diff --git a/terraform/azure/nva-into-existing-hub/README.md b/terraform/azure/nva-into-existing-hub/README.md index 4789d7ab..56972d7b 100755 --- a/terraform/azure/nva-into-existing-hub/README.md +++ b/terraform/azure/nva-into-existing-hub/README.md @@ -115,6 +115,10 @@ As part of the deployment the following resources are created: | **smart1-cloud-token-d** | Smart-1 Cloud token to connect automatically ***NVA instance d*** to Check Point's Security Management as a Service.

Follow these instructions to quickly connect this member to Smart-1 Cloud - [SK180501](https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk180501) | string | A valid token copied from the Connect Gateway screen in Smart-1 Cloud portal | | | | | | | | | **smart1-cloud-token-e** | Smart-1 Cloud token to connect automatically ***NVA instance e*** to Check Point's Security Management as a Service.

Follow these instructions to quickly connect this member to Smart-1 Cloud - [SK180501](https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk180501) | string | A valid token copied from the Connect Gateway screen in Smart-1 Cloud portal | | + | | | | | | + | **existing-public-ip** | Existing public IP reosurce to attach to the newly deployed NVA | string | A resource ID of the public IP resource | n/a | | + | | | | | | + | **new-public-ip** | Deploy a new public IP resource as part of the managed app and attach to the NVA | string | yes;
no;| yes | | | | ## Conditional creation @@ -152,12 +156,15 @@ As part of the deployment the following resources are created: smart1-cloud-token-c = "" smart1-cloud-token-d = "" smart1-cloud-token-e = "" + existing-public-ip = "" + new-public-ip = "yes" ## Revision History In order to check the template version refer to the [sk116585](https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk116585) | Template Version | Description | |------------------|-------------------| +| 20240228 | Added public IP for ingress support | | | | 20231226 | First release of Check Point CloudGuard Network Security Virtual WAN Terraform deployment for Azure| | diff --git a/terraform/azure/nva-into-existing-hub/main.tf b/terraform/azure/nva-into-existing-hub/main.tf index 84a7c00e..7d837266 100755 --- a/terraform/azure/nva-into-existing-hub/main.tf +++ b/terraform/azure/nva-into-existing-hub/main.tf @@ -105,7 +105,7 @@ resource "azurerm_managed_application" "nva" { name = "vwan-app" product = "cp-vwan-managed-app" publisher = "checkpoint" - version = "1.0.8" + version = "1.0.11" } parameter_values = jsonencode({ location = { @@ -167,6 +167,15 @@ resource "azurerm_managed_application" "nva" { }, smart1CloudTokenE = { value = var.smart1-cloud-token-e + }, + publicIPIngress = { + value = (var.new-public-ip == "yes" || length(var.existing-public-ip) > 0) ? "yes" : "no" + }, + createNewIPIngress = { + value = var.new-public-ip + } + ipIngressExistingResourceId = { + value = var.existing-public-ip } }) } diff --git a/terraform/azure/nva-into-existing-hub/terraform.tfvars b/terraform/azure/nva-into-existing-hub/terraform.tfvars index b43d49ba..268fb4c1 100755 --- a/terraform/azure/nva-into-existing-hub/terraform.tfvars +++ b/terraform/azure/nva-into-existing-hub/terraform.tfvars @@ -26,4 +26,6 @@ smart1-cloud-token-a = "PASTE TOKEN FROM SMART-1 CLOUD PORTAL FOR smart1-cloud-token-b = "PASTE TOKEN FROM SMART-1 CLOUD PORTAL FOR INSTANCE B OR LEAVE EMPTY DOUBLE QUOTES" # "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx" smart1-cloud-token-c = "PASTE TOKEN FROM SMART-1 CLOUD PORTAL FOR INSTANCE C OR LEAVE EMPTY DOUBLE QUOTES" # "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx" smart1-cloud-token-d = "PASTE TOKEN FROM SMART-1 CLOUD PORTAL FOR INSTANCE D OR LEAVE EMPTY DOUBLE QUOTES" # "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx" -smart1-cloud-token-e = "PASTE TOKEN FROM SMART-1 CLOUD PORTAL FOR INSTANCE E OR LEAVE EMPTY DOUBLE QUOTES" # "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx" \ No newline at end of file +smart1-cloud-token-e = "PASTE TOKEN FROM SMART-1 CLOUD PORTAL FOR INSTANCE E OR LEAVE EMPTY DOUBLE QUOTES" # "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx" +existing-public-ip = "PLEASE ENTER THE RESOURCE ID OF A PUBLIC IP RESOURCE OR LEAVE EMPTY DOUBLE QUOTES" # "/subscription/123/resourceGroups/rg1/providers/Microsoft.Network/publicIPAddresses/pip1" +new-public-ip = "PLEASE ENTER yes or no" # "no" \ No newline at end of file diff --git a/terraform/azure/nva-into-existing-hub/variables.tf b/terraform/azure/nva-into-existing-hub/variables.tf index 9d140c8f..090b4bc5 100755 --- a/terraform/azure/nva-into-existing-hub/variables.tf +++ b/terraform/azure/nva-into-existing-hub/variables.tf @@ -173,4 +173,25 @@ variable "smart1-cloud-token-d" { variable "smart1-cloud-token-e" { type = string default = "" +} + +variable "existing-public-ip" { + type = string + default = "" +} + +variable "new-public-ip" { + type = string + default = "no" + validation { + condition = contains(["yes", "no"], var.new-public-ip) + error_message = "Valid options are string('yes' or 'no')" + } +} + +locals{ + # Validate that new-public-ip is false when existing-public-ip is used + is_both_params_used = length(var.existing-public-ip) > 0 && var.new-public-ip == "yes" + validation_message_both = "Only one parameter of existing-public-ip or new-public-ip can be used" + _ = regex("^$", (!local.is_both_params_used ? "" : local.validation_message_both)) } \ No newline at end of file diff --git a/terraform/azure/nva-into-new-vwan/README.md b/terraform/azure/nva-into-new-vwan/README.md index afb7ba3a..dd1df4aa 100755 --- a/terraform/azure/nva-into-new-vwan/README.md +++ b/terraform/azure/nva-into-new-vwan/README.md @@ -119,6 +119,10 @@ As part of the deployment the following resources are created: | **smart1-cloud-token-d** | Smart-1 Cloud token to connect automatically ***NVA instance d*** to Check Point's Security Management as a Service.

Follow these instructions to quickly connect this member to Smart-1 Cloud - [SK180501](https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk180501) | string | A valid token copied from the Connect Gateway screen in Smart-1 Cloud portal | | | | | | | | | **smart1-cloud-token-e** | Smart-1 Cloud token to connect automatically ***NVA instance e*** to Check Point's Security Management as a Service.

Follow these instructions to quickly connect this member to Smart-1 Cloud - [SK180501](https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk180501) | string | A valid token copied from the Connect Gateway screen in Smart-1 Cloud portal | | + | | | | | | + | **existing-public-ip** | Existing public IP reosurce to attach to the newly deployed NVA | string | A resource ID of the public IP resource | n/a | | + | | | | | | + | **new-public-ip** | Deploy a new public IP resource as part of the managed app and attach to the NVA | string | yes;
no;| yes | | | | ## Conditional creation @@ -157,12 +161,15 @@ As part of the deployment the following resources are created: smart1-cloud-token-c = "" smart1-cloud-token-d = "" smart1-cloud-token-e = "" + existing-public-ip = "" + new-public-ip = "yes" ## Revision History In order to check the template version refer to the [sk116585](https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk116585) | Template Version | Description | |------------------|---------------------------------------------------------------------------------------------------| +| 20240228 | Added public IP for ingress support | | | | 20231226 | First release of Check Point CloudGuard Network Security Virtual WAN Terraform deployment for Azure | | | diff --git a/terraform/azure/nva-into-new-vwan/main.tf b/terraform/azure/nva-into-new-vwan/main.tf index b62a2100..c905f74a 100755 --- a/terraform/azure/nva-into-new-vwan/main.tf +++ b/terraform/azure/nva-into-new-vwan/main.tf @@ -177,6 +177,15 @@ resource "azurerm_managed_application" "nva" { }, smart1CloudTokenE = { value = var.smart1-cloud-token-e + }, + publicIPIngress = { + value = (var.new-public-ip == "yes" || length(var.existing-public-ip) > 0) ? "yes" : "no" + }, + createNewIPIngress = { + value = var.new-public-ip + } + ipIngressExistingResourceId = { + value = var.existing-public-ip } }) } diff --git a/terraform/azure/nva-into-new-vwan/terraform.tfvars b/terraform/azure/nva-into-new-vwan/terraform.tfvars index c754d4ee..8473e72c 100755 --- a/terraform/azure/nva-into-new-vwan/terraform.tfvars +++ b/terraform/azure/nva-into-new-vwan/terraform.tfvars @@ -27,4 +27,6 @@ smart1-cloud-token-a = "PASTE TOKEN FROM SMART-1 CLOUD PORTAL FOR I smart1-cloud-token-b = "PASTE TOKEN FROM SMART-1 CLOUD PORTAL FOR INSTANCE B OR LEAVE EMPTY DOUBLE QUOTES" # "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx" smart1-cloud-token-c = "PASTE TOKEN FROM SMART-1 CLOUD PORTAL FOR INSTANCE C OR LEAVE EMPTY DOUBLE QUOTES" # "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx" smart1-cloud-token-d = "PASTE TOKEN FROM SMART-1 CLOUD PORTAL FOR INSTANCE D OR LEAVE EMPTY DOUBLE QUOTES" # "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx" -smart1-cloud-token-e = "PASTE TOKEN FROM SMART-1 CLOUD PORTAL FOR INSTANCE E OR LEAVE EMPTY DOUBLE QUOTES" # "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx" \ No newline at end of file +smart1-cloud-token-e = "PASTE TOKEN FROM SMART-1 CLOUD PORTAL FOR INSTANCE E OR LEAVE EMPTY DOUBLE QUOTES" # "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx" +existing-public-ip = "PLEASE ENTER THE RESOURCE ID OF A PUBLIC IP RESOURCE OR LEAVE EMPTY DOUBLE QUOTES" # "/subscription/123/resourceGroups/rg1/providers/Microsoft.Network/publicIPAddresses/pip1" +new-public-ip = "PLEASE ENTER yes or no" # "no" \ No newline at end of file diff --git a/terraform/azure/nva-into-new-vwan/variables.tf b/terraform/azure/nva-into-new-vwan/variables.tf index 461b9ed5..deb1bc31 100755 --- a/terraform/azure/nva-into-new-vwan/variables.tf +++ b/terraform/azure/nva-into-new-vwan/variables.tf @@ -184,4 +184,25 @@ variable "smart1-cloud-token-d" { variable "smart1-cloud-token-e" { type = string default = "" +} + +variable "existing-public-ip" { + type = string + default = "" +} + +variable "new-public-ip" { + type = string + default = "no" + validation { + condition = contains(["yes", "no"], var.new-public-ip) + error_message = "Valid options are string('yes' or 'no')" + } +} + +locals{ + # Validate that new-public-ip is false when existing-public-ip is used + is_both_params_used = length(var.existing-public-ip) > 0 && var.new-public-ip == "yes" + validation_message_both = "Only one parameter of existing-public-ip or new-public-ip can be used" + _ = regex("^$", (!local.is_both_params_used ? "" : local.validation_message_both)) } \ No newline at end of file