diff --git a/deprecated/gcp/autoscale-byol-R80.30/README.md b/deprecated/gcp/R80.30/autoscale-byol-R80.30/README.md
similarity index 100%
rename from deprecated/gcp/autoscale-byol-R80.30/README.md
rename to deprecated/gcp/R80.30/autoscale-byol-R80.30/README.md
diff --git a/deprecated/gcp/autoscale-byol-R80.30/c2d_deployment_configuration.json b/deprecated/gcp/R80.30/autoscale-byol-R80.30/c2d_deployment_configuration.json
similarity index 100%
rename from deprecated/gcp/autoscale-byol-R80.30/c2d_deployment_configuration.json
rename to deprecated/gcp/R80.30/autoscale-byol-R80.30/c2d_deployment_configuration.json
diff --git a/deprecated/gcp/autoscale-byol-R80.30/check-point-autoscale--byol.py b/deprecated/gcp/R80.30/autoscale-byol-R80.30/check-point-autoscale--byol.py
similarity index 100%
rename from deprecated/gcp/autoscale-byol-R80.30/check-point-autoscale--byol.py
rename to deprecated/gcp/R80.30/autoscale-byol-R80.30/check-point-autoscale--byol.py
diff --git a/deprecated/gcp/autoscale-byol-R80.30/check-point-autoscale--byol.py.schema b/deprecated/gcp/R80.30/autoscale-byol-R80.30/check-point-autoscale--byol.py.schema
similarity index 100%
rename from deprecated/gcp/autoscale-byol-R80.30/check-point-autoscale--byol.py.schema
rename to deprecated/gcp/R80.30/autoscale-byol-R80.30/check-point-autoscale--byol.py.schema
diff --git a/deprecated/gcp/autoscale-byol-R80.30/common.py b/deprecated/gcp/R80.30/autoscale-byol-R80.30/common.py
similarity index 100%
rename from deprecated/gcp/autoscale-byol-R80.30/common.py
rename to deprecated/gcp/R80.30/autoscale-byol-R80.30/common.py
diff --git a/deprecated/gcp/autoscale-byol-R80.30/config.yaml b/deprecated/gcp/R80.30/autoscale-byol-R80.30/config.yaml
similarity index 100%
rename from deprecated/gcp/autoscale-byol-R80.30/config.yaml
rename to deprecated/gcp/R80.30/autoscale-byol-R80.30/config.yaml
diff --git a/deprecated/gcp/autoscale-byol-R80.30/default.py b/deprecated/gcp/R80.30/autoscale-byol-R80.30/default.py
similarity index 100%
rename from deprecated/gcp/autoscale-byol-R80.30/default.py
rename to deprecated/gcp/R80.30/autoscale-byol-R80.30/default.py
diff --git a/deprecated/gcp/autoscale-byol-R80.30/images.py b/deprecated/gcp/R80.30/autoscale-byol-R80.30/images.py
similarity index 100%
rename from deprecated/gcp/autoscale-byol-R80.30/images.py
rename to deprecated/gcp/R80.30/autoscale-byol-R80.30/images.py
diff --git a/deprecated/gcp/autoscale-byol-R80.30/password.py b/deprecated/gcp/R80.30/autoscale-byol-R80.30/password.py
similarity index 100%
rename from deprecated/gcp/autoscale-byol-R80.30/password.py
rename to deprecated/gcp/R80.30/autoscale-byol-R80.30/password.py
diff --git a/deprecated/gcp/autoscale-payg-R80.30/README.md b/deprecated/gcp/R80.30/autoscale-payg-R80.30/README.md
similarity index 100%
rename from deprecated/gcp/autoscale-payg-R80.30/README.md
rename to deprecated/gcp/R80.30/autoscale-payg-R80.30/README.md
diff --git a/deprecated/gcp/autoscale-payg-R80.30/c2d_deployment_configuration.json b/deprecated/gcp/R80.30/autoscale-payg-R80.30/c2d_deployment_configuration.json
similarity index 100%
rename from deprecated/gcp/autoscale-payg-R80.30/c2d_deployment_configuration.json
rename to deprecated/gcp/R80.30/autoscale-payg-R80.30/c2d_deployment_configuration.json
diff --git a/deprecated/gcp/autoscale-payg-R80.30/check-point-autoscale--payg.py b/deprecated/gcp/R80.30/autoscale-payg-R80.30/check-point-autoscale--payg.py
similarity index 100%
rename from deprecated/gcp/autoscale-payg-R80.30/check-point-autoscale--payg.py
rename to deprecated/gcp/R80.30/autoscale-payg-R80.30/check-point-autoscale--payg.py
diff --git a/deprecated/gcp/autoscale-payg-R80.30/check-point-autoscale--payg.py.schema b/deprecated/gcp/R80.30/autoscale-payg-R80.30/check-point-autoscale--payg.py.schema
similarity index 100%
rename from deprecated/gcp/autoscale-payg-R80.30/check-point-autoscale--payg.py.schema
rename to deprecated/gcp/R80.30/autoscale-payg-R80.30/check-point-autoscale--payg.py.schema
diff --git a/deprecated/gcp/autoscale-payg-R80.30/common.py b/deprecated/gcp/R80.30/autoscale-payg-R80.30/common.py
similarity index 100%
rename from deprecated/gcp/autoscale-payg-R80.30/common.py
rename to deprecated/gcp/R80.30/autoscale-payg-R80.30/common.py
diff --git a/deprecated/gcp/autoscale-payg-R80.30/config.yaml b/deprecated/gcp/R80.30/autoscale-payg-R80.30/config.yaml
similarity index 100%
rename from deprecated/gcp/autoscale-payg-R80.30/config.yaml
rename to deprecated/gcp/R80.30/autoscale-payg-R80.30/config.yaml
diff --git a/deprecated/gcp/autoscale-payg-R80.30/default.py b/deprecated/gcp/R80.30/autoscale-payg-R80.30/default.py
similarity index 100%
rename from deprecated/gcp/autoscale-payg-R80.30/default.py
rename to deprecated/gcp/R80.30/autoscale-payg-R80.30/default.py
diff --git a/deprecated/gcp/autoscale-payg-R80.30/images.py b/deprecated/gcp/R80.30/autoscale-payg-R80.30/images.py
similarity index 100%
rename from deprecated/gcp/autoscale-payg-R80.30/images.py
rename to deprecated/gcp/R80.30/autoscale-payg-R80.30/images.py
diff --git a/deprecated/gcp/autoscale-payg-R80.30/password.py b/deprecated/gcp/R80.30/autoscale-payg-R80.30/password.py
similarity index 100%
rename from deprecated/gcp/autoscale-payg-R80.30/password.py
rename to deprecated/gcp/R80.30/autoscale-payg-R80.30/password.py
diff --git a/deprecated/gcp/ha-byol-R80.30/README.md b/deprecated/gcp/R80.30/ha-byol-R80.30/README.md
similarity index 100%
rename from deprecated/gcp/ha-byol-R80.30/README.md
rename to deprecated/gcp/R80.30/ha-byol-R80.30/README.md
diff --git a/deprecated/gcp/ha-byol-R80.30/c2d_deployment_configuration.json b/deprecated/gcp/R80.30/ha-byol-R80.30/c2d_deployment_configuration.json
similarity index 100%
rename from deprecated/gcp/ha-byol-R80.30/c2d_deployment_configuration.json
rename to deprecated/gcp/R80.30/ha-byol-R80.30/c2d_deployment_configuration.json
diff --git a/deprecated/gcp/ha-byol-R80.30/check-point-cluster--byol.py b/deprecated/gcp/R80.30/ha-byol-R80.30/check-point-cluster--byol.py
similarity index 100%
rename from deprecated/gcp/ha-byol-R80.30/check-point-cluster--byol.py
rename to deprecated/gcp/R80.30/ha-byol-R80.30/check-point-cluster--byol.py
diff --git a/deprecated/gcp/ha-byol-R80.30/check-point-cluster--byol.py.schema b/deprecated/gcp/R80.30/ha-byol-R80.30/check-point-cluster--byol.py.schema
similarity index 100%
rename from deprecated/gcp/ha-byol-R80.30/check-point-cluster--byol.py.schema
rename to deprecated/gcp/R80.30/ha-byol-R80.30/check-point-cluster--byol.py.schema
diff --git a/deprecated/gcp/ha-byol-R80.30/common.py b/deprecated/gcp/R80.30/ha-byol-R80.30/common.py
similarity index 100%
rename from deprecated/gcp/ha-byol-R80.30/common.py
rename to deprecated/gcp/R80.30/ha-byol-R80.30/common.py
diff --git a/deprecated/gcp/ha-byol-R80.30/config.yaml b/deprecated/gcp/R80.30/ha-byol-R80.30/config.yaml
similarity index 100%
rename from deprecated/gcp/ha-byol-R80.30/config.yaml
rename to deprecated/gcp/R80.30/ha-byol-R80.30/config.yaml
diff --git a/deprecated/gcp/ha-byol-R80.30/default.py b/deprecated/gcp/R80.30/ha-byol-R80.30/default.py
similarity index 100%
rename from deprecated/gcp/ha-byol-R80.30/default.py
rename to deprecated/gcp/R80.30/ha-byol-R80.30/default.py
diff --git a/deprecated/gcp/ha-byol-R80.30/images.py b/deprecated/gcp/R80.30/ha-byol-R80.30/images.py
similarity index 100%
rename from deprecated/gcp/ha-byol-R80.30/images.py
rename to deprecated/gcp/R80.30/ha-byol-R80.30/images.py
diff --git a/deprecated/gcp/ha-byol-R80.30/password.py b/deprecated/gcp/R80.30/ha-byol-R80.30/password.py
similarity index 100%
rename from deprecated/gcp/ha-byol-R80.30/password.py
rename to deprecated/gcp/R80.30/ha-byol-R80.30/password.py
diff --git a/deprecated/gcp/ha-payg-R80.30/README.md b/deprecated/gcp/R80.30/ha-payg-R80.30/README.md
similarity index 100%
rename from deprecated/gcp/ha-payg-R80.30/README.md
rename to deprecated/gcp/R80.30/ha-payg-R80.30/README.md
diff --git a/deprecated/gcp/ha-payg-R80.30/c2d_deployment_configuration.json b/deprecated/gcp/R80.30/ha-payg-R80.30/c2d_deployment_configuration.json
similarity index 100%
rename from deprecated/gcp/ha-payg-R80.30/c2d_deployment_configuration.json
rename to deprecated/gcp/R80.30/ha-payg-R80.30/c2d_deployment_configuration.json
diff --git a/deprecated/gcp/ha-payg-R80.30/check-point-cluster--payg.py b/deprecated/gcp/R80.30/ha-payg-R80.30/check-point-cluster--payg.py
similarity index 100%
rename from deprecated/gcp/ha-payg-R80.30/check-point-cluster--payg.py
rename to deprecated/gcp/R80.30/ha-payg-R80.30/check-point-cluster--payg.py
diff --git a/deprecated/gcp/ha-payg-R80.30/check-point-cluster--payg.py.schema b/deprecated/gcp/R80.30/ha-payg-R80.30/check-point-cluster--payg.py.schema
similarity index 100%
rename from deprecated/gcp/ha-payg-R80.30/check-point-cluster--payg.py.schema
rename to deprecated/gcp/R80.30/ha-payg-R80.30/check-point-cluster--payg.py.schema
diff --git a/deprecated/gcp/ha-payg-R80.30/common.py b/deprecated/gcp/R80.30/ha-payg-R80.30/common.py
similarity index 100%
rename from deprecated/gcp/ha-payg-R80.30/common.py
rename to deprecated/gcp/R80.30/ha-payg-R80.30/common.py
diff --git a/deprecated/gcp/ha-payg-R80.30/config.yaml b/deprecated/gcp/R80.30/ha-payg-R80.30/config.yaml
similarity index 100%
rename from deprecated/gcp/ha-payg-R80.30/config.yaml
rename to deprecated/gcp/R80.30/ha-payg-R80.30/config.yaml
diff --git a/deprecated/gcp/ha-payg-R80.30/default.py b/deprecated/gcp/R80.30/ha-payg-R80.30/default.py
similarity index 100%
rename from deprecated/gcp/ha-payg-R80.30/default.py
rename to deprecated/gcp/R80.30/ha-payg-R80.30/default.py
diff --git a/deprecated/gcp/ha-payg-R80.30/images.py b/deprecated/gcp/R80.30/ha-payg-R80.30/images.py
similarity index 100%
rename from deprecated/gcp/ha-payg-R80.30/images.py
rename to deprecated/gcp/R80.30/ha-payg-R80.30/images.py
diff --git a/deprecated/gcp/ha-payg-R80.30/password.py b/deprecated/gcp/R80.30/ha-payg-R80.30/password.py
similarity index 100%
rename from deprecated/gcp/ha-payg-R80.30/password.py
rename to deprecated/gcp/R80.30/ha-payg-R80.30/password.py
diff --git a/deprecated/gcp/single-byol-R80.30/README.md b/deprecated/gcp/R80.30/single-byol-R80.30/README.md
similarity index 100%
rename from deprecated/gcp/single-byol-R80.30/README.md
rename to deprecated/gcp/R80.30/single-byol-R80.30/README.md
diff --git a/deprecated/gcp/single-byol-R80.30/c2d_deployment_configuration.json b/deprecated/gcp/R80.30/single-byol-R80.30/c2d_deployment_configuration.json
similarity index 100%
rename from deprecated/gcp/single-byol-R80.30/c2d_deployment_configuration.json
rename to deprecated/gcp/R80.30/single-byol-R80.30/c2d_deployment_configuration.json
diff --git a/deprecated/gcp/single-byol-R80.30/check-point-vsec--byol.py b/deprecated/gcp/R80.30/single-byol-R80.30/check-point-vsec--byol.py
similarity index 100%
rename from deprecated/gcp/single-byol-R80.30/check-point-vsec--byol.py
rename to deprecated/gcp/R80.30/single-byol-R80.30/check-point-vsec--byol.py
diff --git a/deprecated/gcp/single-byol-R80.30/check-point-vsec--byol.py.schema b/deprecated/gcp/R80.30/single-byol-R80.30/check-point-vsec--byol.py.schema
similarity index 100%
rename from deprecated/gcp/single-byol-R80.30/check-point-vsec--byol.py.schema
rename to deprecated/gcp/R80.30/single-byol-R80.30/check-point-vsec--byol.py.schema
diff --git a/deprecated/gcp/single-byol-R80.30/common.py b/deprecated/gcp/R80.30/single-byol-R80.30/common.py
similarity index 100%
rename from deprecated/gcp/single-byol-R80.30/common.py
rename to deprecated/gcp/R80.30/single-byol-R80.30/common.py
diff --git a/deprecated/gcp/single-byol-R80.30/config.yaml b/deprecated/gcp/R80.30/single-byol-R80.30/config.yaml
similarity index 100%
rename from deprecated/gcp/single-byol-R80.30/config.yaml
rename to deprecated/gcp/R80.30/single-byol-R80.30/config.yaml
diff --git a/deprecated/gcp/single-byol-R80.30/default.py b/deprecated/gcp/R80.30/single-byol-R80.30/default.py
similarity index 100%
rename from deprecated/gcp/single-byol-R80.30/default.py
rename to deprecated/gcp/R80.30/single-byol-R80.30/default.py
diff --git a/deprecated/gcp/single-byol-R80.30/images.py b/deprecated/gcp/R80.30/single-byol-R80.30/images.py
similarity index 100%
rename from deprecated/gcp/single-byol-R80.30/images.py
rename to deprecated/gcp/R80.30/single-byol-R80.30/images.py
diff --git a/deprecated/gcp/single-byol-R80.30/password.py b/deprecated/gcp/R80.30/single-byol-R80.30/password.py
similarity index 100%
rename from deprecated/gcp/single-byol-R80.30/password.py
rename to deprecated/gcp/R80.30/single-byol-R80.30/password.py
diff --git a/deprecated/gcp/single-payg-R80.30/README.md b/deprecated/gcp/R80.30/single-payg-R80.30/README.md
similarity index 100%
rename from deprecated/gcp/single-payg-R80.30/README.md
rename to deprecated/gcp/R80.30/single-payg-R80.30/README.md
diff --git a/deprecated/gcp/single-payg-R80.30/c2d_deployment_configuration.json b/deprecated/gcp/R80.30/single-payg-R80.30/c2d_deployment_configuration.json
similarity index 100%
rename from deprecated/gcp/single-payg-R80.30/c2d_deployment_configuration.json
rename to deprecated/gcp/R80.30/single-payg-R80.30/c2d_deployment_configuration.json
diff --git a/deprecated/gcp/single-payg-R80.30/check-point-vsec--payg.py b/deprecated/gcp/R80.30/single-payg-R80.30/check-point-vsec--payg.py
similarity index 100%
rename from deprecated/gcp/single-payg-R80.30/check-point-vsec--payg.py
rename to deprecated/gcp/R80.30/single-payg-R80.30/check-point-vsec--payg.py
diff --git a/deprecated/gcp/single-payg-R80.30/check-point-vsec--payg.py.schema b/deprecated/gcp/R80.30/single-payg-R80.30/check-point-vsec--payg.py.schema
similarity index 100%
rename from deprecated/gcp/single-payg-R80.30/check-point-vsec--payg.py.schema
rename to deprecated/gcp/R80.30/single-payg-R80.30/check-point-vsec--payg.py.schema
diff --git a/deprecated/gcp/single-payg-R80.30/common.py b/deprecated/gcp/R80.30/single-payg-R80.30/common.py
similarity index 100%
rename from deprecated/gcp/single-payg-R80.30/common.py
rename to deprecated/gcp/R80.30/single-payg-R80.30/common.py
diff --git a/deprecated/gcp/single-payg-R80.30/config.yaml b/deprecated/gcp/R80.30/single-payg-R80.30/config.yaml
similarity index 100%
rename from deprecated/gcp/single-payg-R80.30/config.yaml
rename to deprecated/gcp/R80.30/single-payg-R80.30/config.yaml
diff --git a/deprecated/gcp/single-payg-R80.30/default.py b/deprecated/gcp/R80.30/single-payg-R80.30/default.py
similarity index 100%
rename from deprecated/gcp/single-payg-R80.30/default.py
rename to deprecated/gcp/R80.30/single-payg-R80.30/default.py
diff --git a/deprecated/gcp/single-payg-R80.30/images.py b/deprecated/gcp/R80.30/single-payg-R80.30/images.py
similarity index 100%
rename from deprecated/gcp/single-payg-R80.30/images.py
rename to deprecated/gcp/R80.30/single-payg-R80.30/images.py
diff --git a/deprecated/gcp/single-payg-R80.30/password.py b/deprecated/gcp/R80.30/single-payg-R80.30/password.py
similarity index 100%
rename from deprecated/gcp/single-payg-R80.30/password.py
rename to deprecated/gcp/R80.30/single-payg-R80.30/password.py
diff --git a/deprecated/gcp/R80.40-R81/autoscale-byol/README.md b/deprecated/gcp/R80.40-R81/autoscale-byol/README.md
new file mode 100644
index 00000000..d11c9a1b
--- /dev/null
+++ b/deprecated/gcp/R80.40-R81/autoscale-byol/README.md
@@ -0,0 +1,126 @@
+# GCP Deployment Manager package for Check Point Autoscaling BYOL solution
+This directory contains CloudGuard IaaS deployment package for Check Point Autoscaling (BYOL) solution published in the [GCP Marketplace](https://console.cloud.google.com/marketplace/details/checkpoint-public/check-point-autoscaling-byol).
+
+# How to deploy the package manually
+To deploy the Deployment Manager's package manually, without using the GCP Marketplace, follow these instructions:
+1. Clone or download the files in this directory
+2. Fill variables in the config.yaml(see below for variables descriptions).
+3. Log into [Google Cloud Platform Console](https://console.cloud.google.com)
+4. [Activate Cloud Shell](https://cloud.google.com/shell/docs/using-cloud-shell)
+5. Set your Cloud Platform project in the Cloud Shell session use:
+        
+        gcloud config set project [PROJECT_ID]
+6. Upload the content of the CloudGuardIaaS/gcp/deployment-packages/autoscale-byol/ directory to the [cloud shell](https://cloud.google.com/shell/docs/uploading-and-downloading-files) 
+7. Launch deployment by running:
+        
+         gcloud deployment-manager deployments create [DEPLOYMENT_NAME] --config config.yaml
+8. Make sure the deployment finished successfully. <br>Example of successful deployment output:
+        
+        The fingerprint of the deployment is h8R2exQYuc4bzlO14boUhg==
+        Waiting for create [operation-1585217870871-5a1bf4c15b9ea-f8d824d5-1089cc78]...done.
+        Create operation operation-1585217870871-5a1bf4c15b9ea-f8d824d5-1089cc78 completed successfully.
+        NAME                           TYPE                                   STATE      ERRORS  INTENT
+        mig-as                         compute.v1.regionAutoscaler            COMPLETED  []
+        mig-igm                        compute.v1.regionInstanceGroupManager  COMPLETED  []
+        mig-vpc-icmp                   compute.v1.firewall                    COMPLETED  []
+        mig-vpc-udp                    compute.v1.firewall                    COMPLETED  []
+        mig-tmplt                      compute.v1.instanceTemplate            COMPLETED  []
+        OUTPUTS                 VALUE
+        Deployment              autoscale
+        Managed instance group  https://www.googleapis.com/compute/v1/projects/checkpoint/regions/asia-east1/instanceGroups/autoscale-igm
+        Minimum instances       2
+        Maximum instances       10
+        Target CPU usage        60%
+
+## config.yaml variables
+| Name          | Description   | Type          | Allowed values |
+| ------------- | ------------- | ------------- | -------------  |
+| **autoscalingVersion** | Autoscaling Version | string | R80.40 Autoscaling;<br/>R81.00 Autoscaling;<br/>R81.10 Autoscaling;<br/>R81.20 Autoscaling;|
+|  |  |  |  |  |
+| **managementName** | Security Management Server name | string | The name of the Security Management Server as appears in autoprovisioning configuration |
+|  |  |  |  |  |
+| **AutoProvTemplate** | Configuration template name | string | Specify the provisioning configuration template name (for autoprovisioning) |
+|  |  |  |  |  |
+| **instanceSSHKey** | Public SSH key for the user 'admin' | string | A valid public ssh key |
+|  |  |  |  |  |
+| **mgmtNIC** | Management Interface | string | Ephemeral Public IP (eth0)<br/>; Private IP (eth1); |
+|  |  |  |  |  |
+| **networkDefinedByRoutes** | Networks behind the Internal interface will be defined by routes.<br/>Set eth1 topology to define the networks behind this interface by the routes configured on the gateway | boolean | true; <br/>false; |
+|  |  |  |  |  |
+| **shell** | Admin shell | string | /etc/cli.sh;<br/>/bin/bash;<br/>/bin/csh;<br/>/bin/tcsh;<br/> |
+|  |  |  |  |  |
+| **allowUploadDownload** | Allow download from/upload to Check Point  | boolean | true; <br/>false; |
+|  |  |  |  |  |
+| **zone** | The zone determines what computing resources are available and where your data is stored and used | string | List of allowed [Regions and Zones](https://cloud.google.com/compute/docs/regions-zones?_ga=2.31926582.-962483654.1585043745) |
+|  |  |  |  |  |
+| **networks** | The external networks ID in which the gateways will reside and internal networks ID in which application servers reside. | list(string) | Available network in the chosen zone  |
+|  |  |  |  |  |
+| **subnetworks** | External and Internal subnet ID. Assigns the instance an IPv4 address from the subnetwork’s range. Instances in different subnetworks can communicate with each other using their internal IPs as long as they belong to the same network. | list(string) | Available subnetwork in the chosen network  |
+|  |  |  |  |  |
+| **enableIcmp** | Allow ICMP traffic from the Internet | boolean | true; <br/>false;  |
+|  |  |  |  |  |
+| **icmpSourceRanges** | Source IP ranges for ICMP traffic | string | Traffic is only allowed from sources within these IP address ranges. Use CIDR notation when entering ranges. For gateway only. [Learn more](https://cloud.google.com/vpc/docs/vpc?_ga=2.36703144.-962483654.1585043745#firewalls) |
+|  |  |  |  |  |
+| **enableTcp** | Allow TCP traffic from the Internet | boolean | true; <br/>false;  |
+|  |  |  |  |  |
+| **tcpSourceRanges** | Allow TCP traffic from the Internet | string | Traffic is only allowed from sources within these IP address ranges. Use CIDR notation when entering ranges. For gateway all ports are allowed. For management allowed ports are: 257,18191,18210,18264,22,443,18190,19009 [Learn more](https://cloud.google.com/vpc/docs/vpc?_ga=2.36703144.-962483654.1585043745#firewalls) |
+|  |  |  |  |  |
+| **enableUdp** | Allow UDP traffic from the Internet | boolean | true; <br/>false;  |
+|  |  |  |  |  |
+| **udpSourceRanges** | Source IP ranges for UDP traffic | string | Traffic is only allowed from sources within these IP address ranges. Use CIDR notation when entering ranges. For gateway only - all ports are allowed. [Learn more](https://cloud.google.com/vpc/docs/vpc?_ga=2.36703144.-962483654.1585043745#firewalls) |
+|  |  |  |  |  |
+| **enableSctp** | Allow SCTP traffic from the Internet | boolean | true; <br/>false;  |
+|  |  |  |  |  |
+| **sctpSourceRanges** | Source IP ranges for SCTP traffic | string | Traffic is only allowed from sources within these IP address ranges. Use CIDR notation when entering ranges. For gateway only - all ports are allowed. [Learn more](https://cloud.google.com/vpc/docs/vpc?_ga=2.36703144.-962483654.1585043745#firewalls) |
+|  |  |  |  |  |
+| **enableEsp** | Allow ESP traffic from the Internet | boolean | true; <br/>false; |
+|  |  |  |  |  |
+| **espSourceRanges** | Source IP ranges for ESP traffic | string | Traffic is only allowed from sources within these IP address ranges. Use CIDR notation when entering ranges. For gateway only. [Learn more](https://cloud.google.com/vpc/docs/vpc?_ga=2.36703144.-962483654.1585043745#firewalls) |
+|  |  |  |  |  |
+| **machineType** | Machine types determine the specifications of your machines, such as the amount of memory, virtual cores, and persistent disk limits an instance will have | string | [Learn more about Machine Types](https://cloud.google.com/compute/docs/machine-types?hl=en_US&_ga=2.267871494.-962483654.1585043745) |
+|  |  |  |  |  |
+| **cpuUsage** | Target CPU usage (%).<br/>Autoscaling adds or removes instances in the group to maintain this level of CPU usage on each instance | number |  A number in the range 10 - 90 |
+|  |  |  |  |  |
+| **minInstances** | Minimum number of instances | number |  A number in the range 1 and the maximum number of instances |
+|  |  |  |  |  |
+| **maxInstances** | Maximum number of instances | number |  A number in the range the minimum number of instances and infinity |
+|  |  |  |  |  |
+| **diskType** | Disk type | string | pd-ssd;<br/>pd-standard;<br/>Storage space is much less expensive for a standard persistent disk. An SSD persistent disk is better for random IOPS or streaming throughput with low latency. [Learn more](https://cloud.google.com/compute/docs/disks/?hl=en_US&_ga=2.66020774.-962483654.1585043745#overview_of_disk_types)|
+|  |  |  |  |  |
+| **bootDiskSizeGb** | Disk size in GB | number | Persistent disk performance is tied to the size of the persistent disk volume. You are charged for the actual amount of provisioned disk space. [Learn more](https://cloud.google.com/compute/docs/disks/?hl=en_US&_ga=2.232680471.-962483654.1585043745#pdperformance)|
+|  |  |  |  |  |
+| **enableMonitoring** | Enable Stackdriver monitoring | boolean | true; <br/>false; |
+|  |  |  |  |  |
+
+## Example
+    autoscalingVersion: "R81.10 Autoscaling"
+    managementName: "mgmt"
+    AutoProvTemplate: "template"
+    instanceSSHKey: "ssh-rsa xxxxxxxxxxxxxxxxxxxxxxxx imported-openssh-key"
+    mgmtNIC: "Ephemeral Public IP (eth0)"
+    networkDefinedByRoutes: true
+    shell: "/bin/bash"
+    allowUploadDownload: true
+    zone: "asia-east1-a"
+    networks: ["external-vpc", "internal-vpc"]
+    subnetworks: ["frontend", "backend"]
+    enableIcmp: true
+    icmpSourceRanges: "0.0.0.0/0"
+    enableTcp: false
+    tcpSourceRanges: ""
+    enableUdp: true
+    udpSourceRanges: "0.0.0.0/0"
+    enableSctp: false
+    sctpSourceRanges: ""
+    enableEsp: false
+    espSourceRanges: ""
+    machineType: "n1-standard-4"
+    cpuUsage: 60
+    minInstances: 2
+    maxInstances: 10
+    diskType: "pd-ssd"
+    bootDiskSizeGb: 100
+    enableMonitoring: false
+    
+## Notes
+See [sk147032](https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk147032) for revision history
diff --git a/deprecated/gcp/R80.40-R81/autoscale-byol/c2d_deployment_configuration.json b/deprecated/gcp/R80.40-R81/autoscale-byol/c2d_deployment_configuration.json
new file mode 100644
index 00000000..67d45592
--- /dev/null
+++ b/deprecated/gcp/R80.40-R81/autoscale-byol/c2d_deployment_configuration.json
@@ -0,0 +1,7 @@
+{
+  "defaultDeploymentType": "MULTI_VM",
+  "imageName": "check-point-r8120-gw-byol-mig-631-991001475-v20231221",
+  "projectId": "checkpoint-public",
+  "templateName": "nonexistent_template",
+  "useSolutionPackage": "true"
+}
diff --git a/deprecated/gcp/R80.40-R81/autoscale-byol/check-point-autoscale--byol.py b/deprecated/gcp/R80.40-R81/autoscale-byol/check-point-autoscale--byol.py
new file mode 100644
index 00000000..0c65f374
--- /dev/null
+++ b/deprecated/gcp/R80.40-R81/autoscale-byol/check-point-autoscale--byol.py
@@ -0,0 +1,381 @@
+# Copyright 2016 Check Point Software LTD.
+
+import common
+import default
+import images
+import password
+
+GATEWAY = 'checkpoint-gateway'
+PROJECT = 'checkpoint-public'
+LICENSE = 'byol'
+LICENCE_TYPE = 'mig'
+
+VERSIONS = {
+    'R80.40-GW': 'r8040-gw',
+    'R81-GW': 'r81-gw',
+    'R81.10-GW': 'r8110-gw',
+    'R81.20-GW': 'r8120-gw'
+}
+
+TEMPLATE_NAME = 'autoscale'
+TEMPLATE_VERSION = '20231221'
+
+startup_script = '''
+#cloud-config
+runcmd:
+  - 'python3 /etc/cloud_config.py "generatePassword=\\"{generatePassword}\\"" "allowUploadDownload=\\"{allowUploadDownload}\\"" "templateName=\\"{templateName}\\"" "templateVersion=\\"{templateVersion}\\"" "mgmtNIC=\\"{mgmtNIC}\\"" "hasInternet=\\"{hasInternet}\\"" "config_url=\\"{config_url}\\"" "config_path=\\"{config_path}\\"" "installationType=\\"{installationType}\\"" "enableMonitoring=\\"{enableMonitoring}\\"" "shell=\\"{shell}\\"" "computed_sic_key=\\"{computed_sic_key}\\"" "sicKey=\\"{sicKey}\\"" "managementGUIClientNetwork=\\"{managementGUIClientNetwork}\\"" "primary_cluster_address_name=\\"{primary_cluster_address_name}\\"" "secondary_cluster_address_name=\\"{secondary_cluster_address_name}\\"" "managementNetwork=\\"{managementNetwork}\\"" "numAdditionalNICs=\\"{numAdditionalNICs}\\"" "smart1CloudToken=\\"{smart1CloudToken}\\"" "name=\\"{name}\\"" "zone=\\"{zoneConfig}\\"" "region=\\"{region}\\"" "osVersion=\\"{osVersion}\\"" "MaintenanceModePassword=\\"{maintenanceMode}\\""'
+'''
+
+
+def make_nic(context, net_name, subnet, external_ip=False):
+    prop = context.properties
+    network_interface = {
+        'kind': 'compute#networkInterface',
+        'network': common.GlobalNetworkLink(prop['project'], net_name)
+    }
+    if subnet:
+        network_interface["subnetwork"] = common.MakeRegionalSubnetworkLink(
+            prop['project'], prop['zone'], subnet)
+    # add ephemeral public IP address
+    if external_ip:
+        network_interface["accessConfigs"] = \
+            [make_access_config(name="external-nat")]
+    return network_interface
+
+
+def create_nics(context):
+    prop = context.properties
+    firewall_rules = create_firewall_rules(context)
+    if firewall_rules:
+        prop['resources'].extend(firewall_rules)
+    networks = prop.setdefault('networks', ['default'])
+    subnetworks = prop.get('subnetworks', [])
+    nics = []
+    for i in range(len(networks)):
+        name = networks[i]
+        subnet = ''
+        external_ip = prop.get('gatewayExternalIP') and i == 0
+        if subnetworks and i < len(subnetworks) and subnetworks[i]:
+            subnet = subnetworks[i]
+        network_interface = make_nic(context, name, subnet, external_ip)
+        nics.append(network_interface)
+    return nics
+
+
+def create_firewall_rules(context):
+    prop = context.properties
+    deployment = prop['deployment']
+    network = prop.setdefault('networks', ['default'])[0]
+    firewall_rules = []
+    protocols = ['Icmp', 'Udp', 'Tcp', 'Sctp', 'Esp']
+    for protocol in protocols:
+        proto = protocol.lower()
+        source_ranges = prop.get(proto + 'SourceRanges', '')
+        protocol_enabled = prop.get('enable' + protocol, '')
+        if protocol_enabled and source_ranges:
+            firewall_rules.append(make_firewall_rule(
+                proto, source_ranges, deployment, network))
+    return firewall_rules
+
+
+def make_firewall_rule(protocol, source_ranges, deployment, net_name):
+    fw_rule_name = '%s-%s-%s' % (deployment[:34], net_name[:22], protocol)
+    ranges = []
+    ranges_list = source_ranges.split(',')
+    for source_range in ranges_list:
+        ranges.append(source_range.replace(" ", ""))
+    firewall_rule = {
+        'type': default.FIREWALL,
+        'name': fw_rule_name,
+        'properties': {
+            'network': 'global/networks/' + net_name,
+            'sourceRanges': ranges,
+            'targetTags': [GATEWAY],
+            'allowed': [{'IPProtocol': protocol}]
+        }
+    }
+    return firewall_rule
+
+
+def create_instance_template(context,
+                             name,
+                             nics,
+                             depends_on=None,
+                             gw_version=VERSIONS['R81.20-GW']):
+    if 'gw' in gw_version:
+        license_name = "{}-{}".format(LICENSE, LICENCE_TYPE)
+    else:
+        license_name = LICENSE
+    family = '-'.join(['check-point', gw_version, license_name])
+    formatter = common.DefaultFormatter()
+    instance_template_name = common.AutoName(name, default.TEMPLATE)
+    instance_template = {
+        "type": default.TEMPLATE,
+        "name": instance_template_name,
+        'metadata': {
+            'dependsOn': depends_on
+        },
+        "properties": {
+            "project": context.properties['project'],
+            "properties": {
+                "canIpForward": True,
+                "disks": [{"autoDelete": True,
+                           "boot": True,
+                           "deviceName": common.set_name_and_truncate(
+                               context.properties['deployment'],
+                               '-{}-boot'.format(name)),
+                           "index": 0,
+                           "initializeParams": {
+                               "diskType":
+                                   context.properties['diskType'],
+                               "diskSizeGb":
+                                   context.properties['bootDiskSizeGb'],
+                               "sourceImage":
+                                   'projects/%s/global/images/%s' % (
+                                       PROJECT, images.IMAGES[family])
+                           },
+                           "kind": 'compute#attachedDisk',
+                           "mode": "READ_WRITE",
+                           "type": "PERSISTENT"}],
+                "machineType": context.properties['machineType'],
+                "networkInterfaces": nics,
+                'metadata': {
+                    "kind": 'compute#metadata',
+                    'items': [
+                        {
+                            'key': 'startup-script',
+                            'value': formatter.format(
+                                startup_script, **context.properties)
+                        },
+                        {
+                            'key': 'serial-port-enable',
+                            'value': 'true'
+                        }
+                    ]},
+                "scheduling": {
+                    "automaticRestart": True,
+                    "onHostMaintenance": "MIGRATE",
+                    "preemptible": False
+                },
+                "serviceAccounts": [
+                    {
+                        "email": "default",
+                        "scopes": [
+                            "https://www.googleapis.com/" +
+                            "auth/devstorage.read_only",
+                            "https://www.googleapis.com/auth/logging.write",
+                            "https://www.googleapis.com/auth/monitoring.write",
+                            "https://www.googleapis.com/auth/pubsub",
+                            "https://www.googleapis.com/" +
+                            "auth/service.management.readonly",
+                            "https://www.googleapis.com/auth/servicecontrol",
+                            "https://www.googleapis.com/auth/trace.append"
+                        ]
+                    }],
+                "tags": {
+                    "items": [
+                        'x-chkp-management--{}'.
+                        format(context.properties['managementName']),
+                        'x-chkp-template--{}'.
+                        format(context.properties['AutoProvTemplate']),
+                        'checkpoint-gateway'
+                    ]
+                }
+            }
+        }
+    }
+    tagItems = instance_template['properties']['properties']['tags']['items']
+    if context.properties['mgmtNIC'] == 'Ephemeral Public IP (eth0)':
+        tagItems.append("x-chkp-ip-address--public")
+        tagItems.append("x-chkp-management-interface--eth0")
+    elif context.properties['mgmtNIC'] == 'Private IP (eth1)':
+        tagItems.append("x-chkp-ip-address--private")
+        tagItems.append("x-chkp-management-interface--eth1")
+    if context.properties['networkDefinedByRoutes']:
+        tagItems.append("x-chkp-topology-eth1--internal")
+        tagItems.append("x-chkp-topology-settings-eth1"
+                        "--network-defined-by-routes")
+    metadata = instance_template['properties']['properties']['metadata']
+    if 'instanceSSHKey' in context.properties:
+        metadata['items'].append(
+            {
+                'key': 'instanceSSHKey',
+                'value': context.properties['instanceSSHKey']
+            }
+        )
+    passwd = ''
+    if context.properties['generatePassword']:
+        passwd = password.GeneratePassword(12, False)
+        metadata['items'].append(
+            {
+                'key': 'adminPasswordSourceMetadata',
+                'value': passwd
+            }
+        )
+    return instance_template, passwd
+
+
+def GenerateAutscaledGroup(context, name,
+                           instance_template, depends_on=None):
+    prop = context.properties
+    igm_name = common.AutoName(name, default.IGM)
+    depends_on = depends_on
+    resource = {
+        'name': igm_name,
+        'metadata': {
+            'dependsOn': depends_on
+        },
+        'type': default.REGION_IGM,
+        'properties': {
+            'region': common.ZoneToRegion(prop.get("zone")),
+            'baseInstanceName': name,
+            'instanceTemplate': '$(ref.' + instance_template + '.selfLink)',
+            'targetSize': prop.get("minInstances"),
+            # 'autoHealingPolicies': [{
+            #                    'initialDelaySec': 60
+            #    }]
+        }
+    }
+    return resource
+
+
+def CreateAutscaler(context, name,
+                    igm, cpu_usage, depends_on=None):
+    prop = context.properties
+    autoscaler_name = common.AutoName(name, default.AUTOSCALER)
+    depends_on = depends_on
+    cpu_usage = float(cpu_usage) / 100
+    resource = {
+        'name': autoscaler_name,
+        'metadata': {
+            'dependsOn': depends_on
+        },
+        'type': default.REGION_AUTOSCALER,
+        'properties': {
+            'target': '$(ref.' + igm + '.selfLink)',
+            'region': common.ZoneToRegion(prop.get("zone")),
+            'autoscalingPolicy': {
+                'minNumReplicas': int(prop.get("minInstances")),
+                'maxNumReplicas': int(prop.get("maxInstances")),
+                'cpuUtilization': {
+                    'utilizationTarget': cpu_usage
+                },
+                'coolDownPeriodSec': 90
+            }
+        }
+    }
+    return resource
+
+
+def make_access_config(name=None):
+    access_config = {
+        'type': default.ONE_NAT,
+        "kind": 'compute#accessConfig'
+    }
+    if name:
+        access_config['name'] = name
+    return access_config
+
+
+def validate_region(test_zone, valid_region):
+    test_region = common.ZoneToRegion(test_zone)
+    if test_region != valid_region:
+        err_msg = '{} is in region {}. All subnets must be ' + \
+                  'in the same region ({})'
+        raise common.Error(
+            err_msg.format(test_zone, test_region, valid_region)
+        )
+
+
+@common.FormatErrorsDec
+def generate_config(context):
+    # This method will:
+    # 1. Create a instance template for a security GW
+    # (with a tag for the managing security server)
+    # 2. Create a managed instance group
+    # (based on the instance template and zones list provided by the user)
+    # 3. Configure autoscaling
+    # (based on min, max & policy settings provided by the user)
+    prop = context.properties
+    prop['deployment'] = context.env['deployment']
+    prop['project'] = context.env['project']
+    prop['templateName'] = TEMPLATE_NAME
+    prop['templateVersion'] = TEMPLATE_VERSION
+    prop['allowUploadDownload'] = str(prop['allowUploadDownload']).lower()
+    prop['hasInternet'] = 'true'  # via Google Private Access
+    prop['installationType'] = 'AutoScale'
+    prop['resources'] = []
+    prop['outputs'] = []
+    prop['gw_dependencies'] = []
+    prop['computed_sic_key'] = password.GeneratePassword(12, False)
+    prop['gatewayExternalIP'] = (prop['mgmtNIC'] ==
+                                 'Ephemeral Public IP (eth0)')
+    version_chosen = prop['autoscalingVersion'].split(' ')[0] + "-GW"
+    prop['osVersion'] = prop['autoscalingVersion'].split(' ')[0].replace(
+        ".", "")
+    nics = create_nics(context)
+    gw_template, passwd = create_instance_template(context,
+                                                   prop['deployment'],
+                                                   nics,
+                                                   depends_on=prop[
+                                                       'gw_dependencies'],
+                                                   gw_version=VERSIONS[
+                                                       version_chosen])
+    prop['resources'] += [gw_template]
+    prop['igm_dependencies'] = [gw_template['name']]
+    igm = GenerateAutscaledGroup(context,
+                                 prop['deployment'],
+                                 gw_template['name'],
+                                 prop['igm_dependencies'])
+    prop['resources'] += [igm]
+    prop['autoscaler_dependencies'] = [igm['name']]
+    cpu_usage = prop.get("cpuUsage")
+    autoscaler = CreateAutscaler(context,
+                                 prop['deployment'],
+                                 igm['name'],
+                                 cpu_usage,
+                                 prop['autoscaler_dependencies'])
+    prop['resources'] += [autoscaler]
+    prop['outputs'] += [
+        {
+            'name': 'deployment',
+            'value': prop['deployment']
+        },
+        {
+            'name': 'project',
+            'value': prop['project']
+        },
+        {
+            'name': 'instanceTemplateName',
+            'value': gw_template['name']
+        },
+        {
+            'name': 'InstanceTemplateLink',
+            'value': common.Ref(gw_template['name'])
+        },
+        {
+            'name': 'IGMname',
+            'value': igm['name']
+        },
+        {
+            'name': 'IGMLink',
+            'value': common.RefGroup(igm['name'])
+        },
+        {
+            'name': 'cpuUsagePercentage',
+            'value': str(int(prop['cpuUsage'])) + '%'
+        },
+        {
+            'name': 'minInstancesInt',
+            'value': str(int(prop['minInstances']))
+        },
+        {
+            'name': 'maxInstancesInt',
+            'value': str(int(prop['maxInstances']))
+        },
+        {
+            'name': 'password',
+            'value': passwd
+        }
+    ]
+    return common.MakeResource(prop['resources'], prop['outputs'])
diff --git a/deprecated/gcp/R80.40-R81/autoscale-byol/check-point-autoscale--byol.py.schema b/deprecated/gcp/R80.40-R81/autoscale-byol/check-point-autoscale--byol.py.schema
new file mode 100644
index 00000000..0c5117b2
--- /dev/null
+++ b/deprecated/gcp/R80.40-R81/autoscale-byol/check-point-autoscale--byol.py.schema
@@ -0,0 +1,215 @@
+imports:
+  - path: check-point-autoscale--byol.py
+
+info:
+  version: 1.0
+  title: Check Point CloudGuard Network Security Autoscaling - BYOL Template
+
+required:
+  - autoscalingVersion
+  - networks
+  - zone
+  - machineType
+  - cpuUsage
+  - minInstances
+  - maxInstances
+  - diskType
+  - bootDiskSizeGb
+  - managementName
+  - AutoProvTemplate
+  - allowUploadDownload
+  - networkDefinedByRoutes
+  - shell
+  - enableMonitoring
+  - generatePassword
+
+properties:
+  zone:
+    type: string
+    default: us-central1-a
+    x-googleProperty:
+      type: GCE_ZONE
+  networks:
+    type: array
+    default: [default, default1]
+    minItems: 2
+    maxItems: 2
+    x-googleProperty:
+        type: GCE_NETWORK
+        gceNetwork:
+            labels:
+             - External
+             - Internal
+    allowSharedVpcs: True
+    machineTypeProperty: machineType
+  subnetworks:
+    type: array
+    minItems: 2
+    maxItems: 2
+    x-googleProperty:
+        type: GCE_SUBNETWORK
+        zoneProperty: zone
+        gceSubnetwork:
+            networkProperty: networks
+  mgmtNIC:
+    type: string
+    default: Ephemeral Public IP (eth0)
+    enum:
+      - Ephemeral Public IP (eth0)
+      - Private IP (eth1)
+  enableIcmp:
+    type: boolean
+    default: False
+    x-googleProperty:
+      type: GCE_FIREWALL
+      gceFirewall:
+        networkProperty: networks
+  icmpSourceRanges:
+    type: string
+    x-googleProperty:
+      type: GCE_FIREWALL_RANGE
+      gceFirewallRange:
+        firewallProperty: enableIcmp
+  enableTcp:
+    type: boolean
+    default: False
+    x-googleProperty:
+      type: GCE_FIREWALL
+      gceFirewall:
+        networkProperty: networks
+  tcpSourceRanges:
+    type: string
+    x-googleProperty:
+      type: GCE_FIREWALL_RANGE
+      gceFirewallRange:
+        firewallProperty: enableTcp
+  enableUdp:
+    type: boolean
+    default: False
+    x-googleProperty:
+      type: GCE_FIREWALL
+      gceFirewall:
+        networkProperty: networks
+  udpSourceRanges:
+    type: string
+    x-googleProperty:
+      type: GCE_FIREWALL_RANGE
+      gceFirewallRange:
+        firewallProperty: enableUdp
+  enableSctp:
+    type: boolean
+    default: False
+    x-googleProperty:
+      type: GCE_FIREWALL
+      gceFirewall:
+        networkProperty: networks
+  sctpSourceRanges:
+    type: string
+    x-googleProperty:
+      type: GCE_FIREWALL_RANGE
+      gceFirewallRange:
+        firewallProperty: enableSctp
+  enableEsp:
+    type: boolean
+    default: False
+    x-googleProperty:
+      type: GCE_FIREWALL
+      gceFirewall:
+        networkProperty: networks
+  espSourceRanges:
+    type: string
+    x-googleProperty:
+      type: GCE_FIREWALL_RANGE
+      gceFirewallRange:
+        firewallProperty: enableEsp
+  machineType:
+    type: string
+    default: n1-standard-4
+    x-googleProperty:
+      type: GCE_MACHINE_TYPE
+      zoneProperty: zone
+      gceMachineType:
+        minCpu: 2
+        minRamGb: 1.843000054359436
+  cpuUsage:
+    type: integer
+    minimum: 10
+    maximum: 90
+    default: 60
+  minInstances:
+    type: integer
+    minimum: 1
+    maximum: 16384
+    default: 2
+  maxInstances:
+    type: integer
+    minimum: 1
+    maximum: 32768
+    default: 10
+  instanceSSHKey:
+    type: string
+    pattern: ^([0-9a-z\-]+ +[0-9A-Za-z/\+=]+( .*)?|)$
+    default: ''
+  diskType:
+    type: string
+    default: pd-ssd
+    x-googleProperty:
+      type: GCE_DISK_TYPE
+      zoneProperty: zone
+  bootDiskSizeGb:
+    type: integer
+    default: 100
+    minimum: 100
+    maximum: 4096
+    x-googleProperty:
+      type: GCE_DISK_SIZE
+      gceDiskSize:
+        diskTypeProperty: diskType
+  autoscalingVersion:
+    type: string
+    default: R81.20 Autoscaling
+    enum:
+      - R80.40 Autoscaling
+      - R81 Autoscaling
+      - R81.10 Autoscaling
+      - R81.20 Autoscaling
+  managementName:
+    type: string
+    default: 'checkpoint-management'
+    pattern: ^([ -~]+)$
+  AutoProvTemplate:
+    type: string
+    default: 'gcp-asg-autoprov-tmplt'
+    pattern: ^([ -~]{1,30})$
+  enableMonitoring:
+    type: boolean
+    default: False
+  networkDefinedByRoutes:
+    type: boolean
+    default: True
+  allowUploadDownload:
+    type: boolean
+    default: True
+  generatePassword:
+    type: boolean
+    default: False
+  maintenanceMode:
+    type: string
+    pattern: ^([a-z0-9A-Z.]{12,300}|)$
+    default: ''
+  shell:
+    type: string
+    default: /etc/cli.sh
+    enum:
+      - /etc/cli.sh
+      - /bin/bash
+      - /bin/csh
+      - /bin/tcsh
+
+outputs:
+  deployment:
+    type: string
+  project:
+    type: string
+  password:
+    type: string
\ No newline at end of file
diff --git a/deprecated/gcp/R80.40-R81/autoscale-byol/common.py b/deprecated/gcp/R80.40-R81/autoscale-byol/common.py
new file mode 100644
index 00000000..e123c502
--- /dev/null
+++ b/deprecated/gcp/R80.40-R81/autoscale-byol/common.py
@@ -0,0 +1,262 @@
+# Copyright 2015 Google Inc. All rights reserved.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+"""Generic simple functions used for python based template generation."""
+
+import re
+import sys
+import traceback
+import default
+import string
+
+import yaml
+
+RFC1035_RE = re.compile(r'^[a-z][-a-z0-9]{1,61}[a-z0-9]{1}$')
+
+
+class Error(Exception):
+  """Common exception wrapper for template exceptions."""
+  pass
+
+
+class DefaultFormatter(string.Formatter):
+    """Returns default instead of key error when looking for keys.
+
+    Used for startup-script which contains params from multiple deployments
+    whiles keys from one deployment may not be set in another.
+    """
+    def __init__(self, default=''):
+        self.default = default
+    def get_value(self, key, args, dict):
+        if isinstance(key, str):
+            return dict.get(key, self.default)
+        else:
+            return string.Formatter.get_value(key, args, dict)
+
+
+def set_name_and_truncate(primary, secondary, maxlength=62):
+    return '%s%s' % (primary[:maxlength - len(secondary)], secondary)
+
+
+def AddDiskResourcesIfNeeded(context):
+  """Checks context if disk resources need to be added."""
+  if default.DISK_RESOURCES in context.properties:
+    return context.properties[default.DISK_RESOURCES]
+  else:
+    return []
+
+
+def AutoName(base, resource, *args):
+  """Helper method to generate names automatically based on default."""
+  auto_name = '%s-%s' % (base, '-'.join(list(args) + [default.AKA[resource]]))
+  if not RFC1035_RE.match(auto_name):
+    raise Error('"%s" name for type %s does not match RFC1035 regex (%s)' %
+                (auto_name, resource, RFC1035_RE.pattern))
+  return auto_name
+
+
+def AutoRef(base, resource, *args):
+  """Helper method that builds a reference for an auto-named resource."""
+  return Ref(AutoName(base, resource, *args))
+
+
+def OrderedItems(dict_obj):
+  """Convenient method to yield sorted iteritems of a dictionary."""
+  keys = list(dict_obj.keys())
+  keys.sort()
+  for k in keys:
+    yield (k, dict_obj[k])
+
+
+def ShortenZoneName(zone):
+  """Given a string that looks like a zone name, creates a shorter version."""
+  geo, coord, number, letter = re.findall(r'(\w+)-(\w+)(\d)-(\w)', zone)[0]
+  geo = geo.lower() if len(geo) == 2 else default.LOC[geo.lower()]
+  coord = default.LOC[coord.lower()]
+  number = str(number)
+  letter = letter.lower()
+  return geo + '-' + coord + number + letter
+
+
+def ZoneToRegion(zone):
+  """Derives the region from a zone name."""
+  parts = zone.split('-')
+  if len(parts) != 3:
+    raise Error('Cannot derive region from zone "%s"' % zone)
+  return '-'.join(parts[:2])
+
+
+def FormatException(message):
+  """Adds more information to the exception."""
+  message = ('Exception Type: %s\n'
+             'Details: %s\n'
+             'Message: %s\n') % (sys.exc_info()[0],
+                                 traceback.format_exc(), message)
+  return message
+
+
+def Ref(name):
+  return '$(ref.%s.selfLink)' % name
+
+
+def RefGroup(name):
+  return '$(ref.%s.instanceGroup)' % name
+
+
+def GlobalComputeLink(project, collection, name):
+  return ''.join([default.COMPUTE_URL_BASE, 'projects/', project, '/global/',
+                  collection, '/', name])
+
+def GlobalNetworkLink(project, network):
+  return ''.join([default.COMPUTE_URL_BASE, 'projects/', project, '/global/',
+                  default.NETWORKS, '/', network])
+
+
+def LocalComputeLink(project, zone, key, value):
+  return ''.join([default.COMPUTE_URL_BASE, 'projects/', project, '/zones/',
+                  zone, '/', key, '/', value])
+
+
+def ReadContext(context, prop_key):
+  return (context.env['project'], context.properties.get('zone', None),
+          context.properties[prop_key])
+
+
+def MakeLocalComputeLink(context, key, zone=None):
+  if not zone:
+    project, zone, value = ReadContext(context, key)
+  else:
+    project, _, value = ReadContext(context, key)
+
+  if IsComputeLink(value):
+    return value
+  else:
+    return LocalComputeLink(project, zone, key + 's', value)
+
+
+def MakeGlobalComputeLink(context, key):
+  project, _, value = ReadContext(context, key)
+  if IsComputeLink(value):
+    return value
+  else:
+    return GlobalComputeLink(project, key + 's', value)
+
+def MakeRegionalSubnetworkLink(project, zone, subnet):
+  region = ZoneToRegion(zone)
+  return ''.join([default.COMPUTE_URL_BASE, 'projects/', project, '/regions/',
+                  region, '/subnetworks/', subnet])
+
+
+def MakeSubnetworkComputeLink(context, key):
+  project, zone, value = ReadContext(context, key)
+  region = ZoneToRegion(zone)
+  return ''.join([default.COMPUTE_URL_BASE, 'projects/', project, '/regions/',
+                  region, '/subnetworks/', value])
+
+
+def MakeFQHN(context, name):
+  return '%s.c.%s.internal' % (name, context.env['project'])
+
+
+# TODO(victorg): Consider moving this method to a different file
+def MakeC2DImageLink(name, dev_mode=False):
+  if IsGlobalProjectShortcut(name) or name.startswith('http'):
+    return name
+  else:
+    if dev_mode:
+      return 'global/images/%s' % name
+    else:
+      return GlobalComputeLink(default.C2D_IMAGES, 'images', name)
+
+
+def IsGlobalProjectShortcut(name):
+  return name.startswith('projects/') or name.startswith('global/')
+
+
+def IsComputeLink(name):
+  return (name.startswith(default.COMPUTE_URL_BASE) or
+          name.startswith(default.REFERENCE_PREFIX))
+
+
+def GetNamesAndTypes(resources_dict):
+  return [(d['name'], d['type']) for d in resources_dict]
+
+
+def SummarizeResources(res_dict):
+  """Summarizes the name of resources per resource type."""
+  result = {}
+  for res in res_dict:
+    result.setdefault(res['type'], []).append(res['name'])
+  return result
+
+
+def ListPropertyValuesOfType(res_dict, prop, res_type):
+  """Lists all the values for a property of a certain type."""
+  return [r['properties'][prop] for r in res_dict if r['type'] == res_type]
+
+
+def MakeResource(resource_list, output_list=None):
+  """Wrapper for a DM template basic spec."""
+  content = {'resources': resource_list}
+  if output_list:
+    content['outputs'] = output_list
+  return yaml.dump(content)
+
+
+def TakeZoneOut(properties):
+  """Given a properties dictionary, removes the zone specific information."""
+
+  def _CleanZoneUrl(value):
+    value = value.split('/')[-1] if IsComputeLink(value) else value
+    return value
+
+  for name in default.VM_ZONE_PROPERTIES:
+    if name in properties:
+      properties[name] = _CleanZoneUrl(properties[name])
+  if default.ZONE in properties:
+    properties.pop(default.ZONE)
+  if default.BOOTDISK in properties:
+    properties[default.BOOTDISK] = _CleanZoneUrl(properties[default.BOOTDISK])
+  if default.DISKS in properties:
+    for disk in properties[default.DISKS]:
+      # Don't touch references to other disks
+      if default.DISK_SOURCE in disk:
+        continue
+      if default.INITIALIZEP in disk:
+        disk_init = disk[default.INITIALIZEP]
+      if default.DISKTYPE in disk_init:
+        disk_init[default.DISKTYPE] = _CleanZoneUrl(disk_init[default.DISKTYPE])
+
+
+def GenerateEmbeddableYaml(yaml_string):
+  # Because YAML is a space delimited format, we need to be careful about
+  # embedding one YAML document in another. This function takes in a string in
+  # YAML format and produces an equivalent YAML representation that can be
+  # inserted into arbitrary points of another YAML document. It does so by
+  # printing the YAML string in a single line format. Consistent ordering of
+  # the string is also guaranteed by using yaml.dump.
+  yaml_object = yaml.load(yaml_string)
+  dumped_yaml = yaml.dump(yaml_object, default_flow_style=True)
+  return dumped_yaml
+
+
+def FormatErrorsDec(func):
+  """Decorator to format exceptions if they get raised."""
+
+  def FormatErrorsWrap(context):
+    try:
+      return func(context)
+    except Exception as e:
+      raise Error(FormatException(e.message))
+
+  return FormatErrorsWrap
diff --git a/deprecated/gcp/R80.40-R81/autoscale-byol/config.yaml b/deprecated/gcp/R80.40-R81/autoscale-byol/config.yaml
new file mode 100644
index 00000000..bc223154
--- /dev/null
+++ b/deprecated/gcp/R80.40-R81/autoscale-byol/config.yaml
@@ -0,0 +1,50 @@
+imports:
+- path: check-point-autoscale--byol.py
+- path: common.py
+- path: default.py
+- path: password.py
+- path: images.py
+
+resources:
+- name: check-point-autoscale--byol
+  type: check-point-autoscale--byol.py
+  properties:
+    autoscalingVersion: "PLEASE ENTER AUTOSCALE VERSION"
+    managementName: "PLEASE ENTER MANAGEMENT NAME"
+    AutoProvTemplate: "PLEASE ENTER AUTOPROVISION TEMPLATE NAME"
+    instanceSSHKey: "PLEASE ENTER A VALID PUBLIC KEY"
+    mgmtNIC: "PLEASE ENTER MANAGEMENT NIC TYPE"
+    networkDefinedByRoutes: "PLEASE ENTER true or false"
+    shell: "PLEASE ENTER A SHELL"
+    allowUploadDownload: "PLEASE ENTER true or false"
+    zone: "PLEASE ENTER A ZONE"
+    networks: "PLEASE ENTER A LIST OF EXTERNAL AND INTERNAL NETWORKS ID"
+    subnetworks: "PLEASE ENTER A LIST OF EXTERNAL AND INTERNAL SUBNETWORKS ID"
+    enableIcmp: "PLEASE ENTER true or false"
+    icmpSourceRanges: "PLEASE ENTER ICMP SOURCE RANGES OR LEAVE EMPTY DOUBLE QUOTES"
+    enableTcp: "PLEASE ENTER true or false"
+    tcpSourceRanges: "PLEASE ENTER TCP SOURCE RANGES OR LEAVE EMPTY DOUBLE QUOTES"
+    enableUdp: "PLEASE ENTER true or false"
+    udpSourceRanges: "PLEASE ENTER UDP SOURCE RANGES OR LEAVE EMPTY DOUBLE QUOTES"
+    enableSctp: "PLEASE ENTER true or false"
+    sctpSourceRanges: "PLEASE ENTER SCTP SOURCE RANGES OR LEAVE EMPTY DOUBLE QUOTES"
+    enableEsp: "PLEASE ENTER true or false"
+    espSourceRanges: "PLEASE ENTER ESP SOURCE RANGES OR LEAVE EMPTY DOUBLE QUOTES"
+    machineType: "PLEASE ENTER A MACHINE TYPE"
+    cpuUsage: "PLEASE ENTER CPU USAGE (%)"
+    minInstances: "PLEASE ENTER MINIMUM NUMBER OF INSTANCES"
+    maxInstances: "PLEASE ENTER MAXIMUM NUMBER OF INSTANCES"
+    diskType: "PLEASE ENTER A DISK TYPE"
+    bootDiskSizeGb: "PLEASE ENTER A DISK SIZE"
+    enableMonitoring: "PLEASE ENTER true or false"
+outputs:
+- name: "Deployment"
+  value: $(ref.check-point-autoscale--byol.deployment)
+- name: "Managed instance group"
+  value: $(ref.check-point-autoscale--byol.IGMLink)
+- name: "Minimum instances"
+  value: $(ref.check-point-autoscale--byol.minInstancesInt)
+- name: "Maximum instances"
+  value: $(ref.check-point-autoscale--byol.maxInstancesInt)
+- name: "Target CPU usage"
+  value: $(ref.check-point-autoscale--byol.cpuUsagePercentage)
\ No newline at end of file
diff --git a/deprecated/gcp/R80.40-R81/autoscale-byol/default.py b/deprecated/gcp/R80.40-R81/autoscale-byol/default.py
new file mode 100644
index 00000000..0c7dd919
--- /dev/null
+++ b/deprecated/gcp/R80.40-R81/autoscale-byol/default.py
@@ -0,0 +1,134 @@
+# Copyright 2015 Google Inc. All rights reserved.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+"""Convenience module to hold default constants for C2D components.
+
+There should not be any logic in this module. Its purpose is to simplify
+analysis of commonly used GCP and properties names and identify the names
+that were custom created for these modules.
+"""
+# Generic constants
+C2D_IMAGES = 'click-to-deploy-images'
+
+# URL constants
+COMPUTE_URL_BASE = 'https://www.googleapis.com/compute/v1/'
+
+# Deployment Manager constructs
+REFERENCE_PREFIX = '$(ref.'
+
+# Commonly used in properties namespace
+AUTO_DELETE = 'autoDelete'
+BOOTDISK = 'bootDiskType'
+BOOTDISKSIZE = 'bootDiskSizeGb'
+C_IMAGE = 'containerImage'
+DC_MANIFEST = 'dcManifest'
+DEPLOYMENT = 'DEPLOYMENT'  # used in the deployment coordinator
+DISK_NAME = 'diskName'
+DISK_RESOURCES = 'addedDiskResources'
+DISK_SOURCE = 'source'
+ENDPOINT_NAME = 'serviceRegistryEndpointName'
+FIXED_GCLOUD = 'fixedGcloud'
+GENERATED_PROP = 'generatedProperties'
+INITIALIZEP = 'initializeParams'
+INSTANCE_NAME = 'instanceName'
+LOCAL_SSD = 'localSSDs'
+MAX_NUM = 'maxNumReplicas'
+NETWORKS = 'networks'
+NO_SCOPE = 'noScope'
+PROVIDE_BOOT = 'provideBoot'
+REPLICAS = 'replicas'
+SIZE = 'size'
+VM_COPIES = 'numberOfVMReplicas'
+ZONES = 'zones'
+
+# Common properties values (only official GCP values allowed here)
+EXTERNAL = 'External NAT'
+ONE_NAT = 'ONE_TO_ONE_NAT'
+
+# Common 1st level properties (only official GCP names allowed here)
+CAN_IP_FWD = 'canIpForward'
+CONTAINER = 'container'
+DCKRENV = 'dockerEnv'
+DCKRIMAGE = 'dockerImage'
+DEFAULT_SERVICE = 'defaultService'
+DEVICE_NAME = 'deviceName'
+DISKS = 'disks'
+DISK_SIZE = 'diskSizeGb'
+DISKTYPE = 'diskType'
+HEALTH_PATH = 'healthPath'
+HOST_RULES = 'hostRules'
+IP_PROTO = 'IPProtocol'
+MACHINETYPE = 'machineType'
+METADATA = 'metadata'
+NAME = 'name'
+NETWORK = 'network'
+NETWORKS = 'networks'
+SUBNETWORK = 'subnetwork'
+PATH_MATCHERS = 'pathMatchers'
+PORT = 'port'
+PROJECT = 'project'
+SERVICE = 'service'
+SERVICE_ACCOUNTS = 'serviceAccounts'
+SRCIMAGE = 'sourceImage'
+SRC_RANGES = 'sourceRanges'
+TAGS = 'tags'
+TYPE = 'type'
+VM_TEMPLATE = 'instanceTemplate'
+ZONE = 'zone'
+
+# Zone specfic VM properties
+VM_ZONE_PROPERTIES = [DISKTYPE, MACHINETYPE, BOOTDISK]
+
+# Resource type defaults names
+ADDRESS = 'compute.v1.address'
+AUTOSCALER = 'compute.v1.autoscaler'
+BACKEND_SERVICE = 'compute.v1.backendService'
+DISK = 'compute.v1.disk'
+ENDPOINT = 'serviceregistry.v1alpha.endpoint'
+FIREWALL = 'compute.v1.firewall'
+GF_RULE = 'compute.v1.globalForwardingRule'
+HEALTHCHECK = 'compute.v1.httpHealthCheck'
+IGM = 'compute.v1.instanceGroupManager'
+INSTANCE = 'compute.v1.instance'
+PROXY = 'compute.v1.targetHttpProxy'
+TEMPLATE = 'compute.v1.instanceTemplate'
+REGION_IGM = 'compute.v1.regionInstanceGroupManager'
+REGION_AUTOSCALER = 'compute.v1.regionAutoscaler'
+URL_MAP = 'compute.v1.urlMap'
+VPC='compute.v1.network'
+VPC_SUBNET='compute.v1.subnetwork'
+
+# Also Known As constants
+AKA = {
+    TEMPLATE: 'tmplt',
+    AUTOSCALER: 'as',
+    BACKEND_SERVICE: 'bes',
+    DISK: 'disk',
+    FIREWALL: 'fwall',
+    GF_RULE: 'ip',
+    HEALTHCHECK: 'hc',
+    INSTANCE: 'vm',
+    PROXY: 'tproxy',
+    IGM: 'igm',
+    URL_MAP: 'umap',
+}
+
+LOC = {
+    'europe': 'eu',
+    'asia': 'as',
+    'central': 'c',
+    'east': 'e',
+    'west': 'w',
+    'north': 'n',
+    'south': 's',
+}
diff --git a/deprecated/gcp/R80.40-R81/autoscale-byol/images.py b/deprecated/gcp/R80.40-R81/autoscale-byol/images.py
new file mode 100644
index 00000000..7b04bee0
--- /dev/null
+++ b/deprecated/gcp/R80.40-R81/autoscale-byol/images.py
@@ -0,0 +1,34 @@
+IMAGES = {
+  "check-point-r8120-payg": "check-point-r8120-payg-631-991001560-v20240425",
+  "check-point-r8120-gw-payg-single": "check-point-r8120-gw-payg-single-631-991001560-v20240425",
+  "check-point-r8120-gw-payg-mig": "check-point-r8120-gw-payg-mig-631-991001560-v20240425",
+  "check-point-r8120-gw-payg-cluster": "check-point-r8120-gw-payg-cluster-631-991001560-v20240425",
+  "check-point-r8120-gw-byol-single": "check-point-r8120-gw-byol-single-631-991001560-v20240425",
+  "check-point-r8120-gw-byol-mig": "check-point-r8120-gw-byol-mig-631-991001560-v20240425",
+  "check-point-r8120-gw-byol-cluster": "check-point-r8120-gw-byol-cluster-631-991001560-v20240425",
+  "check-point-r8120-byol": "check-point-r8120-byol-631-991001560-v20240425",
+  "check-point-r8110-payg": "check-point-r8110-payg-335-991001560-v20240425",
+  "check-point-r8110-gw-payg-single": "check-point-r8110-gw-payg-single-335-991001560-v20240425",
+  "check-point-r8110-gw-payg-mig": "check-point-r8110-gw-payg-mig-335-991001560-v20240425",
+  "check-point-r8110-gw-payg-cluster": "check-point-r8110-gw-payg-cluster-335-991001560-v20240425",
+  "check-point-r8110-gw-byol-single": "check-point-r8110-gw-byol-single-335-991001560-v20240425",
+  "check-point-r8110-gw-byol-mig": "check-point-r8110-gw-byol-mig-335-991001560-v20240425",
+  "check-point-r8110-gw-byol-cluster": "check-point-r8110-gw-byol-cluster-335-991001560-v20240425",
+  "check-point-r8110-byol": "check-point-r8110-byol-335-991001560-v20240425",
+  "check-point-r81-payg": "check-point-r81-payg-392-991001560-v20240425",
+  "check-point-r81-gw-payg-single": "check-point-r81-gw-payg-single-392-991001560-v20240425",
+  "check-point-r81-gw-payg-mig": "check-point-r81-gw-payg-mig-392-991001560-v20240425",
+  "check-point-r81-gw-payg-cluster": "check-point-r81-gw-payg-cluster-392-991001560-v20240425",
+  "check-point-r81-gw-byol-single": "check-point-r81-gw-byol-single-392-991001560-v20240425",
+  "check-point-r81-gw-byol-mig": "check-point-r81-gw-byol-mig-392-991001560-v20240425",
+  "check-point-r81-gw-byol-cluster": "check-point-r81-gw-byol-cluster-392-991001560-v20240425",
+  "check-point-r81-byol": "check-point-r81-byol-392-991001560-v20240425",
+  "check-point-r8040-payg": "check-point-r8040-payg-294-991001560-v20240425",
+  "check-point-r8040-gw-payg-single": "check-point-r8040-gw-payg-single-294-991001564-v20240505",
+  "check-point-r8040-gw-payg-mig": "check-point-r8040-gw-payg-mig-294-991001564-v20240505",
+  "check-point-r8040-gw-payg-cluster": "check-point-r8040-gw-payg-cluster-294-991001564-v20240505",
+  "check-point-r8040-gw-byol-single": "check-point-r8040-gw-byol-single-294-991001564-v20240505",
+  "check-point-r8040-gw-byol-mig": "check-point-r8040-gw-byol-mig-294-991001564-v20240505",
+  "check-point-r8040-gw-byol-cluster": "check-point-r8040-gw-byol-cluster-294-991001564-v20240505",
+  "check-point-r8040-byol": "check-point-r8040-byol-294-991001560-v20240425"
+}
\ No newline at end of file
diff --git a/deprecated/gcp/R80.40-R81/autoscale-byol/password.py b/deprecated/gcp/R80.40-R81/autoscale-byol/password.py
new file mode 100644
index 00000000..273210a6
--- /dev/null
+++ b/deprecated/gcp/R80.40-R81/autoscale-byol/password.py
@@ -0,0 +1,135 @@
+# Copyright 2015 Google Inc. All rights reserved.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+"""A DM template that generates password as an output, namely "password".
+
+An example YAML showing how this template can be used:
+  resources:
+  - name: generated-password
+    type: password.py
+    properties:
+      length: 8
+      includeSymbols: true
+  - name: main-template
+    type: main-template.jinja
+    properties:
+      password: $(ref.generated-password.password)
+
+Input properties to this template:
+  - length: the length of the generated password. At least 8. Default 8.
+  - includeSymbols: true/false whether to include symbol chars. Default false.
+
+The generated password satisfies the following requirements:
+  - The length is as specified,
+  - Containing letters and numbers, and optionally symbols if specified,
+  - Starting with a letter,
+  - Containing characters from at least 3 of the 4 categories: uppercases,
+    lowercases, numbers, and symbols.
+
+"""
+
+import random
+import yaml
+
+PROPERTY_LENGTH = 'length'
+PROPERTY_INCLUDE_SYMBOLS = 'includeSymbols'
+
+# Note the omission of some hard to distinguish characters like I, l, 0, and O.
+UPPERS = 'ABCDEFGHJKLMNPQRSTUVWXYZ'
+LOWERS = 'abcdefghijkmnopqrstuvwxyz'
+ALPHABET = UPPERS + LOWERS
+DIGITS = '123456789'
+ALPHANUMS = ALPHABET + DIGITS
+# Including only symbols that can be passed around easily in shell scripts.
+SYMBOLS = '*-+.'
+
+CANDIDATES_WITH_SYMBOLS = ALPHANUMS + SYMBOLS
+CANDIDATES_WITHOUT_SYMBOLS = ALPHANUMS
+
+CATEGORIES_WITH_SYMBOLS = [UPPERS, LOWERS, DIGITS, SYMBOLS]
+CATEGORIES_WITHOUT_SYMBOLS = [UPPERS, LOWERS, DIGITS]
+
+MIN_LENGTH = 8
+
+
+class InputError(Exception):
+  """Raised when input properties are unexpected."""
+
+
+def GenerateConfig(context):
+  """Entry function to generate the DM config."""
+  props = context.properties
+  length = props.setdefault(PROPERTY_LENGTH, MIN_LENGTH)
+  include_symbols = props.setdefault(PROPERTY_INCLUDE_SYMBOLS, False)
+
+  if not isinstance(include_symbols, bool):
+    raise InputError('%s must be a boolean' % PROPERTY_INCLUDE_SYMBOLS)
+
+  content = {
+      'resources': [],
+      'outputs': [{
+          'name': 'password',
+          'value': GeneratePassword(length, include_symbols)
+      }]
+  }
+  return yaml.dump(content)
+
+
+def GeneratePassword(length=8, include_symbols=False):
+  """Generates a random password."""
+  if length < MIN_LENGTH:
+    raise InputError('Password length must be at least %d' % MIN_LENGTH)
+
+  candidates = (CANDIDATES_WITH_SYMBOLS if include_symbols
+                else CANDIDATES_WITHOUT_SYMBOLS)
+  categories = (CATEGORIES_WITH_SYMBOLS if include_symbols
+                else CATEGORIES_WITHOUT_SYMBOLS)
+
+  # Generates up to the specified length minus the number of categories.
+  # Then inserts one character for each category, ensuring that the character
+  # satisfy the category if the generated string hasn't already.
+  generated = ([random.choice(ALPHABET)] +
+               [random.choice(candidates)
+                for _ in range(length - 1 - len(categories))])
+  for category in categories:
+    _InsertAndEnsureSatisfaction(generated, category, candidates)
+  return ''.join(generated)
+
+
+def _InsertAndEnsureSatisfaction(generated, required, all_candidates):
+  """Inserts 1 char into generated, satisfying required if not already.
+
+  If the required characters are not already in the generated string, one will
+  be inserted. If any required character is already in the generated string, a
+  random character from all_candidates will be inserted. The insertion happens
+  at a random location but not at the beginning.
+
+  Args:
+    generated: the string to be modified.
+    required: list of required characters to check for.
+    all_candidates: list of characters to choose from if the required characters
+        are already satisfied.
+  """
+  if set(generated).isdisjoint(required):
+    # Not yet satisfied. Insert a required candidate.
+    _InsertInto(generated, required)
+  else:
+    # Already satisfied. Insert any candidate.
+    _InsertInto(generated, all_candidates)
+
+
+def _InsertInto(generated, candidates):
+  """Inserts a random candidate into a random non-zero index of generated."""
+  # Avoids inserting at index 0, since the first character follows its own rule.
+  generated.insert(random.randint(1, len(generated) - 1),
+                   random.choice(candidates))
diff --git a/deprecated/gcp/R80.40-R81/autoscale-payg/README.md b/deprecated/gcp/R80.40-R81/autoscale-payg/README.md
new file mode 100644
index 00000000..9dfa6b83
--- /dev/null
+++ b/deprecated/gcp/R80.40-R81/autoscale-payg/README.md
@@ -0,0 +1,126 @@
+# GCP Deployment Manager package for Check Point Autoscaling PAYG solution
+This directory contains CloudGuard IaaS deployment package for Check Point Autoscaling (PAYG) solution published in the [GCP Marketplace](https://console.cloud.google.com/marketplace/details/checkpoint-public/check-point-autoscaling-ngtp).
+
+# How to deploy the package manually
+To deploy the Deployment Manager's package manually, without using the GCP Marketplace, follow these instructions:
+1. Clone or download the files in this directory
+2. Fill variables in the config.yaml(see below for variables descriptions).
+3. Log into [Google Cloud Platform Console](https://console.cloud.google.com)
+4. [Activate Cloud Shell](https://cloud.google.com/shell/docs/using-cloud-shell)
+5. Set your Cloud Platform project in the Cloud Shell session use:
+        
+        gcloud config set project [PROJECT_ID]
+6. Upload the content of the CloudGuardIaaS/gcp/deployment-packages/autoscale-payg/ directory to the [cloud shell](https://cloud.google.com/shell/docs/uploading-and-downloading-files) 
+7. Launch deployment by running:
+        
+         gcloud deployment-manager deployments create [DEPLOYMENT_NAME] --config config.yaml
+8. Make sure the deployment finished successfully. <br>Example of successful deployment output:
+        
+        The fingerprint of the deployment is h8R2exQYuc4bzlO14boUhg==
+        Waiting for create [operation-1585217870871-5a1bf4c15b9ea-f8d824d5-1089cc78]...done.
+        Create operation operation-1585217870871-5a1bf4c15b9ea-f8d824d5-1089cc78 completed successfully.
+        NAME                           TYPE                                   STATE      ERRORS  INTENT
+        mig-as                         compute.v1.regionAutoscaler            COMPLETED  []
+        mig-igm                        compute.v1.regionInstanceGroupManager  COMPLETED  []
+        mig-vpc-icmp                   compute.v1.firewall                    COMPLETED  []
+        mig-vpc-udp                    compute.v1.firewall                    COMPLETED  []
+        mig-tmplt                      compute.v1.instanceTemplate            COMPLETED  []
+        OUTPUTS                 VALUE
+        Deployment              autoscale
+        Managed instance group  https://www.googleapis.com/compute/v1/projects/checkpoint/regions/asia-east1/instanceGroups/autoscale-igm
+        Minimum instances       2
+        Maximum instances       10
+        Target CPU usage        60%
+
+## config.yaml variables
+| Name          | Description   | Type          | Allowed values |
+| ------------- | ------------- | ------------- | -------------  |
+| **autoscalingVersion** | Autoscaling Version | string | R80.40 Autoscaling;<br/>R81.00 Autoscaling;<br/>R81.10 Autoscaling;<br/>R81.20 Autoscaling;|
+|  |  |  |  |  |
+| **managementName** | Security Management Server name | string | The name of the Security Management Server as appears in autoprovisioning configuration |
+|  |  |  |  |  |
+| **AutoProvTemplate** | Configuration template name | string | Specify the provisioning configuration template name (for autoprovisioning) |
+|  |  |  |  |  |
+| **instanceSSHKey** | Public SSH key for the user 'admin' | string | A valid public ssh key |
+|  |  |  |  |  |
+| **mgmtNIC** | Management Interface | string | Ephemeral Public IP (eth0)<br/>; Private IP (eth1); |
+|  |  |  |  |  |
+| **networkDefinedByRoutes** | Networks behind the Internal interface will be defined by routes.<br/>Set eth1 topology to define the networks behind this interface by the routes configured on the gateway | boolean | true; <br/>false; |
+|  |  |  |  |  |
+| **shell** | Admin shell | string | /etc/cli.sh;<br/>/bin/bash;<br/>/bin/csh;<br/>/bin/tcsh;<br/> |
+|  |  |  |  |  |
+| **allowUploadDownload** | Allow download from/upload to Check Point  | boolean | true; <br/>false; |
+|  |  |  |  |  |
+| **zone** | The zone determines what computing resources are available and where your data is stored and used | string | List of allowed [Regions and Zones](https://cloud.google.com/compute/docs/regions-zones?_ga=2.31926582.-962483654.1585043745) |
+|  |  |  |  |  |
+| **networks** | The external networks ID in which the gateways will reside and internal networks ID in which application servers reside. | list(string) | Available network in the chosen zone  |
+|  |  |  |  |  |
+| **subnetworks** | External and Internal subnet ID. Assigns the instance an IPv4 address from the subnetwork’s range. Instances in different subnetworks can communicate with each other using their internal IPs as long as they belong to the same network. | list(string) | Available subnetwork in the chosen network  |
+|  |  |  |  |  |
+| **enableIcmp** | Allow ICMP traffic from the Internet | boolean | true; <br/>false;  |
+|  |  |  |  |  |
+| **icmpSourceRanges** | Source IP ranges for ICMP traffic | string | Traffic is only allowed from sources within these IP address ranges. Use CIDR notation when entering ranges. For gateway only. [Learn more](https://cloud.google.com/vpc/docs/vpc?_ga=2.36703144.-962483654.1585043745#firewalls) |
+|  |  |  |  |  |
+| **enableTcp** | Allow TCP traffic from the Internet | boolean | true; <br/>false;  |
+|  |  |  |  |  |
+| **tcpSourceRanges** | Allow TCP traffic from the Internet | string | Traffic is only allowed from sources within these IP address ranges. Use CIDR notation when entering ranges. For gateway all ports are allowed. For management allowed ports are: 257,18191,18210,18264,22,443,18190,19009 [Learn more](https://cloud.google.com/vpc/docs/vpc?_ga=2.36703144.-962483654.1585043745#firewalls) |
+|  |  |  |  |  |
+| **enableUdp** | Allow UDP traffic from the Internet | boolean | true; <br/>false;  |
+|  |  |  |  |  |
+| **udpSourceRanges** | Source IP ranges for UDP traffic | string | Traffic is only allowed from sources within these IP address ranges. Use CIDR notation when entering ranges. For gateway only - all ports are allowed. [Learn more](https://cloud.google.com/vpc/docs/vpc?_ga=2.36703144.-962483654.1585043745#firewalls) |
+|  |  |  |  |  |
+| **enableSctp** | Allow SCTP traffic from the Internet | boolean | true; <br/>false;  |
+|  |  |  |  |  |
+| **sctpSourceRanges** | Source IP ranges for SCTP traffic | string | Traffic is only allowed from sources within these IP address ranges. Use CIDR notation when entering ranges. For gateway only - all ports are allowed. [Learn more](https://cloud.google.com/vpc/docs/vpc?_ga=2.36703144.-962483654.1585043745#firewalls) |
+|  |  |  |  |  |
+| **enableEsp** | Allow ESP traffic from the Internet | boolean | true; <br/>false; |
+|  |  |  |  |  |
+| **espSourceRanges** | Source IP ranges for ESP traffic | string | Traffic is only allowed from sources within these IP address ranges. Use CIDR notation when entering ranges. For gateway only. [Learn more](https://cloud.google.com/vpc/docs/vpc?_ga=2.36703144.-962483654.1585043745#firewalls) |
+|  |  |  |  |  |
+| **machineType** | Machine types determine the specifications of your machines, such as the amount of memory, virtual cores, and persistent disk limits an instance will have | string | [Learn more about Machine Types](https://cloud.google.com/compute/docs/machine-types?hl=en_US&_ga=2.267871494.-962483654.1585043745) |
+|  |  |  |  |  |
+| **cpuUsage** | Target CPU usage (%).<br/>Autoscaling adds or removes instances in the group to maintain this level of CPU usage on each instance | number |  A number in the range 10 - 90 |
+|  |  |  |  |  |
+| **minInstances** | Minimum number of instances | number |  A number in the range 1 and the maximum number of instances |
+|  |  |  |  |  |
+| **maxInstances** | Maximum number of instances | number |  A number in the range the minimum number of instances and infinity |
+|  |  |  |  |  |
+| **diskType** | Disk type | string | pd-ssd;<br/>pd-standard;<br/>Storage space is much less expensive for a standard persistent disk. An SSD persistent disk is better for random IOPS or streaming throughput with low latency. [Learn more](https://cloud.google.com/compute/docs/disks/?hl=en_US&_ga=2.66020774.-962483654.1585043745#overview_of_disk_types)|
+|  |  |  |  |  |
+| **bootDiskSizeGb** | Disk size in GB | number | Persistent disk performance is tied to the size of the persistent disk volume. You are charged for the actual amount of provisioned disk space. [Learn more](https://cloud.google.com/compute/docs/disks/?hl=en_US&_ga=2.232680471.-962483654.1585043745#pdperformance)|
+|  |  |  |  |  |
+| **enableMonitoring** | Enable Stackdriver monitoring | boolean | true; <br/>false; |
+|  |  |  |  |  |
+
+## Example
+    autoscalingVersion: "R81.10 Autoscaling"
+    managementName: "mgmt"
+    AutoProvTemplate: "template"
+    instanceSSHKey: "ssh-rsa xxxxxxxxxxxxxxxxxxxxxxxx imported-openssh-key"
+    mgmtNIC: "Ephemeral Public IP (eth0)"
+    networkDefinedByRoutes: true
+    shell: "/bin/bash"
+    allowUploadDownload: true
+    zone: "asia-east1-a"
+    networks: ["external-vpc", "internal-vpc"]
+    subnetworks: ["frontend", "backend"]
+    enableIcmp: true
+    icmpSourceRanges: "0.0.0.0/0"
+    enableTcp: false
+    tcpSourceRanges: ""
+    enableUdp: true
+    udpSourceRanges: "0.0.0.0/0"
+    enableSctp: false
+    sctpSourceRanges: ""
+    enableEsp: false
+    espSourceRanges: ""
+    machineType: "n1-standard-4"
+    cpuUsage: 60
+    minInstances: 2
+    maxInstances: 10
+    diskType: "pd-ssd"
+    bootDiskSizeGb: 100
+    enableMonitoring: false
+    
+## Notes
+See [sk147032](https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk147032) for revision history
diff --git a/deprecated/gcp/R80.40-R81/autoscale-payg/c2d_deployment_configuration.json b/deprecated/gcp/R80.40-R81/autoscale-payg/c2d_deployment_configuration.json
new file mode 100644
index 00000000..4141cb87
--- /dev/null
+++ b/deprecated/gcp/R80.40-R81/autoscale-payg/c2d_deployment_configuration.json
@@ -0,0 +1,7 @@
+{
+  "defaultDeploymentType": "MULTI_VM",
+  "imageName": "check-point-r8120-gw-payg-mig-631-991001475-v20231221",
+  "projectId": "checkpoint-public",
+  "templateName": "nonexistent_template",
+  "useSolutionPackage": "true"
+}
diff --git a/deprecated/gcp/R80.40-R81/autoscale-payg/check-point-autoscale--payg.py b/deprecated/gcp/R80.40-R81/autoscale-payg/check-point-autoscale--payg.py
new file mode 100644
index 00000000..05acbfdc
--- /dev/null
+++ b/deprecated/gcp/R80.40-R81/autoscale-payg/check-point-autoscale--payg.py
@@ -0,0 +1,381 @@
+# Copyright 2016 Check Point Software LTD.
+
+import common
+import default
+import images
+import password
+
+GATEWAY = 'checkpoint-gateway'
+PROJECT = 'checkpoint-public'
+LICENSE = 'payg'
+LICENCE_TYPE = 'mig'
+
+VERSIONS = {
+    'R80.40-GW': 'r8040-gw',
+    'R81-GW': 'r81-gw',
+    'R81.10-GW': 'r8110-gw',
+    'R81.20-GW': 'r8120-gw'
+}
+
+TEMPLATE_NAME = 'autoscale'
+TEMPLATE_VERSION = '20231221'
+
+startup_script = '''
+#cloud-config
+runcmd:
+  - 'python3 /etc/cloud_config.py "generatePassword=\\"{generatePassword}\\"" "allowUploadDownload=\\"{allowUploadDownload}\\"" "templateName=\\"{templateName}\\"" "templateVersion=\\"{templateVersion}\\"" "mgmtNIC=\\"{mgmtNIC}\\"" "hasInternet=\\"{hasInternet}\\"" "config_url=\\"{config_url}\\"" "config_path=\\"{config_path}\\"" "installationType=\\"{installationType}\\"" "enableMonitoring=\\"{enableMonitoring}\\"" "shell=\\"{shell}\\"" "computed_sic_key=\\"{computed_sic_key}\\"" "sicKey=\\"{sicKey}\\"" "managementGUIClientNetwork=\\"{managementGUIClientNetwork}\\"" "primary_cluster_address_name=\\"{primary_cluster_address_name}\\"" "secondary_cluster_address_name=\\"{secondary_cluster_address_name}\\"" "managementNetwork=\\"{managementNetwork}\\"" "numAdditionalNICs=\\"{numAdditionalNICs}\\"" "smart1CloudToken=\\"{smart1CloudToken}\\"" "name=\\"{name}\\"" "zone=\\"{zoneConfig}\\"" "region=\\"{region}\\"" "osVersion=\\"{osVersion}\\"" "MaintenanceModePassword=\\"{maintenanceMode}\\""'
+'''
+
+
+def make_nic(context, net_name, subnet, external_ip=False):
+    prop = context.properties
+    network_interface = {
+        'kind': 'compute#networkInterface',
+        'network': common.GlobalNetworkLink(prop['project'], net_name)
+    }
+    if subnet:
+        network_interface["subnetwork"] = common.MakeRegionalSubnetworkLink(
+            prop['project'], prop['zone'], subnet)
+    # add ephemeral public IP address
+    if external_ip:
+        network_interface["accessConfigs"] = \
+            [make_access_config(name="external-nat")]
+    return network_interface
+
+
+def create_nics(context):
+    prop = context.properties
+    firewall_rules = create_firewall_rules(context)
+    if firewall_rules:
+        prop['resources'].extend(firewall_rules)
+    networks = prop.setdefault('networks', ['default'])
+    subnetworks = prop.get('subnetworks', [])
+    nics = []
+    for i in range(len(networks)):
+        name = networks[i]
+        subnet = ''
+        external_ip = prop.get('gatewayExternalIP') and i == 0
+        if subnetworks and i < len(subnetworks) and subnetworks[i]:
+            subnet = subnetworks[i]
+        network_interface = make_nic(context, name, subnet, external_ip)
+        nics.append(network_interface)
+    return nics
+
+
+def create_firewall_rules(context):
+    prop = context.properties
+    deployment = prop['deployment']
+    network = prop.setdefault('networks', ['default'])[0]
+    firewall_rules = []
+    protocols = ['Icmp', 'Udp', 'Tcp', 'Sctp', 'Esp']
+    for protocol in protocols:
+        proto = protocol.lower()
+        source_ranges = prop.get(proto + 'SourceRanges', '')
+        protocol_enabled = prop.get('enable' + protocol, '')
+        if protocol_enabled and source_ranges:
+            firewall_rules.append(make_firewall_rule(
+                proto, source_ranges, deployment, network))
+    return firewall_rules
+
+
+def make_firewall_rule(protocol, source_ranges, deployment, net_name):
+    fw_rule_name = '%s-%s-%s' % (deployment[:34], net_name[:22], protocol)
+    ranges = []
+    ranges_list = source_ranges.split(',')
+    for source_range in ranges_list:
+        ranges.append(source_range.replace(" ", ""))
+    firewall_rule = {
+        'type': default.FIREWALL,
+        'name': fw_rule_name,
+        'properties': {
+            'network': 'global/networks/' + net_name,
+            'sourceRanges': ranges,
+            'targetTags': [GATEWAY],
+            'allowed': [{'IPProtocol': protocol}]
+        }
+    }
+    return firewall_rule
+
+
+def create_instance_template(context,
+                             name,
+                             nics,
+                             depends_on=None,
+                             gw_version=VERSIONS['R81.20-GW']):
+    if 'gw' in gw_version:
+        license_name = "{}-{}".format(LICENSE, LICENCE_TYPE)
+    else:
+        license_name = LICENSE
+    family = '-'.join(['check-point', gw_version, license_name])
+    formatter = common.DefaultFormatter()
+    instance_template_name = common.AutoName(name, default.TEMPLATE)
+    instance_template = {
+        "type": default.TEMPLATE,
+        "name": instance_template_name,
+        'metadata': {
+            'dependsOn': depends_on
+        },
+        "properties": {
+            "project": context.properties['project'],
+            "properties": {
+                "canIpForward": True,
+                "disks": [{"autoDelete": True,
+                           "boot": True,
+                           "deviceName": common.set_name_and_truncate(
+                               context.properties['deployment'],
+                               '-{}-boot'.format(name)),
+                           "index": 0,
+                           "initializeParams": {
+                               "diskType":
+                                   context.properties['diskType'],
+                               "diskSizeGb":
+                                   context.properties['bootDiskSizeGb'],
+                               "sourceImage":
+                                   'projects/%s/global/images/%s' % (
+                                       PROJECT, images.IMAGES[family])
+                           },
+                           "kind": 'compute#attachedDisk',
+                           "mode": "READ_WRITE",
+                           "type": "PERSISTENT"}],
+                "machineType": context.properties['machineType'],
+                "networkInterfaces": nics,
+                'metadata': {
+                    "kind": 'compute#metadata',
+                    'items': [
+                        {
+                            'key': 'startup-script',
+                            'value': formatter.format(
+                                startup_script, **context.properties)
+                        },
+                        {
+                            'key': 'serial-port-enable',
+                            'value': 'true'
+                        }
+                    ]},
+                "scheduling": {
+                    "automaticRestart": True,
+                    "onHostMaintenance": "MIGRATE",
+                    "preemptible": False
+                },
+                "serviceAccounts": [
+                    {
+                        "email": "default",
+                        "scopes": [
+                            "https://www.googleapis.com/" +
+                            "auth/devstorage.read_only",
+                            "https://www.googleapis.com/auth/logging.write",
+                            "https://www.googleapis.com/auth/monitoring.write",
+                            "https://www.googleapis.com/auth/pubsub",
+                            "https://www.googleapis.com/" +
+                            "auth/service.management.readonly",
+                            "https://www.googleapis.com/auth/servicecontrol",
+                            "https://www.googleapis.com/auth/trace.append"
+                        ]
+                    }],
+                "tags": {
+                    "items": [
+                        'x-chkp-management--{}'.
+                        format(context.properties['managementName']),
+                        'x-chkp-template--{}'.
+                        format(context.properties['AutoProvTemplate']),
+                        'checkpoint-gateway'
+                    ]
+                }
+            }
+        }
+    }
+    tagItems = instance_template['properties']['properties']['tags']['items']
+    if context.properties['mgmtNIC'] == 'Ephemeral Public IP (eth0)':
+        tagItems.append("x-chkp-ip-address--public")
+        tagItems.append("x-chkp-management-interface--eth0")
+    elif context.properties['mgmtNIC'] == 'Private IP (eth1)':
+        tagItems.append("x-chkp-ip-address--private")
+        tagItems.append("x-chkp-management-interface--eth1")
+    if context.properties['networkDefinedByRoutes']:
+        tagItems.append("x-chkp-topology-eth1--internal")
+        tagItems.append("x-chkp-topology-settings-eth1"
+                        "--network-defined-by-routes")
+    metadata = instance_template['properties']['properties']['metadata']
+    if 'instanceSSHKey' in context.properties:
+        metadata['items'].append(
+            {
+                'key': 'instanceSSHKey',
+                'value': context.properties['instanceSSHKey']
+            }
+        )
+    passwd = ''
+    if context.properties['generatePassword']:
+        passwd = password.GeneratePassword(12, False)
+        metadata['items'].append(
+            {
+                'key': 'adminPasswordSourceMetadata',
+                'value': passwd
+            }
+        )
+    return instance_template, passwd
+
+
+def GenerateAutscaledGroup(context, name,
+                           instance_template, depends_on=None):
+    prop = context.properties
+    igm_name = common.AutoName(name, default.IGM)
+    depends_on = depends_on
+    resource = {
+        'name': igm_name,
+        'metadata': {
+            'dependsOn': depends_on
+        },
+        'type': default.REGION_IGM,
+        'properties': {
+            'region': common.ZoneToRegion(prop.get("zone")),
+            'baseInstanceName': name,
+            'instanceTemplate': '$(ref.' + instance_template + '.selfLink)',
+            'targetSize': prop.get("minInstances"),
+            # 'autoHealingPolicies': [{
+            #                    'initialDelaySec': 60
+            #    }]
+        }
+    }
+    return resource
+
+
+def CreateAutscaler(context, name,
+                    igm, cpu_usage, depends_on=None):
+    prop = context.properties
+    autoscaler_name = common.AutoName(name, default.AUTOSCALER)
+    depends_on = depends_on
+    cpu_usage = float(cpu_usage) / 100
+    resource = {
+        'name': autoscaler_name,
+        'metadata': {
+            'dependsOn': depends_on
+        },
+        'type': default.REGION_AUTOSCALER,
+        'properties': {
+            'target': '$(ref.' + igm + '.selfLink)',
+            'region': common.ZoneToRegion(prop.get("zone")),
+            'autoscalingPolicy': {
+                'minNumReplicas': int(prop.get("minInstances")),
+                'maxNumReplicas': int(prop.get("maxInstances")),
+                'cpuUtilization': {
+                    'utilizationTarget': cpu_usage
+                },
+                'coolDownPeriodSec': 90
+            }
+        }
+    }
+    return resource
+
+
+def make_access_config(name=None):
+    access_config = {
+        'type': default.ONE_NAT,
+        "kind": 'compute#accessConfig'
+    }
+    if name:
+        access_config['name'] = name
+    return access_config
+
+
+def validate_region(test_zone, valid_region):
+    test_region = common.ZoneToRegion(test_zone)
+    if test_region != valid_region:
+        err_msg = '{} is in region {}. All subnets must be ' + \
+                  'in the same region ({})'
+        raise common.Error(
+            err_msg.format(test_zone, test_region, valid_region)
+        )
+
+
+@common.FormatErrorsDec
+def generate_config(context):
+    # This method will:
+    # 1. Create a instance template for a security GW
+    # (with a tag for the managing security server)
+    # 2. Create a managed instance group
+    # (based on the instance template and zones list provided by the user)
+    # 3. Configure autoscaling
+    # (based on min, max & policy settings provided by the user)
+    prop = context.properties
+    prop['deployment'] = context.env['deployment']
+    prop['project'] = context.env['project']
+    prop['templateName'] = TEMPLATE_NAME
+    prop['templateVersion'] = TEMPLATE_VERSION
+    prop['allowUploadDownload'] = str(prop['allowUploadDownload']).lower()
+    prop['hasInternet'] = 'true'  # via Google Private Access
+    prop['installationType'] = 'AutoScale'
+    prop['resources'] = []
+    prop['outputs'] = []
+    prop['gw_dependencies'] = []
+    prop['computed_sic_key'] = password.GeneratePassword(12, False)
+    prop['gatewayExternalIP'] = (prop['mgmtNIC'] ==
+                                 'Ephemeral Public IP (eth0)')
+    version_chosen = prop['autoscalingVersion'].split(' ')[0] + "-GW"
+    prop['osVersion'] = prop['autoscalingVersion'].split(' ')[0].replace(
+        ".", "")
+    nics = create_nics(context)
+    gw_template, passwd = create_instance_template(context,
+                                                   prop['deployment'],
+                                                   nics,
+                                                   depends_on=prop[
+                                                       'gw_dependencies'],
+                                                   gw_version=VERSIONS[
+                                                       version_chosen])
+    prop['resources'] += [gw_template]
+    prop['igm_dependencies'] = [gw_template['name']]
+    igm = GenerateAutscaledGroup(context,
+                                 prop['deployment'],
+                                 gw_template['name'],
+                                 prop['igm_dependencies'])
+    prop['resources'] += [igm]
+    prop['autoscaler_dependencies'] = [igm['name']]
+    cpu_usage = prop.get("cpuUsage")
+    autoscaler = CreateAutscaler(context,
+                                 prop['deployment'],
+                                 igm['name'],
+                                 cpu_usage,
+                                 prop['autoscaler_dependencies'])
+    prop['resources'] += [autoscaler]
+    prop['outputs'] += [
+        {
+            'name': 'deployment',
+            'value': prop['deployment']
+        },
+        {
+            'name': 'project',
+            'value': prop['project']
+        },
+        {
+            'name': 'instanceTemplateName',
+            'value': gw_template['name']
+        },
+        {
+            'name': 'InstanceTemplateLink',
+            'value': common.Ref(gw_template['name'])
+        },
+        {
+            'name': 'IGMname',
+            'value': igm['name']
+        },
+        {
+            'name': 'IGMLink',
+            'value': common.RefGroup(igm['name'])
+        },
+        {
+            'name': 'cpuUsagePercentage',
+            'value': str(int(prop['cpuUsage'])) + '%'
+        },
+        {
+            'name': 'minInstancesInt',
+            'value': str(int(prop['minInstances']))
+        },
+        {
+            'name': 'maxInstancesInt',
+            'value': str(int(prop['maxInstances']))
+        },
+        {
+            'name': 'password',
+            'value': passwd
+        }
+    ]
+    return common.MakeResource(prop['resources'], prop['outputs'])
diff --git a/deprecated/gcp/R80.40-R81/autoscale-payg/check-point-autoscale--payg.py.schema b/deprecated/gcp/R80.40-R81/autoscale-payg/check-point-autoscale--payg.py.schema
new file mode 100644
index 00000000..b3ab0980
--- /dev/null
+++ b/deprecated/gcp/R80.40-R81/autoscale-payg/check-point-autoscale--payg.py.schema
@@ -0,0 +1,215 @@
+imports:
+  - path: check-point-autoscale--payg.py
+
+info:
+  version: 1.0
+  title: Check Point CloudGuard Network Security Autoscaling - PAYG Template
+
+required:
+  - autoscalingVersion
+  - networks
+  - zone
+  - machineType
+  - cpuUsage
+  - minInstances
+  - maxInstances
+  - diskType
+  - bootDiskSizeGb
+  - managementName
+  - AutoProvTemplate
+  - allowUploadDownload
+  - networkDefinedByRoutes
+  - shell
+  - enableMonitoring
+  - generatePassword
+
+properties:
+  zone:
+    type: string
+    default: us-central1-a
+    x-googleProperty:
+      type: GCE_ZONE
+  networks:
+    type: array
+    default: [default, default1]
+    minItems: 2
+    maxItems: 2
+    x-googleProperty:
+        type: GCE_NETWORK
+        gceNetwork:
+            labels:
+             - External
+             - Internal
+    allowSharedVpcs: True
+    machineTypeProperty: machineType
+  subnetworks:
+    type: array
+    minItems: 2
+    maxItems: 2
+    x-googleProperty:
+        type: GCE_SUBNETWORK
+        zoneProperty: zone
+        gceSubnetwork:
+            networkProperty: networks
+  mgmtNIC:
+    type: string
+    default: Ephemeral Public IP (eth0)
+    enum:
+      - Ephemeral Public IP (eth0)
+      - Private IP (eth1)
+  enableIcmp:
+    type: boolean
+    default: False
+    x-googleProperty:
+      type: GCE_FIREWALL
+      gceFirewall:
+        networkProperty: networks
+  icmpSourceRanges:
+    type: string
+    x-googleProperty:
+      type: GCE_FIREWALL_RANGE
+      gceFirewallRange:
+        firewallProperty: enableIcmp
+  enableTcp:
+    type: boolean
+    default: False
+    x-googleProperty:
+      type: GCE_FIREWALL
+      gceFirewall:
+        networkProperty: networks
+  tcpSourceRanges:
+    type: string
+    x-googleProperty:
+      type: GCE_FIREWALL_RANGE
+      gceFirewallRange:
+        firewallProperty: enableTcp
+  enableUdp:
+    type: boolean
+    default: False
+    x-googleProperty:
+      type: GCE_FIREWALL
+      gceFirewall:
+        networkProperty: networks
+  udpSourceRanges:
+    type: string
+    x-googleProperty:
+      type: GCE_FIREWALL_RANGE
+      gceFirewallRange:
+        firewallProperty: enableUdp
+  enableSctp:
+    type: boolean
+    default: False
+    x-googleProperty:
+      type: GCE_FIREWALL
+      gceFirewall:
+        networkProperty: networks
+  sctpSourceRanges:
+    type: string
+    x-googleProperty:
+      type: GCE_FIREWALL_RANGE
+      gceFirewallRange:
+        firewallProperty: enableSctp
+  enableEsp:
+    type: boolean
+    default: False
+    x-googleProperty:
+      type: GCE_FIREWALL
+      gceFirewall:
+        networkProperty: networks
+  espSourceRanges:
+    type: string
+    x-googleProperty:
+      type: GCE_FIREWALL_RANGE
+      gceFirewallRange:
+        firewallProperty: enableEsp
+  machineType:
+    type: string
+    default: n1-standard-4
+    x-googleProperty:
+      type: GCE_MACHINE_TYPE
+      zoneProperty: zone
+      gceMachineType:
+        minCpu: 2
+        minRamGb: 1.843000054359436
+  cpuUsage:
+    type: integer
+    minimum: 10
+    maximum: 90
+    default: 60
+  minInstances:
+    type: integer
+    minimum: 1
+    maximum: 16384
+    default: 2
+  maxInstances:
+    type: integer
+    minimum: 1
+    maximum: 32768
+    default: 10
+  instanceSSHKey:
+    type: string
+    pattern: ^([0-9a-z\-]+ +[0-9A-Za-z/\+=]+( .*)?|)$
+    default: ''
+  diskType:
+    type: string
+    default: pd-ssd
+    x-googleProperty:
+      type: GCE_DISK_TYPE
+      zoneProperty: zone
+  bootDiskSizeGb:
+    type: integer
+    default: 100
+    minimum: 100
+    maximum: 4096
+    x-googleProperty:
+      type: GCE_DISK_SIZE
+      gceDiskSize:
+        diskTypeProperty: diskType
+  autoscalingVersion:
+    type: string
+    default: R81.20 Autoscaling
+    enum:
+      - R80.40 Autoscaling
+      - R81 Autoscaling
+      - R81.10 Autoscaling
+      - R81.20 Autoscaling
+  managementName:
+    type: string
+    default: 'checkpoint-management'
+    pattern: ^([ -~]+)$
+  AutoProvTemplate:
+    type: string
+    default: 'gcp-asg-autoprov-tmplt'
+    pattern: ^([ -~]{1,30})$
+  enableMonitoring:
+    type: boolean
+    default: False
+  networkDefinedByRoutes:
+    type: boolean
+    default: True
+  allowUploadDownload:
+    type: boolean
+    default: True
+  generatePassword:
+    type: boolean
+    default: False
+  maintenanceMode:
+    type: string
+    pattern: ^([a-z0-9A-Z.]{12,300}|)$
+    default: ''
+  shell:
+    type: string
+    default: /etc/cli.sh
+    enum:
+      - /etc/cli.sh
+      - /bin/bash
+      - /bin/csh
+      - /bin/tcsh
+
+outputs:
+  deployment:
+    type: string
+  project:
+    type: string
+  password:
+    type: string
\ No newline at end of file
diff --git a/deprecated/gcp/R80.40-R81/autoscale-payg/common.py b/deprecated/gcp/R80.40-R81/autoscale-payg/common.py
new file mode 100644
index 00000000..e123c502
--- /dev/null
+++ b/deprecated/gcp/R80.40-R81/autoscale-payg/common.py
@@ -0,0 +1,262 @@
+# Copyright 2015 Google Inc. All rights reserved.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+"""Generic simple functions used for python based template generation."""
+
+import re
+import sys
+import traceback
+import default
+import string
+
+import yaml
+
+RFC1035_RE = re.compile(r'^[a-z][-a-z0-9]{1,61}[a-z0-9]{1}$')
+
+
+class Error(Exception):
+  """Common exception wrapper for template exceptions."""
+  pass
+
+
+class DefaultFormatter(string.Formatter):
+    """Returns default instead of key error when looking for keys.
+
+    Used for startup-script which contains params from multiple deployments
+    whiles keys from one deployment may not be set in another.
+    """
+    def __init__(self, default=''):
+        self.default = default
+    def get_value(self, key, args, dict):
+        if isinstance(key, str):
+            return dict.get(key, self.default)
+        else:
+            return string.Formatter.get_value(key, args, dict)
+
+
+def set_name_and_truncate(primary, secondary, maxlength=62):
+    return '%s%s' % (primary[:maxlength - len(secondary)], secondary)
+
+
+def AddDiskResourcesIfNeeded(context):
+  """Checks context if disk resources need to be added."""
+  if default.DISK_RESOURCES in context.properties:
+    return context.properties[default.DISK_RESOURCES]
+  else:
+    return []
+
+
+def AutoName(base, resource, *args):
+  """Helper method to generate names automatically based on default."""
+  auto_name = '%s-%s' % (base, '-'.join(list(args) + [default.AKA[resource]]))
+  if not RFC1035_RE.match(auto_name):
+    raise Error('"%s" name for type %s does not match RFC1035 regex (%s)' %
+                (auto_name, resource, RFC1035_RE.pattern))
+  return auto_name
+
+
+def AutoRef(base, resource, *args):
+  """Helper method that builds a reference for an auto-named resource."""
+  return Ref(AutoName(base, resource, *args))
+
+
+def OrderedItems(dict_obj):
+  """Convenient method to yield sorted iteritems of a dictionary."""
+  keys = list(dict_obj.keys())
+  keys.sort()
+  for k in keys:
+    yield (k, dict_obj[k])
+
+
+def ShortenZoneName(zone):
+  """Given a string that looks like a zone name, creates a shorter version."""
+  geo, coord, number, letter = re.findall(r'(\w+)-(\w+)(\d)-(\w)', zone)[0]
+  geo = geo.lower() if len(geo) == 2 else default.LOC[geo.lower()]
+  coord = default.LOC[coord.lower()]
+  number = str(number)
+  letter = letter.lower()
+  return geo + '-' + coord + number + letter
+
+
+def ZoneToRegion(zone):
+  """Derives the region from a zone name."""
+  parts = zone.split('-')
+  if len(parts) != 3:
+    raise Error('Cannot derive region from zone "%s"' % zone)
+  return '-'.join(parts[:2])
+
+
+def FormatException(message):
+  """Adds more information to the exception."""
+  message = ('Exception Type: %s\n'
+             'Details: %s\n'
+             'Message: %s\n') % (sys.exc_info()[0],
+                                 traceback.format_exc(), message)
+  return message
+
+
+def Ref(name):
+  return '$(ref.%s.selfLink)' % name
+
+
+def RefGroup(name):
+  return '$(ref.%s.instanceGroup)' % name
+
+
+def GlobalComputeLink(project, collection, name):
+  return ''.join([default.COMPUTE_URL_BASE, 'projects/', project, '/global/',
+                  collection, '/', name])
+
+def GlobalNetworkLink(project, network):
+  return ''.join([default.COMPUTE_URL_BASE, 'projects/', project, '/global/',
+                  default.NETWORKS, '/', network])
+
+
+def LocalComputeLink(project, zone, key, value):
+  return ''.join([default.COMPUTE_URL_BASE, 'projects/', project, '/zones/',
+                  zone, '/', key, '/', value])
+
+
+def ReadContext(context, prop_key):
+  return (context.env['project'], context.properties.get('zone', None),
+          context.properties[prop_key])
+
+
+def MakeLocalComputeLink(context, key, zone=None):
+  if not zone:
+    project, zone, value = ReadContext(context, key)
+  else:
+    project, _, value = ReadContext(context, key)
+
+  if IsComputeLink(value):
+    return value
+  else:
+    return LocalComputeLink(project, zone, key + 's', value)
+
+
+def MakeGlobalComputeLink(context, key):
+  project, _, value = ReadContext(context, key)
+  if IsComputeLink(value):
+    return value
+  else:
+    return GlobalComputeLink(project, key + 's', value)
+
+def MakeRegionalSubnetworkLink(project, zone, subnet):
+  region = ZoneToRegion(zone)
+  return ''.join([default.COMPUTE_URL_BASE, 'projects/', project, '/regions/',
+                  region, '/subnetworks/', subnet])
+
+
+def MakeSubnetworkComputeLink(context, key):
+  project, zone, value = ReadContext(context, key)
+  region = ZoneToRegion(zone)
+  return ''.join([default.COMPUTE_URL_BASE, 'projects/', project, '/regions/',
+                  region, '/subnetworks/', value])
+
+
+def MakeFQHN(context, name):
+  return '%s.c.%s.internal' % (name, context.env['project'])
+
+
+# TODO(victorg): Consider moving this method to a different file
+def MakeC2DImageLink(name, dev_mode=False):
+  if IsGlobalProjectShortcut(name) or name.startswith('http'):
+    return name
+  else:
+    if dev_mode:
+      return 'global/images/%s' % name
+    else:
+      return GlobalComputeLink(default.C2D_IMAGES, 'images', name)
+
+
+def IsGlobalProjectShortcut(name):
+  return name.startswith('projects/') or name.startswith('global/')
+
+
+def IsComputeLink(name):
+  return (name.startswith(default.COMPUTE_URL_BASE) or
+          name.startswith(default.REFERENCE_PREFIX))
+
+
+def GetNamesAndTypes(resources_dict):
+  return [(d['name'], d['type']) for d in resources_dict]
+
+
+def SummarizeResources(res_dict):
+  """Summarizes the name of resources per resource type."""
+  result = {}
+  for res in res_dict:
+    result.setdefault(res['type'], []).append(res['name'])
+  return result
+
+
+def ListPropertyValuesOfType(res_dict, prop, res_type):
+  """Lists all the values for a property of a certain type."""
+  return [r['properties'][prop] for r in res_dict if r['type'] == res_type]
+
+
+def MakeResource(resource_list, output_list=None):
+  """Wrapper for a DM template basic spec."""
+  content = {'resources': resource_list}
+  if output_list:
+    content['outputs'] = output_list
+  return yaml.dump(content)
+
+
+def TakeZoneOut(properties):
+  """Given a properties dictionary, removes the zone specific information."""
+
+  def _CleanZoneUrl(value):
+    value = value.split('/')[-1] if IsComputeLink(value) else value
+    return value
+
+  for name in default.VM_ZONE_PROPERTIES:
+    if name in properties:
+      properties[name] = _CleanZoneUrl(properties[name])
+  if default.ZONE in properties:
+    properties.pop(default.ZONE)
+  if default.BOOTDISK in properties:
+    properties[default.BOOTDISK] = _CleanZoneUrl(properties[default.BOOTDISK])
+  if default.DISKS in properties:
+    for disk in properties[default.DISKS]:
+      # Don't touch references to other disks
+      if default.DISK_SOURCE in disk:
+        continue
+      if default.INITIALIZEP in disk:
+        disk_init = disk[default.INITIALIZEP]
+      if default.DISKTYPE in disk_init:
+        disk_init[default.DISKTYPE] = _CleanZoneUrl(disk_init[default.DISKTYPE])
+
+
+def GenerateEmbeddableYaml(yaml_string):
+  # Because YAML is a space delimited format, we need to be careful about
+  # embedding one YAML document in another. This function takes in a string in
+  # YAML format and produces an equivalent YAML representation that can be
+  # inserted into arbitrary points of another YAML document. It does so by
+  # printing the YAML string in a single line format. Consistent ordering of
+  # the string is also guaranteed by using yaml.dump.
+  yaml_object = yaml.load(yaml_string)
+  dumped_yaml = yaml.dump(yaml_object, default_flow_style=True)
+  return dumped_yaml
+
+
+def FormatErrorsDec(func):
+  """Decorator to format exceptions if they get raised."""
+
+  def FormatErrorsWrap(context):
+    try:
+      return func(context)
+    except Exception as e:
+      raise Error(FormatException(e.message))
+
+  return FormatErrorsWrap
diff --git a/deprecated/gcp/R80.40-R81/autoscale-payg/config.yaml b/deprecated/gcp/R80.40-R81/autoscale-payg/config.yaml
new file mode 100644
index 00000000..d0993a52
--- /dev/null
+++ b/deprecated/gcp/R80.40-R81/autoscale-payg/config.yaml
@@ -0,0 +1,50 @@
+imports:
+- path: check-point-autoscale--payg.py
+- path: common.py
+- path: default.py
+- path: password.py
+- path: images.py
+
+resources:
+- name: check-point-autoscale--payg
+  type: check-point-autoscale--payg.py
+  properties:
+    autoscalingVersion: "PLEASE ENTER AUTOSCALE VERSION"
+    managementName: "PLEASE ENTER MANAGEMENT NAME"
+    AutoProvTemplate: "PLEASE ENTER AUTOPROVISION TEMPLATE NAME"
+    instanceSSHKey: "PLEASE ENTER A VALID PUBLIC KEY"
+    mgmtNIC: "PLEASE ENTER MANAGEMENT NIC TYPE"
+    networkDefinedByRoutes: "PLEASE ENTER true or false"
+    shell: "PLEASE ENTER A SHELL"
+    allowUploadDownload: "PLEASE ENTER true or false"
+    zone: "PLEASE ENTER A ZONE"
+    networks: "PLEASE ENTER A LIST OF EXTERNAL AND INTERNAL NETWORKS ID"
+    subnetworks: "PLEASE ENTER A LIST OF EXTERNAL AND INTERNAL SUBNETWORKS ID"
+    enableIcmp: "PLEASE ENTER true or false"
+    icmpSourceRanges: "PLEASE ENTER ICMP SOURCE RANGES OR LEAVE EMPTY DOUBLE QUOTES"
+    enableTcp: "PLEASE ENTER true or false"
+    tcpSourceRanges: "PLEASE ENTER TCP SOURCE RANGES OR LEAVE EMPTY DOUBLE QUOTES"
+    enableUdp: "PLEASE ENTER true or false"
+    udpSourceRanges: "PLEASE ENTER UDP SOURCE RANGES OR LEAVE EMPTY DOUBLE QUOTES"
+    enableSctp: "PLEASE ENTER true or false"
+    sctpSourceRanges: "PLEASE ENTER SCTP SOURCE RANGES OR LEAVE EMPTY DOUBLE QUOTES"
+    enableEsp: "PLEASE ENTER true or false"
+    espSourceRanges: "PLEASE ENTER ESP SOURCE RANGES OR LEAVE EMPTY DOUBLE QUOTES"
+    machineType: "PLEASE ENTER A MACHINE TYPE"
+    cpuUsage: "PLEASE ENTER CPU USAGE (%)"
+    minInstances: "PLEASE ENTER MINIMUM NUMBER OF INSTANCES"
+    maxInstances: "PLEASE ENTER MAXIMUM NUMBER OF INSTANCES"
+    diskType: "PLEASE ENTER A DISK TYPE"
+    bootDiskSizeGb: "PLEASE ENTER A DISK SIZE"
+    enableMonitoring: "PLEASE ENTER true or false"
+outputs:
+- name: "Deployment"
+  value: $(ref.check-point-autoscale--payg.deployment)
+- name: "Managed instance group"
+  value: $(ref.check-point-autoscale--payg.IGMLink)
+- name: "Minimum instances"
+  value: $(ref.check-point-autoscale--payg.minInstancesInt)
+- name: "Maximum instances"
+  value: $(ref.check-point-autoscale--payg.maxInstancesInt)
+- name: "Target CPU usage"
+  value: $(ref.check-point-autoscale--payg.cpuUsagePercentage)
\ No newline at end of file
diff --git a/deprecated/gcp/R80.40-R81/autoscale-payg/default.py b/deprecated/gcp/R80.40-R81/autoscale-payg/default.py
new file mode 100644
index 00000000..0c7dd919
--- /dev/null
+++ b/deprecated/gcp/R80.40-R81/autoscale-payg/default.py
@@ -0,0 +1,134 @@
+# Copyright 2015 Google Inc. All rights reserved.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+"""Convenience module to hold default constants for C2D components.
+
+There should not be any logic in this module. Its purpose is to simplify
+analysis of commonly used GCP and properties names and identify the names
+that were custom created for these modules.
+"""
+# Generic constants
+C2D_IMAGES = 'click-to-deploy-images'
+
+# URL constants
+COMPUTE_URL_BASE = 'https://www.googleapis.com/compute/v1/'
+
+# Deployment Manager constructs
+REFERENCE_PREFIX = '$(ref.'
+
+# Commonly used in properties namespace
+AUTO_DELETE = 'autoDelete'
+BOOTDISK = 'bootDiskType'
+BOOTDISKSIZE = 'bootDiskSizeGb'
+C_IMAGE = 'containerImage'
+DC_MANIFEST = 'dcManifest'
+DEPLOYMENT = 'DEPLOYMENT'  # used in the deployment coordinator
+DISK_NAME = 'diskName'
+DISK_RESOURCES = 'addedDiskResources'
+DISK_SOURCE = 'source'
+ENDPOINT_NAME = 'serviceRegistryEndpointName'
+FIXED_GCLOUD = 'fixedGcloud'
+GENERATED_PROP = 'generatedProperties'
+INITIALIZEP = 'initializeParams'
+INSTANCE_NAME = 'instanceName'
+LOCAL_SSD = 'localSSDs'
+MAX_NUM = 'maxNumReplicas'
+NETWORKS = 'networks'
+NO_SCOPE = 'noScope'
+PROVIDE_BOOT = 'provideBoot'
+REPLICAS = 'replicas'
+SIZE = 'size'
+VM_COPIES = 'numberOfVMReplicas'
+ZONES = 'zones'
+
+# Common properties values (only official GCP values allowed here)
+EXTERNAL = 'External NAT'
+ONE_NAT = 'ONE_TO_ONE_NAT'
+
+# Common 1st level properties (only official GCP names allowed here)
+CAN_IP_FWD = 'canIpForward'
+CONTAINER = 'container'
+DCKRENV = 'dockerEnv'
+DCKRIMAGE = 'dockerImage'
+DEFAULT_SERVICE = 'defaultService'
+DEVICE_NAME = 'deviceName'
+DISKS = 'disks'
+DISK_SIZE = 'diskSizeGb'
+DISKTYPE = 'diskType'
+HEALTH_PATH = 'healthPath'
+HOST_RULES = 'hostRules'
+IP_PROTO = 'IPProtocol'
+MACHINETYPE = 'machineType'
+METADATA = 'metadata'
+NAME = 'name'
+NETWORK = 'network'
+NETWORKS = 'networks'
+SUBNETWORK = 'subnetwork'
+PATH_MATCHERS = 'pathMatchers'
+PORT = 'port'
+PROJECT = 'project'
+SERVICE = 'service'
+SERVICE_ACCOUNTS = 'serviceAccounts'
+SRCIMAGE = 'sourceImage'
+SRC_RANGES = 'sourceRanges'
+TAGS = 'tags'
+TYPE = 'type'
+VM_TEMPLATE = 'instanceTemplate'
+ZONE = 'zone'
+
+# Zone specfic VM properties
+VM_ZONE_PROPERTIES = [DISKTYPE, MACHINETYPE, BOOTDISK]
+
+# Resource type defaults names
+ADDRESS = 'compute.v1.address'
+AUTOSCALER = 'compute.v1.autoscaler'
+BACKEND_SERVICE = 'compute.v1.backendService'
+DISK = 'compute.v1.disk'
+ENDPOINT = 'serviceregistry.v1alpha.endpoint'
+FIREWALL = 'compute.v1.firewall'
+GF_RULE = 'compute.v1.globalForwardingRule'
+HEALTHCHECK = 'compute.v1.httpHealthCheck'
+IGM = 'compute.v1.instanceGroupManager'
+INSTANCE = 'compute.v1.instance'
+PROXY = 'compute.v1.targetHttpProxy'
+TEMPLATE = 'compute.v1.instanceTemplate'
+REGION_IGM = 'compute.v1.regionInstanceGroupManager'
+REGION_AUTOSCALER = 'compute.v1.regionAutoscaler'
+URL_MAP = 'compute.v1.urlMap'
+VPC='compute.v1.network'
+VPC_SUBNET='compute.v1.subnetwork'
+
+# Also Known As constants
+AKA = {
+    TEMPLATE: 'tmplt',
+    AUTOSCALER: 'as',
+    BACKEND_SERVICE: 'bes',
+    DISK: 'disk',
+    FIREWALL: 'fwall',
+    GF_RULE: 'ip',
+    HEALTHCHECK: 'hc',
+    INSTANCE: 'vm',
+    PROXY: 'tproxy',
+    IGM: 'igm',
+    URL_MAP: 'umap',
+}
+
+LOC = {
+    'europe': 'eu',
+    'asia': 'as',
+    'central': 'c',
+    'east': 'e',
+    'west': 'w',
+    'north': 'n',
+    'south': 's',
+}
diff --git a/deprecated/gcp/R80.40-R81/autoscale-payg/images.py b/deprecated/gcp/R80.40-R81/autoscale-payg/images.py
new file mode 100644
index 00000000..7b04bee0
--- /dev/null
+++ b/deprecated/gcp/R80.40-R81/autoscale-payg/images.py
@@ -0,0 +1,34 @@
+IMAGES = {
+  "check-point-r8120-payg": "check-point-r8120-payg-631-991001560-v20240425",
+  "check-point-r8120-gw-payg-single": "check-point-r8120-gw-payg-single-631-991001560-v20240425",
+  "check-point-r8120-gw-payg-mig": "check-point-r8120-gw-payg-mig-631-991001560-v20240425",
+  "check-point-r8120-gw-payg-cluster": "check-point-r8120-gw-payg-cluster-631-991001560-v20240425",
+  "check-point-r8120-gw-byol-single": "check-point-r8120-gw-byol-single-631-991001560-v20240425",
+  "check-point-r8120-gw-byol-mig": "check-point-r8120-gw-byol-mig-631-991001560-v20240425",
+  "check-point-r8120-gw-byol-cluster": "check-point-r8120-gw-byol-cluster-631-991001560-v20240425",
+  "check-point-r8120-byol": "check-point-r8120-byol-631-991001560-v20240425",
+  "check-point-r8110-payg": "check-point-r8110-payg-335-991001560-v20240425",
+  "check-point-r8110-gw-payg-single": "check-point-r8110-gw-payg-single-335-991001560-v20240425",
+  "check-point-r8110-gw-payg-mig": "check-point-r8110-gw-payg-mig-335-991001560-v20240425",
+  "check-point-r8110-gw-payg-cluster": "check-point-r8110-gw-payg-cluster-335-991001560-v20240425",
+  "check-point-r8110-gw-byol-single": "check-point-r8110-gw-byol-single-335-991001560-v20240425",
+  "check-point-r8110-gw-byol-mig": "check-point-r8110-gw-byol-mig-335-991001560-v20240425",
+  "check-point-r8110-gw-byol-cluster": "check-point-r8110-gw-byol-cluster-335-991001560-v20240425",
+  "check-point-r8110-byol": "check-point-r8110-byol-335-991001560-v20240425",
+  "check-point-r81-payg": "check-point-r81-payg-392-991001560-v20240425",
+  "check-point-r81-gw-payg-single": "check-point-r81-gw-payg-single-392-991001560-v20240425",
+  "check-point-r81-gw-payg-mig": "check-point-r81-gw-payg-mig-392-991001560-v20240425",
+  "check-point-r81-gw-payg-cluster": "check-point-r81-gw-payg-cluster-392-991001560-v20240425",
+  "check-point-r81-gw-byol-single": "check-point-r81-gw-byol-single-392-991001560-v20240425",
+  "check-point-r81-gw-byol-mig": "check-point-r81-gw-byol-mig-392-991001560-v20240425",
+  "check-point-r81-gw-byol-cluster": "check-point-r81-gw-byol-cluster-392-991001560-v20240425",
+  "check-point-r81-byol": "check-point-r81-byol-392-991001560-v20240425",
+  "check-point-r8040-payg": "check-point-r8040-payg-294-991001560-v20240425",
+  "check-point-r8040-gw-payg-single": "check-point-r8040-gw-payg-single-294-991001564-v20240505",
+  "check-point-r8040-gw-payg-mig": "check-point-r8040-gw-payg-mig-294-991001564-v20240505",
+  "check-point-r8040-gw-payg-cluster": "check-point-r8040-gw-payg-cluster-294-991001564-v20240505",
+  "check-point-r8040-gw-byol-single": "check-point-r8040-gw-byol-single-294-991001564-v20240505",
+  "check-point-r8040-gw-byol-mig": "check-point-r8040-gw-byol-mig-294-991001564-v20240505",
+  "check-point-r8040-gw-byol-cluster": "check-point-r8040-gw-byol-cluster-294-991001564-v20240505",
+  "check-point-r8040-byol": "check-point-r8040-byol-294-991001560-v20240425"
+}
\ No newline at end of file
diff --git a/deprecated/gcp/R80.40-R81/autoscale-payg/password.py b/deprecated/gcp/R80.40-R81/autoscale-payg/password.py
new file mode 100644
index 00000000..273210a6
--- /dev/null
+++ b/deprecated/gcp/R80.40-R81/autoscale-payg/password.py
@@ -0,0 +1,135 @@
+# Copyright 2015 Google Inc. All rights reserved.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+"""A DM template that generates password as an output, namely "password".
+
+An example YAML showing how this template can be used:
+  resources:
+  - name: generated-password
+    type: password.py
+    properties:
+      length: 8
+      includeSymbols: true
+  - name: main-template
+    type: main-template.jinja
+    properties:
+      password: $(ref.generated-password.password)
+
+Input properties to this template:
+  - length: the length of the generated password. At least 8. Default 8.
+  - includeSymbols: true/false whether to include symbol chars. Default false.
+
+The generated password satisfies the following requirements:
+  - The length is as specified,
+  - Containing letters and numbers, and optionally symbols if specified,
+  - Starting with a letter,
+  - Containing characters from at least 3 of the 4 categories: uppercases,
+    lowercases, numbers, and symbols.
+
+"""
+
+import random
+import yaml
+
+PROPERTY_LENGTH = 'length'
+PROPERTY_INCLUDE_SYMBOLS = 'includeSymbols'
+
+# Note the omission of some hard to distinguish characters like I, l, 0, and O.
+UPPERS = 'ABCDEFGHJKLMNPQRSTUVWXYZ'
+LOWERS = 'abcdefghijkmnopqrstuvwxyz'
+ALPHABET = UPPERS + LOWERS
+DIGITS = '123456789'
+ALPHANUMS = ALPHABET + DIGITS
+# Including only symbols that can be passed around easily in shell scripts.
+SYMBOLS = '*-+.'
+
+CANDIDATES_WITH_SYMBOLS = ALPHANUMS + SYMBOLS
+CANDIDATES_WITHOUT_SYMBOLS = ALPHANUMS
+
+CATEGORIES_WITH_SYMBOLS = [UPPERS, LOWERS, DIGITS, SYMBOLS]
+CATEGORIES_WITHOUT_SYMBOLS = [UPPERS, LOWERS, DIGITS]
+
+MIN_LENGTH = 8
+
+
+class InputError(Exception):
+  """Raised when input properties are unexpected."""
+
+
+def GenerateConfig(context):
+  """Entry function to generate the DM config."""
+  props = context.properties
+  length = props.setdefault(PROPERTY_LENGTH, MIN_LENGTH)
+  include_symbols = props.setdefault(PROPERTY_INCLUDE_SYMBOLS, False)
+
+  if not isinstance(include_symbols, bool):
+    raise InputError('%s must be a boolean' % PROPERTY_INCLUDE_SYMBOLS)
+
+  content = {
+      'resources': [],
+      'outputs': [{
+          'name': 'password',
+          'value': GeneratePassword(length, include_symbols)
+      }]
+  }
+  return yaml.dump(content)
+
+
+def GeneratePassword(length=8, include_symbols=False):
+  """Generates a random password."""
+  if length < MIN_LENGTH:
+    raise InputError('Password length must be at least %d' % MIN_LENGTH)
+
+  candidates = (CANDIDATES_WITH_SYMBOLS if include_symbols
+                else CANDIDATES_WITHOUT_SYMBOLS)
+  categories = (CATEGORIES_WITH_SYMBOLS if include_symbols
+                else CATEGORIES_WITHOUT_SYMBOLS)
+
+  # Generates up to the specified length minus the number of categories.
+  # Then inserts one character for each category, ensuring that the character
+  # satisfy the category if the generated string hasn't already.
+  generated = ([random.choice(ALPHABET)] +
+               [random.choice(candidates)
+                for _ in range(length - 1 - len(categories))])
+  for category in categories:
+    _InsertAndEnsureSatisfaction(generated, category, candidates)
+  return ''.join(generated)
+
+
+def _InsertAndEnsureSatisfaction(generated, required, all_candidates):
+  """Inserts 1 char into generated, satisfying required if not already.
+
+  If the required characters are not already in the generated string, one will
+  be inserted. If any required character is already in the generated string, a
+  random character from all_candidates will be inserted. The insertion happens
+  at a random location but not at the beginning.
+
+  Args:
+    generated: the string to be modified.
+    required: list of required characters to check for.
+    all_candidates: list of characters to choose from if the required characters
+        are already satisfied.
+  """
+  if set(generated).isdisjoint(required):
+    # Not yet satisfied. Insert a required candidate.
+    _InsertInto(generated, required)
+  else:
+    # Already satisfied. Insert any candidate.
+    _InsertInto(generated, all_candidates)
+
+
+def _InsertInto(generated, candidates):
+  """Inserts a random candidate into a random non-zero index of generated."""
+  # Avoids inserting at index 0, since the first character follows its own rule.
+  generated.insert(random.randint(1, len(generated) - 1),
+                   random.choice(candidates))
diff --git a/deprecated/gcp/R80.40-R81/ha-byol/README.md b/deprecated/gcp/R80.40-R81/ha-byol/README.md
new file mode 100644
index 00000000..f915c4b4
--- /dev/null
+++ b/deprecated/gcp/R80.40-R81/ha-byol/README.md
@@ -0,0 +1,187 @@
+# GCP Deployment Manager package for Check Point High Availability BYOL solution
+This directory contains CloudGuard IaaS deployment package for Check Point High Availability (BYOL) solution published in the [GCP Marketplace](https://console.cloud.google.com/marketplace/details/checkpoint-public/check-point-ha--byol).
+
+# How to deploy the package manually
+To deploy the Deployment Manager's package manually, without using the GCP Marketplace, follow these instructions:
+1. Clone or download the files in this directory
+2. Fill variables in the config.yaml(see below for variables descriptions).
+3. Log into [Google Cloud Platform Console](https://console.cloud.google.com)
+4. [Activate Cloud Shell](https://cloud.google.com/shell/docs/using-cloud-shell)
+5. Set your Cloud Platform project in the Cloud Shell session use:
+        
+        gcloud config set project [PROJECT_ID]
+6. Upload the content of the CloudGuardIaaS/gcp/deployment-packages/ha-byol/ directory to the [cloud shell](https://cloud.google.com/shell/docs/uploading-and-downloading-files) 
+7. Launch deployment by running:
+        
+         gcloud deployment-manager deployments create [DEPLOYMENT_NAME] --config config.yaml
+8. Make sure the deployment finished successfully. <br>Example of successful deployment output:
+        
+        The fingerprint of the deployment is CgwkIUxcTnI5_eZY1g9SFw==
+        Waiting for create [operation-1585150261645-5a1af8e42d0ba-6b3d4618-5856e790]...done.
+        Create operation operation-1585150261645-5a1af8e42d0ba-6b3d4618-5856e790 completed successfully.
+        NAME                                        TYPE                          STATE      ERRORS  INTENT
+        cluster-cluster-network-icmp               compute.v1.firewall           COMPLETED  []
+        cluster-cluster-network-tcp                compute.v1.firewall           COMPLETED  []
+        cluster-config                             runtimeconfig.v1beta1.config  COMPLETED  []
+        cluster-member-a                           compute.v1.instance           COMPLETED  []
+        cluster-member-a-address                   compute.v1.address            COMPLETED  []
+        cluster-member-b                           compute.v1.instance           COMPLETED  []
+        cluster-member-b-address                   compute.v1.address            COMPLETED  []
+        cluster-mgmt-network-esp                   compute.v1.firewall           COMPLETED  []
+        cluster-mgmt-network-sctp                  compute.v1.firewall           COMPLETED  []
+        cluster-primary-cluster-address            compute.v1.address            COMPLETED  []
+        cluster-secondary-cluster-address          compute.v1.address            COMPLETED  []
+        cluster-software                           runtimeconfig.v1beta1.waiter  COMPLETED  []
+        OUTPUTS                      VALUE
+        Deployment                   cluster
+        Cluster IP external address  35.201.201.163
+        Member A                     cluster-member-a
+        Member A external IP         104.199.168.141
+        Member B                     cluster-member-b
+        Member B external IP         35.221.178.173
+
+## config.yaml variables
+| Name          | Description   | Type          | Allowed values |
+| ------------- | ------------- | ------------- | -------------  |
+| **ha_version** | High Availability Version | string | R80.40 Cluster;<br/>R81.00 Cluster;<br/>R81.10 Cluster;<br/>R81.20 Cluster; |
+|  |  |  |  |  |
+| **zoneA** | Member A Zone. The zone determines what computing resources are available and where your data is stored and used | string | List of allowed [Regions and Zones](https://cloud.google.com/compute/docs/regions-zones?_ga=2.31926582.-962483654.1585043745) |
+|  |  |  |  |  |
+| **zoneB** | Member B Zone | string | Must be in the same region as member A zone |
+|  |  |  |  |  |
+| **machineType** | Machine types determine the specifications of your machines, such as the amount of memory, virtual cores, and persistent disk limits an instance will have | string | [Learn more about Machine Types](https://cloud.google.com/compute/docs/machine-types?hl=en_US&_ga=2.267871494.-962483654.1585043745) |
+|  |  |  |  |  |
+| **managementNetwork** | Security Management Server address | string | The public address of the Security Management Server, in CIDR notation. If using Smart-1 Cloud insert 'S1C'.  VPN peers addresses cannot be in this CIDR block, so this value cannot be the zero-address |
+|  |  |  |  |  |
+| **cluster-network-cidr** | Cluster external subnet CIDR.<br/>If the variable's value is not empty double quotes, a new network will be created.<br/> The Cluster public IP will be translated to a private address assigned to the active member in this external network.  | string | Specify an RFC 1918 CIDR block that does not overlap with your other networks to create a new network or select an existing one below  |
+|  |  |  |  |  |
+| **cluster-network-name** | Cluster external network ID. The network determines what network traffic the instance can access | string | Available network in the chosen zone  |
+|  |  |  |  |  |
+| **cluster-network-subnetwork-name** | Cluster subnet ID. Assigns the instance an IPv4 address from the subnetwork’s range.<br/>If you have specified a CIDR block above, this subnetwork will not be used.<br/>. Instances in different subnetworks can communicate with each other using their internal IPs as long as they belong to the same network. | string | Available subnetwork in the chosen network  |
+|  |  |  |  |  |
+| **cluster-network_enableTcp** | Allow TCP traffic from the Internet | boolean | true; <br/>false;  |
+|  |  |  |  |  |
+| **cluster-network_tcpSourceRanges** | Allow TCP traffic from the Internet | string | Traffic is only allowed from sources within these IP address ranges. Use CIDR notation when entering ranges. For gateway all ports are allowed. For management allowed ports are: 257,18191,18210,18264,22,443,18190,19009 [Learn more](https://cloud.google.com/vpc/docs/vpc?_ga=2.36703144.-962483654.1585043745#firewalls) |
+|  |  |  |  |  |
+| **cluster-network_enableIcmp** | Allow ICMP traffic from the Internet | boolean | true; <br/>false;  |
+|  |  |  |  |  |
+| **cluster-network_icmpSourceRanges** | Source IP ranges for ICMP traffic | string | Traffic is only allowed from sources within these IP address ranges. Use CIDR notation when entering ranges. For gateway only. [Learn more](https://cloud.google.com/vpc/docs/vpc?_ga=2.36703144.-962483654.1585043745#firewalls) |
+|  |  |  |  |  |
+| **cluster-network_enableUdp** | Allow UDP traffic from the Internet | boolean | true; <br/>false;  |
+|  |  |  |  |  |
+| **cluster-network_udpSourceRanges** | Source IP ranges for UDP traffic | string | Traffic is only allowed from sources within these IP address ranges. Use CIDR notation when entering ranges. For gateway only - all ports are allowed. [Learn more](https://cloud.google.com/vpc/docs/vpc?_ga=2.36703144.-962483654.1585043745#firewalls) |
+|  |  |  |  |  |
+| **cluster-network_enableSctp** | Allow SCTP traffic from the Internet | boolean | true; <br/>false;  |
+|  |  |  |  |  |
+| **cluster-network_sctpSourceRanges** | Source IP ranges for SCTP traffic | string | Traffic is only allowed from sources within these IP address ranges. Use CIDR notation when entering ranges. For gateway only - all ports are allowed. [Learn more](https://cloud.google.com/vpc/docs/vpc?_ga=2.36703144.-962483654.1585043745#firewalls) |
+|  |  |  |  |  |
+| **cluster-network_enableEsp** | Allow ESP traffic from the Internet | boolean | true; <br/>false; |
+|  |  |  |  |  |
+| **cluster-network_espSourceRanges** | Source IP ranges for ESP traffic | string | Traffic is only allowed from sources within these IP address ranges. Use CIDR notation when entering ranges. For gateway only. [Learn more](https://cloud.google.com/vpc/docs/vpc?_ga=2.36703144.-962483654.1585043745#firewalls) |
+|  |  |  |  |  |
+| **mgmt-network-cidr** | Management external subnet CIDR.<br/>If the variable's value is not empty double quotes, a new network will be created.<br/> The public IP used to manage each member will be translated to a private address in this external network | string | Specify an RFC 1918 CIDR block that does not overlap with your other networks to create a new network or select an existing one below  |
+|  |  |  |  |  |
+| **mgmt-network-name** | Management network ID. The network determines what network traffic the instance can access | string | Available network in the chosen zone  |
+|  |  |  |  |  |
+| **mgmt-network-subnetwork-name** | Management subnet ID. Assigns the instance an IPv4 address from the subnetwork’s range.<br/>If you have specified a CIDR block above, this subnetwork will not be used.<br/>. Instances in different subnetworks can communicate with each other using their internal IPs as long as they belong to the same network. | string | Available subnetwork in the chosen network  |
+|  |  |  |  |  |
+| **mgmt-network_enableTcp** | Allow TCP traffic from the Internet | boolean | true; <br/>false;  |
+|  |  |  |  |  |
+| **mgmt-network_tcpSourceRanges** | Allow TCP traffic from the Internet | string | Traffic is only allowed from sources within these IP address ranges. Use CIDR notation when entering ranges. For gateway all ports are allowed. For management allowed ports are: 257,18191,18210,18264,22,443,18190,19009 [Learn more](https://cloud.google.com/vpc/docs/vpc?_ga=2.36703144.-962483654.1585043745#firewalls) |
+|  |  |  |  |  |
+| **mgmt-network_enableIcmp** | Allow ICMP traffic from the Internet | boolean | true; <br/>false;  |
+|  |  |  |  |  |
+| **mgmt-network_icmpSourceRanges** | Source IP ranges for ICMP traffic | string | Traffic is only allowed from sources within these IP address ranges. Use CIDR notation when entering ranges. For gateway only. [Learn more](https://cloud.google.com/vpc/docs/vpc?_ga=2.36703144.-962483654.1585043745#firewalls) |
+|  |  |  |  |  |
+| **mgmt-network_enableUdp** | Allow UDP traffic from the Internet | boolean | true; <br/>false;  |
+|  |  |  |  |  |
+| **mgmt-network_udpSourceRanges** | Source IP ranges for UDP traffic | string | Traffic is only allowed from sources within these IP address ranges. Use CIDR notation when entering ranges. For gateway only - all ports are allowed. [Learn more](https://cloud.google.com/vpc/docs/vpc?_ga=2.36703144.-962483654.1585043745#firewalls) |
+|  |  |  |  |  |
+| **mgmt-network_enableSctp** | Allow SCTP traffic from the Internet | boolean | true; <br/>false;  |
+|  |  |  |  |  |
+| **mgmt-network_sctpSourceRanges** | Source IP ranges for SCTP traffic | string | Traffic is only allowed from sources within these IP address ranges. Use CIDR notation when entering ranges. For gateway only - all ports are allowed. [Learn more](https://cloud.google.com/vpc/docs/vpc?_ga=2.36703144.-962483654.1585043745#firewalls) |
+|  |  |  |  |  |
+| **mgmt-network_enableEsp** | Allow ESP traffic from the Internet | boolean | true; <br/>false; |
+|  |  |  |  |  |
+| **mgmt-network_espSourceRanges** | Source IP ranges for ESP traffic | string | Traffic is only allowed from sources within these IP address ranges. Use CIDR notation when entering ranges. For gateway only. [Learn more](https://cloud.google.com/vpc/docs/vpc?_ga=2.36703144.-962483654.1585043745#firewalls) |
+|  |  |  |  |  |
+| **diskType** | Disk type | string | pd-ssd;<br/>pd-standard;<br/>Storage space is much less expensive for a standard persistent disk. An SSD persistent disk is better for random IOPS or streaming throughput with low latency. [Learn more](https://cloud.google.com/compute/docs/disks/?hl=en_US&_ga=2.66020774.-962483654.1585043745#overview_of_disk_types)|
+|  |  |  |  |  |
+| **bootDiskSizeGb** | Disk size in GB | number | Persistent disk performance is tied to the size of the persistent disk volume. You are charged for the actual amount of provisioned disk space. [Learn more](https://cloud.google.com/compute/docs/disks/?hl=en_US&_ga=2.232680471.-962483654.1585043745#pdperformance)|
+|  |  |  |  |  |
+| **generatePassword** | Automatically generate an administrator password | boolean | true; <br/>false; |
+|  |  |  |  |  |
+| **allowUploadDownload** | Allow download from/upload to Check Point  | boolean | true; <br/>false; |
+|  |  |  |  |  |
+| **enableMonitoring** | Enable Stackdriver monitoring | boolean | true; <br/>false; |
+|  |  |  |  |  |
+| **shell** | Admin shell | string | /etc/cli.sh;<br/>/bin/bash;<br/>/bin/csh;<br/>/bin/tcsh;<br/> |
+|  |  |  |  |  |
+| **deployWithPublicIPs** | Deploy HA with public IPs | boolean | true; <br/>false; |
+|  |  |  |  |  |
+| **instanceSSHKey** | Public SSH key for the user 'admin' | string | A valid public ssh key |
+|  |  |  |  |  |
+| **smart1CloudTokenA** | Smart-1 Cloud token to connect ***member A*** to Check Point's Security Management as a Service. <br/><br/> Follow these instructions to quickly connect this member to Smart-1 Cloud - [SK180501](https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk180501) | string | A valid token copied from the Connect Gateway screen in Smart-1 Cloud portal.|
+|  |  |  |  |  |
+| **smart1CloudTokenB** | Smart-1 Cloud token to connect ***member B*** to Check Point's Security Management as a Service. <br/><br/> Follow these instructions to quickly connect this member to Smart-1 Cloud - [SK180501](https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk180501) | string | A valid token copied from the Connect Gateway screen in Smart-1 Cloud portal.|
+|  |  |  |  |  |
+| **sicKey** | The Secure Internal Communication one time secret used to set up trust between the cluster object and the management server | string | At least 8 alpha numeric characters.<br/>If SIC is not provided and needed, a key will be automatically generated |
+|  |  |  |  |  |
+| **numAdditionalNICs** | Number of additional network interfaces | number | A number in the range 0 - 6.<br/>Multiple network interfaces deployment is described in [sk121637 - Deploy a CloudGuard for GCP with Multiple Network Interfaces](https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk121637) |
+|  |  |  |  |  |
+| **internal-network1-cidr** | 1st internal subnet CIDR.<br/>If the variable's value is not empty double quotes, a new subnet will be created.<br/> Assigns the cluster members an IPv4 address in this internal network | string | Specify an RFC 1918 CIDR block that does not overlap with your other networks to create a new network or select an existing one below  |
+|  |  |  |  |  |
+| **internal-network1-name** | 1st internal network ID. The network determines what network traffic the instance can access | string | Available network in the chosen zone  |
+|  |  |  |  |  |
+| **internal-network1-subnetwork-name** | 1st internal subnet ID. Assigns the instance an IPv4 address from the subnetwork’s range.<br/>If you have specified a CIDR block above, this subnetwork will not be used.<br/> Instances in different subnetworks can communicate with each other using their internal IPs as long as they belong to the same network. | string | Available subnetwork in the chosen network  |
+|  |  |  |  |  |
+## Example
+    ha_version: "R81.10 Cluster"
+    zoneA: "asia-east1-a"
+    zoneB: "asia-east1-a"
+    machineType: "n1-standard-4"
+    diskType: "pd-ssd"
+    bootDiskSizeGb: 100
+    instanceSSHKey: "ssh-rsa xxxxxxxxxxxxxxxxxxxxxxxxx imported-openssh-key"
+    smart1CloudTokenA: "xxxxxxxxxxxxxxxxxxxxxxxx"
+    smart1CloudTokenB: "xxxxxxxxxxxxxxxxxxxxxxxx"
+    enableMonitoring: false
+    managementNetwork: "209.87.209.100/32"
+    sicKey: "aaaaaaaa"
+    generatePassword: false
+    allowUploadDownload: false
+    shell: "/bin/bash"
+    deployWithPublicIPs: true
+    cluster-network-cidr: "10.0.1.0/24"
+    cluster-network-name: "external-vpc"
+    cluster-network-subnetwork-name: "frontend"
+    cluster-network_enableIcmp: true
+    cluster-network_icmpSourceRanges: "0.0.0.0/0"
+    cluster-network_enableTcp: true
+    cluster-network_tcpSourceRanges: "0.0.0.0/0"
+    cluster-network_enableUdp: false
+    cluster-network_udpSourceRanges: ""
+    cluster-network_enableSctp: false
+    cluster-network_sctpSourceRanges: ""
+    cluster-network_enableEsp: false
+    cluster-network_espSourceRanges: ""
+    mgmt-network-cidr: "10.0.2.0/24"
+    mgmt-network-name: "vpc-internal"
+    mgmt-network-subnetwork-name: ""
+    mgmt-network_enableIcmp: false
+    mgmt-network_icmpSourceRanges: ""
+    mgmt-network_enableTcp: false
+    mgmt-network_tcpSourceRanges: ""
+    mgmt-network_enableUdp: true
+    mgmt-network_udpSourceRanges: "0.0.0.0/0"
+    mgmt-network_enableSctp: true
+    mgmt-network_sctpSourceRanges: "0.0.0.0/0"
+    mgmt-network_enableEsp: true
+    mgmt-network_espSourceRanges: "0.0.0.0/0"
+    numInternalNetworks: 1
+    internal-network1-cidr: "10.0.3.0/24"
+    internal-network1-name: "vpc-internal2"
+    internal-network1-subnetwork-name: "vpc-internal2"
+
+## Notes
+See [sk147032](https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk147032) for revision history
\ No newline at end of file
diff --git a/deprecated/gcp/R80.40-R81/ha-byol/c2d_deployment_configuration.json b/deprecated/gcp/R80.40-R81/ha-byol/c2d_deployment_configuration.json
new file mode 100644
index 00000000..5af767bf
--- /dev/null
+++ b/deprecated/gcp/R80.40-R81/ha-byol/c2d_deployment_configuration.json
@@ -0,0 +1,7 @@
+{
+  "defaultDeploymentType": "MULTI_VM",
+  "imageName": "check-point-r8120-gw-byol-cluster-631-991001475-v20231221",
+  "projectId": "checkpoint-public",
+  "templateName": "nonexistent_template",
+  "useSolutionPackage": "true"
+}
diff --git a/deprecated/gcp/R80.40-R81/ha-byol/check-point-cluster--byol.py b/deprecated/gcp/R80.40-R81/ha-byol/check-point-cluster--byol.py
new file mode 100644
index 00000000..61a2e521
--- /dev/null
+++ b/deprecated/gcp/R80.40-R81/ha-byol/check-point-cluster--byol.py
@@ -0,0 +1,494 @@
+# Copyright 2016 Check Point Software LTD.
+
+import common
+import copy
+import default
+import images
+import password
+
+
+MAX_ADDITIONAL_NICS = 6
+
+GATEWAY = 'checkpoint-gateway'
+
+PROJECT = 'checkpoint-public'
+LICENSE = 'byol'
+LICENCE_TYPE = 'cluster'
+
+VERSIONS = {
+    'R80.40': 'r8040-gw',
+    'R81': 'r81-gw',
+    'R81.10': 'r8110-gw',
+    'R81.20': 'r8120-gw'
+}
+
+TEMPLATE_NAME = 'cluster'
+TEMPLATE_VERSION = '20231221'
+
+CLUSTER_NET_FIELD = 'cluster-network'
+MGMT_NET_FIELD = 'mgmt-network'
+INTERNAL_NET_FIELD = 'internal-network{}'
+
+MGMT_NIC = 1
+
+NO_PUBLIC_IP = 'no-public-ip'
+
+startup_script = '''
+#cloud-config
+runcmd:
+  - 'python3 /etc/cloud_config.py "generatePassword=\\"{generatePassword}\\"" "allowUploadDownload=\\"{allowUploadDownload}\\"" "templateName=\\"{templateName}\\"" "templateVersion=\\"{templateVersion}\\"" "mgmtNIC=\\"{mgmtNIC}\\"" "hasInternet=\\"{hasInternet}\\"" "config_url=\\"{config_url}\\"" "config_path=\\"{config_path}\\"" "installationType=\\"{installationType}\\"" "enableMonitoring=\\"{enableMonitoring}\\"" "shell=\\"{shell}\\"" "computed_sic_key=\\"{computed_sic_key}\\"" "sicKey=\\"{sicKey}\\"" "managementGUIClientNetwork=\\"{managementGUIClientNetwork}\\"" "primary_cluster_address_name=\\"{primary_cluster_address_name}\\"" "secondary_cluster_address_name=\\"{secondary_cluster_address_name}\\"" "managementNetwork=\\"{managementNetwork}\\"" "numAdditionalNICs=\\"{numAdditionalNICs}\\"" "smart1CloudToken=\\"{smart1CloudToken}\\"" "name=\\"{name}\\"" "zone=\\"{zoneConfig}\\"" "region=\\"{region}\\"" "osVersion=\\"{osVersion}\\"" "MaintenanceModePassword=\\"{maintenanceMode}\\""'
+'''
+
+
+def make_gw(context, name, zone, nics, passwd=None, depends_on=None,
+            smart1cloudToken=None):
+    cg_version = context.properties['ha_version'].split(' ')[0]
+    if 'gw' in VERSIONS[cg_version]:
+        license_name = "{}-{}".format(LICENSE, LICENCE_TYPE)
+    else:
+        license_name = LICENSE
+    family = '-'.join(['check-point', VERSIONS[cg_version], license_name])
+    formatter = common.DefaultFormatter()
+
+    context.properties['smart1CloudToken'] = smart1cloudToken
+    context.properties['name'] = name
+    context.properties['zoneConfig'] = zone
+    context.properties['osVersion'] = cg_version.replace(".", "")
+
+    gw = {
+        'type': default.INSTANCE,
+        'name': name,
+        'metadata': {
+            'dependsOn': depends_on
+        },
+        'properties': {
+            'description': 'CloudGuard Highly Available Security Cluster',
+            'zone': zone,
+            'tags': {
+                'items': [GATEWAY],
+            },
+            'machineType': common.MakeLocalComputeLink(
+                context, default.MACHINETYPE, zone),
+            'canIpForward': True,
+            'networkInterfaces': nics,
+            'disks': [{
+                'autoDelete': True,
+                'boot': True,
+                'deviceName': common.set_name_and_truncate(
+                    context.properties['deployment'],
+                    '-{}-boot'.format(name)),
+                'initializeParams': {
+                    'diskType': common.MakeLocalComputeLink(
+                        context, default.DISKTYPE, zone),
+                    'diskSizeGb': context.properties['bootDiskSizeGb'],
+                    'sourceImage':
+                        'projects/%s/global/images/%s' % (
+                            PROJECT, images.IMAGES[family]),
+                },
+                'type': 'PERSISTENT',
+            }],
+            'metadata': {
+                'items': [
+                    {
+                        'key': 'startup-script',
+                        'value': formatter.format(
+                            startup_script, **context.properties)
+                    }
+                ]
+            },
+            'serviceAccounts': [{
+                'email': 'default',
+                'scopes': [
+                    'https://www.googleapis.com/auth/monitoring.write',
+                    'https://www.googleapis.com/auth/compute',
+                    'https://www.googleapis.com/auth/cloudruntimeconfig'
+                ],
+            }]
+        }
+    }
+
+    if 'instanceSSHKey' in context.properties:
+        gw['properties']['metadata']['items'].append(
+            {
+                'key': 'instanceSSHKey',
+                'value': context.properties['instanceSSHKey']
+            }
+        )
+
+    if passwd:
+        gw['properties']['metadata']['items'].append(
+            {
+                'key': 'adminPasswordSourceMetadata',
+                'value': passwd
+            }
+        )
+
+    return gw
+
+
+def make_access_config(ip, name=None):
+    access_config = {
+        'type': default.ONE_NAT,
+        'natIP': ip
+    }
+
+    if name:
+        access_config['name'] = name
+
+    return access_config
+
+
+def make_static_address(prop, name):
+    address = {
+        'name': name,
+        'type': default.ADDRESS,
+        'properties': {
+            'name': name,
+            'region': prop['region']
+        }
+    }
+
+    return address
+
+
+def create_external_addresses_if_needed(
+        prop, resources, member_a_nics, member_b_nics):
+    if not prop['deployWithPublicIPs']:
+        prop['primary_cluster_address_name'] = NO_PUBLIC_IP
+        prop['secondary_cluster_address_name'] = NO_PUBLIC_IP
+    else:
+        member_a_address_name = common.set_name_and_truncate(
+            prop['deployment'], '-member-a-address')
+        member_b_address_name = common.set_name_and_truncate(
+            prop['deployment'], '-member-b-address')
+
+        prop['member_a_address_name'] = member_a_address_name
+        prop['member_b_address_name'] = member_b_address_name
+
+        member_a_address = make_static_address(prop, member_a_address_name)
+        member_b_address = make_static_address(prop, member_b_address_name)
+
+        resources += [member_a_address, member_b_address]
+
+        member_a_nics[MGMT_NIC]['accessConfigs'] = [make_access_config(
+            '$(ref.{}.address)'.format(member_a_address_name))]
+        member_b_nics[MGMT_NIC]['accessConfigs'] = [make_access_config(
+            '$(ref.{}.address)'.format(member_b_address_name))]
+
+        primary_cluster_address_name = common.set_name_and_truncate(
+            prop['deployment'], '-primary-cluster-address')
+        secondary_cluster_address_name = common.set_name_and_truncate(
+            prop['deployment'], '-secondary-cluster-address')
+
+        primary_cluster_address = make_static_address(
+            prop, primary_cluster_address_name)
+        secondary_cluster_address = make_static_address(
+            prop, secondary_cluster_address_name)
+
+        resources += [primary_cluster_address, secondary_cluster_address]
+
+        prop['primary_cluster_address_name'] = primary_cluster_address_name
+        prop['secondary_cluster_address_name'] = secondary_cluster_address_name
+
+
+def make_nic(prop, net_name, subnet_name):
+    network_interface = {
+        'network': ''.join([default.COMPUTE_URL_BASE, 'projects/',
+                            prop['project'], '/global/networks/',
+                            net_name]),
+        'subnetwork': ''.join([default.COMPUTE_URL_BASE, 'projects/',
+                               prop['project'], '/regions/', prop['region'],
+                               '/subnetworks/', subnet_name])
+    }
+
+    return network_interface
+
+
+def make_subnet(prop, name, net_name, cidr, private_google_access=False):
+    subnet = {
+        'type': default.VPC_SUBNET,
+        'name': name,
+        'metadata': {
+            'dependsOn': [net_name]
+        },
+        'properties': {
+            'network': 'projects/{}/global'
+                       '/networks/{}'.format(prop['project'], net_name),
+            'region': prop['region'],
+            'ipCidrRange': cidr,
+            'privateIpGoogleAccess': private_google_access,
+            'enableFlowLogs': False
+        }
+    }
+
+    return subnet
+
+
+def make_net(name):
+    net = {
+        'type': default.VPC,
+        'name': name,
+        'properties': {
+            'autoCreateSubnetworks': False
+        }
+    }
+
+    return net
+
+
+def get_or_create_net(prop, name, resources, gw_dependencies,
+                      private_google_access=False, create_firewall=False):
+    net_cidr = prop.get(name + '-cidr')
+
+    if net_cidr:
+        net_name = '{}-{}'.format(prop['deployment'][:20], name)
+        subnet_name = '{}-subnet'.format(net_name)
+        net = make_net(net_name)
+        subnet = make_subnet(
+            prop, subnet_name, net_name, net_cidr, private_google_access)
+
+        resources += [net, subnet]
+        gw_dependencies.append(subnet_name)
+    else:
+        net_name = prop.get(name + '-name')
+        subnet_name = prop.get(name + '-subnetwork-name')
+        if not subnet_name:
+            raise common.Error(
+                'Network {} is missing.'.format(net_name.split('-')))
+
+    if create_firewall:
+        firewall_rules = create_firewall_rules(prop, name, net_name, net_cidr)
+        if firewall_rules:
+            resources.extend(firewall_rules)
+
+    return net_name, subnet_name
+
+
+def create_firewall_rules(prop, net_prop_name, net_name, net_cidr):
+    deployment = prop['deployment']
+    firewall_rules = []
+    protocols = ['Icmp', 'Udp', 'Tcp', 'Sctp', 'Esp']
+    for protocol in protocols:
+        proto = protocol.lower()
+        source_ranges = prop.get(net_prop_name + '_' + proto +
+                                 'SourceRanges', '')
+        protocol_enabled = prop.get(net_prop_name + '_enable' + protocol, '')
+        if protocol_enabled and source_ranges:
+            firewall_rules.append(
+                make_firewall_rule(proto, source_ranges, deployment,
+                                   net_prop_name, net_name, net_cidr))
+
+    return firewall_rules
+
+
+def make_firewall_rule(protocol, source_ranges, deployment, net_prop_name,
+                       net_name, net_cidr):
+    fw_rule_name = '%s-%s-%s' % (deployment[:40], net_prop_name, protocol)
+    ranges_list = source_ranges.split(',')
+    ranges = []
+    for source_range in ranges_list:
+        ranges.append(source_range.replace(" ", ""))
+    firewall_rule = {
+        'type': default.FIREWALL,
+        'name': fw_rule_name,
+        'properties': {
+            'network': 'global/networks/' + net_name,
+            'sourceRanges': ranges,
+            'targetTags': [GATEWAY],
+            'allowed': [{'IPProtocol': protocol}],
+        }
+    }
+
+    if net_cidr:
+        firewall_rule['metadata'] = {
+            'dependsOn': [net_name]
+        }
+
+    return firewall_rule
+
+
+def add_readiness_waiter(prop, resources):
+    deployment_config = common.set_name_and_truncate(
+        prop['deployment'], '-config')
+
+    prop['config_path'] = 'projects/{}/configs/{}'.format(
+        prop['project'], deployment_config)
+    prop['config_url'] = (
+        'https://runtimeconfig.googleapis.com/v1beta1/{}'.format(
+            prop['config_path']))
+
+    resources.append(
+        {
+            'name': deployment_config,
+            'type': 'runtimeconfig.v1beta1.config',
+            'properties': {
+                'config': deployment_config,
+                'description': (
+                    'Holds software readiness status '
+                    'for deployment {}').format(prop['deployment'])
+            }
+        }
+    )
+
+    resources.append(
+        {
+            'name': common.set_name_and_truncate(
+                prop['deployment'], '-software'),
+            'type': 'runtimeconfig.v1beta1.waiter',
+            'metadata': {
+                'dependsOn': [],
+            },
+            'properties': {
+                'parent': '$(ref.{}.name)'.format(deployment_config),
+                'waiter': 'software',
+                'timeout': '1800s',
+                'success': {
+                    'cardinality': {
+                        'number': 2,
+                        'path': 'status/success',
+                    },
+                },
+                'failure': {
+                    'cardinality': {
+                        'number': 1,
+                        'path': 'status/failure',
+                    },
+                },
+            },
+        }
+    )
+
+
+def validate_same_region(zone_a, zone_b):
+    if not common.ZoneToRegion(zone_a) == common.ZoneToRegion(zone_b):
+        raise common.Error('Member A Zone ({}) and Member B Zone ({}) '
+                           'are not in the same region'.format(zone_a, zone_b))
+
+
+def validate_both_tokens(token_a, token_b):
+    if (not token_a and token_b) or (not token_b and token_a) or \
+                    (token_a and token_a == token_b):
+        raise common.Error('To connect to Smart-1 Cloud, \
+         you must provide two tokens (one per member)')
+
+
+def validate_mgmt_network_if_required(token_a, mgmt_network):
+    if not token_a and mgmt_network == "S1C":
+        raise common.Error(
+            'Public address of the Security Management Server is required')
+
+
+@common.FormatErrorsDec
+def generate_config(context):
+    prop = context.properties
+
+    validate_same_region(prop['zoneA'], prop['zoneB'])
+    validate_both_tokens(prop['smart1CloudTokenA'], prop['smart1CloudTokenB'])
+    validate_mgmt_network_if_required(
+        prop['smart1CloudTokenA'], prop['managementNetwork'])
+
+    prop['deployment'] = context.env['deployment']
+    prop['project'] = context.env['project']
+    prop['region'] = common.ZoneToRegion(prop['zoneA'])
+    prop['templateName'] = TEMPLATE_NAME
+    prop['templateVersion'] = TEMPLATE_VERSION
+    prop['allowUploadDownload'] = str(prop['allowUploadDownload']).lower()
+    prop['hasInternet'] = 'true'  # via Google Private Access
+    prop['installationType'] = 'Cluster'
+
+    resources = []
+    outputs = []
+    gw_dependencies = []
+    member_a_nics = []
+
+    add_readiness_waiter(prop, resources)
+
+    cluster_net_name, cluster_subnet_name = get_or_create_net(
+        prop, CLUSTER_NET_FIELD, resources, gw_dependencies, True, True)
+    member_a_nics.append(make_nic(prop, cluster_net_name, cluster_subnet_name))
+
+    mgmt_net_name, mgmt_subnet_name = get_or_create_net(
+        prop, MGMT_NET_FIELD, resources, gw_dependencies, False, True)
+    member_a_nics.append(make_nic(prop, mgmt_net_name, mgmt_subnet_name))
+
+    for ifnum in range(1, prop['numInternalNetworks'] + 1):
+        int_net_name, int_subnet_name = get_or_create_net(
+            prop, INTERNAL_NET_FIELD.format(ifnum), resources,
+            gw_dependencies)
+        member_a_nics.append(make_nic(prop, int_net_name, int_subnet_name))
+
+    member_b_nics = copy.deepcopy(member_a_nics)
+
+    create_external_addresses_if_needed(
+        prop, resources, member_a_nics, member_b_nics)
+
+    member_a_name = common.set_name_and_truncate(
+        prop['deployment'], '-member-a')
+    member_b_name = common.set_name_and_truncate(
+        prop['deployment'], '-member-b')
+
+    if prop['generatePassword']:
+        passwd = password.GeneratePassword(12, False)
+    else:
+        passwd = ''
+
+    member_a = make_gw(context, member_a_name, prop['zoneA'],
+                       member_a_nics, passwd, gw_dependencies,
+                       prop['smart1CloudTokenA'])
+    member_b = make_gw(context, member_b_name, prop['zoneB'],
+                       member_b_nics, passwd, gw_dependencies,
+                       prop['smart1CloudTokenB'])
+
+    resources += [member_a, member_b]
+
+    outputs += [
+        {
+            'name': 'deployment',
+            'value': prop['deployment']
+        },
+        {
+            'name': 'project',
+            'value': prop['project']
+        },
+        {
+            'name': 'vmAName',
+            'value': member_a_name,
+        },
+        {
+            'name': 'vmASelfLink',
+            'value': '$(ref.{}.selfLink)'.format(member_a_name),
+        },
+        {
+            'name': 'vmBName',
+            'value': member_b_name,
+        },
+        {
+            'name': 'vmBSelfLink',
+            'value': '$(ref.{}.selfLink)'.format(member_b_name),
+        },
+        {
+            'name': 'password',
+            'value': passwd
+        }
+    ]
+
+    if prop['deployWithPublicIPs']:
+        outputs += [
+            {
+                'name': 'clusterIP',
+                'value': '$(ref.{}.address)'.format(
+                    prop['primary_cluster_address_name'])
+            },
+            {
+                'name': 'vmAExternalIP',
+                'value': '$(ref.{}.address)'.format(
+                    prop['member_a_address_name'])
+            },
+            {
+                'name': 'vmBExternalIP',
+                'value': '$(ref.{}.address)'.format(
+                    prop['member_b_address_name'])
+            }
+        ]
+
+    return common.MakeResource(resources, outputs)
diff --git a/deprecated/gcp/R80.40-R81/ha-byol/check-point-cluster--byol.py.schema b/deprecated/gcp/R80.40-R81/ha-byol/check-point-cluster--byol.py.schema
new file mode 100644
index 00000000..fcc01058
--- /dev/null
+++ b/deprecated/gcp/R80.40-R81/ha-byol/check-point-cluster--byol.py.schema
@@ -0,0 +1,400 @@
+imports:
+  - path: check-point-cluster--byol.py
+
+info:
+  version: 1.0
+  title: Check Point CloudGuard Network Security Cluster - BYOL Template
+
+required:
+  - zoneA
+  - zoneB
+  - machineType
+  - diskType
+  - bootDiskSizeGb
+  - sicKey
+  - managementNetwork
+  - allowUploadDownload
+  - shell
+  - generatePassword
+  - enableMonitoring
+  - numInternalNetworks
+
+properties:
+  zoneA:
+    type: string
+    default: us-central1-a
+    x-googleProperty:
+      type: GCE_ZONE
+  zoneB:
+    type: string
+    default: us-central1-a
+    x-googleProperty:
+      type: GCE_ZONE
+  machineType:
+    type: string
+    default: n1-standard-4
+    x-googleProperty:
+      type: GCE_MACHINE_TYPE
+      zoneProperty: zoneA
+      gceMachineType:
+        minCpu: 2
+        minRamGb: 1.843000054359436
+  deployWithPublicIPs:
+    type: boolean
+    default: True
+  instanceSSHKey:
+    type: string
+    pattern: ^([0-9a-z\-]+ +[0-9A-Za-z/\+=]+( .*)?|)$
+    default: ''
+  smart1CloudTokenA:
+    type: string
+    default: ''
+  smart1CloudTokenB:
+    type: string
+    default: '' 
+  diskType:
+    type: string
+    default: pd-ssd
+    x-googleProperty:
+      type: GCE_DISK_TYPE
+      zoneProperty: zoneA
+  bootDiskSizeGb:
+    type: integer
+    maximum: 1000
+    default: 100
+    minimum: 100
+    x-googleProperty:
+      type: GCE_DISK_SIZE
+      gceDiskSize:
+        diskTypeProperty: diskType
+  ha_version:
+    type: string
+    default: R81.20 Cluster
+    enum:
+      - R80.40 Cluster
+      - R81 Cluster
+      - R81.10 Cluster
+      - R81.20 Cluster
+  enableMonitoring:
+    type: boolean
+    default: False
+  sicKey:
+    type: string
+    pattern: ^([a-z0-9A-Z]{8,30})$
+    default: ''
+  managementNetwork:
+    type: string
+    default: ''
+    pattern: ^((?!0\.0\.0\.0/0)([0-9]{1,3}\.){3}[0-9]{1,3}/([0-9]|[1-2][0-9]|3[0-2]))|(S1C)$
+  generatePassword:
+    type: boolean
+    default: False
+  maintenanceMode:
+    type: string
+    pattern: ^([a-z0-9A-Z.]{12,300}|)$
+    default: ''
+  allowUploadDownload:
+    type: boolean
+    default: False
+  shell:
+    type: string
+    default: /etc/cli.sh
+    enum:
+      - /etc/cli.sh
+      - /bin/bash
+      - /bin/csh
+      - /bin/tcsh
+  cluster-network-cidr:
+    type: string
+    default: '10.0.0.0/24'
+    pattern: ^(?!0\.0\.0\.0/0)([0-9]{1,3}\.){3}[0-9]{1,3}/([0-9]|[1-2][0-9]|3[0-2])|$
+  cluster-network-name:
+    type: string
+    pattern: ^([a-z0-9-]{1,38})$
+    x-googleProperty:
+      type: GCE_NETWORK
+  cluster-network-subnetwork-name:
+    type: string
+    x-googleProperty:
+      type: GCE_SUBNETWORK
+      zoneProperty: zoneA
+      gceSubnetwork:
+        networkProperty: cluster-network-name
+  cluster-network_enableIcmp:
+    type: boolean
+    default: False
+    x-googleProperty:
+      type: GCE_FIREWALL
+      gceFirewall:
+        networkProperty: cluster-network-name
+  cluster-network_icmpSourceRanges:
+    type: string
+    x-googleProperty:
+      type: GCE_FIREWALL_RANGE
+      gceFirewallRange:
+        firewallProperty: cluster-network_enableIcmp
+  cluster-network_enableTcp:
+    type: boolean
+    default: False
+    x-googleProperty:
+      type: GCE_FIREWALL
+      gceFirewall:
+        networkProperty: cluster-network-name
+  cluster-network_tcpSourceRanges:
+    type: string
+    x-googleProperty:
+      type: GCE_FIREWALL_RANGE
+      gceFirewallRange:
+        firewallProperty: cluster-network_enableTcp
+  cluster-network_enableUdp:
+    type: boolean
+    default: False
+    x-googleProperty:
+      type: GCE_FIREWALL
+      gceFirewall:
+        networkProperty: cluster-network-name
+  cluster-network_udpSourceRanges:
+    type: string
+    x-googleProperty:
+      type: GCE_FIREWALL_RANGE
+      gceFirewallRange:
+        firewallProperty: cluster-network_enableUdp
+  cluster-network_enableSctp:
+    type: boolean
+    default: False
+    x-googleProperty:
+      type: GCE_FIREWALL
+      gceFirewall:
+        networkProperty: cluster-network-name
+  cluster-network_sctpSourceRanges:
+    type: string
+    x-googleProperty:
+      type: GCE_FIREWALL_RANGE
+      gceFirewallRange:
+        firewallProperty: cluster-network_enableSctp
+  cluster-network_enableEsp:
+    type: boolean
+    default: False
+    x-googleProperty:
+      type: GCE_FIREWALL
+      gceFirewall:
+        networkProperty: cluster-network-name
+  cluster-network_espSourceRanges:
+    type: string
+    x-googleProperty:
+      type: GCE_FIREWALL_RANGE
+      gceFirewallRange:
+        firewallProperty: cluster-network_enableEsp
+  mgmt-network-cidr:
+    type: string
+    default: '10.0.1.0/24'
+    pattern: ^(?!0\.0\.0\.0/0)([0-9]{1,3}\.){3}[0-9]{1,3}/([0-9]|[1-2][0-9]|3[0-2])|$
+  mgmt-network-name:
+    type: string
+    pattern: ^([a-z0-9-]{1,38})$
+    x-googleProperty:
+      type: GCE_NETWORK
+  mgmt-network-subnetwork-name:
+    type: string
+    x-googleProperty:
+      type: GCE_SUBNETWORK
+      zoneProperty: zoneA
+      gceSubnetwork:
+        networkProperty: mgmt-network-name
+  mgmt-network_enableIcmp:
+    type: boolean
+    default: False
+    x-googleProperty:
+      type: GCE_FIREWALL
+      gceFirewall:
+        networkProperty: mgmt-network-name
+  mgmt-network_icmpSourceRanges:
+    type: string
+    x-googleProperty:
+      type: GCE_FIREWALL_RANGE
+      gceFirewallRange:
+        firewallProperty: mgmt-network_enableIcmp
+  mgmt-network_enableTcp:
+    type: boolean
+    default: False
+    x-googleProperty:
+      type: GCE_FIREWALL
+      gceFirewall:
+        networkProperty: mgmt-network-name
+  mgmt-network_tcpSourceRanges:
+    type: string
+    x-googleProperty:
+      type: GCE_FIREWALL_RANGE
+      gceFirewallRange:
+        firewallProperty: mgmt-network_enableTcp
+  mgmt-network_enableUdp:
+    type: boolean
+    default: False
+    x-googleProperty:
+      type: GCE_FIREWALL
+      gceFirewall:
+        networkProperty: mgmt-network-name
+  mgmt-network_udpSourceRanges:
+    type: string
+    x-googleProperty:
+      type: GCE_FIREWALL_RANGE
+      gceFirewallRange:
+        firewallProperty: mgmt-network_enableUdp
+  mgmt-network_enableSctp:
+    type: boolean
+    default: False
+    x-googleProperty:
+      type: GCE_FIREWALL
+      gceFirewall:
+        networkProperty: mgmt-network-name
+  mgmt-network_sctpSourceRanges:
+    type: string
+    x-googleProperty:
+      type: GCE_FIREWALL_RANGE
+      gceFirewallRange:
+        firewallProperty: mgmt-network_enableSctp
+  mgmt-network_enableEsp:
+    type: boolean
+    default: False
+    x-googleProperty:
+      type: GCE_FIREWALL
+      gceFirewall:
+        networkProperty: mgmt-network-name
+  mgmt-network_espSourceRanges:
+    type: string
+    x-googleProperty:
+      type: GCE_FIREWALL_RANGE
+      gceFirewallRange:
+        firewallProperty: mgmt-network_enableEsp
+  numInternalNetworks:
+    type: integer
+    enum:
+      - 1
+      - 2
+      - 3
+      - 4
+      - 5
+      - 6
+    minimum: 1
+    maximum: 6
+    default: 1
+  internal-network1-cidr:
+    type: string
+    pattern: ^(?!0\.0\.0\.0/0)([0-9]{1,3}\.){3}[0-9]{1,3}/([0-9]|[1-2][0-9]|3[0-2])|$
+    default: '10.0.2.0/24'
+  internal-network1-name:
+    type: string
+    pattern: ^([a-z0-9-]{1,38})$
+    x-googleProperty:
+      type: GCE_NETWORK
+  internal-network1-subnetwork-name:
+    type: string
+    x-googleProperty:
+      type: GCE_SUBNETWORK
+      zoneProperty: zoneA
+      gceSubnetwork:
+        networkProperty: internal-network1-name
+  internal-network2-cidr:
+    type: string
+    pattern: ^(?!0\.0\.0\.0/0)([0-9]{1,3}\.){3}[0-9]{1,3}/([0-9]|[1-2][0-9]|3[0-2])|$
+    default: ''
+  internal-network2-name:
+    type: string
+    pattern: ^([a-z0-9-]{1,38})$
+    x-googleProperty:
+      type: GCE_NETWORK
+  internal-network2-subnetwork-name:
+    type: string
+    x-googleProperty:
+      type: GCE_SUBNETWORK
+      zoneProperty: zoneA
+      gceSubnetwork:
+        networkProperty: internal-network2-name
+  internal-network3-cidr:
+    type: string
+    pattern: ^(?!0\.0\.0\.0/0)([0-9]{1,3}\.){3}[0-9]{1,3}/([0-9]|[1-2][0-9]|3[0-2])|$
+    default: ''
+  internal-network3-name:
+    type: string
+    pattern: ^([a-z0-9-]{1,38})$
+    x-googleProperty:
+      type: GCE_NETWORK
+  internal-network3-subnetwork-name:
+    type: string
+    x-googleProperty:
+      type: GCE_SUBNETWORK
+      zoneProperty: zoneA
+      gceSubnetwork:
+        networkProperty: internal-network3-name
+  internal-network4-cidr:
+    type: string
+    pattern: ^(?!0\.0\.0\.0/0)([0-9]{1,3}\.){3}[0-9]{1,3}/([0-9]|[1-2][0-9]|3[0-2])|$
+    default: ''
+  internal-network4-name:
+    type: string
+    pattern: ^([a-z0-9-]{1,38})$
+    x-googleProperty:
+      type: GCE_NETWORK
+  internal-network4-subnetwork-name:
+    type: string
+    x-googleProperty:
+      type: GCE_SUBNETWORK
+      zoneProperty: zoneA
+      gceSubnetwork:
+        networkProperty: internal-network4-name
+  internal-network5-cidr:
+    type: string
+    pattern: ^(?!0\.0\.0\.0/0)([0-9]{1,3}\.){3}[0-9]{1,3}/([0-9]|[1-2][0-9]|3[0-2])|$
+    default: ''
+  internal-network5-name:
+    type: string
+    pattern: ^([a-z0-9-]{1,38})$
+    x-googleProperty:
+      type: GCE_NETWORK
+  internal-network5-subnetwork-name:
+    type: string
+    x-googleProperty:
+      type: GCE_SUBNETWORK
+      zoneProperty: zoneA
+      gceSubnetwork:
+        networkProperty: internal-network5-name
+  internal-network6-cidr:
+    type: string
+    pattern: ^(?!0\.0\.0\.0/0)([0-9]{1,3}\.){3}[0-9]{1,3}/([0-9]|[1-2][0-9]|3[0-2])|$
+    default: ''
+  internal-network6-name:
+    type: string
+    pattern: ^([a-z0-9-]{1,38})$
+    x-googleProperty:
+      type: GCE_NETWORK
+  internal-network6-subnetwork-name:
+    type: string
+    x-googleProperty:
+      type: GCE_SUBNETWORK
+      zoneProperty: zoneA
+      gceSubnetwork:
+        networkProperty: internal-network6-name
+
+outputs:
+  deployment:
+    type: string
+  project:
+    type: string
+  clusterIP:
+    type: string
+  vmAName:
+    type: string
+  vmAExternalIP:
+    type: string
+  vmASelfLink:
+    type: string
+  vmBName:
+    type: string
+  vmBExternalIP:
+    type: string
+  vmBSelfLink:
+    type: string
+  password:
+    type: string
+  ha_version:
+    type: string
diff --git a/deprecated/gcp/R80.40-R81/ha-byol/common.py b/deprecated/gcp/R80.40-R81/ha-byol/common.py
new file mode 100644
index 00000000..e123c502
--- /dev/null
+++ b/deprecated/gcp/R80.40-R81/ha-byol/common.py
@@ -0,0 +1,262 @@
+# Copyright 2015 Google Inc. All rights reserved.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+"""Generic simple functions used for python based template generation."""
+
+import re
+import sys
+import traceback
+import default
+import string
+
+import yaml
+
+RFC1035_RE = re.compile(r'^[a-z][-a-z0-9]{1,61}[a-z0-9]{1}$')
+
+
+class Error(Exception):
+  """Common exception wrapper for template exceptions."""
+  pass
+
+
+class DefaultFormatter(string.Formatter):
+    """Returns default instead of key error when looking for keys.
+
+    Used for startup-script which contains params from multiple deployments
+    whiles keys from one deployment may not be set in another.
+    """
+    def __init__(self, default=''):
+        self.default = default
+    def get_value(self, key, args, dict):
+        if isinstance(key, str):
+            return dict.get(key, self.default)
+        else:
+            return string.Formatter.get_value(key, args, dict)
+
+
+def set_name_and_truncate(primary, secondary, maxlength=62):
+    return '%s%s' % (primary[:maxlength - len(secondary)], secondary)
+
+
+def AddDiskResourcesIfNeeded(context):
+  """Checks context if disk resources need to be added."""
+  if default.DISK_RESOURCES in context.properties:
+    return context.properties[default.DISK_RESOURCES]
+  else:
+    return []
+
+
+def AutoName(base, resource, *args):
+  """Helper method to generate names automatically based on default."""
+  auto_name = '%s-%s' % (base, '-'.join(list(args) + [default.AKA[resource]]))
+  if not RFC1035_RE.match(auto_name):
+    raise Error('"%s" name for type %s does not match RFC1035 regex (%s)' %
+                (auto_name, resource, RFC1035_RE.pattern))
+  return auto_name
+
+
+def AutoRef(base, resource, *args):
+  """Helper method that builds a reference for an auto-named resource."""
+  return Ref(AutoName(base, resource, *args))
+
+
+def OrderedItems(dict_obj):
+  """Convenient method to yield sorted iteritems of a dictionary."""
+  keys = list(dict_obj.keys())
+  keys.sort()
+  for k in keys:
+    yield (k, dict_obj[k])
+
+
+def ShortenZoneName(zone):
+  """Given a string that looks like a zone name, creates a shorter version."""
+  geo, coord, number, letter = re.findall(r'(\w+)-(\w+)(\d)-(\w)', zone)[0]
+  geo = geo.lower() if len(geo) == 2 else default.LOC[geo.lower()]
+  coord = default.LOC[coord.lower()]
+  number = str(number)
+  letter = letter.lower()
+  return geo + '-' + coord + number + letter
+
+
+def ZoneToRegion(zone):
+  """Derives the region from a zone name."""
+  parts = zone.split('-')
+  if len(parts) != 3:
+    raise Error('Cannot derive region from zone "%s"' % zone)
+  return '-'.join(parts[:2])
+
+
+def FormatException(message):
+  """Adds more information to the exception."""
+  message = ('Exception Type: %s\n'
+             'Details: %s\n'
+             'Message: %s\n') % (sys.exc_info()[0],
+                                 traceback.format_exc(), message)
+  return message
+
+
+def Ref(name):
+  return '$(ref.%s.selfLink)' % name
+
+
+def RefGroup(name):
+  return '$(ref.%s.instanceGroup)' % name
+
+
+def GlobalComputeLink(project, collection, name):
+  return ''.join([default.COMPUTE_URL_BASE, 'projects/', project, '/global/',
+                  collection, '/', name])
+
+def GlobalNetworkLink(project, network):
+  return ''.join([default.COMPUTE_URL_BASE, 'projects/', project, '/global/',
+                  default.NETWORKS, '/', network])
+
+
+def LocalComputeLink(project, zone, key, value):
+  return ''.join([default.COMPUTE_URL_BASE, 'projects/', project, '/zones/',
+                  zone, '/', key, '/', value])
+
+
+def ReadContext(context, prop_key):
+  return (context.env['project'], context.properties.get('zone', None),
+          context.properties[prop_key])
+
+
+def MakeLocalComputeLink(context, key, zone=None):
+  if not zone:
+    project, zone, value = ReadContext(context, key)
+  else:
+    project, _, value = ReadContext(context, key)
+
+  if IsComputeLink(value):
+    return value
+  else:
+    return LocalComputeLink(project, zone, key + 's', value)
+
+
+def MakeGlobalComputeLink(context, key):
+  project, _, value = ReadContext(context, key)
+  if IsComputeLink(value):
+    return value
+  else:
+    return GlobalComputeLink(project, key + 's', value)
+
+def MakeRegionalSubnetworkLink(project, zone, subnet):
+  region = ZoneToRegion(zone)
+  return ''.join([default.COMPUTE_URL_BASE, 'projects/', project, '/regions/',
+                  region, '/subnetworks/', subnet])
+
+
+def MakeSubnetworkComputeLink(context, key):
+  project, zone, value = ReadContext(context, key)
+  region = ZoneToRegion(zone)
+  return ''.join([default.COMPUTE_URL_BASE, 'projects/', project, '/regions/',
+                  region, '/subnetworks/', value])
+
+
+def MakeFQHN(context, name):
+  return '%s.c.%s.internal' % (name, context.env['project'])
+
+
+# TODO(victorg): Consider moving this method to a different file
+def MakeC2DImageLink(name, dev_mode=False):
+  if IsGlobalProjectShortcut(name) or name.startswith('http'):
+    return name
+  else:
+    if dev_mode:
+      return 'global/images/%s' % name
+    else:
+      return GlobalComputeLink(default.C2D_IMAGES, 'images', name)
+
+
+def IsGlobalProjectShortcut(name):
+  return name.startswith('projects/') or name.startswith('global/')
+
+
+def IsComputeLink(name):
+  return (name.startswith(default.COMPUTE_URL_BASE) or
+          name.startswith(default.REFERENCE_PREFIX))
+
+
+def GetNamesAndTypes(resources_dict):
+  return [(d['name'], d['type']) for d in resources_dict]
+
+
+def SummarizeResources(res_dict):
+  """Summarizes the name of resources per resource type."""
+  result = {}
+  for res in res_dict:
+    result.setdefault(res['type'], []).append(res['name'])
+  return result
+
+
+def ListPropertyValuesOfType(res_dict, prop, res_type):
+  """Lists all the values for a property of a certain type."""
+  return [r['properties'][prop] for r in res_dict if r['type'] == res_type]
+
+
+def MakeResource(resource_list, output_list=None):
+  """Wrapper for a DM template basic spec."""
+  content = {'resources': resource_list}
+  if output_list:
+    content['outputs'] = output_list
+  return yaml.dump(content)
+
+
+def TakeZoneOut(properties):
+  """Given a properties dictionary, removes the zone specific information."""
+
+  def _CleanZoneUrl(value):
+    value = value.split('/')[-1] if IsComputeLink(value) else value
+    return value
+
+  for name in default.VM_ZONE_PROPERTIES:
+    if name in properties:
+      properties[name] = _CleanZoneUrl(properties[name])
+  if default.ZONE in properties:
+    properties.pop(default.ZONE)
+  if default.BOOTDISK in properties:
+    properties[default.BOOTDISK] = _CleanZoneUrl(properties[default.BOOTDISK])
+  if default.DISKS in properties:
+    for disk in properties[default.DISKS]:
+      # Don't touch references to other disks
+      if default.DISK_SOURCE in disk:
+        continue
+      if default.INITIALIZEP in disk:
+        disk_init = disk[default.INITIALIZEP]
+      if default.DISKTYPE in disk_init:
+        disk_init[default.DISKTYPE] = _CleanZoneUrl(disk_init[default.DISKTYPE])
+
+
+def GenerateEmbeddableYaml(yaml_string):
+  # Because YAML is a space delimited format, we need to be careful about
+  # embedding one YAML document in another. This function takes in a string in
+  # YAML format and produces an equivalent YAML representation that can be
+  # inserted into arbitrary points of another YAML document. It does so by
+  # printing the YAML string in a single line format. Consistent ordering of
+  # the string is also guaranteed by using yaml.dump.
+  yaml_object = yaml.load(yaml_string)
+  dumped_yaml = yaml.dump(yaml_object, default_flow_style=True)
+  return dumped_yaml
+
+
+def FormatErrorsDec(func):
+  """Decorator to format exceptions if they get raised."""
+
+  def FormatErrorsWrap(context):
+    try:
+      return func(context)
+    except Exception as e:
+      raise Error(FormatException(e.message))
+
+  return FormatErrorsWrap
diff --git a/deprecated/gcp/R80.40-R81/ha-byol/config.yaml b/deprecated/gcp/R80.40-R81/ha-byol/config.yaml
new file mode 100644
index 00000000..e8012a71
--- /dev/null
+++ b/deprecated/gcp/R80.40-R81/ha-byol/config.yaml
@@ -0,0 +1,73 @@
+imports:
+- path: check-point-cluster--byol.py
+- path: common.py
+- path: default.py
+- path: password.py
+- path: images.py
+
+resources:
+- name: check-point-cluster--byol
+  type: check-point-cluster--byol.py
+  properties:
+      ha_version: "PLEASE ENTER HA VERSION"
+      zoneA: "PLEASE ENTER ZONE A"
+      zoneB: "PLEASE ENTER ZONE B. MUST BE IN THE SAME REGION AS MEMBER A ZONE"
+      machineType: "PLEASE ENTER A MACHINE TYPE"
+      diskType: "PLEASE ENTER A DISK TYPE"
+      #To connect to Smart-1 Cloud you must provide two valid tokens (one per member)
+      smart1CloudTokenA: "PLEASE ENTER A TOKEN TO CONNECT TO SMART-1 CLOUD FOR MEMBER A OR LEAVE EMPTY DOUBLE QUOTES"
+      smart1CloudTokenB: "PLEASE ENTER A TOKEN TO CONNECT TO SMART-1 CLOUD FOR MEMBER B OR LEAVE EMPTY DOUBLE QUOTES"
+      bootDiskSizeGb: "PLEASE ENTER A DISK SIZE"
+      instanceSSHKey: "PLEASE ENTER A VALID PUBLIC KEY"
+      enableMonitoring: "PLEASE ENTER true or false"
+      managementNetwork: "PLEASE ENTER MANAGEMENT IP, if using Smart-1 Cloud insert 'S1C'"
+      sicKey: "PLEASE ENTER A SIC KEY"
+      generatePassword: "PLEASE ENTER true or false"
+      allowUploadDownload: "PLEASE ENTER true or false"
+      shell: "PLEASE ENTER A SHELL"
+      deployWithPublicIPs: "PLEASE ENTER true or false"
+      cluster-network-cidr: "PLEASE ENTER CLUSTER NETWORK CIDR"
+      cluster-network-name: "PLEASE ENTER CLUSTER NETWORK ID"
+      cluster-network-subnetwork-name: "PLEASE ENTER CLUSTER SUBNETWORK ID"
+      cluster-network_enableIcmp: "PLEASE ENTER true or false"
+      cluster-network_icmpSourceRanges: "PLEASE ENTER ICMP SOURCE RANGES OR LEAVE EMPTY DOUBLE QUOTES"
+      cluster-network_enableTcp: "PLEASE ENTER true or false"
+      cluster-network_tcpSourceRanges: "PLEASE ENTER TCP SOURCE RANGES OR LEAVE EMPTY DOUBLE QUOTES"
+      cluster-network_enableUdp: "PLEASE ENTER true or false"
+      cluster-network_udpSourceRanges: "PLEASE ENTER UDP SOURCE RANGES OR LEAVE EMPTY DOUBLE QUOTES"
+      cluster-network_enableSctp: "PLEASE ENTER true or false"
+      cluster-network_sctpSourceRanges: "PLEASE ENTER SCTP SOURCE RANGES OR LEAVE EMPTY DOUBLE QUOTES"
+      cluster-network_enableEsp: "PLEASE ENTER true or false"
+      cluster-network_espSourceRanges: "PLEASE ENTER ESP SOURCE RANGES OR LEAVE EMPTY DOUBLE QUOTES"
+      mgmt-network-cidr: "PLEASE ENTER MANAGEMENT NETWORK CIDR"
+      mgmt-network-name: "PLEASE ENTER MANAGEMENT NETWORK ID"
+      mgmt-network-subnetwork-name: "PLEASE ENTER MANAGEMENT SUBNETWORK ID"
+      mgmt-network_enableIcmp: "PLEASE ENTER true or false"
+      mgmt-network_icmpSourceRanges: "PLEASE ENTER ICMP SOURCE RANGES OR LEAVE EMPTY DOUBLE QUOTES"
+      mgmt-network_enableTcp: "PLEASE ENTER true or false"
+      mgmt-network_tcpSourceRanges: "PLEASE ENTER TCP SOURCE RANGES OR LEAVE EMPTY DOUBLE QUOTES"
+      mgmt-network_enableUdp: "PLEASE ENTER true or false"
+      mgmt-network_udpSourceRanges: "PLEASE ENTER UDP SOURCE RANGES OR LEAVE EMPTY DOUBLE QUOTES"
+      mgmt-network_enableSctp: "PLEASE ENTER true or false"
+      mgmt-network_sctpSourceRanges: "PLEASE ENTER SCTP SOURCE RANGES OR LEAVE EMPTY DOUBLE QUOTES"
+      mgmt-network_enableEsp: "PLEASE ENTER true or false"
+      mgmt-network_espSourceRanges: "PLEASE ENTER ESP SOURCE RANGES OR LEAVE EMPTY DOUBLE QUOTES"
+      #Define additional NICs networks and subnetworks according the defined numAdditionalNICs value
+      #If there is no need in additional NICs remove additionalNetwork1 and additionalSubnetwork1 variables
+      numInternalNetworks: "PLEASE ENTER A NUMBER OF ADDITIONAL NICS"
+      internal-network1-cidr: "PLEASE ENTER 1ST INTERNAL NETWORK CIDR"
+      internal-network1-name: "PLEASE ENTER 1ST INTERNAL NETWORK ID"
+      internal-network1-subnetwork-name: "PLEASE ENTER INTERNAL SUBNETWORK ID"
+outputs:
+- name: "Deployment"
+  value: $(ref.check-point-cluster--byol.deployment)
+- name: "Cluster IP external address"
+  value: $(ref.check-point-cluster--byol.clusterIP)
+- name: "Member A"
+  value: $(ref.check-point-cluster--byol.vmAName)
+- name: "Member A external IP"
+  value: $(ref.check-point-cluster--byol.vmAExternalIP)
+- name: "Member B"
+  value: $(ref.check-point-cluster--byol.vmBName)
+- name: "Member B external IP"
+  value: $(ref.check-point-cluster--byol.vmBExternalIP)
\ No newline at end of file
diff --git a/deprecated/gcp/R80.40-R81/ha-byol/default.py b/deprecated/gcp/R80.40-R81/ha-byol/default.py
new file mode 100644
index 00000000..0c7dd919
--- /dev/null
+++ b/deprecated/gcp/R80.40-R81/ha-byol/default.py
@@ -0,0 +1,134 @@
+# Copyright 2015 Google Inc. All rights reserved.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+"""Convenience module to hold default constants for C2D components.
+
+There should not be any logic in this module. Its purpose is to simplify
+analysis of commonly used GCP and properties names and identify the names
+that were custom created for these modules.
+"""
+# Generic constants
+C2D_IMAGES = 'click-to-deploy-images'
+
+# URL constants
+COMPUTE_URL_BASE = 'https://www.googleapis.com/compute/v1/'
+
+# Deployment Manager constructs
+REFERENCE_PREFIX = '$(ref.'
+
+# Commonly used in properties namespace
+AUTO_DELETE = 'autoDelete'
+BOOTDISK = 'bootDiskType'
+BOOTDISKSIZE = 'bootDiskSizeGb'
+C_IMAGE = 'containerImage'
+DC_MANIFEST = 'dcManifest'
+DEPLOYMENT = 'DEPLOYMENT'  # used in the deployment coordinator
+DISK_NAME = 'diskName'
+DISK_RESOURCES = 'addedDiskResources'
+DISK_SOURCE = 'source'
+ENDPOINT_NAME = 'serviceRegistryEndpointName'
+FIXED_GCLOUD = 'fixedGcloud'
+GENERATED_PROP = 'generatedProperties'
+INITIALIZEP = 'initializeParams'
+INSTANCE_NAME = 'instanceName'
+LOCAL_SSD = 'localSSDs'
+MAX_NUM = 'maxNumReplicas'
+NETWORKS = 'networks'
+NO_SCOPE = 'noScope'
+PROVIDE_BOOT = 'provideBoot'
+REPLICAS = 'replicas'
+SIZE = 'size'
+VM_COPIES = 'numberOfVMReplicas'
+ZONES = 'zones'
+
+# Common properties values (only official GCP values allowed here)
+EXTERNAL = 'External NAT'
+ONE_NAT = 'ONE_TO_ONE_NAT'
+
+# Common 1st level properties (only official GCP names allowed here)
+CAN_IP_FWD = 'canIpForward'
+CONTAINER = 'container'
+DCKRENV = 'dockerEnv'
+DCKRIMAGE = 'dockerImage'
+DEFAULT_SERVICE = 'defaultService'
+DEVICE_NAME = 'deviceName'
+DISKS = 'disks'
+DISK_SIZE = 'diskSizeGb'
+DISKTYPE = 'diskType'
+HEALTH_PATH = 'healthPath'
+HOST_RULES = 'hostRules'
+IP_PROTO = 'IPProtocol'
+MACHINETYPE = 'machineType'
+METADATA = 'metadata'
+NAME = 'name'
+NETWORK = 'network'
+NETWORKS = 'networks'
+SUBNETWORK = 'subnetwork'
+PATH_MATCHERS = 'pathMatchers'
+PORT = 'port'
+PROJECT = 'project'
+SERVICE = 'service'
+SERVICE_ACCOUNTS = 'serviceAccounts'
+SRCIMAGE = 'sourceImage'
+SRC_RANGES = 'sourceRanges'
+TAGS = 'tags'
+TYPE = 'type'
+VM_TEMPLATE = 'instanceTemplate'
+ZONE = 'zone'
+
+# Zone specfic VM properties
+VM_ZONE_PROPERTIES = [DISKTYPE, MACHINETYPE, BOOTDISK]
+
+# Resource type defaults names
+ADDRESS = 'compute.v1.address'
+AUTOSCALER = 'compute.v1.autoscaler'
+BACKEND_SERVICE = 'compute.v1.backendService'
+DISK = 'compute.v1.disk'
+ENDPOINT = 'serviceregistry.v1alpha.endpoint'
+FIREWALL = 'compute.v1.firewall'
+GF_RULE = 'compute.v1.globalForwardingRule'
+HEALTHCHECK = 'compute.v1.httpHealthCheck'
+IGM = 'compute.v1.instanceGroupManager'
+INSTANCE = 'compute.v1.instance'
+PROXY = 'compute.v1.targetHttpProxy'
+TEMPLATE = 'compute.v1.instanceTemplate'
+REGION_IGM = 'compute.v1.regionInstanceGroupManager'
+REGION_AUTOSCALER = 'compute.v1.regionAutoscaler'
+URL_MAP = 'compute.v1.urlMap'
+VPC='compute.v1.network'
+VPC_SUBNET='compute.v1.subnetwork'
+
+# Also Known As constants
+AKA = {
+    TEMPLATE: 'tmplt',
+    AUTOSCALER: 'as',
+    BACKEND_SERVICE: 'bes',
+    DISK: 'disk',
+    FIREWALL: 'fwall',
+    GF_RULE: 'ip',
+    HEALTHCHECK: 'hc',
+    INSTANCE: 'vm',
+    PROXY: 'tproxy',
+    IGM: 'igm',
+    URL_MAP: 'umap',
+}
+
+LOC = {
+    'europe': 'eu',
+    'asia': 'as',
+    'central': 'c',
+    'east': 'e',
+    'west': 'w',
+    'north': 'n',
+    'south': 's',
+}
diff --git a/deprecated/gcp/R80.40-R81/ha-byol/images.py b/deprecated/gcp/R80.40-R81/ha-byol/images.py
new file mode 100644
index 00000000..7b04bee0
--- /dev/null
+++ b/deprecated/gcp/R80.40-R81/ha-byol/images.py
@@ -0,0 +1,34 @@
+IMAGES = {
+  "check-point-r8120-payg": "check-point-r8120-payg-631-991001560-v20240425",
+  "check-point-r8120-gw-payg-single": "check-point-r8120-gw-payg-single-631-991001560-v20240425",
+  "check-point-r8120-gw-payg-mig": "check-point-r8120-gw-payg-mig-631-991001560-v20240425",
+  "check-point-r8120-gw-payg-cluster": "check-point-r8120-gw-payg-cluster-631-991001560-v20240425",
+  "check-point-r8120-gw-byol-single": "check-point-r8120-gw-byol-single-631-991001560-v20240425",
+  "check-point-r8120-gw-byol-mig": "check-point-r8120-gw-byol-mig-631-991001560-v20240425",
+  "check-point-r8120-gw-byol-cluster": "check-point-r8120-gw-byol-cluster-631-991001560-v20240425",
+  "check-point-r8120-byol": "check-point-r8120-byol-631-991001560-v20240425",
+  "check-point-r8110-payg": "check-point-r8110-payg-335-991001560-v20240425",
+  "check-point-r8110-gw-payg-single": "check-point-r8110-gw-payg-single-335-991001560-v20240425",
+  "check-point-r8110-gw-payg-mig": "check-point-r8110-gw-payg-mig-335-991001560-v20240425",
+  "check-point-r8110-gw-payg-cluster": "check-point-r8110-gw-payg-cluster-335-991001560-v20240425",
+  "check-point-r8110-gw-byol-single": "check-point-r8110-gw-byol-single-335-991001560-v20240425",
+  "check-point-r8110-gw-byol-mig": "check-point-r8110-gw-byol-mig-335-991001560-v20240425",
+  "check-point-r8110-gw-byol-cluster": "check-point-r8110-gw-byol-cluster-335-991001560-v20240425",
+  "check-point-r8110-byol": "check-point-r8110-byol-335-991001560-v20240425",
+  "check-point-r81-payg": "check-point-r81-payg-392-991001560-v20240425",
+  "check-point-r81-gw-payg-single": "check-point-r81-gw-payg-single-392-991001560-v20240425",
+  "check-point-r81-gw-payg-mig": "check-point-r81-gw-payg-mig-392-991001560-v20240425",
+  "check-point-r81-gw-payg-cluster": "check-point-r81-gw-payg-cluster-392-991001560-v20240425",
+  "check-point-r81-gw-byol-single": "check-point-r81-gw-byol-single-392-991001560-v20240425",
+  "check-point-r81-gw-byol-mig": "check-point-r81-gw-byol-mig-392-991001560-v20240425",
+  "check-point-r81-gw-byol-cluster": "check-point-r81-gw-byol-cluster-392-991001560-v20240425",
+  "check-point-r81-byol": "check-point-r81-byol-392-991001560-v20240425",
+  "check-point-r8040-payg": "check-point-r8040-payg-294-991001560-v20240425",
+  "check-point-r8040-gw-payg-single": "check-point-r8040-gw-payg-single-294-991001564-v20240505",
+  "check-point-r8040-gw-payg-mig": "check-point-r8040-gw-payg-mig-294-991001564-v20240505",
+  "check-point-r8040-gw-payg-cluster": "check-point-r8040-gw-payg-cluster-294-991001564-v20240505",
+  "check-point-r8040-gw-byol-single": "check-point-r8040-gw-byol-single-294-991001564-v20240505",
+  "check-point-r8040-gw-byol-mig": "check-point-r8040-gw-byol-mig-294-991001564-v20240505",
+  "check-point-r8040-gw-byol-cluster": "check-point-r8040-gw-byol-cluster-294-991001564-v20240505",
+  "check-point-r8040-byol": "check-point-r8040-byol-294-991001560-v20240425"
+}
\ No newline at end of file
diff --git a/deprecated/gcp/R80.40-R81/ha-byol/password.py b/deprecated/gcp/R80.40-R81/ha-byol/password.py
new file mode 100644
index 00000000..273210a6
--- /dev/null
+++ b/deprecated/gcp/R80.40-R81/ha-byol/password.py
@@ -0,0 +1,135 @@
+# Copyright 2015 Google Inc. All rights reserved.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+"""A DM template that generates password as an output, namely "password".
+
+An example YAML showing how this template can be used:
+  resources:
+  - name: generated-password
+    type: password.py
+    properties:
+      length: 8
+      includeSymbols: true
+  - name: main-template
+    type: main-template.jinja
+    properties:
+      password: $(ref.generated-password.password)
+
+Input properties to this template:
+  - length: the length of the generated password. At least 8. Default 8.
+  - includeSymbols: true/false whether to include symbol chars. Default false.
+
+The generated password satisfies the following requirements:
+  - The length is as specified,
+  - Containing letters and numbers, and optionally symbols if specified,
+  - Starting with a letter,
+  - Containing characters from at least 3 of the 4 categories: uppercases,
+    lowercases, numbers, and symbols.
+
+"""
+
+import random
+import yaml
+
+PROPERTY_LENGTH = 'length'
+PROPERTY_INCLUDE_SYMBOLS = 'includeSymbols'
+
+# Note the omission of some hard to distinguish characters like I, l, 0, and O.
+UPPERS = 'ABCDEFGHJKLMNPQRSTUVWXYZ'
+LOWERS = 'abcdefghijkmnopqrstuvwxyz'
+ALPHABET = UPPERS + LOWERS
+DIGITS = '123456789'
+ALPHANUMS = ALPHABET + DIGITS
+# Including only symbols that can be passed around easily in shell scripts.
+SYMBOLS = '*-+.'
+
+CANDIDATES_WITH_SYMBOLS = ALPHANUMS + SYMBOLS
+CANDIDATES_WITHOUT_SYMBOLS = ALPHANUMS
+
+CATEGORIES_WITH_SYMBOLS = [UPPERS, LOWERS, DIGITS, SYMBOLS]
+CATEGORIES_WITHOUT_SYMBOLS = [UPPERS, LOWERS, DIGITS]
+
+MIN_LENGTH = 8
+
+
+class InputError(Exception):
+  """Raised when input properties are unexpected."""
+
+
+def GenerateConfig(context):
+  """Entry function to generate the DM config."""
+  props = context.properties
+  length = props.setdefault(PROPERTY_LENGTH, MIN_LENGTH)
+  include_symbols = props.setdefault(PROPERTY_INCLUDE_SYMBOLS, False)
+
+  if not isinstance(include_symbols, bool):
+    raise InputError('%s must be a boolean' % PROPERTY_INCLUDE_SYMBOLS)
+
+  content = {
+      'resources': [],
+      'outputs': [{
+          'name': 'password',
+          'value': GeneratePassword(length, include_symbols)
+      }]
+  }
+  return yaml.dump(content)
+
+
+def GeneratePassword(length=8, include_symbols=False):
+  """Generates a random password."""
+  if length < MIN_LENGTH:
+    raise InputError('Password length must be at least %d' % MIN_LENGTH)
+
+  candidates = (CANDIDATES_WITH_SYMBOLS if include_symbols
+                else CANDIDATES_WITHOUT_SYMBOLS)
+  categories = (CATEGORIES_WITH_SYMBOLS if include_symbols
+                else CATEGORIES_WITHOUT_SYMBOLS)
+
+  # Generates up to the specified length minus the number of categories.
+  # Then inserts one character for each category, ensuring that the character
+  # satisfy the category if the generated string hasn't already.
+  generated = ([random.choice(ALPHABET)] +
+               [random.choice(candidates)
+                for _ in range(length - 1 - len(categories))])
+  for category in categories:
+    _InsertAndEnsureSatisfaction(generated, category, candidates)
+  return ''.join(generated)
+
+
+def _InsertAndEnsureSatisfaction(generated, required, all_candidates):
+  """Inserts 1 char into generated, satisfying required if not already.
+
+  If the required characters are not already in the generated string, one will
+  be inserted. If any required character is already in the generated string, a
+  random character from all_candidates will be inserted. The insertion happens
+  at a random location but not at the beginning.
+
+  Args:
+    generated: the string to be modified.
+    required: list of required characters to check for.
+    all_candidates: list of characters to choose from if the required characters
+        are already satisfied.
+  """
+  if set(generated).isdisjoint(required):
+    # Not yet satisfied. Insert a required candidate.
+    _InsertInto(generated, required)
+  else:
+    # Already satisfied. Insert any candidate.
+    _InsertInto(generated, all_candidates)
+
+
+def _InsertInto(generated, candidates):
+  """Inserts a random candidate into a random non-zero index of generated."""
+  # Avoids inserting at index 0, since the first character follows its own rule.
+  generated.insert(random.randint(1, len(generated) - 1),
+                   random.choice(candidates))
diff --git a/deprecated/gcp/R80.40-R81/ha-payg/README.md b/deprecated/gcp/R80.40-R81/ha-payg/README.md
new file mode 100644
index 00000000..4f8405cd
--- /dev/null
+++ b/deprecated/gcp/R80.40-R81/ha-payg/README.md
@@ -0,0 +1,187 @@
+# GCP Deployment Manager package for Check Point High Availability PAYG solution
+This directory contains CloudGuard IaaS deployment package for Check Point High Availability (PAYG) solution published in the [GCP Marketplace](https://console.cloud.google.com/marketplace/details/checkpoint-public/check-point-ha--ngtp).
+
+# How to deploy the package manually
+To deploy the Deployment Manager's package manually, without using the GCP Marketplace, follow these instructions:
+1. Clone or download the files in this directory
+2. Fill variables in the config.yaml(see below for variables descriptions).
+3. Log into [Google Cloud Platform Console](https://console.cloud.google.com)
+4. [Activate Cloud Shell](https://cloud.google.com/shell/docs/using-cloud-shell)
+5. Set your Cloud Platform project in the Cloud Shell session use:
+        
+        gcloud config set project [PROJECT_ID]
+6. Upload the content of the CloudGuardIaaS/gcp/deployment-packages/ha-payg/ directory to the [cloud shell](https://cloud.google.com/shell/docs/uploading-and-downloading-files) 
+7. Launch deployment by running:
+        
+         gcloud deployment-manager deployments create [DEPLOYMENT_NAME] --config config.yaml
+8. Make sure the deployment finished successfully. <br>Example of successful deployment output:
+        
+        The fingerprint of the deployment is CgwkIUxcTnI5_eZY1g9SFw==
+        Waiting for create [operation-1585150261645-5a1af8e42d0ba-6b3d4618-5856e790]...done.
+        Create operation operation-1585150261645-5a1af8e42d0ba-6b3d4618-5856e790 completed successfully.
+        NAME                                        TYPE                          STATE      ERRORS  INTENT
+        cluster-cluster-network-icmp               compute.v1.firewall           COMPLETED  []
+        cluster-cluster-network-tcp                compute.v1.firewall           COMPLETED  []
+        cluster-config                             runtimeconfig.v1beta1.config  COMPLETED  []
+        cluster-member-a                           compute.v1.instance           COMPLETED  []
+        cluster-member-a-address                   compute.v1.address            COMPLETED  []
+        cluster-member-b                           compute.v1.instance           COMPLETED  []
+        cluster-member-b-address                   compute.v1.address            COMPLETED  []
+        cluster-mgmt-network-esp                   compute.v1.firewall           COMPLETED  []
+        cluster-mgmt-network-sctp                  compute.v1.firewall           COMPLETED  []
+        cluster-primary-cluster-address            compute.v1.address            COMPLETED  []
+        cluster-secondary-cluster-address          compute.v1.address            COMPLETED  []
+        cluster-software                           runtimeconfig.v1beta1.waiter  COMPLETED  []
+        OUTPUTS                      VALUE
+        Deployment                   cluster
+        Cluster IP external address  35.201.201.163
+        Member A                     cluster-member-a
+        Member A external IP         104.199.168.141
+        Member B                     cluster-member-b
+        Member B external IP         35.221.178.173
+
+## config.yaml variables
+| Name          | Description   | Type          | Allowed values |
+| ------------- | ------------- | ------------- | -------------  |
+| **ha_version** | High Availability Version | string | R80.40 Cluster;<br/>R81.00 Cluster;<br/>R81.10 Cluster;<br/>R81.20 Cluster; |
+|  |  |  |  |  |
+| **zoneA** | Member A Zone. The zone determines what computing resources are available and where your data is stored and used | string | List of allowed [Regions and Zones](https://cloud.google.com/compute/docs/regions-zones?_ga=2.31926582.-962483654.1585043745) |
+|  |  |  |  |  |
+| **zoneB** | Member B Zone | string | Must be in the same region as member A zone |
+|  |  |  |  |  |
+| **machineType** | Machine types determine the specifications of your machines, such as the amount of memory, virtual cores, and persistent disk limits an instance will have | string | [Learn more about Machine Types](https://cloud.google.com/compute/docs/machine-types?hl=en_US&_ga=2.267871494.-962483654.1585043745) |
+|  |  |  |  |  |
+| **managementNetwork** | Security Management Server address | string | The public address of the Security Management Server, in CIDR notation. If using Smart-1 Cloud insert 'S1C'. VPN peers addresses cannot be in this CIDR block, so this value cannot be the zero-address |
+|  |  |  |  |  |
+| **cluster-network-cidr** | Cluster external subnet CIDR.<br/>If the variable's value is not empty double quotes, a new network will be created.<br/> The Cluster public IP will be translated to a private address assigned to the active member in this external network.  | string | Specify an RFC 1918 CIDR block that does not overlap with your other networks to create a new network or select an existing one below  |
+|  |  |  |  |  |
+| **cluster-network-name** | Cluster external network ID. The network determines what network traffic the instance can access | string | Available network in the chosen zone  |
+|  |  |  |  |  |
+| **cluster-network-subnetwork-name** | Cluster subnet ID. Assigns the instance an IPv4 address from the subnetwork’s range.<br/>If you have specified a CIDR block above, this subnetwork will not be used.<br/>. Instances in different subnetworks can communicate with each other using their internal IPs as long as they belong to the same network. | string | Available subnetwork in the chosen network  |
+|  |  |  |  |  |
+| **cluster-network_enableTcp** | Allow TCP traffic from the Internet | boolean | true; <br/>false;  |
+|  |  |  |  |  |
+| **cluster-network_tcpSourceRanges** | Allow TCP traffic from the Internet | string | Traffic is only allowed from sources within these IP address ranges. Use CIDR notation when entering ranges. For gateway all ports are allowed. For management allowed ports are: 257,18191,18210,18264,22,443,18190,19009 [Learn more](https://cloud.google.com/vpc/docs/vpc?_ga=2.36703144.-962483654.1585043745#firewalls) |
+|  |  |  |  |  |
+| **cluster-network_enableIcmp** | Allow ICMP traffic from the Internet | boolean | true; <br/>false;  |
+|  |  |  |  |  |
+| **cluster-network_icmpSourceRanges** | Source IP ranges for ICMP traffic | string | Traffic is only allowed from sources within these IP address ranges. Use CIDR notation when entering ranges. For gateway only. [Learn more](https://cloud.google.com/vpc/docs/vpc?_ga=2.36703144.-962483654.1585043745#firewalls) |
+|  |  |  |  |  |
+| **cluster-network_enableUdp** | Allow UDP traffic from the Internet | boolean | true; <br/>false;  |
+|  |  |  |  |  |
+| **cluster-network_udpSourceRanges** | Source IP ranges for UDP traffic | string | Traffic is only allowed from sources within these IP address ranges. Use CIDR notation when entering ranges. For gateway only - all ports are allowed. [Learn more](https://cloud.google.com/vpc/docs/vpc?_ga=2.36703144.-962483654.1585043745#firewalls) |
+|  |  |  |  |  |
+| **cluster-network_enableSctp** | Allow SCTP traffic from the Internet | boolean | true; <br/>false;  |
+|  |  |  |  |  |
+| **cluster-network_sctpSourceRanges** | Source IP ranges for SCTP traffic | string | Traffic is only allowed from sources within these IP address ranges. Use CIDR notation when entering ranges. For gateway only - all ports are allowed. [Learn more](https://cloud.google.com/vpc/docs/vpc?_ga=2.36703144.-962483654.1585043745#firewalls) |
+|  |  |  |  |  |
+| **cluster-network_enableEsp** | Allow ESP traffic from the Internet | boolean | true; <br/>false; |
+|  |  |  |  |  |
+| **cluster-network_espSourceRanges** | Source IP ranges for ESP traffic | string | Traffic is only allowed from sources within these IP address ranges. Use CIDR notation when entering ranges. For gateway only. [Learn more](https://cloud.google.com/vpc/docs/vpc?_ga=2.36703144.-962483654.1585043745#firewalls) |
+|  |  |  |  |  |
+| **mgmt-network-cidr** | Management external subnet CIDR.<br/>If the variable's value is not empty double quotes, a new network will be created.<br/> The public IP used to manage each member will be translated to a private address in this external network | string | Specify an RFC 1918 CIDR block that does not overlap with your other networks to create a new network or select an existing one below  |
+|  |  |  |  |  |
+| **mgmt-network-name** | Management network ID. The network determines what network traffic the instance can access | string | Available network in the chosen zone  |
+|  |  |  |  |  |
+| **mgmt-network-subnetwork-name** | Management subnet ID. Assigns the instance an IPv4 address from the subnetwork’s range.<br/>If you have specified a CIDR block above, this subnetwork will not be used.<br/>. Instances in different subnetworks can communicate with each other using their internal IPs as long as they belong to the same network. | string | Available subnetwork in the chosen network  |
+|  |  |  |  |  |
+| **mgmt-network_enableTcp** | Allow TCP traffic from the Internet | boolean | true; <br/>false;  |
+|  |  |  |  |  |
+| **mgmt-network_tcpSourceRanges** | Allow TCP traffic from the Internet | string | Traffic is only allowed from sources within these IP address ranges. Use CIDR notation when entering ranges. For gateway all ports are allowed. For management allowed ports are: 257,18191,18210,18264,22,443,18190,19009 [Learn more](https://cloud.google.com/vpc/docs/vpc?_ga=2.36703144.-962483654.1585043745#firewalls) |
+|  |  |  |  |  |
+| **mgmt-network_enableIcmp** | Allow ICMP traffic from the Internet | boolean | true; <br/>false;  |
+|  |  |  |  |  |
+| **mgmt-network_icmpSourceRanges** | Source IP ranges for ICMP traffic | string | Traffic is only allowed from sources within these IP address ranges. Use CIDR notation when entering ranges. For gateway only. [Learn more](https://cloud.google.com/vpc/docs/vpc?_ga=2.36703144.-962483654.1585043745#firewalls) |
+|  |  |  |  |  |
+| **mgmt-network_enableUdp** | Allow UDP traffic from the Internet | boolean | true; <br/>false;  |
+|  |  |  |  |  |
+| **mgmt-network_udpSourceRanges** | Source IP ranges for UDP traffic | string | Traffic is only allowed from sources within these IP address ranges. Use CIDR notation when entering ranges. For gateway only - all ports are allowed. [Learn more](https://cloud.google.com/vpc/docs/vpc?_ga=2.36703144.-962483654.1585043745#firewalls) |
+|  |  |  |  |  |
+| **mgmt-network_enableSctp** | Allow SCTP traffic from the Internet | boolean | true; <br/>false;  |
+|  |  |  |  |  |
+| **mgmt-network_sctpSourceRanges** | Source IP ranges for SCTP traffic | string | Traffic is only allowed from sources within these IP address ranges. Use CIDR notation when entering ranges. For gateway only - all ports are allowed. [Learn more](https://cloud.google.com/vpc/docs/vpc?_ga=2.36703144.-962483654.1585043745#firewalls) |
+|  |  |  |  |  |
+| **mgmt-network_enableEsp** | Allow ESP traffic from the Internet | boolean | true; <br/>false; |
+|  |  |  |  |  |
+| **mgmt-network_espSourceRanges** | Source IP ranges for ESP traffic | string | Traffic is only allowed from sources within these IP address ranges. Use CIDR notation when entering ranges. For gateway only. [Learn more](https://cloud.google.com/vpc/docs/vpc?_ga=2.36703144.-962483654.1585043745#firewalls) |
+|  |  |  |  |  |
+| **diskType** | Disk type | string | pd-ssd;<br/>pd-standard;<br/>Storage space is much less expensive for a standard persistent disk. An SSD persistent disk is better for random IOPS or streaming throughput with low latency. [Learn more](https://cloud.google.com/compute/docs/disks/?hl=en_US&_ga=2.66020774.-962483654.1585043745#overview_of_disk_types)|
+|  |  |  |  |  |
+| **bootDiskSizeGb** | Disk size in GB | number | Persistent disk performance is tied to the size of the persistent disk volume. You are charged for the actual amount of provisioned disk space. [Learn more](https://cloud.google.com/compute/docs/disks/?hl=en_US&_ga=2.232680471.-962483654.1585043745#pdperformance)|
+|  |  |  |  |  |
+| **generatePassword** | Automatically generate an administrator password | boolean | true; <br/>false; |
+|  |  |  |  |  |
+| **allowUploadDownload** | Allow download from/upload to Check Point  | boolean | true; <br/>false; |
+|  |  |  |  |  |
+| **enableMonitoring** | Enable Stackdriver monitoring | boolean | true; <br/>false; |
+|  |  |  |  |  |
+| **shell** | Admin shell | string | /etc/cli.sh;<br/>/bin/bash;<br/>/bin/csh;<br/>/bin/tcsh;<br/> |
+|  |  |  |  |  |
+| **deployWithPublicIPs** | Deploy HA with public IPs | boolean | true; <br/>false; |
+|  |  |  |  |  |
+| **instanceSSHKey** | Public SSH key for the user 'admin' | string | A valid public ssh key |
+|  |  |  |  |  |
+| **smart1CloudTokenA** | Smart-1 Cloud token to connect ***member A*** to Check Point's Security Management as a Service. <br/><br/> Follow these instructions to quickly connect this member to Smart-1 Cloud - [SK180501](https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk180501) | string | A valid token copied from the Connect Gateway screen in Smart-1 Cloud portal.|
+|  |  |  |  |  |
+| **smart1CloudTokenB** | Smart-1 Cloud token to connect ***member B*** to Check Point's Security Management as a Service. <br/><br/> Follow these instructions to quickly connect this member to Smart-1 Cloud - [SK180501](https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk180501)| string | A valid token copied from the Connect Gateway screen in Smart-1 Cloud portal.|
+|  |  |  |  |  |
+| **sicKey** | The Secure Internal Communication one time secret used to set up trust between the cluster object and the management server | string | At least 8 alpha numeric characters.<br/>If SIC is not provided and needed, a key will be automatically generated |
+|  |  |  |  |  |
+| **numAdditionalNICs** | Number of additional network interfaces | number | A number in the range 0 - 6.<br/>Multiple network interfaces deployment is described in [sk121637 - Deploy a CloudGuard for GCP with Multiple Network Interfaces](https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk121637) |
+|  |  |  |  |  |
+| **internal-network1-cidr** | 1st internal subnet CIDR.<br/>If the variable's value is not empty double quotes, a new subnet will be created.<br/> Assigns the cluster members an IPv4 address in this internal network | string | Specify an RFC 1918 CIDR block that does not overlap with your other networks to create a new network or select an existing one below  |
+|  |  |  |  |  |
+| **internal-network1-name** | 1st internal network ID. The network determines what network traffic the instance can access | string | Available network in the chosen zone  |
+|  |  |  |  |  |
+| **internal-network1-subnetwork-name** | 1st internal subnet ID. Assigns the instance an IPv4 address from the subnetwork’s range.<br/>If you have specified a CIDR block above, this subnetwork will not be used.<br/> Instances in different subnetworks can communicate with each other using their internal IPs as long as they belong to the same network. | string | Available subnetwork in the chosen network  |
+|  |  |  |  |  |
+## Example
+    ha_version: "R81.10 Cluster"
+    zoneA: "asia-east1-a"
+    zoneB: "asia-east1-a"
+    machineType: "n1-standard-4"
+    diskType: "pd-ssd"
+    bootDiskSizeGb: 100
+    instanceSSHKey: "ssh-rsa xxxxxxxxxxxxxxxxxxxxxxxxx imported-openssh-key"
+    smart1CloudTokenA: "xxxxxxxxxxxxxxxxxxxxxxxx"
+    smart1CloudTokenB: "xxxxxxxxxxxxxxxxxxxxxxxx"
+    enableMonitoring: false
+    managementNetwork: "209.87.209.100/32"
+    sicKey: "aaaaaaaa"
+    generatePassword: false
+    allowUploadDownload: false
+    shell: "/bin/bash"
+    deployWithPublicIPs: true
+    cluster-network-cidr: "10.0.1.0/24"
+    cluster-network-name: "external-vpc"
+    cluster-network-subnetwork-name: "frontend"
+    cluster-network_enableIcmp: true
+    cluster-network_icmpSourceRanges: "0.0.0.0/0"
+    cluster-network_enableTcp: true
+    cluster-network_tcpSourceRanges: "0.0.0.0/0"
+    cluster-network_enableUdp: false
+    cluster-network_udpSourceRanges: ""
+    cluster-network_enableSctp: false
+    cluster-network_sctpSourceRanges: ""
+    cluster-network_enableEsp: false
+    cluster-network_espSourceRanges: ""
+    mgmt-network-cidr: "10.0.2.0/24"
+    mgmt-network-name: "vpc-internal"
+    mgmt-network-subnetwork-name: ""
+    mgmt-network_enableIcmp: false
+    mgmt-network_icmpSourceRanges: ""
+    mgmt-network_enableTcp: false
+    mgmt-network_tcpSourceRanges: ""
+    mgmt-network_enableUdp: true
+    mgmt-network_udpSourceRanges: "0.0.0.0/0"
+    mgmt-network_enableSctp: true
+    mgmt-network_sctpSourceRanges: "0.0.0.0/0"
+    mgmt-network_enableEsp: true
+    mgmt-network_espSourceRanges: "0.0.0.0/0"
+    numInternalNetworks: 1
+    internal-network1-cidr: "10.0.3.0/24"
+    internal-network1-name: "vpc-internal2"
+    internal-network1-subnetwork-name: "vpc-internal2"
+
+## Notes
+See [sk147032](https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk147032) for revision history
\ No newline at end of file
diff --git a/deprecated/gcp/R80.40-R81/ha-payg/c2d_deployment_configuration.json b/deprecated/gcp/R80.40-R81/ha-payg/c2d_deployment_configuration.json
new file mode 100644
index 00000000..81bed1f6
--- /dev/null
+++ b/deprecated/gcp/R80.40-R81/ha-payg/c2d_deployment_configuration.json
@@ -0,0 +1,7 @@
+{
+  "defaultDeploymentType": "MULTI_VM",
+  "imageName": "check-point-r8120-gw-payg-cluster-631-991001475-v20231221",
+  "projectId": "checkpoint-public",
+  "templateName": "nonexistent_template",
+  "useSolutionPackage": "true"
+}
diff --git a/deprecated/gcp/R80.40-R81/ha-payg/check-point-cluster--payg.py b/deprecated/gcp/R80.40-R81/ha-payg/check-point-cluster--payg.py
new file mode 100644
index 00000000..6c554aac
--- /dev/null
+++ b/deprecated/gcp/R80.40-R81/ha-payg/check-point-cluster--payg.py
@@ -0,0 +1,494 @@
+# Copyright 2016 Check Point Software LTD.
+
+import common
+import copy
+import default
+import images
+import password
+
+
+MAX_ADDITIONAL_NICS = 6
+
+GATEWAY = 'checkpoint-gateway'
+
+PROJECT = 'checkpoint-public'
+LICENSE = 'payg'
+LICENCE_TYPE = 'cluster'
+
+VERSIONS = {
+    'R80.40': 'r8040-gw',
+    'R81': 'r81-gw',
+    'R81.10': 'r8110-gw',
+    'R81.20': 'r8120-gw'
+}
+
+TEMPLATE_NAME = 'cluster'
+TEMPLATE_VERSION = '20231221'
+
+CLUSTER_NET_FIELD = 'cluster-network'
+MGMT_NET_FIELD = 'mgmt-network'
+INTERNAL_NET_FIELD = 'internal-network{}'
+
+MGMT_NIC = 1
+
+NO_PUBLIC_IP = 'no-public-ip'
+
+startup_script = '''
+#cloud-config
+runcmd:
+  - 'python3 /etc/cloud_config.py "generatePassword=\\"{generatePassword}\\"" "allowUploadDownload=\\"{allowUploadDownload}\\"" "templateName=\\"{templateName}\\"" "templateVersion=\\"{templateVersion}\\"" "mgmtNIC=\\"{mgmtNIC}\\"" "hasInternet=\\"{hasInternet}\\"" "config_url=\\"{config_url}\\"" "config_path=\\"{config_path}\\"" "installationType=\\"{installationType}\\"" "enableMonitoring=\\"{enableMonitoring}\\"" "shell=\\"{shell}\\"" "computed_sic_key=\\"{computed_sic_key}\\"" "sicKey=\\"{sicKey}\\"" "managementGUIClientNetwork=\\"{managementGUIClientNetwork}\\"" "primary_cluster_address_name=\\"{primary_cluster_address_name}\\"" "secondary_cluster_address_name=\\"{secondary_cluster_address_name}\\"" "managementNetwork=\\"{managementNetwork}\\"" "numAdditionalNICs=\\"{numAdditionalNICs}\\"" "smart1CloudToken=\\"{smart1CloudToken}\\"" "name=\\"{name}\\"" "zone=\\"{zoneConfig}\\"" "region=\\"{region}\\"" "osVersion=\\"{osVersion}\\"" "MaintenanceModePassword=\\"{maintenanceMode}\\""'
+'''
+
+
+def make_gw(context, name, zone, nics, passwd=None, depends_on=None,
+            smart1cloudToken=None):
+    cg_version = context.properties['ha_version'].split(' ')[0]
+    if 'gw' in VERSIONS[cg_version]:
+        license_name = "{}-{}".format(LICENSE, LICENCE_TYPE)
+    else:
+        license_name = LICENSE
+    family = '-'.join(['check-point', VERSIONS[cg_version], license_name])
+    formatter = common.DefaultFormatter()
+
+    context.properties['smart1CloudToken'] = smart1cloudToken
+    context.properties['name'] = name
+    context.properties['zoneConfig'] = zone
+    context.properties['osVersion'] = cg_version.replace(".", "")
+
+    gw = {
+        'type': default.INSTANCE,
+        'name': name,
+        'metadata': {
+            'dependsOn': depends_on
+        },
+        'properties': {
+            'description': 'CloudGuard Highly Available Security Cluster',
+            'zone': zone,
+            'tags': {
+                'items': [GATEWAY],
+            },
+            'machineType': common.MakeLocalComputeLink(
+                context, default.MACHINETYPE, zone),
+            'canIpForward': True,
+            'networkInterfaces': nics,
+            'disks': [{
+                'autoDelete': True,
+                'boot': True,
+                'deviceName': common.set_name_and_truncate(
+                    context.properties['deployment'],
+                    '-{}-boot'.format(name)),
+                'initializeParams': {
+                    'diskType': common.MakeLocalComputeLink(
+                        context, default.DISKTYPE, zone),
+                    'diskSizeGb': context.properties['bootDiskSizeGb'],
+                    'sourceImage':
+                        'projects/%s/global/images/%s' % (
+                            PROJECT, images.IMAGES[family]),
+                },
+                'type': 'PERSISTENT',
+            }],
+            'metadata': {
+                'items': [
+                    {
+                        'key': 'startup-script',
+                        'value': formatter.format(
+                            startup_script, **context.properties)
+                    }
+                ]
+            },
+            'serviceAccounts': [{
+                'email': 'default',
+                'scopes': [
+                    'https://www.googleapis.com/auth/monitoring.write',
+                    'https://www.googleapis.com/auth/compute',
+                    'https://www.googleapis.com/auth/cloudruntimeconfig'
+                ],
+            }]
+        }
+    }
+
+    if 'instanceSSHKey' in context.properties:
+        gw['properties']['metadata']['items'].append(
+            {
+                'key': 'instanceSSHKey',
+                'value': context.properties['instanceSSHKey']
+            }
+        )
+
+    if passwd:
+        gw['properties']['metadata']['items'].append(
+            {
+                'key': 'adminPasswordSourceMetadata',
+                'value': passwd
+            }
+        )
+
+    return gw
+
+
+def make_access_config(ip, name=None):
+    access_config = {
+        'type': default.ONE_NAT,
+        'natIP': ip
+    }
+
+    if name:
+        access_config['name'] = name
+
+    return access_config
+
+
+def make_static_address(prop, name):
+    address = {
+        'name': name,
+        'type': default.ADDRESS,
+        'properties': {
+            'name': name,
+            'region': prop['region']
+        }
+    }
+
+    return address
+
+
+def create_external_addresses_if_needed(
+        prop, resources, member_a_nics, member_b_nics):
+    if not prop['deployWithPublicIPs']:
+        prop['primary_cluster_address_name'] = NO_PUBLIC_IP
+        prop['secondary_cluster_address_name'] = NO_PUBLIC_IP
+    else:
+        member_a_address_name = common.set_name_and_truncate(
+            prop['deployment'], '-member-a-address')
+        member_b_address_name = common.set_name_and_truncate(
+            prop['deployment'], '-member-b-address')
+
+        prop['member_a_address_name'] = member_a_address_name
+        prop['member_b_address_name'] = member_b_address_name
+
+        member_a_address = make_static_address(prop, member_a_address_name)
+        member_b_address = make_static_address(prop, member_b_address_name)
+
+        resources += [member_a_address, member_b_address]
+
+        member_a_nics[MGMT_NIC]['accessConfigs'] = [make_access_config(
+            '$(ref.{}.address)'.format(member_a_address_name))]
+        member_b_nics[MGMT_NIC]['accessConfigs'] = [make_access_config(
+            '$(ref.{}.address)'.format(member_b_address_name))]
+
+        primary_cluster_address_name = common.set_name_and_truncate(
+            prop['deployment'], '-primary-cluster-address')
+        secondary_cluster_address_name = common.set_name_and_truncate(
+            prop['deployment'], '-secondary-cluster-address')
+
+        primary_cluster_address = make_static_address(
+            prop, primary_cluster_address_name)
+        secondary_cluster_address = make_static_address(
+            prop, secondary_cluster_address_name)
+
+        resources += [primary_cluster_address, secondary_cluster_address]
+
+        prop['primary_cluster_address_name'] = primary_cluster_address_name
+        prop['secondary_cluster_address_name'] = secondary_cluster_address_name
+
+
+def make_nic(prop, net_name, subnet_name):
+    network_interface = {
+        'network': ''.join([default.COMPUTE_URL_BASE, 'projects/',
+                            prop['project'], '/global/networks/',
+                            net_name]),
+        'subnetwork': ''.join([default.COMPUTE_URL_BASE, 'projects/',
+                               prop['project'], '/regions/', prop['region'],
+                               '/subnetworks/', subnet_name])
+    }
+
+    return network_interface
+
+
+def make_subnet(prop, name, net_name, cidr, private_google_access=False):
+    subnet = {
+        'type': default.VPC_SUBNET,
+        'name': name,
+        'metadata': {
+            'dependsOn': [net_name]
+        },
+        'properties': {
+            'network': 'projects/{}/global'
+                       '/networks/{}'.format(prop['project'], net_name),
+            'region': prop['region'],
+            'ipCidrRange': cidr,
+            'privateIpGoogleAccess': private_google_access,
+            'enableFlowLogs': False
+        }
+    }
+
+    return subnet
+
+
+def make_net(name):
+    net = {
+        'type': default.VPC,
+        'name': name,
+        'properties': {
+            'autoCreateSubnetworks': False
+        }
+    }
+
+    return net
+
+
+def get_or_create_net(prop, name, resources, gw_dependencies,
+                      private_google_access=False, create_firewall=False):
+    net_cidr = prop.get(name + '-cidr')
+
+    if net_cidr:
+        net_name = '{}-{}'.format(prop['deployment'][:20], name)
+        subnet_name = '{}-subnet'.format(net_name)
+        net = make_net(net_name)
+        subnet = make_subnet(
+            prop, subnet_name, net_name, net_cidr, private_google_access)
+
+        resources += [net, subnet]
+        gw_dependencies.append(subnet_name)
+    else:
+        net_name = prop.get(name + '-name')
+        subnet_name = prop.get(name + '-subnetwork-name')
+        if not subnet_name:
+            raise common.Error(
+                'Network {} is missing.'.format(net_name.split('-')))
+
+    if create_firewall:
+        firewall_rules = create_firewall_rules(prop, name, net_name, net_cidr)
+        if firewall_rules:
+            resources.extend(firewall_rules)
+
+    return net_name, subnet_name
+
+
+def create_firewall_rules(prop, net_prop_name, net_name, net_cidr):
+    deployment = prop['deployment']
+    firewall_rules = []
+    protocols = ['Icmp', 'Udp', 'Tcp', 'Sctp', 'Esp']
+    for protocol in protocols:
+        proto = protocol.lower()
+        source_ranges = prop.get(net_prop_name + '_' + proto +
+                                 'SourceRanges', '')
+        protocol_enabled = prop.get(net_prop_name + '_enable' + protocol, '')
+        if protocol_enabled and source_ranges:
+            firewall_rules.append(
+                make_firewall_rule(proto, source_ranges, deployment,
+                                   net_prop_name, net_name, net_cidr))
+
+    return firewall_rules
+
+
+def make_firewall_rule(protocol, source_ranges, deployment, net_prop_name,
+                       net_name, net_cidr):
+    fw_rule_name = '%s-%s-%s' % (deployment[:40], net_prop_name, protocol)
+    ranges_list = source_ranges.split(',')
+    ranges = []
+    for source_range in ranges_list:
+        ranges.append(source_range.replace(" ", ""))
+    firewall_rule = {
+        'type': default.FIREWALL,
+        'name': fw_rule_name,
+        'properties': {
+            'network': 'global/networks/' + net_name,
+            'sourceRanges': ranges,
+            'targetTags': [GATEWAY],
+            'allowed': [{'IPProtocol': protocol}],
+        }
+    }
+
+    if net_cidr:
+        firewall_rule['metadata'] = {
+            'dependsOn': [net_name]
+        }
+
+    return firewall_rule
+
+
+def add_readiness_waiter(prop, resources):
+    deployment_config = common.set_name_and_truncate(
+        prop['deployment'], '-config')
+
+    prop['config_path'] = 'projects/{}/configs/{}'.format(
+        prop['project'], deployment_config)
+    prop['config_url'] = (
+        'https://runtimeconfig.googleapis.com/v1beta1/{}'.format(
+            prop['config_path']))
+
+    resources.append(
+        {
+            'name': deployment_config,
+            'type': 'runtimeconfig.v1beta1.config',
+            'properties': {
+                'config': deployment_config,
+                'description': (
+                    'Holds software readiness status '
+                    'for deployment {}').format(prop['deployment'])
+            }
+        }
+    )
+
+    resources.append(
+        {
+            'name': common.set_name_and_truncate(
+                prop['deployment'], '-software'),
+            'type': 'runtimeconfig.v1beta1.waiter',
+            'metadata': {
+                'dependsOn': [],
+            },
+            'properties': {
+                'parent': '$(ref.{}.name)'.format(deployment_config),
+                'waiter': 'software',
+                'timeout': '1800s',
+                'success': {
+                    'cardinality': {
+                        'number': 2,
+                        'path': 'status/success',
+                    },
+                },
+                'failure': {
+                    'cardinality': {
+                        'number': 1,
+                        'path': 'status/failure',
+                    },
+                },
+            },
+        }
+    )
+
+
+def validate_same_region(zone_a, zone_b):
+    if not common.ZoneToRegion(zone_a) == common.ZoneToRegion(zone_b):
+        raise common.Error('Member A Zone ({}) and Member B Zone ({}) '
+                           'are not in the same region'.format(zone_a, zone_b))
+
+
+def validate_both_tokens(token_a, token_b):
+    if (not token_a and token_b) or (not token_b and token_a) or \
+                    (token_a and token_a == token_b):
+        raise common.Error('To connect to Smart-1 Cloud, \
+         you must provide two tokens (one per member)')
+
+
+def validate_mgmt_network_if_required(token_a, mgmt_network):
+    if not token_a and mgmt_network == "S1C":
+        raise common.Error(
+            'Public address of the Security Management Server is required')
+
+
+@common.FormatErrorsDec
+def generate_config(context):
+    prop = context.properties
+
+    validate_same_region(prop['zoneA'], prop['zoneB'])
+    validate_both_tokens(prop['smart1CloudTokenA'], prop['smart1CloudTokenB'])
+    validate_mgmt_network_if_required(
+        prop['smart1CloudTokenA'], prop['managementNetwork'])
+
+    prop['deployment'] = context.env['deployment']
+    prop['project'] = context.env['project']
+    prop['region'] = common.ZoneToRegion(prop['zoneA'])
+    prop['templateName'] = TEMPLATE_NAME
+    prop['templateVersion'] = TEMPLATE_VERSION
+    prop['allowUploadDownload'] = str(prop['allowUploadDownload']).lower()
+    prop['hasInternet'] = 'true'  # via Google Private Access
+    prop['installationType'] = 'Cluster'
+
+    resources = []
+    outputs = []
+    gw_dependencies = []
+    member_a_nics = []
+
+    add_readiness_waiter(prop, resources)
+
+    cluster_net_name, cluster_subnet_name = get_or_create_net(
+        prop, CLUSTER_NET_FIELD, resources, gw_dependencies, True, True)
+    member_a_nics.append(make_nic(prop, cluster_net_name, cluster_subnet_name))
+
+    mgmt_net_name, mgmt_subnet_name = get_or_create_net(
+        prop, MGMT_NET_FIELD, resources, gw_dependencies, False, True)
+    member_a_nics.append(make_nic(prop, mgmt_net_name, mgmt_subnet_name))
+
+    for ifnum in range(1, prop['numInternalNetworks'] + 1):
+        int_net_name, int_subnet_name = get_or_create_net(
+            prop, INTERNAL_NET_FIELD.format(ifnum), resources,
+            gw_dependencies)
+        member_a_nics.append(make_nic(prop, int_net_name, int_subnet_name))
+
+    member_b_nics = copy.deepcopy(member_a_nics)
+
+    create_external_addresses_if_needed(
+        prop, resources, member_a_nics, member_b_nics)
+
+    member_a_name = common.set_name_and_truncate(
+        prop['deployment'], '-member-a')
+    member_b_name = common.set_name_and_truncate(
+        prop['deployment'], '-member-b')
+
+    if prop['generatePassword']:
+        passwd = password.GeneratePassword(12, False)
+    else:
+        passwd = ''
+
+    member_a = make_gw(context, member_a_name, prop['zoneA'],
+                       member_a_nics, passwd, gw_dependencies,
+                       prop['smart1CloudTokenA'])
+    member_b = make_gw(context, member_b_name, prop['zoneB'],
+                       member_b_nics, passwd, gw_dependencies,
+                       prop['smart1CloudTokenB'])
+
+    resources += [member_a, member_b]
+
+    outputs += [
+        {
+            'name': 'deployment',
+            'value': prop['deployment']
+        },
+        {
+            'name': 'project',
+            'value': prop['project']
+        },
+        {
+            'name': 'vmAName',
+            'value': member_a_name,
+        },
+        {
+            'name': 'vmASelfLink',
+            'value': '$(ref.{}.selfLink)'.format(member_a_name),
+        },
+        {
+            'name': 'vmBName',
+            'value': member_b_name,
+        },
+        {
+            'name': 'vmBSelfLink',
+            'value': '$(ref.{}.selfLink)'.format(member_b_name),
+        },
+        {
+            'name': 'password',
+            'value': passwd
+        }
+    ]
+
+    if prop['deployWithPublicIPs']:
+        outputs += [
+            {
+                'name': 'clusterIP',
+                'value': '$(ref.{}.address)'.format(
+                    prop['primary_cluster_address_name'])
+            },
+            {
+                'name': 'vmAExternalIP',
+                'value': '$(ref.{}.address)'.format(
+                    prop['member_a_address_name'])
+            },
+            {
+                'name': 'vmBExternalIP',
+                'value': '$(ref.{}.address)'.format(
+                    prop['member_b_address_name'])
+            }
+        ]
+
+    return common.MakeResource(resources, outputs)
diff --git a/deprecated/gcp/R80.40-R81/ha-payg/check-point-cluster--payg.py.schema b/deprecated/gcp/R80.40-R81/ha-payg/check-point-cluster--payg.py.schema
new file mode 100644
index 00000000..9c674034
--- /dev/null
+++ b/deprecated/gcp/R80.40-R81/ha-payg/check-point-cluster--payg.py.schema
@@ -0,0 +1,400 @@
+imports:
+  - path: check-point-cluster--payg.py
+
+info:
+  version: 1.0
+  title: Check Point CloudGuard Network Security Cluster - PAYG Template
+
+required:
+  - zoneA
+  - zoneB
+  - machineType
+  - diskType
+  - bootDiskSizeGb
+  - sicKey
+  - managementNetwork
+  - allowUploadDownload
+  - shell
+  - generatePassword
+  - enableMonitoring
+  - numInternalNetworks
+
+properties:
+  zoneA:
+    type: string
+    default: us-central1-a
+    x-googleProperty:
+      type: GCE_ZONE
+  zoneB:
+    type: string
+    default: us-central1-a
+    x-googleProperty:
+      type: GCE_ZONE
+  machineType:
+    type: string
+    default: n1-standard-4
+    x-googleProperty:
+      type: GCE_MACHINE_TYPE
+      zoneProperty: zoneA
+      gceMachineType:
+        minCpu: 2
+        minRamGb: 1.843000054359436
+  deployWithPublicIPs:
+    type: boolean
+    default: True
+  instanceSSHKey:
+    type: string
+    pattern: ^([0-9a-z\-]+ +[0-9A-Za-z/\+=]+( .*)?|)$
+    default: ''
+  smart1CloudTokenA:
+    type: string
+    default: ''
+  smart1CloudTokenB:
+    type: string
+    default: '' 
+  diskType:
+    type: string
+    default: pd-ssd
+    x-googleProperty:
+      type: GCE_DISK_TYPE
+      zoneProperty: zoneA
+  bootDiskSizeGb:
+    type: integer
+    maximum: 1000
+    default: 100
+    minimum: 100
+    x-googleProperty:
+      type: GCE_DISK_SIZE
+      gceDiskSize:
+        diskTypeProperty: diskType
+  ha_version:
+    type: string
+    default: R81.20 Cluster
+    enum:
+      - R80.40 Cluster
+      - R81 Cluster
+      - R81.10 Cluster
+      - R81.20 Cluster
+  enableMonitoring:
+    type: boolean
+    default: False
+  sicKey:
+    type: string
+    pattern: ^([a-z0-9A-Z]{8,30})$
+    default: ''
+  managementNetwork:
+    type: string
+    default: ''
+    pattern: ^((?!0\.0\.0\.0/0)([0-9]{1,3}\.){3}[0-9]{1,3}/([0-9]|[1-2][0-9]|3[0-2]))|(S1C)$
+  generatePassword:
+    type: boolean
+    default: False
+  maintenanceMode:
+    type: string
+    pattern: ^([a-z0-9A-Z.]{12,300}|)$
+    default: ''
+  allowUploadDownload:
+    type: boolean
+    default: False
+  shell:
+    type: string
+    default: /etc/cli.sh
+    enum:
+      - /etc/cli.sh
+      - /bin/bash
+      - /bin/csh
+      - /bin/tcsh
+  cluster-network-cidr:
+    type: string
+    default: '10.0.0.0/24'
+    pattern: ^(?!0\.0\.0\.0/0)([0-9]{1,3}\.){3}[0-9]{1,3}/([0-9]|[1-2][0-9]|3[0-2])|$
+  cluster-network-name:
+    type: string
+    pattern: ^([a-z0-9-]{1,38})$
+    x-googleProperty:
+      type: GCE_NETWORK
+  cluster-network-subnetwork-name:
+    type: string
+    x-googleProperty:
+      type: GCE_SUBNETWORK
+      zoneProperty: zoneA
+      gceSubnetwork:
+        networkProperty: cluster-network-name
+  cluster-network_enableIcmp:
+    type: boolean
+    default: False
+    x-googleProperty:
+      type: GCE_FIREWALL
+      gceFirewall:
+        networkProperty: cluster-network-name
+  cluster-network_icmpSourceRanges:
+    type: string
+    x-googleProperty:
+      type: GCE_FIREWALL_RANGE
+      gceFirewallRange:
+        firewallProperty: cluster-network_enableIcmp
+  cluster-network_enableTcp:
+    type: boolean
+    default: False
+    x-googleProperty:
+      type: GCE_FIREWALL
+      gceFirewall:
+        networkProperty: cluster-network-name
+  cluster-network_tcpSourceRanges:
+    type: string
+    x-googleProperty:
+      type: GCE_FIREWALL_RANGE
+      gceFirewallRange:
+        firewallProperty: cluster-network_enableTcp
+  cluster-network_enableUdp:
+    type: boolean
+    default: False
+    x-googleProperty:
+      type: GCE_FIREWALL
+      gceFirewall:
+        networkProperty: cluster-network-name
+  cluster-network_udpSourceRanges:
+    type: string
+    x-googleProperty:
+      type: GCE_FIREWALL_RANGE
+      gceFirewallRange:
+        firewallProperty: cluster-network_enableUdp
+  cluster-network_enableSctp:
+    type: boolean
+    default: False
+    x-googleProperty:
+      type: GCE_FIREWALL
+      gceFirewall:
+        networkProperty: cluster-network-name
+  cluster-network_sctpSourceRanges:
+    type: string
+    x-googleProperty:
+      type: GCE_FIREWALL_RANGE
+      gceFirewallRange:
+        firewallProperty: cluster-network_enableSctp
+  cluster-network_enableEsp:
+    type: boolean
+    default: False
+    x-googleProperty:
+      type: GCE_FIREWALL
+      gceFirewall:
+        networkProperty: cluster-network-name
+  cluster-network_espSourceRanges:
+    type: string
+    x-googleProperty:
+      type: GCE_FIREWALL_RANGE
+      gceFirewallRange:
+        firewallProperty: cluster-network_enableEsp
+  mgmt-network-cidr:
+    type: string
+    default: '10.0.1.0/24'
+    pattern: ^(?!0\.0\.0\.0/0)([0-9]{1,3}\.){3}[0-9]{1,3}/([0-9]|[1-2][0-9]|3[0-2])|$
+  mgmt-network-name:
+    type: string
+    pattern: ^([a-z0-9-]{1,38})$
+    x-googleProperty:
+      type: GCE_NETWORK
+  mgmt-network-subnetwork-name:
+    type: string
+    x-googleProperty:
+      type: GCE_SUBNETWORK
+      zoneProperty: zoneA
+      gceSubnetwork:
+        networkProperty: mgmt-network-name
+  mgmt-network_enableIcmp:
+    type: boolean
+    default: False
+    x-googleProperty:
+      type: GCE_FIREWALL
+      gceFirewall:
+        networkProperty: mgmt-network-name
+  mgmt-network_icmpSourceRanges:
+    type: string
+    x-googleProperty:
+      type: GCE_FIREWALL_RANGE
+      gceFirewallRange:
+        firewallProperty: mgmt-network_enableIcmp
+  mgmt-network_enableTcp:
+    type: boolean
+    default: False
+    x-googleProperty:
+      type: GCE_FIREWALL
+      gceFirewall:
+        networkProperty: mgmt-network-name
+  mgmt-network_tcpSourceRanges:
+    type: string
+    x-googleProperty:
+      type: GCE_FIREWALL_RANGE
+      gceFirewallRange:
+        firewallProperty: mgmt-network_enableTcp
+  mgmt-network_enableUdp:
+    type: boolean
+    default: False
+    x-googleProperty:
+      type: GCE_FIREWALL
+      gceFirewall:
+        networkProperty: mgmt-network-name
+  mgmt-network_udpSourceRanges:
+    type: string
+    x-googleProperty:
+      type: GCE_FIREWALL_RANGE
+      gceFirewallRange:
+        firewallProperty: mgmt-network_enableUdp
+  mgmt-network_enableSctp:
+    type: boolean
+    default: False
+    x-googleProperty:
+      type: GCE_FIREWALL
+      gceFirewall:
+        networkProperty: mgmt-network-name
+  mgmt-network_sctpSourceRanges:
+    type: string
+    x-googleProperty:
+      type: GCE_FIREWALL_RANGE
+      gceFirewallRange:
+        firewallProperty: mgmt-network_enableSctp
+  mgmt-network_enableEsp:
+    type: boolean
+    default: False
+    x-googleProperty:
+      type: GCE_FIREWALL
+      gceFirewall:
+        networkProperty: mgmt-network-name
+  mgmt-network_espSourceRanges:
+    type: string
+    x-googleProperty:
+      type: GCE_FIREWALL_RANGE
+      gceFirewallRange:
+        firewallProperty: mgmt-network_enableEsp
+  numInternalNetworks:
+    type: integer
+    enum:
+      - 1
+      - 2
+      - 3
+      - 4
+      - 5
+      - 6
+    minimum: 1
+    maximum: 6
+    default: 1
+  internal-network1-cidr:
+    type: string
+    pattern: ^(?!0\.0\.0\.0/0)([0-9]{1,3}\.){3}[0-9]{1,3}/([0-9]|[1-2][0-9]|3[0-2])|$
+    default: '10.0.2.0/24'
+  internal-network1-name:
+    type: string
+    pattern: ^([a-z0-9-]{1,38})$
+    x-googleProperty:
+      type: GCE_NETWORK
+  internal-network1-subnetwork-name:
+    type: string
+    x-googleProperty:
+      type: GCE_SUBNETWORK
+      zoneProperty: zoneA
+      gceSubnetwork:
+        networkProperty: internal-network1-name
+  internal-network2-cidr:
+    type: string
+    pattern: ^(?!0\.0\.0\.0/0)([0-9]{1,3}\.){3}[0-9]{1,3}/([0-9]|[1-2][0-9]|3[0-2])|$
+    default: ''
+  internal-network2-name:
+    type: string
+    pattern: ^([a-z0-9-]{1,38})$
+    x-googleProperty:
+      type: GCE_NETWORK
+  internal-network2-subnetwork-name:
+    type: string
+    x-googleProperty:
+      type: GCE_SUBNETWORK
+      zoneProperty: zoneA
+      gceSubnetwork:
+        networkProperty: internal-network2-name
+  internal-network3-cidr:
+    type: string
+    pattern: ^(?!0\.0\.0\.0/0)([0-9]{1,3}\.){3}[0-9]{1,3}/([0-9]|[1-2][0-9]|3[0-2])|$
+    default: ''
+  internal-network3-name:
+    type: string
+    pattern: ^([a-z0-9-]{1,38})$
+    x-googleProperty:
+      type: GCE_NETWORK
+  internal-network3-subnetwork-name:
+    type: string
+    x-googleProperty:
+      type: GCE_SUBNETWORK
+      zoneProperty: zoneA
+      gceSubnetwork:
+        networkProperty: internal-network3-name
+  internal-network4-cidr:
+    type: string
+    pattern: ^(?!0\.0\.0\.0/0)([0-9]{1,3}\.){3}[0-9]{1,3}/([0-9]|[1-2][0-9]|3[0-2])|$
+    default: ''
+  internal-network4-name:
+    type: string
+    pattern: ^([a-z0-9-]{1,38})$
+    x-googleProperty:
+      type: GCE_NETWORK
+  internal-network4-subnetwork-name:
+    type: string
+    x-googleProperty:
+      type: GCE_SUBNETWORK
+      zoneProperty: zoneA
+      gceSubnetwork:
+        networkProperty: internal-network4-name
+  internal-network5-cidr:
+    type: string
+    pattern: ^(?!0\.0\.0\.0/0)([0-9]{1,3}\.){3}[0-9]{1,3}/([0-9]|[1-2][0-9]|3[0-2])|$
+    default: ''
+  internal-network5-name:
+    type: string
+    pattern: ^([a-z0-9-]{1,38})$
+    x-googleProperty:
+      type: GCE_NETWORK
+  internal-network5-subnetwork-name:
+    type: string
+    x-googleProperty:
+      type: GCE_SUBNETWORK
+      zoneProperty: zoneA
+      gceSubnetwork:
+        networkProperty: internal-network5-name
+  internal-network6-cidr:
+    type: string
+    pattern: ^(?!0\.0\.0\.0/0)([0-9]{1,3}\.){3}[0-9]{1,3}/([0-9]|[1-2][0-9]|3[0-2])|$
+    default: ''
+  internal-network6-name:
+    type: string
+    pattern: ^([a-z0-9-]{1,38})$
+    x-googleProperty:
+      type: GCE_NETWORK
+  internal-network6-subnetwork-name:
+    type: string
+    x-googleProperty:
+      type: GCE_SUBNETWORK
+      zoneProperty: zoneA
+      gceSubnetwork:
+        networkProperty: internal-network6-name
+
+outputs:
+  deployment:
+    type: string
+  project:
+    type: string
+  clusterIP:
+    type: string
+  vmAName:
+    type: string
+  vmAExternalIP:
+    type: string
+  vmASelfLink:
+    type: string
+  vmBName:
+    type: string
+  vmBExternalIP:
+    type: string
+  vmBSelfLink:
+    type: string
+  password:
+    type: string
+  ha_version:
+    type: string
diff --git a/deprecated/gcp/R80.40-R81/ha-payg/common.py b/deprecated/gcp/R80.40-R81/ha-payg/common.py
new file mode 100644
index 00000000..e123c502
--- /dev/null
+++ b/deprecated/gcp/R80.40-R81/ha-payg/common.py
@@ -0,0 +1,262 @@
+# Copyright 2015 Google Inc. All rights reserved.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+"""Generic simple functions used for python based template generation."""
+
+import re
+import sys
+import traceback
+import default
+import string
+
+import yaml
+
+RFC1035_RE = re.compile(r'^[a-z][-a-z0-9]{1,61}[a-z0-9]{1}$')
+
+
+class Error(Exception):
+  """Common exception wrapper for template exceptions."""
+  pass
+
+
+class DefaultFormatter(string.Formatter):
+    """Returns default instead of key error when looking for keys.
+
+    Used for startup-script which contains params from multiple deployments
+    whiles keys from one deployment may not be set in another.
+    """
+    def __init__(self, default=''):
+        self.default = default
+    def get_value(self, key, args, dict):
+        if isinstance(key, str):
+            return dict.get(key, self.default)
+        else:
+            return string.Formatter.get_value(key, args, dict)
+
+
+def set_name_and_truncate(primary, secondary, maxlength=62):
+    return '%s%s' % (primary[:maxlength - len(secondary)], secondary)
+
+
+def AddDiskResourcesIfNeeded(context):
+  """Checks context if disk resources need to be added."""
+  if default.DISK_RESOURCES in context.properties:
+    return context.properties[default.DISK_RESOURCES]
+  else:
+    return []
+
+
+def AutoName(base, resource, *args):
+  """Helper method to generate names automatically based on default."""
+  auto_name = '%s-%s' % (base, '-'.join(list(args) + [default.AKA[resource]]))
+  if not RFC1035_RE.match(auto_name):
+    raise Error('"%s" name for type %s does not match RFC1035 regex (%s)' %
+                (auto_name, resource, RFC1035_RE.pattern))
+  return auto_name
+
+
+def AutoRef(base, resource, *args):
+  """Helper method that builds a reference for an auto-named resource."""
+  return Ref(AutoName(base, resource, *args))
+
+
+def OrderedItems(dict_obj):
+  """Convenient method to yield sorted iteritems of a dictionary."""
+  keys = list(dict_obj.keys())
+  keys.sort()
+  for k in keys:
+    yield (k, dict_obj[k])
+
+
+def ShortenZoneName(zone):
+  """Given a string that looks like a zone name, creates a shorter version."""
+  geo, coord, number, letter = re.findall(r'(\w+)-(\w+)(\d)-(\w)', zone)[0]
+  geo = geo.lower() if len(geo) == 2 else default.LOC[geo.lower()]
+  coord = default.LOC[coord.lower()]
+  number = str(number)
+  letter = letter.lower()
+  return geo + '-' + coord + number + letter
+
+
+def ZoneToRegion(zone):
+  """Derives the region from a zone name."""
+  parts = zone.split('-')
+  if len(parts) != 3:
+    raise Error('Cannot derive region from zone "%s"' % zone)
+  return '-'.join(parts[:2])
+
+
+def FormatException(message):
+  """Adds more information to the exception."""
+  message = ('Exception Type: %s\n'
+             'Details: %s\n'
+             'Message: %s\n') % (sys.exc_info()[0],
+                                 traceback.format_exc(), message)
+  return message
+
+
+def Ref(name):
+  return '$(ref.%s.selfLink)' % name
+
+
+def RefGroup(name):
+  return '$(ref.%s.instanceGroup)' % name
+
+
+def GlobalComputeLink(project, collection, name):
+  return ''.join([default.COMPUTE_URL_BASE, 'projects/', project, '/global/',
+                  collection, '/', name])
+
+def GlobalNetworkLink(project, network):
+  return ''.join([default.COMPUTE_URL_BASE, 'projects/', project, '/global/',
+                  default.NETWORKS, '/', network])
+
+
+def LocalComputeLink(project, zone, key, value):
+  return ''.join([default.COMPUTE_URL_BASE, 'projects/', project, '/zones/',
+                  zone, '/', key, '/', value])
+
+
+def ReadContext(context, prop_key):
+  return (context.env['project'], context.properties.get('zone', None),
+          context.properties[prop_key])
+
+
+def MakeLocalComputeLink(context, key, zone=None):
+  if not zone:
+    project, zone, value = ReadContext(context, key)
+  else:
+    project, _, value = ReadContext(context, key)
+
+  if IsComputeLink(value):
+    return value
+  else:
+    return LocalComputeLink(project, zone, key + 's', value)
+
+
+def MakeGlobalComputeLink(context, key):
+  project, _, value = ReadContext(context, key)
+  if IsComputeLink(value):
+    return value
+  else:
+    return GlobalComputeLink(project, key + 's', value)
+
+def MakeRegionalSubnetworkLink(project, zone, subnet):
+  region = ZoneToRegion(zone)
+  return ''.join([default.COMPUTE_URL_BASE, 'projects/', project, '/regions/',
+                  region, '/subnetworks/', subnet])
+
+
+def MakeSubnetworkComputeLink(context, key):
+  project, zone, value = ReadContext(context, key)
+  region = ZoneToRegion(zone)
+  return ''.join([default.COMPUTE_URL_BASE, 'projects/', project, '/regions/',
+                  region, '/subnetworks/', value])
+
+
+def MakeFQHN(context, name):
+  return '%s.c.%s.internal' % (name, context.env['project'])
+
+
+# TODO(victorg): Consider moving this method to a different file
+def MakeC2DImageLink(name, dev_mode=False):
+  if IsGlobalProjectShortcut(name) or name.startswith('http'):
+    return name
+  else:
+    if dev_mode:
+      return 'global/images/%s' % name
+    else:
+      return GlobalComputeLink(default.C2D_IMAGES, 'images', name)
+
+
+def IsGlobalProjectShortcut(name):
+  return name.startswith('projects/') or name.startswith('global/')
+
+
+def IsComputeLink(name):
+  return (name.startswith(default.COMPUTE_URL_BASE) or
+          name.startswith(default.REFERENCE_PREFIX))
+
+
+def GetNamesAndTypes(resources_dict):
+  return [(d['name'], d['type']) for d in resources_dict]
+
+
+def SummarizeResources(res_dict):
+  """Summarizes the name of resources per resource type."""
+  result = {}
+  for res in res_dict:
+    result.setdefault(res['type'], []).append(res['name'])
+  return result
+
+
+def ListPropertyValuesOfType(res_dict, prop, res_type):
+  """Lists all the values for a property of a certain type."""
+  return [r['properties'][prop] for r in res_dict if r['type'] == res_type]
+
+
+def MakeResource(resource_list, output_list=None):
+  """Wrapper for a DM template basic spec."""
+  content = {'resources': resource_list}
+  if output_list:
+    content['outputs'] = output_list
+  return yaml.dump(content)
+
+
+def TakeZoneOut(properties):
+  """Given a properties dictionary, removes the zone specific information."""
+
+  def _CleanZoneUrl(value):
+    value = value.split('/')[-1] if IsComputeLink(value) else value
+    return value
+
+  for name in default.VM_ZONE_PROPERTIES:
+    if name in properties:
+      properties[name] = _CleanZoneUrl(properties[name])
+  if default.ZONE in properties:
+    properties.pop(default.ZONE)
+  if default.BOOTDISK in properties:
+    properties[default.BOOTDISK] = _CleanZoneUrl(properties[default.BOOTDISK])
+  if default.DISKS in properties:
+    for disk in properties[default.DISKS]:
+      # Don't touch references to other disks
+      if default.DISK_SOURCE in disk:
+        continue
+      if default.INITIALIZEP in disk:
+        disk_init = disk[default.INITIALIZEP]
+      if default.DISKTYPE in disk_init:
+        disk_init[default.DISKTYPE] = _CleanZoneUrl(disk_init[default.DISKTYPE])
+
+
+def GenerateEmbeddableYaml(yaml_string):
+  # Because YAML is a space delimited format, we need to be careful about
+  # embedding one YAML document in another. This function takes in a string in
+  # YAML format and produces an equivalent YAML representation that can be
+  # inserted into arbitrary points of another YAML document. It does so by
+  # printing the YAML string in a single line format. Consistent ordering of
+  # the string is also guaranteed by using yaml.dump.
+  yaml_object = yaml.load(yaml_string)
+  dumped_yaml = yaml.dump(yaml_object, default_flow_style=True)
+  return dumped_yaml
+
+
+def FormatErrorsDec(func):
+  """Decorator to format exceptions if they get raised."""
+
+  def FormatErrorsWrap(context):
+    try:
+      return func(context)
+    except Exception as e:
+      raise Error(FormatException(e.message))
+
+  return FormatErrorsWrap
diff --git a/deprecated/gcp/R80.40-R81/ha-payg/config.yaml b/deprecated/gcp/R80.40-R81/ha-payg/config.yaml
new file mode 100644
index 00000000..de203447
--- /dev/null
+++ b/deprecated/gcp/R80.40-R81/ha-payg/config.yaml
@@ -0,0 +1,73 @@
+imports:
+- path: check-point-cluster--payg.py
+- path: common.py
+- path: default.py
+- path: password.py
+- path: images.py
+
+resources:
+- name: check-point-cluster--payg
+  type: check-point-cluster--payg.py
+  properties:
+      ha_version: "PLEASE ENTER HA VERSION"
+      zoneA: "PLEASE ENTER ZONE A"
+      zoneB: "PLEASE ENTER ZONE B. MUST BE IN THE SAME REGION AS MEMBER A ZONE"
+      machineType: "PLEASE ENTER A MACHINE TYPE"
+      diskType: "PLEASE ENTER A DISK TYPE"
+      #To connect to Smart-1 Cloud you must provide two valid tokens (one per member)
+      smart1CloudTokenA: "PLEASE ENTER A TOKEN TO CONNECT TO SMART-1 CLOUD FOR MEMBER A OR LEAVE EMPTY DOUBLE QUOTES"
+      smart1CloudTokenB: "PLEASE ENTER A TOKEN TO CONNECT TO SMART-1 CLOUD FOR MEMBER B OR LEAVE EMPTY DOUBLE QUOTES"
+      bootDiskSizeGb: "PLEASE ENTER A DISK SIZE"
+      instanceSSHKey: "PLEASE ENTER A VALID PUBLIC KEY"
+      enableMonitoring: "PLEASE ENTER true or false"
+      managementNetwork: "PLEASE ENTER MANAGEMENT IP, if using Smart-1 Cloud insert 'S1C'"
+      sicKey: "PLEASE ENTER A SIC KEY"
+      generatePassword: "PLEASE ENTER true or false"
+      allowUploadDownload: "PLEASE ENTER true or false"
+      shell: "PLEASE ENTER A SHELL"
+      deployWithPublicIPs: "PLEASE ENTER true or false"
+      cluster-network-cidr: "PLEASE ENTER CLUSTER NETWORK CIDR"
+      cluster-network-name: "PLEASE ENTER CLUSTER NETWORK ID"
+      cluster-network-subnetwork-name: "PLEASE ENTER CLUSTER SUBNETWORK ID"
+      cluster-network_enableIcmp: "PLEASE ENTER true or false"
+      cluster-network_icmpSourceRanges: "PLEASE ENTER ICMP SOURCE RANGES OR LEAVE EMPTY DOUBLE QUOTES"
+      cluster-network_enableTcp: "PLEASE ENTER true or false"
+      cluster-network_tcpSourceRanges: "PLEASE ENTER TCP SOURCE RANGES OR LEAVE EMPTY DOUBLE QUOTES"
+      cluster-network_enableUdp: "PLEASE ENTER true or false"
+      cluster-network_udpSourceRanges: "PLEASE ENTER UDP SOURCE RANGES OR LEAVE EMPTY DOUBLE QUOTES"
+      cluster-network_enableSctp: "PLEASE ENTER true or false"
+      cluster-network_sctpSourceRanges: "PLEASE ENTER SCTP SOURCE RANGES OR LEAVE EMPTY DOUBLE QUOTES"
+      cluster-network_enableEsp: "PLEASE ENTER true or false"
+      cluster-network_espSourceRanges: "PLEASE ENTER ESP SOURCE RANGES OR LEAVE EMPTY DOUBLE QUOTES"
+      mgmt-network-cidr: "PLEASE ENTER MANAGEMENT NETWORK CIDR"
+      mgmt-network-name: "PLEASE ENTER MANAGEMENT NETWORK ID"
+      mgmt-network-subnetwork-name: "PLEASE ENTER MANAGEMENT SUBNETWORK ID"
+      mgmt-network_enableIcmp: "PLEASE ENTER true or false"
+      mgmt-network_icmpSourceRanges: "PLEASE ENTER ICMP SOURCE RANGES OR LEAVE EMPTY DOUBLE QUOTES"
+      mgmt-network_enableTcp: "PLEASE ENTER true or false"
+      mgmt-network_tcpSourceRanges: "PLEASE ENTER TCP SOURCE RANGES OR LEAVE EMPTY DOUBLE QUOTES"
+      mgmt-network_enableUdp: "PLEASE ENTER true or false"
+      mgmt-network_udpSourceRanges: "PLEASE ENTER UDP SOURCE RANGES OR LEAVE EMPTY DOUBLE QUOTES"
+      mgmt-network_enableSctp: "PLEASE ENTER true or false"
+      mgmt-network_sctpSourceRanges: "PLEASE ENTER SCTP SOURCE RANGES OR LEAVE EMPTY DOUBLE QUOTES"
+      mgmt-network_enableEsp: "PLEASE ENTER true or false"
+      mgmt-network_espSourceRanges: "PLEASE ENTER ESP SOURCE RANGES OR LEAVE EMPTY DOUBLE QUOTES"
+      #Define additional NICs networks and subnetworks according the defined numAdditionalNICs value
+      #If there is no need in additional NICs remove additionalNetwork1 and additionalSubnetwork1 variables
+      numInternalNetworks: "PLEASE ENTER A NUMBER OF ADDITIONAL NICS"
+      internal-network1-cidr: "PLEASE ENTER 1ST INTERNAL NETWORK CIDR"
+      internal-network1-name: "PLEASE ENTER 1ST INTERNAL NETWORK ID"
+      internal-network1-subnetwork-name: "PLEASE ENTER INTERNAL SUBNETWORK ID"
+outputs:
+- name: "Deployment"
+  value: $(ref.check-point-cluster--payg.deployment)
+- name: "Cluster IP external address"
+  value: $(ref.check-point-cluster--payg.clusterIP)
+- name: "Member A"
+  value: $(ref.check-point-cluster--payg.vmAName)
+- name: "Member A external IP"
+  value: $(ref.check-point-cluster--payg.vmAExternalIP)
+- name: "Member B"
+  value: $(ref.check-point-cluster--payg.vmBName)
+- name: "Member B external IP"
+  value: $(ref.check-point-cluster--payg.vmBExternalIP)
\ No newline at end of file
diff --git a/deprecated/gcp/R80.40-R81/ha-payg/default.py b/deprecated/gcp/R80.40-R81/ha-payg/default.py
new file mode 100644
index 00000000..0c7dd919
--- /dev/null
+++ b/deprecated/gcp/R80.40-R81/ha-payg/default.py
@@ -0,0 +1,134 @@
+# Copyright 2015 Google Inc. All rights reserved.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+"""Convenience module to hold default constants for C2D components.
+
+There should not be any logic in this module. Its purpose is to simplify
+analysis of commonly used GCP and properties names and identify the names
+that were custom created for these modules.
+"""
+# Generic constants
+C2D_IMAGES = 'click-to-deploy-images'
+
+# URL constants
+COMPUTE_URL_BASE = 'https://www.googleapis.com/compute/v1/'
+
+# Deployment Manager constructs
+REFERENCE_PREFIX = '$(ref.'
+
+# Commonly used in properties namespace
+AUTO_DELETE = 'autoDelete'
+BOOTDISK = 'bootDiskType'
+BOOTDISKSIZE = 'bootDiskSizeGb'
+C_IMAGE = 'containerImage'
+DC_MANIFEST = 'dcManifest'
+DEPLOYMENT = 'DEPLOYMENT'  # used in the deployment coordinator
+DISK_NAME = 'diskName'
+DISK_RESOURCES = 'addedDiskResources'
+DISK_SOURCE = 'source'
+ENDPOINT_NAME = 'serviceRegistryEndpointName'
+FIXED_GCLOUD = 'fixedGcloud'
+GENERATED_PROP = 'generatedProperties'
+INITIALIZEP = 'initializeParams'
+INSTANCE_NAME = 'instanceName'
+LOCAL_SSD = 'localSSDs'
+MAX_NUM = 'maxNumReplicas'
+NETWORKS = 'networks'
+NO_SCOPE = 'noScope'
+PROVIDE_BOOT = 'provideBoot'
+REPLICAS = 'replicas'
+SIZE = 'size'
+VM_COPIES = 'numberOfVMReplicas'
+ZONES = 'zones'
+
+# Common properties values (only official GCP values allowed here)
+EXTERNAL = 'External NAT'
+ONE_NAT = 'ONE_TO_ONE_NAT'
+
+# Common 1st level properties (only official GCP names allowed here)
+CAN_IP_FWD = 'canIpForward'
+CONTAINER = 'container'
+DCKRENV = 'dockerEnv'
+DCKRIMAGE = 'dockerImage'
+DEFAULT_SERVICE = 'defaultService'
+DEVICE_NAME = 'deviceName'
+DISKS = 'disks'
+DISK_SIZE = 'diskSizeGb'
+DISKTYPE = 'diskType'
+HEALTH_PATH = 'healthPath'
+HOST_RULES = 'hostRules'
+IP_PROTO = 'IPProtocol'
+MACHINETYPE = 'machineType'
+METADATA = 'metadata'
+NAME = 'name'
+NETWORK = 'network'
+NETWORKS = 'networks'
+SUBNETWORK = 'subnetwork'
+PATH_MATCHERS = 'pathMatchers'
+PORT = 'port'
+PROJECT = 'project'
+SERVICE = 'service'
+SERVICE_ACCOUNTS = 'serviceAccounts'
+SRCIMAGE = 'sourceImage'
+SRC_RANGES = 'sourceRanges'
+TAGS = 'tags'
+TYPE = 'type'
+VM_TEMPLATE = 'instanceTemplate'
+ZONE = 'zone'
+
+# Zone specfic VM properties
+VM_ZONE_PROPERTIES = [DISKTYPE, MACHINETYPE, BOOTDISK]
+
+# Resource type defaults names
+ADDRESS = 'compute.v1.address'
+AUTOSCALER = 'compute.v1.autoscaler'
+BACKEND_SERVICE = 'compute.v1.backendService'
+DISK = 'compute.v1.disk'
+ENDPOINT = 'serviceregistry.v1alpha.endpoint'
+FIREWALL = 'compute.v1.firewall'
+GF_RULE = 'compute.v1.globalForwardingRule'
+HEALTHCHECK = 'compute.v1.httpHealthCheck'
+IGM = 'compute.v1.instanceGroupManager'
+INSTANCE = 'compute.v1.instance'
+PROXY = 'compute.v1.targetHttpProxy'
+TEMPLATE = 'compute.v1.instanceTemplate'
+REGION_IGM = 'compute.v1.regionInstanceGroupManager'
+REGION_AUTOSCALER = 'compute.v1.regionAutoscaler'
+URL_MAP = 'compute.v1.urlMap'
+VPC='compute.v1.network'
+VPC_SUBNET='compute.v1.subnetwork'
+
+# Also Known As constants
+AKA = {
+    TEMPLATE: 'tmplt',
+    AUTOSCALER: 'as',
+    BACKEND_SERVICE: 'bes',
+    DISK: 'disk',
+    FIREWALL: 'fwall',
+    GF_RULE: 'ip',
+    HEALTHCHECK: 'hc',
+    INSTANCE: 'vm',
+    PROXY: 'tproxy',
+    IGM: 'igm',
+    URL_MAP: 'umap',
+}
+
+LOC = {
+    'europe': 'eu',
+    'asia': 'as',
+    'central': 'c',
+    'east': 'e',
+    'west': 'w',
+    'north': 'n',
+    'south': 's',
+}
diff --git a/deprecated/gcp/R80.40-R81/ha-payg/images.py b/deprecated/gcp/R80.40-R81/ha-payg/images.py
new file mode 100644
index 00000000..7b04bee0
--- /dev/null
+++ b/deprecated/gcp/R80.40-R81/ha-payg/images.py
@@ -0,0 +1,34 @@
+IMAGES = {
+  "check-point-r8120-payg": "check-point-r8120-payg-631-991001560-v20240425",
+  "check-point-r8120-gw-payg-single": "check-point-r8120-gw-payg-single-631-991001560-v20240425",
+  "check-point-r8120-gw-payg-mig": "check-point-r8120-gw-payg-mig-631-991001560-v20240425",
+  "check-point-r8120-gw-payg-cluster": "check-point-r8120-gw-payg-cluster-631-991001560-v20240425",
+  "check-point-r8120-gw-byol-single": "check-point-r8120-gw-byol-single-631-991001560-v20240425",
+  "check-point-r8120-gw-byol-mig": "check-point-r8120-gw-byol-mig-631-991001560-v20240425",
+  "check-point-r8120-gw-byol-cluster": "check-point-r8120-gw-byol-cluster-631-991001560-v20240425",
+  "check-point-r8120-byol": "check-point-r8120-byol-631-991001560-v20240425",
+  "check-point-r8110-payg": "check-point-r8110-payg-335-991001560-v20240425",
+  "check-point-r8110-gw-payg-single": "check-point-r8110-gw-payg-single-335-991001560-v20240425",
+  "check-point-r8110-gw-payg-mig": "check-point-r8110-gw-payg-mig-335-991001560-v20240425",
+  "check-point-r8110-gw-payg-cluster": "check-point-r8110-gw-payg-cluster-335-991001560-v20240425",
+  "check-point-r8110-gw-byol-single": "check-point-r8110-gw-byol-single-335-991001560-v20240425",
+  "check-point-r8110-gw-byol-mig": "check-point-r8110-gw-byol-mig-335-991001560-v20240425",
+  "check-point-r8110-gw-byol-cluster": "check-point-r8110-gw-byol-cluster-335-991001560-v20240425",
+  "check-point-r8110-byol": "check-point-r8110-byol-335-991001560-v20240425",
+  "check-point-r81-payg": "check-point-r81-payg-392-991001560-v20240425",
+  "check-point-r81-gw-payg-single": "check-point-r81-gw-payg-single-392-991001560-v20240425",
+  "check-point-r81-gw-payg-mig": "check-point-r81-gw-payg-mig-392-991001560-v20240425",
+  "check-point-r81-gw-payg-cluster": "check-point-r81-gw-payg-cluster-392-991001560-v20240425",
+  "check-point-r81-gw-byol-single": "check-point-r81-gw-byol-single-392-991001560-v20240425",
+  "check-point-r81-gw-byol-mig": "check-point-r81-gw-byol-mig-392-991001560-v20240425",
+  "check-point-r81-gw-byol-cluster": "check-point-r81-gw-byol-cluster-392-991001560-v20240425",
+  "check-point-r81-byol": "check-point-r81-byol-392-991001560-v20240425",
+  "check-point-r8040-payg": "check-point-r8040-payg-294-991001560-v20240425",
+  "check-point-r8040-gw-payg-single": "check-point-r8040-gw-payg-single-294-991001564-v20240505",
+  "check-point-r8040-gw-payg-mig": "check-point-r8040-gw-payg-mig-294-991001564-v20240505",
+  "check-point-r8040-gw-payg-cluster": "check-point-r8040-gw-payg-cluster-294-991001564-v20240505",
+  "check-point-r8040-gw-byol-single": "check-point-r8040-gw-byol-single-294-991001564-v20240505",
+  "check-point-r8040-gw-byol-mig": "check-point-r8040-gw-byol-mig-294-991001564-v20240505",
+  "check-point-r8040-gw-byol-cluster": "check-point-r8040-gw-byol-cluster-294-991001564-v20240505",
+  "check-point-r8040-byol": "check-point-r8040-byol-294-991001560-v20240425"
+}
\ No newline at end of file
diff --git a/deprecated/gcp/R80.40-R81/ha-payg/password.py b/deprecated/gcp/R80.40-R81/ha-payg/password.py
new file mode 100644
index 00000000..273210a6
--- /dev/null
+++ b/deprecated/gcp/R80.40-R81/ha-payg/password.py
@@ -0,0 +1,135 @@
+# Copyright 2015 Google Inc. All rights reserved.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+"""A DM template that generates password as an output, namely "password".
+
+An example YAML showing how this template can be used:
+  resources:
+  - name: generated-password
+    type: password.py
+    properties:
+      length: 8
+      includeSymbols: true
+  - name: main-template
+    type: main-template.jinja
+    properties:
+      password: $(ref.generated-password.password)
+
+Input properties to this template:
+  - length: the length of the generated password. At least 8. Default 8.
+  - includeSymbols: true/false whether to include symbol chars. Default false.
+
+The generated password satisfies the following requirements:
+  - The length is as specified,
+  - Containing letters and numbers, and optionally symbols if specified,
+  - Starting with a letter,
+  - Containing characters from at least 3 of the 4 categories: uppercases,
+    lowercases, numbers, and symbols.
+
+"""
+
+import random
+import yaml
+
+PROPERTY_LENGTH = 'length'
+PROPERTY_INCLUDE_SYMBOLS = 'includeSymbols'
+
+# Note the omission of some hard to distinguish characters like I, l, 0, and O.
+UPPERS = 'ABCDEFGHJKLMNPQRSTUVWXYZ'
+LOWERS = 'abcdefghijkmnopqrstuvwxyz'
+ALPHABET = UPPERS + LOWERS
+DIGITS = '123456789'
+ALPHANUMS = ALPHABET + DIGITS
+# Including only symbols that can be passed around easily in shell scripts.
+SYMBOLS = '*-+.'
+
+CANDIDATES_WITH_SYMBOLS = ALPHANUMS + SYMBOLS
+CANDIDATES_WITHOUT_SYMBOLS = ALPHANUMS
+
+CATEGORIES_WITH_SYMBOLS = [UPPERS, LOWERS, DIGITS, SYMBOLS]
+CATEGORIES_WITHOUT_SYMBOLS = [UPPERS, LOWERS, DIGITS]
+
+MIN_LENGTH = 8
+
+
+class InputError(Exception):
+  """Raised when input properties are unexpected."""
+
+
+def GenerateConfig(context):
+  """Entry function to generate the DM config."""
+  props = context.properties
+  length = props.setdefault(PROPERTY_LENGTH, MIN_LENGTH)
+  include_symbols = props.setdefault(PROPERTY_INCLUDE_SYMBOLS, False)
+
+  if not isinstance(include_symbols, bool):
+    raise InputError('%s must be a boolean' % PROPERTY_INCLUDE_SYMBOLS)
+
+  content = {
+      'resources': [],
+      'outputs': [{
+          'name': 'password',
+          'value': GeneratePassword(length, include_symbols)
+      }]
+  }
+  return yaml.dump(content)
+
+
+def GeneratePassword(length=8, include_symbols=False):
+  """Generates a random password."""
+  if length < MIN_LENGTH:
+    raise InputError('Password length must be at least %d' % MIN_LENGTH)
+
+  candidates = (CANDIDATES_WITH_SYMBOLS if include_symbols
+                else CANDIDATES_WITHOUT_SYMBOLS)
+  categories = (CATEGORIES_WITH_SYMBOLS if include_symbols
+                else CATEGORIES_WITHOUT_SYMBOLS)
+
+  # Generates up to the specified length minus the number of categories.
+  # Then inserts one character for each category, ensuring that the character
+  # satisfy the category if the generated string hasn't already.
+  generated = ([random.choice(ALPHABET)] +
+               [random.choice(candidates)
+                for _ in range(length - 1 - len(categories))])
+  for category in categories:
+    _InsertAndEnsureSatisfaction(generated, category, candidates)
+  return ''.join(generated)
+
+
+def _InsertAndEnsureSatisfaction(generated, required, all_candidates):
+  """Inserts 1 char into generated, satisfying required if not already.
+
+  If the required characters are not already in the generated string, one will
+  be inserted. If any required character is already in the generated string, a
+  random character from all_candidates will be inserted. The insertion happens
+  at a random location but not at the beginning.
+
+  Args:
+    generated: the string to be modified.
+    required: list of required characters to check for.
+    all_candidates: list of characters to choose from if the required characters
+        are already satisfied.
+  """
+  if set(generated).isdisjoint(required):
+    # Not yet satisfied. Insert a required candidate.
+    _InsertInto(generated, required)
+  else:
+    # Already satisfied. Insert any candidate.
+    _InsertInto(generated, all_candidates)
+
+
+def _InsertInto(generated, candidates):
+  """Inserts a random candidate into a random non-zero index of generated."""
+  # Avoids inserting at index 0, since the first character follows its own rule.
+  generated.insert(random.randint(1, len(generated) - 1),
+                   random.choice(candidates))
diff --git a/deprecated/gcp/R80.40-R81/single-byol/README.md b/deprecated/gcp/R80.40-R81/single-byol/README.md
new file mode 100644
index 00000000..4c14d447
--- /dev/null
+++ b/deprecated/gcp/R80.40-R81/single-byol/README.md
@@ -0,0 +1,134 @@
+# GCP Deployment Manager package for Management, Gateway and Standalone BYOL solutions
+This directory contains CloudGuard IaaS deployment package for Management, Gateway and Standalone BYOL solution published in the [GCP Marketplace](https://console.cloud.google.com/marketplace/details/checkpoint-public/check-point-cloudguard-byol).
+
+# How to deploy the package manually
+To deploy the Deployment Manager's package manually, without using the GCP Marketplace, follow these instructions:
+1. Clone or download the files in this directory
+2. Fill variables in the config.yaml(see below for variables descriptions).
+3. Log into [Google Cloud Platform Console](https://console.cloud.google.com)
+4. [Activate Cloud Shell](https://cloud.google.com/shell/docs/using-cloud-shell)
+5. Set your Cloud Platform project in the Cloud Shell session use:
+        
+        gcloud config set project [PROJECT_ID]
+6. Upload the content of the CloudGuardIaaS/gcp/deployment-packages/single-byol/ directory to the [cloud shell](https://cloud.google.com/shell/docs/uploading-and-downloading-files) 
+7. Launch deployment by running:
+        
+         gcloud deployment-manager deployments create [DEPLOYMENT_NAME] --config config.yaml
+8. Make sure the deployment finished successfully. <br>Example of successful deployment output:
+        
+        The fingerprint of the deployment is NEBnvNbqOItDoLZrhYNo5Q==
+        Waiting for create [operation-1585065238276-5a19bc2792a32-becd058d-67862f39]...done.
+        Create operation operation-1585065238276-5a19bc2792a32-becd058d-67862f39 completed successfully.
+        NAME                        TYPE                          STATE      ERRORS  INTENT
+        gateway-config              runtimeconfig.v1beta1.config  COMPLETED  []
+        gateway-software            runtimeconfig.v1beta1.waiter  COMPLETED  []
+        gateway-vm                  compute.v1.instance           COMPLETED  []
+        gateway-vm-address          compute.v1.address            COMPLETED  []
+        OUTPUTS     VALUE
+        Deployment  gateway
+        Instance    gateway-single-vm
+        
+## config.yaml variables
+| Name          | Description   | Type          | Allowed values |
+| ------------- | ------------- | ------------- | -------------  |
+| **zone** | The zone determines what computing resources are available and where your data is stored and used | string | List of allowed [Regions and Zones](https://cloud.google.com/compute/docs/regions-zones?_ga=2.31926582.-962483654.1585043745) |
+|  |  |  |  |  |
+| **machineType** | Machine types determine the specifications of your machines, such as the amount of memory, virtual cores, and persistent disk limits an instance will have | string | [Learn more about Machine Types](https://cloud.google.com/compute/docs/machine-types?hl=en_US&_ga=2.267871494.-962483654.1585043745) |
+|  |  |  |  |  |
+| **network** | The network determines what network traffic the instance can access | string | Available network in the chosen zone  |
+|  |  |  |  |  |
+| **Subnetwork** | Assigns the instance an IPv4 address from the subnetwork’s range. Instances in different subnetworks can communicate with each other using their internal IPs as long as they belong to the same network. | string | Available subnetwork in the chosen network  |
+|  |  |  |  |  |
+| **network_enableTcp** | Allow TCP traffic from the Internet | boolean | true; <br/>false;  |
+|  |  |  |  |  |
+| **network_tcpSourceRanges** | Allow TCP traffic from the Internet | string | Traffic is only allowed from sources within these IP address ranges. Use CIDR notation when entering ranges. For gateway all ports are allowed. For management allowed ports are: 257,18191,18210,18264,22,443,18190,19009 [Learn more](https://cloud.google.com/vpc/docs/vpc?_ga=2.36703144.-962483654.1585043745#firewalls) |
+|  |  |  |  |  |
+| **network_enableGwNetwork** | This is relevant for **Management** only. The network in which managed gateways reside | boolean | true; <br/>false;  |
+|  |  |  |  |  |
+| **network_gwNetworkSourceRanges** | Allow TCP traffic from the Internet | string | Enter a valid IPv4 network CIDR (e.g. 0.0.0.0/0) |
+|  |  |  |  |  |
+| **network_enableIcmp** | Allow ICMP traffic from the Internet | boolean | true; <br/>false;  |
+|  |  |  |  |  |
+| **network_icmpSourceRanges** | Source IP ranges for ICMP traffic | string | Traffic is only allowed from sources within these IP address ranges. Use CIDR notation when entering ranges. For gateway only. [Learn more](https://cloud.google.com/vpc/docs/vpc?_ga=2.36703144.-962483654.1585043745#firewalls) |
+|  |  |  |  |  |
+| **network_enableUdp** | Allow UDP traffic from the Internet | boolean | true; <br/>false;  |
+|  |  |  |  |  |
+| **network_udpSourceRanges** | Source IP ranges for UDP traffic | string | Traffic is only allowed from sources within these IP address ranges. Use CIDR notation when entering ranges. For gateway only - all ports are allowed. [Learn more](https://cloud.google.com/vpc/docs/vpc?_ga=2.36703144.-962483654.1585043745#firewalls) |
+|  |  |  |  |  |
+| **network_enableSctp** | Allow SCTP traffic from the Internet | boolean | true; <br/>false;  |
+|  |  |  |  |  |
+| **network_sctpSourceRanges** | Source IP ranges for SCTP traffic | string | Traffic is only allowed from sources within these IP address ranges. Use CIDR notation when entering ranges. For gateway only - all ports are allowed. [Learn more](https://cloud.google.com/vpc/docs/vpc?_ga=2.36703144.-962483654.1585043745#firewalls) |
+|  |  |  |  |  |
+| **network_enableEsp** | Allow ESP traffic from the Internet | boolean | true; <br/>false; |
+|  |  |  |  |  |
+| **network_espSourceRanges** | Source IP ranges for ESP traffic | string | Traffic is only allowed from sources within these IP address ranges. Use CIDR notation when entering ranges. For gateway only. [Learn more](https://cloud.google.com/vpc/docs/vpc?_ga=2.36703144.-962483654.1585043745#firewalls) |
+|  |  |  |  |  |
+| **externalIP** | External IP address type | string | Static;<br/>Ephemeral;<br/>None;<br/>An external IP address associated with this instance. Selecting "None" will result in the instance having no external internet access. [Learn more](https://cloud.google.com/compute/docs/ip-addresses/reserve-static-external-ip-address?_ga=2.259654658.-962483654.1585043745) |
+|  |  |  |  |  |
+| **installationType** | Installation type and version | string | R80.40 Gateway only<br/>R80.40 Management only<br/>R80.40 Manual Configuration<br/>R80.40 Gateway and Management (Standalone)<br/>R81.00 Gateway only<br/>R81.00 Management only<br/>R81.00 Manual Configuration<br/>R81.00 Gateway and Management (Standalone)<br/>R81.10 Gateway only<br/>R81.10 Management only<br/>R81.10 Manual Configuration<br/>R81.10 Gateway and Management (Standalone)<br/>R81.20 Gateway only<br/>R81.20 Management only<br/>R81.20 Manual Configuration<br/>R81.20 Gateway and Management (Standalone) |
+|  |  |  |  |  |
+| **smart1CloudToken** | Smart-1 Cloud token to connect this gateway to Check Point's Security Management as a Service. <br/><br/> Follow these instructions to quickly connect this member to Smart-1 Cloud - [SK180501](https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk180501) | string | A valid token copied from the Connect Gateway screen in Smart-1 Cloud portal.|
+|  |  |  |  |  |
+| **diskType** | Disk type | string | pd-ssd;<br/>pd-standard;<br/>Storage space is much less expensive for a standard persistent disk. An SSD persistent disk is better for random IOPS or streaming throughput with low latency. [Learn more](https://cloud.google.com/compute/docs/disks/?hl=en_US&_ga=2.66020774.-962483654.1585043745#overview_of_disk_types)|
+|  |  |  |  |  |
+| **bootDiskSizeGb** | Disk size in GB | number | Persistent disk performance is tied to the size of the persistent disk volume. You are charged for the actual amount of provisioned disk space. [Learn more](https://cloud.google.com/compute/docs/disks/?hl=en_US&_ga=2.232680471.-962483654.1585043745#pdperformance)|
+|  |  |  |  |  |
+| **generatePassword** | Automatically generate an administrator password | boolean | true; <br/>false; |
+|  |  |  |  |  |
+| **allowUploadDownload** | Allow download from/upload to Check Point  | boolean | true; <br/>false; |
+|  |  |  |  |  |
+| **enableMonitoring** | Enable Stackdriver monitoring | boolean | true; <br/>false; |
+|  |  |  |  |  |
+| **shell** | Admin shell | string | /etc/cli.sh;<br/>/bin/bash;<br/>/bin/csh;<br/>/bin/tcsh;<br/> |
+|  |  |  |  |  |
+| **instanceSSHKey** | Public SSH key for the user 'admin' | string | A valid public ssh key |
+|  |  |  |  |  |
+| **sicKey** | The Secure Internal Communication one time secret used to set up trust between the cluster object and the management server | string | At least 8 alpha numeric characters.<br/>If SIC is not provided and needed, a key will be automatically generated |
+|  |  |  |  |  |
+| **managementGUIClientNetwork** | Allowed GUI clients | string | A valid IPv4 network CIDR (e.g. 0.0.0.0/0) |
+|  |  |  |  |  |
+| **numAdditionalNICs** | Number of additional network interfaces | number | A number in the range 0 - 7.<br/>Multiple network interfaces deployment is described in [sk121637 - Deploy a CloudGuard for GCP with Multiple Network Interfaces](https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk121637) |
+|  |  |  |  |  |
+
+## Example
+    zone: "asia-east1-a"
+    machineType: "n1-standard-4"
+    network: "frontend-vpc"
+    subnetwork: "frontend"
+    network_enableTcp: true
+    network_tcpSourceRanges: "0.0.0.0/0"
+    network_enableGwNetwork: true
+    network_gwNetworkSourceRanges: "0.0.0.0/0"					  							 
+    network_enableIcmp: true
+    network_icmpSourceRanges: "0.0.0.0/0"
+    network_enableUdp: true
+    network_udpSourceRanges: "0.0.0.0/0"
+    network_enableSctp: false
+    network_sctpSourceRanges: ""
+    network_enableEsp: false
+    network_espSourceRanges: ""
+    externalIP: "Static"
+    installationType: "R81.10 Gateway only"
+    smart1CloudToken: "xxxxxxxxxxxxxxxxxxxxxxxx"
+    diskType: "pd-ssd"
+    bootDiskSizeGb: 100
+    generatePassword: false
+    allowUploadDownload: true
+    enableMonitoring: false
+    shell: "/bin/bash"
+    instanceSSHKey: "ssh-rsa xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx imported-openssh-key"
+    sicKey: "xxxxxxxx"
+    managementGUIClientNetwork: "0.0.0.0/0"
+    numAdditionalNICs: 1
+    additionalNetwork1: "backend-vpc1"
+    additionalSubnetwork1: "backend1"
+    externalIP1": "None"
+    additionalNetwork2": "backend-vpc2"
+    additionalSubnetwork2": "backend2"
+    externalIP2": "None"
+
+
+
+
+## Notes
+See [sk147032](https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk147032) for revision history
\ No newline at end of file
diff --git a/deprecated/gcp/R80.40-R81/single-byol/c2d_deployment_configuration.json b/deprecated/gcp/R80.40-R81/single-byol/c2d_deployment_configuration.json
new file mode 100644
index 00000000..006d39c7
--- /dev/null
+++ b/deprecated/gcp/R80.40-R81/single-byol/c2d_deployment_configuration.json
@@ -0,0 +1,7 @@
+{
+  "defaultDeploymentType": "SINGLE_VM",
+  "imageName": "check-point-r8120-gw-byol-single-631-991001475-v20231221",
+  "projectId": "checkpoint-public",
+  "templateName": "nonexistent_template",
+  "useSolutionPackage": "true"
+}
diff --git a/deprecated/gcp/R80.40-R81/single-byol/check-point-vsec--byol.py b/deprecated/gcp/R80.40-R81/single-byol/check-point-vsec--byol.py
new file mode 100644
index 00000000..d1fd7411
--- /dev/null
+++ b/deprecated/gcp/R80.40-R81/single-byol/check-point-vsec--byol.py
@@ -0,0 +1,479 @@
+# Copyright 2016 Check Point Software LTD.
+import common
+import default
+import images
+import password
+
+GATEWAY = 'checkpoint-gateway'
+MANAGEMENT = 'checkpoint-management'
+
+PROJECT = 'checkpoint-public'
+LICENSE = 'byol'
+LICENCE_TYPE = 'single'
+
+VERSIONS = {
+    'R80.40': 'r8040',
+    'R80.40-GW': 'r8040-gw',
+    'R81': 'r81',
+    'R81-GW': 'r81-gw',
+    'R81.10': 'r8110',
+    'R81.10-GW': 'r8110-gw',
+    'R81.20': 'r8120',
+    'R81.20-GW': 'r8120-gw'
+}
+
+ADDITIONAL_NETWORK = 'additionalNetwork{}'
+ADDITIONAL_SUBNET = 'additionalSubnetwork{}'
+ADDITIONAL_EXTERNAL_IP = 'externalIP{}'
+MAX_NICS = 8
+
+TEMPLATE_NAME = 'single'
+TEMPLATE_VERSION = '20231221'
+
+ATTRIBUTES = {
+    'Gateway and Management (Standalone)': {
+        'tags': [GATEWAY, MANAGEMENT],
+        'description': 'Check Point Security Gateway and Management',
+        'canIpForward': True,
+    },
+    'Management only': {
+        'tags': [MANAGEMENT],
+        'description': 'Check Point Security Management',
+        'canIpForward': False,
+    },
+    'Gateway only': {
+        'tags': [GATEWAY],
+        'description': 'Check Point Security Gateway',
+        'canIpForward': True,
+    },
+    'Manual Configuration': {
+        'tags': [],
+        'description': 'Check Point',
+        'canIpForward': True,
+    }
+}
+
+startup_script = '''
+#cloud-config
+runcmd:
+  - 'python3 /etc/cloud_config.py "generatePassword=\\"{generatePassword}\\"" "allowUploadDownload=\\"{allowUploadDownload}\\"" "templateName=\\"{templateName}\\"" "templateVersion=\\"{templateVersion}\\"" "mgmtNIC=\\"{mgmtNIC}\\"" "hasInternet=\\"{hasInternet}\\"" "config_url=\\"{config_url}\\"" "config_path=\\"{config_path}\\"" "installationType=\\"{installationType}\\"" "enableMonitoring=\\"{enableMonitoring}\\"" "shell=\\"{shell}\\"" "computed_sic_key=\\"{computed_sic_key}\\"" "sicKey=\\"{sicKey}\\"" "managementGUIClientNetwork=\\"{managementGUIClientNetwork}\\"" "primary_cluster_address_name=\\"{primary_cluster_address_name}\\"" "secondary_cluster_address_name=\\"{secondary_cluster_address_name}\\"" "managementNetwork=\\"{managementNetwork}\\"" "numAdditionalNICs=\\"{numAdditionalNICs}\\"" "smart1CloudToken=\\"{smart1CloudToken}\\"" "name=\\"{name}\\"" "zone=\\"{zoneConfig}\\"" "region=\\"{region}\\"" "osVersion=\\"{osVersion}\\"" "MaintenanceModePassword=\\"{maintenanceMode}\\""'
+'''
+
+
+def set_name_and_truncate(primary, secondary, maxlength=62):
+    return '%s%s' % (primary[:maxlength - len(secondary)], secondary)
+
+
+def MakeStaticAddress(vm_name, zone, ifnum=None):
+    """Creates a static IP address resource; returns it and the natIP."""
+    if ifnum:
+        address_name = set_name_and_truncate(vm_name,
+                                             '-address-{}'.format(ifnum))
+    else:
+        address_name = set_name_and_truncate(vm_name, '-address')
+    address_resource = {
+        'name': address_name,
+        'type': default.ADDRESS,
+        'properties': {
+            'name': address_name,
+            'region': common.ZoneToRegion(zone),
+        },
+    }
+    return address_resource, '$(ref.%s.address)' % address_name
+
+
+def make_access_config(resources, vm_name, zone, static, index=None):
+    name = 'external-address'
+    if index:
+        name += '-{}'.format(index)
+    access_config = {
+        'name': name,
+        'type': default.ONE_NAT
+    }
+    if static:
+        address_resource, nat_ip = MakeStaticAddress(vm_name, zone, index)
+        resources.append(address_resource)
+        access_config['natIP'] = nat_ip
+    return access_config
+
+
+def create_firewall_rules(prop, net_name, fw_rule_name_prefix, mgmt=False,
+                          uid=''):
+    firewall_rules = []
+    protocols = ['Icmp', 'Udp', 'Tcp', 'Sctp', 'Esp']
+    if mgmt:
+        protocols.remove('Tcp')
+    for protocol in protocols:
+        proto = protocol.lower()
+        source_ranges = prop.get('network' + '_' + proto + 'SourceRanges', '')
+        protocol_enabled = prop.get('network' + '_enable' + protocol, '')
+        if protocol_enabled and source_ranges:
+            firewall_rules.append(make_firewall_rule(
+                proto, source_ranges, net_name, fw_rule_name_prefix, mgmt,
+                uid))
+    return firewall_rules
+
+
+def make_firewall_rule(protocol, source_ranges,
+                       net_name, fw_rule_name_prefix, mgmt=False, uid=''):
+    ranges = []
+    ranges_list = source_ranges.split(',')
+    for source_range in ranges_list:
+        ranges.append(source_range.replace(" ", ""))
+    fw_rule_name = fw_rule_name_prefix + '-' + protocol
+    if mgmt:
+        targetTags = [uid]
+    else:
+        targetTags = [GATEWAY]
+    firewall_rule = {
+        'type': default.FIREWALL,
+        'name': fw_rule_name,
+        'properties': {
+            'network': 'global/networks/' + net_name,
+            'sourceRanges': ranges,
+            'targetTags': targetTags,
+            'allowed': [{'IPProtocol': protocol}],
+        }
+    }
+    return firewall_rule
+
+
+def generate_config(context):
+    """Creates the gateway."""
+    prop = context.properties
+    prop['cloudguardVersion'], _, prop['installationType'] = prop[
+        'installationType'].partition(' ')
+    if prop['smart1CloudToken'] and prop['installationType'] != 'Gateway only':
+        raise Exception('Use of Smart-1 Cloud token is allowed only\
+         for Gateway development.')
+    prop['templateName'] = TEMPLATE_NAME
+    prop['templateVersion'] = TEMPLATE_VERSION
+    prop['osVersion'] = prop['cloudguardVersion'].replace(".", "")
+    prop['allowUploadDownload'] = str(prop['allowUploadDownload']).lower()
+    if not prop['managementGUIClientNetwork'] and prop['installationType'] in {
+            'Gateway and Management (Standalone)', 'Management only'}:
+        raise Exception('Allowed GUI clients are required when installing '
+                        'a management server')
+    for k in ['managementGUIClientNetwork']:
+        prop.setdefault(k, '')
+    resources = []
+    outputs = []
+    network_interfaces = []
+    external_ifs = []
+    zone = prop['zone']
+    deployment = context.env['deployment']
+    vm_name = set_name_and_truncate(deployment, '-vm')
+    access_configs = []
+    if prop['externalIP'] != 'None':
+        access_config = make_access_config(resources, vm_name, zone,
+                                           'Static' == prop['externalIP'])
+        access_configs.append(access_config)
+        external_ifs.append(0)
+        prop['hasInternet'] = 'true'
+    else:
+        prop['hasInternet'] = 'false'
+    network = common.MakeGlobalComputeLink(context, default.NETWORK)
+    networks = {prop['network']}
+    network_interface = {
+        'network': network,
+        'accessConfigs': access_configs,
+    }
+    if default.SUBNETWORK in prop:
+        network_interface['subnetwork'] = common.MakeSubnetworkComputeLink(
+            context, default.SUBNETWORK)
+    network_interfaces.append(network_interface)
+    for ifnum in range(1, prop['numAdditionalNICs'] + 1):
+        net = prop.get(ADDITIONAL_NETWORK.format(ifnum))
+        subnet = prop.get(ADDITIONAL_SUBNET.format(ifnum))
+        ext_ip = prop.get(ADDITIONAL_EXTERNAL_IP.format(ifnum))
+        if not net or not subnet:
+            raise Exception(
+                'Missing network parameters for interface {}'.format(ifnum))
+        if net in networks:
+            raise Exception('Cannot use network "' + net + '" more than once')
+        networks.add(net)
+        net = ''.join([
+            default.COMPUTE_URL_BASE,
+            'projects/', context.env['project'], '/global/networks/', net])
+        subnet = ''.join([
+            default.COMPUTE_URL_BASE,
+            'projects/', context.env['project'],
+            '/regions/', common.ZoneToRegion(zone), '/subnetworks/', subnet])
+        network_interface = {
+            'network': net,
+            'subnetwork': subnet,
+        }
+        if 'None' != ext_ip:
+            external_ifs.append(ifnum)
+            access_config = make_access_config(
+                resources, vm_name, zone, 'Static' == ext_ip, ifnum + 1)
+            access_configs = [access_config]
+            network_interface['accessConfigs'] = access_configs
+            if not prop.get('hasInternet') or 'false' == prop['hasInternet']:
+                prop['hasInternet'] = 'true'
+        network_interfaces.append(network_interface)
+    for ifnum in range(prop['numAdditionalNICs'] + 1, MAX_NICS):
+        prop.pop(ADDITIONAL_NETWORK.format(ifnum), None)
+        prop.pop(ADDITIONAL_SUBNET.format(ifnum), None)
+        prop.pop(ADDITIONAL_EXTERNAL_IP.format(ifnum), None)
+    deployment_config = set_name_and_truncate(deployment, '-config')
+    prop['config_url'] = ('https://runtimeconfig.googleapis.com/v1beta1/' +
+                          'projects/' + context.env[
+                              'project'] + '/configs/' + deployment_config)
+    prop['config_path'] = '/'.join(prop['config_url'].split('/')[-4:])
+    prop['deployment_config'] = deployment_config
+    tags = ATTRIBUTES[prop['installationType']]['tags']
+    uid = set_name_and_truncate(vm_name, '-' + password.GeneratePassword(
+        8, False).lower())
+    if prop['installationType'] == 'Gateway only':
+        prop['cloudguardVersion'] += '-GW'
+        if not prop.get('sicKey'):
+            prop['computed_sic_key'] = password.GeneratePassword(12, False)
+        else:
+            prop['computed_sic_key'] = prop['sicKey']
+    else:
+        prop['computed_sic_key'] = 'N/A'
+    outputs.append({
+        'name': 'sicKey',
+        'value': prop['computed_sic_key'],
+    }, )
+    if 'gw' in VERSIONS[prop['cloudguardVersion']]:
+        license_name = "{}-{}".format(LICENSE, LICENCE_TYPE)
+    else:
+        license_name = LICENSE
+    family = '-'.join(['check-point', VERSIONS[prop['cloudguardVersion']],
+                       license_name])
+    formatter = common.DefaultFormatter()
+    gw = {
+        'type': default.INSTANCE,
+        'name': vm_name,
+        'properties': {
+            'description': ATTRIBUTES[prop['installationType']]['description'],
+            'zone': zone,
+            'tags': {
+                'items': tags + [uid],
+            },
+            'machineType': common.MakeLocalComputeLink(
+                context, default.MACHINETYPE),
+            'canIpForward': ATTRIBUTES[
+                prop['installationType']]['canIpForward'],
+            'networkInterfaces': network_interfaces,
+            'disks': [{
+                'autoDelete': True,
+                'boot': True,
+                'deviceName': common.AutoName(
+                    context.env['name'], default.DISK, 'boot'),
+                'initializeParams': {
+                    'diskType': common.MakeLocalComputeLink(
+                        context, default.DISKTYPE),
+                    'diskSizeGb': prop['bootDiskSizeGb'],
+                    'sourceImage':
+                        'projects/%s/global/images/%s' % (
+                            PROJECT, images.IMAGES[family]),
+                },
+                'type': 'PERSISTENT',
+            }],
+            'metadata': {
+                'items': [
+                    {
+                        'key': 'startup-script',
+                        'value': formatter.format(startup_script, **prop)
+                    },
+                ]
+            },
+            'serviceAccounts': [{
+                'email': 'default',
+                'scopes': [
+                    'https://www.googleapis.com/auth/monitoring.write'
+                ],
+            }]
+        }
+    }
+    if (prop['externalIP'] != 'None') and (
+            'Manual Configuration' != prop['installationType']):
+        gw['properties']['serviceAccounts'][0]['scopes'].append(
+            'https://www.googleapis.com/auth/cloudruntimeconfig')
+        resources.append({
+            'name': deployment_config,
+            'type': 'runtimeconfig.v1beta1.config',
+            'properties': {
+                'config': deployment_config,
+                'description': ('Holds software readiness status '
+                                'for deployment {}').format(deployment),
+            },
+        })
+        resources.append({
+            'name': set_name_and_truncate(deployment, '-software'),
+            'type': 'runtimeconfig.v1beta1.waiter',
+            'metadata': {
+                'dependsOn': [],
+            },
+            'properties': {
+                'parent': '$(ref.' + deployment_config + '.name)',
+                'waiter': 'software',
+                'timeout': '1800s',
+                'success': {
+                    'cardinality': {
+                        'number': 1,
+                        'path': 'status/success',
+                    },
+                },
+                'failure': {
+                    'cardinality': {
+                        'number': 1,
+                        'path': 'status/failure',
+                    },
+                },
+            },
+        })
+    if 'instanceSSHKey' in prop:
+        gw['properties']['metadata']['items'].append(
+            {
+                'key': 'instanceSSHKey',
+                'value': prop['instanceSSHKey']
+            }
+        )
+    if prop['generatePassword']:
+        passwd = password.GeneratePassword(12, False)
+        gw['properties']['metadata']['items'].append(
+            {
+                'key': 'adminPasswordSourceMetadata',
+                'value': passwd
+            }
+        )
+    else:
+        passwd = ''
+    resources.append(gw)
+    netlist = list(networks)
+
+    if GATEWAY in tags:
+        for i in range(len(netlist)):
+            network = netlist[i]
+            fw_rule_name_prefix = set_name_and_truncate(
+                gen_fw_rule_name_deployment_network_prefix(
+                    deployment, network),
+                '-allow-all-to-chkp-{}'.format(i + 1))
+            firewall_rules = create_firewall_rules(
+                prop, network, fw_rule_name_prefix)
+            resources.extend(firewall_rules)
+    elif MANAGEMENT in tags:
+        for i in range(len(netlist)):
+            network = netlist[i]
+            source_ranges = prop['network_tcpSourceRanges']
+            tcp_enabled = prop['network_enableTcp']
+            gwNetwork_enabled = prop['network_enableGwNetwork']
+            gwNetwork_source_range = prop['network_gwNetworkSourceRanges']
+            if source_ranges and not tcp_enabled:
+                raise Exception(
+                    'Allowed source IP ranges for TCP traffic are provided '
+                    'but TCP not marked as allowed')
+            if tcp_enabled and not source_ranges:
+                raise Exception('Allowed source IP ranges for TCP traffic'
+                                ' are required when installing '
+                                'a management server')
+            if not gwNetwork_enabled and gwNetwork_source_range:
+                raise Exception('Gateway network source IP are provided but '
+                                'not marked as allowed.')
+            if gwNetwork_enabled and not gwNetwork_source_range:
+                raise Exception('Gateway network source IP is required in'
+                                ' MGMT deployment.')
+            ranges_list = source_ranges.split(',')
+            gw_network_list = gwNetwork_source_range.split(',')
+            ranges = []
+            gw_net_ranges = []
+            for source_range in ranges_list:
+                ranges.append(source_range.replace(" ", ""))
+            for gw_net_range in gw_network_list:
+                gw_net_ranges.append(gw_net_range.replace(" ", ""))
+            if tcp_enabled:
+                if gwNetwork_enabled:
+                    resources.append({
+                        'type': 'compute.v1.firewall',
+                        'name': set_name_and_truncate(
+                            gen_fw_rule_name_deployment_network_prefix(
+                                deployment, network),
+                            '-gateways-to-management-{}'.format(i + 1)),
+                        'properties': {
+                            'network': 'global/networks/' + network,
+                            'sourceRanges': list(set(gw_net_ranges + ranges)),
+                            'sourceTags': [GATEWAY],
+                            'targetTags': [uid],
+                            'allowed': [
+                                {
+                                    'IPProtocol': 'tcp',
+                                    'ports': ['257', '18191', '18210', '18264']
+                                },
+                            ],
+                        }
+                    })
+                resources.append({
+                    'type': 'compute.v1.firewall',
+                    'name': set_name_and_truncate(
+                        gen_fw_rule_name_deployment_network_prefix(deployment,
+                                                                   network),
+                        '-allow-gui-clients-{}'.format(i + 1)),
+                    'properties': {
+                        'network': 'global/networks/' + network,
+                        'sourceRanges': list(set(ranges)),
+                        'targetTags': [uid],
+                        'allowed': [
+                            {
+                                'IPProtocol': 'tcp',
+                                'ports': ['22', '443', '18190', '19009']
+                            },
+                        ],
+                    }
+                })
+            fw_rule_name_prefix = set_name_and_truncate(
+                gen_fw_rule_name_deployment_network_prefix(
+                    deployment, network),
+                '-allow-all-to-chkp-{}'.format(i + 1))
+            firewall_rules = create_firewall_rules(
+                prop, network, fw_rule_name_prefix, True, uid)
+            resources.extend(firewall_rules)
+    outputs += [
+        {
+            'name': 'deployment',
+            'value': deployment
+        },
+        {
+            'name': 'project',
+            'value': context.env['project']
+        },
+        {
+            'name': 'vmName',
+            'value': vm_name,
+        },
+        {
+            'name': 'vmId',
+            'value': '$(ref.%s.id)' % vm_name,
+        },
+        {
+            'name': 'vmSelfLink',
+            'value': '$(ref.%s.selfLink)' % vm_name,
+        },
+        {
+            'name': 'hasMultiExternalIPs',
+            'value': 0 < len(external_ifs) and external_ifs != [0],
+        },
+        {
+            'name': 'additionalExternalIPs',
+            'value': ', '.join([('$(ref.{}.networkInterfaces[{}].' +
+                                 'accessConfigs[0].natIP)').format(
+                vm_name, ifnum) for ifnum in external_ifs if ifnum])
+        },
+        {
+            'name': 'vmInternalIP',
+            'value': '$(ref.%s.networkInterfaces[0].networkIP)' % vm_name,
+        },
+        {
+            'name': 'password',
+            'value': passwd
+        }
+    ]
+    return common.MakeResource(resources, outputs)
+
+
+def gen_fw_rule_name_deployment_network_prefix(deployment_name, network_name):
+    return '{}-{}'. \
+        format(deployment_name[:20], network_name[:16])
diff --git a/deprecated/gcp/R80.40-R81/single-byol/check-point-vsec--byol.py.schema b/deprecated/gcp/R80.40-R81/single-byol/check-point-vsec--byol.py.schema
new file mode 100644
index 00000000..f08b551a
--- /dev/null
+++ b/deprecated/gcp/R80.40-R81/single-byol/check-point-vsec--byol.py.schema
@@ -0,0 +1,363 @@
+imports:
+  - path: check-point-vsec--byol.py
+
+info:
+  version: 1.0
+  title: Check Point CloudGuard Network Security - BYOL Template
+
+required:
+  - zone
+  - machineType
+  - network
+  - diskType
+  - bootDiskSizeGb
+  - installationType
+  - allowUploadDownload
+  - shell
+  - managementGUIClientNetwork
+  - generatePassword
+  - enableMonitoring
+  - numAdditionalNICs
+
+properties:
+  zone:
+    type: string
+    default: us-central1-a
+    x-googleProperty:
+      type: GCE_ZONE
+  machineType:
+    type: string
+    default: n1-standard-4
+    x-googleProperty:
+      type: GCE_MACHINE_TYPE
+      zoneProperty: zone
+      gceMachineType:
+        minCpu: 2
+        minRamGb: 1.843000054359436
+  network:
+    type: string
+    default: default
+    x-googleProperty:
+      type: GCE_NETWORK
+  subnetwork:
+    type: string
+    x-googleProperty:
+      type: GCE_SUBNETWORK
+      zoneProperty: zone
+      gceSubnetwork:
+        networkProperty: network
+  network_enableTcp:
+    type: boolean
+    default: False
+    x-googleProperty:
+      type: GCE_FIREWALL
+      gceFirewall:
+        networkProperty: network
+  network_tcpSourceRanges:
+    type: string
+    x-googleProperty:
+      type: GCE_FIREWALL_RANGE
+      gceFirewallRange:
+        firewallProperty: network_enableTcp
+  network_enableGwNetwork:
+    type: boolean
+    default: False
+    x-googleProperty:
+      type: GCE_FIREWALL
+      gceFirewall:
+        networkProperty: network
+  network_gwNetworkSourceRanges:
+    type: string
+    x-googleProperty:
+      type: GCE_FIREWALL_RANGE
+      gceFirewallRange:
+        firewallProperty: network_enableGwNetwork
+  network_enableIcmp:
+    type: boolean
+    default: False
+    x-googleProperty:
+      type: GCE_FIREWALL
+      gceFirewall:
+        networkProperty: network
+  network_icmpSourceRanges:
+    type: string
+    x-googleProperty:
+      type: GCE_FIREWALL_RANGE
+      gceFirewallRange:
+        firewallProperty: network_enableIcmp
+  network_enableUdp:
+    type: boolean
+    default: False
+    x-googleProperty:
+      type: GCE_FIREWALL
+      gceFirewall:
+        networkProperty: network
+  network_udpSourceRanges:
+    type: string
+    x-googleProperty:
+      type: GCE_FIREWALL_RANGE
+      gceFirewallRange:
+        firewallProperty: network_enableUdp
+  network_enableSctp:
+    type: boolean
+    default: False
+    x-googleProperty:
+      type: GCE_FIREWALL
+      gceFirewall:
+        networkProperty: network
+  network_sctpSourceRanges:
+    type: string
+    x-googleProperty:
+      type: GCE_FIREWALL_RANGE
+      gceFirewallRange:
+        firewallProperty: network_enableSctp
+  network_enableEsp:
+    type: boolean
+    default: False
+    x-googleProperty:
+      type: GCE_FIREWALL
+      gceFirewall:
+        networkProperty: network
+  network_espSourceRanges:
+    type: string
+    x-googleProperty:
+      type: GCE_FIREWALL_RANGE
+      gceFirewallRange:
+        firewallProperty: network_enableEsp
+  smart1CloudToken:
+    type: string
+    default: ''
+  diskType:
+    type: string
+    default: pd-ssd
+    x-googleProperty:
+      type: GCE_DISK_TYPE
+      zoneProperty: zone
+  bootDiskSizeGb:
+    type: integer
+    maximum: 1000
+    default: 100
+    minimum: 100
+    x-googleProperty:
+      type: GCE_DISK_SIZE
+      gceDiskSize:
+        diskTypeProperty: diskType
+  installationType:
+    type: string
+    default: R81.20 Gateway only
+    enum:
+      - R80.40 Gateway only
+      - R80.40 Management only
+      - R80.40 Manual Configuration
+      - R80.40 Gateway and Management (Standalone)
+      - R81 Gateway only
+      - R81 Management only
+      - R81 Manual Configuration
+      - R81 Gateway and Management (Standalone)
+      - R81.10 Gateway only
+      - R81.10 Management only
+      - R81.10 Manual Configuration
+      - R81.10 Gateway and Management (Standalone)
+      - R81.20 Gateway only
+      - R81.20 Management only
+      - R81.20 Manual Configuration
+      - R81.20 Gateway and Management (Standalone)
+  maintenanceMode:
+    type: string
+    pattern: ^([a-z0-9A-Z.]{12,300}|)$
+    default: ''
+  allowUploadDownload:
+    type: boolean
+    default: True
+  shell:
+    type: string
+    default: /etc/cli.sh
+    enum:
+      - /etc/cli.sh
+      - /bin/bash
+      - /bin/csh
+      - /bin/tcsh
+  generatePassword:
+    type: boolean
+    default: False
+  enableMonitoring:
+    type: boolean
+    default: False
+  sicKey:
+    type: string
+    pattern: ^([a-z0-9A-Z]{8,30}|)$
+    default: ''
+  managementGUIClientNetwork:
+    type: string
+    pattern: ^([0-9]{1,3}\.){3}[0-9]{1,3}/([0-9]|[1-2][0-9]|3[0-2])$
+  externalIP:
+    type: string
+    enum:
+      - Static
+      - Ephemeral
+      - None
+    default: Static
+  instanceSSHKey:
+    type: string
+    pattern: ^([0-9a-z\-]+ +[0-9A-Za-z/\+=]+( .*)?|)$
+    default: ''
+  numAdditionalNICs:
+    type: integer
+    enum:
+      - 0
+      - 1
+      - 2
+      - 3
+      - 4
+      - 5
+      - 6
+      - 7
+    minimum: 0
+    maximum: 7
+    default: 1 
+  additionalNetwork1:
+    type: string
+    x-googleProperty:
+      type: GCE_NETWORK
+  additionalSubnetwork1:
+    type: string
+    x-googleProperty:
+      type: GCE_SUBNETWORK
+      zoneProperty: zone
+      gceSubnetwork:
+        networkProperty: additionalNetwork1
+  externalIP1:
+    type: string
+    enum:
+      - Static
+      - Ephemeral
+      - None
+    default: None
+  additionalNetwork2:
+    type: string
+    x-googleProperty:
+      type: GCE_NETWORK
+  additionalSubnetwork2:
+    type: string
+    x-googleProperty:
+      type: GCE_SUBNETWORK
+      zoneProperty: zone
+      gceSubnetwork:
+        networkProperty: additionalNetwork2
+  externalIP2:
+    type: string
+    enum:
+      - Static
+      - Ephemeral
+      - None
+    default: None
+  additionalNetwork3:
+    type: string
+    x-googleProperty:
+      type: GCE_NETWORK
+  additionalSubnetwork3:
+    type: string
+    x-googleProperty:
+      type: GCE_SUBNETWORK
+      zoneProperty: zone
+      gceSubnetwork:
+        networkProperty: additionalNetwork3
+  externalIP3:
+    type: string
+    enum:
+      - Static
+      - Ephemeral
+      - None
+    default: None
+  additionalNetwork4:
+    type: string
+    x-googleProperty:
+      type: GCE_NETWORK
+  additionalSubnetwork4:
+    type: string
+    x-googleProperty:
+      type: GCE_SUBNETWORK
+      zoneProperty: zone
+      gceSubnetwork:
+        networkProperty: additionalNetwork4
+  externalIP4:
+    type: string
+    enum:
+      - Static
+      - Ephemeral
+      - None
+    default: None
+  additionalNetwork5:
+    type: string
+    x-googleProperty:
+      type: GCE_NETWORK
+  additionalSubnetwork5:
+    type: string
+    x-googleProperty:
+      type: GCE_SUBNETWORK
+      zoneProperty: zone
+      gceSubnetwork:
+        networkProperty: additionalNetwork5
+  externalIP5:
+    type: string
+    enum:
+      - Static
+      - Ephemeral
+      - None
+    default: None
+  additionalNetwork6:
+    type: string
+    x-googleProperty:
+      type: GCE_NETWORK
+  additionalSubnetwork6:
+    type: string
+    x-googleProperty:
+      type: GCE_SUBNETWORK
+      zoneProperty: zone
+      gceSubnetwork:
+        networkProperty: additionalNetwork6
+  externalIP6:
+    type: string
+    enum:
+      - Static
+      - Ephemeral
+      - None
+    default: None
+  additionalNetwork7:
+    type: string
+    x-googleProperty:
+      type: GCE_NETWORK
+  additionalSubnetwork7:
+    type: string
+    x-googleProperty:
+      type: GCE_SUBNETWORK
+      zoneProperty: zone
+      gceSubnetwork:
+        networkProperty: additionalNetwork7
+  externalIP7:
+    type: string
+    enum:
+      - Static
+      - Ephemeral
+      - None
+    default: None
+
+outputs:
+  deployment:
+    type: string
+  project:
+    type: string
+  vmId:
+    type: string
+  vmInternalIP:
+    type: string
+  hasMultiExternalIP:
+    type: boolean
+  additionalExternalIPs:
+    type: string
+  vmName:
+    type: string
+  vmSelfLink:
+    type: string
+  password:
+    type: string
diff --git a/deprecated/gcp/R80.40-R81/single-byol/common.py b/deprecated/gcp/R80.40-R81/single-byol/common.py
new file mode 100644
index 00000000..e123c502
--- /dev/null
+++ b/deprecated/gcp/R80.40-R81/single-byol/common.py
@@ -0,0 +1,262 @@
+# Copyright 2015 Google Inc. All rights reserved.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+"""Generic simple functions used for python based template generation."""
+
+import re
+import sys
+import traceback
+import default
+import string
+
+import yaml
+
+RFC1035_RE = re.compile(r'^[a-z][-a-z0-9]{1,61}[a-z0-9]{1}$')
+
+
+class Error(Exception):
+  """Common exception wrapper for template exceptions."""
+  pass
+
+
+class DefaultFormatter(string.Formatter):
+    """Returns default instead of key error when looking for keys.
+
+    Used for startup-script which contains params from multiple deployments
+    whiles keys from one deployment may not be set in another.
+    """
+    def __init__(self, default=''):
+        self.default = default
+    def get_value(self, key, args, dict):
+        if isinstance(key, str):
+            return dict.get(key, self.default)
+        else:
+            return string.Formatter.get_value(key, args, dict)
+
+
+def set_name_and_truncate(primary, secondary, maxlength=62):
+    return '%s%s' % (primary[:maxlength - len(secondary)], secondary)
+
+
+def AddDiskResourcesIfNeeded(context):
+  """Checks context if disk resources need to be added."""
+  if default.DISK_RESOURCES in context.properties:
+    return context.properties[default.DISK_RESOURCES]
+  else:
+    return []
+
+
+def AutoName(base, resource, *args):
+  """Helper method to generate names automatically based on default."""
+  auto_name = '%s-%s' % (base, '-'.join(list(args) + [default.AKA[resource]]))
+  if not RFC1035_RE.match(auto_name):
+    raise Error('"%s" name for type %s does not match RFC1035 regex (%s)' %
+                (auto_name, resource, RFC1035_RE.pattern))
+  return auto_name
+
+
+def AutoRef(base, resource, *args):
+  """Helper method that builds a reference for an auto-named resource."""
+  return Ref(AutoName(base, resource, *args))
+
+
+def OrderedItems(dict_obj):
+  """Convenient method to yield sorted iteritems of a dictionary."""
+  keys = list(dict_obj.keys())
+  keys.sort()
+  for k in keys:
+    yield (k, dict_obj[k])
+
+
+def ShortenZoneName(zone):
+  """Given a string that looks like a zone name, creates a shorter version."""
+  geo, coord, number, letter = re.findall(r'(\w+)-(\w+)(\d)-(\w)', zone)[0]
+  geo = geo.lower() if len(geo) == 2 else default.LOC[geo.lower()]
+  coord = default.LOC[coord.lower()]
+  number = str(number)
+  letter = letter.lower()
+  return geo + '-' + coord + number + letter
+
+
+def ZoneToRegion(zone):
+  """Derives the region from a zone name."""
+  parts = zone.split('-')
+  if len(parts) != 3:
+    raise Error('Cannot derive region from zone "%s"' % zone)
+  return '-'.join(parts[:2])
+
+
+def FormatException(message):
+  """Adds more information to the exception."""
+  message = ('Exception Type: %s\n'
+             'Details: %s\n'
+             'Message: %s\n') % (sys.exc_info()[0],
+                                 traceback.format_exc(), message)
+  return message
+
+
+def Ref(name):
+  return '$(ref.%s.selfLink)' % name
+
+
+def RefGroup(name):
+  return '$(ref.%s.instanceGroup)' % name
+
+
+def GlobalComputeLink(project, collection, name):
+  return ''.join([default.COMPUTE_URL_BASE, 'projects/', project, '/global/',
+                  collection, '/', name])
+
+def GlobalNetworkLink(project, network):
+  return ''.join([default.COMPUTE_URL_BASE, 'projects/', project, '/global/',
+                  default.NETWORKS, '/', network])
+
+
+def LocalComputeLink(project, zone, key, value):
+  return ''.join([default.COMPUTE_URL_BASE, 'projects/', project, '/zones/',
+                  zone, '/', key, '/', value])
+
+
+def ReadContext(context, prop_key):
+  return (context.env['project'], context.properties.get('zone', None),
+          context.properties[prop_key])
+
+
+def MakeLocalComputeLink(context, key, zone=None):
+  if not zone:
+    project, zone, value = ReadContext(context, key)
+  else:
+    project, _, value = ReadContext(context, key)
+
+  if IsComputeLink(value):
+    return value
+  else:
+    return LocalComputeLink(project, zone, key + 's', value)
+
+
+def MakeGlobalComputeLink(context, key):
+  project, _, value = ReadContext(context, key)
+  if IsComputeLink(value):
+    return value
+  else:
+    return GlobalComputeLink(project, key + 's', value)
+
+def MakeRegionalSubnetworkLink(project, zone, subnet):
+  region = ZoneToRegion(zone)
+  return ''.join([default.COMPUTE_URL_BASE, 'projects/', project, '/regions/',
+                  region, '/subnetworks/', subnet])
+
+
+def MakeSubnetworkComputeLink(context, key):
+  project, zone, value = ReadContext(context, key)
+  region = ZoneToRegion(zone)
+  return ''.join([default.COMPUTE_URL_BASE, 'projects/', project, '/regions/',
+                  region, '/subnetworks/', value])
+
+
+def MakeFQHN(context, name):
+  return '%s.c.%s.internal' % (name, context.env['project'])
+
+
+# TODO(victorg): Consider moving this method to a different file
+def MakeC2DImageLink(name, dev_mode=False):
+  if IsGlobalProjectShortcut(name) or name.startswith('http'):
+    return name
+  else:
+    if dev_mode:
+      return 'global/images/%s' % name
+    else:
+      return GlobalComputeLink(default.C2D_IMAGES, 'images', name)
+
+
+def IsGlobalProjectShortcut(name):
+  return name.startswith('projects/') or name.startswith('global/')
+
+
+def IsComputeLink(name):
+  return (name.startswith(default.COMPUTE_URL_BASE) or
+          name.startswith(default.REFERENCE_PREFIX))
+
+
+def GetNamesAndTypes(resources_dict):
+  return [(d['name'], d['type']) for d in resources_dict]
+
+
+def SummarizeResources(res_dict):
+  """Summarizes the name of resources per resource type."""
+  result = {}
+  for res in res_dict:
+    result.setdefault(res['type'], []).append(res['name'])
+  return result
+
+
+def ListPropertyValuesOfType(res_dict, prop, res_type):
+  """Lists all the values for a property of a certain type."""
+  return [r['properties'][prop] for r in res_dict if r['type'] == res_type]
+
+
+def MakeResource(resource_list, output_list=None):
+  """Wrapper for a DM template basic spec."""
+  content = {'resources': resource_list}
+  if output_list:
+    content['outputs'] = output_list
+  return yaml.dump(content)
+
+
+def TakeZoneOut(properties):
+  """Given a properties dictionary, removes the zone specific information."""
+
+  def _CleanZoneUrl(value):
+    value = value.split('/')[-1] if IsComputeLink(value) else value
+    return value
+
+  for name in default.VM_ZONE_PROPERTIES:
+    if name in properties:
+      properties[name] = _CleanZoneUrl(properties[name])
+  if default.ZONE in properties:
+    properties.pop(default.ZONE)
+  if default.BOOTDISK in properties:
+    properties[default.BOOTDISK] = _CleanZoneUrl(properties[default.BOOTDISK])
+  if default.DISKS in properties:
+    for disk in properties[default.DISKS]:
+      # Don't touch references to other disks
+      if default.DISK_SOURCE in disk:
+        continue
+      if default.INITIALIZEP in disk:
+        disk_init = disk[default.INITIALIZEP]
+      if default.DISKTYPE in disk_init:
+        disk_init[default.DISKTYPE] = _CleanZoneUrl(disk_init[default.DISKTYPE])
+
+
+def GenerateEmbeddableYaml(yaml_string):
+  # Because YAML is a space delimited format, we need to be careful about
+  # embedding one YAML document in another. This function takes in a string in
+  # YAML format and produces an equivalent YAML representation that can be
+  # inserted into arbitrary points of another YAML document. It does so by
+  # printing the YAML string in a single line format. Consistent ordering of
+  # the string is also guaranteed by using yaml.dump.
+  yaml_object = yaml.load(yaml_string)
+  dumped_yaml = yaml.dump(yaml_object, default_flow_style=True)
+  return dumped_yaml
+
+
+def FormatErrorsDec(func):
+  """Decorator to format exceptions if they get raised."""
+
+  def FormatErrorsWrap(context):
+    try:
+      return func(context)
+    except Exception as e:
+      raise Error(FormatException(e.message))
+
+  return FormatErrorsWrap
diff --git a/deprecated/gcp/R80.40-R81/single-byol/config.yaml b/deprecated/gcp/R80.40-R81/single-byol/config.yaml
new file mode 100644
index 00000000..3301dada
--- /dev/null
+++ b/deprecated/gcp/R80.40-R81/single-byol/config.yaml
@@ -0,0 +1,50 @@
+imports:
+- path: check-point-vsec--byol.py
+- path: common.py
+- path: default.py
+- path: password.py
+- path: images.py
+
+resources:
+- name: check-point-vsec--byol
+  type: check-point-vsec--byol.py
+  properties:
+    zone: "PLEASE ENTER A ZONE"
+    machineType: "PLEASE ENTER A MACHINE TYPE"
+    network: "PLEASE ENTER AN EXTERNAL NETWORK ID"
+    subnetwork: "PLEASE ENTER A SUBNETWORK ID"
+    network_enableTcp: "PLEASE ENTER true or false"
+    network_tcpSourceRanges: "PLEASE ENTER TCP SOURCE RANGES OR LEAVE EMPTY DOUBLE QUOTES"
+    network_enableGwNetwork: "PLEASE ENTER true or false"
+    network_gwNetworkSourceRanges: "PLEASE ENTER GATEWAY NETWORK SOURCE RANGES FOR MANAGEMENT, AND STANDALONE. LEAVE EMPTY DOUBLE QUOTES FOR GW"
+    network_enableIcmp: "PLEASE ENTER true or false"
+    network_icmpSourceRanges: "PLEASE ENTER ICMP SOURCE RANGES OR LEAVE EMPTY DOUBLE QUOTES"
+    network_enableUdp: "PLEASE ENTER true or false"
+    network_udpSourceRanges: "PLEASE ENTER UDP SOURCE RANGES OR LEAVE EMPTY DOUBLE QUOTES"
+    network_enableSctp: "PLEASE ENTER true or false"
+    network_sctpSourceRanges: "PLEASE ENTER SCTP SOURCE RANGES OR LEAVE EMPTY DOUBLE QUOTES"
+    network_enableEsp: "PLEASE ENTER true or false"
+    network_espSourceRanges: "PLEASE ENTER ESP SOURCE RANGES OR LEAVE EMPTY DOUBLE QUOTES"
+    externalIP: "PLEASE ENTER AN EXTERNAL IP ADDRESS TYPE"
+    installationType: "PLEASE ENTER AN INSTALLATION TYPE"
+    #Connecting to Smart-1 Cloud is only available for Gateway only installation
+    smart1CloudToken: "PLEASE ENTER A TOKEN TO CONNECT TO SMART-1 CLOUD OR LEAVE EMPTY DOUBLE QUOTES"
+    diskType: "PLEASE ENTER A DISK TYPE"
+    bootDiskSizeGb: "PLEASE ENTER A DISK SIZE"
+    generatePassword: "PLEASE ENTER true or false"
+    allowUploadDownload: "PLEASE ENTER true or false"
+    enableMonitoring: "PLEASE ENTER true or false"
+    shell: "PLEASE ENTER A SHELL"
+    instanceSSHKey: "PLEASE ENTER A VALID PUBLIC KEY"
+    sicKey: "PLEASE ENTER A SIC KEY"
+    managementGUIClientNetwork: "PLEASE ENTER A MANAGEMENT GUI CLIENT NETWORK"
+    numAdditionalNICs: "PLEASE ENTER A NUMBER OF ADDITIONAL NICS"
+    #Define additional NICs networks and subnetworks according the defined numAdditionalNICs value
+    #If there is no need in additional NICs remove additionalNetwork1 and additionalSubnetwork1 variables
+    additionalNetwork1: "PLEASE ENTER AN ADDITIONAL NETWORK1 ID"
+    additionalSubnetwork1: "PLEASE ENTER AN ADDITIONAL SUBNETWORK1 ID"
+outputs:
+- name: "Deployment"
+  value: $(ref.check-point-vsec--byol.deployment)
+- name: "Instance"
+  value: $(ref.check-point-vsec--byol.vmName)
\ No newline at end of file
diff --git a/deprecated/gcp/R80.40-R81/single-byol/default.py b/deprecated/gcp/R80.40-R81/single-byol/default.py
new file mode 100644
index 00000000..0c7dd919
--- /dev/null
+++ b/deprecated/gcp/R80.40-R81/single-byol/default.py
@@ -0,0 +1,134 @@
+# Copyright 2015 Google Inc. All rights reserved.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+"""Convenience module to hold default constants for C2D components.
+
+There should not be any logic in this module. Its purpose is to simplify
+analysis of commonly used GCP and properties names and identify the names
+that were custom created for these modules.
+"""
+# Generic constants
+C2D_IMAGES = 'click-to-deploy-images'
+
+# URL constants
+COMPUTE_URL_BASE = 'https://www.googleapis.com/compute/v1/'
+
+# Deployment Manager constructs
+REFERENCE_PREFIX = '$(ref.'
+
+# Commonly used in properties namespace
+AUTO_DELETE = 'autoDelete'
+BOOTDISK = 'bootDiskType'
+BOOTDISKSIZE = 'bootDiskSizeGb'
+C_IMAGE = 'containerImage'
+DC_MANIFEST = 'dcManifest'
+DEPLOYMENT = 'DEPLOYMENT'  # used in the deployment coordinator
+DISK_NAME = 'diskName'
+DISK_RESOURCES = 'addedDiskResources'
+DISK_SOURCE = 'source'
+ENDPOINT_NAME = 'serviceRegistryEndpointName'
+FIXED_GCLOUD = 'fixedGcloud'
+GENERATED_PROP = 'generatedProperties'
+INITIALIZEP = 'initializeParams'
+INSTANCE_NAME = 'instanceName'
+LOCAL_SSD = 'localSSDs'
+MAX_NUM = 'maxNumReplicas'
+NETWORKS = 'networks'
+NO_SCOPE = 'noScope'
+PROVIDE_BOOT = 'provideBoot'
+REPLICAS = 'replicas'
+SIZE = 'size'
+VM_COPIES = 'numberOfVMReplicas'
+ZONES = 'zones'
+
+# Common properties values (only official GCP values allowed here)
+EXTERNAL = 'External NAT'
+ONE_NAT = 'ONE_TO_ONE_NAT'
+
+# Common 1st level properties (only official GCP names allowed here)
+CAN_IP_FWD = 'canIpForward'
+CONTAINER = 'container'
+DCKRENV = 'dockerEnv'
+DCKRIMAGE = 'dockerImage'
+DEFAULT_SERVICE = 'defaultService'
+DEVICE_NAME = 'deviceName'
+DISKS = 'disks'
+DISK_SIZE = 'diskSizeGb'
+DISKTYPE = 'diskType'
+HEALTH_PATH = 'healthPath'
+HOST_RULES = 'hostRules'
+IP_PROTO = 'IPProtocol'
+MACHINETYPE = 'machineType'
+METADATA = 'metadata'
+NAME = 'name'
+NETWORK = 'network'
+NETWORKS = 'networks'
+SUBNETWORK = 'subnetwork'
+PATH_MATCHERS = 'pathMatchers'
+PORT = 'port'
+PROJECT = 'project'
+SERVICE = 'service'
+SERVICE_ACCOUNTS = 'serviceAccounts'
+SRCIMAGE = 'sourceImage'
+SRC_RANGES = 'sourceRanges'
+TAGS = 'tags'
+TYPE = 'type'
+VM_TEMPLATE = 'instanceTemplate'
+ZONE = 'zone'
+
+# Zone specfic VM properties
+VM_ZONE_PROPERTIES = [DISKTYPE, MACHINETYPE, BOOTDISK]
+
+# Resource type defaults names
+ADDRESS = 'compute.v1.address'
+AUTOSCALER = 'compute.v1.autoscaler'
+BACKEND_SERVICE = 'compute.v1.backendService'
+DISK = 'compute.v1.disk'
+ENDPOINT = 'serviceregistry.v1alpha.endpoint'
+FIREWALL = 'compute.v1.firewall'
+GF_RULE = 'compute.v1.globalForwardingRule'
+HEALTHCHECK = 'compute.v1.httpHealthCheck'
+IGM = 'compute.v1.instanceGroupManager'
+INSTANCE = 'compute.v1.instance'
+PROXY = 'compute.v1.targetHttpProxy'
+TEMPLATE = 'compute.v1.instanceTemplate'
+REGION_IGM = 'compute.v1.regionInstanceGroupManager'
+REGION_AUTOSCALER = 'compute.v1.regionAutoscaler'
+URL_MAP = 'compute.v1.urlMap'
+VPC='compute.v1.network'
+VPC_SUBNET='compute.v1.subnetwork'
+
+# Also Known As constants
+AKA = {
+    TEMPLATE: 'tmplt',
+    AUTOSCALER: 'as',
+    BACKEND_SERVICE: 'bes',
+    DISK: 'disk',
+    FIREWALL: 'fwall',
+    GF_RULE: 'ip',
+    HEALTHCHECK: 'hc',
+    INSTANCE: 'vm',
+    PROXY: 'tproxy',
+    IGM: 'igm',
+    URL_MAP: 'umap',
+}
+
+LOC = {
+    'europe': 'eu',
+    'asia': 'as',
+    'central': 'c',
+    'east': 'e',
+    'west': 'w',
+    'north': 'n',
+    'south': 's',
+}
diff --git a/deprecated/gcp/R80.40-R81/single-byol/images.py b/deprecated/gcp/R80.40-R81/single-byol/images.py
new file mode 100644
index 00000000..7b04bee0
--- /dev/null
+++ b/deprecated/gcp/R80.40-R81/single-byol/images.py
@@ -0,0 +1,34 @@
+IMAGES = {
+  "check-point-r8120-payg": "check-point-r8120-payg-631-991001560-v20240425",
+  "check-point-r8120-gw-payg-single": "check-point-r8120-gw-payg-single-631-991001560-v20240425",
+  "check-point-r8120-gw-payg-mig": "check-point-r8120-gw-payg-mig-631-991001560-v20240425",
+  "check-point-r8120-gw-payg-cluster": "check-point-r8120-gw-payg-cluster-631-991001560-v20240425",
+  "check-point-r8120-gw-byol-single": "check-point-r8120-gw-byol-single-631-991001560-v20240425",
+  "check-point-r8120-gw-byol-mig": "check-point-r8120-gw-byol-mig-631-991001560-v20240425",
+  "check-point-r8120-gw-byol-cluster": "check-point-r8120-gw-byol-cluster-631-991001560-v20240425",
+  "check-point-r8120-byol": "check-point-r8120-byol-631-991001560-v20240425",
+  "check-point-r8110-payg": "check-point-r8110-payg-335-991001560-v20240425",
+  "check-point-r8110-gw-payg-single": "check-point-r8110-gw-payg-single-335-991001560-v20240425",
+  "check-point-r8110-gw-payg-mig": "check-point-r8110-gw-payg-mig-335-991001560-v20240425",
+  "check-point-r8110-gw-payg-cluster": "check-point-r8110-gw-payg-cluster-335-991001560-v20240425",
+  "check-point-r8110-gw-byol-single": "check-point-r8110-gw-byol-single-335-991001560-v20240425",
+  "check-point-r8110-gw-byol-mig": "check-point-r8110-gw-byol-mig-335-991001560-v20240425",
+  "check-point-r8110-gw-byol-cluster": "check-point-r8110-gw-byol-cluster-335-991001560-v20240425",
+  "check-point-r8110-byol": "check-point-r8110-byol-335-991001560-v20240425",
+  "check-point-r81-payg": "check-point-r81-payg-392-991001560-v20240425",
+  "check-point-r81-gw-payg-single": "check-point-r81-gw-payg-single-392-991001560-v20240425",
+  "check-point-r81-gw-payg-mig": "check-point-r81-gw-payg-mig-392-991001560-v20240425",
+  "check-point-r81-gw-payg-cluster": "check-point-r81-gw-payg-cluster-392-991001560-v20240425",
+  "check-point-r81-gw-byol-single": "check-point-r81-gw-byol-single-392-991001560-v20240425",
+  "check-point-r81-gw-byol-mig": "check-point-r81-gw-byol-mig-392-991001560-v20240425",
+  "check-point-r81-gw-byol-cluster": "check-point-r81-gw-byol-cluster-392-991001560-v20240425",
+  "check-point-r81-byol": "check-point-r81-byol-392-991001560-v20240425",
+  "check-point-r8040-payg": "check-point-r8040-payg-294-991001560-v20240425",
+  "check-point-r8040-gw-payg-single": "check-point-r8040-gw-payg-single-294-991001564-v20240505",
+  "check-point-r8040-gw-payg-mig": "check-point-r8040-gw-payg-mig-294-991001564-v20240505",
+  "check-point-r8040-gw-payg-cluster": "check-point-r8040-gw-payg-cluster-294-991001564-v20240505",
+  "check-point-r8040-gw-byol-single": "check-point-r8040-gw-byol-single-294-991001564-v20240505",
+  "check-point-r8040-gw-byol-mig": "check-point-r8040-gw-byol-mig-294-991001564-v20240505",
+  "check-point-r8040-gw-byol-cluster": "check-point-r8040-gw-byol-cluster-294-991001564-v20240505",
+  "check-point-r8040-byol": "check-point-r8040-byol-294-991001560-v20240425"
+}
\ No newline at end of file
diff --git a/deprecated/gcp/R80.40-R81/single-byol/password.py b/deprecated/gcp/R80.40-R81/single-byol/password.py
new file mode 100644
index 00000000..273210a6
--- /dev/null
+++ b/deprecated/gcp/R80.40-R81/single-byol/password.py
@@ -0,0 +1,135 @@
+# Copyright 2015 Google Inc. All rights reserved.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+"""A DM template that generates password as an output, namely "password".
+
+An example YAML showing how this template can be used:
+  resources:
+  - name: generated-password
+    type: password.py
+    properties:
+      length: 8
+      includeSymbols: true
+  - name: main-template
+    type: main-template.jinja
+    properties:
+      password: $(ref.generated-password.password)
+
+Input properties to this template:
+  - length: the length of the generated password. At least 8. Default 8.
+  - includeSymbols: true/false whether to include symbol chars. Default false.
+
+The generated password satisfies the following requirements:
+  - The length is as specified,
+  - Containing letters and numbers, and optionally symbols if specified,
+  - Starting with a letter,
+  - Containing characters from at least 3 of the 4 categories: uppercases,
+    lowercases, numbers, and symbols.
+
+"""
+
+import random
+import yaml
+
+PROPERTY_LENGTH = 'length'
+PROPERTY_INCLUDE_SYMBOLS = 'includeSymbols'
+
+# Note the omission of some hard to distinguish characters like I, l, 0, and O.
+UPPERS = 'ABCDEFGHJKLMNPQRSTUVWXYZ'
+LOWERS = 'abcdefghijkmnopqrstuvwxyz'
+ALPHABET = UPPERS + LOWERS
+DIGITS = '123456789'
+ALPHANUMS = ALPHABET + DIGITS
+# Including only symbols that can be passed around easily in shell scripts.
+SYMBOLS = '*-+.'
+
+CANDIDATES_WITH_SYMBOLS = ALPHANUMS + SYMBOLS
+CANDIDATES_WITHOUT_SYMBOLS = ALPHANUMS
+
+CATEGORIES_WITH_SYMBOLS = [UPPERS, LOWERS, DIGITS, SYMBOLS]
+CATEGORIES_WITHOUT_SYMBOLS = [UPPERS, LOWERS, DIGITS]
+
+MIN_LENGTH = 8
+
+
+class InputError(Exception):
+  """Raised when input properties are unexpected."""
+
+
+def GenerateConfig(context):
+  """Entry function to generate the DM config."""
+  props = context.properties
+  length = props.setdefault(PROPERTY_LENGTH, MIN_LENGTH)
+  include_symbols = props.setdefault(PROPERTY_INCLUDE_SYMBOLS, False)
+
+  if not isinstance(include_symbols, bool):
+    raise InputError('%s must be a boolean' % PROPERTY_INCLUDE_SYMBOLS)
+
+  content = {
+      'resources': [],
+      'outputs': [{
+          'name': 'password',
+          'value': GeneratePassword(length, include_symbols)
+      }]
+  }
+  return yaml.dump(content)
+
+
+def GeneratePassword(length=8, include_symbols=False):
+  """Generates a random password."""
+  if length < MIN_LENGTH:
+    raise InputError('Password length must be at least %d' % MIN_LENGTH)
+
+  candidates = (CANDIDATES_WITH_SYMBOLS if include_symbols
+                else CANDIDATES_WITHOUT_SYMBOLS)
+  categories = (CATEGORIES_WITH_SYMBOLS if include_symbols
+                else CATEGORIES_WITHOUT_SYMBOLS)
+
+  # Generates up to the specified length minus the number of categories.
+  # Then inserts one character for each category, ensuring that the character
+  # satisfy the category if the generated string hasn't already.
+  generated = ([random.choice(ALPHABET)] +
+               [random.choice(candidates)
+                for _ in range(length - 1 - len(categories))])
+  for category in categories:
+    _InsertAndEnsureSatisfaction(generated, category, candidates)
+  return ''.join(generated)
+
+
+def _InsertAndEnsureSatisfaction(generated, required, all_candidates):
+  """Inserts 1 char into generated, satisfying required if not already.
+
+  If the required characters are not already in the generated string, one will
+  be inserted. If any required character is already in the generated string, a
+  random character from all_candidates will be inserted. The insertion happens
+  at a random location but not at the beginning.
+
+  Args:
+    generated: the string to be modified.
+    required: list of required characters to check for.
+    all_candidates: list of characters to choose from if the required characters
+        are already satisfied.
+  """
+  if set(generated).isdisjoint(required):
+    # Not yet satisfied. Insert a required candidate.
+    _InsertInto(generated, required)
+  else:
+    # Already satisfied. Insert any candidate.
+    _InsertInto(generated, all_candidates)
+
+
+def _InsertInto(generated, candidates):
+  """Inserts a random candidate into a random non-zero index of generated."""
+  # Avoids inserting at index 0, since the first character follows its own rule.
+  generated.insert(random.randint(1, len(generated) - 1),
+                   random.choice(candidates))
diff --git a/deprecated/gcp/R80.40-R81/single-payg/README.md b/deprecated/gcp/R80.40-R81/single-payg/README.md
new file mode 100644
index 00000000..c3f9443a
--- /dev/null
+++ b/deprecated/gcp/R80.40-R81/single-payg/README.md
@@ -0,0 +1,133 @@
+# GCP Deployment Manager package for Management, Gateway and Standalone PAYG solutions
+This directory contains CloudGuard IaaS deployment package for Management, Gateway and Standalone PAYG solution published in the [GCP Marketplace](https://console.cloud.google.com/marketplace/details/checkpoint-public/check-point-cloudguard-payg).
+
+# How to deploy the package manually
+To deploy the Deployment Manager's package manually, without using the GCP Marketplace, follow these instructions:
+1. Clone or download the files in this directory
+2. Fill variables in the config.yaml(see below for variables descriptions).
+3. Log into [Google Cloud Platform Console](https://console.cloud.google.com)
+4. [Activate Cloud Shell](https://cloud.google.com/shell/docs/using-cloud-shell)
+5. Set your Cloud Platform project in the Cloud Shell session use:
+        
+        gcloud config set project [PROJECT_ID]
+6. Upload the content of the CloudGuardIaaS/gcp/deployment-packages/single-payg/ directory to the [cloud shell](https://cloud.google.com/shell/docs/uploading-and-downloading-files) 
+7. Launch deployment by running:
+        
+         gcloud deployment-manager deployments create [DEPLOYMENT_NAME] --config config.yaml
+8. Make sure the deployment finished successfully. <br>Example of successful deployment output:
+        
+        The fingerprint of the deployment is NEBnvNbqOItDoLZrhYNo5Q==
+        Waiting for create [operation-1585065238276-5a19bc2792a32-becd058d-67862f39]...done.
+        Create operation operation-1585065238276-5a19bc2792a32-becd058d-67862f39 completed successfully.
+        NAME                        TYPE                          STATE      ERRORS  INTENT
+        gateway-config              runtimeconfig.v1beta1.config  COMPLETED  []
+        gateway-software            runtimeconfig.v1beta1.waiter  COMPLETED  []
+        gateway-vm                  compute.v1.instance           COMPLETED  []
+        gateway-vm-address          compute.v1.address            COMPLETED  []
+        OUTPUTS     VALUE
+        Deployment  gateway
+        Instance    gateway-single-vm
+        
+## config.yaml variables
+| Name          | Description   | Type          | Allowed values |
+| ------------- | ------------- | ------------- | -------------  |
+| **zone** | The zone determines what computing resources are available and where your data is stored and used | string | List of allowed [Regions and Zones](https://cloud.google.com/compute/docs/regions-zones?_ga=2.31926582.-962483654.1585043745) |
+|  |  |  |  |  |
+| **machineType** | Machine types determine the specifications of your machines, such as the amount of memory, virtual cores, and persistent disk limits an instance will have | string | [Learn more about Machine Types](https://cloud.google.com/compute/docs/machine-types?hl=en_US&_ga=2.267871494.-962483654.1585043745) |
+|  |  |  |  |  |
+| **network** | The network determines what network traffic the instance can access | string | Available network in the chosen zone  |
+|  |  |  |  |  |
+| **Subnetwork** | Assigns the instance an IPv4 address from the subnetwork’s range. Instances in different subnetworks can communicate with each other using their internal IPs as long as they belong to the same network. | string | Available subnetwork in the chosen network  |
+|  |  |  |  |  |
+| **network_enableTcp** | Allow TCP traffic from the Internet | boolean | true; <br/>false;  |
+|  |  |  |  |  |
+| **network_tcpSourceRanges** | Allow TCP traffic from the Internet | string | Traffic is only allowed from sources within these IP address ranges. Use CIDR notation when entering ranges. For gateway all ports are allowed. For management allowed ports are: 257,18191,18210,18264,22,443,18190,19009 [Learn more](https://cloud.google.com/vpc/docs/vpc?_ga=2.36703144.-962483654.1585043745#firewalls) |
+|  |  |  |  |  |
+| **network_enableGwNetwork** | This is relevant for **Management** only. The network in which managed gateways reside | boolean | true; <br/>false;  |
+|  |  |  |  |  |
+| **network_gwNetworkSourceRanges** | Allow TCP traffic from the Internet | string | Enter a valid IPv4 network CIDR (e.g. 0.0.0.0/0) |
+|  |  |  |  |  |
+| **network_enableIcmp** | Allow ICMP traffic from the Internet | boolean | true; <br/>false;  |
+|  |  |  |  |  |
+| **network_icmpSourceRanges** | Source IP ranges for ICMP traffic | string | Traffic is only allowed from sources within these IP address ranges. Use CIDR notation when entering ranges. For gateway only. [Learn more](https://cloud.google.com/vpc/docs/vpc?_ga=2.36703144.-962483654.1585043745#firewalls) |
+|  |  |  |  |  |
+| **network_enableUdp** | Allow UDP traffic from the Internet | boolean | true; <br/>false;  |
+|  |  |  |  |  |
+| **network_udpSourceRanges** | Source IP ranges for UDP traffic | string | Traffic is only allowed from sources within these IP address ranges. Use CIDR notation when entering ranges. For gateway only - all ports are allowed. [Learn more](https://cloud.google.com/vpc/docs/vpc?_ga=2.36703144.-962483654.1585043745#firewalls) |
+|  |  |  |  |  |
+| **network_enableSctp** | Allow SCTP traffic from the Internet | boolean | true; <br/>false;  |
+|  |  |  |  |  |
+| **network_sctpSourceRanges** | Source IP ranges for SCTP traffic | string | Traffic is only allowed from sources within these IP address ranges. Use CIDR notation when entering ranges. For gateway only - all ports are allowed. [Learn more](https://cloud.google.com/vpc/docs/vpc?_ga=2.36703144.-962483654.1585043745#firewalls) |
+|  |  |  |  |  |
+| **network_enableEsp** | Allow ESP traffic from the Internet | boolean | true; <br/>false; |
+|  |  |  |  |  |
+| **network_espSourceRanges** | Source IP ranges for ESP traffic | string | Traffic is only allowed from sources within these IP address ranges. Use CIDR notation when entering ranges. For gateway only. [Learn more](https://cloud.google.com/vpc/docs/vpc?_ga=2.36703144.-962483654.1585043745#firewalls) |
+|  |  |  |  |  |
+| **externalIP** | External IP address type | string | Static;<br/>Ephemeral;<br/>None;<br/>An external IP address associated with this instance. Selecting "None" will result in the instance having no external internet access. [Learn more](https://cloud.google.com/compute/docs/ip-addresses/reserve-static-external-ip-address?_ga=2.259654658.-962483654.1585043745) |
+|  |  |  |  |  |
+| **installationType** | Installation type and version | string | R80.40 Gateway only<br/>R80.40 Management only<br/>R80.40 Manual Configuration<br/>R80.40 Gateway and Management (Standalone)<br/>R81.00 Gateway only<br/>R81.00 Management only<br/>R81.00 Manual Configuration<br/>R81.00 Gateway and Management (Standalone)<br/>R81.10 Gateway only<br/>R81.10 Management only<br/>R81.10 Manual Configuration<br/>R81.10 Gateway and Management (Standalone)<br/>R81.20 Gateway only<br/>R81.20 Management only<br/>R81.20 Manual Configuration<br/>R81.20 Gateway and Management (Standalone) |
+| **smart1CloudToken** | Smart-1 Cloud token to connect this gateway to Check Point's Security Management as a Service. <br/><br/> Follow these instructions to quickly connect this member to Smart-1 Cloud - [SK180501](https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk180501) | string | A valid token copied from the Connect Gateway screen in Smart-1 Cloud portal.|
+|  |  |  |  |  |
+| **diskType** | Disk type | string | pd-ssd;<br/>pd-standard;<br/>Storage space is much less expensive for a standard persistent disk. An SSD persistent disk is better for random IOPS or streaming throughput with low latency. [Learn more](https://cloud.google.com/compute/docs/disks/?hl=en_US&_ga=2.66020774.-962483654.1585043745#overview_of_disk_types)|
+|  |  |  |  |  |
+| **bootDiskSizeGb** | Disk size in GB | number | Persistent disk performance is tied to the size of the persistent disk volume. You are charged for the actual amount of provisioned disk space. [Learn more](https://cloud.google.com/compute/docs/disks/?hl=en_US&_ga=2.232680471.-962483654.1585043745#pdperformance)|
+|  |  |  |  |  |
+| **generatePassword** | Automatically generate an administrator password | boolean | true; <br/>false; |
+|  |  |  |  |  |
+| **allowUploadDownload** | Allow download from/upload to Check Point  | boolean | true; <br/>false; |
+|  |  |  |  |  |
+| **enableMonitoring** | Enable Stackdriver monitoring | boolean | true; <br/>false; |
+|  |  |  |  |  |
+| **shell** | Admin shell | string | /etc/cli.sh;<br/>/bin/bash;<br/>/bin/csh;<br/>/bin/tcsh;<br/> |
+|  |  |  |  |  |
+| **instanceSSHKey** | Public SSH key for the user 'admin' | string | A valid public ssh key |
+|  |  |  |  |  |
+| **sicKey** | The Secure Internal Communication one time secret used to set up trust between the cluster object and the management server | string | At least 8 alpha numeric characters.<br/>If SIC is not provided and needed, a key will be automatically generated |
+|  |  |  |  |  |
+| **managementGUIClientNetwork** | Allowed GUI clients | string | A valid IPv4 network CIDR (e.g. 0.0.0.0/0) |
+|  |  |  |  |  |
+| **numAdditionalNICs** | Number of additional network interfaces | number | A number in the range 0 - 7.<br/>Multiple network interfaces deployment is described in [sk121637 - Deploy a CloudGuard for GCP with Multiple Network Interfaces](https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk121637) |
+|  |  |  |  |  |
+
+## Example
+    zone: "asia-east1-a"
+    machineType: "n1-standard-4"
+    network: "frontend-vpc"
+    subnetwork: "frontend"
+    network_enableTcp: true
+    network_tcpSourceRanges: "0.0.0.0/0"
+    network_enableGwNetwork: true
+    network_gwNetworkSourceRanges: "0.0.0.0/0"					  							 
+    network_enableIcmp: true
+    network_icmpSourceRanges: "0.0.0.0/0"
+    network_enableUdp: true
+    network_udpSourceRanges: "0.0.0.0/0"
+    network_enableSctp: false
+    network_sctpSourceRanges: ""
+    network_enableEsp: false
+    network_espSourceRanges: ""
+    externalIP: "Static"
+    installationType: "R81.10 Gateway only"
+    smart1CloudToken: "xxxxxxxxxxxxxxxxxxxxxxxx"
+    diskType: "pd-ssd"
+    bootDiskSizeGb: 100
+    generatePassword: false
+    allowUploadDownload: true
+    enableMonitoring: false
+    shell: "/bin/bash"
+    instanceSSHKey: "ssh-rsa xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx imported-openssh-key"
+    sicKey: "xxxxxxxx"
+    managementGUIClientNetwork: "0.0.0.0/0"
+    numAdditionalNICs: 1
+    additionalNetwork1: "backend-vpc1"
+    additionalSubnetwork1: "backend1"
+    externalIP1": "None"
+    additionalNetwork2": "backend-vpc2"
+    additionalSubnetwork2": "backend2"
+    externalIP2": "None"
+
+
+
+
+## Notes
+See [sk147032](https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk147032) for revision history
\ No newline at end of file
diff --git a/deprecated/gcp/R80.40-R81/single-payg/c2d_deployment_configuration.json b/deprecated/gcp/R80.40-R81/single-payg/c2d_deployment_configuration.json
new file mode 100644
index 00000000..e6af487e
--- /dev/null
+++ b/deprecated/gcp/R80.40-R81/single-payg/c2d_deployment_configuration.json
@@ -0,0 +1,7 @@
+{
+  "defaultDeploymentType": "SINGLE_VM",
+  "imageName": "check-point-r8120-gw-payg-single-631-991001475-v20231221",
+  "projectId": "checkpoint-public",
+  "templateName": "nonexistent_template",
+  "useSolutionPackage": "true"
+}
diff --git a/deprecated/gcp/R80.40-R81/single-payg/check-point-vsec--payg.py b/deprecated/gcp/R80.40-R81/single-payg/check-point-vsec--payg.py
new file mode 100644
index 00000000..7165477d
--- /dev/null
+++ b/deprecated/gcp/R80.40-R81/single-payg/check-point-vsec--payg.py
@@ -0,0 +1,474 @@
+# Copyright 2016 Check Point Software LTD.
+import common
+import default
+import images
+import password
+
+GATEWAY = 'checkpoint-gateway'
+MANAGEMENT = 'checkpoint-management'
+
+PROJECT = 'checkpoint-public'
+LICENSE = 'payg'
+LICENCE_TYPE = 'single'
+
+VERSIONS = {
+    'R80.40': 'r8040',
+    'R80.40-GW': 'r8040-gw',
+    'R81': 'r81',
+    'R81-GW': 'r81-gw',
+    'R81.10': 'r8110',
+    'R81.10-GW': 'r8110-gw',
+    'R81.20': 'r8120',
+    'R81.20-GW': 'r8120-gw'
+}
+
+ADDITIONAL_NETWORK = 'additionalNetwork{}'
+ADDITIONAL_SUBNET = 'additionalSubnetwork{}'
+ADDITIONAL_EXTERNAL_IP = 'externalIP{}'
+MAX_NICS = 8
+
+TEMPLATE_NAME = 'single'
+TEMPLATE_VERSION = '20231221'
+
+ATTRIBUTES = {
+    'Gateway and Management (Standalone)': {
+        'tags': [GATEWAY, MANAGEMENT],
+        'description': 'Check Point Security Gateway and Management',
+        'canIpForward': True,
+    },
+    'Gateway only': {
+        'tags': [GATEWAY],
+        'description': 'Check Point Security Gateway',
+        'canIpForward': True,
+    },
+    'Manual Configuration': {
+        'tags': [],
+        'description': 'Check Point',
+        'canIpForward': True,
+    }
+}
+
+startup_script = '''
+#cloud-config
+runcmd:
+  - 'python3 /etc/cloud_config.py "generatePassword=\\"{generatePassword}\\"" "allowUploadDownload=\\"{allowUploadDownload}\\"" "templateName=\\"{templateName}\\"" "templateVersion=\\"{templateVersion}\\"" "mgmtNIC=\\"{mgmtNIC}\\"" "hasInternet=\\"{hasInternet}\\"" "config_url=\\"{config_url}\\"" "config_path=\\"{config_path}\\"" "installationType=\\"{installationType}\\"" "enableMonitoring=\\"{enableMonitoring}\\"" "shell=\\"{shell}\\"" "computed_sic_key=\\"{computed_sic_key}\\"" "sicKey=\\"{sicKey}\\"" "managementGUIClientNetwork=\\"{managementGUIClientNetwork}\\"" "primary_cluster_address_name=\\"{primary_cluster_address_name}\\"" "secondary_cluster_address_name=\\"{secondary_cluster_address_name}\\"" "managementNetwork=\\"{managementNetwork}\\"" "numAdditionalNICs=\\"{numAdditionalNICs}\\"" "smart1CloudToken=\\"{smart1CloudToken}\\"" "name=\\"{name}\\"" "zone=\\"{zoneConfig}\\"" "region=\\"{region}\\"" "osVersion=\\"{osVersion}\\"" "MaintenanceModePassword=\\"{maintenanceMode}\\""'
+'''
+
+
+def set_name_and_truncate(primary, secondary, maxlength=62):
+    return '%s%s' % (primary[:maxlength - len(secondary)], secondary)
+
+
+def MakeStaticAddress(vm_name, zone, ifnum=None):
+    """Creates a static IP address resource; returns it and the natIP."""
+    if ifnum:
+        address_name = set_name_and_truncate(vm_name,
+                                             '-address-{}'.format(ifnum))
+    else:
+        address_name = set_name_and_truncate(vm_name, '-address')
+    address_resource = {
+        'name': address_name,
+        'type': default.ADDRESS,
+        'properties': {
+            'name': address_name,
+            'region': common.ZoneToRegion(zone),
+        },
+    }
+    return address_resource, '$(ref.%s.address)' % address_name
+
+
+def make_access_config(resources, vm_name, zone, static, index=None):
+    name = 'external-address'
+    if index:
+        name += '-{}'.format(index)
+    access_config = {
+        'name': name,
+        'type': default.ONE_NAT
+    }
+    if static:
+        address_resource, nat_ip = MakeStaticAddress(vm_name, zone, index)
+        resources.append(address_resource)
+        access_config['natIP'] = nat_ip
+    return access_config
+
+
+def create_firewall_rules(prop, net_name, fw_rule_name_prefix, mgmt=False,
+                          uid=''):
+    firewall_rules = []
+    protocols = ['Icmp', 'Udp', 'Tcp', 'Sctp', 'Esp']
+    if mgmt:
+        protocols.remove('Tcp')
+    for protocol in protocols:
+        proto = protocol.lower()
+        source_ranges = prop.get('network' + '_' + proto + 'SourceRanges', '')
+        protocol_enabled = prop.get('network' + '_enable' + protocol, '')
+        if protocol_enabled and source_ranges:
+            firewall_rules.append(make_firewall_rule(
+                proto, source_ranges, net_name, fw_rule_name_prefix, mgmt,
+                uid))
+    return firewall_rules
+
+
+def make_firewall_rule(protocol, source_ranges,
+                       net_name, fw_rule_name_prefix, mgmt=False, uid=''):
+    ranges = []
+    ranges_list = source_ranges.split(',')
+    for source_range in ranges_list:
+        ranges.append(source_range.replace(" ", ""))
+    fw_rule_name = fw_rule_name_prefix + '-' + protocol
+    if mgmt:
+        targetTags = [uid]
+    else:
+        targetTags = [GATEWAY]
+    firewall_rule = {
+        'type': default.FIREWALL,
+        'name': fw_rule_name,
+        'properties': {
+            'network': 'global/networks/' + net_name,
+            'sourceRanges': ranges,
+            'targetTags': targetTags,
+            'allowed': [{'IPProtocol': protocol}],
+        }
+    }
+    return firewall_rule
+
+
+def generate_config(context):
+    """Creates the gateway."""
+    prop = context.properties
+    prop['cloudguardVersion'], _, prop['installationType'] = prop[
+        'installationType'].partition(' ')
+    if prop['smart1CloudToken'] and prop['installationType'] != 'Gateway only':
+        raise Exception('Use of Smart-1 Cloud token is allowed only\
+         for Gateway development.')
+    prop['templateName'] = TEMPLATE_NAME
+    prop['templateVersion'] = TEMPLATE_VERSION
+    prop['osVersion'] = prop['cloudguardVersion'].replace(".", "")
+    prop['allowUploadDownload'] = str(prop['allowUploadDownload']).lower()
+    if not prop['managementGUIClientNetwork'] and prop['installationType'] in {
+            'Gateway and Management (Standalone)'}:
+        raise Exception('Allowed GUI clients are required when installing '
+                        'a management server')
+    for k in ['managementGUIClientNetwork']:
+        prop.setdefault(k, '')
+    resources = []
+    outputs = []
+    network_interfaces = []
+    external_ifs = []
+    zone = prop['zone']
+    deployment = context.env['deployment']
+    vm_name = set_name_and_truncate(deployment, '-vm')
+    access_configs = []
+    if prop['externalIP'] != 'None':
+        access_config = make_access_config(resources, vm_name, zone,
+                                           'Static' == prop['externalIP'])
+        access_configs.append(access_config)
+        external_ifs.append(0)
+        prop['hasInternet'] = 'true'
+    else:
+        prop['hasInternet'] = 'false'
+    network = common.MakeGlobalComputeLink(context, default.NETWORK)
+    networks = {prop['network']}
+    network_interface = {
+        'network': network,
+        'accessConfigs': access_configs,
+    }
+    if default.SUBNETWORK in prop:
+        network_interface['subnetwork'] = common.MakeSubnetworkComputeLink(
+            context, default.SUBNETWORK)
+    network_interfaces.append(network_interface)
+    for ifnum in range(1, prop['numAdditionalNICs'] + 1):
+        net = prop.get(ADDITIONAL_NETWORK.format(ifnum))
+        subnet = prop.get(ADDITIONAL_SUBNET.format(ifnum))
+        ext_ip = prop.get(ADDITIONAL_EXTERNAL_IP.format(ifnum))
+        if not net or not subnet:
+            raise Exception(
+                'Missing network parameters for interface {}'.format(ifnum))
+        if net in networks:
+            raise Exception('Cannot use network "' + net + '" more than once')
+        networks.add(net)
+        net = ''.join([
+            default.COMPUTE_URL_BASE,
+            'projects/', context.env['project'], '/global/networks/', net])
+        subnet = ''.join([
+            default.COMPUTE_URL_BASE,
+            'projects/', context.env['project'],
+            '/regions/', common.ZoneToRegion(zone), '/subnetworks/', subnet])
+        network_interface = {
+            'network': net,
+            'subnetwork': subnet,
+        }
+        if 'None' != ext_ip:
+            external_ifs.append(ifnum)
+            access_config = make_access_config(
+                resources, vm_name, zone, 'Static' == ext_ip, ifnum + 1)
+            access_configs = [access_config]
+            network_interface['accessConfigs'] = access_configs
+            if not prop.get('hasInternet') or 'false' == prop['hasInternet']:
+                prop['hasInternet'] = 'true'
+        network_interfaces.append(network_interface)
+    for ifnum in range(prop['numAdditionalNICs'] + 1, MAX_NICS):
+        prop.pop(ADDITIONAL_NETWORK.format(ifnum), None)
+        prop.pop(ADDITIONAL_SUBNET.format(ifnum), None)
+        prop.pop(ADDITIONAL_EXTERNAL_IP.format(ifnum), None)
+    deployment_config = set_name_and_truncate(deployment, '-config')
+    prop['config_url'] = ('https://runtimeconfig.googleapis.com/v1beta1/' +
+                          'projects/' + context.env[
+                              'project'] + '/configs/' + deployment_config)
+    prop['config_path'] = '/'.join(prop['config_url'].split('/')[-4:])
+    prop['deployment_config'] = deployment_config
+    tags = ATTRIBUTES[prop['installationType']]['tags']
+    uid = set_name_and_truncate(vm_name, '-' + password.GeneratePassword(
+        8, False).lower())
+    if prop['installationType'] == 'Gateway only':
+        prop['cloudguardVersion'] += '-GW'
+        if not prop.get('sicKey'):
+            prop['computed_sic_key'] = password.GeneratePassword(12, False)
+        else:
+            prop['computed_sic_key'] = prop['sicKey']
+    else:
+        prop['computed_sic_key'] = 'N/A'
+    outputs.append({
+        'name': 'sicKey',
+        'value': prop['computed_sic_key'],
+    }, )
+    if 'gw' in VERSIONS[prop['cloudguardVersion']]:
+        license_name = "{}-{}".format(LICENSE, LICENCE_TYPE)
+    else:
+        license_name = LICENSE
+    family = '-'.join(['check-point', VERSIONS[prop['cloudguardVersion']],
+                       license_name])
+    formatter = common.DefaultFormatter()
+    gw = {
+        'type': default.INSTANCE,
+        'name': vm_name,
+        'properties': {
+            'description': ATTRIBUTES[prop['installationType']]['description'],
+            'zone': zone,
+            'tags': {
+                'items': tags + [uid],
+            },
+            'machineType': common.MakeLocalComputeLink(
+                context, default.MACHINETYPE),
+            'canIpForward': ATTRIBUTES[
+                prop['installationType']]['canIpForward'],
+            'networkInterfaces': network_interfaces,
+            'disks': [{
+                'autoDelete': True,
+                'boot': True,
+                'deviceName': common.AutoName(
+                    context.env['name'], default.DISK, 'boot'),
+                'initializeParams': {
+                    'diskType': common.MakeLocalComputeLink(
+                        context, default.DISKTYPE),
+                    'diskSizeGb': prop['bootDiskSizeGb'],
+                    'sourceImage':
+                        'projects/%s/global/images/%s' % (
+                            PROJECT, images.IMAGES[family]),
+                },
+                'type': 'PERSISTENT',
+            }],
+            'metadata': {
+                'items': [
+                    {
+                        'key': 'startup-script',
+                        'value': formatter.format(startup_script, **prop)
+                    },
+                ]
+            },
+            'serviceAccounts': [{
+                'email': 'default',
+                'scopes': [
+                    'https://www.googleapis.com/auth/monitoring.write'
+                ],
+            }]
+        }
+    }
+    if (prop['externalIP'] != 'None') and (
+            'Manual Configuration' != prop['installationType']):
+        gw['properties']['serviceAccounts'][0]['scopes'].append(
+            'https://www.googleapis.com/auth/cloudruntimeconfig')
+        resources.append({
+            'name': deployment_config,
+            'type': 'runtimeconfig.v1beta1.config',
+            'properties': {
+                'config': deployment_config,
+                'description': ('Holds software readiness status '
+                                'for deployment {}').format(deployment),
+            },
+        })
+        resources.append({
+            'name': set_name_and_truncate(deployment, '-software'),
+            'type': 'runtimeconfig.v1beta1.waiter',
+            'metadata': {
+                'dependsOn': [],
+            },
+            'properties': {
+                'parent': '$(ref.' + deployment_config + '.name)',
+                'waiter': 'software',
+                'timeout': '1800s',
+                'success': {
+                    'cardinality': {
+                        'number': 1,
+                        'path': 'status/success',
+                    },
+                },
+                'failure': {
+                    'cardinality': {
+                        'number': 1,
+                        'path': 'status/failure',
+                    },
+                },
+            },
+        })
+    if 'instanceSSHKey' in prop:
+        gw['properties']['metadata']['items'].append(
+            {
+                'key': 'instanceSSHKey',
+                'value': prop['instanceSSHKey']
+            }
+        )
+    if prop['generatePassword']:
+        passwd = password.GeneratePassword(12, False)
+        gw['properties']['metadata']['items'].append(
+            {
+                'key': 'adminPasswordSourceMetadata',
+                'value': passwd
+            }
+        )
+    else:
+        passwd = ''
+    resources.append(gw)
+    netlist = list(networks)
+
+    if GATEWAY in tags:
+        for i in range(len(netlist)):
+            network = netlist[i]
+            fw_rule_name_prefix = set_name_and_truncate(
+                gen_fw_rule_name_deployment_network_prefix(
+                    deployment, network),
+                '-allow-all-to-chkp-{}'.format(i + 1))
+            firewall_rules = create_firewall_rules(
+                prop, network, fw_rule_name_prefix)
+            resources.extend(firewall_rules)
+    elif MANAGEMENT in tags:
+        for i in range(len(netlist)):
+            network = netlist[i]
+            source_ranges = prop['network_tcpSourceRanges']
+            tcp_enabled = prop['network_enableTcp']
+            gwNetwork_enabled = prop['network_enableGwNetwork']
+            gwNetwork_source_range = prop['network_gwNetworkSourceRanges']
+            if source_ranges and not tcp_enabled:
+                raise Exception(
+                    'Allowed source IP ranges for TCP traffic are provided '
+                    'but TCP not marked as allowed')
+            if tcp_enabled and not source_ranges:
+                raise Exception('Allowed source IP ranges for TCP traffic'
+                                ' are required when installing '
+                                'a management server')
+            if not gwNetwork_enabled and gwNetwork_source_range:
+                raise Exception('Gateway network source IP are provided but '
+                                'not marked as allowed.')
+            if gwNetwork_enabled and not gwNetwork_source_range:
+                raise Exception('Gateway network source IP is required in'
+                                ' MGMT deployment.')
+            ranges_list = source_ranges.split(',')
+            gw_network_list = gwNetwork_source_range.split(',')
+            ranges = []
+            gw_net_ranges = []
+            for source_range in ranges_list:
+                ranges.append(source_range.replace(" ", ""))
+            for gw_net_range in gw_network_list:
+                gw_net_ranges.append(gw_net_range.replace(" ", ""))
+            if tcp_enabled:
+                if gwNetwork_enabled:
+                    resources.append({
+                        'type': 'compute.v1.firewall',
+                        'name': set_name_and_truncate(
+                            gen_fw_rule_name_deployment_network_prefix(
+                                deployment, network),
+                            '-gateways-to-management-{}'.format(i + 1)),
+                        'properties': {
+                            'network': 'global/networks/' + network,
+                            'sourceRanges': list(set(gw_net_ranges + ranges)),
+                            'sourceTags': [GATEWAY],
+                            'targetTags': [uid],
+                            'allowed': [
+                                {
+                                    'IPProtocol': 'tcp',
+                                    'ports': ['257', '18191', '18210', '18264']
+                                },
+                            ],
+                        }
+                    })
+                resources.append({
+                    'type': 'compute.v1.firewall',
+                    'name': set_name_and_truncate(
+                        gen_fw_rule_name_deployment_network_prefix(deployment,
+                                                                   network),
+                        '-allow-gui-clients-{}'.format(i + 1)),
+                    'properties': {
+                        'network': 'global/networks/' + network,
+                        'sourceRanges': list(set(ranges)),
+                        'targetTags': [uid],
+                        'allowed': [
+                            {
+                                'IPProtocol': 'tcp',
+                                'ports': ['22', '443', '18190', '19009']
+                            },
+                        ],
+                    }
+                })
+            fw_rule_name_prefix = set_name_and_truncate(
+                gen_fw_rule_name_deployment_network_prefix(
+                    deployment, network),
+                '-allow-all-to-chkp-{}'.format(i + 1))
+            firewall_rules = create_firewall_rules(
+                prop, network, fw_rule_name_prefix, True, uid)
+            resources.extend(firewall_rules)
+    outputs += [
+        {
+            'name': 'deployment',
+            'value': deployment
+        },
+        {
+            'name': 'project',
+            'value': context.env['project']
+        },
+        {
+            'name': 'vmName',
+            'value': vm_name,
+        },
+        {
+            'name': 'vmId',
+            'value': '$(ref.%s.id)' % vm_name,
+        },
+        {
+            'name': 'vmSelfLink',
+            'value': '$(ref.%s.selfLink)' % vm_name,
+        },
+        {
+            'name': 'hasMultiExternalIPs',
+            'value': 0 < len(external_ifs) and external_ifs != [0],
+        },
+        {
+            'name': 'additionalExternalIPs',
+            'value': ', '.join([('$(ref.{}.networkInterfaces[{}].' +
+                                 'accessConfigs[0].natIP)').format(
+                vm_name, ifnum) for ifnum in external_ifs if ifnum])
+        },
+        {
+            'name': 'vmInternalIP',
+            'value': '$(ref.%s.networkInterfaces[0].networkIP)' % vm_name,
+        },
+        {
+            'name': 'password',
+            'value': passwd
+        }
+    ]
+    return common.MakeResource(resources, outputs)
+
+
+def gen_fw_rule_name_deployment_network_prefix(deployment_name, network_name):
+    return '{}-{}'. \
+        format(deployment_name[:20], network_name[:16])
diff --git a/deprecated/gcp/R80.40-R81/single-payg/check-point-vsec--payg.py.schema b/deprecated/gcp/R80.40-R81/single-payg/check-point-vsec--payg.py.schema
new file mode 100644
index 00000000..8383e1c7
--- /dev/null
+++ b/deprecated/gcp/R80.40-R81/single-payg/check-point-vsec--payg.py.schema
@@ -0,0 +1,359 @@
+imports:
+  - path: check-point-vsec--payg.py
+
+info:
+  version: 1.0
+  title: Check Point CloudGuard Network Security - PAYG Template
+
+required:
+  - zone
+  - machineType
+  - network
+  - diskType
+  - bootDiskSizeGb
+  - installationType
+  - allowUploadDownload
+  - shell
+  - managementGUIClientNetwork
+  - generatePassword
+  - enableMonitoring
+  - numAdditionalNICs
+
+properties:
+  zone:
+    type: string
+    default: us-central1-a
+    x-googleProperty:
+      type: GCE_ZONE
+  machineType:
+    type: string
+    default: n1-standard-4
+    x-googleProperty:
+      type: GCE_MACHINE_TYPE
+      zoneProperty: zone
+      gceMachineType:
+        minCpu: 2
+        minRamGb: 1.843000054359436
+  network:
+    type: string
+    default: default
+    x-googleProperty:
+      type: GCE_NETWORK
+  subnetwork:
+    type: string
+    x-googleProperty:
+      type: GCE_SUBNETWORK
+      zoneProperty: zone
+      gceSubnetwork:
+        networkProperty: network
+  network_enableTcp:
+    type: boolean
+    default: False
+    x-googleProperty:
+      type: GCE_FIREWALL
+      gceFirewall:
+        networkProperty: network
+  network_tcpSourceRanges:
+    type: string
+    x-googleProperty:
+      type: GCE_FIREWALL_RANGE
+      gceFirewallRange:
+        firewallProperty: network_enableTcp
+  network_enableGwNetwork:
+    type: boolean
+    default: False
+    x-googleProperty:
+      type: GCE_FIREWALL
+      gceFirewall:
+        networkProperty: network
+  network_gwNetworkSourceRanges:
+    type: string
+    x-googleProperty:
+      type: GCE_FIREWALL_RANGE
+      gceFirewallRange:
+        firewallProperty: network_enableGwNetwork
+  network_enableIcmp:
+    type: boolean
+    default: False
+    x-googleProperty:
+      type: GCE_FIREWALL
+      gceFirewall:
+        networkProperty: network
+  network_icmpSourceRanges:
+    type: string
+    x-googleProperty:
+      type: GCE_FIREWALL_RANGE
+      gceFirewallRange:
+        firewallProperty: network_enableIcmp
+  network_enableUdp:
+    type: boolean
+    default: False
+    x-googleProperty:
+      type: GCE_FIREWALL
+      gceFirewall:
+        networkProperty: network
+  network_udpSourceRanges:
+    type: string
+    x-googleProperty:
+      type: GCE_FIREWALL_RANGE
+      gceFirewallRange:
+        firewallProperty: network_enableUdp
+  network_enableSctp:
+    type: boolean
+    default: False
+    x-googleProperty:
+      type: GCE_FIREWALL
+      gceFirewall:
+        networkProperty: network
+  network_sctpSourceRanges:
+    type: string
+    x-googleProperty:
+      type: GCE_FIREWALL_RANGE
+      gceFirewallRange:
+        firewallProperty: network_enableSctp
+  network_enableEsp:
+    type: boolean
+    default: False
+    x-googleProperty:
+      type: GCE_FIREWALL
+      gceFirewall:
+        networkProperty: network
+  network_espSourceRanges:
+    type: string
+    x-googleProperty:
+      type: GCE_FIREWALL_RANGE
+      gceFirewallRange:
+        firewallProperty: network_enableEsp
+  smart1CloudToken:
+    type: string
+    default: ''
+  diskType:
+    type: string
+    default: pd-ssd
+    x-googleProperty:
+      type: GCE_DISK_TYPE
+      zoneProperty: zone
+  bootDiskSizeGb:
+    type: integer
+    maximum: 1000
+    default: 100
+    minimum: 100
+    x-googleProperty:
+      type: GCE_DISK_SIZE
+      gceDiskSize:
+        diskTypeProperty: diskType
+  installationType:
+    type: string
+    default: R81.20 Gateway only
+    enum:
+      - R80.40 Gateway only
+      - R80.40 Manual Configuration
+      - R80.40 Gateway and Management (Standalone)
+      - R81 Gateway only
+      - R81 Manual Configuration
+      - R81 Gateway and Management (Standalone)
+      - R81.10 Gateway only
+      - R81.10 Manual Configuration
+      - R81.10 Gateway and Management (Standalone)
+      - R81.20 Gateway only
+      - R81.20 Manual Configuration
+      - R81.20 Gateway and Management (Standalone)
+  maintenanceMode:
+    type: string
+    pattern: ^([a-z0-9A-Z.]{12,300}|)$
+    default: ''
+  allowUploadDownload:
+    type: boolean
+    default: True
+  shell:
+    type: string
+    default: /etc/cli.sh
+    enum:
+      - /etc/cli.sh
+      - /bin/bash
+      - /bin/csh
+      - /bin/tcsh
+  generatePassword:
+    type: boolean
+    default: False
+  enableMonitoring:
+    type: boolean
+    default: False
+  sicKey:
+    type: string
+    pattern: ^([a-z0-9A-Z]{8,30}|)$
+    default: ''
+  managementGUIClientNetwork:
+    type: string
+    pattern: ^([0-9]{1,3}\.){3}[0-9]{1,3}/([0-9]|[1-2][0-9]|3[0-2])$
+  externalIP:
+    type: string
+    enum:
+      - Static
+      - Ephemeral
+      - None
+    default: Static
+  instanceSSHKey:
+    type: string
+    pattern: ^([0-9a-z\-]+ +[0-9A-Za-z/\+=]+( .*)?|)$
+    default: ''
+  numAdditionalNICs:
+    type: integer
+    enum:
+      - 0
+      - 1
+      - 2
+      - 3
+      - 4
+      - 5
+      - 6
+      - 7
+    minimum: 0
+    maximum: 7
+    default: 1 
+  additionalNetwork1:
+    type: string
+    x-googleProperty:
+      type: GCE_NETWORK
+  additionalSubnetwork1:
+    type: string
+    x-googleProperty:
+      type: GCE_SUBNETWORK
+      zoneProperty: zone
+      gceSubnetwork:
+        networkProperty: additionalNetwork1
+  externalIP1:
+    type: string
+    enum:
+      - Static
+      - Ephemeral
+      - None
+    default: None
+  additionalNetwork2:
+    type: string
+    x-googleProperty:
+      type: GCE_NETWORK
+  additionalSubnetwork2:
+    type: string
+    x-googleProperty:
+      type: GCE_SUBNETWORK
+      zoneProperty: zone
+      gceSubnetwork:
+        networkProperty: additionalNetwork2
+  externalIP2:
+    type: string
+    enum:
+      - Static
+      - Ephemeral
+      - None
+    default: None
+  additionalNetwork3:
+    type: string
+    x-googleProperty:
+      type: GCE_NETWORK
+  additionalSubnetwork3:
+    type: string
+    x-googleProperty:
+      type: GCE_SUBNETWORK
+      zoneProperty: zone
+      gceSubnetwork:
+        networkProperty: additionalNetwork3
+  externalIP3:
+    type: string
+    enum:
+      - Static
+      - Ephemeral
+      - None
+    default: None
+  additionalNetwork4:
+    type: string
+    x-googleProperty:
+      type: GCE_NETWORK
+  additionalSubnetwork4:
+    type: string
+    x-googleProperty:
+      type: GCE_SUBNETWORK
+      zoneProperty: zone
+      gceSubnetwork:
+        networkProperty: additionalNetwork4
+  externalIP4:
+    type: string
+    enum:
+      - Static
+      - Ephemeral
+      - None
+    default: None
+  additionalNetwork5:
+    type: string
+    x-googleProperty:
+      type: GCE_NETWORK
+  additionalSubnetwork5:
+    type: string
+    x-googleProperty:
+      type: GCE_SUBNETWORK
+      zoneProperty: zone
+      gceSubnetwork:
+        networkProperty: additionalNetwork5
+  externalIP5:
+    type: string
+    enum:
+      - Static
+      - Ephemeral
+      - None
+    default: None
+  additionalNetwork6:
+    type: string
+    x-googleProperty:
+      type: GCE_NETWORK
+  additionalSubnetwork6:
+    type: string
+    x-googleProperty:
+      type: GCE_SUBNETWORK
+      zoneProperty: zone
+      gceSubnetwork:
+        networkProperty: additionalNetwork6
+  externalIP6:
+    type: string
+    enum:
+      - Static
+      - Ephemeral
+      - None
+    default: None
+  additionalNetwork7:
+    type: string
+    x-googleProperty:
+      type: GCE_NETWORK
+  additionalSubnetwork7:
+    type: string
+    x-googleProperty:
+      type: GCE_SUBNETWORK
+      zoneProperty: zone
+      gceSubnetwork:
+        networkProperty: additionalNetwork7
+  externalIP7:
+    type: string
+    enum:
+      - Static
+      - Ephemeral
+      - None
+    default: None
+
+outputs:
+  deployment:
+    type: string
+  project:
+    type: string
+  vmId:
+    type: string
+  vmInternalIP:
+    type: string
+  hasMultiExternalIP:
+    type: boolean
+  additionalExternalIPs:
+    type: string
+  vmName:
+    type: string
+  vmSelfLink:
+    type: string
+  password:
+    type: string
diff --git a/deprecated/gcp/R80.40-R81/single-payg/common.py b/deprecated/gcp/R80.40-R81/single-payg/common.py
new file mode 100644
index 00000000..e123c502
--- /dev/null
+++ b/deprecated/gcp/R80.40-R81/single-payg/common.py
@@ -0,0 +1,262 @@
+# Copyright 2015 Google Inc. All rights reserved.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+"""Generic simple functions used for python based template generation."""
+
+import re
+import sys
+import traceback
+import default
+import string
+
+import yaml
+
+RFC1035_RE = re.compile(r'^[a-z][-a-z0-9]{1,61}[a-z0-9]{1}$')
+
+
+class Error(Exception):
+  """Common exception wrapper for template exceptions."""
+  pass
+
+
+class DefaultFormatter(string.Formatter):
+    """Returns default instead of key error when looking for keys.
+
+    Used for startup-script which contains params from multiple deployments
+    whiles keys from one deployment may not be set in another.
+    """
+    def __init__(self, default=''):
+        self.default = default
+    def get_value(self, key, args, dict):
+        if isinstance(key, str):
+            return dict.get(key, self.default)
+        else:
+            return string.Formatter.get_value(key, args, dict)
+
+
+def set_name_and_truncate(primary, secondary, maxlength=62):
+    return '%s%s' % (primary[:maxlength - len(secondary)], secondary)
+
+
+def AddDiskResourcesIfNeeded(context):
+  """Checks context if disk resources need to be added."""
+  if default.DISK_RESOURCES in context.properties:
+    return context.properties[default.DISK_RESOURCES]
+  else:
+    return []
+
+
+def AutoName(base, resource, *args):
+  """Helper method to generate names automatically based on default."""
+  auto_name = '%s-%s' % (base, '-'.join(list(args) + [default.AKA[resource]]))
+  if not RFC1035_RE.match(auto_name):
+    raise Error('"%s" name for type %s does not match RFC1035 regex (%s)' %
+                (auto_name, resource, RFC1035_RE.pattern))
+  return auto_name
+
+
+def AutoRef(base, resource, *args):
+  """Helper method that builds a reference for an auto-named resource."""
+  return Ref(AutoName(base, resource, *args))
+
+
+def OrderedItems(dict_obj):
+  """Convenient method to yield sorted iteritems of a dictionary."""
+  keys = list(dict_obj.keys())
+  keys.sort()
+  for k in keys:
+    yield (k, dict_obj[k])
+
+
+def ShortenZoneName(zone):
+  """Given a string that looks like a zone name, creates a shorter version."""
+  geo, coord, number, letter = re.findall(r'(\w+)-(\w+)(\d)-(\w)', zone)[0]
+  geo = geo.lower() if len(geo) == 2 else default.LOC[geo.lower()]
+  coord = default.LOC[coord.lower()]
+  number = str(number)
+  letter = letter.lower()
+  return geo + '-' + coord + number + letter
+
+
+def ZoneToRegion(zone):
+  """Derives the region from a zone name."""
+  parts = zone.split('-')
+  if len(parts) != 3:
+    raise Error('Cannot derive region from zone "%s"' % zone)
+  return '-'.join(parts[:2])
+
+
+def FormatException(message):
+  """Adds more information to the exception."""
+  message = ('Exception Type: %s\n'
+             'Details: %s\n'
+             'Message: %s\n') % (sys.exc_info()[0],
+                                 traceback.format_exc(), message)
+  return message
+
+
+def Ref(name):
+  return '$(ref.%s.selfLink)' % name
+
+
+def RefGroup(name):
+  return '$(ref.%s.instanceGroup)' % name
+
+
+def GlobalComputeLink(project, collection, name):
+  return ''.join([default.COMPUTE_URL_BASE, 'projects/', project, '/global/',
+                  collection, '/', name])
+
+def GlobalNetworkLink(project, network):
+  return ''.join([default.COMPUTE_URL_BASE, 'projects/', project, '/global/',
+                  default.NETWORKS, '/', network])
+
+
+def LocalComputeLink(project, zone, key, value):
+  return ''.join([default.COMPUTE_URL_BASE, 'projects/', project, '/zones/',
+                  zone, '/', key, '/', value])
+
+
+def ReadContext(context, prop_key):
+  return (context.env['project'], context.properties.get('zone', None),
+          context.properties[prop_key])
+
+
+def MakeLocalComputeLink(context, key, zone=None):
+  if not zone:
+    project, zone, value = ReadContext(context, key)
+  else:
+    project, _, value = ReadContext(context, key)
+
+  if IsComputeLink(value):
+    return value
+  else:
+    return LocalComputeLink(project, zone, key + 's', value)
+
+
+def MakeGlobalComputeLink(context, key):
+  project, _, value = ReadContext(context, key)
+  if IsComputeLink(value):
+    return value
+  else:
+    return GlobalComputeLink(project, key + 's', value)
+
+def MakeRegionalSubnetworkLink(project, zone, subnet):
+  region = ZoneToRegion(zone)
+  return ''.join([default.COMPUTE_URL_BASE, 'projects/', project, '/regions/',
+                  region, '/subnetworks/', subnet])
+
+
+def MakeSubnetworkComputeLink(context, key):
+  project, zone, value = ReadContext(context, key)
+  region = ZoneToRegion(zone)
+  return ''.join([default.COMPUTE_URL_BASE, 'projects/', project, '/regions/',
+                  region, '/subnetworks/', value])
+
+
+def MakeFQHN(context, name):
+  return '%s.c.%s.internal' % (name, context.env['project'])
+
+
+# TODO(victorg): Consider moving this method to a different file
+def MakeC2DImageLink(name, dev_mode=False):
+  if IsGlobalProjectShortcut(name) or name.startswith('http'):
+    return name
+  else:
+    if dev_mode:
+      return 'global/images/%s' % name
+    else:
+      return GlobalComputeLink(default.C2D_IMAGES, 'images', name)
+
+
+def IsGlobalProjectShortcut(name):
+  return name.startswith('projects/') or name.startswith('global/')
+
+
+def IsComputeLink(name):
+  return (name.startswith(default.COMPUTE_URL_BASE) or
+          name.startswith(default.REFERENCE_PREFIX))
+
+
+def GetNamesAndTypes(resources_dict):
+  return [(d['name'], d['type']) for d in resources_dict]
+
+
+def SummarizeResources(res_dict):
+  """Summarizes the name of resources per resource type."""
+  result = {}
+  for res in res_dict:
+    result.setdefault(res['type'], []).append(res['name'])
+  return result
+
+
+def ListPropertyValuesOfType(res_dict, prop, res_type):
+  """Lists all the values for a property of a certain type."""
+  return [r['properties'][prop] for r in res_dict if r['type'] == res_type]
+
+
+def MakeResource(resource_list, output_list=None):
+  """Wrapper for a DM template basic spec."""
+  content = {'resources': resource_list}
+  if output_list:
+    content['outputs'] = output_list
+  return yaml.dump(content)
+
+
+def TakeZoneOut(properties):
+  """Given a properties dictionary, removes the zone specific information."""
+
+  def _CleanZoneUrl(value):
+    value = value.split('/')[-1] if IsComputeLink(value) else value
+    return value
+
+  for name in default.VM_ZONE_PROPERTIES:
+    if name in properties:
+      properties[name] = _CleanZoneUrl(properties[name])
+  if default.ZONE in properties:
+    properties.pop(default.ZONE)
+  if default.BOOTDISK in properties:
+    properties[default.BOOTDISK] = _CleanZoneUrl(properties[default.BOOTDISK])
+  if default.DISKS in properties:
+    for disk in properties[default.DISKS]:
+      # Don't touch references to other disks
+      if default.DISK_SOURCE in disk:
+        continue
+      if default.INITIALIZEP in disk:
+        disk_init = disk[default.INITIALIZEP]
+      if default.DISKTYPE in disk_init:
+        disk_init[default.DISKTYPE] = _CleanZoneUrl(disk_init[default.DISKTYPE])
+
+
+def GenerateEmbeddableYaml(yaml_string):
+  # Because YAML is a space delimited format, we need to be careful about
+  # embedding one YAML document in another. This function takes in a string in
+  # YAML format and produces an equivalent YAML representation that can be
+  # inserted into arbitrary points of another YAML document. It does so by
+  # printing the YAML string in a single line format. Consistent ordering of
+  # the string is also guaranteed by using yaml.dump.
+  yaml_object = yaml.load(yaml_string)
+  dumped_yaml = yaml.dump(yaml_object, default_flow_style=True)
+  return dumped_yaml
+
+
+def FormatErrorsDec(func):
+  """Decorator to format exceptions if they get raised."""
+
+  def FormatErrorsWrap(context):
+    try:
+      return func(context)
+    except Exception as e:
+      raise Error(FormatException(e.message))
+
+  return FormatErrorsWrap
diff --git a/deprecated/gcp/R80.40-R81/single-payg/config.yaml b/deprecated/gcp/R80.40-R81/single-payg/config.yaml
new file mode 100644
index 00000000..33316f05
--- /dev/null
+++ b/deprecated/gcp/R80.40-R81/single-payg/config.yaml
@@ -0,0 +1,48 @@
+imports:
+- path: check-point-vsec--payg.py
+- path: common.py
+- path: default.py
+- path: password.py
+- path: images.py
+
+resources:
+- name: check-point-vsec--payg
+  type: check-point-vsec--payg.py
+  properties:
+    zone: "PLEASE ENTER A ZONE"
+    machineType: "PLEASE ENTER A MACHINE TYPE"
+    network: "PLEASE ENTER AN EXTERNAL NETWORK ID"
+    subnetwork: "PLEASE ENTER A SUBNETWORK ID"
+    network_enableTcp: "PLEASE ENTER true or false"
+    network_tcpSourceRanges: "PLEASE ENTER TCP SOURCE RANGES OR LEAVE EMPTY DOUBLE QUOTES"
+    network_enableIcmp: "PLEASE ENTER true or false"
+    network_icmpSourceRanges: "PLEASE ENTER ICMP SOURCE RANGES OR LEAVE EMPTY DOUBLE QUOTES"
+    network_enableUdp: "PLEASE ENTER true or false"
+    network_udpSourceRanges: "PLEASE ENTER UDP SOURCE RANGES OR LEAVE EMPTY DOUBLE QUOTES"
+    network_enableSctp: "PLEASE ENTER true or false"
+    network_sctpSourceRanges: "PLEASE ENTER SCTP SOURCE RANGES OR LEAVE EMPTY DOUBLE QUOTES"
+    network_enableEsp: "PLEASE ENTER true or false"
+    network_espSourceRanges: "PLEASE ENTER ESP SOURCE RANGES OR LEAVE EMPTY DOUBLE QUOTES"
+    externalIP: "PLEASE ENTER AN EXTERNAL IP ADDRESS TYPE"
+    installationType: "PLEASE ENTER AN INSTALLATION TYPE"
+    diskType: "PLEASE ENTER A DISK TYPE"
+    bootDiskSizeGb: "PLEASE ENTER A DISK SIZE"
+    #Connecting to Smart-1 Cloud is only available for Gateway only installation
+    smart1CloudToken: "PLEASE ENTER A TOKEN TO CONNECT TO SMART-1 CLOUD OR LEAVE EMPTY DOUBLE QUOTES"
+    generatePassword: "PLEASE ENTER true or false"
+    allowUploadDownload: "PLEASE ENTER true or false"
+    enableMonitoring: "PLEASE ENTER true or false"
+    shell: "PLEASE ENTER A SHELL"
+    instanceSSHKey: "PLEASE ENTER A VALID PUBLIC KEY"
+    sicKey: "PLEASE ENTER A SIC KEY"
+    managementGUIClientNetwork: "PLEASE ENTER A MANAGEMENT GUI CLIENT NETWORK"
+    numAdditionalNICs: "PLEASE ENTER A NUMBER OF ADDITIONAL NICS"
+    #Define additional NICs networks and subnetworks according the defined numAdditionalNICs value
+    #If there is no need in additional NICs remove additionalNetwork1 and additionalSubnetwork1 variables
+    additionalNetwork1: "PLEASE ENTER AN ADDITIONAL NETWORK1 ID"
+    additionalSubnetwork1: "PLEASE ENTER AN ADDITIONAL SUBNETWORK1 ID"
+outputs:
+- name: "Deployment"
+  value: $(ref.check-point-vsec--payg.deployment)
+- name: "Instance"
+  value: $(ref.check-point-vsec--payg.vmName)
\ No newline at end of file
diff --git a/deprecated/gcp/R80.40-R81/single-payg/default.py b/deprecated/gcp/R80.40-R81/single-payg/default.py
new file mode 100644
index 00000000..0c7dd919
--- /dev/null
+++ b/deprecated/gcp/R80.40-R81/single-payg/default.py
@@ -0,0 +1,134 @@
+# Copyright 2015 Google Inc. All rights reserved.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+"""Convenience module to hold default constants for C2D components.
+
+There should not be any logic in this module. Its purpose is to simplify
+analysis of commonly used GCP and properties names and identify the names
+that were custom created for these modules.
+"""
+# Generic constants
+C2D_IMAGES = 'click-to-deploy-images'
+
+# URL constants
+COMPUTE_URL_BASE = 'https://www.googleapis.com/compute/v1/'
+
+# Deployment Manager constructs
+REFERENCE_PREFIX = '$(ref.'
+
+# Commonly used in properties namespace
+AUTO_DELETE = 'autoDelete'
+BOOTDISK = 'bootDiskType'
+BOOTDISKSIZE = 'bootDiskSizeGb'
+C_IMAGE = 'containerImage'
+DC_MANIFEST = 'dcManifest'
+DEPLOYMENT = 'DEPLOYMENT'  # used in the deployment coordinator
+DISK_NAME = 'diskName'
+DISK_RESOURCES = 'addedDiskResources'
+DISK_SOURCE = 'source'
+ENDPOINT_NAME = 'serviceRegistryEndpointName'
+FIXED_GCLOUD = 'fixedGcloud'
+GENERATED_PROP = 'generatedProperties'
+INITIALIZEP = 'initializeParams'
+INSTANCE_NAME = 'instanceName'
+LOCAL_SSD = 'localSSDs'
+MAX_NUM = 'maxNumReplicas'
+NETWORKS = 'networks'
+NO_SCOPE = 'noScope'
+PROVIDE_BOOT = 'provideBoot'
+REPLICAS = 'replicas'
+SIZE = 'size'
+VM_COPIES = 'numberOfVMReplicas'
+ZONES = 'zones'
+
+# Common properties values (only official GCP values allowed here)
+EXTERNAL = 'External NAT'
+ONE_NAT = 'ONE_TO_ONE_NAT'
+
+# Common 1st level properties (only official GCP names allowed here)
+CAN_IP_FWD = 'canIpForward'
+CONTAINER = 'container'
+DCKRENV = 'dockerEnv'
+DCKRIMAGE = 'dockerImage'
+DEFAULT_SERVICE = 'defaultService'
+DEVICE_NAME = 'deviceName'
+DISKS = 'disks'
+DISK_SIZE = 'diskSizeGb'
+DISKTYPE = 'diskType'
+HEALTH_PATH = 'healthPath'
+HOST_RULES = 'hostRules'
+IP_PROTO = 'IPProtocol'
+MACHINETYPE = 'machineType'
+METADATA = 'metadata'
+NAME = 'name'
+NETWORK = 'network'
+NETWORKS = 'networks'
+SUBNETWORK = 'subnetwork'
+PATH_MATCHERS = 'pathMatchers'
+PORT = 'port'
+PROJECT = 'project'
+SERVICE = 'service'
+SERVICE_ACCOUNTS = 'serviceAccounts'
+SRCIMAGE = 'sourceImage'
+SRC_RANGES = 'sourceRanges'
+TAGS = 'tags'
+TYPE = 'type'
+VM_TEMPLATE = 'instanceTemplate'
+ZONE = 'zone'
+
+# Zone specfic VM properties
+VM_ZONE_PROPERTIES = [DISKTYPE, MACHINETYPE, BOOTDISK]
+
+# Resource type defaults names
+ADDRESS = 'compute.v1.address'
+AUTOSCALER = 'compute.v1.autoscaler'
+BACKEND_SERVICE = 'compute.v1.backendService'
+DISK = 'compute.v1.disk'
+ENDPOINT = 'serviceregistry.v1alpha.endpoint'
+FIREWALL = 'compute.v1.firewall'
+GF_RULE = 'compute.v1.globalForwardingRule'
+HEALTHCHECK = 'compute.v1.httpHealthCheck'
+IGM = 'compute.v1.instanceGroupManager'
+INSTANCE = 'compute.v1.instance'
+PROXY = 'compute.v1.targetHttpProxy'
+TEMPLATE = 'compute.v1.instanceTemplate'
+REGION_IGM = 'compute.v1.regionInstanceGroupManager'
+REGION_AUTOSCALER = 'compute.v1.regionAutoscaler'
+URL_MAP = 'compute.v1.urlMap'
+VPC='compute.v1.network'
+VPC_SUBNET='compute.v1.subnetwork'
+
+# Also Known As constants
+AKA = {
+    TEMPLATE: 'tmplt',
+    AUTOSCALER: 'as',
+    BACKEND_SERVICE: 'bes',
+    DISK: 'disk',
+    FIREWALL: 'fwall',
+    GF_RULE: 'ip',
+    HEALTHCHECK: 'hc',
+    INSTANCE: 'vm',
+    PROXY: 'tproxy',
+    IGM: 'igm',
+    URL_MAP: 'umap',
+}
+
+LOC = {
+    'europe': 'eu',
+    'asia': 'as',
+    'central': 'c',
+    'east': 'e',
+    'west': 'w',
+    'north': 'n',
+    'south': 's',
+}
diff --git a/deprecated/gcp/R80.40-R81/single-payg/images.py b/deprecated/gcp/R80.40-R81/single-payg/images.py
new file mode 100644
index 00000000..7b04bee0
--- /dev/null
+++ b/deprecated/gcp/R80.40-R81/single-payg/images.py
@@ -0,0 +1,34 @@
+IMAGES = {
+  "check-point-r8120-payg": "check-point-r8120-payg-631-991001560-v20240425",
+  "check-point-r8120-gw-payg-single": "check-point-r8120-gw-payg-single-631-991001560-v20240425",
+  "check-point-r8120-gw-payg-mig": "check-point-r8120-gw-payg-mig-631-991001560-v20240425",
+  "check-point-r8120-gw-payg-cluster": "check-point-r8120-gw-payg-cluster-631-991001560-v20240425",
+  "check-point-r8120-gw-byol-single": "check-point-r8120-gw-byol-single-631-991001560-v20240425",
+  "check-point-r8120-gw-byol-mig": "check-point-r8120-gw-byol-mig-631-991001560-v20240425",
+  "check-point-r8120-gw-byol-cluster": "check-point-r8120-gw-byol-cluster-631-991001560-v20240425",
+  "check-point-r8120-byol": "check-point-r8120-byol-631-991001560-v20240425",
+  "check-point-r8110-payg": "check-point-r8110-payg-335-991001560-v20240425",
+  "check-point-r8110-gw-payg-single": "check-point-r8110-gw-payg-single-335-991001560-v20240425",
+  "check-point-r8110-gw-payg-mig": "check-point-r8110-gw-payg-mig-335-991001560-v20240425",
+  "check-point-r8110-gw-payg-cluster": "check-point-r8110-gw-payg-cluster-335-991001560-v20240425",
+  "check-point-r8110-gw-byol-single": "check-point-r8110-gw-byol-single-335-991001560-v20240425",
+  "check-point-r8110-gw-byol-mig": "check-point-r8110-gw-byol-mig-335-991001560-v20240425",
+  "check-point-r8110-gw-byol-cluster": "check-point-r8110-gw-byol-cluster-335-991001560-v20240425",
+  "check-point-r8110-byol": "check-point-r8110-byol-335-991001560-v20240425",
+  "check-point-r81-payg": "check-point-r81-payg-392-991001560-v20240425",
+  "check-point-r81-gw-payg-single": "check-point-r81-gw-payg-single-392-991001560-v20240425",
+  "check-point-r81-gw-payg-mig": "check-point-r81-gw-payg-mig-392-991001560-v20240425",
+  "check-point-r81-gw-payg-cluster": "check-point-r81-gw-payg-cluster-392-991001560-v20240425",
+  "check-point-r81-gw-byol-single": "check-point-r81-gw-byol-single-392-991001560-v20240425",
+  "check-point-r81-gw-byol-mig": "check-point-r81-gw-byol-mig-392-991001560-v20240425",
+  "check-point-r81-gw-byol-cluster": "check-point-r81-gw-byol-cluster-392-991001560-v20240425",
+  "check-point-r81-byol": "check-point-r81-byol-392-991001560-v20240425",
+  "check-point-r8040-payg": "check-point-r8040-payg-294-991001560-v20240425",
+  "check-point-r8040-gw-payg-single": "check-point-r8040-gw-payg-single-294-991001564-v20240505",
+  "check-point-r8040-gw-payg-mig": "check-point-r8040-gw-payg-mig-294-991001564-v20240505",
+  "check-point-r8040-gw-payg-cluster": "check-point-r8040-gw-payg-cluster-294-991001564-v20240505",
+  "check-point-r8040-gw-byol-single": "check-point-r8040-gw-byol-single-294-991001564-v20240505",
+  "check-point-r8040-gw-byol-mig": "check-point-r8040-gw-byol-mig-294-991001564-v20240505",
+  "check-point-r8040-gw-byol-cluster": "check-point-r8040-gw-byol-cluster-294-991001564-v20240505",
+  "check-point-r8040-byol": "check-point-r8040-byol-294-991001560-v20240425"
+}
\ No newline at end of file
diff --git a/deprecated/gcp/R80.40-R81/single-payg/password.py b/deprecated/gcp/R80.40-R81/single-payg/password.py
new file mode 100644
index 00000000..273210a6
--- /dev/null
+++ b/deprecated/gcp/R80.40-R81/single-payg/password.py
@@ -0,0 +1,135 @@
+# Copyright 2015 Google Inc. All rights reserved.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+"""A DM template that generates password as an output, namely "password".
+
+An example YAML showing how this template can be used:
+  resources:
+  - name: generated-password
+    type: password.py
+    properties:
+      length: 8
+      includeSymbols: true
+  - name: main-template
+    type: main-template.jinja
+    properties:
+      password: $(ref.generated-password.password)
+
+Input properties to this template:
+  - length: the length of the generated password. At least 8. Default 8.
+  - includeSymbols: true/false whether to include symbol chars. Default false.
+
+The generated password satisfies the following requirements:
+  - The length is as specified,
+  - Containing letters and numbers, and optionally symbols if specified,
+  - Starting with a letter,
+  - Containing characters from at least 3 of the 4 categories: uppercases,
+    lowercases, numbers, and symbols.
+
+"""
+
+import random
+import yaml
+
+PROPERTY_LENGTH = 'length'
+PROPERTY_INCLUDE_SYMBOLS = 'includeSymbols'
+
+# Note the omission of some hard to distinguish characters like I, l, 0, and O.
+UPPERS = 'ABCDEFGHJKLMNPQRSTUVWXYZ'
+LOWERS = 'abcdefghijkmnopqrstuvwxyz'
+ALPHABET = UPPERS + LOWERS
+DIGITS = '123456789'
+ALPHANUMS = ALPHABET + DIGITS
+# Including only symbols that can be passed around easily in shell scripts.
+SYMBOLS = '*-+.'
+
+CANDIDATES_WITH_SYMBOLS = ALPHANUMS + SYMBOLS
+CANDIDATES_WITHOUT_SYMBOLS = ALPHANUMS
+
+CATEGORIES_WITH_SYMBOLS = [UPPERS, LOWERS, DIGITS, SYMBOLS]
+CATEGORIES_WITHOUT_SYMBOLS = [UPPERS, LOWERS, DIGITS]
+
+MIN_LENGTH = 8
+
+
+class InputError(Exception):
+  """Raised when input properties are unexpected."""
+
+
+def GenerateConfig(context):
+  """Entry function to generate the DM config."""
+  props = context.properties
+  length = props.setdefault(PROPERTY_LENGTH, MIN_LENGTH)
+  include_symbols = props.setdefault(PROPERTY_INCLUDE_SYMBOLS, False)
+
+  if not isinstance(include_symbols, bool):
+    raise InputError('%s must be a boolean' % PROPERTY_INCLUDE_SYMBOLS)
+
+  content = {
+      'resources': [],
+      'outputs': [{
+          'name': 'password',
+          'value': GeneratePassword(length, include_symbols)
+      }]
+  }
+  return yaml.dump(content)
+
+
+def GeneratePassword(length=8, include_symbols=False):
+  """Generates a random password."""
+  if length < MIN_LENGTH:
+    raise InputError('Password length must be at least %d' % MIN_LENGTH)
+
+  candidates = (CANDIDATES_WITH_SYMBOLS if include_symbols
+                else CANDIDATES_WITHOUT_SYMBOLS)
+  categories = (CATEGORIES_WITH_SYMBOLS if include_symbols
+                else CATEGORIES_WITHOUT_SYMBOLS)
+
+  # Generates up to the specified length minus the number of categories.
+  # Then inserts one character for each category, ensuring that the character
+  # satisfy the category if the generated string hasn't already.
+  generated = ([random.choice(ALPHABET)] +
+               [random.choice(candidates)
+                for _ in range(length - 1 - len(categories))])
+  for category in categories:
+    _InsertAndEnsureSatisfaction(generated, category, candidates)
+  return ''.join(generated)
+
+
+def _InsertAndEnsureSatisfaction(generated, required, all_candidates):
+  """Inserts 1 char into generated, satisfying required if not already.
+
+  If the required characters are not already in the generated string, one will
+  be inserted. If any required character is already in the generated string, a
+  random character from all_candidates will be inserted. The insertion happens
+  at a random location but not at the beginning.
+
+  Args:
+    generated: the string to be modified.
+    required: list of required characters to check for.
+    all_candidates: list of characters to choose from if the required characters
+        are already satisfied.
+  """
+  if set(generated).isdisjoint(required):
+    # Not yet satisfied. Insert a required candidate.
+    _InsertInto(generated, required)
+  else:
+    # Already satisfied. Insert any candidate.
+    _InsertInto(generated, all_candidates)
+
+
+def _InsertInto(generated, candidates):
+  """Inserts a random candidate into a random non-zero index of generated."""
+  # Avoids inserting at index 0, since the first character follows its own rule.
+  generated.insert(random.randint(1, len(generated) - 1),
+                   random.choice(candidates))
diff --git a/deprecated/terraform/gcp/R8040-R81/autoscale-into-existing-vpc/README.md b/deprecated/terraform/gcp/R8040-R81/autoscale-into-existing-vpc/README.md
new file mode 100644
index 00000000..1c11c3d3
--- /dev/null
+++ b/deprecated/terraform/gcp/R8040-R81/autoscale-into-existing-vpc/README.md
@@ -0,0 +1,233 @@
+# Check Point Autoscale into VPC (MIG) Terraform module for GCP
+
+Terraform module which deploys an Auto Scaling Group of Check Point Security Gateways into an existing VPC on GCP.
+
+These types of Terraform resources are supported:
+* [Instance Template](https://www.terraform.io/docs/providers/google/r/compute_instance_template.html)
+* [Firewall](https://www.terraform.io/docs/providers/google/r/compute_firewall.html) - conditional creation
+* [Instance Group Manager](https://www.terraform.io/docs/providers/google/r/compute_region_instance_group_manager.html)
+* [Autoscaler](https://www.terraform.io/docs/providers/google/r/compute_region_autoscaler.html)
+
+
+For additional information,
+please see the [CloudGuard Network for GCP Autoscaling MIG Deployment Guide](https://sc1.checkpoint.com/documents/IaaS/WebAdminGuides/EN/CP_CloudGuard_Network_for_GCP_Autoscaling_MIG/Default.htm)
+
+Terraform is controlled via a very easy to use command-line interface (CLI). Terraform is only a single command-line application: **terraform**. 
+
+## Before you begin
+1. Create a project in the [Google Cloud Console](https://console.cloud.google.com/) and set up billing on that project.
+2. [Install Terraform](https://learn.hashicorp.com/tutorials/terraform/install-cli) and read the Terraform getting started guide that follows. This guide will assume basic proficiency with Terraform - it is an introduction to the Google provider.
+
+## Configuring the Provider
+The **main.tf** file includes the following provider configuration block used to configure the credentials you use to authenticate with GCP, as well as a default project and location for your resources:
+```
+provider "google" {
+  credentials = file(var.service_account_path)
+  project     = var.project
+  region      = var.region
+}
+...
+```
+
+1. [Create a Service Account](https://cloud.google.com/docs/authentication/getting-started) (or use the existing one). Next, download the JSON key file. Name it something you can remember and store it somewhere secure on your machine. <br/>
+2. Select "Editor" Role or verify you have the following permissions:
+   ```
+   compute.autoscalers.create
+   compute.autoscalers.delete
+   compute.autoscalers.get
+   compute.disks.create
+   compute.disks.delete
+   compute.firewalls.create
+   compute.firewalls.delete
+   compute.firewalls.get
+   compute.images.get
+   compute.images.useReadOnly
+   compute.instanceGroupManagers.create
+   compute.instanceGroupManagers.delete
+   compute.instanceGroupManagers.get
+   compute.instanceGroupManagers.use
+   compute.instanceTemplates.create
+   compute.instanceTemplates.delete
+   compute.instanceTemplates.get
+   compute.instanceTemplates.useReadOnly
+   compute.instances.create
+   compute.instances.delete
+   compute.instances.setMetadata
+   compute.instances.setTags
+   compute.networks.get
+   compute.networks.updatePolicy
+   compute.regions.list
+   compute.subnetworks.get
+   compute.subnetworks.use
+   compute.subnetworks.useExternalIp
+   iam.serviceAccountKeys.get
+   iam.serviceAccountKeys.list
+   iam.serviceAccounts.actAs
+   iam.serviceAccounts.get
+   iam.serviceAccounts.list
+   ```
+3. ```credentials``` - Your service account key file is used to complete a two-legged OAuth 2.0 flow to obtain access tokens to authenticate with the GCP API as needed; Terraform will use it to reauthenticate automatically when tokens expire. <br/> 
+The provider credentials can be provided either as static credentials or as [Environment Variables](https://www.terraform.io/docs/providers/google/guides/provider_reference.html#credentials-1).
+    - Static credentials can be provided by adding the path to your service-account json file, project-id and region in /gcp/modules/autoscale-into-new-vpc/**terraform.tfvars** file as follows:
+        ```
+        service_account_path = "service-accounts/service-account-file-name.json"
+        project = "project-id"
+        region = "us-central1"
+        ```
+     - In case the Environment Variables are used, perform modifications described below:<br/>
+        a. The next lines in the main.tf file, in the provider google resource, need to be deleted or commented:
+        ```
+        provider "google" {
+          //  credentials = file(var.service_account_path)
+          //  project = var.project
+       
+          region = var.region
+        }
+       ```
+       b.In the terraform.tfvars file leave empty double quotes for credentials and project variables:
+       ```
+       service_account_path = ""
+       project = ""
+       ```
+## Usage
+- Fill all variables in the /gcp/autoscale-into-existing-vpc/**terraform.tfvars** file with proper values (see below for variables descriptions).
+- From a command line initialize the Terraform configuration directory:
+    ```
+    terraform init
+    ```
+- Create an execution plan:
+    ```
+    terraform plan
+    ```
+- Create or modify the deployment:
+    ```
+    terraform apply
+    ```
+  
+#### Variables are configured in autoscale-into-existing-vpc/**terraform.tfvars** file as follows:
+```
+# --- Google Provider ---
+service_account_path = "service-accounts/service-account-file-name.json"
+project = "project-id"
+
+# --- Check Point---
+prefix = "chkp-tf-mig"
+license = "BYOL"
+image_name = "check-point-r8110-gw-byol-mig-335-985-v20220126"
+management_nic = "Ephemeral Public IP (eth0)"
+management_name = "tf-checkpoint-management"
+configuration_template_name = "tf-asg-autoprov-tmplt"
+admin_SSH_key = "ssh-rsa xxxxxxxxxxxxxxxxxxxxxxxx imported-openssh-key"
+network_defined_by_routes = true
+admin_shell = "/etc/cli.sh"
+allow_upload_download = true
+
+# --- Networking ---
+region = "us-central1"
+external_network_name = "default"
+external_subnetwork_name = "default"
+internal_network_name = "tf-vpc-network"
+internal_subnetwork_name = "tf-vpc-subnetwork"
+ICMP_traffic = ["123.123.0.0/24", "234.234.0.0/24"]
+TCP_traffic = ["0.0.0.0/0"]
+UDP_traffic = []
+SCTP_traffic = []
+ESP_traffic = []
+
+# --- Instance Configuration ---
+machine_type = "n1-standard-4"
+cpu_usage = 60
+instances_min_grop_size = 2
+instances_max_grop_size = 10
+disk_type = "SSD Persistent Disk"
+disk_size = 100
+enable_monitoring = false
+```
+
+- To tear down your resources:
+    ```
+    terraform destroy
+    ```
+
+## Conditional creation
+To create Firewall and allow traffic for ICMP, TCP, UDP, SCTP or/and ESP - enter list of Source IP ranges.
+```
+ICMP_traffic = ["123.123.0.0/24", "234.234.0.0/24"]
+TCP_traffic = ["0.0.0.0/0"]
+UDP_traffic = []
+SCTP_traffic = []
+ESP_traffic = []
+```
+Please leave empty list for a protocol if you want to disable traffic for it.
+
+## Inputs
+| Name          | Description   | Type          | Allowed values | Default       | Required      |
+| ------------- | ------------- | ------------- | ------------- | ------------- | ------------- |
+| service_account_path | User service account path in JSON format - From the service account key page in the Cloud Console choose an existing account or create a new one. Next, download the JSON key file. Name it something you can remember, store it somewhere secure on your machine, and supply the path to the location is stored. (e.g. "service-accounts/service-account-name.json")  | string  | N/A | "" | yes |
+| project  | Personal project id. The project indicates the default GCP project all of your resources will be created in.  | string  | N/A | "" | yes |
+|  |  |  |  |  |
+| prefix | (Optional) Resources name prefix. | string | N/A | "chkp-tf-mig" | no |
+| license | Checkpoint license (BYOL or PAYG). | string | - BYOL <br/> - PAYG <br/> | "BYOL" | no |
+| image_name | The autoscaling (MIG) image name (e.g. check-point-r8110-gw-byol-mig-335-985-v20220126). You can choose the desired mig image value from [Github](https://github.com/CheckPointSW/CloudGuardIaaS/blob/master/gcp/deployment-packages/autoscale-byol/images.py). | string | N/A | N/A | yes |
+| management_nic | Management Interface - Autoscaling Security Gateways in GCP can be managed by an ephemeral public IP or using the private IP of the internal interface (eth1). | string | Ephemeral Public IP (eth0) <br/> - Private IP (eth1) | "Ephemeral Public IP (eth0)" | no |
+| management_name | The name of the Security Management Server as appears in autoprovisioning configuration. (Please enter a valid Security Management name including lowercase letters, digits and hyphens only). | string | N/A | "checkpoint-management" | no |
+| configuration_template_name | Specify the provisioning configuration template name (for autoprovisioning). (Please enter a valid autoprovisioing configuration template name including lowercase letters, digits and hyphens only). | string | N/A | "gcp-asg-autoprov-tmplt" | no |
+| admin_SSH_key | Public SSH key for the user 'admin' - The SSH public key for SSH authentication to the MIG instances. Leave this field blank to use all project-wide pre-configured SSH keys. | string | A valid public ssh key | "" | no |
+| network_defined_by_routes | Set eth1 topology to define the networks behind this interface by the routes configured on the gateway. | bool | true/false | true | no |
+| admin_shell | Change the admin shell to enable advanced command line configuration. | string | - /etc/cli.sh <br/> - /bin/bash <br/> - /bin/csh <br/> - /bin/tcsh | "/etc/cli.sh" | no |
+| allow_upload_download | Automatically download Blade Contracts and other important data. Improve product experience by sending data to Check Point | bool | true/false | true | no |
+|  |  |  |  |  |
+| region  | GCP region  | string  | N/A | N/A  | yes |
+| external_network_name | The network determines what network traffic the instance can access. | string | N/A | N/A | yes |
+| external_subnetwork_name | Assigns the instance an IPv4 address from the subnetwork’s range. Instances in different subnetworks can communicate with each other using their internal IPs as long as they belong to the same network. | string | N/A | N/A | yes |
+| internal_network_name | The network determines what network traffic the instance can access. | string | N/A | N/A | yes |
+| internal_subnetwork_name | Assigns the instance an IPv4 address from the subnetwork’s range. Instances in different subnetworks can communicate with each other using their internal IPs as long as they belong to the same network. | string | N/A | N/A | yes |
+| ICMP_traffic | (Optional) Source IP ranges for ICMP traffic - Traffic is only allowed from sources within these IP address ranges. Use CIDR notation when entering ranges. Please leave empty list to unable ICMP traffic. | list(string) | N/A | [] | no |
+| TCP_traffic | (Optional) Source IP ranges for TCP traffic - Traffic is only allowed from sources within these IP address ranges. Use CIDR notation when entering ranges. Please leave empty list to unable TCP traffic. | list(string) | N/A | [] | no |
+| UDP_traffic | (Optional) Source IP ranges for UDP traffic - Traffic is only allowed from sources within these IP address ranges. Use CIDR notation when entering ranges. Please leave empty list to unable UDP traffic. | list(string) | N/A | [] | no |
+| SCTP_traffic | (Optional) Source IP ranges for SCTP traffic - Traffic is only allowed from sources within these IP address ranges. Use CIDR notation when entering ranges. Please leave empty list to unable SCTP traffic. | list(string) | N/A | [] | no |
+| ESP_traffic | (Optional) Source IP ranges for ESP traffic - Traffic is only allowed from sources within these IP address ranges. Use CIDR notation when entering ranges. Please leave empty list to unable ESP traffic. | list(string) | N/A | [] | no |
+|  |  |  |  |  |
+| machine_type | Machine Type. | string | N/A | "n1-standard-4" | no |
+| cpu_usage | Target CPU usage (%) - Autoscaling adds or removes instances in the group to maintain this level of CPU usage on each instance. | number | number between 10 and 90 | 60 | no |
+| instances_min_grop_size | The minimal number of instances | number | N/A | 2 | no |
+| instances_max_grop_size | The maximal number of instances | number | N/A | 10 | no |
+| disk_type | Storage space is much less expensive for a standard Persistent Disk. An SSD Persistent Disk is better for random IOPS or streaming throughput with low latency. | string | - SSD Persistent Disk <br/> - Balanced Persistent Disk <br/> - Standard Persistent Disk | "SSD Persistent Disk" | no |
+| disk_size | Disk size in GB - Persistent disk performance is tied to the size of the persistent disk volume. You are charged for the actual amount of provisioned disk space. | number | number between 100 and 4096 | 100 | no |
+| enable_monitoring | Enable Stackdriver monitoring | bool | true/false | false | no |
+
+
+## Outputs
+| Name  | Description |
+| ------------- | ------------- |
+| SIC_key  | Secure Internal Communication (SIC) initiation key.  |
+| management_name  | Security Management server name.  |
+| configuration_template_name  | Provisioning configuration template name.  |
+| instance_template_name  | Instance template name.  |
+| instance_group_manager_name  | Instance group manager name.  |
+| autoscaler_name  | Autoscaler name.  |
+| ICMP_firewall_rules_name  | If enable - the ICMP firewall rules name, otherwise, an empty list.  |
+| TCP_firewall_rules_name  | If enable - the TCP firewall rules name, otherwise, an empty list.  |
+| UDP_firewall_rules_name  | If enable - the UDP firewall rules name, otherwise, an empty list.  |
+| SCTP_firewall_rules_name  | If enable - the SCTP firewall rules name, otherwise, an empty list.  |
+| ESP_firewall_rules_name  | If enable - the ESP firewall rules name, otherwise, an empty list.  |
+
+
+## Revision History
+In order to check the template version refer to the [sk116585](https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk116585)
+
+| Template Version | Description   |
+| ---------------- | ------------- |
+| 20230109 | Updated startup script to use cloud-config. |
+| | | |
+| 20201208 | First release of Check Point CloudGuard IaaS Auto Scaling Group of Check Point Security Gateways Terraform solution into an existing VPC on GCP. |
+| | | |
+|  | Addition of "template_type" parameter to "cloud-version" files. |
+| | | |
+
+## Authors
+
+
+## License
+
+This project is licensed under the MIT License - see the [LICENSE](../../../LICENSE) file for details
\ No newline at end of file
diff --git a/deprecated/terraform/gcp/R8040-R81/autoscale-into-existing-vpc/locals.tf b/deprecated/terraform/gcp/R8040-R81/autoscale-into-existing-vpc/locals.tf
new file mode 100644
index 00000000..058d0689
--- /dev/null
+++ b/deprecated/terraform/gcp/R8040-R81/autoscale-into-existing-vpc/locals.tf
@@ -0,0 +1,63 @@
+locals {
+  license_allowed_values = [
+    "BYOL",
+    "PAYG"]
+  // will fail if [var.license] is invalid:
+  validate_license = index(local.license_allowed_values, upper(var.license))
+
+  regex_validate_image_name = "check-point-r8[0-1][1-4]0-gw-(byol|payg)-mig-[0-9]{3}-([0-9]{3,}|[a-z]+)-v[0-9]{8,}"
+  // will fail if the image name is not in the right syntax
+  validate_image_name = length(regexall(local.regex_validate_image_name, var.image_name)) > 0 ? 0 : index(split("-", var.image_name), "INVALID IMAGE NAME")
+
+  management_nic_allowed_values = [
+    "Ephemeral Public IP (eth0)",
+    "Private IP (eth1)"]
+  // will fail if [var.management_nic] is invalid:
+  validate_management_nic = index(local.management_nic_allowed_values, var.management_nic)
+
+  regex_valid_management_name = "^([ -~]+)$"
+  // Will fail if var.management_name is invalid
+  regex_management_name = regex(local.regex_valid_management_name, var.management_name) == var.management_name ? 0 : "Variable [management_name] must be a valid Security Management name including ascii characters only"
+
+  regex_valid_configuration_template_name = "^([ -~]+)$"
+  // Will fail if var.configuration_template_name is invalid
+  regex_configuration_template_name = regex(local.regex_valid_configuration_template_name, var.configuration_template_name) == var.configuration_template_name ? 0 : "Variable [configuration_template_name] must be a valid autoprovisioing configuration template name including ascii characters only"
+
+  regex_valid_admin_SSH_key = "^(^$|ssh-rsa AAAA[0-9A-Za-z+/]+[=]{0,3})"
+  // Will fail if var.admin_SSH_key is invalid
+  regex_admin_SSH_key = regex(local.regex_valid_admin_SSH_key, var.admin_SSH_key) == var.admin_SSH_key ? 0 : "Please enter a valid SSH public key or leave empty"
+
+  admin_shell_allowed_values = [
+    "/etc/cli.sh",
+    "/bin/bash",
+    "/bin/csh",
+    "/bin/tcsh"]
+  // Will fail if var.admin_shell is invalid
+  validate_admin_shell = index(local.admin_shell_allowed_values, var.admin_shell)
+
+  regions_allowed_values = data.google_compute_regions.available_regions.names
+  // Will fail if var.region is invalid
+  validate_region = index(local.regions_allowed_values, var.region)
+
+  disk_type_allowed_values = [
+    "SSD Persistent Disk",
+    "Balanced Persistent Disk",
+    "Standard Persistent Disk"]
+  // Will fail if var.disk_type is invalid
+  validate_disk_type = index(local.disk_type_allowed_values, var.disk_type)
+
+
+
+  disk_type_condition = var.disk_type == "SSD Persistent Disk" ? "pd-ssd" : var.disk_type == "Balanced Persistent Disk" ? "pd-balanced" : var.disk_type == "Standard Persistent Disk" ? "pd-standard" : ""
+  mgmt_nic_condition = var.management_nic == "Ephemeral Public IP (eth0)" ? true : false
+  mgmt_nic_ip_address_condition = local.mgmt_nic_condition ? "x-chkp-ip-address--public" : "x-chkp-ip-address--private"
+  mgmt_nic_interface_condition = local.mgmt_nic_condition ? "x-chkp-management-interface--eth0" : "x-chkp-management-interface--eth1"
+  network_defined_by_routes_condition = var.network_defined_by_routes ? "x-chkp-topology-eth1--internal" : ""
+  network_defined_by_routes_settings_condition = var.network_defined_by_routes ? "x-chkp-topology-settings-eth1--network-defined-by-routes" : ""
+  admin_SSH_key_condition = var.admin_SSH_key != "" ? true : false
+  ICMP_traffic_condition = length(var.ICMP_traffic) == 0 ? 0 : 1
+  TCP_traffic_condition = length(var.TCP_traffic) == 0 ? 0 : 1
+  UDP_traffic_condition = length(var.UDP_traffic) == 0 ? 0 : 1
+  SCTP_traffic_condition = length(var.SCTP_traffic) == 0 ? 0 : 1
+  ESP_traffic_condition = length(var.ESP_traffic) == 0 ? 0 : 1
+}
\ No newline at end of file
diff --git a/deprecated/terraform/gcp/R8040-R81/autoscale-into-existing-vpc/main.tf b/deprecated/terraform/gcp/R8040-R81/autoscale-into-existing-vpc/main.tf
new file mode 100644
index 00000000..24548144
--- /dev/null
+++ b/deprecated/terraform/gcp/R8040-R81/autoscale-into-existing-vpc/main.tf
@@ -0,0 +1,197 @@
+provider "google" {
+  credentials = file(var.service_account_path)
+  project = var.project
+  region = var.region
+}
+
+resource "random_string" "random_string" {
+  length = 5
+  special = false
+  upper = false
+  keepers = {}
+}
+data "google_compute_network" "external_network" {
+  name = var.external_network_name
+}
+data "google_compute_network" "internal_network" {
+  name = var.internal_network_name
+}
+resource "random_string" "random_sic_key" {
+  length = 12
+  special = false
+}
+
+resource "google_compute_instance_template" "instance_template" {
+  name = "${var.prefix}-tmplt-${random_string.random_string.result}"
+  machine_type = var.machine_type
+  can_ip_forward = true
+
+
+  disk {
+    source_image = "checkpoint-public/${var.image_name}"
+    auto_delete = true
+    boot = true
+    device_name = "${var.prefix}-boot-${random_string.random_string.result}"
+    disk_type = local.disk_type_condition
+    disk_size_gb = var.disk_size
+    mode = "READ_WRITE"
+    type = "PERSISTENT"
+  }
+
+  network_interface {
+    network = data.google_compute_network.external_network.self_link
+    subnetwork = var.external_subnetwork_name
+    dynamic "access_config" {
+      for_each = local.mgmt_nic_condition ? [
+        1] : []
+      content {
+        network_tier = local.mgmt_nic_condition ? "PREMIUM" : "STANDARD"
+      }
+    }
+  }
+
+  network_interface {
+    network = data.google_compute_network.internal_network.self_link
+    subnetwork = var.internal_subnetwork_name
+  }
+
+  scheduling {
+    automatic_restart = true
+    on_host_maintenance = "MIGRATE"
+    preemptible = false
+  }
+
+  service_account {
+    email = "default"
+    scopes = [
+      "https://www.googleapis.com/auth/devstorage.read_only",
+      "https://www.googleapis.com/auth/logging.write",
+      "https://www.googleapis.com/auth/monitoring.write",
+      "https://www.googleapis.com/auth/pubsub",
+      "https://www.googleapis.com/auth/service.management.readonly",
+      "https://www.googleapis.com/auth/servicecontrol",
+      "https://www.googleapis.com/auth/trace.append"]
+  }
+  tags = [
+    format("x-chkp-management--%s", var.management_name),
+    format("x-chkp-template--%s", var.configuration_template_name),
+    "checkpoint-gateway",
+    local.mgmt_nic_ip_address_condition,
+    local.mgmt_nic_interface_condition,
+    local.network_defined_by_routes_condition,
+    local.network_defined_by_routes_settings_condition]
+
+  metadata_startup_script = templatefile("${path.module}/../common/startup-script.sh", {
+    // script's arguments
+    generatePassword = "false"
+    config_url = ""
+    config_path = ""
+    sicKey = ""
+    allowUploadDownload = var.allow_upload_download
+    templateName = "autoscale_tf"
+    templateVersion = "20230109"
+    templateType = "terraform"
+    mgmtNIC = var.management_nic
+    hasInternet = "false"
+    enableMonitoring = var.enable_monitoring
+    shell = var.admin_shell
+    installationType = "AutoScale"
+    computed_sic_key = random_string.random_sic_key.result
+    managementGUIClientNetwork = ""
+    primary_cluster_address_name = ""
+    secondary_cluster_address_name = ""
+    managementNetwork = ""
+    numAdditionalNICs = ""
+    smart_1_cloud_token = ""
+    name = ""
+    zoneConfig = ""
+    region = ""
+  })
+
+  metadata = local.admin_SSH_key_condition ? {
+    serial-port-enable = "true"
+    instanceSSHKey = var.admin_SSH_key
+  } : {
+    serial-port-enable = "true"
+  }
+}
+
+resource "google_compute_firewall" "ICMP_firewall_rules" {
+  count = local.ICMP_traffic_condition
+  name = "${var.prefix}-icmp-${random_string.random_string.result}"
+  network = data.google_compute_network.external_network.self_link
+  allow {
+    protocol = "icmp"
+  }
+  source_ranges = var.ICMP_traffic
+  target_tags = [
+    "checkpoint-gateway"]
+}
+resource "google_compute_firewall" "TCP_firewall_rules" {
+  count = local.TCP_traffic_condition
+  name = "${var.prefix}-tcp-${random_string.random_string.result}"
+  network = data.google_compute_network.external_network.self_link
+  allow {
+    protocol = "tcp"
+  }
+  source_ranges = var.TCP_traffic
+  target_tags = [
+    "checkpoint-gateway"]
+}
+resource "google_compute_firewall" "UDP_firewall_rules" {
+  count = local.UDP_traffic_condition
+  name = "${var.prefix}-udp-${random_string.random_string.result}"
+  network = data.google_compute_network.external_network.self_link
+  allow {
+    protocol = "udp"
+  }
+  source_ranges = var.UDP_traffic
+  target_tags = [
+    "checkpoint-gateway"]
+}
+resource "google_compute_firewall" "SCTP_firewall_rules" {
+  count = local.SCTP_traffic_condition
+  name = "${var.prefix}-sctp-${random_string.random_string.result}"
+  network = data.google_compute_network.external_network.self_link
+  allow {
+    protocol = "sctp"
+  }
+  source_ranges = var.SCTP_traffic
+  target_tags = [
+    "checkpoint-gateway"]
+}
+resource "google_compute_firewall" "ESP_firewall_rules" {
+  count = local.ESP_traffic_condition
+  name = "${var.prefix}-esp-${random_string.random_string.result}"
+  network = data.google_compute_network.external_network.self_link
+  allow {
+    protocol = "esp"
+  }
+  source_ranges = var.ESP_traffic
+  target_tags = [
+    "checkpoint-gateway"]
+}
+resource "google_compute_region_instance_group_manager" "instance_group_manager" {
+  region = var.region
+  name = "${var.prefix}-igm-${random_string.random_string.result}"
+  version {
+    instance_template = google_compute_instance_template.instance_template.id
+    name = "${var.prefix}-tmplt"
+  }
+  base_instance_name = "${var.prefix}-${random_string.random_string.result}"
+}
+resource "google_compute_region_autoscaler" "autoscaler" {
+  region = var.region
+  name = "${var.prefix}-autoscaler-${random_string.random_string.result}"
+  target = google_compute_region_instance_group_manager.instance_group_manager.id
+
+  autoscaling_policy {
+    max_replicas = var.instances_max_grop_size
+    min_replicas = var.instances_min_grop_size
+    cooldown_period = 90
+
+    cpu_utilization {
+      target = var.cpu_usage/100
+    }
+  }
+}
diff --git a/deprecated/terraform/gcp/R8040-R81/autoscale-into-existing-vpc/output.tf b/deprecated/terraform/gcp/R8040-R81/autoscale-into-existing-vpc/output.tf
new file mode 100644
index 00000000..62b1f028
--- /dev/null
+++ b/deprecated/terraform/gcp/R8040-R81/autoscale-into-existing-vpc/output.tf
@@ -0,0 +1,33 @@
+output "SIC_key" {
+  value = random_string.random_sic_key.result
+}
+output "management_name" {
+  value = var.management_name
+}
+output "configuration_template_name" {
+  value = var.configuration_template_name
+}
+output "instance_template_name" {
+  value = google_compute_instance_template.instance_template.name
+}
+output "instance_group_manager_name" {
+  value = google_compute_region_instance_group_manager.instance_group_manager.name
+}
+output "autoscaler_name" {
+  value = google_compute_region_autoscaler.autoscaler.name
+}
+output "ICMP_firewall_rules_name" {
+  value = google_compute_firewall.ICMP_firewall_rules[*].name
+}
+output "TCP_firewall_rules_name" {
+  value = google_compute_firewall.TCP_firewall_rules[*].name
+}
+output "UDP_firewall_rules_name" {
+  value = google_compute_firewall.UDP_firewall_rules[*].name
+}
+output "SCTP_firewall_rules_name" {
+  value = google_compute_firewall.SCTP_firewall_rules[*].name
+}
+output "ESP_firewall_rules_name" {
+  value = google_compute_firewall.ESP_firewall_rules[*].name
+}
\ No newline at end of file
diff --git a/deprecated/terraform/gcp/R8040-R81/autoscale-into-existing-vpc/terraform.tfvars b/deprecated/terraform/gcp/R8040-R81/autoscale-into-existing-vpc/terraform.tfvars
new file mode 100644
index 00000000..dfb828db
--- /dev/null
+++ b/deprecated/terraform/gcp/R8040-R81/autoscale-into-existing-vpc/terraform.tfvars
@@ -0,0 +1,36 @@
+# --- Google Provider ---
+service_account_path          = "PLEASE ENTER SERVICE ACCOUNT PATH"           # "service-accounts/service-account-file-name.json"
+project                       = "PLEASE ENTER PROJECT ID"                     # "project-id"
+
+# --- Check Point---
+prefix                        = "PLEASE ENTER PREFIX"                         # "chkp-tf-mig"
+license                       = "PLEASE ENTER LICENSE"                        # "BYOL"
+image_name                    = "PLEASE ENTER IMAGE NAME"                     # "check-point-r8110-gw-byol-mig-335-985-v20220126"
+management_nic                = "PLEASE ENTER MANAGEMENT INTERFACE"           # "Ephemeral Public IP (eth0)"
+management_name               = "PLEASE ENTER MANAGEMENT NAME"                # "tf-checkpoint-management"
+configuration_template_name   = "PLEASE ENTER CONFIGURATION TEMPLATE NAME"    # "tf-asg-autoprov-tmplt"
+admin_SSH_key                 = "PLEASE ENTER ADMIN SSH KEY"                  # "ssh-rsa xxxxxxxxxxxxxxxxxxxxxxxx imported-openssh-key"
+network_defined_by_routes     = "PLEASE ENTER true OR false"                  # true
+admin_shell                   = "PLEASE ENTER ADMIN SHELL"                    # "/etc/cli.sh"
+allow_upload_download         = "PLEASE ENTER true OR false"                  # true
+
+# --- Networking ---
+region                        = "PLEASE ENTER REGION"                         # "us-central1"
+external_network_name         = "PLEASE ENTER EXTERNAL NETWORK NAME"          # "default"
+external_subnetwork_name      = "PLEASE ENTER EXTERNAL SUBNETWORK NAME"       # "default"
+internal_network_name         = "PLEASE ENTER INTERNAL NETWORK NAME"          # "tf-vpc-network"
+internal_subnetwork_name      = "PLEASE ENTER INTERNAL SUBNETWORK NAME"       # "tf-vpc-subnetwork"
+ICMP_traffic                  = "PLEASE ENTER ICMP SOURCE IP RANGES"          # ["123.123.0.0/24", "234.234.0.0/24"]
+TCP_traffic                   = "PLEASE ENTER TCP SOURCE IP RANGES"           # ["0.0.0.0/0"]
+UDP_traffic                   = "PLEASE ENTER UDP SOURCE IP RANGES"           # []
+SCTP_traffic                  = "PLEASE ENTER SCTP SOURCE IP RANGES"          # []
+ESP_traffic                   = "PLEASE ENTER ESP SOURCE IP RANGES"           # []
+
+# --- Instance Configuration ---
+machine_type                  = "PLEASE ENTER MACHINE TYPE"                   # "n1-standard-4"
+cpu_usage                     = "PLEASE ENTER CPU USAGE"                      # 60
+instances_min_grop_size       = "PLEASE ENTER INSTANCES MIN GROP SIZE"        # 2
+instances_max_grop_size       = "PLEASE ENTER INSTANCES MAX GROP SIZE"        # 10
+disk_type                     = "PLEASE ENTER DISK TYPE"                      # "SSD Persistent Disk"
+disk_size                     = "PLEASE ENTER DISK SIZE"                      # 100
+enable_monitoring             = "PLEASE ENTER true OR false"                  # false
\ No newline at end of file
diff --git a/deprecated/terraform/gcp/R8040-R81/autoscale-into-existing-vpc/variables.tf b/deprecated/terraform/gcp/R8040-R81/autoscale-into-existing-vpc/variables.tf
new file mode 100644
index 00000000..8acd8fda
--- /dev/null
+++ b/deprecated/terraform/gcp/R8040-R81/autoscale-into-existing-vpc/variables.tf
@@ -0,0 +1,157 @@
+# Check Point CloudGuard IaaS Autoscaling - Terraform Template
+
+# --- Google Provider ---
+variable "service_account_path" {
+  type = string
+  description = "User service account path in JSON format - From the service account key page in the Cloud Console choose an existing account or create a new one. Next, download the JSON key file. Name it something you can remember, store it somewhere secure on your machine, and supply the path to the location is stored."
+  default = ""
+}
+variable "project" {
+  type = string
+  description = "Personal project id. The project indicates the default GCP project all of your resources will be created in."
+  default = ""
+}
+
+# --- Check Point---
+variable "prefix" {
+  type = string
+  description = "(Optional) Resources name prefix"
+  default = "chkp-tf-mig"
+}
+variable "license" {
+  type = string
+  description = "Checkpoint license (BYOL or PAYG)."
+  default = "BYOL"
+}
+variable "image_name" {
+  type = string
+  description = "The autoscaling (MIG) image name (e.g. check-point-r8110-gw-byol-mig-335-985-v20220126). You can choose the desired mig image value from: https://github.com/CheckPointSW/CloudGuardIaaS/blob/master/gcp/deployment-packages/autoscale-byol/images.py"
+}
+variable "management_nic" {
+  type = string
+  description = "Management Interface - Autoscaling Security Gateways in GCP can be managed by an ephemeral public IP or using the private IP of the internal interface (eth1)."
+  default = "Ephemeral Public IP (eth0)"
+}
+variable "management_name" {
+  type = string
+  description = "The name of the Security Management Server as appears in autoprovisioning configuration. (Please enter a valid Security Management name including ascii characters only)"
+  default = "tf-checkpoint-management"
+}
+variable "configuration_template_name" {
+  type = string
+  description = "Specify the provisioning configuration template name (for autoprovisioning). (Please enter a valid autoprovisioing configuration template name including ascii characters only)"
+  default = "tf-asg-autoprov-tmplt"
+}
+variable "admin_SSH_key" {
+  type = string
+  description = "(Optional) The SSH public key for SSH authentication to the MIG instances. Leave this field blank to use all project-wide pre-configured SSH keys."
+  default = ""
+}
+variable "network_defined_by_routes" {
+  type = bool
+  description = "Set eth1 topology to define the networks behind this interface by the routes configured on the gateway."
+  default = true
+}
+variable "admin_shell" {
+  type = string
+  description = "Change the admin shell to enable advanced command line configuration."
+  default = "/etc/cli.sh"
+}
+variable "allow_upload_download" {
+  type = bool
+  description = "Automatically download Blade Contracts and other important data. Improve product experience by sending data to Check Point"
+  default = true
+}
+
+# --- Networking ---
+data "google_compute_regions" "available_regions" {
+}
+variable "region" {
+  type = string
+  default = "us-central1"
+}
+variable "external_network_name" {
+  type = string
+  description = "The network determines what network traffic the instance can access"
+}
+variable "external_subnetwork_name" {
+  type = string
+  description = "Assigns the instance an IPv4 address from the subnetwork’s range. Instances in different subnetworks can communicate with each other using their internal IPs as long as they belong to the same network."
+}
+variable "internal_network_name" {
+  type = string
+  description = "The network determines what network traffic the instance can access"
+}
+variable "internal_subnetwork_name" {
+  type = string
+  description = "Assigns the instance an IPv4 address from the subnetwork’s range. Instances in different subnetworks can communicate with each other using their internal IPs as long as they belong to the same network."
+}
+variable "ICMP_traffic" {
+  type = list(string)
+  description = "(Optional) Source IP ranges for ICMP traffic - Traffic is only allowed from sources within these IP address ranges. Use CIDR notation when entering ranges. Please leave empty list to unable ICMP traffic."
+  default = []
+}
+variable "TCP_traffic" {
+  type = list(string)
+  description = "(Optional) Source IP ranges for TCP traffic - Traffic is only allowed from sources within these IP address ranges. Use CIDR notation when entering ranges. Please leave empty list to unable TCP traffic."
+  default = []
+}
+variable "UDP_traffic" {
+  type = list(string)
+  description = "(Optional) Source IP ranges for UDP traffic - Traffic is only allowed from sources within these IP address ranges. Use CIDR notation when entering ranges. Please leave empty list to unable UDP traffic."
+  default = []
+}
+variable "SCTP_traffic" {
+  type = list(string)
+  description = "(Optional) Source IP ranges for SCTP traffic - Traffic is only allowed from sources within these IP address ranges. Use CIDR notation when entering ranges. Please leave empty list to unable SCTP traffic."
+  default = []
+}
+variable "ESP_traffic" {
+  type = list(string)
+  description = "(Optional) Source IP ranges for ESP traffic - Traffic is only allowed from sources within these IP address ranges. Use CIDR notation when entering ranges. Please leave empty list to unable ESP traffic."
+  default = []
+}
+
+# --- Instance Configuration ---
+variable "machine_type" {
+  type = string
+  default = "n1-standard-4"
+}
+variable "cpu_usage" {
+  type = number
+  description = "Target CPU usage (%) - Autoscaling adds or removes instances in the group to maintain this level of CPU usage on each instance."
+  default = 60
+}
+resource "null_resource" "cpu_usage_validation" {
+  // Will fail if var.cpu_usage is less than 10 or more than 90
+  count = var.cpu_usage >= 10 && var.cpu_usage <= 90 ? 0 : "variable cpu_usage must be a number between 10 and 90"
+}
+variable "instances_min_grop_size" {
+  type = number
+  description = "The minimal number of instances"
+  default = 2
+}
+variable "instances_max_grop_size" {
+  type = number
+  description = "The maximal number of instances"
+  default = 10
+}
+variable "disk_type" {
+  type = string
+  description = "Storage space is much less expensive for a standard Persistent Disk. An SSD Persistent Disk is better for random IOPS or streaming throughput with low latency."
+  default = "SSD Persistent Disk"
+}
+variable "disk_size" {
+  type = number
+  description = "Disk size in GB - Persistent disk performance is tied to the size of the persistent disk volume. You are charged for the actual amount of provisioned disk space."
+  default = 100
+}
+resource "null_resource" "disk_size_validation" {
+  // Will fail if var.disk_size is less than 100 or more than 4096
+  count = var.disk_size >= 100 && var.disk_size <= 4096 ? 0 : "variable disk_size must be a number between 100 and 4096"
+}
+variable "enable_monitoring" {
+  type = bool
+  description = "Enable Stackdriver monitoring"
+  default = false
+}
\ No newline at end of file
diff --git a/deprecated/terraform/gcp/R8040-R81/autoscale-into-new-vpc/README.md b/deprecated/terraform/gcp/R8040-R81/autoscale-into-new-vpc/README.md
new file mode 100644
index 00000000..3439418c
--- /dev/null
+++ b/deprecated/terraform/gcp/R8040-R81/autoscale-into-new-vpc/README.md
@@ -0,0 +1,241 @@
+# Check Point Autoscale (MIG) Terraform module for GCP
+
+Terraform module which deploys an Auto Scaling Group of Check Point Security Gateways into a new VPC on GCP.
+
+These types of Terraform resources are supported:
+* [Network](https://www.terraform.io/docs/providers/google/d/compute_network.html)
+* [Subnetwork](https://www.terraform.io/docs/providers/google/r/compute_subnetwork.html)
+* [Instance Template](https://www.terraform.io/docs/providers/google/r/compute_instance_template.html)
+* [Firewall](https://www.terraform.io/docs/providers/google/r/compute_firewall.html) - conditional creation
+* [Instance Group Manager](https://www.terraform.io/docs/providers/google/r/compute_region_instance_group_manager.html)
+* [Autoscaler](https://www.terraform.io/docs/providers/google/r/compute_region_autoscaler.html)
+
+
+For additional information,
+please see the [CloudGuard Network for GCP Autoscaling MIG Deployment Guide](https://sc1.checkpoint.com/documents/IaaS/WebAdminGuides/EN/CP_CloudGuard_Network_for_GCP_Autoscaling_MIG/Default.htm)
+
+This solution uses the following modules:
+- /gcp/autoscale-into-existing-vpc
+
+Terraform is controlled via a very easy to use command-line interface (CLI). Terraform is only a single command-line application: **terraform**. 
+
+## Before you begin
+1. Create a project in the [Google Cloud Console](https://console.cloud.google.com/) and set up billing on that project.
+2. [Install Terraform](https://learn.hashicorp.com/tutorials/terraform/install-cli) and read the Terraform getting started guide that follows. This guide will assume basic proficiency with Terraform - it is an introduction to the Google provider.
+
+## Configuring the Provider
+The **main.tf** file includes the following provider configuration block used to configure the credentials you use to authenticate with GCP, as well as a default project and location for your resources:
+```
+provider "google" {
+  credentials = file(var.service_account_path)
+  project     = var.project
+  region      = var.region
+}
+...
+```
+1. [Create a Service Account](https://cloud.google.com/docs/authentication/getting-started) (or use the existing one). Next, download the JSON key file. Name it something you can remember and store it somewhere secure on your machine. <br/>
+2. Select "Editor" Role or verify you have the following permissions:
+    ```
+    compute.autoscalers.create
+    compute.autoscalers.delete
+    compute.autoscalers.get
+    compute.disks.create
+    compute.disks.delete
+    compute.firewalls.create
+    compute.firewalls.delete
+    compute.firewalls.get
+    compute.images.get
+    compute.images.useReadOnly
+    compute.instanceGroupManagers.create
+    compute.instanceGroupManagers.delete
+    compute.instanceGroupManagers.get
+    compute.instanceGroupManagers.use
+    compute.instanceTemplates.create
+    compute.instanceTemplates.delete
+    compute.instanceTemplates.get
+    compute.instanceTemplates.useReadOnly
+    compute.instances.create
+    compute.instances.delete
+    compute.instances.setMetadata
+    compute.instances.setTags
+    compute.networks.create
+    compute.networks.delete
+    compute.networks.get
+    compute.networks.updatePolicy
+    compute.regions.list
+    compute.subnetworks.create
+    compute.subnetworks.delete
+    compute.subnetworks.get
+    compute.subnetworks.use
+    compute.subnetworks.useExternalIp
+    iam.serviceAccountKeys.get
+    iam.serviceAccountKeys.list
+    iam.serviceAccounts.actAs
+    iam.serviceAccounts.get
+    iam.serviceAccounts.list
+    ```
+3. ```credentials``` - Your service account key file is used to complete a two-legged OAuth 2.0 flow to obtain access tokens to authenticate with the GCP API as needed; Terraform will use it to reauthenticate automatically when tokens expire. <br/> 
+The provider credentials can be provided either as static credentials or as [Environment Variables](https://www.terraform.io/docs/providers/google/guides/provider_reference.html#credentials-1).
+    - Static credentials can be provided by adding the path to your service-account json file, project-id and region in /gcp/modules/autoscale-into-new-vpc/**terraform.tfvars** file as follows:
+        ```
+        service_account_path = "service-accounts/service-account-file-name.json"
+        project = "project-id"
+        region = "us-central1"
+        ```
+     - In case the Environment Variables are used, perform modifications described below:<br/>
+        a. The next lines in the main.tf file, in the provider google resource, need to be deleted or commented:
+        ```
+        provider "google" {
+          //  credentials = file(var.service_account_path)
+          //  project = var.project
+       
+          region = var.region
+        }
+       ```
+       b.In the terraform.tfvars file leave empty double quotes for credentials and project variables:
+       ```
+       service_account_path = ""
+       project = ""
+       ```
+    ## Usage
+- Fill all variables in the /gcp/autoscale-into-new-vpc/**terraform.tfvars** file with proper values (see below for variables descriptions).
+- From a command line initialize the Terraform configuration directory:
+    ```
+    terraform init
+    ```
+- Create an execution plan:
+    ```
+    terraform plan
+    ```
+- Create or modify the deployment:
+    ```
+    terraform apply
+    ```
+  
+#### Variables are configured in autoscale-into-new-vpc/**terraform.tfvars** file as follows:
+```
+# --- Google Provider ---
+service_account_path = "service-accounts/service-account-file-name.json"
+project = "project-id"
+
+# --- Check Point---
+prefix = "chkp-tf-mig"
+license = "BYOL"
+image_name = "check-point-r8110-gw-byol-mig-335-985-v20220126"
+management_nic = "Ephemeral Public IP (eth0)"
+management_name = "tf-checkpoint-management"
+configuration_template_name = "tf-asg-autoprov-tmplt"
+admin_SSH_key = "ssh-rsa xxxxxxxxxxxxxxxxxxxxxxxx imported-openssh-key"
+network_defined_by_routes = true
+admin_shell = "/etc/cli.sh"
+allow_upload_download = true
+
+# --- Networking ---
+region = "us-central1"
+external_subnetwork_ip_cidr_range = "10.0.1.0/24"
+internal_subnetwork_ip_cidr_range = "10.0.2.0/24"
+ICMP_traffic = ["123.123.0.0/24", "234.234.0.0/24"]
+TCP_traffic = ["0.0.0.0/0"]
+UDP_traffic = []
+SCTP_traffic = []
+ESP_traffic = []
+
+# --- Instance Configuration ---
+machine_type = "n1-standard-4"
+cpu_usage = 60
+instances_min_grop_size = 2
+instances_max_grop_size = 10
+disk_type = "SSD Persistent Disk"
+disk_size = 100
+enable_monitoring = false
+```
+
+- To tear down your resources:
+    ```
+    terraform destroy
+    ```
+
+## Conditional creation
+To create Firewall and allow traffic for ICMP, TCP, UDP, SCTP or/and ESP - enter list of Source IP ranges.
+```
+ICMP_traffic = ["123.123.0.0/24", "234.234.0.0/24"]
+TCP_traffic = ["0.0.0.0/0"]
+UDP_traffic = []
+SCTP_traffic = []
+ESP_traffic = []
+```
+Please leave empty list for a protocol if you want to disable traffic for it.
+
+## Inputs
+| Name          | Description   | Type          | Allowed values | Default       | Required      |
+| ------------- | ------------- | ------------- | ------------- | ------------- | ------------- |
+| service_account_path | User service account path in JSON format - From the service account key page in the Cloud Console choose an existing account or create a new one. Next, download the JSON key file. Name it something you can remember, store it somewhere secure on your machine, and supply the path to the location is stored. (e.g. "service-accounts/service-account-name.json")  | string  | N/A | "" | yes |
+| project  | Personal project id. The project indicates the default GCP project all of your resources will be created in.  | string  | N/A | "" | yes |
+|  |  |  |  |  |
+| prefix | (Optional) Resources name prefix. | string | N/A | "chkp-tf-mig" | no |
+| license | Checkpoint license (BYOL or PAYG). | string | - BYOL <br/> - PAYG <br/> | "BYOL" | no |
+| image_name | The autoscaling (MIG) image name (e.g. check-point-r8110-gw-byol-mig-335-985-v20220126). You can choose the desired mig image value from [Github](https://github.com/CheckPointSW/CloudGuardIaaS/blob/master/gcp/deployment-packages/autoscale-byol/images.py). | string | N/A | N/A | yes |
+| management_nic | Management Interface - Autoscaling Security Gateways in GCP can be managed by an ephemeral public IP or using the private IP of the internal interface (eth1). | string | Ephemeral Public IP (eth0) <br/> - Private IP (eth1) | "Ephemeral Public IP (eth0)" | no |
+| management_name | The name of the Security Management Server as appears in autoprovisioning configuration. (Please enter a valid Security Management name including lowercase letters, digits and hyphens only). | string | N/A | "checkpoint-management" | no |
+| configuration_template_name | Specify the provisioning configuration template name (for autoprovisioning). (Please enter a valid autoprovisioing configuration template name including lowercase letters, digits and hyphens only). | string | N/A | "gcp-asg-autoprov-tmplt" | no |
+| admin_SSH_key | Public SSH key for the user 'admin' - The SSH public key for SSH authentication to the MIG instances. Leave this field blank to use all project-wide pre-configured SSH keys. | string | A valid public ssh key | "" | no |
+| network_defined_by_routes | Set eth1 topology to define the networks behind this interface by the routes configured on the gateway. | bool | true/false | true | no |
+| admin_shell | Change the admin shell to enable advanced command line configuration. | string | - /etc/cli.sh <br/> - /bin/bash <br/> - /bin/csh <br/> - /bin/tcsh | "/etc/cli.sh" | no |
+| allow_upload_download | Automatically download Blade Contracts and other important data. Improve product experience by sending data to Check Point | bool | true/false | true | no |
+|  |  |  |  |  |
+| region  | GCP region  | string  | N/A | N/A  | yes |
+| external_subnetwork_ip_cidr_range | The range of internal addresses that are owned by this subnetwork, only IPv4 is supported (e.g. "10.0.0.0/8" or "192.168.0.0/16"). | string | N/A | N/A | yes |
+| internal_subnetwork_ip_cidr_range | The range of internal addresses that are owned by this subnetwork, only IPv4 is supported (e.g. "10.0.0.0/8" or "192.168.0.0/16"). | string | N/A | N/A | yes |
+| ICMP_traffic | (Optional) Source IP ranges for ICMP traffic - Traffic is only allowed from sources within these IP address ranges. Use CIDR notation when entering ranges. Please leave empty list to unable ICMP traffic. | list(string) | N/A | [] | no |
+| TCP_traffic | (Optional) Source IP ranges for TCP traffic - Traffic is only allowed from sources within these IP address ranges. Use CIDR notation when entering ranges. Please leave empty list to unable TCP traffic. | list(string) | N/A | [] | no |
+| UDP_traffic | (Optional) Source IP ranges for UDP traffic - Traffic is only allowed from sources within these IP address ranges. Use CIDR notation when entering ranges. Please leave empty list to unable UDP traffic. | list(string) | N/A | [] | no |
+| SCTP_traffic | (Optional) Source IP ranges for SCTP traffic - Traffic is only allowed from sources within these IP address ranges. Use CIDR notation when entering ranges. Please leave empty list to unable SCTP traffic. | list(string) | N/A | [] | no |
+| ESP_traffic | (Optional) Source IP ranges for ESP traffic - Traffic is only allowed from sources within these IP address ranges. Use CIDR notation when entering ranges. Please leave empty list to unable ESP traffic. | list(string) | N/A | [] | no |
+|  |  |  |  |  |
+| machine_type | Machine Type. | string | N/A | "n1-standard-4" | no |
+| cpu_usage | Target CPU usage (%) - Autoscaling adds or removes instances in the group to maintain this level of CPU usage on each instance. | number | number between 10 and 90 | 60 | no |
+| instances_min_grop_size | The minimal number of instances | number | N/A | 2 | no |
+| instances_max_grop_size | The maximal number of instances | number | N/A | 10 | no |
+| disk_type | Storage space is much less expensive for a standard Persistent Disk. An SSD Persistent Disk is better for random IOPS or streaming throughput with low latency. | string | - SSD Persistent Disk <br/> - Balanced Persistent Disk <br/> - Standard Persistent Disk | "SSD Persistent Disk" | no |
+| disk_size | Disk size in GB - Persistent disk performance is tied to the size of the persistent disk volume. You are charged for the actual amount of provisioned disk space. | number | number between 100 and 4096 | 100 | no |
+| enable_monitoring | Enable Stackdriver monitoring | bool | true/false | false | no |
+
+
+
+## Outputs
+| Name  | Description |
+| ------------- | ------------- |
+| external_network_name  | The external network name in which the gateways will reside.  |
+| external_subnetwork_name  | The external subnetwork name.  |
+| internal_network_name  | The internal network name in which application servers reside.  |
+| internal_subnetwork_name  | The internal subnetwork name.  |
+| SIC_key  | Secure Internal Communication (SIC) initiation key.  |
+| management_name  | Security Management server name.  |
+| configuration_template_name  | Provisioning configuration template name.  |
+| instance_template_name  | Instance template name.  |
+| instance_group_manager_name  | Instance group manager name.  |
+| autoscaler_name  | Autoscaler name.  |
+| ICMP_firewall_rules_name  | If enable - the ICMP firewall rules name, otherwise, an empty list.  |
+| TCP_firewall_rules_name  | If enable - the TCP firewall rules name, otherwise, an empty list.  |
+| UDP_firewall_rules_name  | If enable - the UDP firewall rules name, otherwise, an empty list.  |
+| SCTP_firewall_rules_name  | If enable - the SCTP firewall rules name, otherwise, an empty list.  |
+| ESP_firewall_rules_name  | If enable - the ESP firewall rules name, otherwise, an empty list.  |
+ 
+## Revision History
+In order to check the template version refer to the [sk116585](https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk116585)
+
+| Template Version | Description   |
+| ---------------- | ------------- |
+| 20230109 | Updated startup script to use cloud-config. |
+| | | |
+| 20201208 | First release of Check Point CloudGuard IaaS Auto Scaling Group of Check Point Security Gateways Terraform solution into a new VPC on GCP. |
+| | | |
+|  | Addition of "template_type" parameter to "cloud-version" files. |
+| | | |
+
+## Authors
+
+
+## License
+
+This project is licensed under the MIT License - see the [LICENSE](../../../LICENSE) file for details
diff --git a/deprecated/terraform/gcp/R8040-R81/autoscale-into-new-vpc/locals.tf b/deprecated/terraform/gcp/R8040-R81/autoscale-into-new-vpc/locals.tf
new file mode 100644
index 00000000..451bbd93
--- /dev/null
+++ b/deprecated/terraform/gcp/R8040-R81/autoscale-into-new-vpc/locals.tf
@@ -0,0 +1,48 @@
+locals {
+  license_allowed_values = [
+    "BYOL",
+    "PAYG"]
+  // will fail if [var.license] is invalid:
+  validate_license = index(local.license_allowed_values, upper(var.license))
+
+  regex_validate_image_name = "check-point-r8[0-1][1-4]0-gw-(byol|payg)-mig-[0-9]{3}-([0-9]{3,}|[a-z]+)-v[0-9]{8,}"
+  // will fail if the image name is not in the right syntax
+  validate_image_name = length(regexall(local.regex_validate_image_name, var.image_name)) > 0 ? 0 : index(split("-", var.image_name), "INVALID IMAGE NAME")
+
+  management_nic_allowed_values = [
+    "Ephemeral Public IP (eth0)",
+    "Private IP (eth1)"]
+  // will fail if [var.management_nic] is invalid:
+  validate_management_nic = index(local.management_nic_allowed_values, var.management_nic)
+
+  regex_valid_management_name = "^([ -~]+)$"
+  // Will fail if var.management_name is invalid
+  regex_management_name = regex(local.regex_valid_management_name, var.management_name) == var.management_name ? 0 : "Variable [management_name] must be a valid Security Management name including ascii characters only"
+
+  regex_valid_configuration_template_name = "^([ -~]+)$"
+  // Will fail if var.configuration_template_name is invalid
+  regex_configuration_template_name = regex(local.regex_valid_configuration_template_name, var.configuration_template_name) == var.configuration_template_name ? 0 : "Variable [configuration_template_name] must be a valid autoprovisioing configuration template name including ascii characters only"
+
+  regex_valid_admin_SSH_key = "^(^$|ssh-rsa AAAA[0-9A-Za-z+/]+[=]{0,3})"
+  // Will fail if var.admin_SSH_key is invalid
+  regex_admin_SSH_key = regex(local.regex_valid_admin_SSH_key, var.admin_SSH_key) == var.admin_SSH_key ? 0 : "Please enter a valid SSH public key or leave empty"
+
+  admin_shell_allowed_values = [
+    "/etc/cli.sh",
+    "/bin/bash",
+    "/bin/csh",
+    "/bin/tcsh"]
+  // Will fail if var.admin_shell is invalid
+  validate_admin_shell = index(local.admin_shell_allowed_values, var.admin_shell)
+
+  regions_allowed_values = data.google_compute_regions.available_regions.names
+  // Will fail if var.region is invalid
+  validate_region = index(local.regions_allowed_values, var.region)
+
+  disk_type_allowed_values = [
+    "SSD Persistent Disk",
+    "Balanced Persistent Disk",
+    "Standard Persistent Disk"]
+  // Will fail if var.disk_type is invalid
+  validate_disk_type = index(local.disk_type_allowed_values, var.disk_type)
+}
\ No newline at end of file
diff --git a/deprecated/terraform/gcp/R8040-R81/autoscale-into-new-vpc/main.tf b/deprecated/terraform/gcp/R8040-R81/autoscale-into-new-vpc/main.tf
new file mode 100644
index 00000000..16ec2197
--- /dev/null
+++ b/deprecated/terraform/gcp/R8040-R81/autoscale-into-new-vpc/main.tf
@@ -0,0 +1,73 @@
+provider "google" {
+  credentials = file(var.service_account_path)
+  project     = var.project
+  region      = var.region
+}
+
+resource "random_string" "mig_random_string" {
+  length = 5
+  special = false
+  upper = false
+  keepers = {}
+}
+resource "google_compute_network" "external_network" {
+  name = "${var.prefix}-ext-network-${random_string.mig_random_string.result}"
+  auto_create_subnetworks = false
+}
+resource "google_compute_subnetwork" "external_subnetwork" {
+  name = "${var.prefix}-ext-subnet-${random_string.mig_random_string.result}"
+  ip_cidr_range = var.external_subnetwork_ip_cidr_range
+  region = var.region
+  network = google_compute_network.external_network.id
+}
+
+resource "google_compute_network" "internal_network" {
+  name = "${var.prefix}-int-network-${random_string.mig_random_string.result}"
+  auto_create_subnetworks = false
+}
+resource "google_compute_subnetwork" "internal_subnetwork" {
+  name = "${var.prefix}-int-subnet-${random_string.mig_random_string.result}"
+  ip_cidr_range = var.internal_subnetwork_ip_cidr_range
+  region = var.region
+  network = google_compute_network.internal_network.id
+}
+
+
+module "autoscale-into-existing-vpc" {
+  source = "../autoscale-into-existing-vpc"
+
+  service_account_path = var.service_account_path
+  project = var.project
+
+  # --- Check Point---
+  prefix = var.prefix
+  image_name = var.image_name
+  management_nic = var.management_nic
+  management_name = var.management_name
+  configuration_template_name = var.configuration_template_name
+  admin_SSH_key = var.admin_SSH_key
+  network_defined_by_routes = var.network_defined_by_routes
+  admin_shell = var.admin_shell
+  allow_upload_download = var.allow_upload_download
+
+  # --- Networking ---
+  region = var.region
+  external_network_name = google_compute_network.external_network.name
+  external_subnetwork_name = google_compute_subnetwork.external_subnetwork.name
+  internal_network_name = google_compute_network.internal_network.name
+  internal_subnetwork_name = google_compute_subnetwork.internal_subnetwork.name
+  ICMP_traffic = var.ICMP_traffic
+  TCP_traffic = var.TCP_traffic
+  UDP_traffic = var.UDP_traffic
+  SCTP_traffic = var.SCTP_traffic
+  ESP_traffic = var.ESP_traffic
+
+  # --- Instance Configuration ---
+  machine_type = var.machine_type
+  cpu_usage = var.cpu_usage
+  instances_min_grop_size = var.instances_min_grop_size
+  instances_max_grop_size = var.instances_max_grop_size
+  disk_type = var.disk_type
+  disk_size = var.disk_size
+  enable_monitoring = var.enable_monitoring
+}
\ No newline at end of file
diff --git a/deprecated/terraform/gcp/R8040-R81/autoscale-into-new-vpc/output.tf b/deprecated/terraform/gcp/R8040-R81/autoscale-into-new-vpc/output.tf
new file mode 100644
index 00000000..ef020e27
--- /dev/null
+++ b/deprecated/terraform/gcp/R8040-R81/autoscale-into-new-vpc/output.tf
@@ -0,0 +1,46 @@
+output "external_network_name" {
+  value = google_compute_network.external_network.name
+}
+output "external_subnetwork_name" {
+  value = google_compute_subnetwork.external_subnetwork.name
+}
+output "internal_network_name" {
+  value = google_compute_network.internal_network.name
+}
+output "internal_subnetwork_name" {
+  value = google_compute_subnetwork.internal_subnetwork.name
+}
+
+output "SIC_key" {
+  value = module.autoscale-into-existing-vpc.SIC_key
+}
+output "management_name" {
+  value = var.management_name
+}
+output "configuration_template_name" {
+  value = var.configuration_template_name
+}
+output "instance_template_name" {
+  value = module.autoscale-into-existing-vpc.instance_template_name
+}
+output "instance_group_manager_name" {
+  value = module.autoscale-into-existing-vpc.instance_group_manager_name
+}
+output "autoscaler_name" {
+  value = module.autoscale-into-existing-vpc.autoscaler_name
+}
+output "ICMP_firewall_rules_name" {
+  value = module.autoscale-into-existing-vpc.ICMP_firewall_rules_name
+}
+output "TCP_firewall_rules_name" {
+  value = module.autoscale-into-existing-vpc.TCP_firewall_rules_name
+}
+output "UDP_firewall_rules_name" {
+  value = module.autoscale-into-existing-vpc.UDP_firewall_rules_name
+}
+output "SCTP_firewall_rules_name" {
+  value = module.autoscale-into-existing-vpc.SCTP_firewall_rules_name
+}
+output "ESP_firewall_rules_name" {
+  value = module.autoscale-into-existing-vpc.ESP_firewall_rules_name
+}
diff --git a/deprecated/terraform/gcp/R8040-R81/autoscale-into-new-vpc/terraform.tfvars b/deprecated/terraform/gcp/R8040-R81/autoscale-into-new-vpc/terraform.tfvars
new file mode 100644
index 00000000..48fe765a
--- /dev/null
+++ b/deprecated/terraform/gcp/R8040-R81/autoscale-into-new-vpc/terraform.tfvars
@@ -0,0 +1,34 @@
+# --- Google Provider ---
+service_account_path              = "PLEASE ENTER SERVICE ACCOUNT PATH"           # "service-accounts/service-account-file-name.json"
+project                           = "PLEASE ENTER PROJECT ID"                     # "project-id"
+
+# --- Check Point---
+prefix                            = "PLEASE ENTER PREFIX"                         # "chkp-tf-mig"
+license                           = "PLEASE ENTER LICENSE"                        # "BYOL"
+image_name                        = "PLEASE ENTER IMAGE NAME"                     # "check-point-r8110-gw-byol-mig-335-985-v20220126"
+management_nic                    = "PLEASE ENTER MANAGEMENT INTERFACE"           # "Ephemeral Public IP (eth0)"
+management_name                   = "PLEASE ENTER MANAGEMENT NAME"                # "tf-checkpoint-management"
+configuration_template_name       = "PLEASE ENTER CONFIGURATION TEMPLATE NAME"    # "tf-asg-autoprov-tmplt"
+admin_SSH_key                     = "PLEASE ENTER ADMIN SSH KEY"                  # "ssh-rsa xxxxxxxxxxxxxxxxxxxxxxxx imported-openssh-key"
+network_defined_by_routes         = "PLEASE ENTER true OR false"                  # true
+admin_shell                       = "PLEASE ENTER ADMIN SHELL"                    # "/etc/cli.sh"
+allow_upload_download             = "PLEASE ENTER true OR false"                  # true
+
+# --- Networking ---
+region                            = "PLEASE ENTER REGION"                         # "us-central1"
+external_subnetwork_ip_cidr_range = "PLEASE ENTER EXTERNAL SUBNETWORK CIDR"       # "10.0.1.0/24"
+internal_subnetwork_ip_cidr_range = "PLEASE ENTER INTERNAL SUBNETWORK CIDR"       # "10.0.2.0/24"
+ICMP_traffic                      = "PLEASE ENTER ICMP SOURCE IP RANGES"          # ["123.123.0.0/24", "234.234.0.0/24"]
+TCP_traffic                       = "PLEASE ENTER TCP SOURCE IP RANGES"           # ["0.0.0.0/0"]
+UDP_traffic                       = "PLEASE ENTER UDP SOURCE IP RANGES"           # []
+SCTP_traffic                      = "PLEASE ENTER SCTP SOURCE IP RANGES"          # []
+ESP_traffic                       = "PLEASE ENTER ESP SOURCE IP RANGES"           # []
+
+# --- Instance Configuration ---
+machine_type                      = "PLEASE ENTER MACHINE TYPE"                   # "n1-standard-4"
+cpu_usage                         = "PLEASE ENTER CPU USAGE"                      # 60
+instances_min_grop_size           = "PLEASE ENTER INSTANCES MIN GROP SIZE"        # 2
+instances_max_grop_size           = "PLEASE ENTER INSTANCES MAX GROP SIZE"        # 10
+disk_type                         = "PLEASE ENTER DISK TYPE"                      # "SSD Persistent Disk"
+disk_size                         = "PLEASE ENTER DISK SIZE"                      # 100
+enable_monitoring                 = "PLEASE ENTER true OR false"                  # false
\ No newline at end of file
diff --git a/deprecated/terraform/gcp/R8040-R81/autoscale-into-new-vpc/variables.tf b/deprecated/terraform/gcp/R8040-R81/autoscale-into-new-vpc/variables.tf
new file mode 100644
index 00000000..f19a77d2
--- /dev/null
+++ b/deprecated/terraform/gcp/R8040-R81/autoscale-into-new-vpc/variables.tf
@@ -0,0 +1,150 @@
+# Check Point CloudGuard IaaS Autoscaling - Terraform Template
+
+# --- Google Provider ---
+variable "service_account_path" {
+  type = string
+  description = "User service account path in JSON format - From the service account key page in the Cloud Console choose an existing account or create a new one. Next, download the JSON key file. Name it something you can remember, store it somewhere secure on your machine, and supply the path to the location is stored."
+  default = ""
+}
+variable "project" {
+  type = string
+  description = "Personal project id. The project indicates the default GCP project all of your resources will be created in."
+  default = ""
+}
+
+# --- Check Point---
+variable "prefix" {
+  type = string
+  description = "(Optional) Resources name prefix"
+  default = "chkp-tf-mig"
+}
+variable "license" {
+  type = string
+  description = "Checkpoint license (BYOL or PAYG)."
+  default = "BYOL"
+}
+variable "image_name" {
+  type = string
+  description = "The autoscaling (MIG) image name (e.g. check-point-r8110-gw-byol-mig-335-985-v20220126). You can choose the desired mig image value from: https://github.com/CheckPointSW/CloudGuardIaaS/blob/master/gcp/deployment-packages/autoscale-byol/images.py"
+}
+variable "management_nic" {
+  type = string
+  description = "Management Interface - Autoscaling Security Gateways in GCP can be managed by an ephemeral public IP or using the private IP of the internal interface (eth1)."
+  default = "Ephemeral Public IP (eth0)"
+}
+variable "management_name" {
+  type = string
+  description = "The name of the Security Management Server as appears in autoprovisioning configuration. (Please enter a valid Security Management name including ascii characters only)"
+  default = "tf-checkpoint-management"
+}
+variable "configuration_template_name" {
+  type = string
+  description = "Specify the provisioning configuration template name (for autoprovisioning). (Please enter a valid autoprovisioing configuration template name including ascii characters only)"
+  default = "tf-asg-autoprov-tmplt"
+}
+variable "admin_SSH_key" {
+  type = string
+  description = "(Optional) The SSH public key for SSH authentication to the MIG instances. Leave this field blank to use all project-wide pre-configured SSH keys."
+  default = ""
+}
+variable "network_defined_by_routes" {
+  type = bool
+  description = "Set eth1 topology to define the networks behind this interface by the routes configured on the gateway."
+  default = true
+}
+variable "admin_shell" {
+  type = string
+  description = "Change the admin shell to enable advanced command line configuration."
+  default = "/etc/cli.sh"
+}
+variable "allow_upload_download" {
+  type = bool
+  description = "Automatically download Blade Contracts and other important data. Improve product experience by sending data to Check Point"
+  default = true
+}
+
+# --- Networking ---
+data "google_compute_regions" "available_regions" {
+}
+variable "region" {
+  type = string
+  default = "us-central1"
+}
+
+variable "external_subnetwork_ip_cidr_range" {
+  type = string
+  description = "The range of external addresses that are owned by this subnetwork, only IPv4 is supported (e.g. \"10.0.0.0/8\" or \"192.168.0.0/16\")."
+}
+variable "internal_subnetwork_ip_cidr_range" {
+  type = string
+  description = "The range of internal addresses that are owned by this subnetwork, only IPv4 is supported (e.g. \"10.0.0.0/8\" or \"192.168.0.0/16\")."
+}
+variable "ICMP_traffic" {
+  type = list(string)
+  description = "(Optional) Source IP ranges for ICMP traffic - Traffic is only allowed from sources within these IP address ranges. Use CIDR notation when entering ranges. Please leave empty list to unable ICMP traffic."
+  default = []
+}
+variable "TCP_traffic" {
+  type = list(string)
+  description = "(Optional) Source IP ranges for TCP traffic - Traffic is only allowed from sources within these IP address ranges. Use CIDR notation when entering ranges. Please leave empty list to unable TCP traffic."
+  default = []
+}
+variable "UDP_traffic" {
+  type = list(string)
+  description = "(Optional) Source IP ranges for UDP traffic - Traffic is only allowed from sources within these IP address ranges. Use CIDR notation when entering ranges. Please leave empty list to unable UDP traffic."
+  default = []
+}
+variable "SCTP_traffic" {
+  type = list(string)
+  description = "(Optional) Source IP ranges for SCTP traffic - Traffic is only allowed from sources within these IP address ranges. Use CIDR notation when entering ranges. Please leave empty list to unable SCTP traffic."
+  default = []
+}
+variable "ESP_traffic" {
+  type = list(string)
+  description = "(Optional) Source IP ranges for ESP traffic - Traffic is only allowed from sources within these IP address ranges. Use CIDR notation when entering ranges. Please leave empty list to unable ESP traffic."
+  default = []
+}
+
+# --- Instance Configuration ---
+variable "machine_type" {
+  type = string
+  default = "n1-standard-4"
+}
+variable "cpu_usage" {
+  type = number
+  description = "Target CPU usage (%) - Autoscaling adds or removes instances in the group to maintain this level of CPU usage on each instance."
+  default = 60
+}
+resource "null_resource" "cpu_usage_validation" {
+  // Will fail if var.cpu_usage is less than 10 or more than 90
+  count = var.cpu_usage >= 10 && var.cpu_usage <= 90 ? 0 : "variable cpu_usage must be a number between 10 and 90"
+}
+variable "instances_min_grop_size" {
+  type = number
+  description = "The minimal number of instances"
+  default = 2
+}
+variable "instances_max_grop_size" {
+  type = number
+  description = "The maximal number of instances"
+  default = 10
+}
+variable "disk_type" {
+  type = string
+  description = "Storage space is much less expensive for a standard Persistent Disk. An SSD Persistent Disk is better for random IOPS or streaming throughput with low latency."
+  default = "SSD Persistent Disk"
+}
+variable "disk_size" {
+  type = number
+  description = "Disk size in GB - Persistent disk performance is tied to the size of the persistent disk volume. You are charged for the actual amount of provisioned disk space."
+  default = 100
+}
+resource "null_resource" "disk_size_validation" {
+  // Will fail if var.disk_size is less than 100 or more than 4096
+  count = var.disk_size >= 100 && var.disk_size <= 4096 ? 0 : "variable disk_size must be a number between 100 and 4096"
+}
+variable "enable_monitoring" {
+  type = bool
+  description = "Enable Stackdriver monitoring"
+  default = false
+}
\ No newline at end of file
diff --git a/deprecated/terraform/gcp/R8040-R81/common/cluster-member/main.tf b/deprecated/terraform/gcp/R8040-R81/common/cluster-member/main.tf
new file mode 100644
index 00000000..c740f8b3
--- /dev/null
+++ b/deprecated/terraform/gcp/R8040-R81/common/cluster-member/main.tf
@@ -0,0 +1,130 @@
+locals {
+  disk_type_condition = var.disk_type == "SSD Persistent Disk" ? "pd-ssd" : var.disk_type == "Standard Persistent Disk" ? "pd-standard" : ""
+  admin_SSH_key_condition = var.admin_SSH_key != "" ? true : false
+}
+
+resource "google_compute_address" "member_ip_address" {
+  name = "${var.member_name}-address"
+  region = var.region
+}
+
+resource "google_compute_instance" "cluster_member" {
+  name = var.member_name
+  description = "CloudGuard Highly Available Security Cluster"
+  zone = var.zone
+  tags = [
+    "checkpoint-gateway"]
+  machine_type = var.machine_type
+  can_ip_forward = true
+
+  boot_disk {
+    auto_delete = true
+    device_name = "${var.prefix}-boot"
+
+    initialize_params {
+      size = var.disk_size
+      type = local.disk_type_condition
+      image = var.image_name
+    }
+  }
+
+  network_interface {
+    network = var.cluster_network[0]
+    subnetwork = var.cluster_network_subnetwork[0]
+  }
+  network_interface {
+    network = var.mgmt_network[0]
+    subnetwork = var.mgmt_network_subnetwork[0]
+    access_config {
+      nat_ip = google_compute_address.member_ip_address.address
+    }
+  }
+  dynamic "network_interface" {
+    for_each = var.num_internal_networks >= 1 ? [
+      1] : []
+    content {
+      network = var.internal_network1_network[0]
+      subnetwork = var.internal_network1_subnetwork[0]
+    }
+  }
+  dynamic "network_interface" {
+    for_each = var.num_internal_networks >= 2 ? [
+      1] : []
+    content {
+      network = var.internal_network2_network[0]
+      subnetwork = var.internal_network2_subnetwork[0]
+    }
+  }
+  dynamic "network_interface" {
+    for_each = var.num_internal_networks >= 3 ? [
+      1] : []
+    content {
+      network = var.internal_network3_network[0]
+      subnetwork = var.internal_network3_subnetwork[0]
+    }
+  }
+  dynamic "network_interface" {
+    for_each = var.num_internal_networks >= 4 ? [
+      1] : []
+    content {
+      network = var.internal_network4_network[0]
+      subnetwork = var.internal_network4_subnetwork[0]
+    }
+  }
+  dynamic "network_interface" {
+    for_each = var.num_internal_networks >= 5 ? [
+      1] : []
+    content {
+      network = var.internal_network5_network[0]
+      subnetwork = var.internal_network5_subnetwork[0]
+    }
+  }
+  dynamic "network_interface" {
+    for_each = var.num_internal_networks == 6 ? [
+      1] : []
+    content {
+      network = var.internal_network6_network[0]
+      subnetwork = var.internal_network6_subnetwork[0]
+    }
+  }
+
+  service_account {
+    
+    scopes = [
+      "https://www.googleapis.com/auth/monitoring.write",
+      "https://www.googleapis.com/auth/compute",
+      "https://www.googleapis.com/auth/cloudruntimeconfig"]
+  }
+
+  metadata = local.admin_SSH_key_condition ? {
+    instanceSSHKey = var.admin_SSH_key
+    adminPasswordSourceMetadata = var.generate_password ? var.generated_admin_password : ""
+  } : { adminPasswordSourceMetadata = var.generate_password ? var.generated_admin_password : "" }
+
+  metadata_startup_script = templatefile("${path.module}/../startup-script.sh", {
+    // script's arguments
+    generatePassword = var.generate_password
+    config_url = "https://runtimeconfig.googleapis.com/v1beta1/projects/${var.project}/configs/${var.prefix}-config"
+    config_path = "projects/${var.project}/configs/${var.prefix}-config"
+    sicKey = var.sic_key
+    allowUploadDownload = var.allow_upload_download
+    templateName = "cluster_tf"
+    templateVersion = "20230109"
+    templateType = "terraform"
+    mgmtNIC = ""
+    hasInternet = "true"
+    enableMonitoring = var.enable_monitoring
+    shell = var.admin_shell
+    installationType = "Cluster"
+    computed_sic_key = ""
+    managementGUIClientNetwork = ""
+    primary_cluster_address_name = var.primary_cluster_address_name
+    secondary_cluster_address_name = var.secondary_cluster_address_name
+    managementNetwork = var.management_network
+    numAdditionalNICs = var.num_internal_networks
+    smart_1_cloud_token = "${var.member_name}" == "${var.prefix}-member-a" ? var.smart_1_cloud_token_a : var.smart_1_cloud_token_b
+    name = var.member_name
+    zoneConfig = var.zone
+    region = var.region
+  })
+}
\ No newline at end of file
diff --git a/deprecated/terraform/gcp/R8040-R81/common/cluster-member/output.tf b/deprecated/terraform/gcp/R8040-R81/common/cluster-member/output.tf
new file mode 100644
index 00000000..ab8ad2dc
--- /dev/null
+++ b/deprecated/terraform/gcp/R8040-R81/common/cluster-member/output.tf
@@ -0,0 +1,6 @@
+output "cluster_member_name" {
+  value = google_compute_instance.cluster_member.name
+}
+output "cluster_member_ip_address" {
+  value = google_compute_address.member_ip_address.address
+}
diff --git a/deprecated/terraform/gcp/R8040-R81/common/cluster-member/variables.tf b/deprecated/terraform/gcp/R8040-R81/common/cluster-member/variables.tf
new file mode 100644
index 00000000..51b0e1d9
--- /dev/null
+++ b/deprecated/terraform/gcp/R8040-R81/common/cluster-member/variables.tf
@@ -0,0 +1,174 @@
+variable "prefix" {
+  type = string
+  description = "(Optional) Resources name prefix"
+  default = "chkp-tf-ha"
+}
+variable "member_name" {
+  type = string
+}
+variable "region" {
+  type = string
+  default = "us-central1"
+}
+variable "zone" {
+  type = string
+  default = "us-central1-a"
+}
+variable "machine_type" {
+  type = string
+  description = "Machine types determine the specifications of your machines, such as the amount of memory, virtual cores, and persistent disk limits an instance will have."
+  default = "n1-standard-4"
+}
+variable "disk_size" {
+  type = number
+  description = "Disk size in GB - Persistent disk performance is tied to the size of the persistent disk volume. You are charged for the actual amount of provisioned disk space."
+  default = 100
+}
+variable "disk_type" {
+  type = string
+  description = "Storage space is much less expensive for a standard Persistent Disk. An SSD Persistent Disk is better for random IOPS or streaming throughput with low latency."
+  default = "SSD Persistent Disk"
+}
+variable "image_name" {
+  type = string
+  description = "The High Availability (cluster) image name (e.g. check-point-r8110-gw-byol-cluster-335-985-v20220126). You can choose the desired cluster image value from: https://github.com/CheckPointSW/CloudGuardIaaS/blob/master/gcp/deployment-packages/ha-byol/images.py"
+}
+variable "cluster_network" {
+  type = list(string)
+  description = "Cluster external network ID in the chosen zone."
+}
+variable "cluster_network_subnetwork" {
+  type = list(string)
+  description = "Cluster subnet ID in the chosen network."
+}
+variable "mgmt_network" {
+  type = list(string)
+  description = "Management network ID in the chosen zone."
+}
+variable "mgmt_network_subnetwork" {
+  type = list(string)
+  description = "Management subnet ID in the chosen network."
+}
+variable "num_internal_networks" {
+  type = number
+  description = "A number in the range 1 - 6 of internal network interfaces."
+  default = 1
+}
+variable "internal_network1_network" {
+  type = list(string)
+  description = "1st internal network ID in the chosen zone."
+  default = []
+}
+variable "internal_network1_subnetwork" {
+  type = list(string)
+  description = "1st internal subnet ID in the chosen network."
+  default = []
+}
+variable "internal_network2_network" {
+  type = list(string)
+  description = "2nd internal network ID in the chosen zone."
+  default = []
+}
+variable "internal_network2_subnetwork" {
+  type = list(string)
+  description = "2nd internal subnet ID in the chosen network."
+  default = []
+}
+variable "internal_network3_network" {
+  type = list(string)
+  description = "3rd internal network ID in the chosen zone."
+  default = []
+}
+variable "internal_network3_subnetwork" {
+  type = list(string)
+  description = "3rd internal subnet ID in the chosen network."
+  default = []
+}
+variable "internal_network4_network" {
+  type = list(string)
+  description = "4th internal network ID in the chosen zone."
+  default = []
+}
+variable "internal_network4_subnetwork" {
+  type = list(string)
+  description = "4th internal subnet ID in the chosen network."
+  default = []
+}
+variable "internal_network5_network" {
+  type = list(string)
+  description = "5th internal network ID in the chosen zone."
+  default = []
+}
+variable "internal_network5_subnetwork" {
+  type = list(string)
+  description = "5th internal subnet ID in the chosen network."
+  default = []
+}
+variable "internal_network6_network" {
+  type = list(string)
+  description = "6th internal network ID in the chosen zone."
+  default = []
+}
+variable "internal_network6_subnetwork" {
+  type = list(string)
+  description = "6th internal subnet ID in the chosen network."
+  default = []
+}
+variable "admin_SSH_key" {
+  type = string
+  description = "(Optional) The SSH public key for SSH authentication to the MIG instances. Leave this field blank to use all project-wide pre-configured SSH keys."
+  default = ""
+}
+variable "project" {
+  type = string
+  description = "Personal project id. The project indicates the default GCP project all of your resources will be created in."
+  default = ""
+}
+variable "generate_password" {
+  type = bool
+  description = "Automatically generate an administrator password."
+  default = false
+}
+variable "sic_key" {
+  type = string
+  description = "The Secure Internal Communication one time secret used to set up trust between the cluster object and the management server. At least 8 alpha numeric characters. If SIC is not provided and needed, a key will be automatically generated"
+}
+variable "allow_upload_download" {
+  type = bool
+  description = "Allow download from/upload to Check Point."
+  default = false
+}
+variable "enable_monitoring" {
+  type = bool
+  description = "Enable Stackdriver monitoring"
+  default = false
+}
+variable "admin_shell" {
+  type = string
+  description = "Change the admin shell to enable advanced command line configuration."
+  default = "/etc/cli.sh"
+}
+variable "smart_1_cloud_token_a" {
+  type = string
+  description ="(Optional) Smart-1 cloud token for member A to connect this Gateway to Check Point's Security Management as a Service"
+  default = ""
+}
+variable "smart_1_cloud_token_b" {
+  type = string
+  description ="(Optional) Smart-1 cloud token for member B to connect this Gateway to Check Point's Security Management as a Service"
+  default = ""
+}
+variable "management_network" {
+  type = string
+  description = "Security Management Server address - The public address of the Security Management Server, in CIDR notation. If using Smart-1 Cloud management, insert 'S1C'. VPN peers addresses cannot be in this CIDR block, so this value cannot be the zero-address."
+}
+variable "generated_admin_password" {
+  type = string
+  description = "administrator password"
+}
+variable "primary_cluster_address_name" {
+  type = string
+}
+variable "secondary_cluster_address_name" {
+  type = string
+}
\ No newline at end of file
diff --git a/deprecated/terraform/gcp/R8040-R81/common/firewall-rule/main.tf b/deprecated/terraform/gcp/R8040-R81/common/firewall-rule/main.tf
new file mode 100644
index 00000000..9f440b4a
--- /dev/null
+++ b/deprecated/terraform/gcp/R8040-R81/common/firewall-rule/main.tf
@@ -0,0 +1,10 @@
+resource "google_compute_firewall" "firewall_rules" {
+  name = var.rule_name
+  network = var.network[0]
+  allow {
+    protocol = var.protocol
+  }
+  source_ranges = var.source_ranges
+  target_tags = [
+    "checkpoint-gateway"]
+}
\ No newline at end of file
diff --git a/deprecated/terraform/gcp/R8040-R81/common/firewall-rule/output.tf b/deprecated/terraform/gcp/R8040-R81/common/firewall-rule/output.tf
new file mode 100644
index 00000000..e6088959
--- /dev/null
+++ b/deprecated/terraform/gcp/R8040-R81/common/firewall-rule/output.tf
@@ -0,0 +1,3 @@
+output "firewall_rule_name" {
+  value = google_compute_firewall.firewall_rules.name
+}
\ No newline at end of file
diff --git a/deprecated/terraform/gcp/R8040-R81/common/firewall-rule/variables.tf b/deprecated/terraform/gcp/R8040-R81/common/firewall-rule/variables.tf
new file mode 100644
index 00000000..39ac095b
--- /dev/null
+++ b/deprecated/terraform/gcp/R8040-R81/common/firewall-rule/variables.tf
@@ -0,0 +1,17 @@
+variable "protocol" {
+  type = string
+  description = "The IP protocol to which this rule applies."
+}
+variable "source_ranges" {
+  type = list(string)
+  description = "(Optional) Source IP ranges for the protocol traffic - Traffic is only allowed from sources within these IP address ranges. Use CIDR notation when entering ranges. For gateway only. Please leave empty list to unable this protocol traffic."
+  default = []
+}
+variable "rule_name" {
+  type = string
+  description = "Firewall rule name."
+}
+variable "network" {
+  type = list(string)
+  description = "The name or self_link of the network to attach this firewall to."
+}
\ No newline at end of file
diff --git a/deprecated/terraform/gcp/R8040-R81/common/members-a-b/main.tf b/deprecated/terraform/gcp/R8040-R81/common/members-a-b/main.tf
new file mode 100644
index 00000000..d40ae6d1
--- /dev/null
+++ b/deprecated/terraform/gcp/R8040-R81/common/members-a-b/main.tf
@@ -0,0 +1,85 @@
+module "member_a" {
+  source = "../cluster-member"
+
+  prefix = var.prefix
+  member_name = "${var.prefix}-member-a"
+  region = var.region
+  zone = var.zoneA
+  machine_type = var.machine_type
+  disk_size = var.disk_size
+  disk_type = var.disk_type
+  image_name = var.image_name
+  cluster_network = var.cluster_network
+  cluster_network_subnetwork = var.cluster_network_subnetwork
+  mgmt_network = var.mgmt_network
+  mgmt_network_subnetwork = var.mgmt_network_subnetwork
+  num_internal_networks = var.num_internal_networks
+  internal_network1_network = var.internal_network1_network
+  internal_network1_subnetwork = var.internal_network1_subnetwork
+  internal_network2_network = var.internal_network2_network
+  internal_network2_subnetwork = var.internal_network2_subnetwork
+  internal_network3_network = var.internal_network3_network
+  internal_network3_subnetwork = var.internal_network3_subnetwork
+  internal_network4_network = var.internal_network4_network
+  internal_network4_subnetwork = var.internal_network4_subnetwork
+  internal_network5_network = var.internal_network5_network
+  internal_network5_subnetwork = var.internal_network5_subnetwork
+  internal_network6_network = var.internal_network6_network
+  internal_network6_subnetwork = var.internal_network6_subnetwork
+  admin_SSH_key = var.admin_SSH_key
+  generated_admin_password = var.generated_admin_password
+  project = var.project
+  generate_password = var.generate_password
+  sic_key = var.sic_key
+  allow_upload_download = var.allow_upload_download
+  enable_monitoring = var.enable_monitoring
+  admin_shell = var.admin_shell
+  management_network = var.management_network
+  primary_cluster_address_name = var.primary_cluster_address_name
+  secondary_cluster_address_name = var.secondary_cluster_address_name
+  smart_1_cloud_token_a = var.smart_1_cloud_token_a
+  smart_1_cloud_token_b = var.smart_1_cloud_token_b
+}
+
+module "member_b" {
+  source = "../cluster-member"
+
+  prefix = var.prefix
+  member_name = "${var.prefix}-member-b"
+  region = var.region
+  zone = var.zoneB
+  machine_type = var.machine_type
+  disk_size = var.disk_size
+  disk_type = var.disk_type
+  image_name = var.image_name
+  cluster_network = var.cluster_network
+  cluster_network_subnetwork = var.cluster_network_subnetwork
+  mgmt_network = var.mgmt_network
+  mgmt_network_subnetwork = var.mgmt_network_subnetwork
+  num_internal_networks = var.num_internal_networks
+  internal_network1_network = var.internal_network1_network
+  internal_network1_subnetwork = var.internal_network1_subnetwork
+  internal_network2_network = var.internal_network2_network
+  internal_network2_subnetwork = var.internal_network2_subnetwork
+  internal_network3_network = var.internal_network3_network
+  internal_network3_subnetwork = var.internal_network3_subnetwork
+  internal_network4_network = var.internal_network4_network
+  internal_network4_subnetwork = var.internal_network4_subnetwork
+  internal_network5_network = var.internal_network5_network
+  internal_network5_subnetwork = var.internal_network5_subnetwork
+  internal_network6_network = var.internal_network6_network
+  internal_network6_subnetwork = var.internal_network6_subnetwork
+  admin_SSH_key = var.admin_SSH_key
+  generated_admin_password = var.generated_admin_password
+  project = var.project
+  generate_password = var.generate_password
+  sic_key = var.sic_key
+  allow_upload_download = var.allow_upload_download
+  enable_monitoring = var.enable_monitoring
+  admin_shell = var.admin_shell
+  management_network = var.management_network
+  primary_cluster_address_name = var.primary_cluster_address_name
+  secondary_cluster_address_name = var.secondary_cluster_address_name
+  smart_1_cloud_token_a = var.smart_1_cloud_token_a
+  smart_1_cloud_token_b = var.smart_1_cloud_token_b
+}
diff --git a/deprecated/terraform/gcp/R8040-R81/common/members-a-b/output.tf b/deprecated/terraform/gcp/R8040-R81/common/members-a-b/output.tf
new file mode 100644
index 00000000..2398e6f3
--- /dev/null
+++ b/deprecated/terraform/gcp/R8040-R81/common/members-a-b/output.tf
@@ -0,0 +1,13 @@
+output "member_a_name" {
+  value = module.member_a.cluster_member_name
+}
+output "member_a_external_ip" {
+  value = module.member_a.cluster_member_ip_address
+}
+
+output "member_b_name" {
+  value = module.member_b.cluster_member_name
+}
+output "member_b_external_ip" {
+  value = module.member_b.cluster_member_ip_address
+}
\ No newline at end of file
diff --git a/deprecated/terraform/gcp/R8040-R81/common/members-a-b/variables.tf b/deprecated/terraform/gcp/R8040-R81/common/members-a-b/variables.tf
new file mode 100644
index 00000000..4a5b6e04
--- /dev/null
+++ b/deprecated/terraform/gcp/R8040-R81/common/members-a-b/variables.tf
@@ -0,0 +1,175 @@
+variable "prefix" {
+  type = string
+  description = "(Optional) Resources name prefix"
+  default = "chkp-tf-ha"
+}
+variable "region" {
+  type = string
+  default = "us-central1"
+}
+variable "zoneA" {
+  type = string
+  default = "us-central1-a"
+}
+variable "zoneB" {
+  type = string
+  default = "us-central1-a"
+}
+variable "machine_type" {
+  type = string
+  description = "Machine types determine the specifications of your machines, such as the amount of memory, virtual cores, and persistent disk limits an instance will have."
+  default = "n1-standard-4"
+}
+variable "disk_size" {
+  type = number
+  description = "Disk size in GB - Persistent disk performance is tied to the size of the persistent disk volume. You are charged for the actual amount of provisioned disk space."
+  default = 100
+}
+variable "disk_type" {
+  type = string
+  description = "Storage space is much less expensive for a standard Persistent Disk. An SSD Persistent Disk is better for random IOPS or streaming throughput with low latency."
+  default = "SSD Persistent Disk"
+}
+variable "image_name" {
+  type = string
+  description = "The High Availability (cluster) image name (e.g. check-point-r8110-gw-byol-cluster-335-985-v20220126). You can choose the desired cluster image value from: https://github.com/CheckPointSW/CloudGuardIaaS/blob/master/gcp/deployment-packages/ha-byol/images.py"
+}
+variable "cluster_network" {
+  type = list(string)
+  description = "Cluster external network ID in the chosen zone."
+}
+variable "cluster_network_subnetwork" {
+  type = list(string)
+  description = "Cluster subnet ID in the chosen network."
+}
+variable "mgmt_network" {
+  type = list(string)
+  description = "Management network ID in the chosen zone."
+}
+variable "mgmt_network_subnetwork" {
+  type = list(string)
+  description = "Management subnet ID in the chosen network."
+}
+variable "num_internal_networks" {
+  type = number
+  description = "A number in the range 1 - 6 of internal network interfaces."
+  default = 1
+}
+variable "internal_network1_network" {
+  type = list(string)
+  description = "1st internal network ID in the chosen zone."
+  default = []
+}
+variable "internal_network1_subnetwork" {
+  type = list(string)
+  description = "1st internal subnet ID in the chosen network."
+  default = []
+}
+variable "internal_network2_network" {
+  type = list(string)
+  description = "2nd internal network ID in the chosen zone."
+  default = []
+}
+variable "internal_network2_subnetwork" {
+  type = list(string)
+  description = "2nd internal subnet ID in the chosen network."
+  default = []
+}
+variable "internal_network3_network" {
+  type = list(string)
+  description = "3rd internal network ID in the chosen zone."
+  default = []
+}
+variable "internal_network3_subnetwork" {
+  type = list(string)
+  description = "3rd internal subnet ID in the chosen network."
+  default = []
+}
+variable "internal_network4_network" {
+  type = list(string)
+  description = "4th internal network ID in the chosen zone."
+  default = []
+}
+variable "internal_network4_subnetwork" {
+  type = list(string)
+  description = "4th internal subnet ID in the chosen network."
+  default = []
+}
+variable "internal_network5_network" {
+  type = list(string)
+  description = "5th internal network ID in the chosen zone."
+  default = []
+}
+variable "internal_network5_subnetwork" {
+  type = list(string)
+  description = "5th internal subnet ID in the chosen network."
+  default = []
+}
+variable "internal_network6_network" {
+  type = list(string)
+  description = "6th internal network ID in the chosen zone."
+  default = []
+}
+variable "internal_network6_subnetwork" {
+  type = list(string)
+  description = "6th internal subnet ID in the chosen network."
+  default = []
+}
+variable "admin_SSH_key" {
+  type = string
+  description = "(Optional) The SSH public key for SSH authentication to the MIG instances. Leave this field blank to use all project-wide pre-configured SSH keys."
+  default = ""
+}
+variable "project" {
+  type = string
+  description = "Personal project id. The project indicates the default GCP project all of your resources will be created in."
+  default = ""
+}
+variable "generate_password" {
+  type = bool
+  description = "Automatically generate an administrator password."
+  default = false
+}
+variable "sic_key" {
+  type = string
+  description = "The Secure Internal Communication one time secret used to set up trust between the cluster object and the management server. At least 8 alpha numeric characters. If SIC is not provided and needed, a key will be automatically generated"
+}
+variable "allow_upload_download" {
+  type = bool
+  description = "Allow download from/upload to Check Point."
+  default = false
+}
+variable "enable_monitoring" {
+  type = bool
+  description = "Enable Stackdriver monitoring"
+  default = false
+}
+variable "admin_shell" {
+  type = string
+  description = "Change the admin shell to enable advanced command line configuration."
+  default = "/etc/cli.sh"
+}
+variable "smart_1_cloud_token_a" {
+  type = string
+  description ="(Optional) Smart-1 cloud token for member A to connect this Gateway to Check Point's Security Management as a Service"
+  default = ""
+}
+variable "smart_1_cloud_token_b" {
+  type = string
+  description ="(Optional) Smart-1 cloud token for member B to connect this Gateway to Check Point's Security Management as a Service"
+  default = ""
+}
+variable "management_network" {
+  type = string
+  description = "Security Management Server address - The public address of the Security Management Server, in CIDR notation. If using Smart-1 Cloud management, insert 'S1C'. VPN peers addresses cannot be in this CIDR block, so this value cannot be the zero-address."
+}
+variable "generated_admin_password" {
+  type = string
+  description = "administrator password"
+}
+variable "primary_cluster_address_name" {
+  type = string
+}
+variable "secondary_cluster_address_name" {
+  type = string
+}
\ No newline at end of file
diff --git a/deprecated/terraform/gcp/R8040-R81/common/network-and-subnet/main.tf b/deprecated/terraform/gcp/R8040-R81/common/network-and-subnet/main.tf
new file mode 100644
index 00000000..7665da7c
--- /dev/null
+++ b/deprecated/terraform/gcp/R8040-R81/common/network-and-subnet/main.tf
@@ -0,0 +1,21 @@
+locals {
+  create_network_condition = var.network_cidr == "" ? false : true
+}
+
+resource "google_compute_network" "network" {
+  count = local.create_network_condition ? 1 : 0
+  name = "${var.prefix}-${var.type}"
+  auto_create_subnetworks = false
+}
+resource "google_compute_subnetwork" "subnetwork" {
+  count = local.create_network_condition ? 1 : 0
+  name = "${var.prefix}-${var.type}-subnet"
+  ip_cidr_range = var.network_cidr
+  private_ip_google_access = true
+  region = var.region
+  network = google_compute_network.network[count.index].id
+}
+data "google_compute_network" "network_name" {
+  count = local.create_network_condition ? 0 : 1
+  name = var.network_name
+}
\ No newline at end of file
diff --git a/deprecated/terraform/gcp/R8040-R81/common/network-and-subnet/output.tf b/deprecated/terraform/gcp/R8040-R81/common/network-and-subnet/output.tf
new file mode 100644
index 00000000..862f84e4
--- /dev/null
+++ b/deprecated/terraform/gcp/R8040-R81/common/network-and-subnet/output.tf
@@ -0,0 +1,18 @@
+output "new_created_network_link" {
+  value = google_compute_network.network[*].self_link
+}
+output "new_created_subnet_link" {
+  value = google_compute_subnetwork.subnetwork[*].self_link
+}
+output "existing_network_link" {
+  value = data.google_compute_network.network_name[*].self_link
+}
+output "new_created_network_name" {
+  value = google_compute_network.network[*].name
+}
+output "new_created_subnet_name" {
+  value = google_compute_subnetwork.subnetwork[*].name
+}
+output "existing_network_name" {
+  value = data.google_compute_network.network_name[*].name
+}
\ No newline at end of file
diff --git a/deprecated/terraform/gcp/R8040-R81/common/network-and-subnet/variables.tf b/deprecated/terraform/gcp/R8040-R81/common/network-and-subnet/variables.tf
new file mode 100644
index 00000000..333d4f35
--- /dev/null
+++ b/deprecated/terraform/gcp/R8040-R81/common/network-and-subnet/variables.tf
@@ -0,0 +1,27 @@
+variable "prefix" {
+  type = string
+  description = "(Optional) Resources name prefix"
+  default = "chkp-tf-ha"
+}
+variable "type" {
+  type = string
+}
+variable "network_cidr" {
+  type = string
+  description = "External subnet CIDR. If the variable's value is not empty double quotes, a new network will be created."
+  default = "10.0.0.0/24"
+}
+variable "private_ip_google_access" {
+  type = bool
+  description = "When enabled, VMs in this subnetwork without external IP addresses can access Google APIs and services by using Private Google Access."
+  default = true
+}
+variable "region" {
+  type = string
+  default = "us-central1"
+}
+variable "network_name" {
+  type = string
+  description = "External network ID in the chosen zone. The network determines what network traffic the instance can access.If you have specified a CIDR block at var.network_cidr, this network name will not be used."
+  default = ""
+}
\ No newline at end of file
diff --git a/deprecated/terraform/gcp/R8040-R81/common/startup-script.sh b/deprecated/terraform/gcp/R8040-R81/common/startup-script.sh
new file mode 100644
index 00000000..196a04e3
--- /dev/null
+++ b/deprecated/terraform/gcp/R8040-R81/common/startup-script.sh
@@ -0,0 +1,3 @@
+#cloud-config
+runcmd:
+  - 'python3 /etc/cloud_config.py generatePassword=\"${generatePassword}\" allowUploadDownload=\"${allowUploadDownload}\" templateName=\"${templateName}\" templateVersion=\"${templateVersion}\" mgmtNIC="X${mgmtNIC}X" hasInternet=\"${hasInternet}\" config_url=\"${config_url}\" config_path=\"${config_path}\" installationType="X${installationType}X" enableMonitoring=\"${enableMonitoring}\" shell=\"${shell}\" computed_sic_key=\"${computed_sic_key}\" sicKey=\"${sicKey}\" managementGUIClientNetwork=\"${managementGUIClientNetwork}\" primary_cluster_address_name=\"${primary_cluster_address_name}\" secondary_cluster_address_name=\"${secondary_cluster_address_name}\" managementNetwork=\"${managementNetwork}\" numAdditionalNICs=\"${numAdditionalNICs}\" smart1CloudToken="X${smart_1_cloud_token}X" name=\"${name}\" zone=\"${zoneConfig}\" region=\"${region}\"'
\ No newline at end of file
diff --git a/deprecated/terraform/gcp/R8040-R81/high-availability/README.md b/deprecated/terraform/gcp/R8040-R81/high-availability/README.md
new file mode 100644
index 00000000..03e9d97b
--- /dev/null
+++ b/deprecated/terraform/gcp/R8040-R81/high-availability/README.md
@@ -0,0 +1,317 @@
+# Check Point Cluster High Availability (HA) Terraform module for GCP
+
+Terraform module which deploys Check Point CloudGuard IaaS High Availability solution on GCP.
+
+These types of Terraform resources are supported:
+* [Network](https://www.terraform.io/docs/providers/google/d/compute_network.html) - conditional creation
+* [Subnetwork](https://www.terraform.io/docs/providers/google/r/compute_subnetwork.html) - conditional creation
+* [Instance](https://registry.terraform.io/providers/hashicorp/google/latest/docs/resources/compute_instance)
+* [IP address](https://registry.terraform.io/providers/hashicorp/google/latest/docs/data-sources/compute_address)
+* [Firewall](https://www.terraform.io/docs/providers/google/r/compute_firewall.html) - conditional creation
+
+
+For additional information,
+please see the [CloudGuard Network for GCP High Availability Cluster Deployment Guide](https://sc1.checkpoint.com/documents/IaaS/WebAdminGuides/EN/CP_CloudGuard_Network_for_GCP_HA_Cluster/Default.htm)
+
+This solution uses the following modules:
+- \gcp\common\network-and-subnet
+- \gcp\common\firewall-rule
+- \gcp\common\cluster-member
+- \gcp\common\members-a-b
+
+Terraform is controlled via a very easy to use command-line interface (CLI). Terraform is only a single command-line application: **terraform**. 
+
+## Before you begin
+1. Create a project in the [Google Cloud Console](https://console.cloud.google.com/) and set up billing on that project.
+2. [Install Terraform](https://learn.hashicorp.com/tutorials/terraform/install-cli) and read the Terraform getting started guide that follows. This guide will assume basic proficiency with Terraform - it is an introduction to the Google provider.
+
+## Configuring the Provider
+The **main.tf** file includes the following provider configuration block used to configure the credentials you use to authenticate with GCP, as well as a default project and location for your resources:
+```
+provider "google" {
+  credentials = file(var.service_account_path)
+  project     = var.project
+  region      = var.region
+}
+...
+```
+1. [Create a Service Account](https://cloud.google.com/docs/authentication/getting-started) (or use the existing one). Next, download the JSON key file. Name it something you can remember and store it somewhere secure on your machine. <br/>
+2. Select "Editor" Role or verify you have the following permissions:
+    ```
+    compute.addresses.create
+    compute.addresses.delete
+    compute.addresses.get
+    compute.addresses.use
+    compute.disks.create
+    compute.firewalls.create
+    compute.firewalls.delete
+    compute.firewalls.get
+    compute.images.get
+    compute.images.useReadOnly
+    compute.instances.create
+    compute.instances.delete
+    compute.instances.get
+    compute.instances.setMetadata
+    compute.instances.setServiceAccount
+    compute.instances.setTags
+    compute.networks.create
+    compute.networks.delete
+    compute.networks.get
+    compute.networks.updatePolicy
+    compute.regions.list
+    compute.subnetworks.create
+    compute.subnetworks.delete
+    compute.subnetworks.get
+    compute.subnetworks.use
+    compute.subnetworks.useExternalIp
+    compute.zones.get
+    iam.serviceAccountKeys.get
+    iam.serviceAccountKeys.list
+    iam.serviceAccounts.actAs
+    iam.serviceAccounts.get
+    iam.serviceAccounts.list
+    ```
+3. ```credentials``` - Your service account key file is used to complete a two-legged OAuth 2.0 flow to obtain access tokens to authenticate with the GCP API as needed; Terraform will use it to reauthenticate automatically when tokens expire. <br/> 
+The provider credentials can be provided either as static credentials or as [Environment Variables](https://www.terraform.io/docs/providers/google/guides/provider_reference.html#credentials-1).
+    - Static credentials can be provided by adding the path to your service-account json file, project-id and region in /gcp/modules/high-availability/**terraform.tfvars** file as follows:
+        ```
+        service_account_path = "service-accounts/service-account-file-name.json"
+        project = "project-id"
+        region = "us-central1"
+        ```
+     - In case the Environment Variables are used, perform modifications described below:<br/>
+        a. The next lines in the main.tf file, in the provider google resource, need to be deleted or commented:
+        ```
+        provider "google" {
+          //  credentials = file(var.service_account_path)
+          //  project = var.project
+       
+          region = var.region
+        }
+       ```
+       b.In the terraform.tfvars file leave empty double quotes for credentials and project variables:
+       ```
+       service_account_path = ""
+       project = ""
+       ```
+    ## Usage
+- Fill all variables in the /gcp/high-availability/**terraform.tfvars** file with proper values (see below for variables descriptions).
+- From a command line initialize the Terraform configuration directory:
+    ```
+    terraform init
+    ```
+- Create an execution plan:
+    ```
+    terraform plan
+    ```
+- Create or modify the deployment:
+    ```
+    terraform apply
+    ```
+  
+#### Variables are configured in high-availability/**terraform.tfvars** file as follows:
+```
+# --- Google Provider ---
+service_account_path = "service-accounts/service-account-file-name.json"
+project = "project-id"
+
+# --- Check Point Deployment ---
+prefix = "chkp-tf-ha"
+license = "BYOL"
+image_name = "check-point-r8110-gw-byol-cluster-335-985-v20220126"
+
+# --- Instances Configuration ---
+region = "us-central1"
+zoneA = "us-central1-a"
+zoneB = "us-central1-a"
+machine_type = "n1-standard-4"
+disk_type = "SSD Persistent Disk"
+disk_size = 100
+admin_SSH_key = "ssh-rsa xxxxxxxxxxxxxxxxxxxxxxxx imported-openssh-key"
+enable_monitoring = false
+
+# --- Check Point ---
+management_network = "209.87.209.100/32"
+sic_key = "aaaaaaaa"
+generate_password = false
+allow_upload_download = false
+admin_shell = "/bin/bash"
+
+#--- Quick connect to Smart-1 Cloud ---
+smart_1_cloud_token_a = "xxxxxxxxxxxxxxxxxxxxxxxx"
+smart_1_cloud_token_b = "xxxxxxxxxxxxxxxxxxxxxxxx"
+
+# --- Networking ---
+cluster_network_cidr = "10.0.1.0/24"
+cluster_network_name = "cluster-network"
+cluster_network_subnetwork_name = "cluster-subnetwork"
+cluster_ICMP_traffic = ["0.0.0.0/0"]
+cluster_TCP_traffic = ["0.0.0.0/0"]
+cluster_UDP_traffic = []
+cluster_SCTP_traffic = []
+cluster_ESP_traffic = []
+mgmt_network_cidr = ""
+mgmt_network_name = "mgmt-network"
+mgmt_network_subnetwork_name = "mgmt-subnetwork"
+mgmt_ICMP_traffic = []
+mgmt_TCP_traffic = []
+mgmt_UDP_traffic = []
+mgmt_SCTP_traffic = ["0.0.0.0/0"]
+mgmt_ESP_traffic = ["0.0.0.0/0"]
+num_internal_networks = 1
+internal_network1_cidr = "10.0.3.0/24"
+internal_network1_name = ""
+internal_network1_subnetwork_name = ""
+
+```
+
+- To tear down your resources:
+    ```
+    terraform destroy
+    ```
+ 
+
+## Conditional creation
+<br>1. For each network and subnet variable, you can choose whether to create a new network with a new subnet or to use an existing one.
+- If you want to create a new network and subnet, please input a subnet CIDR block for the desired new network - In this case, the network name and subnetwork name will not be used:
+```
+    cluster_network_cidr = "10.0.1.0/24"
+    cluster_network_name = "not-use"
+    cluster_network_subnetwork_name = "not-use"
+```
+- Otherwise, if you want to use existing network and subnet, please leave empty double quotes in the CIDR variable for the desired network:
+```
+    cluster_network_cidr = ""
+    cluster_network_name = "cluster-network"
+    cluster_network_subnetwork_name = "cluster-subnetwork"
+```
+<br>2. To create Firewall and allow traffic for ICMP, TCP, UDP, SCTP or/and ESP - enter list of Source IP ranges.
+<br>Please leave empty list for a protocol if you want to disable traffic for it.
+- For cluster:
+```
+    cluster_ICMP_traffic = ["123.123.0.0/24", "234.234.0.0/24"]
+    cluster_TCP_traffic = ["0.0.0.0/0"]
+    cluster_UDP_traffic = []
+    cluster_SCTP_traffic = []
+    cluster_ESP_traffic = []
+```
+- For management:
+```
+    mgmt_ICMP_traffic = ["123.123.0.0/24", "234.234.0.0/24"]
+    mgmt_TCP_traffic = ["0.0.0.0/0"]
+    mgmt_UDP_traffic = []
+    mgmt_SCTP_traffic = []
+    mgmt_ESP_traffic = []
+```
+<br>3.The cluster members will each have a network interface in each internal network and create high priority routes that will route all outgoing traffic to the cluster member that is currently active.
+<br>Using internal networks depends on the variable num_internal_networks, by selecting a number in range 1 - 6 that represents the number of internal networks:
+```
+    num_internal_networks = 3
+    internal_network1_cidr = ""
+    internal_network1_name = "internal_network1"
+    internal_network1_subnetwork_name = "internal_subnetwork1"
+    internal_network2_cidr = "10.0.4.0/24"
+    internal_network2_name = ""
+    internal_network2_subnetwork_name = ""
+    internal_network3_cidr = "10.0.5.0/24"
+    internal_network3_name = ""
+    internal_network3_subnetwork_name = ""
+```
+
+## Inputs
+| Name          | Description   | Type          | Allowed values | Default       | Required      |
+| ------------- | ------------- | ------------- | ------------- | ------------- | ------------- |
+| service_account_path | User service account path in JSON format - From the service account key page in the Cloud Console choose an existing account or create a new one. Next, download the JSON key file. Name it something you can remember, store it somewhere secure on your machine, and supply the path to the location is stored. (e.g. "service-accounts/service-account-name.json")  | string  | N/A | "" | yes |
+| project  | Personal project id. The project indicates the default GCP project all of your resources will be created in.  | string  | N/A | "" | yes |
+|  |  |  |  |  |
+| prefix | (Optional) Resources name prefix. | string | N/A | "chkp-tf-ha" | no |
+| license | Checkpoint license (BYOL or PAYG). | string | - BYOL <br/> - PAYG <br/> | "BYOL" | no |
+| image_name | The High Availability (cluster) image name (e.g. check-point-r8110-gw-byol-cluster-335-985-v20220126). You can choose the desired cluster image value from [Github](https://github.com/CheckPointSW/CloudGuardIaaS/blob/master/gcp/deployment-packages/ha-byol/images.py). | string | N/A | N/A | yes |
+|  |  |  |  |  |
+| region  | GCP region  | string  | N/A | "us-central1" | no |
+| zoneA  | Member A Zone. The zone determines what computing resources are available and where your data is stored and used.  | string  | N/A | "us-central1-a" | no |
+| zoneB  | Member B Zone.  | string  | N/A | "us-central1-a" | no |
+| machine_type | Machine types determine the specifications of your machines, such as the amount of memory, virtual cores, and persistent disk limits an instance will have. | string | N/A | "n1-standard-4" | no |
+| disk_type | Storage space is much less expensive for a standard Persistent Disk. An SSD Persistent Disk is better for random IOPS or streaming throughput with low latency. | string | - SSD Persistent Disk <br/>  - Standard Persistent Disk | "SSD Persistent Disk" | no |
+| disk_size | Disk size in GB - Persistent disk performance is tied to the size of the persistent disk volume. You are charged for the actual amount of provisioned disk space. | number | number between 100 and 4096 | 100 | no |
+| enable_monitoring | Enable Stackdriver monitoring | bool | true/false | false | no |
+|  |  |  |  |  |
+| management_network  | Security Management Server address - The public address of the Security Management Server, in CIDR notation. If using Smart-1 Cloud management, insert 'S1C'. VPN peers addresses cannot be in this CIDR block, so this value cannot be the zero-address.  | string  | N/A | N/A | yes |
+| sic_key  | The Secure Internal Communication one time secret used to set up trust between the cluster object and the management server. At least 8 alpha numeric characters. If SIC is not provided and needed, a key will be automatically generated  | string  | N/A | N/A | yes |
+| generate_password  | Automatically generate an administrator password.  | bool | true/false | false | no |
+| allow_upload_download | Automatically download Blade Contracts and other important data. Improve product experience by sending data to Check Point | bool | true/false | true | no |
+| admin_shell | Change the admin shell to enable advanced command line configuration. | string | - /etc/cli.sh <br/> - /bin/bash <br/> - /bin/csh <br/> - /bin/tcsh | "/etc/cli.sh" | no |
+| smart_1_cloud_token_a | Smart-1 Cloud token to connect ***member A*** to Check Point's Security Management as a Service. <br/><br/> Follow these instructions to quickly connect this member to Smart-1 Cloud - [SK180501](https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk180501) | string | A valid token copied from the Connect Gateway screen in Smart-1 Cloud portal.|
+| smart_1_cloud_token_b | Smart-1 Cloud token to connect ***member B*** to Check Point's Security Management as a Service. <br/><br/> Follow these instructions to quickly connect this member to Smart-1 Cloud - [SK180501](https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk180501)| string | A valid token copied from the Connect Gateway screen in Smart-1 Cloud portal.|
+| cluster_network_cidr  | Cluster external subnet CIDR. If the variable's value is not empty double quotes, a new network will be created. The Cluster public IP will be translated to a private address assigned to the active member in this external network.  | string  | N/A | "10.0.0.0/24" | no |
+| cluster_network_name  | Cluster external network ID in the chosen zone. The network determines what network traffic the instance can access.If you have specified a CIDR block at var.cluster_network_cidr, this network name will not be used.  | string  | N/A | "" | no |
+| cluster_network_subnetwork_name  | Cluster subnet ID in the chosen network. Assigns the instance an IPv4 address from the subnetwork’s range. If you have specified a CIDR block at var.cluster_network_cidr, this subnetwork will not be used. Instances in different subnetworks can communicate with each other using their internal IPs as long as they belong to the same network.  | string  | N/A | "" | no |
+| cluster_ICMP_traffic | (Optional) Source IP ranges for ICMP traffic - Traffic is only allowed from sources within these IP address ranges. Use CIDR notation when entering ranges. For gateway only. Please leave empty list to unable ICMP traffic. | list(string) | N/A | [] | no |
+| cluster_TCP_traffic | (Optional) Source IP ranges for TCP traffic - Traffic is only allowed from sources within these IP address ranges. Use CIDR notation when entering ranges. For gateway only. Please leave empty list to unable TCP traffic. | list(string) | N/A | [] | no |
+| cluster_UDP_traffic | (Optional) Source IP ranges for UDP traffic - Traffic is only allowed from sources within these IP address ranges. Use CIDR notation when entering ranges. For gateway only. Please leave empty list to unable UDP traffic. | list(string) | N/A | [] | no |
+| cluster_SCTP_traffic | (Optional) Source IP ranges for SCTP traffic - Traffic is only allowed from sources within these IP address ranges. Use CIDR notation when entering ranges. For gateway only. Please leave empty list to unable SCTP traffic. | list(string) | N/A | [] | no |
+| cluster_ESP_traffic | (Optional) Source IP ranges for ESP traffic - Traffic is only allowed from sources within these IP address ranges. Use CIDR notation when entering ranges. For gateway only. Please leave empty list to unable ESP traffic. | list(string) | N/A | [] | no |
+| mgmt_network_cidr  | Management external subnet CIDR. If the variable's value is not empty double quotes, a new network will be created. The public IP used to manage each member will be translated to a private address in this external network.  | string  | N/A | "10.0.1.0/24" | no |
+| mgmt_network_name  | Management network ID in the chosen zone. The network determines what network traffic the instance can access. If you have specified a CIDR block at var.mgmt_network_cidr, this network name will not be used.  | string  | N/A | "" | no |
+| mgmt_network_subnetwork_name  | Management subnet ID in the chosen network. Assigns the instance an IPv4 address from the subnetwork’s range. If you have specified a CIDR block at var.mgmt_network_cidr, this subnetwork will not be used. Instances in different subnetworks can communicate with each other using their internal IPs as long as they belong to the same network.  | string  | N/A | "" | no |
+| mgmt_ICMP_traffic | (Optional) Source IP ranges for ICMP traffic - Traffic is only allowed from sources within these IP address ranges. Use CIDR notation when entering ranges. For gateway all ports are allowed. For management allowed ports are: 257,18191,18210,18264,22,443,18190,19009. Please leave empty list to unable ICMP traffic. | list(string) | N/A | [] | no |
+| mgmt_TCP_traffic | (Optional) Source IP ranges for TCP traffic - Traffic is only allowed from sources within these IP address ranges. Use CIDR notation when entering ranges. For gateway all ports are allowed. For management allowed ports are: 257,18191,18210,18264,22,443,18190,19009. Please leave empty list to unable TCP traffic. | list(string) | N/A | [] | no |
+| mgmt_UDP_traffic | (Optional) Source IP ranges for UDP traffic - Traffic is only allowed from sources within these IP address ranges. Use CIDR notation when entering ranges. For gateway all ports are allowed. For management allowed ports are: 257,18191,18210,18264,22,443,18190,19009. Please leave empty list to unable SCTP traffic. | list(string) | N/A | [] | no |
+| mgmt_SCTP_traffic | (Optional) Source IP ranges for SCTP traffic - Traffic is only allowed from sources within these IP address ranges. Use CIDR notation when entering ranges. For gateway all ports are allowed. For management allowed ports are: 257,18191,18210,18264,22,443,18190,19009. Please leave empty list to unable TCP traffic. | list(string) | N/A | [] | no |
+| mgmt_ESP_traffic | (Optional) Source IP ranges for ESP traffic - Traffic is only allowed from sources within these IP address ranges. Use CIDR notation when entering ranges. For gateway all ports are allowed. For management allowed ports are: 257,18191,18210,18264,22,443,18190,19009. Please leave empty list to unable ESP traffic. | list(string) | N/A | [] | no |
+| num_internal_networks | A number in the range 1 - 6 of internal network interfaces. | number | 1 - 6 | 1 | no |
+| internal_network1_cidr  | 1st internal subnet CIDR. If the variable's value is not empty double quotes, a new subnet will be created. Assigns the cluster members an IPv4 address in this internal network.  | string  | N/A | "10.0.2.0/24" | no |
+| internal_network1_name  | 1st internal network ID in the chosen zone. The network determines what network traffic the instance can access. If you have specified a CIDR block at var.internal_network1_cidr, this network name will not be used.  | string  | N/A | "" | no |
+| internal_network1_subnetwork_name  | 1st internal subnet ID in the chosen network. Assigns the instance an IPv4 address from the subnetwork’s range. If you have specified a CIDR block at var.internal_network1_cidr, this subnetwork will not be used. Instances in different subnetworks can communicate with each other using their internal IPs as long as they belong to the same network.  | string  | N/A | "" | no |
+
+
+
+## Outputs
+| Name  | Description |
+| ------------- | ------------- |
+| cluster_new_created_network  | If a new cluster network creation is selected - the cluster network name, otherwise, an empty list. |
+| cluster_new_created_subnet  | If a new cluster network creation is selected - the cluster subnetwork name, otherwise, an empty list.  |
+| mgmt_new_created_network  | If a new management network creation is selected - the management network name, otherwise, an empty list. |
+| mgmt_new_created_subnet  | If a new management network creation is selected - the management subnetwork name, otherwise, an empty list. |
+| int_network1_new_created_network  | If a new internal network 1 creation is selected - the internal network 1 network name, otherwise, an empty list.  |
+| int_network1_new_created_subnet  | If a new internal network 1 creation is selected - the internal network 1 subnetwork name, otherwise, an empty list.  |
+| cluster_ICMP_firewall_rule  | If enable - the cluster ICMP firewall rules name, otherwise, an empty list.  |
+| cluster_TCP_firewall_rule  | If enable - the cluster TCP firewall rules name, otherwise, an empty list.  |
+| cluster_UDP_firewall_rule  | If enable - the cluster UDP firewall rules name, otherwise, an empty list.  |
+| cluster_SCTP_firewall_rule  | If enable - the cluster SCTP firewall rules name, otherwise, an empty list.  |
+| cluster_ESP_firewall_rule  | If enable - the cluster ESP firewall rules name, otherwise, an empty list.  |
+| mgmt_ICMP_firewall_rule  | If enable - the mgmt ICMP firewall rules name, otherwise, an empty list.  |
+| mgmt_TCP_firewall_rule  | If enable - the mgmt TCP firewall rules name, otherwise, an empty list.  |
+| mgmt_UDP_firewall_rule  | If enable - the mgmt UDP firewall rules name, otherwise, an empty list.  |
+| mgmt_SCTP_firewall_rule  | If enable - the mgmt SCTP firewall rules name, otherwise, an empty list. |
+| mgmt_ESP_firewall_rule  | If enable - the mgmt ESP firewall rules name, otherwise, an empty list. |
+| cluster_ip_external_address  | Primary public IP address.  |
+| admin_password  | If enable generate_password - the administrator password, otherwise, an empty list. |
+| sic_key  | The Secure Internal Communication one time secret used to set up trust between the cluster object and the management server. |
+| member_a_name  | Member A name. |
+| member_a_external_ip  | Member A external ip. |
+| member_a_zone  | Member A Zone. |
+| member_b_name  | Member B name. |
+| member_b_external_ip  | Member B external ip. |
+| member_b_zone  | Member B Zone. |
+
+## Revision History
+In order to check the template version refer to the [sk116585](https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk116585)
+
+| Template Version | Description   |
+| ---------------- | ------------- |
+| 20230209 | Added Smart-1 Cloud support. |
+| | | |
+| 20230109 | Updated startup script to use cloud-config. |
+| | | |
+| 20201208 | First release of Check Point Check Point CloudGuard IaaS High Availability Terraform solution on GCP. |
+| | | |
+|  | Addition of "template_type" parameter to "cloud-version" files. |
+| | | |
+
+## Authors
+
+
+## License
+
+This project is licensed under the MIT License - see the [LICENSE](../../../LICENSE) file for details
diff --git a/deprecated/terraform/gcp/R8040-R81/high-availability/locals.tf b/deprecated/terraform/gcp/R8040-R81/high-availability/locals.tf
new file mode 100644
index 00000000..e764ccaf
--- /dev/null
+++ b/deprecated/terraform/gcp/R8040-R81/high-availability/locals.tf
@@ -0,0 +1,106 @@
+locals {
+  license_allowed_values = [
+    "BYOL",
+    "PAYG"]
+  // will fail if [var.license] is invalid:
+  validate_license = index(local.license_allowed_values, upper(var.license))
+
+  regex_validate_image_name = "check-point-r8[0-1][1-4]0-gw-(byol|payg)-cluster-[0-9]{3}-([0-9]{3,}|[a-z]+)-v[0-9]{8,}"
+  // will fail if the image name is not in the right syntax
+  validate_image_name = length(regexall(local.regex_validate_image_name, var.image_name)) > 0 ? 0 : index(split("-", var.image_name), "INVALID IMAGE NAME")
+
+  split_zoneA = split("-", var.zoneA)
+  split_zoneB = split("-", var.zoneB)
+  // will fail if the var.zoneA and var.zoneB are not at the same region:
+  validate_zones = index(local.split_zoneA, local.split_zoneB[0]) == local.split_zoneA[0] && index(local.split_zoneA, local.split_zoneB[1]) == local.split_zoneA[0] ? 0 : "var.zoneA and var.zoneB are not at the same region"
+
+  regex_valid_management_network = "^((25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\\.){3}(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)(/(3[0-2]|2[0-9]|1[0-9]|[0-9]))|(S1C)$"
+  // Will fail if var.management_network is invalid
+  regex_management_network = regex(local.regex_valid_management_network, var.management_network) == var.management_network ? 0 : "Variable [management_network] must be a valid address in CIDR notation or 'S1C'."
+
+  regex_valid_network_cidr = "^((25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\\.){3}(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)(/(3[0-2]|2[0-9]|1[0-9]|[0-9]))|$"
+
+  // Will fail if var.cluster_network_cidr is invalid
+  regex_cluster_network_cidr = regex(local.regex_valid_network_cidr, var.cluster_network_cidr) == var.cluster_network_cidr ? 0 : "Variable [cluster_network_cidr] must be a valid address in CIDR notation."
+  // Will fail if var.mgmt_network_cidr is invalid
+  regex_mgmt_network_cidr = regex(local.regex_valid_network_cidr, var.mgmt_network_cidr) == var.mgmt_network_cidr ? 0 : "Variable [mgmt_network_cidr] must be a valid address in CIDR notation."
+  // Will fail if var.internal_network1_cidr is invalid
+  regex_internal_network1_cidr = regex(local.regex_valid_network_cidr, var.internal_network1_cidr) == var.internal_network1_cidr ? 0 : "Variable [internal_network1_cidr] must be a valid address in CIDR notation."
+
+  disk_type_allowed_values = [
+    "SSD Persistent Disk",
+    "Standard Persistent Disk"]
+  // Will fail if var.disk_type is invalid
+  validate_disk_type = index(local.disk_type_allowed_values, var.disk_type)
+
+  admin_shell_allowed_values = [
+    "/etc/cli.sh",
+    "/bin/bash",
+    "/bin/csh",
+    "/bin/tcsh"]
+  // Will fail if var.admin_shell is invalid
+  validate_admin_shell = index(local.admin_shell_allowed_values, var.admin_shell)
+
+  // Will fail if var.cluster_network_name or var.cluster_network_subnetwork_name are empty double quotes in case of use existing network.
+  validate_cluster_network = var.cluster_network_cidr == "" && var.cluster_network_name == "" ? index("error:", "using existing cluster network - cluster network name is missing") : 0
+  validate_cluster_subnet = var.cluster_network_cidr == "" && var.cluster_network_subnetwork_name == "" ? index("error:", "using existing cluster network - cluster subnetwork name is missing") : 0
+
+  // Will fail if var.mgmt_network_name or var.mgmt_network_subnetwork_name are empty double quotes in case of use existing network.
+  validate_mgmt_network = var.mgmt_network_cidr == "" && var.mgmt_network_name == "" ? index("error:", "using existing mgmt network - mgmt network name is missing") : 0
+  validate_mgmt_subnet = var.mgmt_network_cidr == "" && var.mgmt_network_subnetwork_name == "" ? index("error:", "using existing mgmt network - mgmt subnetwork name is missing") : 0
+
+  // Will fail if var.internal_network1_name or var.internal_network1_subnetwork_name are empty double quotes in case of use existing network.
+  validate_internal_network1 = var.internal_network1_cidr == "" && var.internal_network1_name == "" ? index("error:", "using existing network1 - internal network1 name is missing") : 0
+  validate_internal_network1_subnet = var.internal_network1_cidr == "" && var.internal_network1_subnetwork_name == "" ? ("using existing network1 - internal network1 subnet name is missing") : 0
+
+  // Will fail if var.internal_network2_name or var.internal_network2_subnetwork_name are empty double quotes in case of use existing network.
+  validate_internal_network2 = var.num_internal_networks >= 2 && var.internal_network2_cidr == "" && var.internal_network2_name == "" ? index("error:", "using existing network2 - internal network2 name is missing") : 0
+  validate_internal_network2_subnet = var.num_internal_networks >= 2 && var.internal_network2_cidr == "" && var.internal_network2_subnetwork_name == "" ? index("error:", "using existing network2 - internal network2 subnet name is missing") : 0
+
+  // Will fail if var.internal_network3_name or var.internal_network3_subnetwork_name are empty double quotes in case of use existing network.
+  validate_internal_network3 = var.num_internal_networks >= 3 && var.internal_network3_cidr == "" && var.internal_network3_name == "" ? index("error:", "using existing network3 - internal network3 name is missing") : 0
+  validate_internal_network3_subnet = var.num_internal_networks >= 3 && var.internal_network3_cidr == "" && var.internal_network3_subnetwork_name == "" ? index("error:", "using existing network3 - internal network3 subnet name is missing") : 0
+
+  // Will fail if var.internal_network4_name or var.internal_network4_subnetwork_name are empty double quotes in case of use existing network.
+  validate_internal_network4 = var.num_internal_networks >= 4 && var.internal_network4_cidr == "" && var.internal_network4_name == "" ? index("error:", "using existing network4 - internal network4 name is missing") : 0
+  validate_internal_network4_subnet = var.num_internal_networks >= 4 && var.internal_network4_cidr == "" && var.internal_network4_subnetwork_name == "" ? index("error:", "using existing network4 - internal network4 subnet name is missing") : 0
+
+  // Will fail if var.internal_network5_name or var.internal_network5_subnetwork_name are empty double quotes in case of use existing network.
+  validate_internal_network5 = var.num_internal_networks >= 5 && var.internal_network5_cidr == "" && var.internal_network5_name == "" ? index("error:", "using existing network5 - internal network5 name is missing") : 0
+  validate_internal_network5_subnet = var.num_internal_networks >= 5 && var.internal_network5_cidr == "" && var.internal_network5_subnetwork_name == "" ? index("error:", "using existing network5 - internal network5 subnet name is missing") : 0
+
+  // Will fail if var.internal_network6_name or var.internal_network6_subnetwork_name are empty double quotes in case of use existing network.
+  validate_internal_network6 = var.num_internal_networks >= 6 && var.internal_network6_cidr == "" && var.internal_network6_name == "" ? index("error:", "using existing network6 - internal network6 name is missing") : 0
+  validate_internal_network6_subnet = var.num_internal_networks >= 6 && var.internal_network6_cidr == "" && var.internal_network6_subnetwork_name == "" ? index("error:", "using existing network6 - internal network6 subnet name is missing") : 0
+
+
+  regex_valid_admin_SSH_key = "^(^$|ssh-rsa AAAA[0-9A-Za-z+/]+[=]{0,3})"
+  // Will fail if var.admin_SSH_key is invalid
+  regex_admin_SSH_key = regex(local.regex_valid_admin_SSH_key, var.admin_SSH_key) == var.admin_SSH_key ? 0 : "Please enter a valid SSH public key or leave empty"
+
+  regex_valid_sic_key = "^([a-z0-9A-Z]{8,30})$"
+  // Will fail if var.sic_key is invalid
+  regex_sic_key = regex(local.regex_valid_sic_key, var.sic_key) == var.sic_key ? 0 : "Variable [sic_key] must be at least 8 alpha numeric characters."
+
+
+
+
+  create_cluster_network_condition = var.cluster_network_cidr == "" ? false : true
+  create_mgmt_network_condition = var.mgmt_network_cidr == "" ? false : true
+  create_internal_network1_condition = var.internal_network1_cidr == "" ? false : true
+  create_internal_network2_condition = var.internal_network2_cidr == "" && var.num_internal_networks >= 2 ? false : true
+  create_internal_network3_condition = var.internal_network3_cidr == "" && var.num_internal_networks >= 3 ? false : true
+  create_internal_network4_condition = var.internal_network4_cidr == "" && var.num_internal_networks >= 4 ? false : true
+  create_internal_network5_condition = var.internal_network5_cidr == "" && var.num_internal_networks >= 5 ? false : true
+  create_internal_network6_condition = var.internal_network6_cidr == "" && var.num_internal_networks == 6 ? false : true
+  cluster_ICMP_traffic_condition = length(var.cluster_ICMP_traffic) == 0 ? 0 : 1
+  cluster_TCP_traffic_condition = length(var.cluster_TCP_traffic) == 0 ? 0 : 1
+  cluster_UDP_traffic_condition = length(var.cluster_UDP_traffic) == 0 ? 0 : 1
+  cluster_SCTP_traffic_condition = length(var.cluster_SCTP_traffic) == 0 ? 0 : 1
+  cluster_ESP_traffic_condition = length(var.cluster_ESP_traffic) == 0 ? 0 : 1
+  mgmt_ICMP_traffic_condition = length(var.mgmt_ICMP_traffic) == 0 ? 0 : 1
+  mgmt_TCP_traffic_condition = length(var.mgmt_TCP_traffic) == 0 ? 0 : 1
+  mgmt_UDP_traffic_condition = length(var.mgmt_UDP_traffic) == 0 ? 0 : 1
+  mgmt_SCTP_traffic_condition = length(var.mgmt_SCTP_traffic) == 0 ? 0 : 1
+  mgmt_ESP_traffic_condition = length(var.mgmt_ESP_traffic) == 0 ? 0 : 1
+}
\ No newline at end of file
diff --git a/deprecated/terraform/gcp/R8040-R81/high-availability/main.tf b/deprecated/terraform/gcp/R8040-R81/high-availability/main.tf
new file mode 100644
index 00000000..821d3542
--- /dev/null
+++ b/deprecated/terraform/gcp/R8040-R81/high-availability/main.tf
@@ -0,0 +1,250 @@
+provider "google" {
+  credentials = file(var.service_account_path)
+  project = var.project
+  region = var.region
+}
+
+resource "random_string" "random_string" {
+  length = 5
+  special = false
+  upper = false
+  keepers = {}
+}
+
+module "cluster_network_and_subnet" {
+  source = "../common/network-and-subnet"
+
+  prefix = "${var.prefix}-${random_string.random_string.result}"
+  type = "cluster"
+  network_cidr = var.cluster_network_cidr
+  private_ip_google_access = true
+  region = var.region
+  network_name = var.cluster_network_name
+}
+module "cluster_ICMP_firewall_rules" {
+  count = local.cluster_ICMP_traffic_condition
+  source = "../common/firewall-rule"
+
+  protocol = "icmp"
+  source_ranges = var.cluster_ICMP_traffic
+  rule_name = "${var.prefix}-cluster-icmp-${random_string.random_string.result}"
+  network = local.create_cluster_network_condition ? module.cluster_network_and_subnet.new_created_network_link : module.cluster_network_and_subnet.existing_network_link
+}
+module "cluster_TCP_firewall_rules" {
+  count = local.cluster_TCP_traffic_condition
+  source = "../common/firewall-rule"
+
+  protocol = "tcp"
+  source_ranges = var.cluster_TCP_traffic
+  rule_name = "${var.prefix}-cluster-tcp-${random_string.random_string.result}"
+  network = local.create_cluster_network_condition ? module.cluster_network_and_subnet.new_created_network_link : module.cluster_network_and_subnet.existing_network_link
+}
+module "cluster_UDP_firewall_rules" {
+  count = local.cluster_UDP_traffic_condition
+  source = "../common/firewall-rule"
+
+  protocol = "udp"
+  source_ranges = var.cluster_UDP_traffic
+  rule_name = "${var.prefix}-cluster-udp-${random_string.random_string.result}"
+  network = local.create_cluster_network_condition ? module.cluster_network_and_subnet.new_created_network_link : module.cluster_network_and_subnet.existing_network_link
+}
+module "cluster_SCTP_firewall_rules" {
+  count = local.cluster_SCTP_traffic_condition
+  source = "../common/firewall-rule"
+
+  protocol = "sctp"
+  source_ranges = var.cluster_SCTP_traffic
+  rule_name = "${var.prefix}-cluster-sctp-${random_string.random_string.result}"
+  network = local.create_cluster_network_condition ? module.cluster_network_and_subnet.new_created_network_link : module.cluster_network_and_subnet.existing_network_link
+}
+module "cluster_ESP_firewall_rules" {
+  count = local.cluster_ESP_traffic_condition
+  source = "../common/firewall-rule"
+
+  protocol = "esp"
+  source_ranges = var.cluster_ESP_traffic
+  rule_name = "${var.prefix}-cluster-esp-${random_string.random_string.result}"
+  network = local.create_cluster_network_condition ? module.cluster_network_and_subnet.new_created_network_link : module.cluster_network_and_subnet.existing_network_link
+}
+
+module "mgmt_network_and_subnet" {
+  source = "../common/network-and-subnet"
+
+  prefix = "${var.prefix}-${random_string.random_string.result}"
+  type = "mgmt"
+  network_cidr = var.mgmt_network_cidr
+  private_ip_google_access = false
+  region = var.region
+  network_name = var.mgmt_network_name
+}
+module "mgmt_ICMP_firewall_rules" {
+  count = local.mgmt_ICMP_traffic_condition
+  source = "../common/firewall-rule"
+
+  protocol = "icmp"
+  source_ranges = var.mgmt_ICMP_traffic
+  rule_name = "${var.prefix}-mgmt-icmp-${random_string.random_string.result}"
+  network = local.create_mgmt_network_condition ? module.mgmt_network_and_subnet.new_created_network_link : module.mgmt_network_and_subnet.existing_network_link
+}
+module "mgmt_TCP_firewall_rules" {
+  count = local.mgmt_TCP_traffic_condition
+  source = "../common/firewall-rule"
+
+  protocol = "tcp"
+  source_ranges = var.mgmt_TCP_traffic
+  rule_name = "${var.prefix}-mgmt-tcp-${random_string.random_string.result}"
+  network = local.create_mgmt_network_condition ? module.mgmt_network_and_subnet.new_created_network_link : module.mgmt_network_and_subnet.existing_network_link
+}
+module "mgmt_UDP_firewall_rules" {
+  count = local.mgmt_UDP_traffic_condition
+  source = "../common/firewall-rule"
+
+  protocol = "udp"
+  source_ranges = var.mgmt_UDP_traffic
+  rule_name = "${var.prefix}-mgmt-udp-${random_string.random_string.result}"
+  network = local.create_mgmt_network_condition ? module.mgmt_network_and_subnet.new_created_network_link : module.mgmt_network_and_subnet.existing_network_link
+}
+module "mgmt_SCTP_firewall_rules" {
+  count = local.mgmt_SCTP_traffic_condition
+  source = "../common/firewall-rule"
+
+  protocol = "sctp"
+  source_ranges = var.mgmt_SCTP_traffic
+  rule_name = "${var.prefix}-mgmt-sctp-${random_string.random_string.result}"
+  network = local.create_mgmt_network_condition ? module.mgmt_network_and_subnet.new_created_network_link : module.mgmt_network_and_subnet.existing_network_link
+}
+module "mgmt_ESP_firewall_rules" {
+  count = local.mgmt_ESP_traffic_condition
+  source = "../common/firewall-rule"
+
+  protocol = "esp"
+  source_ranges = var.mgmt_ESP_traffic
+  rule_name = "${var.prefix}-mgmt-esp-${random_string.random_string.result}"
+  network = local.create_mgmt_network_condition ? module.mgmt_network_and_subnet.new_created_network_link : module.mgmt_network_and_subnet.existing_network_link
+}
+
+module "internal_network1_and_subnet" {
+  source = "../common/network-and-subnet"
+
+  prefix = "${var.prefix}-${random_string.random_string.result}"
+  type = "internal-network1"
+  network_cidr = var.internal_network1_cidr
+  private_ip_google_access = false
+  region = var.region
+  network_name = var.internal_network1_name
+}
+
+module "internal_network2_and_subnet" {
+  count = var.num_internal_networks < 2 ? 0 : 1
+  source = "../common/network-and-subnet"
+
+  prefix = "${var.prefix}-${random_string.random_string.result}"
+  type = "internal-network2"
+  network_cidr = var.internal_network2_cidr
+  private_ip_google_access = false
+  region = var.region
+  network_name = var.internal_network2_name
+}
+
+module "internal_network3_and_subnet" {
+  count = var.num_internal_networks < 3 ? 0 : 1
+  source = "../common/network-and-subnet"
+
+  prefix = "${var.prefix}-${random_string.random_string.result}"
+  type = "internal-network3"
+  network_cidr = var.internal_network3_cidr
+  private_ip_google_access = false
+  region = var.region
+  network_name = var.internal_network3_name
+}
+
+module "internal_network4_and_subnet" {
+  count = var.num_internal_networks < 4 ? 0 : 1
+  source = "../common/network-and-subnet"
+
+  prefix = "${var.prefix}-${random_string.random_string.result}"
+  type = "internal-network4"
+  network_cidr = var.internal_network4_cidr
+  private_ip_google_access = false
+  region = var.region
+  network_name = var.internal_network4_name
+}
+
+module "internal_network5_and_subnet" {
+  count = var.num_internal_networks < 5 ? 0 : 1
+  source = "../common/network-and-subnet"
+
+  prefix = "${var.prefix}-${random_string.random_string.result}"
+  type = "internal-network5"
+  network_cidr = var.internal_network5_cidr
+  private_ip_google_access = false
+  region = var.region
+  network_name = var.internal_network5_name
+}
+
+module "internal_network6_and_subnet" {
+  count = var.num_internal_networks < 6 ? 0 : 1
+  source = "../common/network-and-subnet"
+
+  prefix = "${var.prefix}-${random_string.random_string.result}"
+  type = "internal-network6"
+  network_cidr = var.internal_network6_cidr
+  private_ip_google_access = false
+  region = var.region
+  network_name = var.internal_network6_name
+}
+resource "google_compute_address" "primary_cluster_ip_ext_address" {
+  name = "${var.prefix}-primary-cluster-address-${random_string.random_string.result}"
+  region = var.region
+}
+resource "google_compute_address" "secondary_cluster_ip_ext_address" {
+  name = "${var.prefix}-secondary-cluster-address-${random_string.random_string.result}"
+  region = var.region
+}
+resource "random_string" "generated_password" {
+  length = 12
+  special = false
+}
+
+module "members_a_b" {
+  source = "../common/members-a-b"
+
+  prefix = "${var.prefix}-${random_string.random_string.result}"
+  region = var.region
+  zoneA = var.zoneA
+  zoneB = var.zoneB
+  machine_type = var.machine_type
+  disk_size = var.disk_size
+  disk_type = var.disk_type
+  image_name = "checkpoint-public/${var.image_name}"
+  cluster_network = local.create_cluster_network_condition ? module.cluster_network_and_subnet.new_created_network_link : module.cluster_network_and_subnet.existing_network_link
+  cluster_network_subnetwork = local.create_cluster_network_condition ? module.cluster_network_and_subnet.new_created_subnet_link : [var.cluster_network_subnetwork_name]
+  mgmt_network = local.create_mgmt_network_condition ? module.mgmt_network_and_subnet.new_created_network_link : module.mgmt_network_and_subnet.existing_network_link
+  mgmt_network_subnetwork = local.create_mgmt_network_condition ? module.mgmt_network_and_subnet.new_created_subnet_link : [var.mgmt_network_subnetwork_name]
+  num_internal_networks = var.num_internal_networks
+  internal_network1_network = local.create_internal_network1_condition ? module.internal_network1_and_subnet.new_created_network_link : [var.internal_network1_name]
+  internal_network1_subnetwork = local.create_internal_network1_condition ? module.internal_network1_and_subnet.new_created_subnet_link : [var.internal_network1_subnetwork_name]
+  internal_network2_network = var.num_internal_networks < 2 ? [] : local.create_internal_network2_condition ? module.internal_network2_and_subnet[0].new_created_network_link : [var.internal_network2_name]
+  internal_network2_subnetwork = var.num_internal_networks < 2 ? [] : local.create_internal_network2_condition ? module.internal_network2_and_subnet[0].new_created_subnet_link : [var.internal_network2_subnetwork_name]
+  internal_network3_network = var.num_internal_networks < 3 ? [] : local.create_internal_network3_condition ? module.internal_network3_and_subnet[0].new_created_network_link : [var.internal_network3_name]
+  internal_network3_subnetwork = var.num_internal_networks < 3 ? [] : local.create_internal_network3_condition ? module.internal_network3_and_subnet[0].new_created_subnet_link : [var.internal_network3_subnetwork_name]
+  internal_network4_network = var.num_internal_networks < 4 ? [] : local.create_internal_network4_condition ? module.internal_network4_and_subnet[0].new_created_network_link : [var.internal_network4_name]
+  internal_network4_subnetwork = var.num_internal_networks < 4 ? [] : local.create_internal_network4_condition ? module.internal_network4_and_subnet[0].new_created_subnet_link : [var.internal_network4_subnetwork_name]
+  internal_network5_network = var.num_internal_networks < 5 ? [] : local.create_internal_network5_condition ? module.internal_network5_and_subnet[0].new_created_network_link : [var.internal_network5_name]
+  internal_network5_subnetwork = var.num_internal_networks < 5 ? [] : local.create_internal_network5_condition ? module.internal_network5_and_subnet[0].new_created_subnet_link : [var.internal_network5_subnetwork_name]
+  internal_network6_network = var.num_internal_networks < 6 ? [] : local.create_internal_network6_condition ? module.internal_network6_and_subnet[0].new_created_network_link : [var.internal_network6_name]
+  internal_network6_subnetwork = var.num_internal_networks < 6 ? [] : local.create_internal_network6_condition ? module.internal_network6_and_subnet[0].new_created_subnet_link : [var.internal_network6_subnetwork_name]
+  admin_SSH_key = var.admin_SSH_key
+  generated_admin_password = var.generate_password ? random_string.generated_password.result : ""
+  project = var.project
+  generate_password = var.generate_password
+  sic_key = var.sic_key
+  allow_upload_download = var.allow_upload_download
+  enable_monitoring = var.enable_monitoring
+  admin_shell = var.admin_shell
+  management_network = var.management_network
+  primary_cluster_address_name = google_compute_address.primary_cluster_ip_ext_address.name
+  secondary_cluster_address_name = google_compute_address.secondary_cluster_ip_ext_address.name
+  smart_1_cloud_token_a = var.smart_1_cloud_token_a
+  smart_1_cloud_token_b = var.smart_1_cloud_token_b
+}
\ No newline at end of file
diff --git a/deprecated/terraform/gcp/R8040-R81/high-availability/output.tf b/deprecated/terraform/gcp/R8040-R81/high-availability/output.tf
new file mode 100644
index 00000000..12009d32
--- /dev/null
+++ b/deprecated/terraform/gcp/R8040-R81/high-availability/output.tf
@@ -0,0 +1,117 @@
+output "cluster_new_created_network" {
+  value = module.cluster_network_and_subnet.new_created_network_name
+}
+output "cluster_new_created_subnet" {
+  value = module.cluster_network_and_subnet.new_created_subnet_name
+}
+
+output "mgmt_new_created_network" {
+  value = module.mgmt_network_and_subnet.new_created_network_name
+}
+output "mgmt_new_created_subnet" {
+  value = module.mgmt_network_and_subnet.new_created_subnet_name
+}
+
+output "int_network1_new_created_network" {
+  value = module.internal_network1_and_subnet.new_created_network_name
+}
+output "int_network1_new_created_subnet" {
+  value = module.internal_network1_and_subnet.new_created_subnet_name
+}
+
+output "int_network2_new_created_network" {
+  value = module.internal_network2_and_subnet[*].new_created_network_name
+}
+output "int_network2_new_created_subnet" {
+  value = module.internal_network2_and_subnet[*].new_created_subnet_name
+}
+
+output "int_network3_new_created_network" {
+  value = module.internal_network3_and_subnet[*].new_created_network_name
+}
+output "int_network3_new_created_subnet" {
+  value = module.internal_network3_and_subnet[*].new_created_subnet_name
+}
+
+output "int_network4_new_created_network" {
+  value = module.internal_network4_and_subnet[*].new_created_network_name
+}
+output "int_network4_new_created_subnet" {
+  value = module.internal_network4_and_subnet[*].new_created_subnet_name
+}
+
+output "int_network5_new_created_network" {
+  value = module.internal_network5_and_subnet[*].new_created_network_name
+}
+output "int_network5_new_created_subnet" {
+  value = module.internal_network5_and_subnet[*].new_created_subnet_name
+}
+
+output "int_network6_new_created_network" {
+  value = module.internal_network6_and_subnet[*].new_created_network_name
+}
+output "int_network6_new_created_subnet" {
+  value = module.internal_network6_and_subnet[*].new_created_subnet_name
+}
+
+output "cluster_ICMP_firewall_rule" {
+  value = module.cluster_ICMP_firewall_rules[*].firewall_rule_name
+}
+output "cluster_TCP_firewall_rule" {
+  value = module.cluster_TCP_firewall_rules[*].firewall_rule_name
+}
+output "cluster_UDP_firewall_rule" {
+  value = module.cluster_UDP_firewall_rules[*].firewall_rule_name
+}
+output "cluster_SCTP_firewall_rule" {
+  value = module.cluster_SCTP_firewall_rules[*].firewall_rule_name
+}
+output "cluster_ESP_firewall_rule" {
+  value = module.cluster_ESP_firewall_rules[*].firewall_rule_name
+}
+
+output "mgmt_ICMP_firewall_rule" {
+  value = module.mgmt_ICMP_firewall_rules[*].firewall_rule_name
+}
+output "mgmt_TCP_firewall_rule" {
+  value = module.mgmt_TCP_firewall_rules[*].firewall_rule_name
+}
+output "mgmt_UDP_firewall_rule" {
+  value = module.mgmt_UDP_firewall_rules[*].firewall_rule_name
+}
+output "mgmt_SCTP_firewall_rule" {
+  value = module.mgmt_SCTP_firewall_rules[*].firewall_rule_name
+}
+output "mgmt_ESP_firewall_rule" {
+  value = module.mgmt_ESP_firewall_rules[*].firewall_rule_name
+}
+
+output "cluster_ip_external_address" {
+  value = google_compute_address.primary_cluster_ip_ext_address.address
+}
+output "admin_password" {
+  value = var.generate_password ? [random_string.generated_password.result] : []
+}
+output "sic_key" {
+  value = var.sic_key
+}
+
+output "member_a_name" {
+  value = module.members_a_b.member_a_name
+}
+output "member_a_external_ip" {
+  value = module.members_a_b.member_a_external_ip
+}
+output "member_a_zone" {
+  value = var.zoneA
+}
+
+output "member_b_name" {
+  value = module.members_a_b.member_b_name
+}
+output "member_b_external_ip" {
+  value = module.members_a_b.member_b_external_ip
+}
+output "member_b_zone" {
+  value = var.zoneB
+}
\ No newline at end of file
diff --git a/deprecated/terraform/gcp/R8040-R81/high-availability/terraform.tfvars b/deprecated/terraform/gcp/R8040-R81/high-availability/terraform.tfvars
new file mode 100644
index 00000000..f888479f
--- /dev/null
+++ b/deprecated/terraform/gcp/R8040-R81/high-availability/terraform.tfvars
@@ -0,0 +1,53 @@
+# --- Google Provider ---
+service_account_path                  = "PLEASE ENTER SERVICE ACCOUNT PATH"           # "service-accounts/service-account-file-name.json"
+project                               = "PLEASE ENTER PROJECT ID"                     # "project-id"
+
+# --- Check Point Deployment ---
+prefix                                = "PLEASE ENTER PREFIX"                         # "chkp-tf-ha"
+license                               = "PLEASE ENTER LICENSE"                        # "BYOL"
+image_name                            = "PLEASE ENTER IMAGE NAME"                     # "check-point-r8110-gw-byol-cluster-335-985-v20220126"
+
+# --- Instances Configuration ---
+region                                = "PLEASE ENTER REGION"                         # "us-central1"
+zoneA                                 = "PLEASE ENTER ZONE A"                         # "us-central1-a"
+zoneB                                 = "PLEASE ENTER ZONE B"                         # "us-central1-a"
+machine_type                          = "PLEASE ENTER MACHINE TYPE"                   # "n1-standard-4"
+disk_type                             = "PLEASE ENTER DISK TYPE"                      # "SSD Persistent Disk"
+disk_size                             = "PLEASE ENTER DISK SIZE"                      # 100
+admin_SSH_key                         = "PLEASE ENTER ADMIN SSH KEY"                  # "ssh-rsa xxxxxxxxxxxxxxxxxxxxxxxx imported-openssh-key"
+enable_monitoring                     = "PLEASE ENTER true OR false"                  # false
+
+# --- Check Point ---
+management_network                    = "PLEASE ENTER MANAGEMENT IP OR S1C IF USING SMART-1 CLOUD MANAGEMENT"                  # "209.87.209.100/32"
+sic_key                               = "PLEASE ENTER A SIC KEY"                      # "aaaaaaaa"
+generate_password                     = "PLEASE ENTER true or false"                  # false
+allow_upload_download                 = "PLEASE ENTER true OR false"                  # true
+admin_shell                           = "PLEASE ENTER ADMIN SHELL"                    # "/etc/cli.sh"
+
+# --- Quick connect to Smart-1 Cloud ---
+smart_1_cloud_token_a                     = "PASTE TOKEN FROM SMART-1 CLOUD PORTAL"  # ""
+smart_1_cloud_token_b                     = "PASTE TOKEN FROM SMART-1 CLOUD PORTAL"  # ""
+
+# --- Networking ---
+cluster_network_cidr                  = "PLEASE ENTER CLUSTER NETWORK CIDR"           # "10.0.1.0/24"
+cluster_network_name                  = "PLEASE ENTER CLUSTER NETWORK ID"             # "cluster-network"
+cluster_network_subnetwork_name       = "PLEASE ENTER CLUSTER SUBNETWORK ID"          # "cluster-subnetwork"
+cluster_ICMP_traffic                  = "PLEASE ENTER ICMP SOURCE IP RANGES"          # ["123.123.0.0/24", "234.234.0.0/24"]
+cluster_TCP_traffic                   = "PLEASE ENTER TCP SOURCE IP RANGES"           # ["0.0.0.0/0"]
+cluster_UDP_traffic                   = "PLEASE ENTER UDP SOURCE IP RANGES"           # []
+cluster_SCTP_traffic                  = "PLEASE ENTER SCTP SOURCE IP RANGES"          # []
+cluster_ESP_traffic                   = "PLEASE ENTER ESP SOURCE IP RANGES"           # []
+mgmt_network_cidr                     = "PLEASE ENTER MANAGEMENT NETWORK CIDR"        # ""
+mgmt_network_name                     = "PLEASE ENTER MANAGEMENT NETWORK ID"          # "mgmt-network"
+mgmt_network_subnetwork_name          = "PLEASE ENTER MANAGEMENT SUBNETWORK ID"       # "mgmt-subnetwork"
+mgmt_ICMP_traffic                     = "PLEASE ENTER ICMP SOURCE IP RANGES"          # ["123.123.0.0/24", "234.234.0.0/24"]
+mgmt_TCP_traffic                      = "PLEASE ENTER TCP SOURCE IP RANGES"           # ["0.0.0.0/0"]
+mgmt_UDP_traffic                      = "PLEASE ENTER UDP SOURCE IP RANGES"           # []
+mgmt_SCTP_traffic                     = "PLEASE ENTER SCTP SOURCE IP RANGES"          # []
+mgmt_ESP_traffic                      = "PLEASE ENTER ESP SOURCE IP RANGES"           # []
+num_internal_networks                 = "PLEASE ENTER A NUMBER OF ADDITIONAL NICS"    # 1
+internal_network1_cidr                = "PLEASE ENTER 1ST INTERNAL NETWORK CIDR"      # "10.0.3.0/24"
+internal_network1_name                = "PLEASE ENTER 1ST INTERNAL NETWORK ID"        # ""
+internal_network1_subnetwork_name     = "PLEASE ENTER INTERNAL SUBNETWORK ID"         # ""
+
+#Define internal NICs networks and subnetworks according the defined num_internal_networks value
diff --git a/deprecated/terraform/gcp/R8040-R81/high-availability/variables.tf b/deprecated/terraform/gcp/R8040-R81/high-availability/variables.tf
new file mode 100644
index 00000000..a7bede31
--- /dev/null
+++ b/deprecated/terraform/gcp/R8040-R81/high-availability/variables.tf
@@ -0,0 +1,302 @@
+# Check Point CloudGuard IaaS High Availability - Terraform Template
+
+# --- Google Provider ---
+variable "service_account_path" {
+  type = string
+  description = "User service account path in JSON format - From the service account key page in the Cloud Console choose an existing account or create a new one. Next, download the JSON key file. Name it something you can remember, store it somewhere secure on your machine, and supply the path to the location is stored."
+  default = ""
+}
+variable "project" {
+  type = string
+  description = "Personal project id. The project indicates the default GCP project all of your resources will be created in."
+  default = ""
+}
+
+# --- Check Point Deployment ---
+variable "prefix" {
+  type = string
+  description = "(Optional) Resources name prefix"
+  default = "chkp-tf-ha"
+}
+variable "license" {
+  type = string
+  description = "Checkpoint license (BYOL or PAYG)."
+  default = "BYOL"
+}
+variable "image_name" {
+  type = string
+  description = "The High Availability (cluster) image name (e.g. check-point-r8110-gw-byol-cluster-335-985-v20220126). You can choose the desired cluster image value from: https://github.com/CheckPointSW/CloudGuardIaaS/blob/master/gcp/deployment-packages/ha-byol/images.py"
+}
+
+# --- Instances Configuration ---
+data "google_compute_regions" "available_regions" {
+}
+variable "region" {
+  type = string
+  default = "us-central1"
+}
+variable "zoneA" {
+  type = string
+  description = "Member A Zone. The zone determines what computing resources are available and where your data is stored and used."
+  default = "us-central1-a"
+}
+variable "zoneB" {
+  type = string
+  description = "Member B Zone."
+  default = "us-central1-a"
+}
+variable "machine_type" {
+  type = string
+  description = "Machine types determine the specifications of your machines, such as the amount of memory, virtual cores, and persistent disk limits an instance will have."
+  default = "n1-standard-4"
+}
+variable "disk_type" {
+  type = string
+  description = "Storage space is much less expensive for a standard Persistent Disk. An SSD Persistent Disk is better for random IOPS or streaming throughput with low latency."
+  default = "SSD Persistent Disk"
+}
+variable "disk_size" {
+  type = number
+  description = "Disk size in GB - Persistent disk performance is tied to the size of the persistent disk volume. You are charged for the actual amount of provisioned disk space."
+  default = 100
+}
+variable "admin_SSH_key" {
+  type = string
+  description = "(Optional) The SSH public key for SSH authentication to the MIG instances. Leave this field blank to use all project-wide pre-configured SSH keys."
+  default = ""
+}
+variable "enable_monitoring" {
+  type = bool
+  description = "Enable Stackdriver monitoring"
+  default = false
+}
+
+# --- Check Point ---
+variable "management_network" {
+  type = string
+  description = "Security Management Server address - The public address of the Security Management Server, in CIDR notation. If using Smart-1 Cloud management, insert 'S1C'. VPN peers addresses cannot be in this CIDR block, so this value cannot be the zero-address."
+  validation {
+    condition = var.management_network != "0.0.0.0/0"
+    error_message = "Var.management_network value cannot be the zero-address."
+  }
+}
+resource "null_resource" "validate_mgmt_network_if_required" {
+  count = var.smart_1_cloud_token_a == "" && var.management_network == "S1C" ? "Public address of the Security Management Server is required" : 0
+}
+variable "sic_key" {
+  type = string
+  description = "The Secure Internal Communication one time secret used to set up trust between the cluster object and the management server. At least 8 alpha numeric characters. If SIC is not provided and needed, a key will be automatically generated"
+}
+variable "generate_password" {
+  type = bool
+  description = "Automatically generate an administrator password."
+  default = false
+}
+variable "allow_upload_download" {
+  type = bool
+  description = "Allow download from/upload to Check Point."
+  default = false
+}
+variable "admin_shell" {
+  type = string
+  description = "Change the admin shell to enable advanced command line configuration."
+  default = "/etc/cli.sh"
+}
+# --- Quick connect to Smart-1 Cloud ---
+variable "smart_1_cloud_token_a" {
+  type = string
+  description ="(Optional) Smart-1 cloud token for member A to connect this Gateway to Check Point's Security Management as a Service"
+  default = ""
+}
+variable "smart_1_cloud_token_b" {
+  type = string
+  description ="(Optional) Smart-1 cloud token for member B to connect this Gateway to Check Point's Security Management as a Service"
+  default = ""
+}
+
+resource "null_resource" "validate_both_tokens" {
+  count = (var.smart_1_cloud_token_a != "" && var.smart_1_cloud_token_b != "") || (var.smart_1_cloud_token_a == "" && var.smart_1_cloud_token_b == "") ? 0 : "To connect to Smart-1 Cloud, you must provide two tokens (one per member)"
+}
+resource "null_resource" "validate_different_tokens" {
+  count = var.smart_1_cloud_token_a != "" && var.smart_1_cloud_token_a == var.smart_1_cloud_token_b ? "To connect to Smart-1 Cloud, you must provide two different tokens" : 0
+}
+# --- Networking ---
+variable "cluster_network_cidr" {
+  type = string
+  description = "Cluster external subnet CIDR. If the variable's value is not empty double quotes, a new network will be created. The Cluster public IP will be translated to a private address assigned to the active member in this external network."
+  default = "10.0.0.0/24"
+}
+variable "cluster_network_name" {
+  type = string
+  description = "Cluster external network ID in the chosen zone. The network determines what network traffic the instance can access.If you have specified a CIDR block at var.cluster_network_cidr, this network name will not be used."
+  default = ""
+}
+variable "cluster_network_subnetwork_name" {
+  type = string
+  description = "Cluster subnet ID in the chosen network. Assigns the instance an IPv4 address from the subnetwork’s range. If you have specified a CIDR block at var.cluster_network_cidr, this subnetwork will not be used. Instances in different subnetworks can communicate with each other using their internal IPs as long as they belong to the same network."
+  default = ""
+}
+variable "cluster_ICMP_traffic" {
+  type = list(string)
+  description = "(Optional) Source IP ranges for ICMP traffic - Traffic is only allowed from sources within these IP address ranges. Use CIDR notation when entering ranges. For gateway only. Please leave empty list to unable ICMP traffic."
+  default = []
+}
+variable "cluster_TCP_traffic" {
+  type = list(string)
+  description = "(Optional) Source IP ranges for TCP traffic - Traffic is only allowed from sources within these IP address ranges. Use CIDR notation when entering ranges. For gateway only. Please leave empty list to unable TCP traffic."
+  default = []
+}
+variable "cluster_UDP_traffic" {
+  type = list(string)
+  description = "(Optional) Source IP ranges for UDP traffic - Traffic is only allowed from sources within these IP address ranges. Use CIDR notation when entering ranges. For gateway only. Please leave empty list to unable UDP traffic."
+  default = []
+}
+variable "cluster_SCTP_traffic" {
+  type = list(string)
+  description = "(Optional) Source IP ranges for SCTP traffic - Traffic is only allowed from sources within these IP address ranges. Use CIDR notation when entering ranges. For gateway only. Please leave empty list to unable SCTP traffic."
+  default = []
+}
+variable "cluster_ESP_traffic" {
+  type = list(string)
+  description = "(Optional) Source IP ranges for ESP traffic - Traffic is only allowed from sources within these IP address ranges. Use CIDR notation when entering ranges. For gateway only. Please leave empty list to unable ESP traffic."
+  default = []
+}
+variable "mgmt_network_cidr" {
+  type = string
+  description = "Management external subnet CIDR. If the variable's value is not empty double quotes, a new network will be created. The public IP used to manage each member will be translated to a private address in this external network"
+  default = "10.0.1.0/24"
+}
+variable "mgmt_network_name" {
+  type = string
+  description = "Management network ID in the chosen zone. The network determines what network traffic the instance can access. If you have specified a CIDR block at var.mgmt_network_cidr, this network name will not be used. "
+  default = ""
+}
+variable "mgmt_network_subnetwork_name" {
+  type = string
+  description = "Management subnet ID in the chosen network. Assigns the instance an IPv4 address from the subnetwork’s range. If you have specified a CIDR block at var.mgmt_network_cidr, this subnetwork will not be used. Instances in different subnetworks can communicate with each other using their internal IPs as long as they belong to the same network."
+  default = ""
+}
+variable "mgmt_ICMP_traffic" {
+  type = list(string)
+  description = "(Optional) Source IP ranges for ICMP traffic - Traffic is only allowed from sources within these IP address ranges. Use CIDR notation when entering ranges. For gateway all ports are allowed. For management allowed ports are: 257,18191,18210,18264,22,443,18190,19009. Please leave empty list to unable ICMP traffic."
+  default = []
+}
+variable "mgmt_TCP_traffic" {
+  type = list(string)
+  description = "(Optional) Source IP ranges for TCP traffic - Traffic is only allowed from sources within these IP address ranges. Use CIDR notation when entering ranges. For gateway all ports are allowed. For management allowed ports are: 257,18191,18210,18264,22,443,18190,19009. Please leave empty list to unable TCP traffic."
+  default = []
+}
+variable "mgmt_UDP_traffic" {
+  type = list(string)
+  description = "(Optional) Source IP ranges for UDP traffic - Traffic is only allowed from sources within these IP address ranges. Use CIDR notation when entering ranges. For gateway all ports are allowed. For management allowed ports are: 257,18191,18210,18264,22,443,18190,19009. Please leave empty list to unable UDP traffic."
+  default = []
+}
+variable "mgmt_SCTP_traffic" {
+  type = list(string)
+  description = "(Optional) Source IP ranges for SCTP traffic - Traffic is only allowed from sources within these IP address ranges. Use CIDR notation when entering ranges. For gateway all ports are allowed. For management allowed ports are: 257,18191,18210,18264,22,443,18190,19009. Please leave empty list to unable SCTP traffic."
+  default = []
+}
+variable "mgmt_ESP_traffic" {
+  type = list(string)
+  description = "(Optional) Source IP ranges for ESP traffic - Traffic is only allowed from sources within these IP address ranges. Use CIDR notation when entering ranges. For gateway all ports are allowed. For management allowed ports are: 257,18191,18210,18264,22,443,18190,19009. Please leave empty list to unable ESP traffic."
+  default = []
+}
+variable "num_internal_networks" {
+  type = number
+  description = "A number in the range 1 - 6 of internal network interfaces."
+  default = 1
+}
+resource "null_resource" "num_internal_networks_validation" {
+  // Will fail if var.num_internal_networks is less than 1 or more than 6
+  count = var.num_internal_networks >= 1 && var.num_internal_networks <= 6 ? 0 : "variable num_internal_networks must be a number between 1 and 6. Multiple network interfaces deployment is described in: https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk121637"
+}
+variable "internal_network1_cidr" {
+  type = string
+  description = "1st internal subnet CIDR. If the variable's value is not empty double quotes, a new subnet will be created. Assigns the cluster members an IPv4 address in this internal network."
+  default = "10.0.2.0/24"
+}
+variable "internal_network1_name" {
+  type = string
+  description = "1st internal network ID in the chosen zone. The network determines what network traffic the instance can access. If you have specified a CIDR block at var.internal_network1_cidr, this network name will not be used. "
+  default = ""
+}
+variable "internal_network1_subnetwork_name" {
+  type = string
+  description = "1st internal subnet ID in the chosen network. Assigns the instance an IPv4 address from the subnetwork’s range. If you have specified a CIDR block at var.internal_network1_cidr, this subnetwork will not be used. Instances in different subnetworks can communicate with each other using their internal IPs as long as they belong to the same network."
+  default = ""
+}
+variable "internal_network2_cidr" {
+  type = string
+  description = "Used only if var.num_internal_networks is 2 or and above - 2nd internal subnet CIDR. If the variable's value is not empty double quotes, a new subnet will be created. Assigns the cluster members an IPv4 address in this internal network."
+  default = ""
+}
+variable "internal_network2_name" {
+  type = string
+  description = "Used only if var.num_internal_networks is 2 or and above - 2nd internal network ID in the chosen zone. The network determines what network traffic the instance can access. If you have specified a CIDR block at var.internal_network2_cidr, this network name will not be used. "
+  default = ""
+}
+variable "internal_network2_subnetwork_name" {
+  type = string
+  description = "Used only if var.num_internal_networks is 2 or and above - 2nd internal subnet ID in the chosen network. Assigns the instance an IPv4 address from the subnetwork’s range. If you have specified a CIDR block at var.internal_network2_cidr, this subnetwork will not be used. Instances in different subnetworks can communicate with each other using their internal IPs as long as they belong to the same network."
+  default = ""
+}
+variable "internal_network3_cidr" {
+  type = string
+  description = "Used only if var.num_internal_networks is 3 or and above - 3rd internal subnet CIDR. If the variable's value is not empty double quotes, a new subnet will be created. Assigns the cluster members an IPv4 address in this internal network."
+  default = ""
+}
+variable "internal_network3_name" {
+  type = string
+  description = "Used only if var.num_internal_networks is 3 or and above - 3rd internal network ID in the chosen zone. The network determines what network traffic the instance can access. If you have specified a CIDR block at var.internal_network3_cidr, this network name will not be used. "
+  default = ""
+}
+variable "internal_network3_subnetwork_name" {
+  type = string
+  description = "Used only if var.num_internal_networks is 3 or and above - 3rd internal subnet ID in the chosen network. Assigns the instance an IPv4 address from the subnetwork’s range. If you have specified a CIDR block at var.internal_network3_cidr, this subnetwork will not be used. Instances in different subnetworks can communicate with each other using their internal IPs as long as they belong to the same network."
+  default = ""
+}
+variable "internal_network4_cidr" {
+  type = string
+  description = "Used only if var.num_internal_networks is 4 or and above - 4th internal subnet CIDR. If the variable's value is not empty double quotes, a new subnet will be created. Assigns the cluster members an IPv4 address in this internal network."
+  default = ""
+}
+variable "internal_network4_name" {
+  type = string
+  description = "Used only if var.num_internal_networks is 4 or and above - 4th internal network ID in the chosen zone. The network determines what network traffic the instance can access. If you have specified a CIDR block at var.internal_network4_cidr, this network name will not be used. "
+  default = ""
+}
+variable "internal_network4_subnetwork_name" {
+  type = string
+  description = "Used only if var.num_internal_networks is 4 or and above - 4th internal subnet ID in the chosen network. Assigns the instance an IPv4 address from the subnetwork’s range. If you have specified a CIDR block at var.internal_network4_cidr, this subnetwork will not be used. Instances in different subnetworks can communicate with each other using their internal IPs as long as they belong to the same network."
+  default = ""
+}
+variable "internal_network5_cidr" {
+  type = string
+  description = "Used only if var.num_internal_networks is 5 or and above - 5th internal subnet CIDR. If the variable's value is not empty double quotes, a new subnet will be created. Assigns the cluster members an IPv4 address in this internal network."
+  default = ""
+}
+variable "internal_network5_name" {
+  type = string
+  description = "Used only if var.num_internal_networks is 5 or and above - 5th internal network ID in the chosen zone. The network determines what network traffic the instance can access. If you have specified a CIDR block at var.internal_network5_cidr, this network name will not be used. "
+  default = ""
+}
+variable "internal_network5_subnetwork_name" {
+  type = string
+  description = "Used only if var.num_internal_networks is 5 or and above - 5th internal subnet ID in the chosen network. Assigns the instance an IPv4 address from the subnetwork’s range. If you have specified a CIDR block at var.internal_network5_cidr, this subnetwork will not be used. Instances in different subnetworks can communicate with each other using their internal IPs as long as they belong to the same network."
+  default = ""
+}
+variable "internal_network6_cidr" {
+  type = string
+  description = "Used only if var.num_internal_networks equals 6 - 6th internal subnet CIDR. If the variable's value is not empty double quotes, a new subnet will be created. Assigns the cluster members an IPv4 address in this internal network."
+  default = ""
+}
+variable "internal_network6_name" {
+  type = string
+  description = "Used only if var.num_internal_networks equals 6 - 6th internal network ID in the chosen zone. The network determines what network traffic the instance can access. If you have specified a CIDR block at var.internal_network6_cidr, this network name will not be used. "
+  default = ""
+}
+variable "internal_network6_subnetwork_name" {
+  type = string
+  description = "Used only if var.num_internal_networks equals 6 - 6th internal subnet ID in the chosen network. Assigns the instance an IPv4 address from the subnetwork’s range. If you have specified a CIDR block at var.internal_network6_cidr, this subnetwork will not be used. Instances in different subnetworks can communicate with each other using their internal IPs as long as they belong to the same network."
+  default = ""
+}
\ No newline at end of file
diff --git a/deprecated/terraform/gcp/R8040-R81/single-into-existing-vpc/README.md b/deprecated/terraform/gcp/R8040-R81/single-into-existing-vpc/README.md
new file mode 100644
index 00000000..a3213acb
--- /dev/null
+++ b/deprecated/terraform/gcp/R8040-R81/single-into-existing-vpc/README.md
@@ -0,0 +1,275 @@
+# Check Point single gateway and management Terraform module for GCP
+
+Terraform module which deploys a single gateway and management of Check Point Security Gateways.
+
+These types of Terraform resources are supported:
+ [Instance Template](https://www.terraform.io/docs/providers/google/r/compute_instance_template.html)
+ [Firewall](https://www.terraform.io/docs/providers/google/r/compute_firewall.html) - conditional creation
+ [Instance Group Manager](https://www.terraform.io/docs/providers/google/r/compute_region_instance_group_manager.html)
+ [Compute instance](https://registry.terraform.io/providers/hashicorp/google/latest/docs/resources/compute_instance)
+
+
+See Check Point's documentation for Single [here](https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk114577)
+
+Terraform is controlled via a very easy to use command-line interface (CLI). Terraform is only a single command-line application: terraform. 
+
+## Before you begin
+1. Create a project in the [Google Cloud Console](https://console.cloud.google.com/) and set up billing on that project.
+2. [Install Terraform](https://learn.hashicorp.com/tutorials/terraform/install-cli) and read the Terraform getting started guide that follows. This guide will assume basic proficiency with Terraform - it is an introduction to the Google provider.
+
+## Configuring the Provider
+The main.tf file includes the following provider configuration block used to configure the credentials you use to authenticate with GCP, as well as a default project and location for your resources:
+```
+provider "google" {
+  credentials = file(var.service_account_path)
+  project     = var.project
+}
+...
+```
+
+1. [Create a Service Account](https://cloud.google.com/docs/authentication/getting-started) (or use the existing one). Next, download the JSON key file. Name it something you can remember and store it somewhere secure on your machine. <br/>
+2. Select "Editor" Role or verify you have the following permissions:
+   ```
+    compute.addresses.get
+    compute.addresses.use
+    compute.addresses.create
+    compute.disks.create
+    compute.disks.delete
+    compute.firewalls.create
+    compute.firewalls.delete
+    compute.firewalls.get
+    compute.images.get
+    compute.images.useReadOnly
+    compute.images.getFromFamily
+    compute.instanceTemplates.create
+    compute.instanceTemplates.delete
+    compute.instanceTemplates.get
+    compute.instanceTemplates.useReadOnly
+    compute.instances.addAccessConfig
+    compute.instances.create
+    compute.instances.delete
+    compute.instances.get
+    compute.instances.setMetadata
+    compute.instances.setTags
+    compute.instances.setLabels
+    compute.networks.get
+    compute.networks.updatePolicy
+    compute.regions.list
+    compute.subnetworks.get
+    compute.subnetworks.use
+    compute.subnetworks.useExternalIp
+    compute.zones.get
+    iam.serviceAccountKeys.get
+    iam.serviceAccountKeys.list
+    iam.serviceAccounts.actAs
+    iam.serviceAccounts.get
+    iam.serviceAccounts.list
+    iam.serviceAccounts.set
+   ```
+3. ```credentials``` - Your service account key file is used to complete a two-legged OAuth 2.0 flow to obtain access tokens to authenticate with the GCP API as needed; Terraform will use it to reauthenticate automatically when tokens expire. <br/> 
+The provider credentials can be provided either as static credentials or as [Environment Variables](https://www.terraform.io/docs/providers/google/guides/provider_reference.html#credentials-1).
+    - Static credentials can be provided by adding the path to your service-account json file, project-id and region in /gcp/modules/single/terraform.tfvars file as follows:
+        ```
+        service_account_path = "service-accounts/service-account-file-name.json"
+        project = "project-id"
+        ```
+     - In case the Environment Variables are used, perform modifications described below:<br/>
+        a. The next lines in the main.tf file, in the provider google resource, need to be deleted or commented:
+        ```
+        provider "google" {
+          //  credentials = file(var.service_account_path)
+          //  project = var.project
+       
+        }
+       ```
+       b.In the terraform.tfvars file leave empty double quotes for credentials and project variables:
+       ```
+       service_account_path = ""
+       project = ""
+       ```
+## Usage
+- Fill all variables in the /gcp/single/terraform.tfvars file with proper values (see below for variables descriptions).
+- From a command line initialize the Terraform configuration directory:
+    ```
+    terraform init
+    ```
+- Create an execution plan:
+    ```
+    terraform plan
+    ```
+- Create or modify the deployment:
+    ```
+    terraform apply
+    ```
+  
+#### Variables are configured in single/terraform.tfvars file as follows:
+```
+# --- Google Provider ---
+service_account_path = "service-accounts/service-account-file-name.json"
+project = "project-id"
+
+# --- Check Point---
+image_name = "check-point-r8110-gw-byol-single-335-985-v20220126"
+installationType = "Gateway only"
+license = "BYOL"
+prefix = "chkp-single-tf-"
+management_nic = "Ephemeral Public IP (eth0)"
+admin_shell = "/etc/cli.sh"
+admin_SSH_key = "ssh-rsa xxxxxxxxxxxxxxxxxxxxxxxx imported-openssh-key"
+generatePassword = false
+allow_upload_download = true
+sicKey = ""
+managementGUIClientNetwork = "0.0.0.0/0"
+
+#--- Quick connect to Smart-1 Cloud ---
+smart_1_cloud_token = "xxxxxxxxxxxxxxxxxxxxxxxx"
+
+# --- Networking ---
+zone = "us-central1-a
+network = ["default"]
+subnetwork = ["default"]
+network_enableTcp= true
+network_tcpSourceRanges= ["0.0.0.0/0"]
+network_enableGwNetwork= false
+network_gwNetworkSourceRanges= [""]
+network_enableIcmp= false
+network_icmpSourceRanges = [""]
+network_enableUdp=  false
+network_udpSourceRanges= [""]
+network_enableSctp= false
+network_sctpSourceRanges= [""]
+network_enableEsp= false
+network_espSourceRanges= [""]
+numAdditionalNICs= 1
+externalIP= "static"
+internal_network1_network= [""]
+internal_network1_subnetwork  = [""]
+
+# --- Instance Configuration ---
+machine_type = "n1-standard-4"
+diskType = "SSD Persistent Disk"
+bootDiskSizeGb = 100
+enableMonitoring = false
+
+```
+
+- To tear down your resources:
+    ```
+    terraform destroy
+    ```
+
+## Conditional creation
+To create Firewall and allow traffic for ICMP, TCP, UDP, SCTP or/and ESP - enter list of Source IP ranges.
+```
+ICMP_traffic = ["123.123.0.0/24", "234.234.0.0/24"]
+TCP_traffic = ["0.0.0.0/0"]
+UDP_traffic = ["0.0.0.0/0"]
+SCTP_traffic = ["0.0.0.0/0"]
+ESP_traffic = ["0.0.0.0/0"]
+```
+Please leave empty list for a protocol if you want to disable traffic for it.
+
+## Inputs
+| Name          | Description   | Type          | Allowed values |Default| Required      |
+| ------------- | ------------- | ------------- | -------------  |-------|---------------|
+| service_account_path | User service account path in JSON format - From the service account key page in the Cloud Console choose an existing account or create a new one. Next, download the JSON key file. Name it something you can remember, store it somewhere secure on your machine, and supply the path to the location is stored. (e.g. "service-accounts/service-account-name.json")  | string  | N/A | "" | yes |
+|  |  |  |  |  |
+| project  | Personal project id. The project indicates the default GCP project all of your resources will be created in.  | string  | N/A | "" | yes |
+|  |  |  |  |  |
+| zone | The zone determines what computing resources are available and where your data is stored and used | string | List of allowed [Regions and Zones](https://cloud.google.com/compute/docs/regions-zones?_ga=2.31926582.-962483654.1585043745) |us-central1-a|yes|
+|  |  |  |  |  |
+| image_name |The single gateway or management image name (e.g. check-point-r8110-gw-byol-single-335-985-v20220126 for gateway or check-point-r8110-byol-335-883-v20210706 for management). You can choose the desired gateway image value from [Github](https://github.com/CheckPointSW/CloudGuardIaaS/blob/master/gcp/deployment-packages/single-byol/images.py).| string | N/A | N/A | yes |
+|  |  |  |  |  |
+| installationType | Installation type and version | string |Gateway only;<br/> Management only;<br/> Manual Configuration<br/>Gateway and Management (Standalone) |Gateway only|yes|
+|  |  |  |  |  |
+| license | Checkpoint license (BYOL or PAYG).|string|BYOL; <br/>PAYG;|BYOL|yes|
+|  |  |  |  |  |
+| prefix | (Optional) Resources name prefix|string|N\A|chkp-single-tf-|no|
+|  |  |  |  |  |
+| machineType | Machine types determine the specifications of your machines, such as the amount of memory, virtual cores, and persistent disk limits an instance will have | string | [Learn more about Machine Types](https://cloud.google.com/compute/docs/machine-types?hl=en_US&_ga=2.267871494.-962483654.1585043745) | n1-standard-4|no|
+|  |  |  |  |  |
+| network | The network determines what network traffic the instance can access | list(string) | Available network in the chosen zone  |N/A|yes|
+|  |  |  |  |  |
+| Subnetwork | Assigns the instance an IPv4 address from the subnetwork’s range. Instances in different subnetworks can communicate with each other using their internal IPs as long as they belong to the same network. | list(string) | Available subnetwork in the chosen network  |N/A|yes|
+|  |  |  |  |  |
+| network_enableTcp | Allow TCP traffic from the Internet | boolean | true; <br/>false;  |false|no|
+|  |  |  |  |  |
+| network_tcpSourceRanges | Allow TCP traffic from the Internet | list(string) | Traffic is only allowed from sources within these IP address ranges. Use CIDR notation when entering ranges. For gateway all ports are allowed. For management allowed ports are: 257,18191,18210,18264,22,443,18190,19009 [Learn more](https://cloud.google.com/vpc/docs/vpc?_ga=2.36703144.-962483654.1585043745#firewalls) |N/A|no|
+|  |  |  |  |  |
+| network_enableGwNetwork | This is relevant for Management only. The network in which managed gateways reside | boolean | true; <br/>false;  |false|no|
+|  |  |  |  |  |
+| network_gwNetworkSourceRanges | Allow TCP traffic from the Internet | list(string) | Enter a valid IPv4 network CIDR (e.g. 0.0.0.0/0) |N/A|no|
+|  |  |  |  |  |
+| network_enableIcmp | Allow ICMP traffic from the Internet | boolean | true; <br/>false;  |false|no|
+|  |  |  |  |  |
+| network_icmpSourceRanges | Source IP ranges for ICMP traffic | list(string) | Traffic is only allowed from sources within these IP address ranges. Use CIDR notation when entering ranges. For gateway only. [Learn more](https://cloud.google.com/vpc/docs/vpc?_ga=2.36703144.-962483654.1585043745#firewalls) |N/A|no|
+|  |  |  |  |  |
+| network_enableUdp | Allow UDP traffic from the Internet | boolean | true; <br/>false;  |false|no|
+|  |  |  |  |  |
+| network_udpSourceRanges | Source IP ranges for UDP traffic | list(string) | Traffic is only allowed from sources within these IP address ranges. Use CIDR notation when entering ranges. For gateway only - all ports are allowed. [Learn more](https://cloud.google.com/vpc/docs/vpc?_ga=2.36703144.-962483654.1585043745#firewalls) |N/A|no|
+|  |  |  |  |  |
+| network_enableSctp | Allow SCTP traffic from the Internet | boolean | true; <br/>false;  |false|no|
+|  |  |  |  |  |
+| network_sctpSourceRanges | Source IP ranges for SCTP traffic | list(string) | Traffic is only allowed from sources within these IP address ranges. Use CIDR notation when entering ranges. For gateway only - all ports are allowed. [Learn more](https://cloud.google.com/vpc/docs/vpc?_ga=2.36703144.-962483654.1585043745#firewalls) |N/A|no|
+|  |  |  |  |  |
+| network_enableEsp | Allow ESP traffic from the Internet | boolean | true; <br/>false; |false|no|
+|  |  |  |  |  |
+| network_espSourceRanges | Source IP ranges for ESP traffic | list(string) | Traffic is only allowed from sources within these IP address ranges. Use CIDR notation when entering ranges. For gateway only. [Learn more](https://cloud.google.com/vpc/docs/vpc?_ga=2.36703144.-962483654.1585043745#firewalls) |N/A|no|
+|  |  |  |  |  |
+| diskType | Disk type | string | SSD Persistent Disk;<br/>standard-Persistent Disk;<br/>Storage space is much less expensive for a standard persistent disk. An SSD persistent disk is better for random IOPS or streaming throughput with low latency. [Learn more](https://cloud.google.com/compute/docs/disks/?hl=en_US&_ga=2.66020774.-962483654.1585043745#overview_of_disk_types)|SSD Persistent Disk|no|
+|  |  |  |  |  |
+| bootDiskSizeGb | Disk size in GB | number | Persistent disk performance is tied to the size of the persistent disk volume. You are charged for the actual amount of provisioned disk space. [Learn more](https://cloud.google.com/compute/docs/disks/?hl=en_US&_ga=2.232680471.-962483654.1585043745#pdperformance)|100|no|
+|  |  |  |  |  |
+| generatePassword | Automatically generate an administrator password | boolean | true; <br/>false; |false|no|
+|  |  |  |  |  |
+| allowUploadDownload | Allow download from/upload to Check Point  | boolean | true; <br/>false; |false|no|
+|  |  |  |  |  |
+| enableMonitoring | Enable Stackdriver monitoring | boolean | true; <br/>false; |false|no|
+|  |  |  |  |  |
+| admin_shell | Change the admin shell to enable advanced command line configuration. | string | /etc/cli.sh;<br/>/bin/bash;<br/>/bin/csh;<br/>/bin/tcsh;<br/> |/etc/cli.sh|no|
+|  |  |  |  |  |
+| admin_SSH_key | Public SSH key for the user 'admin' - The SSH public key for SSH authentication to the instances. Leave this field blank to use all project-wide pre-configured SSH keys. | string | A valid public ssh key | "" | no |
+|  |  |  |  |  |
+| sicKey | The Secure Internal Communication one time secret used to set up trust between the single gateway object and the management server | string | At least 8 alpha numeric characters.<br/>If SIC is not provided and needed, a key will be automatically generated |""|no|
+|  |  |  |  |  |
+| managementGUIClientNetwork | Allowed GUI clients | string | A valid IPv4 network CIDR (e.g. 0.0.0.0/0) |0.0.0.0/0|no|
+|  |  |  |  |  |
+| smart_1_cloud_token | Smart-1 Cloud token to connect this gateway to Check Point's Security Management as a Service. <br/><br/> Follow these instructions to quickly connect this member to Smart-1 Cloud - [SK180501](https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk180501) | string | A valid token copied from the Connect Gateway screen in Smart-1 Cloud portal.|
+|  |  |  |  |  |
+| numAdditionalNICs | Number of additional network interfaces | number | A number in the range 0 - 8.<br/>Multiple network interfaces deployment is described in [sk121637 - Deploy a CloudGuard for GCP with Multiple Network Interfaces](https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk121637) |0|no|
+|  |  |  |  |  |
+| externalIP | External IP address type | string | Static;<br/>Ephemeral;<br/>An external IP address associated with this instance. Selecting "None" will result in the instance having no external internet access. [Learn more](https://cloud.google.com/compute/docs/ip-addresses/reserve-static-external-ip-address?_ga=2.259654658.-962483654.1585043745) |static|no|
+|  |  |  |  |  |
+| management_nic | Management Interface - Security Gateways in GCP can be managed by an ephemeral public IP or using the private IP of the internal interface (eth1). | string | Ephemeral Public IP (eth0) <br/> - Private IP (eth1) |XEphemeral Public IP (eth0)|no|
+|  |  |  |  |  |
+
+## Outputs
+| Name  | Description |
+| ------------- | ------------- |
+| SIC_key  | Secure Internal Communication (SIC) initiation key.  |
+| ICMP_firewall_rules_name  | If enable - the ICMP firewall rules name, otherwise, an empty list.  |
+| TCP_firewall_rules_name  | If enable - the TCP firewall rules name, otherwise, an empty list.  |
+| UDP_firewall_rules_name  | If enable - the UDP firewall rules name, otherwise, an empty list.  |
+| SCTP_firewall_rules_name  | If enable - the SCTP firewall rules name, otherwise, an empty list.  |
+| ESP_firewall_rules_name  | If enable - the ESP firewall rules name, otherwise, an empty list.  |
+
+## Revision History
+In order to check the template version refer to the [sk116585](https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk116585)
+
+| Template Version | Description   |
+| ---------------- | ------------- |
+| 20230209 | Added Smart-1 Cloud support. |
+| | | |
+| 20230109 | Updated startup script to use cloud-config. |
+| | | |
+| 20201208 | First release of Check Point Check Point CloudGuard IaaS High Availability Terraform solution on GCP. |
+| | | |
+|  | Addition of "template_type" parameter to "cloud-version" files. |
+| | | |
+
+## Authors
+
+
+## License
+
+This project is licensed under the MIT License - see the [LICENSE](../../../LICENSE) file for details
diff --git a/deprecated/terraform/gcp/R8040-R81/single-into-existing-vpc/locals.tf b/deprecated/terraform/gcp/R8040-R81/single-into-existing-vpc/locals.tf
new file mode 100644
index 00000000..39527714
--- /dev/null
+++ b/deprecated/terraform/gcp/R8040-R81/single-into-existing-vpc/locals.tf
@@ -0,0 +1,55 @@
+locals {
+  license_allowed_values = [
+    "BYOL",
+    "PAYG"]
+  // will fail if [var.license] is invalid:
+  validate_license = index(local.license_allowed_values, upper(var.license))
+
+  installation_type_allowed_values = [
+    "Gateway only",
+    "Management only",
+    "Standalone",
+    "Manual Configuration"
+  ]
+  // Will fail if the installation type is none of the above
+  validate_installation_type = index(local.installation_type_allowed_values, var.installationType)
+
+  regex_valid_sicKey = "^([a-z0-9A-Z]{8,30})$"
+  // Will fail if var.sicKey is invalid
+  regex_sicKey = regex(local.regex_valid_sicKey, var.sicKey) == var.sicKey ? 0 : "Variable [sicKey] must be at least 8 alphanumeric characters."
+
+  regex_validate_mgmt_image_name = "check-point-r8[0-1][1-4]0-(byol|payg)-[0-9]{3}-([0-9]{3,}|[a-z]+)-v[0-9]{8,}"
+  regex_validate_single_image_name = "check-point-r8[0-1][1-4]0-gw-(byol|payg)-single-[0-9]{3}-([0-9]{3,}|[a-z]+)-v[0-9]{8,}"
+  // will fail if the image name is not in the right syntax
+  validate_image_name = var.installationType != "Gateway only" && length(regexall(local.regex_validate_mgmt_image_name, var.image_name)) > 0 ? 0 : (var.installationType == "Gateway only" && length(regexall(local.regex_validate_single_image_name, var.image_name)) > 0 ? 0 : index(split("-", var.image_name), "INVALID IMAGE NAME"))
+  regex_valid_admin_SSH_key = "^(^$|ssh-rsa AAAA[0-9A-Za-z+/]+[=]{0,3})"
+  // Will fail if var.admin_SSH_key is invalid
+  regex_admin_SSH_key = regex(local.regex_valid_admin_SSH_key, var.admin_SSH_key) == var.admin_SSH_key ? 0 : "Please enter a valid SSH public key or leave empty"
+  admin_shell_allowed_values = [
+    "/etc/cli.sh",
+    "/bin/bash",
+    "/bin/csh",
+    "/bin/tcsh"]
+  // Will fail if var.admin_shell is invalid
+  validate_admin_shell = index(local.admin_shell_allowed_values, var.admin_shell)
+  disk_type_allowed_values = [
+    "SSD Persistent Disk",
+    "Balanced Persistent Disk",
+    "Standard Persistent Disk"]
+  // Will fail if var.disk_type is invalid
+  validate_disk_type = index(local.disk_type_allowed_values, var.diskType)
+  adminPasswordSourceMetadata = var.generatePassword ?random_string.generated_password.result : ""
+  disk_type_condition = var.diskType == "SSD Persistent Disk" ? "pd-ssd" : var.diskType == "Balanced Persistent Disk" ? "pd-balanced" : var.diskType == "Standard Persistent Disk" ? "pd-standard" : ""
+  admin_SSH_key_condition = var.admin_SSH_key != "" ? true : false
+  ICMP_traffic_condition = length(var.network_icmpSourceRanges	) == 0 ? 0 : 1
+  TCP_traffic_condition = length(var.network_tcpSourceRanges) == 0 ? 0 : 1
+  UDP_traffic_condition = length(var.network_udpSourceRanges	) == 0 ? 0 : 1
+  SCTP_traffic_condition = length(var.network_sctpSourceRanges) == 0 ? 0 : 1
+  ESP_traffic_condition = length(var.network_espSourceRanges) == 0 ? 0 : 1
+  // Will fail if management_only and payg
+  is_management_only = var.installationType == "Management only"
+  is_license_payg = var.license == "PAYG" 
+  validation_message = "Cannot use 'Management only' installation type with 'PAYG' license."
+  _= regex("^$",local.is_management_only && local.is_license_payg ? local.validation_message : "") 
+
+}
diff --git a/deprecated/terraform/gcp/R8040-R81/single-into-existing-vpc/main.tf b/deprecated/terraform/gcp/R8040-R81/single-into-existing-vpc/main.tf
new file mode 100644
index 00000000..aeab8b93
--- /dev/null
+++ b/deprecated/terraform/gcp/R8040-R81/single-into-existing-vpc/main.tf
@@ -0,0 +1,218 @@
+provider "google" {
+  credentials = file(var.service_account_path)
+  project = var.project
+  zone = var.zone
+}
+
+resource "random_string" "random_string" {
+  length = 5
+  special = false
+  upper = false
+  keepers = {}
+}
+data "google_compute_network" "external_network" {
+  name = var.network[0]
+}
+resource "random_string" "random_sic_key" {
+  length = 12
+  special = false
+}
+
+resource "google_compute_firewall" "ICMP_firewall_rules" {
+  count = local.ICMP_traffic_condition
+  name = "${var.prefix}-icmp-${random_string.random_string.result}"
+  network = data.google_compute_network.external_network.self_link
+  allow {
+    protocol = "icmp"
+  }
+  source_ranges = var.network_icmpSourceRanges
+  target_tags = [
+    "checkpoint-${replace(replace(lower(var.installationType)," ","-"),"(standalone)","standalone")}"]
+}
+resource "google_compute_firewall" "TCP_firewall_rules" {
+  count = local.TCP_traffic_condition
+  name = "${var.prefix}-tcp-${random_string.random_string.result}"
+  network = data.google_compute_network.external_network.self_link
+  allow {
+    protocol = "tcp"
+  }
+  source_ranges = var.network_tcpSourceRanges
+  target_tags = [
+    "checkpoint-${replace(replace(lower(var.installationType)," ","-"),"(standalone)","standalone")}"]
+}
+resource "google_compute_firewall" "UDP_firewall_rules" {
+  count = local.UDP_traffic_condition
+  name = "${var.prefix}-udp-${random_string.random_string.result}"
+  network = data.google_compute_network.external_network.self_link
+  allow {
+    protocol = "udp"
+  }
+  source_ranges = var.network_udpSourceRanges
+  target_tags = [
+    "checkpoint-${replace(replace(lower(var.installationType)," ","-"),"(standalone)","standalone")}"]
+}
+resource "random_string" "generated_password" {
+  length = 12
+  special = false
+}
+resource "google_compute_firewall" "SCTP_firewall_rules" {
+  count = local.SCTP_traffic_condition
+  name = "${var.prefix}-sctp-${random_string.random_string.result}"
+  network = data.google_compute_network.external_network.self_link
+  allow {
+    protocol = "sctp"
+  }
+  source_ranges = var.network_sctpSourceRanges
+  target_tags = [
+    "checkpoint-${replace(replace(lower(var.installationType)," ","-"),"(standalone)","standalone")}"]
+}
+resource "google_compute_firewall" "ESP_firewall_rules" {
+  count = local.ESP_traffic_condition
+  name = "${var.prefix}-esp-${random_string.random_string.result}"
+  network = data.google_compute_network.external_network.self_link
+  allow {
+    protocol = "esp"
+  }
+  source_ranges = var.network_espSourceRanges
+  target_tags = [
+    "checkpoint-${replace(replace(lower(var.installationType)," ","-"),"(standalone)","standalone")}"]
+}
+
+resource "google_compute_instance" "gateway" {
+  name = "${var.prefix}-${random_string.random_string.result}"
+  description = "Check Point Security ${replace(var.installationType,"(Standalone)","--")==var.installationType?split(" ",var.installationType)[0]:" Gateway and Management"}"
+  zone = var.zone
+  labels = {goog-dm = "${var.prefix}-${random_string.random_string.result}"}
+  tags =replace(var.installationType,"(Standalone)","--")==var.installationType?[
+    "checkpoint-${split(" ",lower(var.installationType))[0]}","${var.prefix}${random_string.random_string.result}"
+  ]:["checkpoint-gateway","checkpoint-management","${var.prefix}${random_string.random_string.result}"]
+  machine_type = var.machine_type
+  can_ip_forward = var.installationType == "Management only"? false:true
+  boot_disk {
+    auto_delete = true
+    device_name = "chkp-single-boot-${random_string.random_string.result}"
+    initialize_params {
+      size = var.bootDiskSizeGb
+      type = local.disk_type_condition
+      image = "checkpoint-public/${var.image_name}"
+    }
+  }
+  network_interface {
+    network = var.network[0]
+    subnetwork = var.subnetwork[0]
+    dynamic "access_config" {
+      for_each = var.externalIP == "None"? []:[1]
+      content {
+        nat_ip = var.externalIP=="static" ? google_compute_address.static.address : null
+      }
+    }
+
+  }
+  dynamic "network_interface" {
+    for_each = var.numAdditionalNICs >= 1 ? [
+      1] : []
+    content {
+      network = var.internal_network1_network[0]
+      subnetwork = var.internal_network1_subnetwork[0]
+    }
+  }
+  dynamic "network_interface" {
+    for_each = var.numAdditionalNICs >= 2 ? [
+      1] : []
+    content {
+      network = var.internal_network2_network[0]
+      subnetwork = var.internal_network2_subnetwork[0]
+    }
+  }
+  dynamic "network_interface" {
+    for_each = var.numAdditionalNICs >= 3 ? [
+      1] : []
+    content {
+      network = var.internal_network3_network[0]
+      subnetwork = var.internal_network3_subnetwork[0]
+    }
+  }
+  dynamic "network_interface" {
+    for_each = var.numAdditionalNICs >= 4 ? [
+      1] : []
+    content {
+      network = var.internal_network4_network[0]
+      subnetwork = var.internal_network4_subnetwork[0]
+    }
+  }
+  dynamic "network_interface" {
+    for_each = var.numAdditionalNICs >= 5 ? [
+      1] : []
+    content {
+      network = var.internal_network5_network[0]
+      subnetwork = var.internal_network5_subnetwork[0]
+    }
+  }
+  dynamic "network_interface" {
+    for_each = var.numAdditionalNICs == 6 ? [
+      1] : []
+    content {
+      network = var.internal_network6_network[0]
+      subnetwork = var.internal_network6_subnetwork[0]
+    }
+  }
+  dynamic "network_interface" {
+    for_each = var.numAdditionalNICs == 7 ? [
+      1] : []
+    content {
+      network = var.internal_network7_network[0]
+      subnetwork = var.internal_network7_subnetwork[0]
+    }
+  }
+  dynamic "network_interface" {
+    for_each = var.numAdditionalNICs == 8 ? [
+      1] : []
+    content {
+      network = var.internal_network8_network[0]
+      subnetwork = var.internal_network8_subnetwork[0]
+    }
+  }
+
+  service_account {
+    scopes = [
+      "https://www.googleapis.com/auth/cloudruntimeconfig",
+      "https://www.googleapis.com/auth/monitoring.write"]
+  }
+
+  metadata = local.admin_SSH_key_condition ? {
+    instanceSSHKey = var.admin_SSH_key
+    adminPasswordSourceMetadata = var.generatePassword ?random_string.generated_password.result : ""
+  } : {adminPasswordSourceMetadata = var.generatePassword?random_string.generated_password.result : ""}
+
+  metadata_startup_script = templatefile("${path.module}/../common/startup-script.sh", {
+    // script's arguments
+    generatePassword = var.generatePassword
+    config_url = "https://runtimeconfig.googleapis.com/v1beta1/projects/${var.project}/configs/-config"
+    config_path = "projects/${var.project}/configs/-config"
+    sicKey = ""
+    allowUploadDownload = var.allowUploadDownload
+    templateName = "single_tf"
+    templateVersion = "20230109"
+    templateType = "terraform"
+    hasInternet = "true"
+    enableMonitoring = var.enableMonitoring
+    shell = var.admin_shell
+    installationType = var.installationType
+    computed_sic_key = var.sicKey
+    managementGUIClientNetwork = var.managementGUIClientNetwork
+    installSecurityManagement = true
+    primary_cluster_address_name = ""
+    secondary_cluster_address_name = ""
+    subnet_router_meta_path = ""
+    mgmtNIC = var.management_nic
+    managementNetwork = ""
+    numAdditionalNICs = ""
+    smart_1_cloud_token = var.smart_1_cloud_token
+    name = ""
+    zoneConfig = ""
+    region = ""
+  })
+}
+resource "google_compute_address" "static" {
+  name = "ipv4-address-${random_string.random_string.result}"
+}
\ No newline at end of file
diff --git a/deprecated/terraform/gcp/R8040-R81/single-into-existing-vpc/output.tf b/deprecated/terraform/gcp/R8040-R81/single-into-existing-vpc/output.tf
new file mode 100644
index 00000000..0f0882d0
--- /dev/null
+++ b/deprecated/terraform/gcp/R8040-R81/single-into-existing-vpc/output.tf
@@ -0,0 +1,18 @@
+output "SIC_key" {
+  value = random_string.random_sic_key.result
+}
+output "ICMP_firewall_rules_name" {
+  value = google_compute_firewall.ICMP_firewall_rules[*].name
+}
+output "TCP_firewall_rules_name" {
+  value = google_compute_firewall.TCP_firewall_rules[*].name
+}
+output "UDP_firewall_rules_name" {
+  value = google_compute_firewall.UDP_firewall_rules[*].name
+}
+output "SCTP_firewall_rules_name" {
+  value = google_compute_firewall.SCTP_firewall_rules[*].name
+}
+output "ESP_firewall_rules_name" {
+  value = google_compute_firewall.ESP_firewall_rules[*].name
+}
\ No newline at end of file
diff --git a/deprecated/terraform/gcp/R8040-R81/single-into-existing-vpc/terraform.tfvars b/deprecated/terraform/gcp/R8040-R81/single-into-existing-vpc/terraform.tfvars
new file mode 100644
index 00000000..8ac21504
--- /dev/null
+++ b/deprecated/terraform/gcp/R8040-R81/single-into-existing-vpc/terraform.tfvars
@@ -0,0 +1,46 @@
+# --- Google Provider ---
+service_account_path                        = "PLEASE ENTER SERVICE_ACCOUNT_PATH"                                        # "service-accounts/service-account-file-name.json"
+project                                     = "PLEASE ENTER PROJECT ID"                                                  # "project-id"
+
+# --- Check Point Deployment---
+image_name                                  = "PLEASE ENTER IMAGE_NAME"                                                 # "check-point-r8110-gw-byol-single-335-985-v20220126"
+installationType                            = "PLEASE ENTER INSTALLATION TYPE"                                          # "Gateway only"
+license                                     = "PLEASE ENTER LICENSE"                                                    # "BYOL"
+prefix                                      = "PLEASE ENTER PREFIX"                                                     # "chkp-single-tf-"
+management_nic                              = "PLEASE ENTER MANAGEMENT_NIC"                                             # "Ephemeral Public IP (eth0)"
+admin_shell                                 = "PLEASE ENTER ADMIN_SHELL"                                                # "/etc/cli.sh"
+admin_SSH_key                               = "PLEASE ENTER ADMIN_SSH_KEY"                                              # "ssh-rsa xxxxxxxxxxxxxxxxxxxxxxxx imported-openssh-key"
+generatePassword                            = "PLEASE ENTER GENERATE PASSWORD"                                          # false
+allowUploadDownload                         = "PLEASE ENTER ALLOW UPLOAD DOWNLOAD"                                      # false
+sicKey                                      = "PLEASE ENTER SIC KEY"                                                    # ""
+managementGUIClientNetwork                  = "PLEASE ENTER MANAGEMENT GUI CLIENT NETWORK"                              # "0.0.0.0/0"
+
+# --- Quick connect to Smart-1 Cloud ---
+smart_1_cloud_token                            = "PASTE TOKEN FROM SMART-1 CLOUD PORTAL"                                        # ""
+
+# --- Networking---
+zone                                        = "PLEASE ENTER ZONE"                                                       # "us-central1-a"
+network                                     = "PLEASE ENTER NETWORK"                                                    # ["default"]
+subnetwork                                  = "PLEASE ENTER SUBNETWORK"                                                 # ["default"]
+network_enableTcp                           = "PLEASE ENTER NETWORK ENABLE TCP"                                         # false
+network_tcpSourceRanges                     = "PLEASE ENTER NETWORK TCP SOURCE RANGES"                                  # [""]
+network_enableGwNetwork                     = "PLEASE ENTER NETWORK ENABLE GW NETWORK"                                  # false
+network_gwNetworkSourceRanges               = "PLEASE ENTER NETWORK GW NETWORK SOURCE RANGES"                           # [""]
+network_enableIcmp                          = "PLEASE ENTER NETWORK ENABLE ICMP"                                        # false
+network_icmpSourceRanges                    = "PLEASE ENTER NETWORK ICMP SOURCE RANGES"                                 # [""]
+network_enableUdp                           = "PLEASE ENTER NETWORK ENABLE UDP"                                         #  false
+network_udpSourceRanges                     = "PLEASE ENTER NETWORK UDP SOURCE RANGES"                                  # [""]
+network_enableSctp                          = "PLEASE ENTER NETWORK ENABLE SCTP"                                        # false
+network_sctpSourceRanges                    = "PLEASE ENTER NETWORK SCTP SOURCE RANGES"                                 # [""]
+network_enableEsp                           = "PLEASE ENTER NETWORK ENABLE ESP"                                         # false
+network_espSourceRanges                     = "PLEASE ENTER NETWORK ESP SOURCE RANGES"                                  # [""]
+numAdditionalNICs                           = "PLEASE ENTER NUM ADDITIONAL NICS"                                        # 1
+externalIP                                  = "PLEASE ENTER EXTERNAL IP"                                                # "static"
+internal_network1_network                   = "PLEASE ENTER INTERNAL_NETWORK1_NETWORK"                                  # [""]
+internal_network1_subnetwork                = "PLEASE ENTER INTERNAL_NETWORK1_SUBNETWORK"                               # [""]
+
+# --- Instances configuration---
+machine_type                                = "PLEASE ENTER MACHINE_TYPE"                                               # "n1-standard-4"
+diskType                                    = "PLEASE ENTER DISK TYPE"                                                  # "SSD Persistent Disk"
+bootDiskSizeGb                              = "PLEASE ENTER BOOT DISK SIZE GB"                                          # 100
+enableMonitoring                            = "PLEASE ENTER ENABLE MONITORING"                                          # false
diff --git a/deprecated/terraform/gcp/R8040-R81/single-into-existing-vpc/variables.tf b/deprecated/terraform/gcp/R8040-R81/single-into-existing-vpc/variables.tf
new file mode 100644
index 00000000..0b4718bc
--- /dev/null
+++ b/deprecated/terraform/gcp/R8040-R81/single-into-existing-vpc/variables.tf
@@ -0,0 +1,254 @@
+variable "service_account_path" {
+  type = string
+  description = "User service account path in JSON format - From the service account key page in the Cloud Console choose an existing account or create a new one. Next, download the JSON key file. Name it something you can remember, store it somewhere secure on your machine, and supply the path to the location is stored."
+  default = ""
+}
+variable "project" {
+  type = string
+  description = "Personal project id. The project indicates the default GCP project all of your resources will be created in."
+  default = ""
+}
+variable "zone" {
+  type = string
+  description = "The zone determines what computing resources are available and where your data is stored and used"
+  default = "us-central1-a"
+}
+variable "image_name" {
+  type = string
+  description = "The single gateway and management image name.  You can choose the desired image value from: https://github.com/CheckPointSW/CloudGuardIaaS/blob/master/gcp/deployment-packages/single-byol/images.py"
+}
+variable "installationType" {
+  type = string
+  description = "Installation type and version"
+  default = "Gateway only"
+}
+variable "license" {
+  type = string
+  description = "Checkpoint license (BYOL or PAYG)."
+  default = "BYOL"
+}
+variable "prefix" {
+  type = string
+  description = "(Optional) Resources name prefix"
+  default = "chkp-single-tf-"
+}
+variable "machine_type" {
+  type = string
+  default = "n1-standard-4"
+}
+variable "network" {
+  type = list(string)
+  description = "The network determines what network traffic the instance can access"
+  default = ["default"]
+}
+variable "subnetwork" {
+  type = list(string)
+  description = "Assigns the instance an IPv4 address from the subnetwork’s range. Instances in different subnetworks can communicate with each other using their internal IPs as long as they belong to the same network."
+  default = ["default"]
+}
+variable "network_enableTcp" {
+  type = bool
+  description = "Allow TCP traffic from the Internet"
+  default = false
+}
+variable "network_tcpSourceRanges" {
+  type = list(string)
+  description = "Allow TCP traffic from the Internet"
+  default = []
+}
+variable "network_enableGwNetwork" {
+  type = bool
+  description = "This is relevant for Management only. The network in which managed gateways reside"
+  default = false
+}
+variable network_gwNetworkSourceRanges{
+  type = list(string)
+  description = "Allow TCP traffic from the Internet"
+  default = []
+}
+variable "network_enableIcmp" {
+  type = bool
+  description ="Allow ICMP traffic from the Internet"
+  default = false
+}
+variable "network_icmpSourceRanges" {
+  type = list(string)
+  description = "(Optional) Source IP ranges for ICMP traffic - Traffic is only allowed from sources within these IP address ranges. Use CIDR notation when entering ranges. Please leave empty list to unable ICMP traffic."
+  default = []
+}
+variable network_enableUdp{
+  type = bool
+  description ="Allow UDP traffic from the Internet"
+  default = false
+}
+variable "network_udpSourceRanges" {
+  type = list(string)
+  description = "(Optional) Source IP ranges for UDP traffic - Traffic is only allowed from sources within these IP address ranges. Use CIDR notation when entering ranges. Please leave empty list to unable UDP traffic."
+  default = []
+}
+variable "network_enableSctp" {
+  type = bool
+  description ="Allow SCTP traffic from the Internet"
+  default = false
+}
+variable "network_sctpSourceRanges" {
+  type = list(string)
+  description = "(Optional) Source IP ranges for SCTP traffic - Traffic is only allowed from sources within these IP address ranges. Use CIDR notation when entering ranges. Please leave empty list to unable SCTP traffic."
+  default = []
+}
+
+variable "network_enableEsp" {
+  type = bool
+  description ="Allow ESP traffic from the Internet	"
+  default = false
+}
+variable "network_espSourceRanges" {
+  type = list(string)
+  description = "(Optional) Source IP ranges for ESP traffic - Traffic is only allowed from sources within these IP address ranges. Use CIDR notation when entering ranges. Please leave empty list to unable ESP traffic."
+  default = []
+}
+variable "diskType" {
+  type = string
+  description ="Disk type"
+  default = "pd-ssd"
+}
+variable "bootDiskSizeGb" {
+  type = number
+  description ="Disk size in GB"
+  default = 100
+}
+variable "generatePassword" {
+  type = bool
+  description ="Automatically generate an administrator password	"
+  default = false
+}
+variable "management_nic" {
+  type = string
+  description = "Management Interface - Gateways in GCP can be managed by an ephemeral public IP or using the private IP of the internal interface (eth1)."
+  default = "Ephemeral Public IP (eth0)"
+}
+variable "allowUploadDownload" {
+  type = string
+  description ="Allow download from/upload to Check Point"
+  default = true
+}
+variable "enableMonitoring" {
+  type = bool
+  description ="Enable Stackdriver monitoring"
+  default = false
+}
+variable "admin_shell" {
+  type = string
+  description = "Change the admin shell to enable advanced command line configuration."
+  default = "/etc/cli.sh"
+}
+variable "admin_SSH_key" {
+  type = string
+  description = "(Optional) The SSH public key for SSH authentication to the template instances. Leave this field blank to use all project-wide pre-configured SSH keys."
+  default = ""
+}
+variable "sicKey" {
+  type = string
+  description ="The Secure Internal Communication one time secret used to set up trust between the single gateway object and the management server"
+  default = ""
+}
+variable "managementGUIClientNetwork" {
+  type = string
+  description ="Allowed GUI clients	"
+  default = "0.0.0.0/0"
+}
+variable "smart_1_cloud_token" {
+  type = string
+  description ="(Optional) Smart-1 cloud token to connect this Gateway to Check Point's Security Management as a Service"
+  default = ""
+}
+variable "numAdditionalNICs" {
+  type = number
+  description ="Number of additional network interfaces"
+  default = 0
+}
+variable "externalIP" {
+  type = string
+  description = "External IP address type"
+  default = "static"
+}
+variable "internal_network1_network" {
+  type = list(string)
+  description = "1st internal network ID in the chosen zone."
+  default = []
+}
+variable "internal_network1_subnetwork" {
+  type = list(string)
+  description = "1st internal subnet ID in the chosen network."
+  default = []
+}
+variable "internal_network2_network" {
+  type = list(string)
+  description = "2nd internal network ID in the chosen zone."
+  default = []
+}
+variable "internal_network2_subnetwork" {
+  type = list(string)
+  description = "2nd internal subnet ID in the chosen network."
+  default = []
+}
+variable "internal_network3_network" {
+  type = list(string)
+  description = "3rd internal network ID in the chosen zone."
+  default = []
+}
+variable "internal_network3_subnetwork" {
+  type = list(string)
+  description = "3rd internal subnet ID in the chosen network."
+  default = []
+}
+variable "internal_network4_network" {
+  type = list(string)
+  description = "4th internal network ID in the chosen zone."
+  default = []
+}
+variable "internal_network4_subnetwork" {
+  type = list(string)
+  description = "4th internal subnet ID in the chosen network."
+  default = []
+}
+variable "internal_network5_network" {
+  type = list(string)
+  description = "5th internal network ID in the chosen zone."
+  default = []
+}
+variable "internal_network5_subnetwork" {
+  type = list(string)
+  description = "5th internal subnet ID in the chosen network."
+  default = []
+}
+variable "internal_network6_network" {
+  type = list(string)
+  description = "6th internal network ID in the chosen zone."
+  default = []
+}
+variable "internal_network6_subnetwork" {
+  type = list(string)
+  description = "6th internal subnet ID in the chosen network."
+  default = []
+}
+variable "internal_network7_network" {
+  type = list(string)
+  description = "7th internal network ID in the chosen zone."
+  default = []
+}
+variable "internal_network7_subnetwork" {
+  type = list(string)
+  description = "7th internal subnet ID in the chosen network."
+  default = []
+}
+variable "internal_network8_network" {
+  type = list(string)
+  description = "8th internal network ID in the chosen zone."
+  default = []
+}
+variable "internal_network8_subnetwork" {
+  type = list(string)
+  description = "8th internal subnet ID in the chosen network."
+  default = []
+}
diff --git a/deprecated/terraform/gcp/R8040-R81/single-into-new-vpc/README.md b/deprecated/terraform/gcp/R8040-R81/single-into-new-vpc/README.md
new file mode 100644
index 00000000..857b7c75
--- /dev/null
+++ b/deprecated/terraform/gcp/R8040-R81/single-into-new-vpc/README.md
@@ -0,0 +1,270 @@
+# Check Point single gateway and management Terraform module for GCP
+
+Terraform module which deploys a single gateway and management of Check Point Security Gateways.
+
+These types of Terraform resources are supported:
+ [Instance Template](https://www.terraform.io/docs/providers/google/r/compute_instance_template.html)
+ [Firewall](https://www.terraform.io/docs/providers/google/r/compute_firewall.html) - conditional creation
+ [Instance Group Manager](https://www.terraform.io/docs/providers/google/r/compute_region_instance_group_manager.html)
+ [Compute instance](https://registry.terraform.io/providers/hashicorp/google/latest/docs/resources/compute_instance)
+
+
+See Check Point's documentation for Single [here](https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk114577)
+
+Terraform is controlled via a very easy to use command-line interface (CLI). Terraform is only a single command-line application: terraform. 
+
+## Before you begin
+1. Create a project in the [Google Cloud Console](https://console.cloud.google.com/) and set up billing on that project.
+2. [Install Terraform](https://learn.hashicorp.com/tutorials/terraform/install-cli) and read the Terraform getting started guide that follows. This guide will assume basic proficiency with Terraform - it is an introduction to the Google provider.
+
+## Configuring the Provider
+The main.tf file includes the following provider configuration block used to configure the credentials you use to authenticate with GCP, as well as a default project and location for your resources:
+```
+provider "google" {
+  credentials = file(var.service_account_path)
+  project     = var.project
+}
+...
+```
+
+1. [Create a Service Account](https://cloud.google.com/docs/authentication/getting-started) (or use the existing one). Next, download the JSON key file. Name it something you can remember and store it somewhere secure on your machine. <br/>
+2. Select "Editor" Role or verify you have the following permissions:
+   ```
+    compute.addresses.get
+    compute.addresses.use
+    compute.addresses.create
+    compute.disks.create
+    compute.disks.delete
+    compute.firewalls.create
+    compute.firewalls.delete
+    compute.firewalls.get
+    compute.images.get
+    compute.images.useReadOnly
+    compute.images.getFromFamily
+    compute.instanceTemplates.create
+    compute.instanceTemplates.delete
+    compute.instanceTemplates.get
+    compute.instanceTemplates.useReadOnly
+    compute.instances.addAccessConfig
+    compute.instances.create
+    compute.instances.delete
+    compute.instances.get
+    compute.instances.setMetadata
+    compute.instances.setTags
+    compute.instances.setLabels
+    compute.networks.get
+    compute.networks.updatePolicy
+    compute.regions.list
+    compute.subnetworks.get
+    compute.subnetworks.use
+    compute.subnetworks.useExternalIp
+    compute.zones.get
+    iam.serviceAccountKeys.get
+    iam.serviceAccountKeys.list
+    iam.serviceAccounts.actAs
+    iam.serviceAccounts.get
+    iam.serviceAccounts.list
+    iam.serviceAccounts.set
+   ```
+3. ```credentials``` - Your service account key file is used to complete a two-legged OAuth 2.0 flow to obtain access tokens to authenticate with the GCP API as needed; Terraform will use it to reauthenticate automatically when tokens expire. <br/> 
+The provider credentials can be provided either as static credentials or as [Environment Variables](https://www.terraform.io/docs/providers/google/guides/provider_reference.html#credentials-1).
+    - Static credentials can be provided by adding the path to your service-account json file, project-id and region in /gcp/modules/single/terraform.tfvars file as follows:
+        ```
+        service_account_path = "service-accounts/service-account-file-name.json"
+        project = "project-id"
+        ```
+     - In case the Environment Variables are used, perform modifications described below:<br/>
+        a. The next lines in the main.tf file, in the provider google resource, need to be deleted or commented:
+        ```
+        provider "google" {
+          //  credentials = file(var.service_account_path)
+          //  project = var.project
+       
+        }
+       ```
+       b.In the terraform.tfvars file leave empty double quotes for credentials and project variables:
+       ```
+       service_account_path = ""
+       project = ""
+       ```
+## Usage
+- Fill all variables in the /gcp/single/terraform.tfvars file with proper values (see below for variables descriptions).
+- From a command line initialize the Terraform configuration directory:
+    ```
+    terraform init
+    ```
+- Create an execution plan:
+    ```
+    terraform plan
+    ```
+- Create or modify the deployment:
+    ```
+    terraform apply
+    ```
+  
+#### Variables are configured in single/terraform.tfvars file as follows:
+```
+# --- Google Provider ---
+service_account_path = "service-accounts/service-account-file-name.json"
+project = "project-id"
+
+# --- Check Point---
+image_name = "check-point-r8120-gw-byol-single-631-991001335-v20230622"
+installationType = "Gateway only"
+license = "BYOL"
+prefix = "chkp-single-tf-"
+management_nic = "Ephemeral Public IP (eth0)"
+admin_shell = "/etc/cli.sh"
+admin_SSH_key = "ssh-rsa xxxxxxxxxxxxxxxxxxxxxxxx imported-openssh-key"
+generatePassword = false
+allow_upload_download = true
+sicKey = ""
+managementGUIClientNetwork = "0.0.0.0/0"
+
+#--- Quick connect to Smart-1 Cloud ---
+smart_1_cloud_token = "xxxxxxxxxxxxxxxxxxxxxxxx"
+
+# --- Networking ---
+region = "us-central1"
+zone = "us-central1-a"
+subnetwork_cidr = "10.0.0.0/24"
+network_enableTcp= true
+network_tcpSourceRanges= ["0.0.0.0/0"]
+network_enableGwNetwork= false
+network_gwNetworkSourceRanges= []
+network_enableIcmp= false
+network_icmpSourceRanges = []
+network_enableUdp=  false
+network_udpSourceRanges= []
+network_enableSctp= false
+network_sctpSourceRanges= []
+network_enableEsp= false
+network_espSourceRanges= []
+numAdditionalNICs= 1
+externalIP= "static"
+internal_subnetwork_cidr = "10.0.1.0/24"
+
+# --- Instance Configuration ---
+machine_type = "n1-standard-4"
+diskType = "SSD Persistent Disk"
+bootDiskSizeGb = 100
+enableMonitoring = false
+
+```
+
+- To tear down your resources:
+    ```
+    terraform destroy
+    ```
+
+## Conditional creation
+To create Firewall and allow traffic for ICMP, TCP, UDP, SCTP or/and ESP - enter list of Source IP ranges.
+```
+ICMP_traffic = ["123.123.0.0/24", "234.234.0.0/24"]
+TCP_traffic = ["0.0.0.0/0"]
+UDP_traffic = ["0.0.0.0/0"]
+SCTP_traffic = ["0.0.0.0/0"]
+ESP_traffic = ["0.0.0.0/0"]
+```
+Please leave empty list for a protocol if you want to disable traffic for it.
+
+## Inputs
+| Name          | Description   | Type          | Allowed values |Default| Required      |
+| ------------- | ------------- | ------------- | -------------  |-------|---------------|
+| service_account_path | User service account path in JSON format - From the service account key page in the Cloud Console choose an existing account or create a new one. Next, download the JSON key file. Name it something you can remember, store it somewhere secure on your machine, and supply the path to the location is stored. (e.g. "service-accounts/service-account-name.json")  | string  | N/A | "" | yes |
+|  |  |  |  |  |
+| project  | Personal project id. The project indicates the default GCP project all of your resources will be created in.  | string  | N/A | "" | yes |
+|  |  |  |  |  |
+| region  | GCP region  | string  | N/A | N/A  | yes |
+|  |  |  |  |  |
+| zone | The zone determines what computing resources are available and where your data is stored and used | string | List of allowed [Regions and Zones](https://cloud.google.com/compute/docs/regions-zones?_ga=2.31926582.-962483654.1585043745) |us-central1-a|yes|
+|  |  |  |  |  |
+| image_name |The single gateway or management image name (e.g. check-point-r8120-gw-byol-single-631-991001335-v20230622 for gateway or check-point-r8120-byol-631-991001335-v20230621 for management). You can choose the desired gateway image value from [Github](https://github.com/CheckPointSW/CloudGuardIaaS/blob/master/gcp/deployment-packages/single-byol/images.py).| string | N/A | N/A | yes |
+|  |  |  |  |  |
+| installationType | Installation type and version | string |Gateway only;<br/> Management only;<br/> Manual Configuration<br/>Gateway and Management (Standalone) |Gateway only|yes|
+|  |  |  |  |  |
+| license | Checkpoint license (BYOL or PAYG).|string|BYOL; <br/>PAYG;|BYOL|yes|
+|  |  |  |  |  |
+| prefix | (Optional) Resources name prefix|string|N\A|chkp-single-tf-|no|
+|  |  |  |  |  |
+| machineType | Machine types determine the specifications of your machines, such as the amount of memory, virtual cores, and persistent disk limits an instance will have | string | [Learn more about Machine Types](https://cloud.google.com/compute/docs/machine-types?hl=en_US&_ga=2.267871494.-962483654.1585043745) | n1-standard-4|no|
+|  |  |  |  |  |
+| subnetwork_cidr | The range of internal addresses that are owned by this subnetwork, only IPv4 is supported (e.g. "10.0.0.0/8" or "192.168.0.0/16"). | string | N/A | N/A | yes |
+|  |  |  |  |  |
+| network_enableTcp | Allow TCP traffic from the Internet | boolean | true; <br/>false;  |false|no|
+|  |  |  |  |  |
+| network_tcpSourceRanges | Allow TCP traffic from the Internet | list(string) | Traffic is only allowed from sources within these IP address ranges. Use CIDR notation when entering ranges. For gateway all ports are allowed. For management allowed ports are: 257,18191,18210,18264,22,443,18190,19009 [Learn more](https://cloud.google.com/vpc/docs/vpc?_ga=2.36703144.-962483654.1585043745#firewalls) |N/A|no|
+|  |  |  |  |  |
+| network_enableGwNetwork | This is relevant for Management only. The network in which managed gateways reside | boolean | true; <br/>false;  |false|no|
+|  |  |  |  |  |
+| network_gwNetworkSourceRanges | Allow TCP traffic from the Internet | list(string) | Enter a valid IPv4 network CIDR (e.g. 0.0.0.0/0) |N/A|no|
+|  |  |  |  |  |
+| network_enableIcmp | Allow ICMP traffic from the Internet | boolean | true; <br/>false;  |false|no|
+|  |  |  |  |  |
+| network_icmpSourceRanges | Source IP ranges for ICMP traffic | list(string) | Traffic is only allowed from sources within these IP address ranges. Use CIDR notation when entering ranges. For gateway only. [Learn more](https://cloud.google.com/vpc/docs/vpc?_ga=2.36703144.-962483654.1585043745#firewalls) |N/A|no|
+|  |  |  |  |  |
+| network_enableUdp | Allow UDP traffic from the Internet | boolean | true; <br/>false;  |false|no|
+|  |  |  |  |  |
+| network_udpSourceRanges | Source IP ranges for UDP traffic | list(string) | Traffic is only allowed from sources within these IP address ranges. Use CIDR notation when entering ranges. For gateway only - all ports are allowed. [Learn more](https://cloud.google.com/vpc/docs/vpc?_ga=2.36703144.-962483654.1585043745#firewalls) |N/A|no|
+|  |  |  |  |  |
+| network_enableSctp | Allow SCTP traffic from the Internet | boolean | true; <br/>false;  |false|no|
+|  |  |  |  |  |
+| network_sctpSourceRanges | Source IP ranges for SCTP traffic | list(string) | Traffic is only allowed from sources within these IP address ranges. Use CIDR notation when entering ranges. For gateway only - all ports are allowed. [Learn more](https://cloud.google.com/vpc/docs/vpc?_ga=2.36703144.-962483654.1585043745#firewalls) |N/A|no|
+|  |  |  |  |  |
+| network_enableEsp | Allow ESP traffic from the Internet | boolean | true; <br/>false; |false|no|
+|  |  |  |  |  |
+| network_espSourceRanges | Source IP ranges for ESP traffic | list(string) | Traffic is only allowed from sources within these IP address ranges. Use CIDR notation when entering ranges. For gateway only. [Learn more](https://cloud.google.com/vpc/docs/vpc?_ga=2.36703144.-962483654.1585043745#firewalls) |N/A|no|
+|  |  |  |  |  |
+| diskType | Disk type | string | SSD Persistent Disk;<br/>standard-Persistent Disk;<br/>Storage space is much less expensive for a standard persistent disk. An SSD persistent disk is better for random IOPS or streaming throughput with low latency. [Learn more](https://cloud.google.com/compute/docs/disks/?hl=en_US&_ga=2.66020774.-962483654.1585043745#overview_of_disk_types)|SSD Persistent Disk|no|
+|  |  |  |  |  |
+| bootDiskSizeGb | Disk size in GB | number | Persistent disk performance is tied to the size of the persistent disk volume. You are charged for the actual amount of provisioned disk space. [Learn more](https://cloud.google.com/compute/docs/disks/?hl=en_US&_ga=2.232680471.-962483654.1585043745#pdperformance)|100|no|
+|  |  |  |  |  |
+| generatePassword | Automatically generate an administrator password | boolean | true; <br/>false; |false|no|
+|  |  |  |  |  |
+| allowUploadDownload | Allow download from/upload to Check Point  | boolean | true; <br/>false; |false|no|
+|  |  |  |  |  |
+| enableMonitoring | Enable Stackdriver monitoring | boolean | true; <br/>false; |false|no|
+|  |  |  |  |  |
+| admin_shell | Change the admin shell to enable advanced command line configuration. | string | /etc/cli.sh;<br/>/bin/bash;<br/>/bin/csh;<br/>/bin/tcsh;<br/> |/etc/cli.sh|no|
+|  |  |  |  |  |
+| admin_SSH_key | Public SSH key for the user 'admin' - The SSH public key for SSH authentication to the instances. Leave this field blank to use all project-wide pre-configured SSH keys. | string | A valid public ssh key | "" | no |
+|  |  |  |  |  |
+| sicKey | The Secure Internal Communication one time secret used to set up trust between the single gateway object and the management server | string | At least 8 alpha numeric characters.<br/>If SIC is not provided and needed, a key will be automatically generated |""|no|
+|  |  |  |  |  |
+| managementGUIClientNetwork | Allowed GUI clients | string | A valid IPv4 network CIDR (e.g. 0.0.0.0/0) |0.0.0.0/0|no|
+|  |  |  |  |  |
+| smart_1_cloud_token | Smart-1 Cloud token to connect this gateway to Check Point's Security Management as a Service. <br/><br/> Follow these instructions to quickly connect this member to Smart-1 Cloud - [SK180501](https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk180501) | string | A valid token copied from the Connect Gateway screen in Smart-1 Cloud portal.|
+|  |  |  |  |  |
+| numAdditionalNICs | Number of additional network interfaces | number | A number in the range 0 - 8.<br/>Multiple network interfaces deployment is described in [sk121637 - Deploy a CloudGuard for GCP with Multiple Network Interfaces](https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk121637) |0|no|
+|  |  |  |  |  |
+| externalIP | External IP address type | string | Static;<br/>Ephemeral;<br/>An external IP address associated with this instance. Selecting "None" will result in the instance having no external internet access. [Learn more](https://cloud.google.com/compute/docs/ip-addresses/reserve-static-external-ip-address?_ga=2.259654658.-962483654.1585043745) |static|no|
+|  |  |  |  |  |
+| internal_subnetwork_cidr | The range of internal addresses that are owned by this subnetwork, only IPv4 is supported (e.g. "10.0.0.0/8" or "192.168.0.0/16"). | string | N/A | N/A | yes |
+|  |  |  |  |  |
+| management_nic | Management Interface - Security Gateways in GCP can be managed by an ephemeral public IP or using the private IP of the internal interface (eth1). | string | Ephemeral Public IP (eth0) <br/> - Private IP (eth1) |XEphemeral Public IP (eth0)|no|
+|  |  |  |  |  |
+
+## Outputs
+| Name  | Description |
+| ------------- | ------------- |
+| SIC_key  | Secure Internal Communication (SIC) initiation key.  |
+| ICMP_firewall_rules_name  | If enable - the ICMP firewall rules name, otherwise, an empty list.  |
+| TCP_firewall_rules_name  | If enable - the TCP firewall rules name, otherwise, an empty list.  |
+| UDP_firewall_rules_name  | If enable - the UDP firewall rules name, otherwise, an empty list.  |
+| SCTP_firewall_rules_name  | If enable - the SCTP firewall rules name, otherwise, an empty list.  |
+| ESP_firewall_rules_name  | If enable - the ESP firewall rules name, otherwise, an empty list.  |
+
+## Revision History
+In order to check the template version refer to the [sk116585](https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk116585)
+
+| Template Version | Description                         |
+|------------------|-------------------------------------|
+| 20230921         | Added single-into-new-vpc template. |
+|                  |                                     |
+
+## Authors
+
+
+## License
+
+This project is licensed under the MIT License - see the [LICENSE](../../LICENSE) file for details
diff --git a/deprecated/terraform/gcp/R8040-R81/single-into-new-vpc/main.tf b/deprecated/terraform/gcp/R8040-R81/single-into-new-vpc/main.tf
new file mode 100644
index 00000000..1597ae33
--- /dev/null
+++ b/deprecated/terraform/gcp/R8040-R81/single-into-new-vpc/main.tf
@@ -0,0 +1,90 @@
+provider "google" {
+  credentials = file(var.service_account_path)
+  project     = var.project
+  region      = var.region
+}
+
+resource "random_string" "random_string" {
+  length = 5
+  special = false
+  upper = false
+  keepers = {}
+}
+
+resource "google_compute_network" "network" {
+  name = "${var.prefix}-network-${random_string.random_string.result}"
+  auto_create_subnetworks = false
+}
+
+resource "google_compute_subnetwork" "subnetwork" {
+  name = "${var.prefix}-subnetwork-${random_string.random_string.result}"
+  ip_cidr_range = var.subnetwork_cidr
+  private_ip_google_access = true
+  region = var.region
+  network = google_compute_network.network.id
+}
+
+resource "google_compute_network" "internal_network" {
+  name = "${var.prefix}-internal-network-${random_string.random_string.result}"
+  auto_create_subnetworks = false
+}
+
+resource "google_compute_subnetwork" "internal_subnetwork" {
+  name = "${var.prefix}-internal-subnetwork-${random_string.random_string.result}"
+  ip_cidr_range = var.internal_subnetwork_cidr
+  private_ip_google_access = true
+  region = var.region
+  network = google_compute_network.internal_network.id
+}
+
+
+module "single-into-existing-vpc" {
+  source = "../single-into-existing-vpc"
+
+  service_account_path = var.service_account_path
+  project = var.project
+
+
+  # --- Check Point Deployment---
+  image_name = var.image_name
+  installationType = var.installationType
+  license = var.license
+  prefix = var.prefix
+  management_nic = var.management_nic
+  admin_shell = var.admin_shell
+  admin_SSH_key = var.admin_SSH_key
+  generatePassword = var.generatePassword
+  allowUploadDownload = var.allowUploadDownload
+  sicKey = var.sicKey
+  managementGUIClientNetwork = var.managementGUIClientNetwork
+
+  # --- Quick connect to Smart-1 Cloud ---
+  smart_1_cloud_token = var.smart_1_cloud_token
+
+  # --- Networking ---
+  zone = var.zone
+  network = [google_compute_network.network.name]
+  subnetwork = [google_compute_subnetwork.subnetwork.name]
+  network_enableTcp = var.network_enableTcp
+  network_tcpSourceRanges = var.network_tcpSourceRanges
+  network_enableGwNetwork = var.network_enableGwNetwork
+  network_gwNetworkSourceRanges = var.network_gwNetworkSourceRanges
+  network_enableIcmp = var.network_enableIcmp
+  network_icmpSourceRanges = var.network_icmpSourceRanges
+  network_enableUdp = var.network_enableUdp
+  network_udpSourceRanges = var.network_udpSourceRanges
+  network_enableSctp = var.network_enableSctp
+  network_sctpSourceRanges = var.network_sctpSourceRanges
+  network_enableEsp = var.network_enableEsp
+  network_espSourceRanges = var.network_espSourceRanges
+  numAdditionalNICs = var.numAdditionalNICs
+  externalIP = var.externalIP
+  internal_network1_network = [google_compute_network.internal_network.name]
+  internal_network1_subnetwork = [google_compute_subnetwork.internal_subnetwork.name]
+
+  # --- Instances configuration---
+  machine_type = var.machine_type
+  diskType = var.diskType
+  bootDiskSizeGb = var.bootDiskSizeGb
+  enableMonitoring = var.enableMonitoring
+}
\ No newline at end of file
diff --git a/deprecated/terraform/gcp/R8040-R81/single-into-new-vpc/output.tf b/deprecated/terraform/gcp/R8040-R81/single-into-new-vpc/output.tf
new file mode 100644
index 00000000..f1ba99cf
--- /dev/null
+++ b/deprecated/terraform/gcp/R8040-R81/single-into-new-vpc/output.tf
@@ -0,0 +1,30 @@
+output "network" {
+  value = google_compute_network.network.name
+}
+output "subnetwork" {
+  value = google_compute_subnetwork.subnetwork.name
+}
+output "internal_network" {
+  value = google_compute_network.internal_network.name
+}
+output "internal_subnetwork" {
+  value = google_compute_subnetwork.internal_subnetwork.name
+}
+output "SIC_key" {
+  value = module.single-into-existing-vpc.SIC_key
+}
+output "ICMP_firewall_rules_name" {
+  value = module.single-into-existing-vpc.ICMP_firewall_rules_name
+}
+output "TCP_firewall_rules_name" {
+  value = module.single-into-existing-vpc.TCP_firewall_rules_name
+}
+output "UDP_firewall_rules_name" {
+  value = module.single-into-existing-vpc.UDP_firewall_rules_name
+}
+output "SCTP_firewall_rules_name" {
+  value = module.single-into-existing-vpc.SCTP_firewall_rules_name
+}
+output "ESP_firewall_rules_name" {
+  value = module.single-into-existing-vpc.ESP_firewall_rules_name
+}
diff --git a/deprecated/terraform/gcp/R8040-R81/single-into-new-vpc/terraform.tfvars b/deprecated/terraform/gcp/R8040-R81/single-into-new-vpc/terraform.tfvars
new file mode 100644
index 00000000..b387fa3d
--- /dev/null
+++ b/deprecated/terraform/gcp/R8040-R81/single-into-new-vpc/terraform.tfvars
@@ -0,0 +1,45 @@
+# --- Google Provider ---
+service_account_path                        = "PLEASE ENTER SERVICE_ACCOUNT_PATH"                                       # "service-accounts/service-account-file-name.json"
+project                                     = "PLEASE ENTER PROJECT ID"                                                 # "project-id"
+
+# --- Check Point Deployment---
+image_name                                  = "PLEASE ENTER IMAGE_NAME"                                                 # "check-point-r8120-gw-byol-single-631-991001335-v20230622"
+installationType                            = "PLEASE ENTER INSTALLATION TYPE"                                          # "Gateway only"
+license                                     = "PLEASE ENTER LICENSE"                                                    # "BYOL"
+prefix                                      = "PLEASE ENTER PREFIX"                                                     # "chkp-single-tf-"
+management_nic                              = "PLEASE ENTER MANAGEMENT_NIC"                                             # "Ephemeral Public IP (eth0)"
+admin_shell                                 = "PLEASE ENTER ADMIN_SHELL"                                                # "/etc/cli.sh"
+admin_SSH_key                               = "PLEASE ENTER ADMIN_SSH_KEY"                                              # "ssh-rsa xxxxxxxxxxxxxxxxxxxxxxxx imported-openssh-key"
+generatePassword                            = "PLEASE ENTER GENERATE PASSWORD"                                          # false
+allowUploadDownload                         = "PLEASE ENTER ALLOW UPLOAD DOWNLOAD"                                      # false
+sicKey                                      = "PLEASE ENTER SIC KEY"                                                    # ""
+managementGUIClientNetwork                  = "PLEASE ENTER MANAGEMENT GUI CLIENT NETWORK"                              # "0.0.0.0/0"
+
+# --- Quick connect to Smart-1 Cloud ---
+smart_1_cloud_token                         = "PASTE TOKEN FROM SMART-1 CLOUD PORTAL"                                   # ""
+
+# --- Networking---
+region                                      = "PLEASE ENTER REGION"                                                     # "us-central1"
+zone                                        = "PLEASE ENTER ZONE"                                                       # "us-central1-a"
+subnetwork_cidr                             = "PLEASE ENTER SUBNETWORK CIDR"                                            # "10.0.1.0/24"
+network_enableTcp                           = "PLEASE ENTER NETWORK ENABLE TCP"                                         # false
+network_tcpSourceRanges                     = "PLEASE ENTER NETWORK TCP SOURCE RANGES"                                  # []
+network_enableGwNetwork                     = "PLEASE ENTER NETWORK ENABLE GW NETWORK"                                  # false
+network_gwNetworkSourceRanges               = "PLEASE ENTER NETWORK GW NETWORK SOURCE RANGES"                           # []
+network_enableIcmp                          = "PLEASE ENTER NETWORK ENABLE ICMP"                                        # false
+network_icmpSourceRanges                    = "PLEASE ENTER NETWORK ICMP SOURCE RANGES"                                 # []
+network_enableUdp                           = "PLEASE ENTER NETWORK ENABLE UDP"                                         #  false
+network_udpSourceRanges                     = "PLEASE ENTER NETWORK UDP SOURCE RANGES"                                  # []
+network_enableSctp                          = "PLEASE ENTER NETWORK ENABLE SCTP"                                        # false
+network_sctpSourceRanges                    = "PLEASE ENTER NETWORK SCTP SOURCE RANGES"                                 # []
+network_enableEsp                           = "PLEASE ENTER NETWORK ENABLE ESP"                                         # false
+network_espSourceRanges                     = "PLEASE ENTER NETWORK ESP SOURCE RANGES"                                  # []
+numAdditionalNICs                           = "PLEASE ENTER NUM ADDITIONAL NICS"                                        # 1
+externalIP                                  = "PLEASE ENTER EXTERNAL IP"                                                # "static"
+internal_subnetwork_cidr                    = "PLEASE ENTER INTERNAL SUBNETWORK CIDR"                                   # "10.0.2.0/24"
+
+# --- Instances configuration---
+machine_type                                = "PLEASE ENTER MACHINE_TYPE"                                               # "n1-standard-4"
+diskType                                    = "PLEASE ENTER DISK TYPE"                                                  # "SSD Persistent Disk"
+bootDiskSizeGb                              = "PLEASE ENTER BOOT DISK SIZE GB"                                          # 100
+enableMonitoring                            = "PLEASE ENTER ENABLE MONITORING"                                          # false
\ No newline at end of file
diff --git a/deprecated/terraform/gcp/R8040-R81/single-into-new-vpc/variables.tf b/deprecated/terraform/gcp/R8040-R81/single-into-new-vpc/variables.tf
new file mode 100644
index 00000000..51d15492
--- /dev/null
+++ b/deprecated/terraform/gcp/R8040-R81/single-into-new-vpc/variables.tf
@@ -0,0 +1,256 @@
+variable "service_account_path" {
+  type = string
+  description = "User service account path in JSON format - From the service account key page in the Cloud Console choose an existing account or create a new one. Next, download the JSON key file. Name it something you can remember, store it somewhere secure on your machine, and supply the path to the location is stored."
+  default = ""
+}
+variable "project" {
+  type = string
+  description = "Personal project id. The project indicates the default GCP project all of your resources will be created in."
+  default = ""
+}
+variable "region" {
+  type = string
+  default = "us-central1"
+}
+variable "zone" {
+  type = string
+  description = "The zone determines what computing resources are available and where your data is stored and used"
+  default = "us-central1-a"
+}
+variable "image_name" {
+  type = string
+  description = "The single gateway and management image name.  You can choose the desired image value from: https://github.com/CheckPointSW/CloudGuardIaaS/blob/master/gcp/deployment-packages/single-byol/images.py"
+}
+variable "installationType" {
+  type = string
+  description = "Installation type and version"
+  default = "Gateway only"
+}
+variable "license" {
+  type = string
+  description = "Checkpoint license (BYOL or PAYG)."
+  default = "BYOL"
+}
+variable "prefix" {
+  type = string
+  description = "(Optional) Resources name prefix"
+  default = "chkp-single-tf-"
+}
+variable "machine_type" {
+  type = string
+  default = "n1-standard-4"
+}
+variable "subnetwork_cidr" {
+  type = string
+  description = "The range of external addresses that are owned by this subnetwork, only IPv4 is supported (e.g. \"10.0.0.0/8\" or \"192.168.0.0/16\")."
+}
+variable "internal_subnetwork_cidr" {
+  type = string
+  description = "The range of internal addresses that are owned by this subnetwork, only IPv4 is supported (e.g. \"10.0.0.0/8\" or \"192.168.0.0/16\")."
+}
+variable "network_enableTcp" {
+  type = bool
+  description = "Allow TCP traffic from the Internet"
+  default = false
+}
+variable "network_tcpSourceRanges" {
+  type = list(string)
+  description = "Allow TCP traffic from the Internet"
+  default = []
+}
+variable "network_enableGwNetwork" {
+  type = bool
+  description = "This is relevant for Management only. The network in which managed gateways reside"
+  default = false
+}
+variable network_gwNetworkSourceRanges{
+  type = list(string)
+  description = "Allow TCP traffic from the Internet"
+  default = []
+}
+variable "network_enableIcmp" {
+  type = bool
+  description ="Allow ICMP traffic from the Internet"
+  default = false
+}
+variable "network_icmpSourceRanges" {
+  type = list(string)
+  description = "(Optional) Source IP ranges for ICMP traffic - Traffic is only allowed from sources within these IP address ranges. Use CIDR notation when entering ranges. Please leave empty list to unable ICMP traffic."
+  default = []
+}
+variable network_enableUdp{
+  type = bool
+  description ="Allow UDP traffic from the Internet"
+  default = false
+}
+variable "network_udpSourceRanges" {
+  type = list(string)
+  description = "(Optional) Source IP ranges for UDP traffic - Traffic is only allowed from sources within these IP address ranges. Use CIDR notation when entering ranges. Please leave empty list to unable UDP traffic."
+  default = []
+}
+variable "network_enableSctp" {
+  type = bool
+  description ="Allow SCTP traffic from the Internet"
+  default = false
+}
+variable "network_sctpSourceRanges" {
+  type = list(string)
+  description = "(Optional) Source IP ranges for SCTP traffic - Traffic is only allowed from sources within these IP address ranges. Use CIDR notation when entering ranges. Please leave empty list to unable SCTP traffic."
+  default = []
+}
+
+variable "network_enableEsp" {
+  type = bool
+  description ="Allow ESP traffic from the Internet	"
+  default = false
+}
+variable "network_espSourceRanges" {
+  type = list(string)
+  description = "(Optional) Source IP ranges for ESP traffic - Traffic is only allowed from sources within these IP address ranges. Use CIDR notation when entering ranges. Please leave empty list to unable ESP traffic."
+  default = []
+}
+variable "diskType" {
+  type = string
+  description ="Disk type"
+  default = "pd-ssd"
+}
+variable "bootDiskSizeGb" {
+  type = number
+  description ="Disk size in GB"
+  default = 100
+}
+variable "generatePassword" {
+  type = bool
+  description ="Automatically generate an administrator password	"
+  default = false
+}
+variable "management_nic" {
+  type = string
+  description = "Management Interface - Gateways in GCP can be managed by an ephemeral public IP or using the private IP of the internal interface (eth1)."
+  default = "Ephemeral Public IP (eth0)"
+}
+variable "allowUploadDownload" {
+  type = string
+  description ="Allow download from/upload to Check Point"
+  default = true
+}
+variable "enableMonitoring" {
+  type = bool
+  description ="Enable Stackdriver monitoring"
+  default = false
+}
+variable "admin_shell" {
+  type = string
+  description = "Change the admin shell to enable advanced command line configuration."
+  default = "/etc/cli.sh"
+}
+variable "admin_SSH_key" {
+  type = string
+  description = "(Optional) The SSH public key for SSH authentication to the template instances. Leave this field blank to use all project-wide pre-configured SSH keys."
+  default = ""
+}
+variable "sicKey" {
+  type = string
+  description ="The Secure Internal Communication one time secret used to set up trust between the single gateway object and the management server"
+  default = ""
+}
+variable "managementGUIClientNetwork" {
+  type = string
+  description ="Allowed GUI clients	"
+  default = "0.0.0.0/0"
+}
+variable "smart_1_cloud_token" {
+  type = string
+  description ="(Optional) Smart-1 cloud token to connect this Gateway to Check Point's Security Management as a Service"
+  default = ""
+}
+variable "numAdditionalNICs" {
+  type = number
+  description ="Number of additional network interfaces"
+  default = 0
+}
+variable "externalIP" {
+  type = string
+  description = "External IP address type"
+  default = "static"
+}
+variable "internal_network1_network" {
+  type = list(string)
+  description = "1st internal network ID in the chosen zone."
+  default = []
+}
+variable "internal_network1_subnetwork" {
+  type = list(string)
+  description = "1st internal subnet ID in the chosen network."
+  default = []
+}
+variable "internal_network2_network" {
+  type = list(string)
+  description = "2nd internal network ID in the chosen zone."
+  default = []
+}
+variable "internal_network2_subnetwork" {
+  type = list(string)
+  description = "2nd internal subnet ID in the chosen network."
+  default = []
+}
+variable "internal_network3_network" {
+  type = list(string)
+  description = "3rd internal network ID in the chosen zone."
+  default = []
+}
+variable "internal_network3_subnetwork" {
+  type = list(string)
+  description = "3rd internal subnet ID in the chosen network."
+  default = []
+}
+variable "internal_network4_network" {
+  type = list(string)
+  description = "4th internal network ID in the chosen zone."
+  default = []
+}
+variable "internal_network4_subnetwork" {
+  type = list(string)
+  description = "4th internal subnet ID in the chosen network."
+  default = []
+}
+variable "internal_network5_network" {
+  type = list(string)
+  description = "5th internal network ID in the chosen zone."
+  default = []
+}
+variable "internal_network5_subnetwork" {
+  type = list(string)
+  description = "5th internal subnet ID in the chosen network."
+  default = []
+}
+variable "internal_network6_network" {
+  type = list(string)
+  description = "6th internal network ID in the chosen zone."
+  default = []
+}
+variable "internal_network6_subnetwork" {
+  type = list(string)
+  description = "6th internal subnet ID in the chosen network."
+  default = []
+}
+variable "internal_network7_network" {
+  type = list(string)
+  description = "7th internal network ID in the chosen zone."
+  default = []
+}
+variable "internal_network7_subnetwork" {
+  type = list(string)
+  description = "7th internal subnet ID in the chosen network."
+  default = []
+}
+variable "internal_network8_network" {
+  type = list(string)
+  description = "8th internal network ID in the chosen zone."
+  default = []
+}
+variable "internal_network8_subnetwork" {
+  type = list(string)
+  description = "8th internal subnet ID in the chosen network."
+  default = []
+}
diff --git a/gcp/deployment-packages/autoscale-byol/c2d_deployment_configuration.json b/gcp/deployment-packages/autoscale-byol/c2d_deployment_configuration.json
index 67d45592..8103c6e1 100755
--- a/gcp/deployment-packages/autoscale-byol/c2d_deployment_configuration.json
+++ b/gcp/deployment-packages/autoscale-byol/c2d_deployment_configuration.json
@@ -1,6 +1,6 @@
 {
   "defaultDeploymentType": "MULTI_VM",
-  "imageName": "check-point-r8120-gw-byol-mig-631-991001475-v20231221",
+  "imageName": "check-point-r8120-gw-byol-mig-634-991001611-v20240613",
   "projectId": "checkpoint-public",
   "templateName": "nonexistent_template",
   "useSolutionPackage": "true"
diff --git a/gcp/deployment-packages/autoscale-byol/check-point-autoscale--byol.py b/gcp/deployment-packages/autoscale-byol/check-point-autoscale--byol.py
index 0c65f374..226e09ea 100755
--- a/gcp/deployment-packages/autoscale-byol/check-point-autoscale--byol.py
+++ b/gcp/deployment-packages/autoscale-byol/check-point-autoscale--byol.py
@@ -11,14 +11,12 @@
 LICENCE_TYPE = 'mig'
 
 VERSIONS = {
-    'R80.40-GW': 'r8040-gw',
-    'R81-GW': 'r81-gw',
     'R81.10-GW': 'r8110-gw',
     'R81.20-GW': 'r8120-gw'
 }
 
 TEMPLATE_NAME = 'autoscale'
-TEMPLATE_VERSION = '20231221'
+TEMPLATE_VERSION = '20240714'
 
 startup_script = '''
 #cloud-config
diff --git a/gcp/deployment-packages/autoscale-byol/check-point-autoscale--byol.py.schema b/gcp/deployment-packages/autoscale-byol/check-point-autoscale--byol.py.schema
index 0c5117b2..65b41f3d 100755
--- a/gcp/deployment-packages/autoscale-byol/check-point-autoscale--byol.py.schema
+++ b/gcp/deployment-packages/autoscale-byol/check-point-autoscale--byol.py.schema
@@ -169,8 +169,6 @@ properties:
     type: string
     default: R81.20 Autoscaling
     enum:
-      - R80.40 Autoscaling
-      - R81 Autoscaling
       - R81.10 Autoscaling
       - R81.20 Autoscaling
   managementName:
diff --git a/gcp/deployment-packages/autoscale-payg/c2d_deployment_configuration.json b/gcp/deployment-packages/autoscale-payg/c2d_deployment_configuration.json
index 4141cb87..0854e0f3 100755
--- a/gcp/deployment-packages/autoscale-payg/c2d_deployment_configuration.json
+++ b/gcp/deployment-packages/autoscale-payg/c2d_deployment_configuration.json
@@ -1,6 +1,6 @@
 {
   "defaultDeploymentType": "MULTI_VM",
-  "imageName": "check-point-r8120-gw-payg-mig-631-991001475-v20231221",
+  "imageName": "check-point-r8120-gw-payg-mig-634-991001611-v20240613",
   "projectId": "checkpoint-public",
   "templateName": "nonexistent_template",
   "useSolutionPackage": "true"
diff --git a/gcp/deployment-packages/autoscale-payg/check-point-autoscale--payg.py b/gcp/deployment-packages/autoscale-payg/check-point-autoscale--payg.py
index 05acbfdc..b13af6da 100755
--- a/gcp/deployment-packages/autoscale-payg/check-point-autoscale--payg.py
+++ b/gcp/deployment-packages/autoscale-payg/check-point-autoscale--payg.py
@@ -11,14 +11,12 @@
 LICENCE_TYPE = 'mig'
 
 VERSIONS = {
-    'R80.40-GW': 'r8040-gw',
-    'R81-GW': 'r81-gw',
     'R81.10-GW': 'r8110-gw',
     'R81.20-GW': 'r8120-gw'
 }
 
 TEMPLATE_NAME = 'autoscale'
-TEMPLATE_VERSION = '20231221'
+TEMPLATE_VERSION = '20240714'
 
 startup_script = '''
 #cloud-config
diff --git a/gcp/deployment-packages/autoscale-payg/check-point-autoscale--payg.py.schema b/gcp/deployment-packages/autoscale-payg/check-point-autoscale--payg.py.schema
index b3ab0980..b9341dfa 100755
--- a/gcp/deployment-packages/autoscale-payg/check-point-autoscale--payg.py.schema
+++ b/gcp/deployment-packages/autoscale-payg/check-point-autoscale--payg.py.schema
@@ -169,8 +169,6 @@ properties:
     type: string
     default: R81.20 Autoscaling
     enum:
-      - R80.40 Autoscaling
-      - R81 Autoscaling
       - R81.10 Autoscaling
       - R81.20 Autoscaling
   managementName:
diff --git a/gcp/deployment-packages/ha-byol/c2d_deployment_configuration.json b/gcp/deployment-packages/ha-byol/c2d_deployment_configuration.json
index 5af767bf..d92114e1 100755
--- a/gcp/deployment-packages/ha-byol/c2d_deployment_configuration.json
+++ b/gcp/deployment-packages/ha-byol/c2d_deployment_configuration.json
@@ -1,6 +1,6 @@
 {
   "defaultDeploymentType": "MULTI_VM",
-  "imageName": "check-point-r8120-gw-byol-cluster-631-991001475-v20231221",
+  "imageName": "check-point-r8120-gw-byol-cluster-634-991001611-v20240613",
   "projectId": "checkpoint-public",
   "templateName": "nonexistent_template",
   "useSolutionPackage": "true"
diff --git a/gcp/deployment-packages/ha-byol/check-point-cluster--byol.py b/gcp/deployment-packages/ha-byol/check-point-cluster--byol.py
index 61a2e521..4a66ea50 100755
--- a/gcp/deployment-packages/ha-byol/check-point-cluster--byol.py
+++ b/gcp/deployment-packages/ha-byol/check-point-cluster--byol.py
@@ -16,14 +16,12 @@
 LICENCE_TYPE = 'cluster'
 
 VERSIONS = {
-    'R80.40': 'r8040-gw',
-    'R81': 'r81-gw',
     'R81.10': 'r8110-gw',
     'R81.20': 'r8120-gw'
 }
 
 TEMPLATE_NAME = 'cluster'
-TEMPLATE_VERSION = '20231221'
+TEMPLATE_VERSION = '20240714'
 
 CLUSTER_NET_FIELD = 'cluster-network'
 MGMT_NET_FIELD = 'mgmt-network'
@@ -367,7 +365,7 @@ def validate_same_region(zone_a, zone_b):
 
 def validate_both_tokens(token_a, token_b):
     if (not token_a and token_b) or (not token_b and token_a) or \
-                    (token_a and token_a == token_b):
+            (token_a and token_a == token_b):
         raise common.Error('To connect to Smart-1 Cloud, \
          you must provide two tokens (one per member)')
 
diff --git a/gcp/deployment-packages/ha-byol/check-point-cluster--byol.py.schema b/gcp/deployment-packages/ha-byol/check-point-cluster--byol.py.schema
index fcc01058..d01c7887 100755
--- a/gcp/deployment-packages/ha-byol/check-point-cluster--byol.py.schema
+++ b/gcp/deployment-packages/ha-byol/check-point-cluster--byol.py.schema
@@ -51,7 +51,7 @@ properties:
     default: ''
   smart1CloudTokenB:
     type: string
-    default: '' 
+    default: ''  
   diskType:
     type: string
     default: pd-ssd
@@ -71,8 +71,6 @@ properties:
     type: string
     default: R81.20 Cluster
     enum:
-      - R80.40 Cluster
-      - R81 Cluster
       - R81.10 Cluster
       - R81.20 Cluster
   enableMonitoring:
diff --git a/gcp/deployment-packages/ha-payg/c2d_deployment_configuration.json b/gcp/deployment-packages/ha-payg/c2d_deployment_configuration.json
index 81bed1f6..c6b9e41f 100755
--- a/gcp/deployment-packages/ha-payg/c2d_deployment_configuration.json
+++ b/gcp/deployment-packages/ha-payg/c2d_deployment_configuration.json
@@ -1,6 +1,6 @@
 {
   "defaultDeploymentType": "MULTI_VM",
-  "imageName": "check-point-r8120-gw-payg-cluster-631-991001475-v20231221",
+  "imageName": "check-point-r8120-gw-payg-cluster-634-991001611-v20240613",
   "projectId": "checkpoint-public",
   "templateName": "nonexistent_template",
   "useSolutionPackage": "true"
diff --git a/gcp/deployment-packages/ha-payg/check-point-cluster--payg.py b/gcp/deployment-packages/ha-payg/check-point-cluster--payg.py
index 6c554aac..d65178a6 100755
--- a/gcp/deployment-packages/ha-payg/check-point-cluster--payg.py
+++ b/gcp/deployment-packages/ha-payg/check-point-cluster--payg.py
@@ -16,14 +16,12 @@
 LICENCE_TYPE = 'cluster'
 
 VERSIONS = {
-    'R80.40': 'r8040-gw',
-    'R81': 'r81-gw',
     'R81.10': 'r8110-gw',
     'R81.20': 'r8120-gw'
 }
 
 TEMPLATE_NAME = 'cluster'
-TEMPLATE_VERSION = '20231221'
+TEMPLATE_VERSION = '20240714'
 
 CLUSTER_NET_FIELD = 'cluster-network'
 MGMT_NET_FIELD = 'mgmt-network'
@@ -367,7 +365,7 @@ def validate_same_region(zone_a, zone_b):
 
 def validate_both_tokens(token_a, token_b):
     if (not token_a and token_b) or (not token_b and token_a) or \
-                    (token_a and token_a == token_b):
+            (token_a and token_a == token_b):
         raise common.Error('To connect to Smart-1 Cloud, \
          you must provide two tokens (one per member)')
 
diff --git a/gcp/deployment-packages/ha-payg/check-point-cluster--payg.py.schema b/gcp/deployment-packages/ha-payg/check-point-cluster--payg.py.schema
index 9c674034..b3b513b6 100755
--- a/gcp/deployment-packages/ha-payg/check-point-cluster--payg.py.schema
+++ b/gcp/deployment-packages/ha-payg/check-point-cluster--payg.py.schema
@@ -51,7 +51,7 @@ properties:
     default: ''
   smart1CloudTokenB:
     type: string
-    default: '' 
+    default: ''
   diskType:
     type: string
     default: pd-ssd
@@ -71,8 +71,6 @@ properties:
     type: string
     default: R81.20 Cluster
     enum:
-      - R80.40 Cluster
-      - R81 Cluster
       - R81.10 Cluster
       - R81.20 Cluster
   enableMonitoring:
diff --git a/gcp/deployment-packages/single-byol/c2d_deployment_configuration.json b/gcp/deployment-packages/single-byol/c2d_deployment_configuration.json
index 006d39c7..949dc18a 100755
--- a/gcp/deployment-packages/single-byol/c2d_deployment_configuration.json
+++ b/gcp/deployment-packages/single-byol/c2d_deployment_configuration.json
@@ -1,6 +1,6 @@
 {
   "defaultDeploymentType": "SINGLE_VM",
-  "imageName": "check-point-r8120-gw-byol-single-631-991001475-v20231221",
+  "imageName": "check-point-r8120-gw-byol-single-634-991001611-v20240613",
   "projectId": "checkpoint-public",
   "templateName": "nonexistent_template",
   "useSolutionPackage": "true"
diff --git a/gcp/deployment-packages/single-byol/check-point-vsec--byol.py b/gcp/deployment-packages/single-byol/check-point-vsec--byol.py
index d1fd7411..3cef893f 100755
--- a/gcp/deployment-packages/single-byol/check-point-vsec--byol.py
+++ b/gcp/deployment-packages/single-byol/check-point-vsec--byol.py
@@ -12,10 +12,6 @@
 LICENCE_TYPE = 'single'
 
 VERSIONS = {
-    'R80.40': 'r8040',
-    'R80.40-GW': 'r8040-gw',
-    'R81': 'r81',
-    'R81-GW': 'r81-gw',
     'R81.10': 'r8110',
     'R81.10-GW': 'r8110-gw',
     'R81.20': 'r8120',
@@ -28,7 +24,7 @@
 MAX_NICS = 8
 
 TEMPLATE_NAME = 'single'
-TEMPLATE_VERSION = '20231221'
+TEMPLATE_VERSION = '20240714'
 
 ATTRIBUTES = {
     'Gateway and Management (Standalone)': {
@@ -356,7 +352,7 @@ def generate_config(context):
             firewall_rules = create_firewall_rules(
                 prop, network, fw_rule_name_prefix)
             resources.extend(firewall_rules)
-    elif MANAGEMENT in tags:
+    else:
         for i in range(len(netlist)):
             network = netlist[i]
             source_ranges = prop['network_tcpSourceRanges']
diff --git a/gcp/deployment-packages/single-byol/check-point-vsec--byol.py.schema b/gcp/deployment-packages/single-byol/check-point-vsec--byol.py.schema
index f08b551a..2a3c922a 100755
--- a/gcp/deployment-packages/single-byol/check-point-vsec--byol.py.schema
+++ b/gcp/deployment-packages/single-byol/check-point-vsec--byol.py.schema
@@ -146,14 +146,6 @@ properties:
     type: string
     default: R81.20 Gateway only
     enum:
-      - R80.40 Gateway only
-      - R80.40 Management only
-      - R80.40 Manual Configuration
-      - R80.40 Gateway and Management (Standalone)
-      - R81 Gateway only
-      - R81 Management only
-      - R81 Manual Configuration
-      - R81 Gateway and Management (Standalone)
       - R81.10 Gateway only
       - R81.10 Management only
       - R81.10 Manual Configuration
diff --git a/gcp/deployment-packages/single-payg/c2d_deployment_configuration.json b/gcp/deployment-packages/single-payg/c2d_deployment_configuration.json
index e6af487e..e7f5e013 100755
--- a/gcp/deployment-packages/single-payg/c2d_deployment_configuration.json
+++ b/gcp/deployment-packages/single-payg/c2d_deployment_configuration.json
@@ -1,6 +1,6 @@
 {
   "defaultDeploymentType": "SINGLE_VM",
-  "imageName": "check-point-r8120-gw-payg-single-631-991001475-v20231221",
+  "imageName": "check-point-r8120-gw-payg-single-634-991001611-v20240613",
   "projectId": "checkpoint-public",
   "templateName": "nonexistent_template",
   "useSolutionPackage": "true"
diff --git a/gcp/deployment-packages/single-payg/check-point-vsec--payg.py b/gcp/deployment-packages/single-payg/check-point-vsec--payg.py
index 7165477d..a5dfbedf 100755
--- a/gcp/deployment-packages/single-payg/check-point-vsec--payg.py
+++ b/gcp/deployment-packages/single-payg/check-point-vsec--payg.py
@@ -12,10 +12,6 @@
 LICENCE_TYPE = 'single'
 
 VERSIONS = {
-    'R80.40': 'r8040',
-    'R80.40-GW': 'r8040-gw',
-    'R81': 'r81',
-    'R81-GW': 'r81-gw',
     'R81.10': 'r8110',
     'R81.10-GW': 'r8110-gw',
     'R81.20': 'r8120',
@@ -28,7 +24,7 @@
 MAX_NICS = 8
 
 TEMPLATE_NAME = 'single'
-TEMPLATE_VERSION = '20231221'
+TEMPLATE_VERSION = '20240714'
 
 ATTRIBUTES = {
     'Gateway and Management (Standalone)': {
@@ -36,6 +32,11 @@
         'description': 'Check Point Security Gateway and Management',
         'canIpForward': True,
     },
+    'Management only': {
+        'tags': [MANAGEMENT],
+        'description': 'Check Point Security Management',
+        'canIpForward': False,
+    },
     'Gateway only': {
         'tags': [GATEWAY],
         'description': 'Check Point Security Gateway',
@@ -146,7 +147,7 @@ def generate_config(context):
     prop['osVersion'] = prop['cloudguardVersion'].replace(".", "")
     prop['allowUploadDownload'] = str(prop['allowUploadDownload']).lower()
     if not prop['managementGUIClientNetwork'] and prop['installationType'] in {
-            'Gateway and Management (Standalone)'}:
+            'Gateway and Management (Standalone)', 'Management only'}:
         raise Exception('Allowed GUI clients are required when installing '
                         'a management server')
     for k in ['managementGUIClientNetwork']:
@@ -351,7 +352,7 @@ def generate_config(context):
             firewall_rules = create_firewall_rules(
                 prop, network, fw_rule_name_prefix)
             resources.extend(firewall_rules)
-    elif MANAGEMENT in tags:
+    else:
         for i in range(len(netlist)):
             network = netlist[i]
             source_ranges = prop['network_tcpSourceRanges']
diff --git a/gcp/deployment-packages/single-payg/check-point-vsec--payg.py.schema b/gcp/deployment-packages/single-payg/check-point-vsec--payg.py.schema
index 8383e1c7..50f3e9bb 100755
--- a/gcp/deployment-packages/single-payg/check-point-vsec--payg.py.schema
+++ b/gcp/deployment-packages/single-payg/check-point-vsec--payg.py.schema
@@ -146,12 +146,6 @@ properties:
     type: string
     default: R81.20 Gateway only
     enum:
-      - R80.40 Gateway only
-      - R80.40 Manual Configuration
-      - R80.40 Gateway and Management (Standalone)
-      - R81 Gateway only
-      - R81 Manual Configuration
-      - R81 Gateway and Management (Standalone)
       - R81.10 Gateway only
       - R81.10 Manual Configuration
       - R81.10 Gateway and Management (Standalone)