CheckPointSW · chkp-natanelm · Sep 21, 2023 · Sep 18, 2023
diff --git a/azure/templates/marketplace-ha/mainTemplate.json b/azure/templates/marketplace-ha/mainTemplate.json
@@ -395,7 +395,6 @@
     "storageAccountType": "Standard_LRS",
     "diskSize100GB": 100,
     "diskSizeGB": "[add(parameters('additionalDiskSizeGB'), variables('diskSize100GB'))]",
-    "customData": "[concat('#!/usr/bin/python3 /etc/cloud_config.py\n', '\n', 'installationType=\"', variables('installationType'), '\"', '\n', 'allowUploadDownload=\"', variables('allowUploadDownload'), '\"', '\n', 'osVersion=\"', variables('osVersion'), '\"', '\n', 'templateName=\"', variables('templateName'), '\"', '\n', 'isBlink=\"', variables('isBlink'), '\"', '\n', 'templateVersion=\"', variables('templateVersion'), '\"', '\n', 'bootstrapScript64=\"', variables('bootstrapScript64'), '\"', '\n', 'location=\"', variables('location'), '\"', '\n', 'sicKey=\"', variables('sicKey'), '\"', '\n', 'location=\"', variables('location'), '\"', '\n', 'tenantId=\"', subscription().tenantId, '\"', '\n', 'virtualNetwork=\"', parameters('virtualNetworkName'), '\"', '\n', 'clusterName=\"', parameters('vmName'), '\"', '\n', 'customMetrics=\"', variables('customMetrics'), '\"', '\n', 'adminShell=\"', parameters('adminShell'), '\"', '\n', 'MaintenanceModePassword=\"', parameters('MaintenanceModePasswordHash'), '\"', '\n', 'passwordHash=\"', parameters('SerialConsolePasswordHash'), '\"', '\n')]",
     "imageOffer": "[concat('check-point-cg-', toLower(variables('osVersion')))]",
     "imagePublisher": "checkpoint",
     "imageReferenceBYOL": {
@@ -628,6 +627,11 @@
           "privateIPAddress": "[variables('externalPrivateAddresses')[add(copyIndex('VipsInformation'), 3)]]",
           "publicIPAddress": "[variables('Vip_Names')[copyIndex('VipsInformation')]]"
         }
+      },
+      {
+        "name": "customData",
+        "count": "[variables('count')]",
+        "input": "[concat('#!/usr/bin/python3 /etc/cloud_config.py\n', '\n', 'installationType=\"', variables('installationType'), '\"', '\n', 'allowUploadDownload=\"', variables('allowUploadDownload'), '\"', '\n', 'osVersion=\"', variables('osVersion'), '\"', '\n', 'templateName=\"', variables('templateName'), '\"', '\n', 'isBlink=\"', variables('isBlink'), '\"', '\n', 'templateVersion=\"', variables('templateVersion'), '\"', '\n', 'bootstrapScript64=\"', variables('bootstrapScript64'), '\"', '\n', 'location=\"', variables('location'), '\"', '\n', 'sicKey=\"', variables('sicKey'), '\"', '\n', 'location=\"', variables('location'), '\"', '\n', 'tenantId=\"', subscription().tenantId, '\"', '\n', 'virtualNetwork=\"', parameters('virtualNetworkName'), '\"', '\n', 'clusterName=\"', parameters('vmName'), '\"', '\n', 'customMetrics=\"', variables('customMetrics'), '\"', '\n', 'adminShell=\"', parameters('adminShell'), '\"', '\n', '\n','smart1CloudToken=\"', variables('tokens')[copyIndex('customData')], '\"', '\n', 'Vips=\"', string(variables('VipsInformationForCloudConfig')), '\"', '\n','externalPrivateAddresses=\"', variables('externalPrivateAddresses')[2], '\"', '\n', 'MaintenanceModePassword=\"', parameters('MaintenanceModePasswordHash'), '\"', '\n', 'passwordHash=\"', parameters('SerialConsolePasswordHash'), '\"', '\n')]"
       }
     ],
     "DefaultVipInformation": [
@@ -987,7 +991,7 @@
     },
     {
       "type": "Microsoft.Compute/virtualMachines",
-      "apiVersion": "2021-07-01",
+      "apiVersion": "2022-11-01",
       "dependsOn": [
         "[resourceId('Microsoft.Storage/storageAccounts', variables('storageAccountName'))]",
         "[resourceId('Microsoft.Compute/availabilitySets', variables('availabilitySetName'))]",
@@ -1005,7 +1009,7 @@
       "plan": "[if(equals(parameters('sourceImageVhdUri'),'noCustomUri'), variables('plan'), json('null'))]",
       "identity": "[if(equals(parameters('managedSystemAssigned'), 'yes'), variables('identity'), json('null'))]",
       "properties": {
-        "UserData": "[base64(concat(variables('customData'), '\n','smart1CloudToken=\"', variables('tokens')[copyIndex()], '\"', '\n', 'Vips=\"', string(variables('VipsInformationForCloudConfig')), '\"', '\n','externalPrivateAddresses=\"', variables('externalPrivateAddresses')[2], '\"', '\n', 'vnet=\"', if(equals(parameters('vnetNewOrExisting'), 'new'), reference('networkNewSetup').outputs.vnetAddressPrefixes.value[0], reference('networkExistingSetup').outputs.vnetAddressPrefixes.value[0]), '\"', '\n' ))]",
+        "UserData": "[base64(concat(variables('customData')[copyIndex()], 'vnet=\"', if(equals(parameters('vnetNewOrExisting'), 'new'), reference('networkNewSetup').outputs.vnetAddressPrefixes.value[0], reference('networkExistingSetup').outputs.vnetAddressPrefixes.value[0]), '\"', '\n'))]",
         "availabilitySet": "[if(not(variables('useAZ')), variables('availabilitySetProperty'), json('null'))]",
         "diagnosticsProfile": {
           "bootDiagnostics": {
@@ -1036,7 +1040,7 @@
           "adminPassword": "[parameters('adminPassword')]",
           "adminUsername": "[concat('not','used')]",
           "computername": "[concat(toLower(parameters('vmName')), copyIndex(1))]",
-          "customData": "[base64(concat(variables('customData'), '\n', 'smart1CloudToken=\"', variables('tokens')[copyIndex()], '\"', '\n','Vips=\"', string(variables('VipsInformationForCloudConfig')), '\"', '\n','externalPrivateAddresses=\"', variables('externalPrivateAddresses')[2], '\"', '\n',  'vnet=\"', if(equals(parameters('vnetNewOrExisting'), 'new'), reference('networkNewSetup').outputs.vnetAddressPrefixes.value[0], reference('networkExistingSetup').outputs.vnetAddressPrefixes.value[0]), '\"', '\n' ))]",
+          "customData": "[base64(concat(variables('customData')[copyIndex()], 'vnet=\"', if(equals(parameters('vnetNewOrExisting'), 'new'), reference('networkNewSetup').outputs.vnetAddressPrefixes.value[0], reference('networkExistingSetup').outputs.vnetAddressPrefixes.value[0]), '\"', '\n'))]",
           "linuxConfiguration": "[variables('linuxConfiguration')]"
         },
         "storageProfile": {
@@ -1113,7 +1117,7 @@
       "properties": {
         "roleDefinitionId": "[variables('roleDefinitionId')]",
         "scope": "[resourceGroup().id]",
-        "principalId": "[reference(resourceId('Microsoft.Compute/virtualMachines/', concat(parameters('vmName'), copyIndex(1))), '2021-07-01', 'Full').identity.principalId]"
+        "principalId": "[reference(resourceId('Microsoft.Compute/virtualMachines/', concat(parameters('vmName'), copyIndex(1))), '2022-11-01', 'Full').identity.principalId]"
       },
       "tags": "[ if(contains(parameters('tagsByResource'), 'Microsoft.Authorization/roleAssignments'), parameters('tagsByResource')['Microsoft.Authorization/roleAssignments'], json('{}')) ]"
     },
@@ -1142,10 +1146,10 @@
             "value": "[variables('roleDefinitionId')]"
           },
           "principalId1": {
-            "value": "[reference(resourceId('Microsoft.Compute/virtualMachines/', concat(parameters('vmName'), '1')), '2021-07-01', 'Full').identity.principalId]"
+            "value": "[reference(resourceId('Microsoft.Compute/virtualMachines/', concat(parameters('vmName'), '1')), '2022-11-01', 'Full').identity.principalId]"
           },
           "principalId2": {
-            "value": "[reference(resourceId('Microsoft.Compute/virtualMachines/', concat(parameters('vmName'), '2')), '2021-07-01', 'Full').identity.principalId]"
+            "value": "[reference(resourceId('Microsoft.Compute/virtualMachines/', concat(parameters('vmName'), '2')), '2022-11-01', 'Full').identity.principalId]"
           }
         }
       }

diff --git a/azure/templates/marketplace-mds/createUiDefinition.json b/azure/templates/marketplace-mds/createUiDefinition.json
@@ -242,63 +242,6 @@
               ]
             }
           },
-          {
-            "name": "adminShell",
-            "type": "Microsoft.Common.DropDown",
-            "label": "Default shell for the admin user",
-            "defaultValue": "/etc/cli.sh",
-            "toolTip": "The default shell for the admin user",
-            "constraints": {
-              "allowedValues": [
-                {
-                  "label": "/etc/cli.sh",
-                  "value": "/etc/cli.sh"
-                },
-                {
-                  "label": "/bin/bash",
-                  "value": "/bin/bash"
-                },
-                {
-                  "label": "/bin/csh",
-                  "value": "/bin/csh"
-                },
-                {
-                  "label": "/bin/tcsh",
-                  "value": "/bin/tcsh"
-                }
-              ]
-            }
-          },
-          {
-            "name": "managementGUIClientNetwork",
-            "type": "Microsoft.Common.TextBox",
-            "label": "Allowed GUI clients",
-            "toolTip": "GUI clients network CIDR",
-            "constraints": {
-              "required": true,
-              "regex": "^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\\/([0-9]|[1-2][0-9]|3[0-2]))$",
-              "validationMessage": "Enter a valid IPv4 network CIDR"
-            },
-            "visible": true
-          },
-          {
-            "name": "sicKeyUi",
-            "type": "Microsoft.Common.PasswordBox",
-            "label": {
-              "password": "SIC key",
-              "confirmPassword": "Confirm SIC key"
-            },
-            "toolTip": "Set the Secure Internal Communication one time secret used to set up trust between the primary and secondary servers. SIC key must be provided if installing a secondary Multi-Domain Server.",
-            "constraints": {
-              "required": true,
-              "regex": "^[a-z0-9A-Z]{12,30}$",
-              "validationMessage": "Only alphanumeric characters are allowed, and the value must be 12-30 characters long."
-            },
-            "options": {
-              "hideConfirmation": false
-            },
-            "visible": "[not(equals(steps('chkp').installationType, 'mds-primary'))]"
-          },
           {
             "name": "SerialPasswordInfoBox",
             "type": "Microsoft.Common.InfoBox",
@@ -393,6 +336,63 @@
               "hideConfirmation": false
             }
           },
+          {
+            "name": "adminShell",
+            "type": "Microsoft.Common.DropDown",
+            "label": "Default shell for the admin user",
+            "defaultValue": "/etc/cli.sh",
+            "toolTip": "The default shell for the admin user",
+            "constraints": {
+              "allowedValues": [
+                {
+                  "label": "/etc/cli.sh",
+                  "value": "/etc/cli.sh"
+                },
+                {
+                  "label": "/bin/bash",
+                  "value": "/bin/bash"
+                },
+                {
+                  "label": "/bin/csh",
+                  "value": "/bin/csh"
+                },
+                {
+                  "label": "/bin/tcsh",
+                  "value": "/bin/tcsh"
+                }
+              ]
+            }
+          },
+          {
+            "name": "managementGUIClientNetwork",
+            "type": "Microsoft.Common.TextBox",
+            "label": "Allowed GUI clients",
+            "toolTip": "GUI clients network CIDR",
+            "constraints": {
+              "required": true,
+              "regex": "(^0\\.0\\.0\\.0\\/0$)|(^(?!0\\.0\\.0\\.0$)(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\\/32)?$)",
+              "validationMessage": "Enter a valid IPv4 network CIDR (only 0.0.0.0/0, X.X.X.X/32 or X.X.X.X are acceptable)"
+            },
+            "visible": true
+          },
+          {
+            "name": "sicKeyUi",
+            "type": "Microsoft.Common.PasswordBox",
+            "label": {
+              "password": "SIC key",
+              "confirmPassword": "Confirm SIC key"
+            },
+            "toolTip": "Set the Secure Internal Communication one time secret used to set up trust between the primary and secondary servers. SIC key must be provided if installing a secondary Multi-Domain Server.",
+            "constraints": {
+              "required": true,
+              "regex": "^[a-z0-9A-Z]{12,30}$",
+              "validationMessage": "Only alphanumeric characters are allowed, and the value must be 12-30 characters long."
+            },
+            "options": {
+              "hideConfirmation": false
+            },
+            "visible": "[not(equals(steps('chkp').installationType, 'mds-primary'))]"
+          },
           {
             "name": "bootstrapScript",
             "type": "Microsoft.Common.FileUpload",

diff --git a/azure/templates/marketplace-single/createUiDefinition.json b/azure/templates/marketplace-single/createUiDefinition.json
@@ -1825,6 +1825,8 @@
       "location": "[location()]",
       "cloudGuardVersion": "[concat(steps('chkp').cloudGuardVersion, ' - ', coalesce(steps('chkp').R80Offer, 'Bring Your Own License'))]",
       "adminPassword": "[basics('auth').password]",
+      "SerialConsolePasswordHash": "[steps('chkp').AdditionalPassword]",
+      "MaintenanceModePasswordHash": "[steps('chkp').MaintenanceModePassword]",
       "authenticationType": "[basics('auth').authenticationType]",
       "sshPublicKey": "[basics('auth').sshPublicKey]",
       "vmName": "[basics('gatewayNameUi')]",
@@ -1853,9 +1855,7 @@
       "tagsByResource": "[steps('tags').tagsByResource]",
       "deployNewNSG": "[steps('network').NSG]",
       "ExistingNSG": "[steps('network').nsgSelector]",
-      "NewNsgName": "[steps('network').NSGName]",
-      "SerialConsolePasswordHash": "[steps('chkp').AdditionalPassword]",
-      "MaintenanceModePasswordHash": "[steps('chkp').MaintenanceModePassword]"
+      "NewNsgName": "[steps('network').NSGName]"
     }
   }
 }
diff --git a/azure/templates/marketplace-vmss/createUiDefinition.json b/azure/templates/marketplace-vmss/createUiDefinition.json
@@ -548,7 +548,7 @@
             "type": "Microsoft.Common.OptionsGroup",
             "label": "Use Remote Access VPN",
             "defaultValue": "No",
-            "toolTip": "Use Remote Access VPN functionality.",
+            "toolTip": "Use Remote Access VPN functionality. Remote Access VPN is supported from R80.40 Management Server or Multi-Domain Management Server until R81.10, and from R80.40 Gateway version until R81.10.",
             "constraints": {
               "allowedValues": [
                 {