diff --git a/terraform/azure/nva-into-existing-hub/README.md b/terraform/azure/nva-into-existing-hub/README.md
index 4789d7ab..56972d7b 100755
--- a/terraform/azure/nva-into-existing-hub/README.md
+++ b/terraform/azure/nva-into-existing-hub/README.md
@@ -115,6 +115,10 @@ As part of the deployment the following resources are created:
| **smart1-cloud-token-d** | Smart-1 Cloud token to connect automatically ***NVA instance d*** to Check Point's Security Management as a Service.
Follow these instructions to quickly connect this member to Smart-1 Cloud - [SK180501](https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk180501) | string | A valid token copied from the Connect Gateway screen in Smart-1 Cloud portal | |
| | | | | |
| **smart1-cloud-token-e** | Smart-1 Cloud token to connect automatically ***NVA instance e*** to Check Point's Security Management as a Service.
Follow these instructions to quickly connect this member to Smart-1 Cloud - [SK180501](https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk180501) | string | A valid token copied from the Connect Gateway screen in Smart-1 Cloud portal | |
+ | | | | | |
+ | **existing-public-ip** | Existing public IP reosurce to attach to the newly deployed NVA | string | A resource ID of the public IP resource | n/a | |
+ | | | | | |
+ | **new-public-ip** | Deploy a new public IP resource as part of the managed app and attach to the NVA | string | yes;
no;| yes | |
| |
## Conditional creation
@@ -152,12 +156,15 @@ As part of the deployment the following resources are created:
smart1-cloud-token-c = ""
smart1-cloud-token-d = ""
smart1-cloud-token-e = ""
+ existing-public-ip = ""
+ new-public-ip = "yes"
## Revision History
In order to check the template version refer to the [sk116585](https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk116585)
| Template Version | Description |
|------------------|-------------------|
+| 20240228 | Added public IP for ingress support | | |
| 20231226 | First release of Check Point CloudGuard Network Security Virtual WAN Terraform deployment for Azure| |
diff --git a/terraform/azure/nva-into-existing-hub/main.tf b/terraform/azure/nva-into-existing-hub/main.tf
index 84a7c00e..7d837266 100755
--- a/terraform/azure/nva-into-existing-hub/main.tf
+++ b/terraform/azure/nva-into-existing-hub/main.tf
@@ -105,7 +105,7 @@ resource "azurerm_managed_application" "nva" {
name = "vwan-app"
product = "cp-vwan-managed-app"
publisher = "checkpoint"
- version = "1.0.8"
+ version = "1.0.11"
}
parameter_values = jsonencode({
location = {
@@ -167,6 +167,15 @@ resource "azurerm_managed_application" "nva" {
},
smart1CloudTokenE = {
value = var.smart1-cloud-token-e
+ },
+ publicIPIngress = {
+ value = (var.new-public-ip == "yes" || length(var.existing-public-ip) > 0) ? "yes" : "no"
+ },
+ createNewIPIngress = {
+ value = var.new-public-ip
+ }
+ ipIngressExistingResourceId = {
+ value = var.existing-public-ip
}
})
}
diff --git a/terraform/azure/nva-into-existing-hub/terraform.tfvars b/terraform/azure/nva-into-existing-hub/terraform.tfvars
index b43d49ba..268fb4c1 100755
--- a/terraform/azure/nva-into-existing-hub/terraform.tfvars
+++ b/terraform/azure/nva-into-existing-hub/terraform.tfvars
@@ -26,4 +26,6 @@ smart1-cloud-token-a = "PASTE TOKEN FROM SMART-1 CLOUD PORTAL FOR
smart1-cloud-token-b = "PASTE TOKEN FROM SMART-1 CLOUD PORTAL FOR INSTANCE B OR LEAVE EMPTY DOUBLE QUOTES" # "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"
smart1-cloud-token-c = "PASTE TOKEN FROM SMART-1 CLOUD PORTAL FOR INSTANCE C OR LEAVE EMPTY DOUBLE QUOTES" # "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"
smart1-cloud-token-d = "PASTE TOKEN FROM SMART-1 CLOUD PORTAL FOR INSTANCE D OR LEAVE EMPTY DOUBLE QUOTES" # "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"
-smart1-cloud-token-e = "PASTE TOKEN FROM SMART-1 CLOUD PORTAL FOR INSTANCE E OR LEAVE EMPTY DOUBLE QUOTES" # "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"
\ No newline at end of file
+smart1-cloud-token-e = "PASTE TOKEN FROM SMART-1 CLOUD PORTAL FOR INSTANCE E OR LEAVE EMPTY DOUBLE QUOTES" # "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"
+existing-public-ip = "PLEASE ENTER THE RESOURCE ID OF A PUBLIC IP RESOURCE OR LEAVE EMPTY DOUBLE QUOTES" # "/subscription/123/resourceGroups/rg1/providers/Microsoft.Network/publicIPAddresses/pip1"
+new-public-ip = "PLEASE ENTER yes or no" # "no"
\ No newline at end of file
diff --git a/terraform/azure/nva-into-existing-hub/variables.tf b/terraform/azure/nva-into-existing-hub/variables.tf
index 9d140c8f..090b4bc5 100755
--- a/terraform/azure/nva-into-existing-hub/variables.tf
+++ b/terraform/azure/nva-into-existing-hub/variables.tf
@@ -173,4 +173,25 @@ variable "smart1-cloud-token-d" {
variable "smart1-cloud-token-e" {
type = string
default = ""
+}
+
+variable "existing-public-ip" {
+ type = string
+ default = ""
+}
+
+variable "new-public-ip" {
+ type = string
+ default = "no"
+ validation {
+ condition = contains(["yes", "no"], var.new-public-ip)
+ error_message = "Valid options are string('yes' or 'no')"
+ }
+}
+
+locals{
+ # Validate that new-public-ip is false when existing-public-ip is used
+ is_both_params_used = length(var.existing-public-ip) > 0 && var.new-public-ip == "yes"
+ validation_message_both = "Only one parameter of existing-public-ip or new-public-ip can be used"
+ _ = regex("^$", (!local.is_both_params_used ? "" : local.validation_message_both))
}
\ No newline at end of file
diff --git a/terraform/azure/nva-into-new-vwan/README.md b/terraform/azure/nva-into-new-vwan/README.md
index afb7ba3a..dd1df4aa 100755
--- a/terraform/azure/nva-into-new-vwan/README.md
+++ b/terraform/azure/nva-into-new-vwan/README.md
@@ -119,6 +119,10 @@ As part of the deployment the following resources are created:
| **smart1-cloud-token-d** | Smart-1 Cloud token to connect automatically ***NVA instance d*** to Check Point's Security Management as a Service.
Follow these instructions to quickly connect this member to Smart-1 Cloud - [SK180501](https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk180501) | string | A valid token copied from the Connect Gateway screen in Smart-1 Cloud portal | |
| | | | | |
| **smart1-cloud-token-e** | Smart-1 Cloud token to connect automatically ***NVA instance e*** to Check Point's Security Management as a Service.
Follow these instructions to quickly connect this member to Smart-1 Cloud - [SK180501](https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk180501) | string | A valid token copied from the Connect Gateway screen in Smart-1 Cloud portal | |
+ | | | | | |
+ | **existing-public-ip** | Existing public IP reosurce to attach to the newly deployed NVA | string | A resource ID of the public IP resource | n/a | |
+ | | | | | |
+ | **new-public-ip** | Deploy a new public IP resource as part of the managed app and attach to the NVA | string | yes;
no;| yes | |
| |
## Conditional creation
@@ -157,12 +161,15 @@ As part of the deployment the following resources are created:
smart1-cloud-token-c = ""
smart1-cloud-token-d = ""
smart1-cloud-token-e = ""
+ existing-public-ip = ""
+ new-public-ip = "yes"
## Revision History
In order to check the template version refer to the [sk116585](https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk116585)
| Template Version | Description |
|------------------|---------------------------------------------------------------------------------------------------|
+| 20240228 | Added public IP for ingress support | | |
| 20231226 | First release of Check Point CloudGuard Network Security Virtual WAN Terraform deployment for Azure | | |
diff --git a/terraform/azure/nva-into-new-vwan/main.tf b/terraform/azure/nva-into-new-vwan/main.tf
index b62a2100..c905f74a 100755
--- a/terraform/azure/nva-into-new-vwan/main.tf
+++ b/terraform/azure/nva-into-new-vwan/main.tf
@@ -177,6 +177,15 @@ resource "azurerm_managed_application" "nva" {
},
smart1CloudTokenE = {
value = var.smart1-cloud-token-e
+ },
+ publicIPIngress = {
+ value = (var.new-public-ip == "yes" || length(var.existing-public-ip) > 0) ? "yes" : "no"
+ },
+ createNewIPIngress = {
+ value = var.new-public-ip
+ }
+ ipIngressExistingResourceId = {
+ value = var.existing-public-ip
}
})
}
diff --git a/terraform/azure/nva-into-new-vwan/terraform.tfvars b/terraform/azure/nva-into-new-vwan/terraform.tfvars
index c754d4ee..8473e72c 100755
--- a/terraform/azure/nva-into-new-vwan/terraform.tfvars
+++ b/terraform/azure/nva-into-new-vwan/terraform.tfvars
@@ -27,4 +27,6 @@ smart1-cloud-token-a = "PASTE TOKEN FROM SMART-1 CLOUD PORTAL FOR I
smart1-cloud-token-b = "PASTE TOKEN FROM SMART-1 CLOUD PORTAL FOR INSTANCE B OR LEAVE EMPTY DOUBLE QUOTES" # "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"
smart1-cloud-token-c = "PASTE TOKEN FROM SMART-1 CLOUD PORTAL FOR INSTANCE C OR LEAVE EMPTY DOUBLE QUOTES" # "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"
smart1-cloud-token-d = "PASTE TOKEN FROM SMART-1 CLOUD PORTAL FOR INSTANCE D OR LEAVE EMPTY DOUBLE QUOTES" # "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"
-smart1-cloud-token-e = "PASTE TOKEN FROM SMART-1 CLOUD PORTAL FOR INSTANCE E OR LEAVE EMPTY DOUBLE QUOTES" # "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"
\ No newline at end of file
+smart1-cloud-token-e = "PASTE TOKEN FROM SMART-1 CLOUD PORTAL FOR INSTANCE E OR LEAVE EMPTY DOUBLE QUOTES" # "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"
+existing-public-ip = "PLEASE ENTER THE RESOURCE ID OF A PUBLIC IP RESOURCE OR LEAVE EMPTY DOUBLE QUOTES" # "/subscription/123/resourceGroups/rg1/providers/Microsoft.Network/publicIPAddresses/pip1"
+new-public-ip = "PLEASE ENTER yes or no" # "no"
\ No newline at end of file
diff --git a/terraform/azure/nva-into-new-vwan/variables.tf b/terraform/azure/nva-into-new-vwan/variables.tf
index 461b9ed5..deb1bc31 100755
--- a/terraform/azure/nva-into-new-vwan/variables.tf
+++ b/terraform/azure/nva-into-new-vwan/variables.tf
@@ -184,4 +184,25 @@ variable "smart1-cloud-token-d" {
variable "smart1-cloud-token-e" {
type = string
default = ""
+}
+
+variable "existing-public-ip" {
+ type = string
+ default = ""
+}
+
+variable "new-public-ip" {
+ type = string
+ default = "no"
+ validation {
+ condition = contains(["yes", "no"], var.new-public-ip)
+ error_message = "Valid options are string('yes' or 'no')"
+ }
+}
+
+locals{
+ # Validate that new-public-ip is false when existing-public-ip is used
+ is_both_params_used = length(var.existing-public-ip) > 0 && var.new-public-ip == "yes"
+ validation_message_both = "Only one parameter of existing-public-ip or new-public-ip can be used"
+ _ = regex("^$", (!local.is_both_params_used ? "" : local.validation_message_both))
}
\ No newline at end of file