mds_admin_shell | Set the admin shell to enable advanced command line configuration | string | - /etc/cli.sh
- /bin/bash
- /bin/csh
- /bin/tcsh | /etc/cli.sh | no |
| mds_password_hash | (Optional) Admin user's password hash (use command "openssl passwd -6 PASSWORD" to get the PASSWORD's hash) | string | n/a | "" | no |
| mds_hostname | (Optional) Multi-Domain Server prompt hostname. The name must not contain reserved words. For details, refer to sk40179. | string | n/a | "" | no |
@@ -176,6 +176,7 @@ In order to check the template version, please refer to [sk116585](https://suppo
| 20221123 | R81.20 version support |
| 20230521 | - Change default shell for the admin user to /etc/cli.sh
- Add description for reserved words in hostname |
| 20230806 | Add support for c6in instance type |
+| 20230830 | Change default Check Point version to R81.20 |
## License
diff --git a/terraform/aws/mds/mds_userdata.yaml b/terraform/aws/mds/mds_userdata.yaml
index b4708a11..c19435ed 100755
--- a/terraform/aws/mds/mds_userdata.yaml
+++ b/terraform/aws/mds/mds_userdata.yaml
@@ -1,4 +1,4 @@
#cloud-config
runcmd:
- |
- python3 /etc/cloud_config.py sicKey=\"${SICKey}\" installationType=\"mds\" osVersion=\"${OsVersion}\" allowUploadDownload=\"${AllowUploadDownload}\" templateVersion=\"20230521\" templateName=\"mds\" templateType=\"terraform\" shell=\"${Shell}\" enableInstanceConnect=\"${EnableInstanceConnect}\" hostName=\"${Hostname }\" ntpPrimary=\"${NTPPrimary}\" ntpSecondary=\"${NTPSecondary}\" passwordHash=\"${PasswordHash}\" primary=\"${IsPrimary}\" secondary=\"${IsSecondary}\" adminSubnet=\"${AdminSubnet}\" bootstrapScript64=\"${BootstrapScript}\"
\ No newline at end of file
+ python3 /etc/cloud_config.py sicKey=\"${SICKey}\" installationType=\"mds\" osVersion=\"${OsVersion}\" allowUploadDownload=\"${AllowUploadDownload}\" templateVersion=\"20230830\" templateName=\"mds\" templateType=\"terraform\" shell=\"${Shell}\" enableInstanceConnect=\"${EnableInstanceConnect}\" hostName=\"${Hostname }\" ntpPrimary=\"${NTPPrimary}\" ntpSecondary=\"${NTPSecondary}\" passwordHash=\"${PasswordHash}\" primary=\"${IsPrimary}\" secondary=\"${IsSecondary}\" adminSubnet=\"${AdminSubnet}\" bootstrapScript64=\"${BootstrapScript}\"
\ No newline at end of file
diff --git a/terraform/aws/mds/terraform.tfvars b/terraform/aws/mds/terraform.tfvars
index 1eb16666..7333a0c1 100755
--- a/terraform/aws/mds/terraform.tfvars
+++ b/terraform/aws/mds/terraform.tfvars
@@ -23,7 +23,7 @@ predefined_role = ""
sts_roles = []
// --- Check Point Settings ---
-mds_version = "R81-BYOL"
+mds_version = "R81.20-BYOL"
mds_admin_shell = "/etc/cli.sh"
mds_password_hash = ""
diff --git a/terraform/aws/mds/variables.tf b/terraform/aws/mds/variables.tf
index 1292b9cd..334f968b 100755
--- a/terraform/aws/mds/variables.tf
+++ b/terraform/aws/mds/variables.tf
@@ -98,7 +98,7 @@ variable "sts_roles" {
variable "mds_version" {
type = string
description = "Multi-Domain Server version and license"
- default = "R81-BYOL"
+ default = "R81.20-BYOL"
}
module "validate_mds_version" {
source = "../modules/common/version_license"
diff --git a/terraform/aws/modules/common/gateway_instance/gateway_userdata.yaml b/terraform/aws/modules/common/gateway_instance/gateway_userdata.yaml
index 8b1aaf49..c8d9f899 100755
--- a/terraform/aws/modules/common/gateway_instance/gateway_userdata.yaml
+++ b/terraform/aws/modules/common/gateway_instance/gateway_userdata.yaml
@@ -1,4 +1,4 @@
#cloud-config
runcmd:
- |
- python3 /etc/cloud_config.py enableCloudWatch=\"${EnableCloudWatch}\" sicKey=\"${SICKey}\" "smart1CloudToken=\"${TokenKey}\"" installationType=\"gateway\" osVersion=\"${OsVersion}\" allowUploadDownload=\"${AllowUploadDownload}\" templateVersion=\"20230503\" templateName=\"gateway\" templateType=\"terraform\" shell=\"${Shell}\" enableInstanceConnect=\"${EnableInstanceConnect}\" hostName=\"${Hostname }\" ntpPrimary=\"${NTPPrimary}\" ntpSecondary=\"${NTPSecondary}\" passwordHash=\"${PasswordHash}\" bootstrapScript64=\"${GatewayBootstrapScript}\"
\ No newline at end of file
+ python3 /etc/cloud_config.py enableCloudWatch=\"${EnableCloudWatch}\" sicKey=\"${SICKey}\" "smart1CloudToken=\"${TokenKey}\"" installationType=\"gateway\" osVersion=\"${OsVersion}\" allowUploadDownload=\"${AllowUploadDownload}\" templateVersion=\"20230830\" templateName=\"gateway\" templateType=\"terraform\" shell=\"${Shell}\" enableInstanceConnect=\"${EnableInstanceConnect}\" hostName=\"${Hostname }\" ntpPrimary=\"${NTPPrimary}\" ntpSecondary=\"${NTPSecondary}\" passwordHash=\"${PasswordHash}\" bootstrapScript64=\"${GatewayBootstrapScript}\"
\ No newline at end of file
diff --git a/terraform/aws/modules/common/gateway_instance/variables.tf b/terraform/aws/modules/common/gateway_instance/variables.tf
index c9482b51..497938b3 100755
--- a/terraform/aws/modules/common/gateway_instance/variables.tf
+++ b/terraform/aws/modules/common/gateway_instance/variables.tf
@@ -43,7 +43,7 @@ variable "volume_encryption" {
variable "gateway_version" {
type = string
description = "Gateway version & license"
- default = "R81.10-BYOL"
+ default = "R81.20-BYOL"
}
variable "gateway_instance_type" {
type = string
diff --git a/terraform/aws/qs-autoscale-master/README.md b/terraform/aws/qs-autoscale-master/README.md
index c59a5079..dd9cfea6 100755
--- a/terraform/aws/qs-autoscale-master/README.md
+++ b/terraform/aws/qs-autoscale-master/README.md
@@ -119,7 +119,7 @@ secret_key = "my-secret-key"
gateway_instance_type = "c5.xlarge"
gateways_min_group_size = 2
gateways_max_group_size = 8
- gateway_version = "R81.10-BYOL"
+ gateway_version = "R81.20-BYOL"
gateway_password_hash = ""
gateway_SICKey = "12345678"
enable_cloudwatch = false
@@ -127,7 +127,7 @@ secret_key = "my-secret-key"
// --- Check Point CloudGuard Network Security Management Server Configuration ---
management_deploy = true
management_instance_type = "m5.xlarge"
- management_version = "R81.10-BYOL"
+ management_version = "R81.20-BYOL"
management_password_hash = ""
gateways_policy = "Standard"
gateways_blades = true
@@ -186,13 +186,13 @@ secret_key = "my-secret-key"
| gateway_instance_type | The instance type of the Security Gateways | string | - c4.large
- c4.xlarge
- c5.large
- c5.xlarge
- c5.2xlarge
- c5.4xlarge
- c5.9xlarge
- c5.12xlarge
- c5.18xlarge
- c5.24xlarge
- c5n.large
- c5n.xlarge
- c5n.2xlarge
- c5n.4xlarge
- c5n.9xlarge
- c5n.18xlarge
- m5.large
- m5.xlarge
- m5.2xlarge
- m5.4xlarge
- m5.8xlarge
- m5.12xlarge
- m5.16xlarge
- m5.24xlarge
- m6i.large
- m6i.xlarge
- m6i.2xlarge
- m6i.4xlarge
- m6i.8xlarge
- m6i.12xlarge
- m6i.16xlarge
- m6i.24xlarge
- m6i.32xlarge
- c6i.large
- c6i.xlarge
- c6i.2xlarge
- c6i.4xlarge
- c6i.8xlarge
- c6i.12xlarge
- c6i.16xlarge
- c6i.24xlarge
- c6i.32xlarge
- c6in.large
- c6in.xlarge
- c6in.2xlarge
- c6in.4xlarge
- c6in.8xlarge
- c6in.12xlarge
- c6in.16xlarge
- c6in.24xlarge
- c6in.32xlarge
- r5.large
- r5.xlarge
- r5.2xlarge
- r5.4xlarge
- r5.8xlarge
- r5.12xlarge
- r5.16xlarge
- r5.24xlarge
- r5a.large
- r5a.xlarge
- r5a.2xlarge
- r5a.4xlarge
- r5a.8xlarge
- r5a.12xlarge
- r5a.16xlarge
- r5a.24xlarge
- r5b.large
- r5b.xlarge
- r5b.2xlarge
- r5b.4xlarge
- r5b.8xlarge
- r5b.12xlarge
- r5b.16xlarge
- r5b.24xlarge
- r5n.large
- r5n.xlarge
- r5n.2xlarge
- r5n.4xlarge
- r5n.8xlarge
- r5n.12xlarge
- r5n.16xlarge
- r5n.24xlarge
- r6i.large
- r6i.xlarge
- r6i.2xlarge
- r6i.4xlarge
- r6i.8xlarge
- r6i.12xlarge
- r6i.16xlarge
- r6i.24xlarge
- r6i.32xlarge
- m6a.large
- m6a.xlarge
- m6a.2xlarge
- m6a.4xlarge
- m6a.8xlarge
- m6a.12xlarge
- m6a.16xlarge
- m6a.24xlarge - m6a.32xlarge
- m6a.48xlarge
| c5.xlarge | no |
| gateways_min_group_size | The minimal number of Security Gateways | number | n/a | 2 | no |
| gateways_max_group_size | The maximal number of Security Gateways | number | n/a | 10 | no |
-| gateway_version | Gateway version and license | string | - R80.40-BYOL
- R80.40-PAYG-NGTP
- R80.40-PAYG-NGTX
- R81-BYOL
- R81-PAYG-NGTP
- R81-PAYG-NGTX
- R81.10-BYOL
- R81.10-PAYG-NGTP
- R81.10-PAYG-NGTX
- R81.20-BYOL
- R81.20-PAYG-NGTP
- R81.20-PAYG-NGTX | R81.10-BYOL | no |
+| gateway_version | Gateway version and license | string | - R80.40-BYOL
- R80.40-PAYG-NGTP
- R80.40-PAYG-NGTX
- R81-BYOL
- R81-PAYG-NGTP
- R81-PAYG-NGTX
- R81.10-BYOL
- R81.10-PAYG-NGTP
- R81.10-PAYG-NGTX
- R81.20-BYOL
- R81.20-PAYG-NGTP
- R81.20-PAYG-NGTX | R81.20-BYOL | no |
| gateway_password_hash | (Optional) Admin user's password hash (use command 'openssl passwd -6 PASSWORD' to get the PASSWORD's hash) | string | n/a | "" | no |
| gateway_SIC_Key | The Secure Internal Communication key for trusted connection between Check Point components. Choose a random string consisting of at least 8 alphanumeric characters | string | n/a | "12345678" | yes |
| enable_cloudwatch | Report Check Point specific CloudWatch metrics | bool | true/false | false | no |
| management_deploy | Select 'false' to use an existing Security Management Server or to deploy one later and to ignore the other parameters of this section | bool | true/false | true | no |
| management_instance_type | The EC2 instance type of the Security Management Server | string | - c5.large
- c5.xlarge
- c5.2xlarge
- c5.4xlarge
- c5.9xlarge
- c5.12xlarge
- c5.18xlarge
- c5.24xlarge
- c5n.large
- c5n.xlarge
- c5n.2xlarge
- c5n.4xlarge
- c5n.9xlarge
- c5n.18xlarge
- m5.large
- m5.xlarge
- m5.2xlarge
- m5.4xlarge
- m5.8xlarge
- m5.12xlarge
- m5.16xlarge
- m5.24xlarge
- m6i.large
- m6i.xlarge
- m6i.2xlarge
- m6i.4xlarge
- m6i.8xlarge
- m6i.12xlarge
- m6i.16xlarge
- m6i.24xlarge
- m6i.32xlarge
- c6i.large
- c6i.xlarge
- c6i.2xlarge
- c6i.4xlarge
- c6i.8xlarge
- c6i.12xlarge
- c6i.16xlarge
- c6i.24xlarge
- c6i.32xlarge
- c6in.large
- c6in.xlarge
- c6in.2xlarge
- c6in.4xlarge
- c6in.8xlarge
- c6in.12xlarge
- c6in.16xlarge
- c6in.24xlarge
- c6in.32xlarge
- r5.large
- r5.xlarge
- r5.2xlarge
- r5.4xlarge
- r5.8xlarge
- r5.12xlarge
- r5.16xlarge
- r5.24xlarge
- r5a.large
- r5a.xlarge
- r5a.2xlarge
- r5a.4xlarge
- r5a.8xlarge
- r5a.12xlarge
- r5a.16xlarge
- r5a.24xlarge
- r5b.large
- r5b.xlarge
- r5b.2xlarge
- r5b.4xlarge
- r5b.8xlarge
- r5b.12xlarge
- r5b.16xlarge
- r5b.24xlarge
- r5n.large
- r5n.xlarge
- r5n.2xlarge
- r5n.4xlarge
- r5n.8xlarge
- r5n.12xlarge
- r5n.16xlarge
- r5n.24xlarge
- r6i.large
- r6i.xlarge
- r6i.2xlarge
- r6i.4xlarge
- r6i.8xlarge
- r6i.12xlarge
- r6i.16xlarge
- r6i.24xlarge
- r6i.32xlarge
- m6a.large
- m6a.xlarge
- m6a.2xlarge
- m6a.4xlarge
- m6a.8xlarge
- m6a.12xlarge
- m6a.16xlarge
- m6a.24xlarge - m6a.32xlarge
- m6a.48xlarge
| m5.xlarge | no |
-| management_version | The license to install on the Security Management Server | string | - R80.40-BYOL
- R80.40-PAYG
- R81-BYOL
- R81-PAYG
- R81.10-BYOL
- R81.10-PAYG
- R81.20-BYOL
- R81.20-PAYG | R81.10-BYOL | no |
+| management_version | The license to install on the Security Management Server | string | - R80.40-BYOL
- R80.40-PAYG
- R81-BYOL
- R81-PAYG
- R81.10-BYOL
- R81.10-PAYG
- R81.20-BYOL
- R81.20-PAYG | R81.20-BYOL | no |
| management_password_hash | (Optional) Admin user's password hash (use command 'openssl passwd -6 PASSWORD' to get the PASSWORD's hash) | string | n/a | "" | no |
| gateways_policy | The name of the Security Policy package to be installed on the gateways in the Security Gateways Auto Scaling group | string | n/a | Standard | no |
| gateways_blades | Turn on the Intrusion Prevention System, Application Control, Anti-Virus and Anti-Bot Blades (additional Blades can be manually turned on later) | bool | true/false | true | no |
@@ -235,6 +235,7 @@ In order to check the template version, please refer to [sk116585](https://suppo
| 20221123 | R81.20 version support |
| 20221226 | Support ASG Launch Template instead of Launch Configuration |
| 20230806 | Add support for c6in instance type |
+| 20230830 | Change default Check Point version to R81.20 |
## License
diff --git a/terraform/aws/qs-autoscale-master/terraform.tfvars b/terraform/aws/qs-autoscale-master/terraform.tfvars
index 1846d66e..9f14d39b 100755
--- a/terraform/aws/qs-autoscale-master/terraform.tfvars
+++ b/terraform/aws/qs-autoscale-master/terraform.tfvars
@@ -32,7 +32,7 @@ service_port = "80"
gateway_instance_type = "c5.xlarge"
gateways_min_group_size = 2
gateways_max_group_size = 8
-gateway_version = "R81.10-BYOL"
+gateway_version = "R81.20-BYOL"
gateway_password_hash = ""
gateway_SICKey = "12345678"
enable_cloudwatch = true
@@ -40,7 +40,7 @@ enable_cloudwatch = true
// --- Check Point CloudGuard Network Security Management Server Configuration ---
management_deploy = true
management_instance_type = "m5.xlarge"
-management_version = "R81.10-BYOL"
+management_version = "R81.20-BYOL"
management_password_hash = ""
gateways_policy = "Standard"
gateways_blades = true
diff --git a/terraform/aws/qs-autoscale-master/variables.tf b/terraform/aws/qs-autoscale-master/variables.tf
index 91aa0805..f602df1f 100755
--- a/terraform/aws/qs-autoscale-master/variables.tf
+++ b/terraform/aws/qs-autoscale-master/variables.tf
@@ -122,7 +122,7 @@ variable "gateways_max_group_size" {
variable "gateway_version" {
type = string
description = "Gateway version and license"
- default = "R81.10-BYOL"
+ default = "R81.20-BYOL"
}
module "validate_gateway_version" {
source = "../modules/common/version_license"
@@ -165,7 +165,7 @@ module "validate_management_instance_type" {
variable "management_version" {
type = string
description = "The license to install on the Security Management Server"
- default = "R81.10-BYOL"
+ default = "R81.20-BYOL"
}
module "validate_management_version" {
source = "../modules/common/version_license"
diff --git a/terraform/aws/qs-autoscale/README.md b/terraform/aws/qs-autoscale/README.md
index 3ad5ffa3..da3e1ed5 100755
--- a/terraform/aws/qs-autoscale/README.md
+++ b/terraform/aws/qs-autoscale/README.md
@@ -105,7 +105,7 @@ secret_key = "my-secret-key"
gateway_instance_type = "c5.xlarge"
gateways_min_group_size = 2
gateways_max_group_size = 8
- gateway_version = "R81.10-BYOL"
+ gateway_version = "R81.20-BYOL"
gateway_password_hash = ""
gateway_SICKey = "12345678"
enable_cloudwatch = true
@@ -113,7 +113,7 @@ secret_key = "my-secret-key"
// --- Check Point CloudGuard Network Security Management Server Configuration ---
management_deploy = true
management_instance_type = "m5.xlarge"
- management_version = "R81.10-BYOL"
+ management_version = "R81.20-BYOL"
management_password_hash = ""
gateways_policy = "Standard"
gateways_blades = true
@@ -170,13 +170,13 @@ secret_key = "my-secret-key"
| gateway_instance_type | The instance type of the Security Gateways | string | - c4.large
- c4.xlarge
- c5.large
- c5.xlarge
- c5.2xlarge
- c5.4xlarge
- c5.9xlarge
- c5.12xlarge
- c5.18xlarge
- c5.24xlarge
- c5n.large
- c5n.xlarge
- c5n.2xlarge
- c5n.4xlarge
- c5n.9xlarge
- c5n.18xlarge
- m5.large
- m5.xlarge
- m5.2xlarge
- m5.4xlarge
- m5.8xlarge
- m5.12xlarge
- m5.16xlarge
- m5.24xlarge
- m6i.large
- m6i.xlarge
- m6i.2xlarge
- m6i.4xlarge
- m6i.8xlarge
- m6i.12xlarge
- m6i.16xlarge
- m6i.24xlarge
- m6i.32xlarge
- c6i.large
- c6i.xlarge
- c6i.2xlarge
- c6i.4xlarge
- c6i.8xlarge
- c6i.12xlarge
- c6i.16xlarge
- c6i.24xlarge
- c6i.32xlarge
- c6in.large
- c6in.xlarge
- c6in.2xlarge
- c6in.4xlarge
- c6in.8xlarge
- c6in.12xlarge
- c6in.16xlarge
- c6in.24xlarge
- c6in.32xlarge
- r5.large
- r5.xlarge
- r5.2xlarge
- r5.4xlarge
- r5.8xlarge
- r5.12xlarge
- r5.16xlarge
- r5.24xlarge
- r5a.large
- r5a.xlarge
- r5a.2xlarge
- r5a.4xlarge
- r5a.8xlarge
- r5a.12xlarge
- r5a.16xlarge
- r5a.24xlarge
- r5b.large
- r5b.xlarge
- r5b.2xlarge
- r5b.4xlarge
- r5b.8xlarge
- r5b.12xlarge
- r5b.16xlarge
- r5b.24xlarge
- r5n.large
- r5n.xlarge
- r5n.2xlarge
- r5n.4xlarge
- r5n.8xlarge
- r5n.12xlarge
- r5n.16xlarge
- r5n.24xlarge
- r6i.large
- r6i.xlarge
- r6i.2xlarge
- r6i.4xlarge
- r6i.8xlarge
- r6i.12xlarge
- r6i.16xlarge
- r6i.24xlarge
- r6i.32xlarge
- m6a.large
- m6a.xlarge
- m6a.2xlarge
- m6a.4xlarge
- m6a.8xlarge
- m6a.12xlarge
- m6a.16xlarge
- m6a.24xlarge - m6a.32xlarge
- m6a.48xlarge
| c5.xlarge | no |
| gateways_min_group_size | The minimal number of Security Gateways | number | n/a | 2 | no |
| gateways_max_group_size | The maximal number of Security Gateways | number | n/a | 10 | no |
-| gateway_version | Gateway version and license | string | - R80.40-BYOL
- R80.40-PAYG-NGTP
- R80.40-PAYG-NGTX
- R81-BYOL
- R81-PAYG-NGTP
- R81-PAYG-NGTX
- R81.10-BYOL
- R81.10-PAYG-NGTP
- R81.10-PAYG-NGTX
- R81.20-BYOL
- R81.20-PAYG-NGTP
- R81.20-PAYG-NGTX | R81.10-BYOL | no |
+| gateway_version | Gateway version and license | string | - R80.40-BYOL
- R80.40-PAYG-NGTP
- R80.40-PAYG-NGTX
- R81-BYOL
- R81-PAYG-NGTP
- R81-PAYG-NGTX
- R81.10-BYOL
- R81.10-PAYG-NGTP
- R81.10-PAYG-NGTX
- R81.20-BYOL
- R81.20-PAYG-NGTP
- R81.20-PAYG-NGTX | R81.20-BYOL | no |
| gateway_password_hash | (Optional) Admin user's password hash (use command 'openssl passwd -6 PASSWORD' to get the PASSWORD's hash) | string | n/a | "" | no |
| gateway_SIC_Key | The Secure Internal Communication key for trusted connection between Check Point components. Choose a random string consisting of at least 8 alphanumeric characters | string | n/a | "12345678" | yes |
| enable_cloudwatch | Report Check Point specific CloudWatch metrics | bool | true/false | false | no |
| management_deploy | Select 'false' to use an existing Security Management Server or to deploy one later and to ignore the other parameters of this section | bool | true/false | true | no |
| management_instance_type | The EC2 instance type of the Security Management Server | string | - c5.large
- c5.xlarge
- c5.2xlarge
- c5.4xlarge
- c5.9xlarge
- c5.12xlarge
- c5.18xlarge
- c5.24xlarge
- c5n.large
- c5n.xlarge
- c5n.2xlarge
- c5n.4xlarge
- c5n.9xlarge
- c5n.18xlarge
- m5.large
- m5.xlarge
- m5.2xlarge
- m5.4xlarge
- m5.8xlarge
- m5.12xlarge
- m5.16xlarge
- m5.24xlarge
- m6i.large
- m6i.xlarge
- m6i.2xlarge
- m6i.4xlarge
- m6i.8xlarge
- m6i.12xlarge
- m6i.16xlarge
- m6i.24xlarge
- m6i.32xlarge
- c6i.large
- c6i.xlarge
- c6i.2xlarge
- c6i.4xlarge
- c6i.8xlarge
- c6i.12xlarge
- c6i.16xlarge
- c6i.24xlarge
- c6i.32xlarge
- c6in.large
- c6in.xlarge
- c6in.2xlarge
- c6in.4xlarge
- c6in.8xlarge
- c6in.12xlarge
- c6in.16xlarge
- c6in.24xlarge
- c6in.32xlarge
- r5.large
- r5.xlarge
- r5.2xlarge
- r5.4xlarge
- r5.8xlarge
- r5.12xlarge
- r5.16xlarge
- r5.24xlarge
- r5a.large
- r5a.xlarge
- r5a.2xlarge
- r5a.4xlarge
- r5a.8xlarge
- r5a.12xlarge
- r5a.16xlarge
- r5a.24xlarge
- r5b.large
- r5b.xlarge
- r5b.2xlarge
- r5b.4xlarge
- r5b.8xlarge
- r5b.12xlarge
- r5b.16xlarge
- r5b.24xlarge
- r5n.large
- r5n.xlarge
- r5n.2xlarge
- r5n.4xlarge
- r5n.8xlarge
- r5n.12xlarge
- r5n.16xlarge
- r5n.24xlarge
- r6i.large
- r6i.xlarge
- r6i.2xlarge
- r6i.4xlarge
- r6i.8xlarge
- r6i.12xlarge
- r6i.16xlarge
- r6i.24xlarge
- r6i.32xlarge
- m6a.large
- m6a.xlarge
- m6a.2xlarge
- m6a.4xlarge
- m6a.8xlarge
- m6a.12xlarge
- m6a.16xlarge
- m6a.24xlarge - m6a.32xlarge
- m6a.48xlarge
| m5.xlarge | no |
-| management_version | The license to install on the Security Management Server | string | - R80.40-BYOL
- R80.40-PAYG
- R81-BYOL
- R81-PAYG
- R81.10-BYOL
- R81.10-PAYG
- R81.20-BYOL
- R81.20-PAYG | R81.10-BYOL | no |
+| management_version | The license to install on the Security Management Server | string | - R80.40-BYOL
- R80.40-PAYG
- R81-BYOL
- R81-PAYG
- R81.10-BYOL
- R81.10-PAYG
- R81.20-BYOL
- R81.20-PAYG | R81.20-BYOL | no |
| management_password_hash | (Optional) Admin user's password hash (use command 'openssl passwd -6 PASSWORD' to get the PASSWORD's hash) | string | n/a | "" | no |
| gateways_policy | The name of the Security Policy package to be installed on the gateways in the Security Gateways Auto Scaling group | string | n/a | Standard | no |
| gateways_blades | Turn on the Intrusion Prevention System, Application Control, Anti-Virus and Anti-Bot Blades (additional Blades can be manually turned on later) | bool | true/false | true | no |
@@ -216,6 +216,7 @@ In order to check the template version, please refer to [sk116585](https://suppo
| 20221123 | R81.20 version support |
| 20221226 | Support ASG Launch Template instead of Launch Configuration |
| 20230806 | Add support for c6in instance type |
+| 20230830 | Change default Check Point version to R81.20 |
## License
diff --git a/terraform/aws/qs-autoscale/terraform.tfvars b/terraform/aws/qs-autoscale/terraform.tfvars
index 802bfbdc..9af94275 100755
--- a/terraform/aws/qs-autoscale/terraform.tfvars
+++ b/terraform/aws/qs-autoscale/terraform.tfvars
@@ -22,7 +22,7 @@ gateways_subnets = ["subnet-123b5678", "subnet-123a4567"]
gateway_instance_type = "c5.xlarge"
gateways_min_group_size = 2
gateways_max_group_size = 8
-gateway_version = "R81.10-BYOL"
+gateway_version = "R81.20-BYOL"
gateway_password_hash = ""
gateway_SICKey = "12345678"
enable_cloudwatch = true
@@ -30,7 +30,7 @@ enable_cloudwatch = true
// --- Check Point CloudGuard Network Security Management Server Configuration ---
management_deploy = true
management_instance_type = "m5.xlarge"
-management_version = "R81.10-BYOL"
+management_version = "R81.20-BYOL"
management_password_hash = ""
gateways_policy = "Standard"
gateways_blades = true
diff --git a/terraform/aws/qs-autoscale/variables.tf b/terraform/aws/qs-autoscale/variables.tf
index ac162459..b6f54030 100755
--- a/terraform/aws/qs-autoscale/variables.tf
+++ b/terraform/aws/qs-autoscale/variables.tf
@@ -109,7 +109,7 @@ variable "gateways_max_group_size" {
variable "gateway_version" {
type = string
description = "Gateway version and license"
- default = "R81.10-BYOL"
+ default = "R81.20-BYOL"
}
module "validate_gateway_version" {
source = "../modules/common/version_license"
@@ -152,7 +152,7 @@ module "validate_management_instance_type" {
variable "management_version" {
type = string
description = "The license to install on the Security Management Server"
- default = "R81.10-BYOL"
+ default = "R81.20-BYOL"
}
module "validate_management_version" {
source = "../modules/common/version_license"
diff --git a/terraform/aws/standalone-master/README.md b/terraform/aws/standalone-master/README.md
index 7df208df..5cc6f5a7 100755
--- a/terraform/aws/standalone-master/README.md
+++ b/terraform/aws/standalone-master/README.md
@@ -106,7 +106,7 @@ secret_key = "my-secret-key"
}
// --- Check Point Settings ---
- standalone_version = "R81.10-PAYG-NGTP"
+ standalone_version = "R81.20-PAYG-NGTP"
admin_shell = "/etc/cli.sh"
standalone_password_hash = ""
@@ -187,6 +187,7 @@ In order to check the template version, please refer to [sk116585](https://suppo
| 20221123 | R81.20 version support |
| 20230521 | - Change default shell for the admin user to /etc/cli.sh
- Add description for reserved words in hostname |
| 20230806 | Add support for c6in instance type |
+| 20230830 | Change default Check Point version to R81.20 |
## License
diff --git a/terraform/aws/standalone-master/terraform.tfvars b/terraform/aws/standalone-master/terraform.tfvars
index ecf1967c..d170f4ca 100755
--- a/terraform/aws/standalone-master/terraform.tfvars
+++ b/terraform/aws/standalone-master/terraform.tfvars
@@ -25,7 +25,7 @@ instance_tags = {
}
// --- Check Point Settings ---
-standalone_version = "R81.10-PAYG-NGTP"
+standalone_version = "R81.20-PAYG-NGTP"
admin_shell = "/etc/cli.sh"
standalone_password_hash = ""
diff --git a/terraform/aws/standalone-master/variables.tf b/terraform/aws/standalone-master/variables.tf
index e01127ea..65693d58 100755
--- a/terraform/aws/standalone-master/variables.tf
+++ b/terraform/aws/standalone-master/variables.tf
@@ -97,7 +97,7 @@ variable "instance_tags" {
variable "standalone_version" {
type = string
description = "Gateway & Management (Standalone) version and license"
- default = "R81.10-PAYG-NGTP"
+ default = "R81.20-PAYG-NGTP"
}
module "validate_standalone_version" {
source = "../modules/common/version_license"
diff --git a/terraform/aws/standalone/README.md b/terraform/aws/standalone/README.md
index a24ae925..7bb53fce 100755
--- a/terraform/aws/standalone/README.md
+++ b/terraform/aws/standalone/README.md
@@ -81,7 +81,7 @@ secret_key = "my-secret-key"
}
// --- Check Point Settings ---
- standalone_version = "R81.10-PAYG-NGTP"
+ standalone_version = "R81.20-PAYG-NGTP"
admin_shell = "/etc/cli.sh"
standalone_password_hash = ""
@@ -162,6 +162,7 @@ In order to check the template version, please refer to [sk116585](https://suppo
| 20221123 | R81.20 version support |
| 20230521 | - Change default shell for the admin user to /etc/cli.sh
- Add description for reserved words in hostname |
| 20230806 | Add support for c6in instance type |
+| 20230830 | Change default Check Point version to R81.20 |
## License
diff --git a/terraform/aws/standalone/standalone_userdata.yaml b/terraform/aws/standalone/standalone_userdata.yaml
index cc2f23f4..0b835434 100755
--- a/terraform/aws/standalone/standalone_userdata.yaml
+++ b/terraform/aws/standalone/standalone_userdata.yaml
@@ -1,4 +1,4 @@
#cloud-config
runcmd:
- |
- python3 /etc/cloud_config.py enableCloudWatch=\"${EnableCloudWatch}\" installationType=\"standalone\" osVersion=\"${OsVersion}\" allowUploadDownload=\"${AllowUploadDownload}\" templateVersion=\"20230521\" templateName=\"standalone\" templateType=\"terraform\" shell=\"${Shell}\" enableInstanceConnect=\"${EnableInstanceConnect}\" hostName=\"${Hostname }\" ntpPrimary=\"${NTPPrimary}\" ntpSecondary=\"${NTPSecondary}\" passwordHash=\"${PasswordHash}\" adminSubnet=\"${AdminSubnet}\" allocatePublicAddress=\"${AllocateElasticIP}\" bootstrapScript64=\"${StandaloneBootstrapScript}\"
\ No newline at end of file
+ python3 /etc/cloud_config.py enableCloudWatch=\"${EnableCloudWatch}\" installationType=\"standalone\" osVersion=\"${OsVersion}\" allowUploadDownload=\"${AllowUploadDownload}\" templateVersion=\"20230830\" templateName=\"standalone\" templateType=\"terraform\" shell=\"${Shell}\" enableInstanceConnect=\"${EnableInstanceConnect}\" hostName=\"${Hostname }\" ntpPrimary=\"${NTPPrimary}\" ntpSecondary=\"${NTPSecondary}\" passwordHash=\"${PasswordHash}\" adminSubnet=\"${AdminSubnet}\" allocatePublicAddress=\"${AllocateElasticIP}\" bootstrapScript64=\"${StandaloneBootstrapScript}\"
\ No newline at end of file
diff --git a/terraform/aws/standalone/terraform.tfvars b/terraform/aws/standalone/terraform.tfvars
index 53695b66..85fd6ced 100755
--- a/terraform/aws/standalone/terraform.tfvars
+++ b/terraform/aws/standalone/terraform.tfvars
@@ -21,7 +21,7 @@ instance_tags = {
}
// --- Check Point Settings ---
-standalone_version = "R81.10-PAYG-NGTP"
+standalone_version = "R81.20-PAYG-NGTP"
admin_shell = "/etc/cli.sh"
standalone_password_hash = ""
diff --git a/terraform/aws/standalone/variables.tf b/terraform/aws/standalone/variables.tf
index de611375..4af44741 100755
--- a/terraform/aws/standalone/variables.tf
+++ b/terraform/aws/standalone/variables.tf
@@ -95,7 +95,7 @@ variable "instance_tags" {
variable "standalone_version" {
type = string
description = "Security Gateway & Management (Standalone) version and license"
- default = "R81.10-PAYG-NGTP"
+ default = "R81.20-PAYG-NGTP"
}
module "validate_standalone_version" {
source = "../modules/common/version_license"
diff --git a/terraform/aws/tgw-asg-master/README.md b/terraform/aws/tgw-asg-master/README.md
index b0babb09..dfe6522b 100755
--- a/terraform/aws/tgw-asg-master/README.md
+++ b/terraform/aws/tgw-asg-master/README.md
@@ -107,7 +107,7 @@ secret_key = "my-secret-key"
gateway_instance_type = "c5.xlarge"
gateways_min_group_size = 2
gateways_max_group_size = 8
- gateway_version = "R81.10-BYOL"
+ gateway_version = "R81.20-BYOL"
gateway_password_hash = ""
gateway_SICKey = "12345678"
enable_cloudwatch = true
@@ -116,7 +116,7 @@ secret_key = "my-secret-key"
// --- Check Point CloudGuard Network Security Management Server Configuration ---
management_deploy = true
management_instance_type = "m5.xlarge"
- management_version = "R81.10-BYOL"
+ management_version = "R81.20-BYOL"
management_password_hash = ""
management_permissions = "Create with read-write permissions"
management_predefined_role = ""
@@ -165,14 +165,14 @@ secret_key = "my-secret-key"
| gateway_instance_type | The instance type of the Security Gateways | string | - c4.large
- c4.xlarge
- c5.large
- c5.xlarge
- c5.2xlarge
- c5.4xlarge
- c5.9xlarge
- c5.12xlarge
- c5.18xlarge
- c5.24xlarge
- c5n.large
- c5n.xlarge
- c5n.2xlarge
- c5n.4xlarge
- c5n.9xlarge
- c5n.18xlarge
- m5.large
- m5.xlarge
- m5.2xlarge
- m5.4xlarge
- m5.8xlarge
- m5.12xlarge
- m5.16xlarge
- m5.24xlarge
- m6i.large
- m6i.xlarge
- m6i.2xlarge
- m6i.4xlarge
- m6i.8xlarge
- m6i.12xlarge
- m6i.16xlarge
- m6i.24xlarge
- m6i.32xlarge
- c6i.large
- c6i.xlarge
- c6i.2xlarge
- c6i.4xlarge
- c6i.8xlarge
- c6i.12xlarge
- c6i.16xlarge
- c6i.24xlarge
- c6i.32xlarge
- c6in.large
- c6in.xlarge
- c6in.2xlarge
- c6in.4xlarge
- c6in.8xlarge
- c6in.12xlarge
- c6in.16xlarge
- c6in.24xlarge
- c6in.32xlarge
- r5.large
- r5.xlarge
- r5.2xlarge
- r5.4xlarge
- r5.8xlarge
- r5.12xlarge
- r5.16xlarge
- r5.24xlarge
- r5a.large
- r5a.xlarge
- r5a.2xlarge
- r5a.4xlarge
- r5a.8xlarge
- r5a.12xlarge
- r5a.16xlarge
- r5a.24xlarge
- r5b.large
- r5b.xlarge
- r5b.2xlarge
- r5b.4xlarge
- r5b.8xlarge
- r5b.12xlarge
- r5b.16xlarge
- r5b.24xlarge
- r5n.large
- r5n.xlarge
- r5n.2xlarge
- r5n.4xlarge
- r5n.8xlarge
- r5n.12xlarge
- r5n.16xlarge
- r5n.24xlarge
- r6i.large
- r6i.xlarge
- r6i.2xlarge
- r6i.4xlarge
- r6i.8xlarge
- r6i.12xlarge
- r6i.16xlarge
- r6i.24xlarge
- r6i.32xlarge
- m6a.large
- m6a.xlarge
- m6a.2xlarge
- m6a.4xlarge
- m6a.8xlarge
- m6a.12xlarge
- m6a.16xlarge
- m6a.24xlarge - m6a.32xlarge
- m6a.48xlarge
| c5.xlarge | no |
| gateways_min_group_size | The minimal number of Security Gateways | number | n/a | 2 | no |
| gateways_max_group_size | The maximal number of Security Gateways | number | n/a | 10 | no |
-| gateway_version | Gateway version and license | string | - R80.40-BYOL
- R80.40-PAYG-NGTP
- R80.40-PAYG-NGTX
- R81-BYOL
- R81-PAYG-NGTP
- R81-PAYG-NGTX
- R81.10-BYOL
- R81.10-PAYG-NGTP
- R81.10-PAYG-NGTX
- R81.20-BYOL
- R81.20-PAYG-NGTP
- R81.20-PAYG-NGTX | R81.10-BYOL | no |
+| gateway_version | Gateway version and license | string | - R80.40-BYOL
- R80.40-PAYG-NGTP
- R80.40-PAYG-NGTX
- R81-BYOL
- R81-PAYG-NGTP
- R81-PAYG-NGTX
- R81.10-BYOL
- R81.10-PAYG-NGTP
- R81.10-PAYG-NGTX
- R81.20-BYOL
- R81.20-PAYG-NGTP
- R81.20-PAYG-NGTX | R81.20-BYOL | no |
| gateway_password_hash | (Optional) Admin user's password hash (use command 'openssl passwd -6 PASSWORD' to get the PASSWORD's hash) | string | n/a | "" | no |
| gateway_SIC_Key | The Secure Internal Communication key for trusted connection between Check Point components. Choose a random string consisting of at least 8 alphanumeric characters | string | n/a | "12345678" | yes |
| enable_cloudwatch | Report Check Point specific CloudWatch metrics | bool | true/false | false | no |
| asn | The organization Autonomous System Number (ASN) that identifies the routing domain for the Security Gateways | string | n/a | 6500 | no |
| management_deploy | Select 'false' to use an existing Security Management Server or to deploy one later and to ignore the other parameters of this section | bool | true/false | true | no |
| management_instance_type | The EC2 instance type of the Security Management Server | string | - c5.large
- c5.xlarge
- c5.2xlarge
- c5.4xlarge
- c5.9xlarge
- c5.12xlarge
- c5.18xlarge
- c5.24xlarge
- c5n.large
- c5n.xlarge
- c5n.2xlarge
- c5n.4xlarge
- c5n.9xlarge
- c5n.18xlarge
- m5.large
- m5.xlarge
- m5.2xlarge
- m5.4xlarge
- m5.8xlarge
- m5.12xlarge
- m5.16xlarge
- m5.24xlarge
- m6i.large
- m6i.xlarge
- m6i.2xlarge
- m6i.4xlarge
- m6i.8xlarge
- m6i.12xlarge
- m6i.16xlarge
- m6i.24xlarge
- m6i.32xlarge
- c6i.large
- c6i.xlarge
- c6i.2xlarge
- c6i.4xlarge
- c6i.8xlarge
- c6i.12xlarge
- c6i.16xlarge
- c6i.24xlarge
- c6i.32xlarge
- c6in.large
- c6in.xlarge
- c6in.2xlarge
- c6in.4xlarge
- c6in.8xlarge
- c6in.12xlarge
- c6in.16xlarge
- c6in.24xlarge
- c6in.32xlarge
- r5.large
- r5.xlarge
- r5.2xlarge
- r5.4xlarge
- r5.8xlarge
- r5.12xlarge
- r5.16xlarge
- r5.24xlarge
- r5a.large
- r5a.xlarge
- r5a.2xlarge
- r5a.4xlarge
- r5a.8xlarge
- r5a.12xlarge
- r5a.16xlarge
- r5a.24xlarge
- r5b.large
- r5b.xlarge
- r5b.2xlarge
- r5b.4xlarge
- r5b.8xlarge
- r5b.12xlarge
- r5b.16xlarge
- r5b.24xlarge
- r5n.large
- r5n.xlarge
- r5n.2xlarge
- r5n.4xlarge
- r5n.8xlarge
- r5n.12xlarge
- r5n.16xlarge
- r5n.24xlarge
- r6i.large
- r6i.xlarge
- r6i.2xlarge
- r6i.4xlarge
- r6i.8xlarge
- r6i.12xlarge
- r6i.16xlarge
- r6i.24xlarge
- r6i.32xlarge
- m6a.large
- m6a.xlarge
- m6a.2xlarge
- m6a.4xlarge
- m6a.8xlarge
- m6a.12xlarge
- m6a.16xlarge
- m6a.24xlarge - m6a.32xlarge
- m6a.48xlarge
| m5.xlarge | no |
-| management_version | The license to install on the Security Management Server | string | - R80.40-BYOL
- R80.40-PAYG
- R81-BYOL
- R81-PAYG
- R81.10-BYOL
- R81.10-PAYG
- R81.20-BYOL
- R81.20-PAYG | R81.10-BYOL | no |
+| management_version | The license to install on the Security Management Server | string | - R80.40-BYOL
- R80.40-PAYG
- R81-BYOL
- R81-PAYG
- R81.10-BYOL
- R81.10-PAYG
- R81.20-BYOL
- R81.20-PAYG | R81.20-BYOL | no |
| management_password_hash | (Optional) Admin user's password hash (use command 'openssl passwd -6 PASSWORD' to get the PASSWORD's hash) | string | n/a | "" | no |
| management_permissions | IAM role to attach to the instance profile | string | - None (configure later)
- Use existing (specify an existing IAM role name)
- Create with assume role permissions (specify an STS role ARN)
- Create with read permissions
- Create with read-write permissions | Create with read-write permissions | no |
| management_predefined_role | ((Optional) A predefined IAM role to attach to the instance profile. Ignored if IAM role is not set to 'Use existing' | string | n/a | "" | no |
@@ -207,6 +207,7 @@ In order to check the template version, please refer to [sk116585](https://suppo
| 20221123 | R81.20 version support |
| 20221226 | Support ASG Launch Template instead of Launch Configuration |
| 20230806 | Add support for c6in instance type |
+| 20230830 | Change default Check Point version to R81.20 |
## License
diff --git a/terraform/aws/tgw-asg-master/terraform.tfvars b/terraform/aws/tgw-asg-master/terraform.tfvars
index b406e720..1e22cd1a 100755
--- a/terraform/aws/tgw-asg-master/terraform.tfvars
+++ b/terraform/aws/tgw-asg-master/terraform.tfvars
@@ -20,7 +20,7 @@ gateway_name = "Check-Point-gateway"
gateway_instance_type = "c5.xlarge"
gateways_min_group_size = 2
gateways_max_group_size = 8
-gateway_version = "R81.10-BYOL"
+gateway_version = "R81.20-BYOL"
gateway_password_hash = ""
gateway_SICKey = "12345678"
enable_cloudwatch = true
@@ -29,7 +29,7 @@ asn = "6500"
// --- Check Point CloudGuard Network Security Management Server Configuration ---
management_deploy = true
management_instance_type = "m5.xlarge"
-management_version = "R81.10-BYOL"
+management_version = "R81.20-BYOL"
management_password_hash = ""
management_permissions = "Create with read-write permissions"
management_predefined_role = ""
diff --git a/terraform/aws/tgw-asg-master/variables.tf b/terraform/aws/tgw-asg-master/variables.tf
index 0d142204..35a256ce 100755
--- a/terraform/aws/tgw-asg-master/variables.tf
+++ b/terraform/aws/tgw-asg-master/variables.tf
@@ -90,7 +90,7 @@ variable "gateways_max_group_size" {
variable "gateway_version" {
type = string
description = "Gateway version and license"
- default = "R81.10-BYOL"
+ default = "R81.20-BYOL"
}
module "validate_gateway_version" {
source = "../modules/common/version_license"
@@ -138,7 +138,7 @@ module "validate_management_instance_type" {
variable "management_version" {
type = string
description = "The license to install on the Security Management Server"
- default = "R81.10-BYOL"
+ default = "R81.20-BYOL"
}
module "validate_management_version" {
source = "../modules/common/version_license"
diff --git a/terraform/aws/tgw-asg/README.md b/terraform/aws/tgw-asg/README.md
index cea54598..ecaba773 100755
--- a/terraform/aws/tgw-asg/README.md
+++ b/terraform/aws/tgw-asg/README.md
@@ -99,7 +99,7 @@ secret_key = "my-secret-key"
gateway_instance_type = "c5.xlarge"
gateways_min_group_size = 2
gateways_max_group_size = 8
- gateway_version = "R81.10-BYOL"
+ gateway_version = "R81.20-BYOL"
gateway_password_hash = ""
gateway_SICKey = "12345678"
enable_cloudwatch = true
@@ -108,7 +108,7 @@ secret_key = "my-secret-key"
// --- Check Point CloudGuard Network Security Management Server Configuration ---
management_deploy = true
management_instance_type = "m5.xlarge"
- management_version = "R81.10-BYOL"
+ management_version = "R81.20-BYOL"
management_password_hash = ""
management_permissions = "Create with read-write permissions"
management_predefined_role = ""
@@ -156,14 +156,14 @@ secret_key = "my-secret-key"
| gateway_instance_type | The instance type of the Security Gateways | string | - c4.large
- c4.xlarge
- c5.large
- c5.xlarge
- c5.2xlarge
- c5.4xlarge
- c5.9xlarge
- c5.12xlarge
- c5.18xlarge
- c5.24xlarge
- c5n.large
- c5n.xlarge
- c5n.2xlarge
- c5n.4xlarge
- c5n.9xlarge
- c5n.18xlarge
- m5.large
- m5.xlarge
- m5.2xlarge
- m5.4xlarge
- m5.8xlarge
- m5.12xlarge
- m5.16xlarge
- m5.24xlarge
- m6i.large
- m6i.xlarge
- m6i.2xlarge
- m6i.4xlarge
- m6i.8xlarge
- m6i.12xlarge
- m6i.16xlarge
- m6i.24xlarge
- m6i.32xlarge
- c6i.large
- c6i.xlarge
- c6i.2xlarge
- c6i.4xlarge
- c6i.8xlarge
- c6i.12xlarge
- c6i.16xlarge
- c6i.24xlarge
- c6i.32xlarge
- c6in.large
- c6in.xlarge
- c6in.2xlarge
- c6in.4xlarge
- c6in.8xlarge
- c6in.12xlarge
- c6in.16xlarge
- c6in.24xlarge
- c6in.32xlarge
- r5.large
- r5.xlarge
- r5.2xlarge
- r5.4xlarge
- r5.8xlarge
- r5.12xlarge
- r5.16xlarge
- r5.24xlarge
- r5a.large
- r5a.xlarge
- r5a.2xlarge
- r5a.4xlarge
- r5a.8xlarge
- r5a.12xlarge
- r5a.16xlarge
- r5a.24xlarge
- r5b.large
- r5b.xlarge
- r5b.2xlarge
- r5b.4xlarge
- r5b.8xlarge
- r5b.12xlarge
- r5b.16xlarge
- r5b.24xlarge
- r5n.large
- r5n.xlarge
- r5n.2xlarge
- r5n.4xlarge
- r5n.8xlarge
- r5n.12xlarge
- r5n.16xlarge
- r5n.24xlarge
- r6i.large
- r6i.xlarge
- r6i.2xlarge
- r6i.4xlarge
- r6i.8xlarge
- r6i.12xlarge
- r6i.16xlarge
- r6i.24xlarge
- r6i.32xlarge
- m6a.large
- m6a.xlarge
- m6a.2xlarge
- m6a.4xlarge
- m6a.8xlarge
- m6a.12xlarge
- m6a.16xlarge
- m6a.24xlarge - m6a.32xlarge
- m6a.48xlarge
| c5.xlarge | no |
| gateways_min_group_size | The minimal number of Security Gateways | number | n/a | 2 | no |
| gateways_max_group_size | The maximal number of Security Gateways | number | n/a | 10 | no |
-| gateway_version | Gateway version and license | string | - R80.40-BYOL
- R80.40-PAYG-NGTP
- R80.40-PAYG-NGTX
- R81-BYOL
- R81-PAYG-NGTP
- R81-PAYG-NGTX
- R81.10-BYOL
- R81.10-PAYG-NGTP
- R81.10-PAYG-NGTX
- R81.10-BYOL
- R81.10-PAYG-NGTP
- R81.10-PAYG-NGTX | R81.10-BYOL | no |
+| gateway_version | Gateway version and license | string | - R80.40-BYOL
- R80.40-PAYG-NGTP
- R80.40-PAYG-NGTX
- R81-BYOL
- R81-PAYG-NGTP
- R81-PAYG-NGTX
- R81.10-BYOL
- R81.10-PAYG-NGTP
- R81.10-PAYG-NGTX
- R81.10-BYOL
- R81.10-PAYG-NGTP
- R81.10-PAYG-NGTX | R81.20-BYOL | no |
| gateway_password_hash | (Optional) Admin user's password hash (use command 'openssl passwd -6 PASSWORD' to get the PASSWORD's hash) | string | n/a | "" | no |
| gateway_SIC_Key | The Secure Internal Communication key for trusted connection between Check Point components. Choose a random string consisting of at least 8 alphanumeric characters | string | n/a | "12345678" | yes |
| enable_cloudwatch | Report Check Point specific CloudWatch metrics | bool | true/false | false | no |
| asn | The organization Autonomous System Number (ASN) that identifies the routing domain for the Security Gateways | string | n/a | 6500 | no |
| management_deploy | Select 'false' to use an existing Security Management Server or to deploy one later and to ignore the other parameters of this section | bool | true/false | true | no |
| management_instance_type | The EC2 instance type of the Security Management Server | string | - c5.large
- c5.xlarge
- c5.2xlarge
- c5.4xlarge
- c5.9xlarge
- c5.12xlarge
- c5.18xlarge
- c5.24xlarge
- c5n.large
- c5n.xlarge
- c5n.2xlarge
- c5n.4xlarge
- c5n.9xlarge
- c5n.18xlarge
- m5.large
- m5.xlarge
- m5.2xlarge
- m5.4xlarge
- m5.8xlarge
- m5.12xlarge
- m5.16xlarge
- m5.24xlarge
- m6i.large
- m6i.xlarge
- m6i.2xlarge
- m6i.4xlarge
- m6i.8xlarge
- m6i.12xlarge
- m6i.16xlarge
- m6i.24xlarge
- m6i.32xlarge
- c6i.large
- c6i.xlarge
- c6i.2xlarge
- c6i.4xlarge
- c6i.8xlarge
- c6i.12xlarge
- c6i.16xlarge
- c6i.24xlarge
- c6i.32xlarge
- c6in.large
- c6in.xlarge
- c6in.2xlarge
- c6in.4xlarge
- c6in.8xlarge
- c6in.12xlarge
- c6in.16xlarge
- c6in.24xlarge
- c6in.32xlarge
- r5.large
- r5.xlarge
- r5.2xlarge
- r5.4xlarge
- r5.8xlarge
- r5.12xlarge
- r5.16xlarge
- r5.24xlarge
- r5a.large
- r5a.xlarge
- r5a.2xlarge
- r5a.4xlarge
- r5a.8xlarge
- r5a.12xlarge
- r5a.16xlarge
- r5a.24xlarge
- r5b.large
- r5b.xlarge
- r5b.2xlarge
- r5b.4xlarge
- r5b.8xlarge
- r5b.12xlarge
- r5b.16xlarge
- r5b.24xlarge
- r5n.large
- r5n.xlarge
- r5n.2xlarge
- r5n.4xlarge
- r5n.8xlarge
- r5n.12xlarge
- r5n.16xlarge
- r5n.24xlarge
- r6i.large
- r6i.xlarge
- r6i.2xlarge
- r6i.4xlarge
- r6i.8xlarge
- r6i.12xlarge
- r6i.16xlarge
- r6i.24xlarge
- r6i.32xlarge
- m6a.large
- m6a.xlarge
- m6a.2xlarge
- m6a.4xlarge
- m6a.8xlarge
- m6a.12xlarge
- m6a.16xlarge
- m6a.24xlarge - m6a.32xlarge
- m6a.48xlarge
| m5.xlarge | no |
-| management_version | The license to install on the Security Management Server | string | - R80.40-BYOL
- R80.40-PAYG
- R81-BYOL
- R81-PAYG
- R81.10-BYOL
- R81.10-PAYG
- R81.20-BYOL
- R81.20-PAYG | R81.10-BYOL | no |
+| management_version | The license to install on the Security Management Server | string | - R80.40-BYOL
- R80.40-PAYG
- R81-BYOL
- R81-PAYG
- R81.10-BYOL
- R81.10-PAYG
- R81.20-BYOL
- R81.20-PAYG | R81.20-BYOL | no |
| management_password_hash | (Optional) Admin user's password hash (use command 'openssl passwd -6 PASSWORD' to get the PASSWORD's hash) | string | n/a | "" | no |
| management_permissions | IAM role to attach to the instance profile | string | - None (configure later)
- Use existing (specify an existing IAM role name)
- Create with assume role permissions (specify an STS role ARN)
- Create with read permissions
- Create with read-write permissions | Create with read-write permissions | no |
| management_predefined_role | ((Optional) A predefined IAM role to attach to the instance profile. Ignored if IAM role is not set to 'Use existing' | string | n/a | "" | no |
@@ -197,6 +197,7 @@ In order to check the template version, please refer to [sk116585](https://suppo
| 20221226 | Support ASG Launch Template instead of Launch Configuration |
| 20230626 | Fixed missing x-chkp-* tags on Auto Scale Group |
| 20230806 | Add support for c6in instance type |
+| 20230830 | Change default Check Point version to R81.20 |
## License
diff --git a/terraform/aws/tgw-asg/terraform.tfvars b/terraform/aws/tgw-asg/terraform.tfvars
index 971cf412..3d6675a4 100755
--- a/terraform/aws/tgw-asg/terraform.tfvars
+++ b/terraform/aws/tgw-asg/terraform.tfvars
@@ -16,7 +16,7 @@ gateway_name = "Check-Point-gateway"
gateway_instance_type = "c5.xlarge"
gateways_min_group_size = 2
gateways_max_group_size = 8
-gateway_version = "R81.10-BYOL"
+gateway_version = "R81.20-BYOL"
gateway_password_hash = ""
gateway_SICKey = "12345678"
enable_cloudwatch = true
@@ -25,7 +25,7 @@ asn = "65000"
// --- Check Point CloudGuard Network Security Management Server Configuration ---
management_deploy = true
management_instance_type = "m5.xlarge"
-management_version = "R81.10-BYOL"
+management_version = "R81.20-BYOL"
management_password_hash = "12345678"
management_permissions = "Create with read-write permissions"
management_predefined_role = ""
diff --git a/terraform/aws/tgw-asg/variables.tf b/terraform/aws/tgw-asg/variables.tf
index 4b1b6696..b240aece 100755
--- a/terraform/aws/tgw-asg/variables.tf
+++ b/terraform/aws/tgw-asg/variables.tf
@@ -84,7 +84,7 @@ variable "gateways_max_group_size" {
variable "gateway_version" {
type = string
description = "Gateway version and license"
- default = "R81.10-BYOL"
+ default = "R81.20-BYOL"
}
module "validate_gateway_version" {
source = "../modules/common/version_license"
@@ -132,7 +132,7 @@ module "validate_management_instance_type" {
variable "management_version" {
type = string
description = "The license to install on the Security Management Server"
- default = "R81.10-BYOL"
+ default = "R81.20-BYOL"
}
module "validate_management_version" {
source = "../modules/common/version_license"
diff --git a/terraform/aws/tgw-gwlb-master/README.md b/terraform/aws/tgw-gwlb-master/README.md
index 3fd58738..0b3646d7 100755
--- a/terraform/aws/tgw-gwlb-master/README.md
+++ b/terraform/aws/tgw-gwlb-master/README.md
@@ -140,7 +140,7 @@ secret_key = "my-secret-key"
gateway_instance_type = "c5.xlarge"
minimum_group_size = 2
maximum_group_size = 10
- gateway_version = "R80.40-BYOL"
+ gateway_version = "R81.20-BYOL"
gateway_password_hash = ""
gateway_SICKey = "12345678"
gateways_provision_address_type = "private"
@@ -150,7 +150,7 @@ secret_key = "my-secret-key"
// --- Check Point CloudGuard IaaS Security Management Server Configuration ---
management_deploy = true
management_instance_type = "m5.xlarge"
- management_version = "R81.10-BYOL"
+ management_version = "R81.20-BYOL"
management_password_hash = ""
gateways_policy = "Standard"
gateway_management = "Locally managed"
@@ -212,7 +212,7 @@ secret_key = "my-secret-key"
| gateway_instance_type | The instance type of the Security Gateways | string | - c4.large
- c4.xlarge
- c5.large
- c5.xlarge
- c5.2xlarge
- c5.4xlarge
- c5.9xlarge
- c5.12xlarge
- c5.18xlarge
- c5.24xlarge
- c5n.large
- c5n.xlarge
- c5n.2xlarge
- c5n.4xlarge
- c5n.9xlarge
- c5n.18xlarge
- m5.large
- m5.xlarge
- m5.2xlarge
- m5.4xlarge
- m5.8xlarge
- m5.12xlarge
- m5.16xlarge
- m5.24xlarge
- m6i.large
- m6i.xlarge
- m6i.2xlarge
- m6i.4xlarge
- m6i.8xlarge
- m6i.12xlarge
- m6i.16xlarge
- m6i.24xlarge
- m6i.32xlarge
- c6i.large
- c6i.xlarge
- c6i.2xlarge
- c6i.4xlarge
- c6i.8xlarge
- c6i.12xlarge
- c6i.16xlarge
- c6i.24xlarge
- c6i.32xlarge
- c6in.large
- c6in.xlarge
- c6in.2xlarge
- c6in.4xlarge
- c6in.8xlarge
- c6in.12xlarge
- c6in.16xlarge
- c6in.24xlarge
- c6in.32xlarge
- r5.large
- r5.xlarge
- r5.2xlarge
- r5.4xlarge
- r5.8xlarge
- r5.12xlarge
- r5.16xlarge
- r5.24xlarge
- r5a.large
- r5a.xlarge
- r5a.2xlarge
- r5a.4xlarge
- r5a.8xlarge
- r5a.12xlarge
- r5a.16xlarge
- r5a.24xlarge
- r5b.large
- r5b.xlarge
- r5b.2xlarge
- r5b.4xlarge
- r5b.8xlarge
- r5b.12xlarge
- r5b.16xlarge
- r5b.24xlarge
- r5n.large
- r5n.xlarge
- r5n.2xlarge
- r5n.4xlarge
- r5n.8xlarge
- r5n.12xlarge
- r5n.16xlarge
- r5n.24xlarge
- r6i.large
- r6i.xlarge
- r6i.2xlarge
- r6i.4xlarge
- r6i.8xlarge
- r6i.12xlarge
- r6i.16xlarge
- r6i.24xlarge
- r6i.32xlarge
- m6a.large
- m6a.xlarge
- m6a.2xlarge
- m6a.4xlarge
- m6a.8xlarge
- m6a.12xlarge
- m6a.16xlarge
- m6a.24xlarge - m6a.32xlarge
- m6a.48xlarge
| c5.xlarge | no |
| gateways_min_group_size | The minimal number of Security Gateways | number | n/a | 2 | no |
| gateways_max_group_size | The maximal number of Security Gateways | number | n/a | 10 | no |
-| gateway_version | Gateway version and license | string | - R80.40-BYOL
- R80.40-PAYG-NGTP
- R80.40-PAYG-NGTX
- R81.20-BYOL
- R81.20-PAYG-NGTP
- R81.20-PAYG-NGTX | R80.40-BYOL | no |
+| gateway_version | Gateway version and license | string | - R80.40-BYOL
- R80.40-PAYG-NGTP
- R80.40-PAYG-NGTX
- R81.20-BYOL
- R81.20-PAYG-NGTP
- R81.20-PAYG-NGTX | R81.20-BYOL | no |
| gateway_password_hash | (Optional) Admin user's password hash (use command 'openssl passwd -6 PASSWORD' to get the PASSWORD's hash) | string | n/a | "" | no |
| gateway_SICKey | The Secure Internal Communication key for trusted connection between Check Point components. Choose a random string consisting of at least 8 alphanumeric characters | string | n/a | "12345678" | yes |
| enable_cloudwatch | Report Check Point specific CloudWatch metrics | bool | true/false | false | no |
@@ -220,7 +220,7 @@ secret_key = "my-secret-key"
| allocate_public_IP | Allocate a Public IP for gateway members. | bool | true/false | false | no |
| management_deploy | Select 'false' to use an existing Security Management Server or to deploy one later and to ignore the other parameters of this section | bool | true/false | true | no |
| management_instance_type | The EC2 instance type of the Security Management Server | string | - c5.large
- c5.xlarge
- c5.2xlarge
- c5.4xlarge
- c5.9xlarge
- c5.12xlarge
- c5.18xlarge
- c5.24xlarge
- c5n.large
- c5n.xlarge
- c5n.2xlarge
- c5n.4xlarge
- c5n.9xlarge
- c5n.18xlarge
- m5.large
- m5.xlarge
- m5.2xlarge
- m5.4xlarge
- m5.8xlarge
- m5.12xlarge
- m5.16xlarge
- m5.24xlarge
- m6i.large
- m6i.xlarge
- m6i.2xlarge
- m6i.4xlarge
- m6i.8xlarge
- m6i.12xlarge
- m6i.16xlarge
- m6i.24xlarge
- m6i.32xlarge
- c6i.large
- c6i.xlarge
- c6i.2xlarge
- c6i.4xlarge
- c6i.8xlarge
- c6i.12xlarge
- c6i.16xlarge
- c6i.24xlarge
- c6i.32xlarge
- c6in.large
- c6in.xlarge
- c6in.2xlarge
- c6in.4xlarge
- c6in.8xlarge
- c6in.12xlarge
- c6in.16xlarge
- c6in.24xlarge
- c6in.32xlarge
- r5.large
- r5.xlarge
- r5.2xlarge
- r5.4xlarge
- r5.8xlarge
- r5.12xlarge
- r5.16xlarge
- r5.24xlarge
- r5a.large
- r5a.xlarge
- r5a.2xlarge
- r5a.4xlarge
- r5a.8xlarge
- r5a.12xlarge
- r5a.16xlarge
- r5a.24xlarge
- r5b.large
- r5b.xlarge
- r5b.2xlarge
- r5b.4xlarge
- r5b.8xlarge
- r5b.12xlarge
- r5b.16xlarge
- r5b.24xlarge
- r5n.large
- r5n.xlarge
- r5n.2xlarge
- r5n.4xlarge
- r5n.8xlarge
- r5n.12xlarge
- r5n.16xlarge
- r5n.24xlarge
- r6i.large
- r6i.xlarge
- r6i.2xlarge
- r6i.4xlarge
- r6i.8xlarge
- r6i.12xlarge
- r6i.16xlarge
- r6i.24xlarge
- r6i.32xlarge
- m6a.large
- m6a.xlarge
- m6a.2xlarge
- m6a.4xlarge
- m6a.8xlarge
- m6a.12xlarge
- m6a.16xlarge
- m6a.24xlarge - m6a.32xlarge
- m6a.48xlarge
| m5.xlarge | no |
-| management_version | The license to install on the Security Management Server | string | - R80.40-BYOL
- R80.40-PAYG
- R81-BYOL
- R81-PAYG
- R81.10-BYOL
- R81.10-PAYG
- R81.20-BYOL
- R81.20-PAYG | R81.10-BYOL | no |
+| management_version | The license to install on the Security Management Server | string | - R80.40-BYOL
- R80.40-PAYG
- R81-BYOL
- R81-PAYG
- R81.10-BYOL
- R81.10-PAYG
- R81.20-BYOL
- R81.20-PAYG | R81.20-BYOL | no |
| management_password_hash | (Optional) Admin user's password hash (use command 'openssl passwd -6 PASSWORD' to get the PASSWORD's hash) | string | n/a | "" | no |
| gateways_policy | The name of the Security Policy package to be installed on the gateways in the Security Gateways Auto Scaling group | string | n/a | Standard | no |
| gateway_management | Select 'Over the internet' if any of the gateways you wish to manage are not directly accessed via their private IP address. | string | - Locally managed
- Over the internet | Locally managed | no |
@@ -252,6 +252,7 @@ In order to check the template version, please refer to [sk116585](https://suppo
| 20221123 | R81.20 version support |
| 20221226 | Support ASG Launch Template instead of Launch Configuration |
| 20230806 | Add support for c6in instance type |
+| 20230830 | Change default Check Point version to R81.20 |
## License
diff --git a/terraform/aws/tgw-gwlb-master/terraform.tfvars b/terraform/aws/tgw-gwlb-master/terraform.tfvars
index eb6db226..5397f6b2 100755
--- a/terraform/aws/tgw-gwlb-master/terraform.tfvars
+++ b/terraform/aws/tgw-gwlb-master/terraform.tfvars
@@ -50,7 +50,7 @@ gateway_name = "Check-Point-GW-tf"
gateway_instance_type = "c5.xlarge"
minimum_group_size = 2
maximum_group_size = 10
-gateway_version = "R80.40-BYOL"
+gateway_version = "R81.20-BYOL"
gateway_password_hash = ""
gateway_SICKey = "12345678"
gateways_provision_address_type = "private"
@@ -60,7 +60,7 @@ enable_cloudwatch = false
// --- Check Point CloudGuard IaaS Security Management Server Configuration ---
management_deploy = true
management_instance_type = "m5.xlarge"
-management_version = "R81.10-BYOL"
+management_version = "R81.20-BYOL"
management_password_hash = ""
gateways_policy = "Standard"
gateway_management = "Locally managed"
diff --git a/terraform/aws/tgw-gwlb-master/variables.tf b/terraform/aws/tgw-gwlb-master/variables.tf
index 69af56cd..639fa860 100755
--- a/terraform/aws/tgw-gwlb-master/variables.tf
+++ b/terraform/aws/tgw-gwlb-master/variables.tf
@@ -205,7 +205,7 @@ variable "maximum_group_size" {
variable "gateway_version" {
type = string
description = "The version and license to install on the Security Gateways."
- default = "R80.40-BYOL"
+ default = "R81.20-BYOL"
}
module "validate_gateway_version" {
source = "../modules/common/version_license"
@@ -267,7 +267,7 @@ module "validate_management_instance_type" {
variable "management_version" {
type = string
description = "The license to install on the Security Management Server"
- default = "R81.10-BYOL"
+ default = "R81.20-BYOL"
}
module "validate_management_version" {
source = "../modules/common/version_license"
diff --git a/terraform/aws/tgw-gwlb/README.md b/terraform/aws/tgw-gwlb/README.md
index 63361af1..9fb292bb 100755
--- a/terraform/aws/tgw-gwlb/README.md
+++ b/terraform/aws/tgw-gwlb/README.md
@@ -129,7 +129,7 @@ secret_key = "my-secret-key"
gateway_instance_type = "c5.xlarge"
minimum_group_size = 2
maximum_group_size = 10
- gateway_version = "R80.40-BYOL"
+ gateway_version = "R81.20-BYOL"
gateway_password_hash = ""
gateway_SICKey = "12345678"
gateways_provision_address_type = "private"
@@ -139,7 +139,7 @@ secret_key = "my-secret-key"
// --- Check Point CloudGuard IaaS Security Management Server Configuration ---
management_deploy = true
management_instance_type = "m5.xlarge"
- management_version = "R81.10-BYOL"
+ management_version = "R81.20-BYOL"
management_password_hash = ""
gateways_policy = "Standard"
gateway_management = "Locally managed"
@@ -204,7 +204,7 @@ secret_key = "my-secret-key"
| gateway_instance_type | The instance type of the Security Gateways | string | - c4.large
- c4.xlarge
- c5.large
- c5.xlarge
- c5.2xlarge
- c5.4xlarge
- c5.9xlarge
- c5.12xlarge
- c5.18xlarge
- c5.24xlarge
- c5n.large
- c5n.xlarge
- c5n.2xlarge
- c5n.4xlarge
- c5n.9xlarge
- c5n.18xlarge
- m5.large
- m5.xlarge
- m5.2xlarge
- m5.4xlarge
- m5.8xlarge
- m5.12xlarge
- m5.16xlarge
- m5.24xlarge
- m6i.large
- m6i.xlarge
- m6i.2xlarge
- m6i.4xlarge
- m6i.8xlarge
- m6i.12xlarge
- m6i.16xlarge
- m6i.24xlarge
- m6i.32xlarge
- c6i.large
- c6i.xlarge
- c6i.2xlarge
- c6i.4xlarge
- c6i.8xlarge
- c6i.12xlarge
- c6i.16xlarge
- c6i.24xlarge
- c6i.32xlarge
- c6in.large
- c6in.xlarge
- c6in.2xlarge
- c6in.4xlarge
- c6in.8xlarge
- c6in.12xlarge
- c6in.16xlarge
- c6in.24xlarge
- c6in.32xlarge
- r5.large
- r5.xlarge
- r5.2xlarge
- r5.4xlarge
- r5.8xlarge
- r5.12xlarge
- r5.16xlarge
- r5.24xlarge
- r5a.large
- r5a.xlarge
- r5a.2xlarge
- r5a.4xlarge
- r5a.8xlarge
- r5a.12xlarge
- r5a.16xlarge
- r5a.24xlarge
- r5b.large
- r5b.xlarge
- r5b.2xlarge
- r5b.4xlarge
- r5b.8xlarge
- r5b.12xlarge
- r5b.16xlarge
- r5b.24xlarge
- r5n.large
- r5n.xlarge
- r5n.2xlarge
- r5n.4xlarge
- r5n.8xlarge
- r5n.12xlarge
- r5n.16xlarge
- r5n.24xlarge
- r6i.large
- r6i.xlarge
- r6i.2xlarge
- r6i.4xlarge
- r6i.8xlarge
- r6i.12xlarge
- r6i.16xlarge
- r6i.24xlarge
- r6i.32xlarge
- m6a.large
- m6a.xlarge
- m6a.2xlarge
- m6a.4xlarge
- m6a.8xlarge
- m6a.12xlarge
- m6a.16xlarge
- m6a.24xlarge - m6a.32xlarge
- m6a.48xlarge
| c5.xlarge | no |
| gateways_min_group_size | The minimal number of Security Gateways | number | n/a | 2 | no |
| gateways_max_group_size | The maximal number of Security Gateways | number | n/a | 10 | no |
-| gateway_version | Gateway version and license | string | - R80.40-BYOL
- R80.40-PAYG-NGTP
- R80.40-PAYG-NGTX
- R81.20-BYOL
- R81.20-PAYG-NGTP
- R81.20-PAYG-NGTX | R80.40-BYOL | no |
+| gateway_version | Gateway version and license | string | - R80.40-BYOL
- R80.40-PAYG-NGTP
- R80.40-PAYG-NGTX
- R81.20-BYOL
- R81.20-PAYG-NGTP
- R81.20-PAYG-NGTX | R81.20-BYOL | no |
| gateway_password_hash | (Optional) Admin user's password hash (use command 'openssl passwd -6 PASSWORD' to get the PASSWORD's hash) | string | n/a | "" | no |
| gateway_SICKey | The Secure Internal Communication key for trusted connection between Check Point components. Choose a random string consisting of at least 8 alphanumeric characters | string | n/a | "12345678" | yes |
| enable_cloudwatch | Report Check Point specific CloudWatch metrics | bool | true/false | false | no |
@@ -212,7 +212,7 @@ secret_key = "my-secret-key"
| allocate_public_IP | Allocate a Public IP for gateway members. | bool | true/false | false | no |
| management_deploy | Select 'false' to use an existing Security Management Server or to deploy one later and to ignore the other parameters of this section | bool | true/false | true | no |
| management_instance_type | The EC2 instance type of the Security Management Server | string | - c5.large
- c5.xlarge
- c5.2xlarge
- c5.4xlarge
- c5.9xlarge
- c5.12xlarge
- c5.18xlarge
- c5.24xlarge
- c5n.large
- c5n.xlarge
- c5n.2xlarge
- c5n.4xlarge
- c5n.9xlarge
- c5n.18xlarge
- m5.large
- m5.xlarge
- m5.2xlarge
- m5.4xlarge
- m5.8xlarge
- m5.12xlarge
- m5.16xlarge
- m5.24xlarge
- m6i.large
- m6i.xlarge
- m6i.2xlarge
- m6i.4xlarge
- m6i.8xlarge
- m6i.12xlarge
- m6i.16xlarge
- m6i.24xlarge
- m6i.32xlarge
- c6i.large
- c6i.xlarge
- c6i.2xlarge
- c6i.4xlarge
- c6i.8xlarge
- c6i.12xlarge
- c6i.16xlarge
- c6i.24xlarge
- c6i.32xlarge
- c6in.large
- c6in.xlarge
- c6in.2xlarge
- c6in.4xlarge
- c6in.8xlarge
- c6in.12xlarge
- c6in.16xlarge
- c6in.24xlarge
- c6in.32xlarge
- r5.large
- r5.xlarge
- r5.2xlarge
- r5.4xlarge
- r5.8xlarge
- r5.12xlarge
- r5.16xlarge
- r5.24xlarge
- r5a.large
- r5a.xlarge
- r5a.2xlarge
- r5a.4xlarge
- r5a.8xlarge
- r5a.12xlarge
- r5a.16xlarge
- r5a.24xlarge
- r5b.large
- r5b.xlarge
- r5b.2xlarge
- r5b.4xlarge
- r5b.8xlarge
- r5b.12xlarge
- r5b.16xlarge
- r5b.24xlarge
- r5n.large
- r5n.xlarge
- r5n.2xlarge
- r5n.4xlarge
- r5n.8xlarge
- r5n.12xlarge
- r5n.16xlarge
- r5n.24xlarge
- r6i.large
- r6i.xlarge
- r6i.2xlarge
- r6i.4xlarge
- r6i.8xlarge
- r6i.12xlarge
- r6i.16xlarge
- r6i.24xlarge
- r6i.32xlarge
- m6a.large
- m6a.xlarge
- m6a.2xlarge
- m6a.4xlarge
- m6a.8xlarge
- m6a.12xlarge
- m6a.16xlarge
- m6a.24xlarge - m6a.32xlarge
- m6a.48xlarge
| m5.xlarge | no |
-| management_version | The license to install on the Security Management Server | string | - R80.40-BYOL
- R80.40-PAYG
- R81-BYOL
- R81-PAYG
- R81.10-BYOL
- R81.10-PAYG
- R81.20-BYOL
- R81.20-PAYG | R81.10-BYOL | no |
+| management_version | The license to install on the Security Management Server | string | - R80.40-BYOL
- R80.40-PAYG
- R81-BYOL
- R81-PAYG
- R81.10-BYOL
- R81.10-PAYG
- R81.20-BYOL
- R81.20-PAYG | R81.20-BYOL | no |
| management_password_hash | (Optional) Admin user's password hash (use command 'openssl passwd -6 PASSWORD' to get the PASSWORD's hash) | string | n/a | "" | no |
| gateways_policy | The name of the Security Policy package to be installed on the gateways in the Security Gateways Auto Scaling group | string | n/a | Standard | no |
| gateway_management | Select 'Over the internet' if any of the gateways you wish to manage are not directly accessed via their private IP address. | string | - Locally managed
- Over the internet | Locally managed | no |
@@ -243,7 +243,8 @@ In order to check the template version, please refer to [sk116585](https://suppo
| 20220606 | New instance type support |
| 20221123 | R81.20 version support |
| 20221226 | Support ASG Launch Template instead of Launch Configuration |
-| 20230806 | Add support for c6in instance type |
+| 20230806 | Add support for c6in instance type |
+| 20230830 | Change default Check Point version to R81.20 |
## License
diff --git a/terraform/aws/tgw-gwlb/terraform.tfvars b/terraform/aws/tgw-gwlb/terraform.tfvars
index d5bd2a0d..3c63c501 100755
--- a/terraform/aws/tgw-gwlb/terraform.tfvars
+++ b/terraform/aws/tgw-gwlb/terraform.tfvars
@@ -43,7 +43,7 @@ gateway_name = "Check-Point-GW-tf"
gateway_instance_type = "c5.xlarge"
minimum_group_size = 2
maximum_group_size = 10
-gateway_version = "R80.40-BYOL"
+gateway_version = "R81.20-BYOL"
gateway_password_hash = ""
gateway_SICKey = "12345678"
gateways_provision_address_type = "private"
@@ -53,7 +53,7 @@ enable_cloudwatch = false
// --- Check Point CloudGuard IaaS Security Management Server Configuration ---
management_deploy = true
management_instance_type = "m5.xlarge"
-management_version = "R81.10-BYOL"
+management_version = "R81.20-BYOL"
management_password_hash = ""
gateways_policy = "Standard"
gateway_management = "Locally managed"
diff --git a/terraform/aws/tgw-gwlb/variables.tf b/terraform/aws/tgw-gwlb/variables.tf
index 34325e7c..a38eb6ca 100755
--- a/terraform/aws/tgw-gwlb/variables.tf
+++ b/terraform/aws/tgw-gwlb/variables.tf
@@ -213,7 +213,7 @@ variable "maximum_group_size" {
variable "gateway_version" {
type = string
description = "The version and license to install on the Security Gateways."
- default = "R80.40-BYOL"
+ default = "R81.20-BYOL"
}
module "validate_gateway_version" {
source = "../modules/common/version_license"
@@ -274,7 +274,7 @@ module "validate_management_instance_type" {
variable "management_version" {
type = string
description = "The license to install on the Security Management Server"
- default = "R81.10-BYOL"
+ default = "R81.20-BYOL"
}
module "validate_management_version" {
source = "../modules/common/version_license"