diff --git a/azure/templates/marketplace-gateway-load-balancer/createUiDefinition.json b/azure/templates/marketplace-gateway-load-balancer/createUiDefinition.json index f4c53009..e9a13a22 100644 --- a/azure/templates/marketplace-gateway-load-balancer/createUiDefinition.json +++ b/azure/templates/marketplace-gateway-load-balancer/createUiDefinition.json @@ -53,7 +53,7 @@ "steps": [ { "name": "autoprovision", - "label": "Check Point VMSS settings", + "label": "CloudGuard GWLB settings", "subLabel": { "preValidation": "Configure CloudGuard VMSS settings", "postValidation": "Done" @@ -61,64 +61,12 @@ "bladeTitle": "CloudGuard VMSS settings", "elements": [ { - "name": "upgrading", - "type": "Microsoft.Common.OptionsGroup", - "label": "Are you upgrading your CloudGuard VMSS solution?", - "defaultValue": "No", - "toolTip": "Select 'Yes' if you are upgrading your CloudGuard VMSS solution.", - "constraints": { - "allowedValues": [ - { - "label": "No", - "value": "no" - }, - { - "label": "Yes", - "value": "yes" - } - ] - } - }, - { - "name": "upgradeVmssInfoBox", - "type": "Microsoft.Common.InfoBox", - "visible": "[equals(steps('autoprovision').upgrading, 'yes')]", - "options": { - "icon": "Warning", - "text": "All the configurations below must be similar to the existing CloudGuard VMSS solution.\n\nNote that the target load balancers are the ones connected to your existing CloudGuard VMSS solution.\n\nSee the Deployment Guide for more information." - } - }, - { - "name": "vmCount", - "type": "Microsoft.Common.TextBox", - "label": "Initial number of gateways", - "defaultValue": "2", - "toolTip": "The initial number of gateways", - "constraints": { - "required": true, - "regex": "^[1-9][0-9]{0,1}$", - "validationMessage": "Please enter a number in the range 1-99." - } - }, - { - "name": "maxVmCount", - "type": "Microsoft.Common.TextBox", - "label": "Maximum number of gateways", - "defaultValue": "10", - "toolTip": "The maximum number of gateways", - "constraints": { - "required": true, - "regex": "^[1-9][0-9]{0,1}$", - "validationMessage": "Please enter a number in the range 1-99." - } - }, - { - "name": "numGwsValidation", + "name": "InfoAzureAdminGuide", "type": "Microsoft.Common.InfoBox", - "visible": "[greater(steps('autoprovision').vmCount, steps('autoprovision').maxVmCount)]", + "visible": "true", "options": { - "icon": "Error", - "text": "Maximum number of gateways is lower than initial number of gateways" + "icon": "Info", + "text": "See CloudGuard Network for Azure administration guide for detailed deployment and configuration steps " } }, { @@ -132,15 +80,6 @@ "validationMessage": "Field cannot be empty. Only alphanumeric characters or '_'/'-' are allowed, and the name must be 1-30 characters long." } }, - { - "name": "configurationTemplateInfoBox", - "type": "Microsoft.Common.InfoBox", - "visible": "[equals(steps('autoprovision').upgrading, 'yes')]", - "options": { - "icon": "Info", - "text": "Use a different configuration template name than in your existing CloudGuard VMSS solution." - } - }, { "name": "configurationTemplate", "type": "Microsoft.Common.TextBox", @@ -152,205 +91,12 @@ "validationMessage": "Field cannot be empty. Only alphanumeric characters or '_'/'-' are allowed, and the name must be 1-30 characters long." } }, - { - "name": "adminEmail", - "type": "Microsoft.Common.TextBox", - "label": "Administrator email address", - "defaultValue": "", - "toolTip": "An email address to notify about scaling operations", - "constraints": { - "required": false, - "regex": "^([a-zA-Z0-9_\\-\\.]+)@((\\[[0-9]{1,3}\\.[0-9]{1,3}\\.[0-9]{1,3}\\.)|(([a-zA-Z0-9\\-]+\\.)+))([a-zA-Z]{2,4}|[0-9]{1,3})(\\]?)$", - "validationMessage": "Leave empty or enter a valid email address." - } - }, - { - "name": "appLoadDistribution", - "type": "Microsoft.Common.DropDown", - "label": "Gateway Load Balancer session persistence", - "defaultValue": "None (5-tuple)", - "toolTip": "The load balancing distribution method for the Gateway Load Balancer.", - "visible": true, - "constraints": { - "allowedValues": [ - { - "label": "None (5-tuple)", - "value": "Default" - }, - { - "label": "Client IP (2-tuple)", - "value": "SourceIP" - }, - { - "label": "Client IP and protocol (3-tuple)", - "value": "SourceIPProtocol" - } - ] - } - }, - { - "name": "instanceLevelPublicIP", - "type": "Microsoft.Common.OptionsGroup", - "label": "Deploy the VMSS with instance level Public IP address", - "defaultValue": "No", - "toolTip": "If selected 'Yes', then each VMSS instance will have its own public IP address.", - "constraints": { - "allowedValues": [ - { - "label": "No", - "value": "no" - }, - { - "label": "Yes", - "value": "yes" - } - ] - } - }, - { - "name": "lbsTargetRGName", - "type": "Microsoft.Common.TextBox", - "visible": "[equals(steps('autoprovision').upgrading, 'yes')]", - "label": "Target load balancers resource group name", - "defaultValue": "", - "toolTip": "The name of the Target Load Balancers Resource Group.", - "constraints": { - "required": true, - "regex": "^[a-z0-9A-Z_\\-\\.\\/\\(\\)]", - "validationMessage": "Resource Group only allow alphanumeric characters, periods, underscores, hyphens, slash, and parenthesis" - } - }, - { - "name": "lbResourceId", - "type": "Microsoft.Common.TextBox", - "visible": "[equals(steps('autoprovision').upgrading, 'yes')]", - "label": "Target gateway load balancer resource ID", - "defaultValue": "", - "toolTip": "The Resource ID of the Target Gateway Load Balancer.", - "constraints": { - "required": true, - "regex": "^[a-z0-9A-Z_\\-\\.\\/\\(\\)]", - "validationMessage": "Resource Id only allow alphanumeric characters, periods, underscores, hyphens, slash, and parenthesis" - } - }, - { - "name": "lbInfoBox", - "type": "Microsoft.Common.InfoBox", - "visible": "[equals(steps('autoprovision').upgrading, 'yes')]", - "options": { - "icon": "Info", - "text": "Make sure you have created a new backend address pool for the target gateway load balancer." - } - }, - { - "name": "lbTargetBEAddressPoolName", - "type": "Microsoft.Common.TextBox", - "visible": "[equals(steps('autoprovision').upgrading, 'yes')]", - "label": "Gateway load balancer's new backend pool name", - "toolTip": "The name of the new Target Gateway Load Balancer's Backend Pool.", - "constraints": { - "required": true, - "regex": "^[a-z0-9A-Z_\\-\\.\\/\\(\\)]", - "validationMessage": "Only alphanumeric characters, periods, underscores, hyphens, slash, and parenthesis are allowed" - } - }, - { - "name": "mgmtInterfaceOpt1", - "type": "Microsoft.Common.DropDown", - "label": "Management interface and IP address", - "defaultValue": "Frontend NIC's public IP address", - "visible": "[equals(steps('autoprovision').instanceLevelPublicIP, 'yes')]", - "toolTip": "Manage the Gateways in the Scale Set via the instance's external (eth0) or internal (eth1) NIC and with public or private IP.", - "constraints": { - "allowedValues": [ - { - "label": "Frontend NIC's public IP address", - "value": "eth0-public" - }, - { - "label": "Frontend NIC's private IP address", - "value": "eth0-private" - } - ] - } - }, - { - "name": "mgmtIPaddress", - "type": "Microsoft.Common.TextBox", - "label": "Management Server IP address", - "toolTip": "The IP address used to manage the VMSS instances.", - "visible": "[equals(steps('autoprovision').mgmtInterfaceOpt1, 'eth0-private')]", - "constraints": { - "regex": "^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])$", - "required": true, - "validationMessage": "Please enter a valid IP address" - } - }, - { - "name": "availabilityZonesNum", - "type": "Microsoft.Common.DropDown", - "label": "Number of Availability Zones to use", - "defaultValue": "None", - "toolTip": "The number of avalability zones to use for the scale set. Note that the load balancers and their IP addresses will be zone redundant in any case.", - "visible": "[contains(' australiaeast brazilsouth canadacentral centralus eastasia eastus eastus2 francecentral germanywestcentral japaneast koreacentral northeurope norwayeast southafricanorth southcentralus southeastasia swedencentral uksouth usgovvirginia westeurope westus2 westus3 switzerlandnorth qatarcentral centralindia uaenorth italynorth ', concat(' ', location(), ' '))]", - "constraints": { - "allowedValues": [ - { - "label": "None", - "value": 0 - }, - { - "label": "One zone", - "value": 1 - }, - { - "label": "Two zones", - "value": 2 - }, - { - "label": "Three zones", - "value": 3 - } - ] - } - }, - { - "name": "customMetrics", - "type": "Microsoft.Common.OptionsGroup", - "label": "Enable CloudGuard metrics", - "defaultValue": "Yes", - "toolTip": "Enable CloudGuard metrics in order to send statuses and statistics collected from VMSS instances to the Azure Monitor service.", - "constraints": { - "allowedValues": [ - { - "label": "No", - "value": "no" - }, - { - "label": "Yes", - "value": "yes" - } - ] - }, - "visible": true - } - ] - }, - { - "name": "chkp", - "label": "Check Point CloudGuard settings", - "subLabel": { - "preValidation": "Configure CloudGuard settings", - "postValidation": "Done" - }, - "bladeTitle": "CloudGuard settings", - "elements": [ { "name": "cloudGuardVersion", "type": "Microsoft.Common.DropDown", - "label": "Check Point CloudGuard version", + "label": "Version", "defaultValue": "R81.20", - "toolTip": "The version of Check Point CloudGuard.", + "toolTip": "Check Point Recommended version for all deployments is R81.20", "constraints": { "allowedValues": [ { @@ -373,7 +119,7 @@ "type": "Microsoft.Common.DropDown", "label": "License type", "toolTip": "The type of license.", - "defaultValue": "Bring Your Own License", + "defaultValue": "Pay As You Go (NGTX)", "visible": true, "constraints": { "allowedValues": [ @@ -392,10 +138,19 @@ ] } }, + { + "name": "InfoVMSize", + "type": "Microsoft.Common.InfoBox", + "visible": "true", + "options": { + "icon": "Info", + "text": "Check Point recommends a minimum of 4 vCores for optimal operation" + } + }, { "name": "R8110vmSizeUiBYOL", "type": "Microsoft.Compute.SizeSelector", - "visible": "[and(equals(steps('chkp').cloudGuardVersion, 'R81.10'), contains(steps('chkp').R80Offer, 'Bring Your Own License'))]", + "visible": "[and(equals(steps('autoprovision').cloudGuardVersion, 'R81.10'), contains(steps('autoprovision').R80Offer, 'Bring Your Own License'))]", "label": "Virtual machine size", "toolTip": "The VM size of the Security Gateway", "recommendedSizes": [ @@ -503,12 +258,12 @@ "offer": "check-point-cg-r8110", "sku": "sg-byol" }, - "count": "[steps('autoprovision').vmCount]" + "count": "[steps('chkp-advanced').vmCount]" }, { "name": "R8110vmSizeUiNGTP", "type": "Microsoft.Compute.SizeSelector", - "visible": "[and(equals(steps('chkp').cloudGuardVersion, 'R81.10'), contains(steps('chkp').R80Offer, '(NGTP)'))]", + "visible": "[and(equals(steps('autoprovision').cloudGuardVersion, 'R81.10'), contains(steps('autoprovision').R80Offer, '(NGTP)'))]", "label": "Virtual machine size", "toolTip": "The VM size of the Security Gateway", "recommendedSizes": [ @@ -616,12 +371,12 @@ "offer": "check-point-cg-r8110", "sku": "sg-ngtp" }, - "count": "[steps('autoprovision').vmCount]" + "count": "[steps('chkp-advanced').vmCount]" }, { "name": "R8110vmSizeUiNGTX", "type": "Microsoft.Compute.SizeSelector", - "visible": "[and(equals(steps('chkp').cloudGuardVersion, 'R81.10'), contains(steps('chkp').R80Offer, '(NGTX)'))]", + "visible": "[and(equals(steps('autoprovision').cloudGuardVersion, 'R81.10'), contains(steps('autoprovision').R80Offer, '(NGTX)'))]", "label": "Virtual machine size", "toolTip": "The VM size of the Security Gateway", "recommendedSizes": [ @@ -729,12 +484,12 @@ "offer": "check-point-cg-r8110", "sku": "sg-ngtx" }, - "count": "[steps('autoprovision').vmCount]" + "count": "[steps('chkp-advanced').vmCount]" }, { "name": "R8120vmSizeUiBYOL", "type": "Microsoft.Compute.SizeSelector", - "visible": "[and(equals(steps('chkp').cloudGuardVersion, 'R81.20'), contains(steps('chkp').R80Offer, 'Bring Your Own License'))]", + "visible": "[and(equals(steps('autoprovision').cloudGuardVersion, 'R81.20'), contains(steps('autoprovision').R80Offer, 'Bring Your Own License'))]", "label": "Virtual machine size", "toolTip": "The VM size of the Security Gateway", "recommendedSizes": [ @@ -842,12 +597,12 @@ "offer": "check-point-cg-r8120", "sku": "sg-byol" }, - "count": "[steps('autoprovision').vmCount]" + "count": "[steps('chkp-advanced').vmCount]" }, { "name": "R8120vmSizeUiNGTP", "type": "Microsoft.Compute.SizeSelector", - "visible": "[and(equals(steps('chkp').cloudGuardVersion, 'R81.20'), contains(steps('chkp').R80Offer, '(NGTP)'))]", + "visible": "[and(equals(steps('autoprovision').cloudGuardVersion, 'R81.20'), contains(steps('autoprovision').R80Offer, '(NGTP)'))]", "label": "Virtual machine size", "toolTip": "The VM size of the Security Gateway", "recommendedSizes": [ @@ -955,12 +710,12 @@ "offer": "check-point-cg-r8120", "sku": "sg-ngtp" }, - "count": "[steps('autoprovision').vmCount]" + "count": "[steps('chkp-advanced').vmCount]" }, { "name": "R8120vmSizeUiNGTX", "type": "Microsoft.Compute.SizeSelector", - "visible": "[and(equals(steps('chkp').cloudGuardVersion, 'R81.20'), contains(steps('chkp').R80Offer, '(NGTX)'))]", + "visible": "[and(equals(steps('autoprovision').cloudGuardVersion, 'R81.20'), contains(steps('autoprovision').R80Offer, '(NGTX)'))]", "label": "Virtual machine size", "toolTip": "The VM size of the Security Gateway", "recommendedSizes": [ @@ -1068,12 +823,12 @@ "offer": "check-point-cg-r8120", "sku": "sg-ngtx" }, - "count": "[steps('autoprovision').vmCount]" + "count": "[steps('chkp-advanced').vmCount]" }, { "name": "R82vmSizeUiBYOL", "type": "Microsoft.Compute.SizeSelector", - "visible": "[and(equals(steps('chkp').cloudGuardVersion, 'R82'), contains(steps('chkp').R80Offer, 'Bring Your Own License'))]", + "visible": "[and(equals(steps('autoprovision').cloudGuardVersion, 'R82'), contains(steps('autoprovision').R80Offer, 'Bring Your Own License'))]", "label": "Virtual machine size", "toolTip": "The VM size of the Security Gateway", "recommendedSizes": [ @@ -1181,12 +936,12 @@ "offer": "check-point-cg-r82", "sku": "sg-byol" }, - "count": "[steps('autoprovision').vmCount]" + "count": "[steps('chkp-advanced').vmCount]" }, { "name": "R82vmSizeUiNGTP", "type": "Microsoft.Compute.SizeSelector", - "visible": "[and(equals(steps('chkp').cloudGuardVersion, 'R82'), contains(steps('chkp').R80Offer, '(NGTP)'))]", + "visible": "[and(equals(steps('autoprovision').cloudGuardVersion, 'R82'), contains(steps('autoprovision').R80Offer, '(NGTP)'))]", "label": "Virtual machine size", "toolTip": "The VM size of the Security Gateway", "recommendedSizes": [ @@ -1294,12 +1049,12 @@ "offer": "check-point-cg-r82", "sku": "sg-ngtp" }, - "count": "[steps('autoprovision').vmCount]" + "count": "[steps('chkp-advanced').vmCount]" }, { "name": "R82vmSizeUiNGTX", "type": "Microsoft.Compute.SizeSelector", - "visible": "[and(equals(steps('chkp').cloudGuardVersion, 'R82'), contains(steps('chkp').R80Offer, '(NGTX)'))]", + "visible": "[and(equals(steps('autoprovision').cloudGuardVersion, 'R82'), contains(steps('autoprovision').R80Offer, '(NGTX)'))]", "label": "Virtual machine size", "toolTip": "The VM size of the Security Gateway", "recommendedSizes": [ @@ -1407,11 +1162,302 @@ "offer": "check-point-cg-r82", "sku": "sg-ngtx" }, - "count": "[steps('autoprovision').vmCount]" + "count": "[steps('chkp-advanced').vmCount]" }, { - "name": "adminShell", - "type": "Microsoft.Common.DropDown", + "name": "sicKeyUi", + "type": "Microsoft.Common.PasswordBox", + "label": { + "password": "SIC Key", + "confirmPassword": "Confirm SIC Key" + }, + "toolTip": "Set the Secure Internal Communication one time secret used to set up trust between the gateway and the management server.", + "constraints": { + "required": true, + "regex": "^[a-z0-9A-Z]{12,30}$", + "validationMessage": "Only alphanumeric characters are allowed, and the value must be 12-30 characters long." + }, + "options": { + "hideConfirmation": false + } + } + + ] + }, + { + "name": "chkp-advanced", + "label": "CloudGuard Advanced Settings", + "subLabel": { + "preValidation": "Configure CloudGuard settings", + "postValidation": "Done" + }, + "bladeTitle": "CloudGuard settings", + "elements": [ + { + "name": "InfoAdvanced", + "type": "Microsoft.Common.InfoBox", + "visible": "true", + "options": { + "icon": "Info", + "text": "This section includes OPTIONAL advanced configuration.\nTo proceed with Check Point default settings, click Next" + } + }, + { + "name": "upgrading", + "type": "Microsoft.Common.OptionsGroup", + "label": "Are you upgrading your CloudGuard VMSS solution?", + "defaultValue": "No", + "toolTip": "Select 'Yes' if you are upgrading your CloudGuard VMSS solution.", + "constraints": { + "allowedValues": [ + { + "label": "No", + "value": "no" + }, + { + "label": "Yes", + "value": "yes" + } + ] + } + }, + { + "name": "upgradeVmssInfoBox", + "type": "Microsoft.Common.InfoBox", + "visible": "[equals(steps('chkp-advanced').upgrading, 'yes')]", + "options": { + "icon": "Warning", + "text": "All the configurations below must be similar to the existing CloudGuard VMSS solution.\n\nNote that the target load balancers are the ones connected to your existing CloudGuard VMSS solution.\n\nSee the Deployment Guide for more information." + } + }, + { + "name": "vmCount", + "type": "Microsoft.Common.TextBox", + "label": "Initial number of gateways", + "defaultValue": "2", + "toolTip": "The initial number of gateways", + "constraints": { + "required": true, + "regex": "^[1-9][0-9]{0,1}$", + "validationMessage": "Please enter a number in the range 1-99." + } + }, + { + "name": "maxVmCount", + "type": "Microsoft.Common.TextBox", + "label": "Maximum number of gateways", + "defaultValue": "10", + "toolTip": "The maximum number of gateways", + "constraints": { + "required": true, + "regex": "^[1-9][0-9]{0,1}$", + "validationMessage": "Please enter a number in the range 1-99." + } + }, + { + "name": "numGwsValidation", + "type": "Microsoft.Common.InfoBox", + "visible": "[greater(steps('chkp-advanced').vmCount, steps('chkp-advanced').maxVmCount)]", + "options": { + "icon": "Error", + "text": "Maximum number of gateways is lower than initial number of gateways" + } + }, + { + "name": "configurationTemplateInfoBox", + "type": "Microsoft.Common.InfoBox", + "visible": "[equals(steps('chkp-advanced').upgrading, 'yes')]", + "options": { + "icon": "Info", + "text": "Use a different configuration template name than in your existing CloudGuard VMSS solution." + } + }, + { + "name": "appLoadDistribution", + "type": "Microsoft.Common.DropDown", + "label": "Gateway Load Balancer session persistence", + "defaultValue": "None (5-tuple)", + "toolTip": "The load balancing distribution method for the Gateway Load Balancer.", + "visible": true, + "constraints": { + "allowedValues": [ + { + "label": "None (5-tuple)", + "value": "Default" + }, + { + "label": "Client IP (2-tuple)", + "value": "SourceIP" + }, + { + "label": "Client IP and protocol (3-tuple)", + "value": "SourceIPProtocol" + } + ] + } + }, + { + "name": "instanceLevelPublicIP", + "type": "Microsoft.Common.OptionsGroup", + "label": "Deploy the VMSS with instance level Public IP address", + "defaultValue": "No", + "toolTip": "If selected 'Yes', then each VMSS instance will have its own public IP address.", + "constraints": { + "allowedValues": [ + { + "label": "No", + "value": "no" + }, + { + "label": "Yes", + "value": "yes" + } + ] + } + }, + { + "name": "lbsTargetRGName", + "type": "Microsoft.Common.TextBox", + "visible": "[equals(steps('chkp-advanced').upgrading, 'yes')]", + "label": "Target load balancers resource group name", + "defaultValue": "", + "toolTip": "The name of the Target Load Balancers Resource Group.", + "constraints": { + "required": true, + "regex": "^[a-z0-9A-Z_\\-\\.\\/\\(\\)]", + "validationMessage": "Resource Group only allow alphanumeric characters, periods, underscores, hyphens, slash, and parenthesis" + } + }, + { + "name": "lbResourceId", + "type": "Microsoft.Common.TextBox", + "visible": "[equals(steps('chkp-advanced').upgrading, 'yes')]", + "label": "Target gateway load balancer resource ID", + "defaultValue": "", + "toolTip": "The Resource ID of the Target Gateway Load Balancer.", + "constraints": { + "required": true, + "regex": "^[a-z0-9A-Z_\\-\\.\\/\\(\\)]", + "validationMessage": "Resource Id only allow alphanumeric characters, periods, underscores, hyphens, slash, and parenthesis" + } + }, + { + "name": "lbInfoBox", + "type": "Microsoft.Common.InfoBox", + "visible": "[equals(steps('chkp-advanced').upgrading, 'yes')]", + "options": { + "icon": "Info", + "text": "Make sure you have created a new backend address pool for the target gateway load balancer." + } + }, + { + "name": "lbTargetBEAddressPoolName", + "type": "Microsoft.Common.TextBox", + "visible": "[equals(steps('chkp-advanced').upgrading, 'yes')]", + "label": "Gateway load balancer's new backend pool name", + "toolTip": "The name of the new Target Gateway Load Balancer's Backend Pool.", + "constraints": { + "required": true, + "regex": "^[a-z0-9A-Z_\\-\\.\\/\\(\\)]", + "validationMessage": "Only alphanumeric characters, periods, underscores, hyphens, slash, and parenthesis are allowed" + } + }, + { + "name": "adminEmail", + "type": "Microsoft.Common.TextBox", + "label": "Administrator email address", + "defaultValue": "", + "toolTip": "An email address to notify about scaling operations", + "constraints": { + "required": false, + "regex": "^([a-zA-Z0-9_\\-\\.]+)@((\\[[0-9]{1,3}\\.[0-9]{1,3}\\.[0-9]{1,3}\\.)|(([a-zA-Z0-9\\-]+\\.)+))([a-zA-Z]{2,4}|[0-9]{1,3})(\\]?)$", + "validationMessage": "Leave empty or enter a valid email address." + } + }, + + { + "name": "mgmtInterfaceOpt1", + "type": "Microsoft.Common.DropDown", + "label": "Management interface and IP address", + "defaultValue": "Frontend NIC's public IP address", + "visible": "[equals(steps('chkp-advanced').instanceLevelPublicIP, 'yes')]", + "toolTip": "Manage the Gateways in the Scale Set via the instance's external (eth0) or internal (eth1) NIC and with public or private IP.", + "constraints": { + "allowedValues": [ + { + "label": "Frontend NIC's public IP address", + "value": "eth0-public" + }, + { + "label": "Frontend NIC's private IP address", + "value": "eth0-private" + } + ] + } + }, + { + "name": "mgmtIPaddress", + "type": "Microsoft.Common.TextBox", + "label": "Management Server IP address", + "toolTip": "The IP address used to manage the VMSS instances.", + "visible": "[equals(steps('chkp-advanced').mgmtInterfaceOpt1, 'eth0-private')]", + "constraints": { + "regex": "^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])$", + "required": true, + "validationMessage": "Please enter a valid IP address" + } + }, + { + "name": "availabilityZonesNum", + "type": "Microsoft.Common.DropDown", + "label": "Number of Availability Zones to use", + "defaultValue": "None", + "toolTip": "The number of avalability zones to use for the scale set. Note that the load balancers and their IP addresses will be zone redundant in any case.", + "visible": "[contains(' australiaeast brazilsouth canadacentral centralus eastasia eastus eastus2 francecentral germanywestcentral japaneast koreacentral northeurope norwayeast southafricanorth southcentralus southeastasia swedencentral uksouth usgovvirginia westeurope westus2 westus3 switzerlandnorth qatarcentral centralindia uaenorth italynorth ', concat(' ', location(), ' '))]", + "constraints": { + "allowedValues": [ + { + "label": "None", + "value": 0 + }, + { + "label": "One zone", + "value": 1 + }, + { + "label": "Two zones", + "value": 2 + }, + { + "label": "Three zones", + "value": 3 + } + ] + } + }, + { + "name": "customMetrics", + "type": "Microsoft.Common.OptionsGroup", + "label": "Enable CloudGuard metrics", + "defaultValue": "Yes", + "toolTip": "Enable CloudGuard metrics in order to send statuses and statistics collected from VMSS instances to the Azure Monitor service.", + "constraints": { + "allowedValues": [ + { + "label": "No", + "value": "no" + }, + { + "label": "Yes", + "value": "yes" + } + ] + }, + "visible": true + }, + { + "name": "adminShell", + "type": "Microsoft.Common.DropDown", "label": "Default shell for the admin user", "defaultValue": "/etc/cli.sh", "toolTip": "The default shell for the admin user", @@ -1436,23 +1482,6 @@ ] } }, - { - "name": "sicKeyUi", - "type": "Microsoft.Common.PasswordBox", - "label": { - "password": "SIC Key", - "confirmPassword": "Confirm SIC Key" - }, - "toolTip": "Set the Secure Internal Communication one time secret used to set up trust between the gateway and the management server.", - "constraints": { - "required": true, - "regex": "^[a-z0-9A-Z]{12,30}$", - "validationMessage": "Only alphanumeric characters are allowed, and the value must be 12-30 characters long." - }, - "options": { - "hideConfirmation": false - } - }, { "name": "SerialPasswordInfoBox", "type": "Microsoft.Common.InfoBox", @@ -1467,7 +1496,7 @@ "name": "EnableSerialConsolePassword", "type": "Microsoft.Common.OptionsGroup", "label": "Enable Serial console password", - "defaultValue": "Yes", + "defaultValue": "No", "toolTip": "A unique password hash to enable VM connection via serial console.", "constraints": { "allowedValues": [ @@ -1486,7 +1515,7 @@ "name": "AdditionalPassword", "type": "Microsoft.Common.PasswordBox", "toolTip": "Serial console password hash, used to enable password authentication (using serial console). To generate password hash use the command 'openssl passwd -6 PASSWORD'", - "visible": "[and(bool(basics('auth').sshPublicKey), steps('chkp').EnableSerialConsolePassword)]", + "visible": "[and(bool(basics('auth').sshPublicKey), steps('chkp-advanced').EnableSerialConsolePassword)]", "label": { "password": "Password hash", "confirmPassword": "Confirm password" @@ -1503,34 +1532,14 @@ { "name": "MaintenanceModeInfoBox", "type": "Microsoft.Common.InfoBox", - "visible": "[and(bool(basics('auth').password), not(contains('R81.10', steps('chkp').cloudGuardVersion)))]", + "visible": "[and(bool(basics('auth').password), not(contains('R81.10', steps('autoprovision').cloudGuardVersion)))]", "options": { "icon": "Info", "text": "Check Point recommends setting a maintenance-mode password for recovery purposes." } }, { - "visible": "[not(contains('R81.10', steps('chkp').cloudGuardVersion))]", - "name": "EnableMaintenanceMode", - "type": "Microsoft.Common.OptionsGroup", - "label": "Enable Maintenance Mode", - "defaultValue": "Yes", - "toolTip": "A unique password hash to enable VM maintenance mode.", - "constraints": { - "allowedValues": [ - { - "label": "Yes", - "value": true - }, - { - "label": "No", - "value": false - } - ] - } - }, - { - "visible": "[and(not(contains('R81.10', steps('chkp').cloudGuardVersion)), steps('chkp').EnableMaintenanceMode)]", + "visible": "[not(contains('R81.10', steps('autoprovision').cloudGuardVersion))]", "name": "MaintenanceModePassword", "type": "Microsoft.Common.PasswordBox", "defaultValue": "", @@ -1540,7 +1549,6 @@ "confirmPassword": "Confirm Password" }, "constraints": { - "required": true, "validationMessage": "The value must be the output of the hash command." }, "options": { @@ -1587,7 +1595,7 @@ "type": "Microsoft.Common.OptionsGroup", "label": "VM disk type", "toolTip": "Type of CloudGuard disk.", - "visible": "[not(contains('R81.10' , steps('chkp').cloudGuardVersion))]", + "visible": "[not(contains('R81.10' , steps('autoprovision').cloudGuardVersion))]", "defaultValue": "Premium", "constraints": { "allowedValues": [ @@ -1607,7 +1615,7 @@ "type": "Microsoft.Common.OptionsGroup", "label": "VM disk type", "toolTip": "Type of CloudGuard disk.", - "visible": "[contains('R81.10' , steps('chkp').cloudGuardVersion)]", + "visible": "[contains('R81.10' , steps('autoprovision').cloudGuardVersion)]", "defaultValue": "Standard", "constraints": { "allowedValues": [ @@ -1622,6 +1630,15 @@ ] } }, + { + "name": "InfoVMDiskSpace", + "type": "Microsoft.Common.InfoBox", + "visible": "[not(contains('R81.10 R81.20', steps('autoprovision').cloudGuardVersion))]", + "options": { + "icon": "Info", + "text": "See Adding disk space in CloudGuard for instructions on adding additional disk space " + } + }, { "name": "additionalDiskSizeGB", "type": "Microsoft.Common.TextBox", @@ -1632,7 +1649,7 @@ "regex": "^([0-9]|[1-9][0-9]|[1-9][0-9][0-9]|[1-2][0-9][0-9][0-9]|3[0-8][0-9][0-9]|399[0-5])$", "validationMessage": "Select a number between 0 and 3995" }, - "visible": "[not(contains('R81.10 R81.20', steps('chkp').cloudGuardVersion))]" + "visible": "[not(contains('R81.10 R81.20', steps('autoprovision').cloudGuardVersion))]" }, { "name": "useCustomImageUri", @@ -1661,11 +1678,11 @@ "label": "Development Image URI", "toolTip": "The URI of the blob containing the development image", "constraints": { - "required": "[equals(steps('chkp').useCustomImageUri, 'Yes')]", + "required": "[equals(steps('chkp-advanced').useCustomImageUri, 'Yes')]", "regex": "^[a-z0-9A-Z_\\-\\.\\:\\/]{1,500}.vhd$", "validationMessage": "Only alphanumeric characters and '_','-','.',':','/' are allowed, the value must be 1-500 characters long and must end with .vhd. " }, - "visible": "[equals(steps('chkp').useCustomImageUri, 'Yes')]" + "visible": "[equals(steps('chkp-advanced').useCustomImageUri, 'Yes')]" } ] }, @@ -1708,7 +1725,7 @@ }, "constraints": { "minAddressPrefixSize": "/29", - "minAddressCount": "[steps('autoprovision').maxVmCount]", + "minAddressCount": "[steps('chkp-advanced').maxVmCount]", "requireContiguousAddresses": false } } @@ -1794,6 +1811,15 @@ "name": "tags", "label": "Tags", "elements": [ + { + "name": "InfoTags", + "type": "Microsoft.Common.InfoBox", + "visible": "true", + "options": { + "icon": "Info", + "text": "Check Point automatically configures all tags required by the solution\nOPTIONAL: Additional tags can be added below" + } + }, { "name": "tagsByResource", "type": "Microsoft.Common.TagsByResource", @@ -1815,30 +1841,30 @@ "authenticationType": "[basics('auth').authenticationType]", "adminPassword": "[basics('auth').password]", "sshPublicKey": "[basics('auth').sshPublicKey]", - "upgrading": "[steps('autoprovision').upgrading]", + "upgrading": "[steps('chkp-advanced').upgrading]", "vmName": "[basics('gatewayScaleSetNameUi')]", - "instanceCount": "[steps('autoprovision').vmCount]", - "maxInstanceCount": "[steps('autoprovision').maxVmCount]", + "instanceCount": "[steps('chkp-advanced').vmCount]", + "maxInstanceCount": "[steps('chkp-advanced').maxVmCount]", "managementServer": "[steps('autoprovision').managementServer]", "configurationTemplate": "[steps('autoprovision').configurationTemplate]", - "adminEmail": "[steps('autoprovision').adminEmail]", - "instanceLevelPublicIP": "[steps('autoprovision').instanceLevelPublicIP]", - "lbsTargetRGName": "[steps('autoprovision').lbsTargetRGName]", - "lbResourceId": "[steps('autoprovision').lbResourceId]", - "lbTargetBEAddressPoolName": "[steps('autoprovision').lbTargetBEAddressPoolName]", - "mgmtInterfaceOpt1": "[steps('autoprovision').mgmtInterfaceOpt1]", - "mgmtIPaddress": "[steps('autoprovision').mgmtIPaddress]", - "appLoadDistribution": "[steps('autoprovision').appLoadDistribution]", - "availabilityZonesNum": "[coalesce(steps('autoprovision').availabilityZonesNum, int('0'))]", - "customMetrics": "[steps('autoprovision').customMetrics]", - "cloudGuardVersion": "[concat(steps('chkp').cloudGuardVersion, ' - ', coalesce(steps('chkp').R80Offer, 'Bring Your Own License'))]", - "vmSize": "[coalesce(steps('chkp').R8110vmSizeUiBYOL, steps('chkp').R8110vmSizeUiNGTP, steps('chkp').R8110vmSizeUiNGTX, steps('chkp').R8120vmSizeUiBYOL, steps('chkp').R8120vmSizeUiNGTP, steps('chkp').R8120vmSizeUiNGTX, steps('chkp').R82vmSizeUiBYOL, steps('chkp').R82vmSizeUiNGTP, steps('chkp').R82vmSizeUiNGTX)]", - "sicKey": "[steps('chkp').sicKeyUi]", - "bootstrapScript": "[steps('chkp').bootstrapScript]", - "allowDownloadFromUploadToCheckPoint": "[coalesce(steps('chkp').allowUploadDownload, 'true')]", - "additionalDiskSizeGB": "[int(steps('chkp').additionalDiskSizeGB)]", - "diskType": "[if(contains('R81.10' , steps('chkp').cloudGuardVersion) , steps('chkp').VMDiskTypeOldVersions , steps('chkp').VMDiskType)]", - "sourceImageVhdUri": "[coalesce(steps('chkp').sourceImageVhdUri, 'noCustomUri')]", + "adminEmail": "[steps('chkp-advanced').adminEmail]", + "instanceLevelPublicIP": "[steps('chkp-advanced').instanceLevelPublicIP]", + "lbsTargetRGName": "[steps('chkp-advanced').lbsTargetRGName]", + "lbResourceId": "[steps('chkp-advanced').lbResourceId]", + "lbTargetBEAddressPoolName": "[steps('chkp-advanced').lbTargetBEAddressPoolName]", + "mgmtInterfaceOpt1": "[steps('chkp-advanced').mgmtInterfaceOpt1]", + "mgmtIPaddress": "[steps('chkp-advanced').mgmtIPaddress]", + "appLoadDistribution": "[steps('chkp-advanced').appLoadDistribution]", + "availabilityZonesNum": "[coalesce(steps('chkp-advanced').availabilityZonesNum, int('0'))]", + "customMetrics": "[steps('chkp-advanced').customMetrics]", + "cloudGuardVersion": "[concat(steps('autoprovision').cloudGuardVersion, ' - ', coalesce(steps('autoprovision').R80Offer, 'Bring Your Own License'))]", + "vmSize": "[coalesce(steps('autoprovision').R8110vmSizeUiBYOL, steps('autoprovision').R8110vmSizeUiNGTP, steps('autoprovision').R8110vmSizeUiNGTX, steps('autoprovision').R8120vmSizeUiBYOL, steps('autoprovision').R8120vmSizeUiNGTP, steps('autoprovision').R8120vmSizeUiNGTX, steps('autoprovision').R82vmSizeUiBYOL, steps('autoprovision').R82vmSizeUiNGTP, steps('autoprovision').R82vmSizeUiNGTX)]", + "sicKey": "[steps('autoprovision').sicKeyUi]", + "bootstrapScript": "[steps('chkp-advanced').bootstrapScript]", + "allowDownloadFromUploadToCheckPoint": "[coalesce(steps('chkp-advanced').allowUploadDownload, 'true')]", + "additionalDiskSizeGB": "[int(steps('chkp-advanced').additionalDiskSizeGB)]", + "diskType": "[if(contains('R81.10' , steps('autoprovision').cloudGuardVersion) , steps('chkp-advanced').VMDiskTypeOldVersions , steps('chkp-advanced').VMDiskType)]", + "sourceImageVhdUri": "[coalesce(steps('chkp-advanced').sourceImageVhdUri, 'noCustomUri')]", "virtualNetworkName": "[steps('network').virtualNetwork.name]", "virtualNetworkAddressPrefix": "[steps('network').virtualNetwork.addressPrefix]", "vnetNewOrExisting": "[steps('network').virtualNetwork.newOrExisting]", @@ -1846,14 +1872,14 @@ "subnet1Name": "[steps('network').virtualNetwork.subnets.subnet1.name]", "subnet1Prefix": "[steps('network').virtualNetwork.subnets.subnet1.addressPrefix]", "subnet1StartAddress": "[steps('network').virtualNetwork.subnets.subnet1.startAddress]", - "adminShell": "[steps('chkp').adminShell]", + "adminShell": "[steps('chkp-advanced').adminShell]", "tagsByResource": "[steps('tags').tagsByResource]", "deployNewNSG": "[steps('network').NSG]", "ExistingNSG": "[steps('network').nsgSelector]", "NewNsgName": "[steps('network').NSGName]", - "addStorageAccountIpRules": "[steps('network').addStorageAccountIpRules]", - "SerialConsolePasswordHash": "[steps('chkp').AdditionalPassword]", - "MaintenanceModePasswordHash": "[steps('chkp').MaintenanceModePassword]" + "addStorageAccountIpRules":"[steps('network').addStorageAccountIpRules]", + "SerialConsolePasswordHash": "[steps('chkp-advanced').AdditionalPassword]", + "MaintenanceModePasswordHash": "[steps('chkp-advanced').MaintenanceModePassword]" } } } \ No newline at end of file diff --git a/azure/templates/marketplace-ha/createUiDefinition.json b/azure/templates/marketplace-ha/createUiDefinition.json index 5061798d..0daf4fb1 100644 --- a/azure/templates/marketplace-ha/createUiDefinition.json +++ b/azure/templates/marketplace-ha/createUiDefinition.json @@ -53,19 +53,28 @@ "steps": [ { "name": "chkp", - "label": "Check Point Cluster Object settings", + "label": "CloudGuard Cluster settings", "subLabel": { "preValidation": "Configure Cluster Object settings", "postValidation": "Done" }, "bladeTitle": "Cluster Object settings", "elements": [ + { + "name": "InfoAzureAdminGuide", + "type": "Microsoft.Common.InfoBox", + "visible": "true", + "options": { + "icon": "Info", + "text": "See CloudGuard Network for Azure administration guide for detailed deployment and configuration steps " + } + }, { "name": "cloudGuardVersion", "type": "Microsoft.Common.DropDown", - "label": "Check Point CloudGuard version", + "label": "Version", "defaultValue": "R81.20", - "toolTip": "The version of Check Point CloudGuard.", + "toolTip": "Check Point Recommended version for all deployments is R81.20", "constraints": { "allowedValues": [ { @@ -88,7 +97,7 @@ "type": "Microsoft.Common.DropDown", "label": "License type", "toolTip": "The type of license.", - "defaultValue": "Bring Your Own License", + "defaultValue": "Pay As You Go (NGTX)", "visible": true, "constraints": { "allowedValues": [ @@ -107,6 +116,15 @@ ] } }, + { + "name": "InfoVMSize", + "type": "Microsoft.Common.InfoBox", + "visible": "true", + "options": { + "icon": "Info", + "text": "Check Point recommends a minimum of 4 vCores for optimal operation" + } + }, { "name": "R8110vmSizeUiBYOL", "type": "Microsoft.Compute.SizeSelector", @@ -1125,32 +1143,57 @@ "count": 2 }, { - "name": "adminShell", - "type": "Microsoft.Common.DropDown", - "label": "Default shell for the admin user", - "defaultValue": "/etc/cli.sh", - "toolTip": "The default shell for the admin user", + "name": "ManagementConnection", + "type": "Microsoft.Common.OptionsGroup", + "label": "Choose Management Option", + "defaultValue": "Connect the security GW to my SaaS management (Smart1-Cloud)", + "toolTip": "Automatically connect this single gateway to Smart-1 Cloud - Check Point's Security Management as a Service", "constraints": { "allowedValues": [ { - "label": "/etc/cli.sh", - "value": "/etc/cli.sh" + "label": "Connect the security GW to my SaaS management (Smart1-Cloud)", + "value": "Connect the security GW to my SaaS management (Smart1-Cloud)" }, { - "label": "/bin/bash", - "value": "/bin/bash" - }, - { - "label": "/bin/csh", - "value": "/bin/csh" - }, - { - "label": "/bin/tcsh", - "value": "/bin/tcsh" + "label": "Connect the security GW to my IaaS management", + "value": "Connect the security GW to my IaaS management" } ] } }, + { + "name": "InfoS1C", + "type": "Microsoft.Common.InfoBox", + "visible": "[equals(steps('chkp').ManagementConnection, 'Connect the security GW to my SaaS management (Smart1-Cloud)')]", + "options": { + "icon": "Info", + "text": "Follow these instructions to quickly connect this Cluster to Smart-1 Cloud
sk180501-Connecting CloudGuard Network Security Public Cloud Gateway to Smart-1 Cloud." + } + }, + { + "name": "Smart1CloudTokenA", + "type": "Microsoft.Common.TextBox", + "label": "Smart-1 Cloud Token Member A", + "toolTip": "Paste here the token copied from the Connect Gateway (Member A) screen in Smart-1 Cloud portal", + "constraints": { + "required": true, + "regex": "[\\S\\s]{5,}", + "validationMessage": "Smart1Cloud Token Should contain at lease 5 characters" + }, + "visible": "[equals(steps('chkp').ManagementConnection, 'Connect the security GW to my SaaS management (Smart1-Cloud)')]" + }, + { + "name": "Smart1CloudTokenB", + "type": "Microsoft.Common.TextBox", + "label": "Smart-1 Cloud Token Member B", + "toolTip": "Paste here the token copied from the Connect Gateway (Member B) screen in Smart-1 Cloud portal", + "constraints": { + "required": true, + "regex": "[\\S\\s]{5,}", + "validationMessage": "Smart1Cloud Token Should contain at lease 5 characters" + }, + "visible": "[equals(steps('chkp').ManagementConnection, 'Connect the security GW to my SaaS management (Smart1-Cloud)')]" + }, { "name": "sicKeyUi", "type": "Microsoft.Common.PasswordBox", @@ -1167,7 +1210,54 @@ "options": { "hideConfirmation": false }, - "visible": "true" + "visible": "[equals(steps('chkp').ManagementConnection, 'Connect the security GW to my IaaS management')]" + } + ] + }, + { + "name": "chkp-advanced", + "label": "CloudGuard Advanced settings", + "subLabel": { + "preValidation": "Configure Cluster Object settings", + "postValidation": "Done" + }, + "bladeTitle": "CloudGuard Cluster Advanced settings", + "elements": [ + { + "name": "InfoAdvanced", + "type": "Microsoft.Common.InfoBox", + "visible": "true", + "options": { + "icon": "Info", + "text": "This section includes OPTIONAL advanced configuration.\nTo proceed with Check Point default settings, click Next" + } + }, + { + "name": "adminShell", + "type": "Microsoft.Common.DropDown", + "label": "Default shell for the admin user", + "defaultValue": "/etc/cli.sh", + "toolTip": "The default shell for the admin user", + "constraints": { + "allowedValues": [ + { + "label": "/etc/cli.sh", + "value": "/etc/cli.sh" + }, + { + "label": "/bin/bash", + "value": "/bin/bash" + }, + { + "label": "/bin/csh", + "value": "/bin/csh" + }, + { + "label": "/bin/tcsh", + "value": "/bin/tcsh" + } + ] + } }, { "name": "SerialPasswordInfoBox", @@ -1183,7 +1273,7 @@ "name": "EnableSerialConsolePassword", "type": "Microsoft.Common.OptionsGroup", "label": "Enable Serial console password", - "defaultValue": "Yes", + "defaultValue": "No", "toolTip": "A unique password hash to enable VM connection via serial console.", "constraints": { "allowedValues": [ @@ -1202,7 +1292,7 @@ "name": "AdditionalPassword", "type": "Microsoft.Common.PasswordBox", "toolTip": "Serial console password hash, used to enable password authentication (using serial console). To generate password hash use the command 'openssl passwd -6 PASSWORD'", - "visible": "[and(bool(basics('auth').sshPublicKey), steps('chkp').EnableSerialConsolePassword)]", + "visible": "[and(bool(basics('auth').sshPublicKey), steps('chkp-advanced').EnableSerialConsolePassword)]", "label": { "password": "Password hash", "confirmPassword": "Confirm password" @@ -1222,31 +1312,11 @@ "visible": "[and(bool(basics('auth').password), not(contains('R81.10', steps('chkp').cloudGuardVersion)))]", "options": { "icon": "Info", - "text": "Check Point recommends setting a maintenance-mode password for recovery purposes." + "text": "Check Point recommends setting a maintenance-mode password for recovery purposes" } }, { "visible": "[not(contains('R81.10', steps('chkp').cloudGuardVersion))]", - "name": "EnableMaintenanceMode", - "type": "Microsoft.Common.OptionsGroup", - "label": "Enable Maintenance Mode", - "defaultValue": "Yes", - "toolTip": "A unique password hash to enable VM maintenance mode.", - "constraints": { - "allowedValues": [ - { - "label": "Yes", - "value": true - }, - { - "label": "No", - "value": false - } - ] - } - }, - { - "visible": "[and(not(contains('R81.10', steps('chkp').cloudGuardVersion)), steps('chkp').EnableMaintenanceMode)]", "name": "MaintenanceModePassword", "type": "Microsoft.Common.PasswordBox", "defaultValue": "", @@ -1256,7 +1326,6 @@ "confirmPassword": "Confirm Password" }, "constraints": { - "required": true, "validationMessage": "The value must be the output of the hash command." }, "options": { @@ -1379,15 +1448,12 @@ } }, { - "name": "basics settings text block", - "type": "Microsoft.Common.TextBlock", - "visible": true, + "name": "InfoVMDiskSpace", + "type": "Microsoft.Common.InfoBox", + "visible": "true", "options": { - "text": "Please follow the Check Point referenced guide for adding disk space.", - "link": { - "label": "Additional disk space in CloudGuard", - "uri": "https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk156552" - } + "icon": "Info", + "text": "See Adding disk space in CloudGuard for instructions on adding additional disk space " } }, { @@ -1428,11 +1494,11 @@ "label": "Development Image URI", "toolTip": "The URI of the blob containing the development image", "constraints": { - "required": "[equals(steps('chkp').useCustomImageUri, 'Yes')]", + "required": "[equals(steps('chkp-advanced').useCustomImageUri, 'Yes')]", "regex": "^[a-z0-9A-Z_\\-\\.\\:\\/]{1,500}.vhd$", "validationMessage": "Only alphanumeric characters and '_','-','.',':','/' are allowed, the value must be 1-500 characters long and must end with .vhd. " }, - "visible": "[equals(steps('chkp').useCustomImageUri, 'Yes')]" + "visible": "[equals(steps('chkp-advanced').useCustomImageUri, 'Yes')]" }, { "name": "customMetrics", @@ -1457,7 +1523,7 @@ { "name": "customMetricsInfoBox", "type": "Microsoft.Common.InfoBox", - "visible": "[and(equals(steps('chkp').customMetrics, 'yes'), not(equals(steps('chkp').managedSystemAssigned, 'yes')))]", + "visible": "[and(equals(steps('chkp-advanced').customMetrics, 'yes'), not(equals(steps('chkp-advanced').managedSystemAssigned, 'yes')))]", "options": { "icon": "Warning", "text": "CloudGuard metrics can't be used when System Assigned Identity is disabled" @@ -1521,7 +1587,7 @@ } ] }, - "visible": "[equals(steps('chkp').publicIPPrefix, 'yes')]" + "visible": "[equals(steps('chkp-advanced').publicIPPrefix, 'yes')]" }, { "name": "ipPrefixExistingResourceId", @@ -1534,63 +1600,7 @@ "regex": "^[a-z0-9A-Z -.:/n]{1,}$", "validationMessage": "Only alphanumeric characters, hyphens, spaces, periods, and colons are allowed." }, - "visible": "[equals(steps('chkp').createNewIPPrefix, 'no')]" - }, - { - "name": "allowSmart1CloudConnection", - "type": "Microsoft.Common.OptionsGroup", - "label": "Quick connect to Smart-1 Cloud", - "defaultValue": "Yes", - "toolTip": "Automatically connect this Cluster to Smart-1 Cloud - Check Point's Security Management as a Service", - "constraints": { - "allowedValues": [ - { - "label": "Yes", - "value": "yes" - }, - { - "label": "No", - "value": "no" - } - ] - }, - "visible": true - }, - { - "name": "smart1CloudTokenTxt", - "type": "Microsoft.Common.TextBlock", - "options": { - "text": "Follow these instructions to quickly connect this Cluster to Smart-1 Cloud", - "link": { - "label": "SK180501 - Connecting CloudGuard Network Security Public Cloud Gateways to Smart-1 Cloud", - "uri": "https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk180501" - } - }, - "visible": "[equals(steps('chkp').allowSmart1CloudConnection, 'yes')]" - }, - { - "name": "Smart1CloudTokenA", - "type": "Microsoft.Common.TextBox", - "label": "Smart-1 Cloud Token Member A", - "toolTip": "Paste here the token copied from the Connect Gateway (Member A) screen in Smart-1 Cloud portal", - "constraints": { - "required": true, - "regex": "[\\S\\s]{5,}", - "validationMessage": "Smart1Cloud Token Should contain at lease 5 characters" - }, - "visible": "[equals(steps('chkp').allowSmart1CloudConnection, 'yes')]" - }, - { - "name": "Smart1CloudTokenB", - "type": "Microsoft.Common.TextBox", - "label": "Smart-1 Cloud Token Member B", - "toolTip": "Paste here the token copied from the Connect Gateway (Member B) screen in Smart-1 Cloud portal", - "constraints": { - "required": true, - "regex": "[\\S\\s]{5,}", - "validationMessage": "Smart1Cloud Token Should contain at lease 5 characters" - }, - "visible": "[equals(steps('chkp').allowSmart1CloudConnection, 'yes')]" + "visible": "[equals(steps('chkp-advanced').createNewIPPrefix, 'no')]" } ] }, @@ -1926,6 +1936,15 @@ "name": "tags", "label": "Tags", "elements": [ + { + "name": "InfoTags", + "type": "Microsoft.Common.InfoBox", + "visible": "true", + "options": { + "icon": "Info", + "text": "Check Point automatically configures all tags required by the solution\nOPTIONAL: Additional tags can be added below" + } + }, { "name": "tagsByResource", "type": "Microsoft.Common.TagsByResource", @@ -1964,19 +1983,19 @@ "subnet2StartAddress": "[steps('network').virtualNetwork.subnets.subnet2.startAddress]", "vnetNewOrExisting": "[steps('network').virtualNetwork.newOrExisting]", "virtualNetworkExistingRGName": "[steps('network').virtualNetwork.resourceGroup]", - "bootstrapScript": "[steps('chkp').bootstrapScript]", - "allowDownloadFromUploadToCheckPoint": "[coalesce(steps('chkp').allowUploadDownload, 'true')]", - "additionalDiskSizeGB": "[int(steps('chkp').additionalDiskSizeGB)]", - "diskType": "[if(contains('R81.10' , steps('chkp').cloudGuardVersion) , steps('chkp').VMDiskTypeOldVersions , steps('chkp').VMDiskType)]", - "managedSystemAssigned": "[steps('chkp').managedSystemAssigned]", - "sourceImageVhdUri": "[coalesce(steps('chkp').sourceImageVhdUri, 'noCustomUri')]", - "availabilityOptions": "[steps('chkp').availabilityOptions]", - "customMetrics": "[steps('chkp').customMetrics]", - "floatingIP": "[steps('chkp').floatingIP]", - "publicIPPrefix": "[steps('chkp').publicIPPrefix]", - "createNewIPPrefix": "[steps('chkp').createNewIPPrefix]", - "ipPrefixExistingResourceId": "[steps('chkp').ipPrefixExistingResourceId]", - "adminShell": "[steps('chkp').adminShell]", + "bootstrapScript": "[steps('chkp-advanced').bootstrapScript]", + "allowDownloadFromUploadToCheckPoint": "[coalesce(steps('chkp-advanced').allowUploadDownload, 'true')]", + "additionalDiskSizeGB": "[int(steps('chkp-advanced').additionalDiskSizeGB)]", + "diskType": "[if(contains('R81.10' , steps('chkp').cloudGuardVersion) , steps('chkp-advanced').VMDiskTypeOldVersions , steps('chkp-advanced').VMDiskType)]", + "managedSystemAssigned": "[steps('chkp-advanced').managedSystemAssigned]", + "sourceImageVhdUri": "[coalesce(steps('chkp-advanced').sourceImageVhdUri, 'noCustomUri')]", + "availabilityOptions": "[steps('chkp-advanced').availabilityOptions]", + "customMetrics": "[steps('chkp-advanced').customMetrics]", + "floatingIP": "[steps('chkp-advanced').floatingIP]", + "publicIPPrefix": "[steps('chkp-advanced').publicIPPrefix]", + "createNewIPPrefix": "[steps('chkp-advanced').createNewIPPrefix]", + "ipPrefixExistingResourceId": "[steps('chkp-advanced').ipPrefixExistingResourceId]", + "adminShell": "[steps('chkp-advanced').adminShell]", "smart1CloudTokenA": "[steps('chkp').Smart1CloudTokenA]", "smart1CloudTokenB": "[steps('chkp').Smart1CloudTokenB]", "tagsByResource": "[steps('tags').tagsByResource]", @@ -1986,8 +2005,8 @@ "addStorageAccountIpRules": "[steps('network').addStorageAccountIpRules]", "VipsNumber": "[int(steps('network').Vips_Number)]", "VipNames": "[concat(steps('network').VIP_Names.VIP2_Name, ',', steps('network').VIP_Names.VIP3_Name, ',', steps('network').VIP_Names.VIP4_Name, ',', steps('network').VIP_Names.VIP5_Name, ',', steps('network').VIP_Names.VIP6_Name, ',', steps('network').VIP_Names.VIP7_Name, ',', steps('network').VIP_Names.VIP8_Name, ',', steps('network').VIP_Names.VIP9_Name, ',', steps('network').VIP_Names.VIP10_Name)]", - "SerialConsolePasswordHash": "[steps('chkp').AdditionalPassword]", - "MaintenanceModePasswordHash": "[steps('chkp').MaintenanceModePassword]" + "SerialConsolePasswordHash": "[steps('chkp-advanced').AdditionalPassword]", + "MaintenanceModePasswordHash": "[steps('chkp-advanced').MaintenanceModePassword]" } } } \ No newline at end of file diff --git a/azure/templates/marketplace-ha/mainTemplate.json b/azure/templates/marketplace-ha/mainTemplate.json index cebd2dfb..d4bf46ea 100644 --- a/azure/templates/marketplace-ha/mainTemplate.json +++ b/azure/templates/marketplace-ha/mainTemplate.json @@ -135,6 +135,7 @@ }, "sicKey": { "type": "securestring", + "defaultValue": "", "metadata": { "description": "One time key for Secure Internal Communication" } diff --git a/azure/templates/marketplace-management/createUiDefinition.json b/azure/templates/marketplace-management/createUiDefinition.json index f35c7c0f..0a3f1e55 100644 --- a/azure/templates/marketplace-management/createUiDefinition.json +++ b/azure/templates/marketplace-management/createUiDefinition.json @@ -53,19 +53,28 @@ "steps": [ { "name": "chkp", - "label": "Check Point Security Management Server settings", + "label": "CloudGuard Security Management Server settings", "subLabel": { "preValidation": "Configure additional settings", "postValidation": "Done" }, "bladeTitle": "Security Management settings", "elements": [ + { + "name": "InfoAzureAdminGuide", + "type": "Microsoft.Common.InfoBox", + "visible": "true", + "options": { + "icon": "Info", + "text": "See CloudGuard Network for Azure administration guide for detailed deployment and configuration steps " + } + }, { "name": "cloudGuardVersion", "type": "Microsoft.Common.DropDown", - "label": "Check Point CloudGuard version", + "label": "Version", "defaultValue": "R81.20", - "toolTip": "The version of Check Point CloudGuard.", + "toolTip": "Check Point Recommended version for all deployments is R81.20", "constraints": { "allowedValues": [ { @@ -88,7 +97,7 @@ "type": "Microsoft.Common.DropDown", "label": "License type", "toolTip": "The type of license.", - "defaultValue": "Bring Your Own License", + "defaultValue": "Pay As You Go (MGMT25)", "visible": true, "constraints": { "allowedValues": [ @@ -103,6 +112,15 @@ ] } }, + { + "name": "InfoVMSize", + "type": "Microsoft.Common.InfoBox", + "visible": "true", + "options": { + "icon": "Info", + "text": "Check Point recommends a minimum of 4 vCores for optimal operation" + } + }, { "name": "R8110vmSizeUiBYOL", "type": "Microsoft.Compute.SizeSelector", @@ -277,6 +295,84 @@ }, "count": 1 }, + { + "name": "managementGUIClientNetwork", + "type": "Microsoft.Common.TextBox", + "label": "Allow SmartConsole connections from these networks", + "toolTip": "Allow SmartConsole connections from the following CIDR networks, for example: 192.168.1.0/26", + "constraints": { + "required": true, + "regex": "^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\\/([0-9]|[1-2][0-9]|3[0-2]))$", + "validationMessage": "Enter a valid IPv4 network CIDR" + }, + "visible": "[equals(steps('chkp').installationType, 'management')]" + } + ] + }, + { + "name": "chkp-advanced", + "label": "CloudGuard Advanced settings", + "subLabel": { + "preValidation": "Configure additional settings", + "postValidation": "Done" + }, + "bladeTitle": "Security Management settings", + "elements": [ + { + "name": "InfoAdvanced", + "type": "Microsoft.Common.InfoBox", + "visible": "true", + "options": { + "icon": "Info", + "text": "This section includes OPTIONAL advanced configuration.\nTo proceed with Check Point default settings, click Next" + } + }, + { + "name": "installationType", + "type": "Microsoft.Common.DropDown", + "label": "Installation type", + "defaultValue": "Management", + "toolTip": "Select the type of deployment", + "constraints": { + "allowedValues": [ + { + "label": "Management", + "value": "management" + }, + { + "label": "Configure manually", + "value": "custom" + } + ] + } + }, + { + "name": "adminShell", + "type": "Microsoft.Common.DropDown", + "label": "Default shell for the admin user", + "defaultValue": "/etc/cli.sh", + "toolTip": "The default shell for the admin user", + "constraints": { + "allowedValues": [ + { + "label": "/etc/cli.sh", + "value": "/etc/cli.sh" + }, + { + "label": "/bin/bash", + "value": "/bin/bash" + }, + { + "label": "/bin/csh", + "value": "/bin/csh" + }, + { + "label": "/bin/tcsh", + "value": "/bin/tcsh" + } + ] + } + }, { "name": "SerialPasswordInfoBox", "type": "Microsoft.Common.InfoBox", @@ -287,11 +383,11 @@ } }, { - "visible": "[bool(basics('auth').sshPublicKey)]", + "visible": "[bool(basics('auth').sshPublicKey)]", "name": "EnableSerialConsolePassword", "type": "Microsoft.Common.OptionsGroup", "label": "Enable Serial console password", - "defaultValue": "Yes", + "defaultValue": "No", "toolTip": "A unique password hash to enable VM connection via serial console.", "constraints": { "allowedValues": [ @@ -310,7 +406,7 @@ "name": "AdditionalPassword", "type": "Microsoft.Common.PasswordBox", "toolTip": "Serial console password hash, used to enable password authentication (using serial console). To generate password hash use the command 'openssl passwd -6 PASSWORD'", - "visible": "[and(bool(basics('auth').sshPublicKey), steps('chkp').EnableSerialConsolePassword)]", + "visible": "[and(bool(basics('auth').sshPublicKey), steps('chkp-advanced').EnableSerialConsolePassword)]", "label": { "password": "Password hash", "confirmPassword": "Confirm password" @@ -335,26 +431,6 @@ }, { "visible": "[not(contains('R81.10', steps('chkp').cloudGuardVersion))]", - "name": "EnableMaintenanceMode", - "type": "Microsoft.Common.OptionsGroup", - "label": "Enable Maintenance Mode", - "defaultValue": "Yes", - "toolTip": "A unique password hash to enable VM maintenance mode.", - "constraints": { - "allowedValues": [ - { - "label": "Yes", - "value": true - }, - { - "label": "No", - "value": false - } - ] - } - }, - { - "visible": "[and(not(contains('R81.10', steps('chkp').cloudGuardVersion)), steps('chkp').EnableMaintenanceMode)]", "name": "MaintenanceModePassword", "type": "Microsoft.Common.PasswordBox", "defaultValue": "", @@ -364,71 +440,12 @@ "confirmPassword": "Confirm Password" }, "constraints": { - "required": true, "validationMessage": "The value must be the output of the hash command." }, "options": { "hideConfirmation": false } }, - { - "name": "installationType", - "type": "Microsoft.Common.DropDown", - "label": "Installation type", - "defaultValue": "Management", - "toolTip": "Select the type of deployment", - "constraints": { - "allowedValues": [ - { - "label": "Management", - "value": "management" - }, - { - "label": "Configure manually", - "value": "custom" - } - ] - } - }, - { - "name": "adminShell", - "type": "Microsoft.Common.DropDown", - "label": "Default shell for the admin user", - "defaultValue": "/etc/cli.sh", - "toolTip": "The default shell for the admin user", - "constraints": { - "allowedValues": [ - { - "label": "/etc/cli.sh", - "value": "/etc/cli.sh" - }, - { - "label": "/bin/bash", - "value": "/bin/bash" - }, - { - "label": "/bin/csh", - "value": "/bin/csh" - }, - { - "label": "/bin/tcsh", - "value": "/bin/tcsh" - } - ] - } - }, - { - "name": "managementGUIClientNetwork", - "type": "Microsoft.Common.TextBox", - "label": "Allowed GUI clients", - "toolTip": "GUI clients network CIDR", - "constraints": { - "required": true, - "regex": "^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\\/([0-9]|[1-2][0-9]|3[0-2]))$", - "validationMessage": "Enter a valid IPv4 network CIDR" - }, - "visible": "[equals(steps('chkp').installationType, 'management')]" - }, { "name": "bootstrapScript", "type": "Microsoft.Common.FileUpload", @@ -498,7 +515,7 @@ "value": "management_only" }, { - "label": "All IP Addresses that can be used for GUI clients", + "label": "All IP addresses that are allowed for SmartConsole connections", "value": "gui_clients" }, { @@ -510,7 +527,7 @@ "visible": true }, { - "visible": "[equals(steps('chkp').installationType, 'management')]", + "visible": "[equals(steps('chkp-advanced').installationType, 'management')]", "name": "allowUploadDownload", "type": "Microsoft.Common.OptionsGroup", "label": "Automatically download updates and share statistical data for product improvement purpose", @@ -530,15 +547,31 @@ } }, { - "name": "basics settings text block", - "type": "Microsoft.Common.TextBlock", - "visible": true, + "name": "identityAccessManagement" , + "type": "Microsoft.Common.OptionsGroup", + "label": "Create a System Assigned Identity", + "toolTip": "Automatically create a Service Principal for this deployment.", + "defaultValue": "Yes", + "constraints": { + "allowedValues": [ + { + "label": "Yes", + "value": true + }, + { + "label": "No", + "value": false + } + ] + } + }, + { + "name": "InfoVMDiskSpace", + "type": "Microsoft.Common.InfoBox", + "visible": "true", "options": { - "text": "Please follow the Check Point referenced guide for adding disk space.", - "link": { - "label": "Additional disk space in CloudGuard", - "uri": "https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk156552" - } + "icon": "Info", + "text": "See Adding disk space in CloudGuard for instructions on adding additional disk space " } }, { @@ -579,11 +612,11 @@ "label": "Development Image URI", "toolTip": "The URI of the blob containing the development image", "constraints": { - "required": "[equals(steps('chkp').useCustomImageUri, 'Yes')]", + "required": "[equals(steps('chkp-advanced').useCustomImageUri, 'Yes')]", "regex": "^[a-z0-9A-Z_\\-\\.\\:\\/]{1,500}.vhd$", "validationMessage": "Only alphanumeric characters and '_','-','.',':','/' are allowed, the value must be 1-500 characters long and must end with .vhd. " }, - "visible": "[equals(steps('chkp').useCustomImageUri, 'Yes')]" + "visible": "[equals(steps('chkp-advanced').useCustomImageUri, 'Yes')]" } ] }, @@ -711,6 +744,15 @@ "name": "tags", "label": "Tags", "elements": [ + { + "name": "InfoTags", + "type": "Microsoft.Common.InfoBox", + "visible": "true", + "options": { + "icon": "Info", + "text": "Check Point automatically configures all tags required by the solution\nOPTIONAL: Additional tags can be added below" + } + }, { "name": "tagsByResource", "type": "Microsoft.Common.TagsByResource", @@ -744,21 +786,22 @@ "vnetNewOrExisting": "[steps('network').virtualNetwork.newOrExisting]", "virtualNetworkExistingRGName": "[steps('network').virtualNetwork.resourceGroup]", "managementGUIClientNetwork": "[steps('chkp').managementGUIClientNetwork]", - "installationType": "[steps('chkp').installationType]", - "bootstrapScript": "[steps('chkp').bootstrapScript]", - "allowDownloadFromUploadToCheckPoint": "[coalesce(steps('chkp').allowUploadDownload, 'true')]", - "additionalDiskSizeGB": "[int(steps('chkp').additionalDiskSizeGB)]", - "diskType": "[if(contains('R81.10' , steps('chkp').cloudGuardVersion) , steps('chkp').VMDiskTypeOldVersions , steps('chkp').VMDiskType)]", - "sourceImageVhdUri": "[coalesce(steps('chkp').sourceImageVhdUri, 'noCustomUri')]", - "enableApi": "[steps('chkp').enableApi]", - "adminShell": "[steps('chkp').adminShell]", + "installationType": "[steps('chkp-advanced').installationType]", + "bootstrapScript": "[steps('chkp-advanced').bootstrapScript]", + "allowDownloadFromUploadToCheckPoint": "[coalesce(steps('chkp-advanced').allowUploadDownload, 'true')]", + "msi" : "[steps('chkp-advanced').identityAccessManagement]", + "additionalDiskSizeGB": "[int(steps('chkp-advanced').additionalDiskSizeGB)]", + "diskType": "[if(contains('R81.10' , steps('chkp-advanced').cloudGuardVersion) , steps('chkp-advanced').VMDiskTypeOldVersions , steps('chkp-advanced').VMDiskType)]", + "sourceImageVhdUri": "[coalesce(steps('chkp-advanced').sourceImageVhdUri, 'noCustomUri')]", + "enableApi": "[steps('chkp-advanced').enableApi]", + "adminShell": "[steps('chkp-advanced').adminShell]", "tagsByResource": "[steps('tags').tagsByResource]", "deployNewNSG": "[steps('network').NSG]", "ExistingNSG": "[steps('network').nsgSelector]", "NewNsgName": "[steps('network').NSGName]", "addStorageAccountIpRules": "[steps('network').addStorageAccountIpRules]", - "SerialConsolePasswordHash": "[steps('chkp').AdditionalPassword]", - "MaintenanceModePasswordHash": "[steps('chkp').MaintenanceModePassword]" + "SerialConsolePasswordHash": "[steps('chkp-advanced').AdditionalPassword]", + "MaintenanceModePasswordHash": "[steps('chkp-advanced').MaintenanceModePassword]" } } } \ No newline at end of file diff --git a/azure/templates/marketplace-management/mainTemplate.json b/azure/templates/marketplace-management/mainTemplate.json index bddd034b..6a400ce3 100644 --- a/azure/templates/marketplace-management/mainTemplate.json +++ b/azure/templates/marketplace-management/mainTemplate.json @@ -212,7 +212,7 @@ }, "msi": { "type": "bool", - "defaultValue": false, + "defaultValue": true, "metadata": { "description": "Configure managed service identity for the VM" } diff --git a/azure/templates/marketplace-mds/createUiDefinition.json b/azure/templates/marketplace-mds/createUiDefinition.json index 87e4004f..aab140b1 100644 --- a/azure/templates/marketplace-mds/createUiDefinition.json +++ b/azure/templates/marketplace-mds/createUiDefinition.json @@ -53,19 +53,28 @@ "steps": [ { "name": "chkp", - "label": "Check Point Multi-Domain Server settings", + "label": "CloudGuard Multi-Domain Server settings", "subLabel": { "preValidation": "Configure additional settings", "postValidation": "Done" }, "bladeTitle": "Multi-Domain Server settings", "elements": [ + { + "name": "InfoAzureAdminGuide", + "type": "Microsoft.Common.InfoBox", + "visible": "true", + "options": { + "icon": "Info", + "text": "See CloudGuard Network for Azure administration guide for detailed deployment and configuration steps" + } + }, { "name": "cloudGuardVersion", "type": "Microsoft.Common.DropDown", - "label": "Check Point CloudGuard version", + "label": "Version", "defaultValue": "R81.20", - "toolTip": "The version of Check Point CloudGuard.", + "toolTip": "Check Point Recommended version for all deployments is R81.20", "constraints": { "allowedValues": [ { @@ -99,6 +108,15 @@ ] } }, + { + "name": "InfoVMSize", + "type": "Microsoft.Common.InfoBox", + "visible": "true", + "options": { + "icon": "Info", + "text": "Check Point recommends a minimum of 4 vCores for optimal operation" + } + }, { "name": "R8110vmSizeUiBYOL", "type": "Microsoft.Compute.SizeSelector", @@ -186,6 +204,38 @@ }, "count": 1 }, + { + "name": "managementGUIClientNetwork", + "type": "Microsoft.Common.TextBox", + "label": "Allow SmartConsole connections from these networks", + "toolTip": "Allow SmartConsole connections from the following CIDR networks, for example: 192.168.1.0/26", + "constraints": { + "required": true, + "regex": "(^0\\.0\\.0\\.0\\/0$)|(^(?!0\\.0\\.0\\.0$)(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\\/32)?$)", + "validationMessage": "Enter a valid IPv4 network CIDR (only 0.0.0.0/0, X.X.X.X/32 or X.X.X.X are acceptable)" + }, + "visible": true + } + ] + }, + { + "name": "chkp-advanced", + "label": "CloudGuard Advanced settings", + "subLabel": { + "preValidation": "Configure additional settings", + "postValidation": "Done" + }, + "bladeTitle": "Multi-Domain Server settings", + "elements": [ + { + "name": "InfoAdvanced", + "type": "Microsoft.Common.InfoBox", + "visible": "true", + "options": { + "icon": "Info", + "text": "This section includes OPTIONAL advanced configuration.\nTo proceed with Check Point default settings, click Next" + } + }, { "name": "installationType", "type": "Microsoft.Common.DropDown", @@ -209,6 +259,33 @@ ] } }, + { + "name": "adminShell", + "type": "Microsoft.Common.DropDown", + "label": "Default shell for the admin user", + "defaultValue": "/etc/cli.sh", + "toolTip": "The default shell for the admin user", + "constraints": { + "allowedValues": [ + { + "label": "/etc/cli.sh", + "value": "/etc/cli.sh" + }, + { + "label": "/bin/bash", + "value": "/bin/bash" + }, + { + "label": "/bin/csh", + "value": "/bin/csh" + }, + { + "label": "/bin/tcsh", + "value": "/bin/tcsh" + } + ] + } + }, { "name": "SerialPasswordInfoBox", "type": "Microsoft.Common.InfoBox", @@ -223,7 +300,7 @@ "name": "EnableSerialConsolePassword", "type": "Microsoft.Common.OptionsGroup", "label": "Enable Serial console password", - "defaultValue": "Yes", + "defaultValue": "No", "toolTip": "A unique password hash to enable VM connection via serial console.", "constraints": { "allowedValues": [ @@ -242,7 +319,7 @@ "name": "AdditionalPassword", "type": "Microsoft.Common.PasswordBox", "toolTip": "Serial console password hash, used to enable password authentication (using serial console). To generate password hash use the command 'openssl passwd -6 PASSWORD'", - "visible": "[and(bool(basics('auth').sshPublicKey), steps('chkp').EnableSerialConsolePassword)]", + "visible": "[and(bool(basics('auth').sshPublicKey), steps('chkp-advanced').EnableSerialConsolePassword)]", "label": { "password": "Password hash", "confirmPassword": "Confirm password" @@ -267,26 +344,6 @@ }, { "visible": "[not(contains('R81.10', steps('chkp').cloudGuardVersion))]", - "name": "EnableMaintenanceMode", - "type": "Microsoft.Common.OptionsGroup", - "label": "Enable Maintenance Mode", - "defaultValue": "Yes", - "toolTip": "A unique password hash to enable VM maintenance mode.", - "constraints": { - "allowedValues": [ - { - "label": "Yes", - "value": true - }, - { - "label": "No", - "value": false - } - ] - } - }, - { - "visible": "[and(not(contains('R81.10', steps('chkp').cloudGuardVersion)), steps('chkp').EnableMaintenanceMode)]", "name": "MaintenanceModePassword", "type": "Microsoft.Common.PasswordBox", "defaultValue": "", @@ -296,52 +353,12 @@ "confirmPassword": "Confirm Password" }, "constraints": { - "required": true, "validationMessage": "The value must be the output of the hash command." }, "options": { "hideConfirmation": false } }, - { - "name": "adminShell", - "type": "Microsoft.Common.DropDown", - "label": "Default shell for the admin user", - "defaultValue": "/etc/cli.sh", - "toolTip": "The default shell for the admin user", - "constraints": { - "allowedValues": [ - { - "label": "/etc/cli.sh", - "value": "/etc/cli.sh" - }, - { - "label": "/bin/bash", - "value": "/bin/bash" - }, - { - "label": "/bin/csh", - "value": "/bin/csh" - }, - { - "label": "/bin/tcsh", - "value": "/bin/tcsh" - } - ] - } - }, - { - "name": "managementGUIClientNetwork", - "type": "Microsoft.Common.TextBox", - "label": "Allowed GUI clients", - "toolTip": "GUI clients network CIDR", - "constraints": { - "required": true, - "regex": "(^0\\.0\\.0\\.0\\/0$)|(^(?!0\\.0\\.0\\.0$)(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\\/32)?$)", - "validationMessage": "Enter a valid IPv4 network CIDR (only 0.0.0.0/0, X.X.X.X/32 or X.X.X.X are acceptable)" - }, - "visible": true - }, { "name": "sicKeyUi", "type": "Microsoft.Common.PasswordBox", @@ -358,7 +375,7 @@ "options": { "hideConfirmation": false }, - "visible": "[not(equals(steps('chkp').installationType, 'mds-primary'))]" + "visible": "[not(equals(steps('chkp-advanced').installationType, 'mds-primary'))]" }, { "name": "bootstrapScript", @@ -396,15 +413,32 @@ } }, { - "name": "basics settings text block", - "type": "Microsoft.Common.TextBlock", - "visible": true, + "visible": "[not(equals(steps('chkp-advanced').installationType, 'mds-logserver'))]", + "name": "identityAccessManagement" , + "type": "Microsoft.Common.OptionsGroup", + "label": "Create a System Assigned Identity", + "toolTip": "Automatically create a Service Principal for this deployment.", + "defaultValue": "Yes", + "constraints": { + "allowedValues": [ + { + "label": "Yes", + "value": true + }, + { + "label": "No", + "value": false + } + ] + } + }, + { + "name": "InfoVMDiskSpace", + "type": "Microsoft.Common.InfoBox", + "visible": "true", "options": { - "text": "Please follow the Check Point referenced guide for adding disk space.", - "link": { - "label": "Additional disk space in CloudGuard", - "uri": "https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk156552" - } + "icon": "Info", + "text": "See Adding disk space in CloudGuard for instructions on adding additional disk space " } }, { @@ -485,11 +519,11 @@ "label": "Development Image URI", "toolTip": "The URI of the blob containing the development image", "constraints": { - "required": "[equals(steps('chkp').useCustomImageUri, 'Yes')]", + "required": "[equals(steps('chkp-advanced').useCustomImageUri, 'Yes')]", "regex": "^[a-z0-9A-Z_\\-\\.\\:\\/]{1,500}.vhd$", "validationMessage": "Only alphanumeric characters and '_','-','.',':','/' are allowed, the value must be 1-500 characters long and must end with .vhd. " }, - "visible": "[equals(steps('chkp').useCustomImageUri, 'Yes')]" + "visible": "[equals(steps('chkp-advanced').useCustomImageUri, 'Yes')]" } ] }, @@ -617,6 +651,15 @@ "name": "tags", "label": "Tags", "elements": [ + { + "name": "InfoTags", + "type": "Microsoft.Common.InfoBox", + "visible": "true", + "options": { + "icon": "Info", + "text": "Check Point automatically configures all tags required by the solution\nOPTIONAL: Additional tags can be added below" + } + }, { "name": "tagsByResource", "type": "Microsoft.Common.TagsByResource", @@ -650,21 +693,22 @@ "vnetNewOrExisting": "[steps('network').virtualNetwork.newOrExisting]", "virtualNetworkExistingRGName": "[steps('network').virtualNetwork.resourceGroup]", "managementGUIClientNetwork": "[if(contains(steps('chkp').managementGUIClientNetwork, '/'), steps('chkp').managementGUIClientNetwork, concat(steps('chkp').managementGUIClientNetwork, '/32'))]", - "sicKey": "[coalesce(steps('chkp').sicKeyUi, 'notused')]", - "installationType": "[steps('chkp').installationType]", - "bootstrapScript": "[steps('chkp').bootstrapScript]", - "allowDownloadFromUploadToCheckPoint": "[coalesce(steps('chkp').allowUploadDownload, 'true')]", - "additionalDiskSizeGB": "[int(steps('chkp').additionalDiskSizeGB)]", - "diskType": "[if(contains('R81.10' , steps('chkp').cloudGuardVersion) , steps('chkp').VMDiskTypeOldVersions , steps('chkp').VMDiskType)]", - "sourceImageVhdUri": "[coalesce(steps('chkp').sourceImageVhdUri, 'noCustomUri')]", - "adminShell": "[steps('chkp').adminShell]", + "sicKey": "[coalesce(steps('chkp-advanced').sicKeyUi, 'notused')]", + "installationType": "[steps('chkp-advanced').installationType]", + "bootstrapScript": "[steps('chkp-advanced').bootstrapScript]", + "allowDownloadFromUploadToCheckPoint": "[coalesce(steps('chkp-advanced').allowUploadDownload, 'true')]", + "msi" : "[steps('chkp-advanced').identityAccessManagement]", + "additionalDiskSizeGB": "[int(steps('chkp-advanced').additionalDiskSizeGB)]", + "diskType": "[if(contains('R81.10' , steps('chkp').cloudGuardVersion) , steps('chkp-advanced').VMDiskTypeOldVersions , steps('chkp-advanced').VMDiskType)]", + "sourceImageVhdUri": "[coalesce(steps('chkp-advanced').sourceImageVhdUri, 'noCustomUri')]", + "adminShell": "[steps('chkp-advanced').adminShell]", "tagsByResource": "[steps('tags').tagsByResource]", "deployNewNSG": "[steps('network').NSG]", "ExistingNSG": "[steps('network').nsgSelector]", "NewNsgName": "[steps('network').NSGName]", "addStorageAccountIpRules": "[steps('network').addStorageAccountIpRules]", - "SerialConsolePasswordHash": "[steps('chkp').AdditionalPassword]", - "MaintenanceModePasswordHash": "[steps('chkp').MaintenanceModePassword]" + "SerialConsolePasswordHash": "[steps('chkp-advanced').AdditionalPassword]", + "MaintenanceModePasswordHash": "[steps('chkp-advanced').MaintenanceModePassword]" } } } \ No newline at end of file diff --git a/azure/templates/marketplace-mds/mainTemplate.json b/azure/templates/marketplace-mds/mainTemplate.json index 7f3e328b..2a865d46 100644 --- a/azure/templates/marketplace-mds/mainTemplate.json +++ b/azure/templates/marketplace-mds/mainTemplate.json @@ -204,7 +204,7 @@ }, "msi": { "type": "bool", - "defaultValue": false, + "defaultValue": true, "metadata": { "description": "Configure managed service identity for the VM" } diff --git a/azure/templates/marketplace-single/createUiDefinition.json b/azure/templates/marketplace-single/createUiDefinition.json index 77059428..d5ad1525 100644 --- a/azure/templates/marketplace-single/createUiDefinition.json +++ b/azure/templates/marketplace-single/createUiDefinition.json @@ -53,19 +53,28 @@ "steps": [ { "name": "chkp", - "label": "Check Point CloudGuard settings", + "label": "CloudGuard Gateway settings", "subLabel": { "preValidation": "Configure CloudGuard settings", "postValidation": "Done" }, "bladeTitle": "CloudGuard settings", "elements": [ + { + "name": "InfoAzureAdminGuide", + "type": "Microsoft.Common.InfoBox", + "visible": "true", + "options": { + "icon": "Info", + "text": "See CloudGuard Network for Azure administration guide for detailed deployment and configuration steps " + } + }, { "name": "cloudGuardVersion", "type": "Microsoft.Common.DropDown", - "label": "Check Point CloudGuard version", + "label": "Version", "defaultValue": "R81.20", - "toolTip": "The version of Check Point CloudGuard.", + "toolTip": "Check Point Recommended version for all deployments is R81.20", "constraints": { "allowedValues": [ { @@ -88,7 +97,7 @@ "type": "Microsoft.Common.DropDown", "label": "License type", "toolTip": "The type of license.", - "defaultValue": "Bring Your Own License", + "defaultValue": "Pay As You Go (NGTX)", "visible": true, "constraints": { "allowedValues": [ @@ -107,6 +116,15 @@ ] } }, + { + "name": "InfoVMSize", + "type": "Microsoft.Common.InfoBox", + "visible": "true", + "options": { + "icon": "Info", + "text": "Check Point recommends a minimum of 4 vCores for optimal operation" + } + }, { "name": "R8110vmSizeUiBYOL", "type": "Microsoft.Compute.SizeSelector", @@ -1124,6 +1142,85 @@ }, "count": 1 }, + { + "name": "ManagementConnection", + "type": "Microsoft.Common.OptionsGroup", + "label": "Choose Management Option", + "defaultValue": "Connect the security GW to my SaaS management (Smart1-Cloud)", + "toolTip": "Automatically connect this single gateway to Smart-1 Cloud - Check Point's Security Management as a Service", + "constraints": { + "allowedValues": [ + { + "label": "Connect the security GW to my SaaS management (Smart1-Cloud)", + "value": "Connect the security GW to my SaaS management (Smart1-Cloud)" + }, + { + "label": "Connect the security GW to my IaaS management", + "value": "Connect the security GW to my IaaS management" + } + ] + }, + "visible": "[equals(steps('chkp-advanced').installationType, 'gateway')]" + }, + { + "name": "InfoS1C", + "type": "Microsoft.Common.InfoBox", + "visible": "[equals(steps('chkp').ManagementConnection, 'Connect the security GW to my SaaS management (Smart1-Cloud)')]", + "options": { + "icon": "Info", + "text": "Connect the security GW to my SaaS management (Smart1-Cloud)
sk180501-Connecting CloudGuard Network Security Public Cloud Gateway to Smart-1 Cloud." + } + }, + { + "name": "Smart1CloudToken", + "type": "Microsoft.Common.TextBox", + "label": "Smart-1 Cloud Token", + "toolTip": "Paste here the token copied from the Connect Gateway screen in Smart-1 Cloud portal", + "constraints": { + "required": true, + "regex": "[\\S\\s]{5,}", + "validationMessage": "Smart1Cloud Token Should contain at lease 5 characters" + }, + "visible": "[equals(steps('chkp').ManagementConnection, 'Connect the security GW to my SaaS management (Smart1-Cloud)')]" + }, + { + "name": "sicKeyUi", + "type": "Microsoft.Common.PasswordBox", + "label": { + "password": "SIC key", + "confirmPassword": "Confirm SIC key" + }, + "toolTip": "Set the Secure Internal Communication one time secret used to set up trust between the gateway and the management server.", + "constraints": { + "required": true, + "regex": "^[a-z0-9A-Z]{12,30}$", + "validationMessage": "Only alphanumeric characters are allowed, and the value must be 12-30 characters long." + }, + "options": { + "hideConfirmation": false + }, + "visible": "[and(not(equals(steps('chkp-advanced').installationType, 'standalone')),equals(steps('chkp').ManagementConnection, 'Connect the security GW to my IaaS management'))]" + } + ] + }, + { + "name": "chkp-advanced", + "label": "CloudGuard Advanced settings", + "subLabel": { + "preValidation": "Configure CloudGuard Advanced settings", + "postValidation": "Done" + }, + "bladeTitle": "CloudGuard Advanced settings", + "elements": [ + { + "name": "InfoAdvanced", + "type": "Microsoft.Common.InfoBox", + "visible": "true", + "options": { + "icon": "Info", + "text": "This section includes OPTIONAL advanced configuration.\nTo proceed with Check Point default settings, click Next" + } + }, { "name": "installationType", "type": "Microsoft.Common.DropDown", @@ -1138,12 +1235,24 @@ "value": "gateway" }, { - "label": "Standalone", + "label": "Gateway & Management in one server", "value": "standalone" } ] } }, + { + "name": "managementGUIClientNetwork", + "type": "Microsoft.Common.TextBox", + "label": "Allow SmartConsole connections from these networks", + "toolTip": "Allow SmartConsole connections from the following CIDR networks, for example: 192.168.1.0/26", + "constraints": { + "required": true, + "regex": "^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\\/([0-9]|[1-2][0-9]|3[0-2]))$", + "validationMessage": "Enter a valid IPv4 network CIDR" + }, + "visible": "[and(or(equals(steps('chkp').cloudGuardVersion, 'R81.10'), equals(steps('chkp').cloudGuardVersion, 'R81.20'), equals(steps('chkp').cloudGuardVersion, 'R82')), equals(steps('chkp-advanced').installationType, 'standalone'))]" + }, { "name": "adminShell", "type": "Microsoft.Common.DropDown", @@ -1174,42 +1283,12 @@ { "name": "standaloneValidation", "type": "Microsoft.Common.InfoBox", - "visible": "[and(equals(steps('chkp').installationType, 'standalone'), not(and(equals(steps('chkp').R80Offer, 'Bring Your Own License'),or(equals(steps('chkp').cloudGuardVersion, 'R81.10'), equals(steps('chkp').cloudGuardVersion, 'R81.20'), equals(steps('chkp').cloudGuardVersion, 'R82')))))]", + "visible": "[and(equals(steps('chkp-advanced').installationType, 'standalone'), not(and(equals(steps('chkp').R80Offer, 'Bring Your Own License'),or(equals(steps('chkp').cloudGuardVersion, 'R81.10'), equals(steps('chkp').cloudGuardVersion, 'R81.20'), equals(steps('chkp').cloudGuardVersion, 'R82')))))]", "options": { "icon": "Error", "text": "Standalone deployment is ONLY supported for CloudGuard versions R81.10, R81.20 and R82 Bring Your Own License." } }, - { - "name": "managementGUIClientNetwork", - "type": "Microsoft.Common.TextBox", - "label": "Allowed GUI clients", - "toolTip": "GUI clients network CIDR", - "constraints": { - "required": true, - "regex": "^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\\/([0-9]|[1-2][0-9]|3[0-2]))$", - "validationMessage": "Enter a valid IPv4 network CIDR" - }, - "visible": "[and(or(equals(steps('chkp').cloudGuardVersion, 'R81.10'), equals(steps('chkp').cloudGuardVersion, 'R81.20'), equals(steps('chkp').cloudGuardVersion, 'R82')), equals(steps('chkp').installationType, 'standalone'))]" - }, - { - "name": "sicKeyUi", - "type": "Microsoft.Common.PasswordBox", - "label": { - "password": "SIC key", - "confirmPassword": "Confirm SIC key" - }, - "toolTip": "Set the Secure Internal Communication one time secret used to set up trust between the gateway and the management server.", - "constraints": { - "required": true, - "regex": "^[a-z0-9A-Z]{12,30}$", - "validationMessage": "Only alphanumeric characters are allowed, and the value must be 12-30 characters long." - }, - "options": { - "hideConfirmation": false - }, - "visible": "[not(equals(steps('chkp').installationType, 'standalone'))]" - }, { "name": "SerialPasswordInfoBox", "type": "Microsoft.Common.InfoBox", @@ -1220,11 +1299,11 @@ } }, { - "visible": "[bool(basics('auth').sshPublicKey)]", + "visible": "[bool(basics('auth').sshPublicKey)]", "name": "EnableSerialConsolePassword", "type": "Microsoft.Common.OptionsGroup", "label": "Enable Serial console password", - "defaultValue": "Yes", + "defaultValue": "No", "toolTip": "A unique password hash to enable VM connection via serial console.", "constraints": { "allowedValues": [ @@ -1243,7 +1322,7 @@ "name": "AdditionalPassword", "type": "Microsoft.Common.PasswordBox", "toolTip": "Serial console password hash, used to enable password authentication (using serial console). To generate password hash use the command 'openssl passwd -6 PASSWORD'", - "visible": "[and(bool(basics('auth').sshPublicKey), steps('chkp').EnableSerialConsolePassword)]", + "visible": "[and(bool(basics('auth').sshPublicKey), steps('chkp-advanced').EnableSerialConsolePassword)]", "label": { "password": "Password hash", "confirmPassword": "Confirm password" @@ -1260,34 +1339,14 @@ { "name": "MaintenanceModeInfoBox", "type": "Microsoft.Common.InfoBox", - "visible": "[and(bool(basics('auth').password), not(contains('R81.10', steps('chkp').cloudGuardVersion)))]", + "visible": "true", "options": { "icon": "Info", "text": "Check Point recommends setting a maintenance-mode password for recovery purposes." } }, { - "visible": "[not(contains('R81.10', steps('chkp').cloudGuardVersion))]", - "name": "EnableMaintenanceMode", - "type": "Microsoft.Common.OptionsGroup", - "label": "Enable Maintenance Mode", - "defaultValue": "Yes", - "toolTip": "A unique password hash to enable VM maintenance mode.", - "constraints": { - "allowedValues": [ - { - "label": "Yes", - "value": true - }, - { - "label": "No", - "value": false - } - ] - } - }, - { - "visible": "[and(not(contains('R81.10', steps('chkp').cloudGuardVersion)), steps('chkp').EnableMaintenanceMode)]", + "visible": "true", "name": "MaintenanceModePassword", "type": "Microsoft.Common.PasswordBox", "defaultValue": "", @@ -1297,7 +1356,6 @@ "confirmPassword": "Confirm Password" }, "constraints": { - "required": true, "validationMessage": "The value must be the output of the hash command." }, "options": { @@ -1321,7 +1379,7 @@ } }, { - "visible": "[or(not(equals(steps('chkp').cloudGuardVersion, 'R80.10')), not(equals(steps('chkp').installationType, 'custom')))]", + "visible": "[or(not(equals(steps('chkp').cloudGuardVersion, 'R80.10')), not(equals(steps('chkp-advanced').installationType, 'custom')))]", "name": "allowUploadDownload", "type": "Microsoft.Common.OptionsGroup", "label": "Automatically download updates and share statistical data for product improvement purpose", @@ -1381,15 +1439,12 @@ } }, { - "name": "basics settings text block", - "type": "Microsoft.Common.TextBlock", - "visible": true, + "name": "InfoVMDiskSpace", + "type": "Microsoft.Common.InfoBox", + "visible": "true", "options": { - "text": "Please follow the Check Point referenced guide for adding disk space.", - "link": { - "label": "Additional disk space in CloudGuard", - "uri": "https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk156552" - } + "icon": "Info", + "text": "See Adding disk space in CloudGuard for instructions on adding additional disk space " } }, { @@ -1430,11 +1485,11 @@ "label": "Development Image URI", "toolTip": "The URI of the blob containing the development image", "constraints": { - "required": "[equals(steps('chkp').useCustomImageUri, 'Yes')]", + "required": "[equals(steps('chkp-advanced').useCustomImageUri, 'Yes')]", "regex": "^[a-z0-9A-Z_\\-\\.\\:\\/]{1,500}.vhd$", "validationMessage": "Only alphanumeric characters and '_','-','.',':','/' are allowed, the value must be 1-500 characters long and must end with .vhd. " }, - "visible": "[equals(steps('chkp').useCustomImageUri, 'Yes')]" + "visible": "[equals(steps('chkp-advanced').useCustomImageUri, 'Yes')]" }, { "name": "customMetrics", @@ -1443,27 +1498,6 @@ "defaultValue": "Yes", "toolTip": "Enable CloudGuard metrics in order to send statuses and statistics collected from Gateway or Standalone to the Azure Monitor service.", "constraints": { - "allowedValues": [ - { - "label": "Yes", - "value": "yes" - }, - { - "label": "No", - "value": "no" - } - ], - "required": true - }, - "visible": true - }, - { - "name": "allowSmart1CloudConnection", - "type": "Microsoft.Common.OptionsGroup", - "label": "Quick connect to Smart-1 Cloud", - "defaultValue": "Yes", - "toolTip": "Automatically connect this single gateway to Smart-1 Cloud - Check Point's Security Management as a Service", - "constraints": { "allowedValues": [ { "label": "Yes", @@ -1475,32 +1509,8 @@ } ] }, - "visible": "[equals(steps('chkp').installationType, 'gateway')]" - }, - { - "name": "smart1CloudTokenTxt", - "type": "Microsoft.Common.TextBlock", - "options": { - "text": "Follow these instructions to quickly connect this single gateway to Smart-1 Cloud", - "link": { - "label": "SK180501 - Connecting CloudGuard Network Security Public Cloud Gateways to Smart-1 Cloud", - "uri": "https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk180501" - } - }, - "visible": "[equals(steps('chkp').allowSmart1CloudConnection, 'yes')]" - }, - { - "name": "Smart1CloudToken", - "type": "Microsoft.Common.TextBox", - "label": "Smart-1 Cloud Token", - "toolTip": "Paste here the token copied from the Connect Gateway screen in Smart-1 Cloud portal", - "constraints": { - "required": true, - "regex": "[\\S\\s]{5,}", - "validationMessage": "Smart1Cloud Token Should contain at lease 5 characters" - }, - "visible": "[equals(steps('chkp').allowSmart1CloudConnection, 'yes')]" - } + "visible": true + } ] }, { @@ -1639,6 +1649,15 @@ "name": "tags", "label": "Tags", "elements": [ + { + "name": "InfoTags", + "type": "Microsoft.Common.InfoBox", + "visible": "true", + "options": { + "icon": "Info", + "text": "Check Point automatically configures all tags required by the solution\nOPTIONAL: Additional tags can be added below" + } + }, { "name": "tagsByResource", "type": "Microsoft.Common.TagsByResource", @@ -1659,8 +1678,8 @@ "location": "[location()]", "cloudGuardVersion": "[concat(steps('chkp').cloudGuardVersion, ' - ', coalesce(steps('chkp').R80Offer, 'Bring Your Own License'))]", "adminPassword": "[basics('auth').password]", - "SerialConsolePasswordHash": "[steps('chkp').AdditionalPassword]", - "MaintenanceModePasswordHash": "[steps('chkp').MaintenanceModePassword]", + "SerialConsolePasswordHash": "[steps('chkp-advanced').AdditionalPassword]", + "MaintenanceModePasswordHash": "[steps('chkp-advanced').MaintenanceModePassword]", "authenticationType": "[basics('auth').authenticationType]", "sshPublicKey": "[basics('auth').sshPublicKey]", "vmName": "[basics('gatewayNameUi')]", @@ -1676,15 +1695,15 @@ "Subnet2StartAddress": "[steps('network').virtualNetwork.subnets.subnet2.startAddress]", "vnetNewOrExisting": "[steps('network').virtualNetwork.newOrExisting]", "virtualNetworkExistingRGName": "[steps('network').virtualNetwork.resourceGroup]", - "managementGUIClientNetwork": "[steps('chkp').managementGUIClientNetwork]", - "installationType": "[steps('chkp').installationType]", - "bootstrapScript": "[steps('chkp').bootstrapScript]", - "allowDownloadFromUploadToCheckPoint": "[coalesce(steps('chkp').allowUploadDownload, 'true')]", - "additionalDiskSizeGB": "[int(steps('chkp').additionalDiskSizeGB)]", - "diskType": "[if(contains('R81.10' , steps('chkp').cloudGuardVersion) , steps('chkp').VMDiskTypeOldVersions , steps('chkp').VMDiskType)]", - "sourceImageVhdUri": "[coalesce(steps('chkp').sourceImageVhdUri, 'noCustomUri')]", - "customMetrics": "[steps('chkp').customMetrics]", - "adminShell": "[steps('chkp').adminShell]", + "managementGUIClientNetwork": "[steps('chkp-advanced').managementGUIClientNetwork]", + "installationType": "[steps('chkp-advanced').installationType]", + "bootstrapScript": "[steps('chkp-advanced').bootstrapScript]", + "allowDownloadFromUploadToCheckPoint": "[coalesce(steps('chkp-advanced').allowUploadDownload, 'true')]", + "additionalDiskSizeGB": "[int(steps('chkp-advanced').additionalDiskSizeGB)]", + "diskType": "[if(contains('R81.10' , steps('chkp').cloudGuardVersion) , steps('chkp-advanced').VMDiskTypeOldVersions , steps('chkp-advanced').VMDiskType)]", + "sourceImageVhdUri": "[coalesce(steps('chkp-advanced').sourceImageVhdUri, 'noCustomUri')]", + "customMetrics": "[steps('chkp-advanced').customMetrics]", + "adminShell": "[steps('chkp-advanced').adminShell]", "smart1CloudToken": "[steps('chkp').Smart1CloudToken]", "tagsByResource": "[steps('tags').tagsByResource]", "deployNewNSG": "[steps('network').NSG]", @@ -1694,3 +1713,4 @@ } } } + diff --git a/azure/templates/marketplace-single/mainTemplate.json b/azure/templates/marketplace-single/mainTemplate.json index d3216bf3..766d7f7c 100644 --- a/azure/templates/marketplace-single/mainTemplate.json +++ b/azure/templates/marketplace-single/mainTemplate.json @@ -101,6 +101,7 @@ }, "sicKey": { "type": "securestring", + "defaultValue": "", "metadata": { "description": "One time key for Secure Internal Communication" } diff --git a/azure/templates/marketplace-vmss/createUiDefinition.json b/azure/templates/marketplace-vmss/createUiDefinition.json index 3228cb59..a4a6ba1b 100644 --- a/azure/templates/marketplace-vmss/createUiDefinition.json +++ b/azure/templates/marketplace-vmss/createUiDefinition.json @@ -53,7 +53,7 @@ "steps": [ { "name": "autoprovision", - "label": "Check Point VMSS settings", + "label": "CloudGuard VMSS settings", "subLabel": { "preValidation": "Configure CloudGuard VMSS settings", "postValidation": "Done" @@ -61,64 +61,12 @@ "bladeTitle": "CloudGuard VMSS settings", "elements": [ { - "name": "upgrading", - "type": "Microsoft.Common.OptionsGroup", - "label": "Are you upgrading your CloudGuard VMSS solution?", - "defaultValue": "No", - "toolTip": "Select 'Yes' if you are upgrading your CloudGuard VMSS solution.", - "constraints": { - "allowedValues": [ - { - "label": "No", - "value": "no" - }, - { - "label": "Yes", - "value": "yes" - } - ] - } - }, - { - "name": "upgradeVmssInfoBox", - "type": "Microsoft.Common.InfoBox", - "visible": "[equals(steps('autoprovision').upgrading, 'yes')]", - "options": { - "icon": "Warning", - "text": "All the configurations below must be similar to the existing CloudGuard VMSS solution.\n\nNote that the target load balancers are the ones connected to your existing CloudGuard VMSS solution.\n\nSee the Deployment Guide for more information." - } - }, - { - "name": "vmCount", - "type": "Microsoft.Common.TextBox", - "label": "Initial number of gateways", - "defaultValue": "2", - "toolTip": "The initial number of gateways", - "constraints": { - "required": true, - "regex": "^[1-9][0-9]{0,1}$", - "validationMessage": "Please enter a number in the range 1-99." - } - }, - { - "name": "maxVmCount", - "type": "Microsoft.Common.TextBox", - "label": "Maximum number of gateways", - "defaultValue": "10", - "toolTip": "The maximum number of gateways", - "constraints": { - "required": true, - "regex": "^[1-9][0-9]{0,1}$", - "validationMessage": "Please enter a number in the range 1-99." - } - }, - { - "name": "numGwsValidation", + "name": "InfoAzureAdminGuide", "type": "Microsoft.Common.InfoBox", - "visible": "[greater(steps('autoprovision').vmCount, steps('autoprovision').maxVmCount)]", + "visible": "true", "options": { - "icon": "Error", - "text": "Maximum number of gateways is lower than initial number of gateways" + "icon": "Info", + "text": "See CloudGuard Network for Azure administration guide for detailed deployment and configuration steps " } }, { @@ -135,7 +83,7 @@ { "name": "configurationTemplateInfoBox", "type": "Microsoft.Common.InfoBox", - "visible": "[equals(steps('autoprovision').upgrading, 'yes')]", + "visible": "[equals(steps('chkp-advanced').upgrading, 'yes')]", "options": { "icon": "Info", "text": "Use a different configuration template name than in your existing CloudGuard VMSS solution." @@ -151,467 +99,649 @@ "regex": "^[a-z0-9A-Z_\\-]{1,30}$", "validationMessage": "Field cannot be empty. Only alphanumeric characters or '_'/'-' are allowed, and the name must be 1-30 characters long." } - }, + }, { - "name": "adminEmail", + "name": "mgmtIPaddress", "type": "Microsoft.Common.TextBox", - "label": "Administrator email address", - "defaultValue": "", - "toolTip": "An email address to notify about scaling operations", + "label": "Management Server IP address", + "toolTip": "The IP address used to manage the VMSS instances.", + "visible": "[or(equals(steps('chkp-advanced').mgmtInterfaceOpt1, 'eth0-private'), equals(steps('chkp-advanced').mgmtInterfaceOpt2, 'eth0-private'))]", "constraints": { - "required": false, - "regex": "^([a-zA-Z0-9_\\-\\.]+)@((\\[[0-9]{1,3}\\.[0-9]{1,3}\\.[0-9]{1,3}\\.)|(([a-zA-Z0-9\\-]+\\.)+))([a-zA-Z]{2,4}|[0-9]{1,3})(\\]?)$", - "validationMessage": "Leave empty or enter a valid email address." + "regex": "^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])$", + "required": true, + "validationMessage": "Please enter a valid IP address" } }, { - "name": "deploymentMode", + "name": "cloudGuardVersion", "type": "Microsoft.Common.DropDown", - "label": "Load balancers deployment", - "defaultValue": "Standard (External & Internal)", - "toolTip": "Defines which load balancers will be deployed. Note: For outbound inspection it is mandatory to deploy an external load balancer and/or instance level public IP addresses.", + "label": "Version", + "defaultValue": "R81.20", + "toolTip": "Check Point Recommended version for all deployments is R81.20", "constraints": { "allowedValues": [ { - "label": "Standard (External & Internal)", - "value": "Standard" + "label": "R81.10", + "value": "R81.10" }, { - "label": "External only (Inbound inspection only)", - "value": "ELBOnly" + "label": "R81.20", + "value": "R81.20" }, { - "label": "Internal only (Outbound & E-W inspection only - see tooltip)", - "value": "ILBOnly" + "label": "R82", + "value": "R82" } ] } }, { - "name": "appLoadDistribution", + "name": "R80Offer", "type": "Microsoft.Common.DropDown", - "label": "External Load Balancer session persistence", - "defaultValue": "None (5-tuple)", - "toolTip": "The load balancing distribution method for the External Load Balancer.", - "visible": "[not(equals(steps('autoprovision').deploymentMode, 'ILBOnly'))]", + "label": "License type", + "toolTip": "The type of license.", + "defaultValue": "Pay As You Go (NGTX)", + "visible": true, "constraints": { "allowedValues": [ { - "label": "None (5-tuple)", - "value": "Default" + "label": "Bring Your Own License", + "value": "Bring Your Own License" }, { - "label": "Client IP (2-tuple)", - "value": "SourceIP" + "label": "Pay As You Go (NGTP)", + "value": "Pay As You Go (NGTP)" }, { - "label": "Client IP and protocol (3-tuple)", - "value": "SourceIPProtocol" + "label": "Pay As You Go (NGTX)", + "value": "Pay As You Go (NGTX)" } ] } }, { - "name": "ilbLoadDistribution", - "type": "Microsoft.Common.DropDown", - "label": "Internal Load Balancer session persistence", - "defaultValue": "None (5-tuple)", - "toolTip": "The load balancing distribution method for the Internal Load Balancer.", - "visible": "[not(equals(steps('autoprovision').deploymentMode, 'ELBOnly'))]", - "constraints": { - "allowedValues": [ - { - "label": "None (5-tuple)", - "value": "Default" - }, - { - "label": "Client IP (2-tuple)", - "value": "SourceIP" - }, - { - "label": "Client IP and protocol (3-tuple)", - "value": "SourceIPProtocol" - } - ] + "name": "InfoVMSize", + "type": "Microsoft.Common.InfoBox", + "visible": "true", + "options": { + "icon": "Info", + "text": "Check Point recommends a minimum of 4 vCores for optimal operation" } }, { - "name": "floatingIP", - "type": "Microsoft.Common.OptionsGroup", - "label": "Deploy the Load Balancers with floating IP", - "defaultValue": "No", - "toolTip": "Deploy the Load Balancers with floating IP.", + "name": "R8110vmSizeUiBYOL", + "type": "Microsoft.Compute.SizeSelector", + "visible": "[and(equals(steps('autoprovision').cloudGuardVersion, 'R81.10'), contains(steps('autoprovision').R80Offer, 'Bring Your Own License'))]", + "label": "Virtual machine size", + "toolTip": "The VM size of the Security Gateway", + "recommendedSizes": [ + "Standard_D3_v2", + "Standard_DS3_v2" + ], "constraints": { - "allowedValues": [ - { - "label": "No", - "value": "no" - }, - { - "label": "Yes", - "value": "yes" - } + "allowedSizes": [ + "Standard_D4_v4", + "Standard_D8_v4", + "Standard_D16_v4", + "Standard_D32_v4", + "Standard_D48_v4", + "Standard_D64_v4", + "Standard_D4s_v4", + "Standard_D8s_v4", + "Standard_D16s_v4", + "Standard_D32s_v4", + "Standard_D48s_v4", + "Standard_D64s_v4", + "Standard_D2_v5", + "Standard_D4_v5", + "Standard_D8_v5", + "Standard_D16_v5", + "Standard_D32_v5", + "Standard_D2s_v5", + "Standard_D4s_v5", + "Standard_D8s_v5", + "Standard_D16s_v5", + "Standard_D2d_v5", + "Standard_D4d_v5", + "Standard_D8d_v5", + "Standard_D16d_v5", + "Standard_D32d_v5", + "Standard_D2ds_v5", + "Standard_D4ds_v5", + "Standard_D8ds_v5", + "Standard_D16ds_v5", + "Standard_D32ds_v5", + "Standard_DS2_v2", + "Standard_DS3_v2", + "Standard_DS4_v2", + "Standard_DS5_v2", + "Standard_F2s", + "Standard_F4s", + "Standard_F8s", + "Standard_F16s", + "Standard_D4s_v3", + "Standard_D8s_v3", + "Standard_D16s_v3", + "Standard_D32s_v3", + "Standard_D64s_v3", + "Standard_E4s_v3", + "Standard_E8s_v3", + "Standard_E16s_v3", + "Standard_E20s_v3", + "Standard_E32s_v3", + "Standard_E64s_v3", + "Standard_E64is_v3", + "Standard_F4s_v2", + "Standard_F8s_v2", + "Standard_F16s_v2", + "Standard_F32s_v2", + "Standard_F64s_v2", + "Standard_M8ms", + "Standard_M16ms", + "Standard_M32ms", + "Standard_M64ms", + "Standard_M64s", + "Standard_D2_v2", + "Standard_D3_v2", + "Standard_D4_v2", + "Standard_D5_v2", + "Standard_D11_v2", + "Standard_D12_v2", + "Standard_D13_v2", + "Standard_D14_v2", + "Standard_D15_v2", + "Standard_F2", + "Standard_F4", + "Standard_F8", + "Standard_F16", + "Standard_D4_v3", + "Standard_D8_v3", + "Standard_D16_v3", + "Standard_D32_v3", + "Standard_D64_v3", + "Standard_E4_v3", + "Standard_E8_v3", + "Standard_E16_v3", + "Standard_E20_v3", + "Standard_E32_v3", + "Standard_E64_v3", + "Standard_E64i_v3", + "Standard_DS11_v2", + "Standard_DS12_v2", + "Standard_DS13_v2", + "Standard_DS14_v2", + "Standard_DS15_v2" ] }, - "visible": true + "osPlatform": "Linux", + "imageReference": { + "publisher": "checkpoint", + "offer": "check-point-cg-r8110", + "sku": "sg-byol" + }, + "count": "[steps('chkp-advanced').vmCount]" }, { - "name": "instanceLevelPublicIP", - "type": "Microsoft.Common.OptionsGroup", - "label": "Deploy the VMSS with instance level Public IP address", - "defaultValue": "No", - "toolTip": "If selected 'Yes', then each VMSS instance will have its own public IP address.", - "constraints": { - "allowedValues": [ - { - "label": "No", - "value": "no" - }, - { - "label": "Yes", - "value": "yes" - } - ] - } - }, - { - "name": "publicIPPrefix", - "type": "Microsoft.Common.OptionsGroup", - "label": "Public IP prefix", - "defaultValue": "No", - "toolTip": "Define if deploy existsing Public IP Prefix or a new Public IP Prefix.", + "name": "R8110vmSizeUiNGTP", + "type": "Microsoft.Compute.SizeSelector", + "visible": "[and(equals(steps('autoprovision').cloudGuardVersion, 'R81.10'), contains(steps('autoprovision').R80Offer, '(NGTP)'))]", + "label": "Virtual machine size", + "toolTip": "The VM size of the Security Gateway", + "recommendedSizes": [ + "Standard_D3_v2", + "Standard_DS3_v2" + ], "constraints": { - "allowedValues": [ - { - "label": "No", - "value": "no" - }, - { - "label": "Yes", - "value": "yes" - } + "allowedSizes": [ + "Standard_D4_v4", + "Standard_D8_v4", + "Standard_D16_v4", + "Standard_D32_v4", + "Standard_D48_v4", + "Standard_D64_v4", + "Standard_D4s_v4", + "Standard_D8s_v4", + "Standard_D16s_v4", + "Standard_D32s_v4", + "Standard_D48s_v4", + "Standard_D64s_v4", + "Standard_D2_v5", + "Standard_D4_v5", + "Standard_D8_v5", + "Standard_D16_v5", + "Standard_D32_v5", + "Standard_D2s_v5", + "Standard_D4s_v5", + "Standard_D8s_v5", + "Standard_D16s_v5", + "Standard_D2d_v5", + "Standard_D4d_v5", + "Standard_D8d_v5", + "Standard_D16d_v5", + "Standard_D32d_v5", + "Standard_D2ds_v5", + "Standard_D4ds_v5", + "Standard_D8ds_v5", + "Standard_D16ds_v5", + "Standard_D32ds_v5", + "Standard_DS2_v2", + "Standard_DS3_v2", + "Standard_DS4_v2", + "Standard_DS5_v2", + "Standard_F2s", + "Standard_F4s", + "Standard_F8s", + "Standard_F16s", + "Standard_D4s_v3", + "Standard_D8s_v3", + "Standard_D16s_v3", + "Standard_D32s_v3", + "Standard_D64s_v3", + "Standard_E4s_v3", + "Standard_E8s_v3", + "Standard_E16s_v3", + "Standard_E20s_v3", + "Standard_E32s_v3", + "Standard_E64s_v3", + "Standard_E64is_v3", + "Standard_F4s_v2", + "Standard_F8s_v2", + "Standard_F16s_v2", + "Standard_F32s_v2", + "Standard_F64s_v2", + "Standard_M8ms", + "Standard_M16ms", + "Standard_M32ms", + "Standard_M64ms", + "Standard_M64s", + "Standard_D2_v2", + "Standard_D3_v2", + "Standard_D4_v2", + "Standard_D5_v2", + "Standard_D11_v2", + "Standard_D12_v2", + "Standard_D13_v2", + "Standard_D14_v2", + "Standard_D15_v2", + "Standard_F2", + "Standard_F4", + "Standard_F8", + "Standard_F16", + "Standard_D4_v3", + "Standard_D8_v3", + "Standard_D16_v3", + "Standard_D32_v3", + "Standard_D64_v3", + "Standard_E4_v3", + "Standard_E8_v3", + "Standard_E16_v3", + "Standard_E20_v3", + "Standard_E32_v3", + "Standard_E64_v3", + "Standard_E64i_v3", + "Standard_DS11_v2", + "Standard_DS12_v2", + "Standard_DS13_v2", + "Standard_DS14_v2", + "Standard_DS15_v2" ] }, - "visible": "[equals(steps('autoprovision').instanceLevelPublicIP, 'yes')]" + "osPlatform": "Linux", + "imageReference": { + "publisher": "checkpoint", + "offer": "check-point-cg-r8110", + "sku": "sg-ngtp" + }, + "count": "[steps('chkp-advanced').vmCount]" }, { - "name": "createNewIPPrefix", - "type": "Microsoft.Common.OptionsGroup", - "label": "Create new IP prefiex", - "toolTip": "Create new or existsing Public IP Prefix", - "defaultValue": "No", + "name": "R8110vmSizeUiNGTX", + "type": "Microsoft.Compute.SizeSelector", + "visible": "[and(equals(steps('autoprovision').cloudGuardVersion, 'R81.10'), contains(steps('autoprovision').R80Offer, '(NGTX)'))]", + "label": "Virtual machine size", + "toolTip": "The VM size of the Security Gateway", + "recommendedSizes": [ + "Standard_D3_v2", + "Standard_DS3_v2" + ], "constraints": { - "allowedValues": [ - { - "label": "No", - "value": "no" - }, - { - "label": "Yes", - "value": "yes" - } + "allowedSizes": [ + "Standard_D4_v4", + "Standard_D8_v4", + "Standard_D16_v4", + "Standard_D32_v4", + "Standard_D48_v4", + "Standard_D64_v4", + "Standard_D4s_v4", + "Standard_D8s_v4", + "Standard_D16s_v4", + "Standard_D32s_v4", + "Standard_D48s_v4", + "Standard_D64s_v4", + "Standard_D2_v5", + "Standard_D4_v5", + "Standard_D8_v5", + "Standard_D16_v5", + "Standard_D32_v5", + "Standard_D2s_v5", + "Standard_D4s_v5", + "Standard_D8s_v5", + "Standard_D16s_v5", + "Standard_D2d_v5", + "Standard_D4d_v5", + "Standard_D8d_v5", + "Standard_D16d_v5", + "Standard_D32d_v5", + "Standard_D2ds_v5", + "Standard_D4ds_v5", + "Standard_D8ds_v5", + "Standard_D16ds_v5", + "Standard_D32ds_v5", + "Standard_DS2_v2", + "Standard_DS3_v2", + "Standard_DS4_v2", + "Standard_DS5_v2", + "Standard_F2s", + "Standard_F4s", + "Standard_F8s", + "Standard_F16s", + "Standard_D4s_v3", + "Standard_D8s_v3", + "Standard_D16s_v3", + "Standard_D32s_v3", + "Standard_D64s_v3", + "Standard_E4s_v3", + "Standard_E8s_v3", + "Standard_E16s_v3", + "Standard_E20s_v3", + "Standard_E32s_v3", + "Standard_E64s_v3", + "Standard_E64is_v3", + "Standard_F4s_v2", + "Standard_F8s_v2", + "Standard_F16s_v2", + "Standard_F32s_v2", + "Standard_F64s_v2", + "Standard_M8ms", + "Standard_M16ms", + "Standard_M32ms", + "Standard_M64ms", + "Standard_M64s", + "Standard_D2_v2", + "Standard_D3_v2", + "Standard_D4_v2", + "Standard_D5_v2", + "Standard_D11_v2", + "Standard_D12_v2", + "Standard_D13_v2", + "Standard_D14_v2", + "Standard_D15_v2", + "Standard_F2", + "Standard_F4", + "Standard_F8", + "Standard_F16", + "Standard_D4_v3", + "Standard_D8_v3", + "Standard_D16_v3", + "Standard_D32_v3", + "Standard_D64_v3", + "Standard_E4_v3", + "Standard_E8_v3", + "Standard_E16_v3", + "Standard_E20_v3", + "Standard_E32_v3", + "Standard_E64_v3", + "Standard_E64i_v3", + "Standard_DS11_v2", + "Standard_DS12_v2", + "Standard_DS13_v2", + "Standard_DS14_v2", + "Standard_DS15_v2" ] }, - "visible": "[equals(steps('autoprovision').publicIPPrefix, 'yes')]" + "osPlatform": "Linux", + "imageReference": { + "publisher": "checkpoint", + "offer": "check-point-cg-r8110", + "sku": "sg-ngtx" + }, + "count": "[steps('chkp-advanced').vmCount]" }, { - "name": "IPv4Length", - "type": "Microsoft.Common.DropDown", - "label": "IPv4 IP prefix length", - "defaultValue": "/31 (2 addresses)", - "toolTip": "Choose the length of the IP prefix for IP v4.", - "multiselect": false, - "selectAll": false, - "filter": false, - "multiLine": false, + "name": "R8120vmSizeUiBYOL", + "type": "Microsoft.Compute.SizeSelector", + "visible": "[and(equals(steps('autoprovision').cloudGuardVersion, 'R81.20'), contains(steps('autoprovision').R80Offer, 'Bring Your Own License'))]", + "label": "Virtual machine size", + "toolTip": "The VM size of the Security Gateway", + "recommendedSizes": [ + "Standard_D4ds_v5", + "Standard_D4d_v5" + ], "constraints": { - "allowedValues": [ - { - "label": "/28 (16 addresses)", - "value": "/28 (16 addresses)" - }, - { - "label": "/29 (8 addresses)", - "value": "/29 (8 addresses)" - }, - { - "label": "/30 (4 addresses)", - "value": "/30 (4 addresses)" - }, - { - "label": "/31 (2 addresses)", - "value": "/31 (2 addresses)" - } - ], - "required": true + "allowedSizes": [ + "Standard_D4_v4", + "Standard_D8_v4", + "Standard_D16_v4", + "Standard_D32_v4", + "Standard_D48_v4", + "Standard_D64_v4", + "Standard_D4s_v4", + "Standard_D8s_v4", + "Standard_D16s_v4", + "Standard_D32s_v4", + "Standard_D48s_v4", + "Standard_D64s_v4", + "Standard_D2_v5", + "Standard_D4_v5", + "Standard_D8_v5", + "Standard_D16_v5", + "Standard_D32_v5", + "Standard_D2s_v5", + "Standard_D4s_v5", + "Standard_D8s_v5", + "Standard_D16s_v5", + "Standard_D2d_v5", + "Standard_D4d_v5", + "Standard_D8d_v5", + "Standard_D16d_v5", + "Standard_D32d_v5", + "Standard_D2ds_v5", + "Standard_D4ds_v5", + "Standard_D8ds_v5", + "Standard_D16ds_v5", + "Standard_D32ds_v5", + "Standard_DS2_v2", + "Standard_DS3_v2", + "Standard_DS4_v2", + "Standard_DS5_v2", + "Standard_F2s", + "Standard_F4s", + "Standard_F8s", + "Standard_F16s", + "Standard_D4s_v3", + "Standard_D8s_v3", + "Standard_D16s_v3", + "Standard_D32s_v3", + "Standard_D64s_v3", + "Standard_E4s_v3", + "Standard_E8s_v3", + "Standard_E16s_v3", + "Standard_E20s_v3", + "Standard_E32s_v3", + "Standard_E64s_v3", + "Standard_E64is_v3", + "Standard_F4s_v2", + "Standard_F8s_v2", + "Standard_F16s_v2", + "Standard_F32s_v2", + "Standard_F64s_v2", + "Standard_M8ms", + "Standard_M16ms", + "Standard_M32ms", + "Standard_M64ms", + "Standard_M64s", + "Standard_D2_v2", + "Standard_D3_v2", + "Standard_D4_v2", + "Standard_D5_v2", + "Standard_D11_v2", + "Standard_D12_v2", + "Standard_D13_v2", + "Standard_D14_v2", + "Standard_D15_v2", + "Standard_F2", + "Standard_F4", + "Standard_F8", + "Standard_F16", + "Standard_D4_v3", + "Standard_D8_v3", + "Standard_D16_v3", + "Standard_D32_v3", + "Standard_D64_v3", + "Standard_E4_v3", + "Standard_E8_v3", + "Standard_E16_v3", + "Standard_E20_v3", + "Standard_E32_v3", + "Standard_E64_v3", + "Standard_E64i_v3", + "Standard_DS11_v2", + "Standard_DS12_v2", + "Standard_DS13_v2", + "Standard_DS14_v2", + "Standard_DS15_v2" + ] }, - "visible": "[equals(steps('autoprovision').createNewIPPrefix, 'yes')]" - }, - { - "name": "ipPrefixLengthWarning", - "type": "Microsoft.Common.InfoBox", - "visible": "[equals(steps('autoprovision').createNewIPPrefix, 'yes')]", - "options": { - "icon": "Warning", - "text": "[concat('NOTE: The VMSS will not be allowed to contain more than ', if(equals(steps('autoprovision').IPv4Length, '/31 (2 addresses)'), '2', if(equals(steps('autoprovision').IPv4Length, '/30 (4 addresses)'), '4', if(equals(steps('autoprovision').IPv4Length, '/29 (8 addresses)'), '8', if(equals(steps('autoprovision').IPv4Length, '/28 (16 addresses)'), '16', '0')))), ' instances')]" - } + "osPlatform": "Linux", + "imageReference": { + "publisher": "checkpoint", + "offer": "check-point-cg-r8120", + "sku": "sg-byol" + }, + "count": "[steps('chkp-advanced').vmCount]" }, { - "name": "ipPrefixExistingResourceId", - "type": "Microsoft.Common.TextBox", - "label": "Enter an existing IP prefix resource id", - "toolTip": "The resource id of an existing public IP prefix.", - "multiLine": false, + "name": "R8120vmSizeUiNGTP", + "type": "Microsoft.Compute.SizeSelector", + "visible": "[and(equals(steps('autoprovision').cloudGuardVersion, 'R81.20'), contains(steps('autoprovision').R80Offer, '(NGTP)'))]", + "label": "Virtual machine size", + "toolTip": "The VM size of the Security Gateway", + "recommendedSizes": [ + "Standard_D4ds_v5", + "Standard_D4d_v5" + ], "constraints": { - "regex": "^[a-z0-9A-Z -.:/n]{1,}$", - "validationMessage": "Only alphanumeric characters, hyphens, spaces, periods, and colons are allowed.", - "required": true + "allowedSizes": [ + "Standard_D4_v4", + "Standard_D8_v4", + "Standard_D16_v4", + "Standard_D32_v4", + "Standard_D48_v4", + "Standard_D64_v4", + "Standard_D4s_v4", + "Standard_D8s_v4", + "Standard_D16s_v4", + "Standard_D32s_v4", + "Standard_D48s_v4", + "Standard_D64s_v4", + "Standard_D2_v5", + "Standard_D4_v5", + "Standard_D8_v5", + "Standard_D16_v5", + "Standard_D32_v5", + "Standard_D2s_v5", + "Standard_D4s_v5", + "Standard_D8s_v5", + "Standard_D16s_v5", + "Standard_D2d_v5", + "Standard_D4d_v5", + "Standard_D8d_v5", + "Standard_D16d_v5", + "Standard_D32d_v5", + "Standard_D2ds_v5", + "Standard_D4ds_v5", + "Standard_D8ds_v5", + "Standard_D16ds_v5", + "Standard_D32ds_v5", + "Standard_DS2_v2", + "Standard_DS3_v2", + "Standard_DS4_v2", + "Standard_DS5_v2", + "Standard_F2s", + "Standard_F4s", + "Standard_F8s", + "Standard_F16s", + "Standard_D4s_v3", + "Standard_D8s_v3", + "Standard_D16s_v3", + "Standard_D32s_v3", + "Standard_D64s_v3", + "Standard_E4s_v3", + "Standard_E8s_v3", + "Standard_E16s_v3", + "Standard_E20s_v3", + "Standard_E32s_v3", + "Standard_E64s_v3", + "Standard_E64is_v3", + "Standard_F4s_v2", + "Standard_F8s_v2", + "Standard_F16s_v2", + "Standard_F32s_v2", + "Standard_F64s_v2", + "Standard_M8ms", + "Standard_M16ms", + "Standard_M32ms", + "Standard_M64ms", + "Standard_M64s", + "Standard_D2_v2", + "Standard_D3_v2", + "Standard_D4_v2", + "Standard_D5_v2", + "Standard_D11_v2", + "Standard_D12_v2", + "Standard_D13_v2", + "Standard_D14_v2", + "Standard_D15_v2", + "Standard_F2", + "Standard_F4", + "Standard_F8", + "Standard_F16", + "Standard_D4_v3", + "Standard_D8_v3", + "Standard_D16_v3", + "Standard_D32_v3", + "Standard_D64_v3", + "Standard_E4_v3", + "Standard_E8_v3", + "Standard_E16_v3", + "Standard_E20_v3", + "Standard_E32_v3", + "Standard_E64_v3", + "Standard_E64i_v3", + "Standard_DS11_v2", + "Standard_DS12_v2", + "Standard_DS13_v2", + "Standard_DS14_v2", + "Standard_DS15_v2" + ] + }, + "osPlatform": "Linux", + "imageReference": { + "publisher": "checkpoint", + "offer": "check-point-cg-r8120", + "sku": "sg-ngtp" }, - "visible": "[equals(steps('autoprovision').createNewIPPrefix, 'no')]" + "count": "[steps('chkp-advanced').vmCount]" }, { - "name": "externalCommunicationInfoBox", - "type": "Microsoft.Common.InfoBox", - "visible": "[and(equals(steps('autoprovision').instanceLevelPublicIP, 'no'), equals(steps('autoprovision').deploymentMode, 'ILBOnly'))]", - "options": { - "icon": "Warning", - "text": "For outbound inspection it is mandatory to deploy an external load balancer and/or instance level public IP addresses." - } - }, - { - "name": "lbsTargetRGName", - "type": "Microsoft.Common.TextBox", - "visible": "[equals(steps('autoprovision').upgrading, 'yes')]", - "label": "Target load balancers resource group name", - "defaultValue": "", - "toolTip": "The name of the Target Load Balancers Resource Group.", - "constraints": { - "required": true, - "regex": "^[a-z0-9A-Z_\\-\\.\\/\\(\\)]", - "validationMessage": "Resource Group only allow alphanumeric characters, periods, underscores, hyphens, slash, and parenthesis" - } - }, - { - "name": "elbResourceId", - "type": "Microsoft.Common.TextBox", - "visible": "[and(equals(steps('autoprovision').upgrading, 'yes'), not(equals(steps('autoprovision').deploymentMode, 'ILBOnly')))]", - "label": "Target external load balancer resource ID", - "defaultValue": "", - "toolTip": "The Resource ID of the Target External Load Balancer.", - "constraints": { - "required": true, - "regex": "^[a-z0-9A-Z_\\-\\.\\/\\(\\)]", - "validationMessage": "Resource Id only allow alphanumeric characters, periods, underscores, hyphens, slash, and parenthesis" - } - }, - { - "name": "elbBEAddressPoolName", - "type": "Microsoft.Common.TextBox", - "visible": "[and(equals(steps('autoprovision').upgrading, 'yes'), not(equals(steps('autoprovision').deploymentMode, 'ILBOnly')))]", - "label": "Target external load balancer's backend pool name", - "toolTip": "The name of the target external load Balancer's Backend Pool.", - "constraints": { - "required": true, - "regex": "^[a-z0-9A-Z_\\-\\.\\/\\(\\)]", - "validationMessage": "Only alphanumeric characters, periods, underscores, hyphens, slash, and parenthesis are allowed" - } - }, - { - "name": "ilbResourceId", - "type": "Microsoft.Common.TextBox", - "visible": "[and(equals(steps('autoprovision').upgrading, 'yes'), not(equals(steps('autoprovision').deploymentMode, 'ELBOnly')))]", - "label": "Target internal load balancer resource ID", - "defaultValue": "", - "toolTip": "The Resource ID of the Target Internal Load Balancer.", - "constraints": { - "required": true, - "regex": "^[a-z0-9A-Z_\\-\\.\\/\\(\\)]", - "validationMessage": "Resource Id only allow alphanumeric characters, periods, underscores, hyphens, slash, and parenthesis" - } - }, - { - "name": "ilbBEAddressPoolName", - "type": "Microsoft.Common.TextBox", - "visible": "[and(equals(steps('autoprovision').upgrading, 'yes'), not(equals(steps('autoprovision').deploymentMode, 'ELBOnly')))]", - "label": "Target internal load balancer's backend pool name", - "toolTip": "The name of the target internal load balancer's backend pool.", - "constraints": { - "required": true, - "regex": "^[a-z0-9A-Z_\\-\\.\\/\\(\\)]", - "validationMessage": "Only alphanumeric characters, periods, underscores, hyphens, slash, and parenthesis are allowed" - } - }, - { - "name": "mgmtInterfaceOpt1", - "type": "Microsoft.Common.DropDown", - "label": "Management interface and IP address", - "defaultValue": "Backend NIC's private IP address", - "visible": "[equals(steps('autoprovision').instanceLevelPublicIP, 'yes')]", - "toolTip": "Manage the Gateways in the Scale Set via the instance's external (eth0) or internal (eth1) NIC and with public or private IP.", - "constraints": { - "allowedValues": [ - { - "label": "Backend NIC's private IP address", - "value": "eth1-private" - }, - { - "label": "Frontend NIC's public IP address", - "value": "eth0-public" - }, - { - "label": "Frontend NIC's private IP address", - "value": "eth0-private" - } - ] - } - }, - { - "name": "mgmtInterfaceOpt2", - "type": "Microsoft.Common.DropDown", - "label": "Management interface and IP address", - "defaultValue": "Backend NIC's private IP address", - "visible": "[equals(steps('autoprovision').instanceLevelPublicIP, 'no')]", - "toolTip": "Manage the Gateways in the Scale Set via the instance's external (eth0) or internal (eth1) NIC's private IP address.", - "constraints": { - "allowedValues": [ - { - "label": "Backend NIC's private IP address", - "value": "eth1-private" - }, - { - "label": "Frontend NIC's private IP address", - "value": "eth0-private" - } - ] - } - }, - { - "name": "mgmtIPaddress", - "type": "Microsoft.Common.TextBox", - "label": "Management Server IP address", - "toolTip": "The IP address used to manage the VMSS instances.", - "visible": "[or(equals(steps('autoprovision').mgmtInterfaceOpt1, 'eth0-private'), equals(steps('autoprovision').mgmtInterfaceOpt2, 'eth0-private'))]", - "constraints": { - "regex": "^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])$", - "required": true, - "validationMessage": "Please enter a valid IP address" - } - }, - { - "name": "availabilityZonesNum", - "type": "Microsoft.Common.DropDown", - "label": "Number of Availability Zones to use", - "defaultValue": "None", - "toolTip": "The number of avalability zones to use for the scale set. Note that the load balancers and their IP addresses will be zone redundant in any case.", - "visible": "[contains(' australiaeast brazilsouth canadacentral centralus eastasia eastus eastus2 francecentral germanywestcentral japaneast koreacentral northeurope norwayeast southafricanorth southcentralus southeastasia swedencentral uksouth usgovvirginia westeurope westus2 westus3 switzerlandnorth qatarcentral centralindia uaenorth italynorth ', concat(' ', location(), ' '))]", - "constraints": { - "allowedValues": [ - { - "label": "None", - "value": 0 - }, - { - "label": "One zone", - "value": 1 - }, - { - "label": "Two zones", - "value": 2 - }, - { - "label": "Three zones", - "value": 3 - } - ] - } - }, - { - "name": "customMetrics", - "type": "Microsoft.Common.OptionsGroup", - "label": "Enable CloudGuard metrics", - "defaultValue": "Yes", - "toolTip": "Enable CloudGuard metrics in order to send statuses and statistics collected from VMSS instances to the Azure Monitor service.", - "constraints": { - "allowedValues": [ - { - "label": "No", - "value": "no" - }, - { - "label": "Yes", - "value": "yes" - } - ] - }, - "visible": true - } - ] - }, - { - "name": "chkp", - "label": "Check Point CloudGuard settings", - "subLabel": { - "preValidation": "Configure CloudGuard settings", - "postValidation": "Done" - }, - "bladeTitle": "CloudGuard settings", - "elements": [ - { - "name": "cloudGuardVersion", - "type": "Microsoft.Common.DropDown", - "label": "Check Point CloudGuard version", - "defaultValue": "R81.20", - "toolTip": "The version of Check Point CloudGuard.", - "constraints": { - "allowedValues": [ - { - "label": "R81.10", - "value": "R81.10" - }, - { - "label": "R81.20", - "value": "R81.20" - }, - { - "label": "R82", - "value": "R82" - } - ] - } - }, - { - "name": "R80Offer", - "type": "Microsoft.Common.DropDown", - "label": "License type", - "toolTip": "The type of license.", - "defaultValue": "Bring Your Own License", - "visible": true, - "constraints": { - "allowedValues": [ - { - "label": "Bring Your Own License", - "value": "Bring Your Own License" - }, - { - "label": "Pay As You Go (NGTP)", - "value": "Pay As You Go (NGTP)" - }, - { - "label": "Pay As You Go (NGTX)", - "value": "Pay As You Go (NGTX)" - } - ] - } - }, - { - "name": "R8110vmSizeUiBYOL", + "name": "R8120vmSizeUiNGTX", "type": "Microsoft.Compute.SizeSelector", - "visible": "[and(equals(steps('chkp').cloudGuardVersion, 'R81.10'), contains(steps('chkp').R80Offer, 'Bring Your Own License'))]", + "visible": "[and(equals(steps('autoprovision').cloudGuardVersion, 'R81.20'), contains(steps('autoprovision').R80Offer, '(NGTX)'))]", "label": "Virtual machine size", "toolTip": "The VM size of the Security Gateway", "recommendedSizes": [ - "Standard_D3_v2", - "Standard_DS3_v2" + "Standard_D4ds_v5", + "Standard_D4d_v5" ], "constraints": { "allowedSizes": [ @@ -711,20 +841,20 @@ "osPlatform": "Linux", "imageReference": { "publisher": "checkpoint", - "offer": "check-point-cg-r8110", - "sku": "sg-byol" + "offer": "check-point-cg-r8120", + "sku": "sg-ngtx" }, - "count": "[steps('autoprovision').vmCount]" + "count": "[steps('chkp-advanced').vmCount]" }, { - "name": "R8110vmSizeUiNGTP", + "name": "R82vmSizeUiBYOL", "type": "Microsoft.Compute.SizeSelector", - "visible": "[and(equals(steps('chkp').cloudGuardVersion, 'R81.10'), contains(steps('chkp').R80Offer, '(NGTP)'))]", + "visible": "[and(equals(steps('autoprovision').cloudGuardVersion, 'R82'), contains(steps('autoprovision').R80Offer, 'Bring Your Own License'))]", "label": "Virtual machine size", "toolTip": "The VM size of the Security Gateway", "recommendedSizes": [ - "Standard_D3_v2", - "Standard_DS3_v2" + "Standard_D4ds_v5", + "Standard_D4d_v5" ], "constraints": { "allowedSizes": [ @@ -824,20 +954,20 @@ "osPlatform": "Linux", "imageReference": { "publisher": "checkpoint", - "offer": "check-point-cg-r8110", - "sku": "sg-ngtp" + "offer": "check-point-cg-r82", + "sku": "sg-byol" }, - "count": "[steps('autoprovision').vmCount]" + "count": "[steps('chkp-advanced').vmCount]" }, { - "name": "R8110vmSizeUiNGTX", + "name": "R82vmSizeUiNGTP", "type": "Microsoft.Compute.SizeSelector", - "visible": "[and(equals(steps('chkp').cloudGuardVersion, 'R81.10'), contains(steps('chkp').R80Offer, '(NGTX)'))]", + "visible": "[and(equals(steps('autoprovision').cloudGuardVersion, 'R82'), contains(steps('autoprovision').R80Offer, '(NGTP)'))]", "label": "Virtual machine size", "toolTip": "The VM size of the Security Gateway", "recommendedSizes": [ - "Standard_D3_v2", - "Standard_DS3_v2" + "Standard_D4ds_v5", + "Standard_D4d_v5" ], "constraints": { "allowedSizes": [ @@ -937,15 +1067,15 @@ "osPlatform": "Linux", "imageReference": { "publisher": "checkpoint", - "offer": "check-point-cg-r8110", - "sku": "sg-ngtx" + "offer": "check-point-cg-r82", + "sku": "sg-ngtp" }, - "count": "[steps('autoprovision').vmCount]" + "count": "[steps('chkp-advanced').vmCount]" }, { - "name": "R8120vmSizeUiBYOL", + "name": "R82vmSizeUiNGTX", "type": "Microsoft.Compute.SizeSelector", - "visible": "[and(equals(steps('chkp').cloudGuardVersion, 'R81.20'), contains(steps('chkp').R80Offer, 'Bring Your Own License'))]", + "visible": "[and(equals(steps('autoprovision').cloudGuardVersion, 'R82'), contains(steps('autoprovision').R80Offer, '(NGTX)'))]", "label": "Virtual machine size", "toolTip": "The VM size of the Security Gateway", "recommendedSizes": [ @@ -1050,575 +1180,490 @@ "osPlatform": "Linux", "imageReference": { "publisher": "checkpoint", - "offer": "check-point-cg-r8120", - "sku": "sg-byol" + "offer": "check-point-cg-r82", + "sku": "sg-ngtx" }, - "count": "[steps('autoprovision').vmCount]" - }, + "count": "[steps('chkp-advanced').vmCount]" + }, { - "name": "R8120vmSizeUiNGTP", - "type": "Microsoft.Compute.SizeSelector", - "visible": "[and(equals(steps('chkp').cloudGuardVersion, 'R81.20'), contains(steps('chkp').R80Offer, '(NGTP)'))]", - "label": "Virtual machine size", - "toolTip": "The VM size of the Security Gateway", - "recommendedSizes": [ - "Standard_D4ds_v5", - "Standard_D4d_v5" - ], - "constraints": { - "allowedSizes": [ - "Standard_D4_v4", - "Standard_D8_v4", - "Standard_D16_v4", - "Standard_D32_v4", - "Standard_D48_v4", - "Standard_D64_v4", - "Standard_D4s_v4", - "Standard_D8s_v4", - "Standard_D16s_v4", - "Standard_D32s_v4", - "Standard_D48s_v4", - "Standard_D64s_v4", - "Standard_D2_v5", - "Standard_D4_v5", - "Standard_D8_v5", - "Standard_D16_v5", - "Standard_D32_v5", - "Standard_D2s_v5", - "Standard_D4s_v5", - "Standard_D8s_v5", - "Standard_D16s_v5", - "Standard_D2d_v5", - "Standard_D4d_v5", - "Standard_D8d_v5", - "Standard_D16d_v5", - "Standard_D32d_v5", - "Standard_D2ds_v5", - "Standard_D4ds_v5", - "Standard_D8ds_v5", - "Standard_D16ds_v5", - "Standard_D32ds_v5", - "Standard_DS2_v2", - "Standard_DS3_v2", - "Standard_DS4_v2", - "Standard_DS5_v2", - "Standard_F2s", - "Standard_F4s", - "Standard_F8s", - "Standard_F16s", - "Standard_D4s_v3", - "Standard_D8s_v3", - "Standard_D16s_v3", - "Standard_D32s_v3", - "Standard_D64s_v3", - "Standard_E4s_v3", - "Standard_E8s_v3", - "Standard_E16s_v3", - "Standard_E20s_v3", - "Standard_E32s_v3", - "Standard_E64s_v3", - "Standard_E64is_v3", - "Standard_F4s_v2", - "Standard_F8s_v2", - "Standard_F16s_v2", - "Standard_F32s_v2", - "Standard_F64s_v2", - "Standard_M8ms", - "Standard_M16ms", - "Standard_M32ms", - "Standard_M64ms", - "Standard_M64s", - "Standard_D2_v2", - "Standard_D3_v2", - "Standard_D4_v2", - "Standard_D5_v2", - "Standard_D11_v2", - "Standard_D12_v2", - "Standard_D13_v2", - "Standard_D14_v2", - "Standard_D15_v2", - "Standard_F2", - "Standard_F4", - "Standard_F8", - "Standard_F16", - "Standard_D4_v3", - "Standard_D8_v3", - "Standard_D16_v3", - "Standard_D32_v3", - "Standard_D64_v3", - "Standard_E4_v3", - "Standard_E8_v3", - "Standard_E16_v3", - "Standard_E20_v3", - "Standard_E32_v3", - "Standard_E64_v3", - "Standard_E64i_v3", - "Standard_DS11_v2", - "Standard_DS12_v2", - "Standard_DS13_v2", - "Standard_DS14_v2", - "Standard_DS15_v2" - ] + "name": "sicKeyUi", + "type": "Microsoft.Common.PasswordBox", + "label": { + "password": "SIC Key", + "confirmPassword": "Confirm SIC Key" }, - "osPlatform": "Linux", - "imageReference": { - "publisher": "checkpoint", - "offer": "check-point-cg-r8120", - "sku": "sg-ngtp" + "toolTip": "Set the Secure Internal Communication one time secret used to set up trust between the gateway and the management server.", + "constraints": { + "required": true, + "regex": "^[a-z0-9A-Z]{12,30}$", + "validationMessage": "Only alphanumeric characters are allowed, and the value must be 12-30 characters long." }, - "count": "[steps('autoprovision').vmCount]" + "options": { + "hideConfirmation": false + } + } + + ] + }, + { + "name": "chkp-advanced", + "label": "CloudGuard Advanced Settings", + "subLabel": { + "preValidation": "Configure CloudGuard settings", + "postValidation": "Done" + }, + "bladeTitle": "CloudGuard settings", + "elements": [ + { + "name": "InfoAdvanced", + "type": "Microsoft.Common.InfoBox", + "visible": "true", + "options": { + "icon": "Info", + "text": "This section includes OPTIONAL advanced configuration.\nTo proceed with Check Point default settings, click Next" + } }, { - "name": "R8120vmSizeUiNGTX", - "type": "Microsoft.Compute.SizeSelector", - "visible": "[and(equals(steps('chkp').cloudGuardVersion, 'R81.20'), contains(steps('chkp').R80Offer, '(NGTX)'))]", - "label": "Virtual machine size", - "toolTip": "The VM size of the Security Gateway", - "recommendedSizes": [ - "Standard_D4ds_v5", - "Standard_D4d_v5" - ], + "name": "upgrading", + "type": "Microsoft.Common.OptionsGroup", + "label": "Are you upgrading your CloudGuard VMSS solution?", + "defaultValue": "No", + "toolTip": "Select 'Yes' if you are upgrading your CloudGuard VMSS solution.", "constraints": { - "allowedSizes": [ - "Standard_D4_v4", - "Standard_D8_v4", - "Standard_D16_v4", - "Standard_D32_v4", - "Standard_D48_v4", - "Standard_D64_v4", - "Standard_D4s_v4", - "Standard_D8s_v4", - "Standard_D16s_v4", - "Standard_D32s_v4", - "Standard_D48s_v4", - "Standard_D64s_v4", - "Standard_D2_v5", - "Standard_D4_v5", - "Standard_D8_v5", - "Standard_D16_v5", - "Standard_D32_v5", - "Standard_D2s_v5", - "Standard_D4s_v5", - "Standard_D8s_v5", - "Standard_D16s_v5", - "Standard_D2d_v5", - "Standard_D4d_v5", - "Standard_D8d_v5", - "Standard_D16d_v5", - "Standard_D32d_v5", - "Standard_D2ds_v5", - "Standard_D4ds_v5", - "Standard_D8ds_v5", - "Standard_D16ds_v5", - "Standard_D32ds_v5", - "Standard_DS2_v2", - "Standard_DS3_v2", - "Standard_DS4_v2", - "Standard_DS5_v2", - "Standard_F2s", - "Standard_F4s", - "Standard_F8s", - "Standard_F16s", - "Standard_D4s_v3", - "Standard_D8s_v3", - "Standard_D16s_v3", - "Standard_D32s_v3", - "Standard_D64s_v3", - "Standard_E4s_v3", - "Standard_E8s_v3", - "Standard_E16s_v3", - "Standard_E20s_v3", - "Standard_E32s_v3", - "Standard_E64s_v3", - "Standard_E64is_v3", - "Standard_F4s_v2", - "Standard_F8s_v2", - "Standard_F16s_v2", - "Standard_F32s_v2", - "Standard_F64s_v2", - "Standard_M8ms", - "Standard_M16ms", - "Standard_M32ms", - "Standard_M64ms", - "Standard_M64s", - "Standard_D2_v2", - "Standard_D3_v2", - "Standard_D4_v2", - "Standard_D5_v2", - "Standard_D11_v2", - "Standard_D12_v2", - "Standard_D13_v2", - "Standard_D14_v2", - "Standard_D15_v2", - "Standard_F2", - "Standard_F4", - "Standard_F8", - "Standard_F16", - "Standard_D4_v3", - "Standard_D8_v3", - "Standard_D16_v3", - "Standard_D32_v3", - "Standard_D64_v3", - "Standard_E4_v3", - "Standard_E8_v3", - "Standard_E16_v3", - "Standard_E20_v3", - "Standard_E32_v3", - "Standard_E64_v3", - "Standard_E64i_v3", - "Standard_DS11_v2", - "Standard_DS12_v2", - "Standard_DS13_v2", - "Standard_DS14_v2", - "Standard_DS15_v2" + "allowedValues": [ + { + "label": "No", + "value": "no" + }, + { + "label": "Yes", + "value": "yes" + } ] - }, - "osPlatform": "Linux", - "imageReference": { - "publisher": "checkpoint", - "offer": "check-point-cg-r8120", - "sku": "sg-ngtx" - }, - "count": "[steps('autoprovision').vmCount]" + } }, { - "name": "R82vmSizeUiBYOL", - "type": "Microsoft.Compute.SizeSelector", - "visible": "[and(equals(steps('chkp').cloudGuardVersion, 'R82'), contains(steps('chkp').R80Offer, 'Bring Your Own License'))]", - "label": "Virtual machine size", - "toolTip": "The VM size of the Security Gateway", - "recommendedSizes": [ - "Standard_D4ds_v5", - "Standard_D4d_v5" - ], + "name": "upgradeVmssInfoBox", + "type": "Microsoft.Common.InfoBox", + "visible": "[equals(steps('chkp-advanced').upgrading, 'yes')]", + "options": { + "icon": "Warning", + "text": "All the configurations below must be similar to the existing CloudGuard VMSS solution.\n\nNote that the target load balancers are the ones connected to your existing CloudGuard VMSS solution.\n\nSee the Deployment Guide for more information." + } + }, + { + "name": "vmCount", + "type": "Microsoft.Common.TextBox", + "label": "Initial number of gateways", + "defaultValue": "2", + "toolTip": "The initial number of gateways", "constraints": { - "allowedSizes": [ - "Standard_D4_v4", - "Standard_D8_v4", - "Standard_D16_v4", - "Standard_D32_v4", - "Standard_D48_v4", - "Standard_D64_v4", - "Standard_D4s_v4", - "Standard_D8s_v4", - "Standard_D16s_v4", - "Standard_D32s_v4", - "Standard_D48s_v4", - "Standard_D64s_v4", - "Standard_D2_v5", - "Standard_D4_v5", - "Standard_D8_v5", - "Standard_D16_v5", - "Standard_D32_v5", - "Standard_D2s_v5", - "Standard_D4s_v5", - "Standard_D8s_v5", - "Standard_D16s_v5", - "Standard_D2d_v5", - "Standard_D4d_v5", - "Standard_D8d_v5", - "Standard_D16d_v5", - "Standard_D32d_v5", - "Standard_D2ds_v5", - "Standard_D4ds_v5", - "Standard_D8ds_v5", - "Standard_D16ds_v5", - "Standard_D32ds_v5", - "Standard_DS2_v2", - "Standard_DS3_v2", - "Standard_DS4_v2", - "Standard_DS5_v2", - "Standard_F2s", - "Standard_F4s", - "Standard_F8s", - "Standard_F16s", - "Standard_D4s_v3", - "Standard_D8s_v3", - "Standard_D16s_v3", - "Standard_D32s_v3", - "Standard_D64s_v3", - "Standard_E4s_v3", - "Standard_E8s_v3", - "Standard_E16s_v3", - "Standard_E20s_v3", - "Standard_E32s_v3", - "Standard_E64s_v3", - "Standard_E64is_v3", - "Standard_F4s_v2", - "Standard_F8s_v2", - "Standard_F16s_v2", - "Standard_F32s_v2", - "Standard_F64s_v2", - "Standard_M8ms", - "Standard_M16ms", - "Standard_M32ms", - "Standard_M64ms", - "Standard_M64s", - "Standard_D2_v2", - "Standard_D3_v2", - "Standard_D4_v2", - "Standard_D5_v2", - "Standard_D11_v2", - "Standard_D12_v2", - "Standard_D13_v2", - "Standard_D14_v2", - "Standard_D15_v2", - "Standard_F2", - "Standard_F4", - "Standard_F8", - "Standard_F16", - "Standard_D4_v3", - "Standard_D8_v3", - "Standard_D16_v3", - "Standard_D32_v3", - "Standard_D64_v3", - "Standard_E4_v3", - "Standard_E8_v3", - "Standard_E16_v3", - "Standard_E20_v3", - "Standard_E32_v3", - "Standard_E64_v3", - "Standard_E64i_v3", - "Standard_DS11_v2", - "Standard_DS12_v2", - "Standard_DS13_v2", - "Standard_DS14_v2", - "Standard_DS15_v2" + "required": true, + "regex": "^[1-9][0-9]{0,1}$", + "validationMessage": "Please enter a number in the range 1-99." + } + }, + { + "name": "maxVmCount", + "type": "Microsoft.Common.TextBox", + "label": "Maximum number of gateways", + "defaultValue": "10", + "toolTip": "The maximum number of gateways", + "constraints": { + "required": true, + "regex": "^[1-9][0-9]{0,1}$", + "validationMessage": "Please enter a number in the range 1-99." + } + }, + { + "name": "numGwsValidation", + "type": "Microsoft.Common.InfoBox", + "visible": "[greater(steps('chkp-advanced').vmCount, steps('chkp-advanced').maxVmCount)]", + "options": { + "icon": "Error", + "text": "Maximum number of gateways is lower than initial number of gateways" + } + }, + { + "name": "adminEmail", + "type": "Microsoft.Common.TextBox", + "label": "Administrator email address", + "defaultValue": "", + "toolTip": "An email address to notify about scaling operations", + "constraints": { + "required": false, + "regex": "^([a-zA-Z0-9_\\-\\.]+)@((\\[[0-9]{1,3}\\.[0-9]{1,3}\\.[0-9]{1,3}\\.)|(([a-zA-Z0-9\\-]+\\.)+))([a-zA-Z]{2,4}|[0-9]{1,3})(\\]?)$", + "validationMessage": "Leave empty or enter a valid email address." + } + }, + { + "name": "deploymentMode", + "type": "Microsoft.Common.DropDown", + "label": "Load balancers deployment", + "defaultValue": "Standard (External & Internal)", + "toolTip": "Defines which load balancers will be deployed. Note: For outbound inspection it is mandatory to deploy an external load balancer and/or instance level public IP addresses.", + "constraints": { + "allowedValues": [ + { + "label": "Standard (External & Internal)", + "value": "Standard" + }, + { + "label": "External only (Inbound inspection only)", + "value": "ELBOnly" + }, + { + "label": "Internal only (Outbound & E-W inspection only - see tooltip)", + "value": "ILBOnly" + } + ] + } + }, + { + "name": "appLoadDistribution", + "type": "Microsoft.Common.DropDown", + "label": "External Load Balancer session persistence", + "defaultValue": "None (5-tuple)", + "toolTip": "The load balancing distribution method for the External Load Balancer.", + "visible": "[not(equals(steps('chkp-advanced').deploymentMode, 'ILBOnly'))]", + "constraints": { + "allowedValues": [ + { + "label": "None (5-tuple)", + "value": "Default" + }, + { + "label": "Client IP (2-tuple)", + "value": "SourceIP" + }, + { + "label": "Client IP and protocol (3-tuple)", + "value": "SourceIPProtocol" + } + ] + } + }, + { + "name": "ilbLoadDistribution", + "type": "Microsoft.Common.DropDown", + "label": "Internal Load Balancer session persistence", + "defaultValue": "None (5-tuple)", + "toolTip": "The load balancing distribution method for the Internal Load Balancer.", + "visible": "[not(equals(steps('chkp-advanced').deploymentMode, 'ELBOnly'))]", + "constraints": { + "allowedValues": [ + { + "label": "None (5-tuple)", + "value": "Default" + }, + { + "label": "Client IP (2-tuple)", + "value": "SourceIP" + }, + { + "label": "Client IP and protocol (3-tuple)", + "value": "SourceIPProtocol" + } + ] + } + }, + { + "name": "floatingIP", + "type": "Microsoft.Common.OptionsGroup", + "label": "Deploy the Load Balancers with floating IP", + "defaultValue": "No", + "toolTip": "Deploy the Load Balancers with floating IP.", + "constraints": { + "allowedValues": [ + { + "label": "No", + "value": "no" + }, + { + "label": "Yes", + "value": "yes" + } + ] + }, + "visible": true + }, + { + "name": "instanceLevelPublicIP", + "type": "Microsoft.Common.OptionsGroup", + "label": "Deploy the VMSS with instance level Public IP address", + "defaultValue": "No", + "toolTip": "If selected 'Yes', then each VMSS instance will have its own public IP address.", + "constraints": { + "allowedValues": [ + { + "label": "No", + "value": "no" + }, + { + "label": "Yes", + "value": "yes" + } + ] + } + }, + { + "name": "publicIPPrefix", + "type": "Microsoft.Common.OptionsGroup", + "label": "Public IP prefix", + "defaultValue": "No", + "toolTip": "Define if deploy existsing Public IP Prefix or a new Public IP Prefix.", + "constraints": { + "allowedValues": [ + { + "label": "No", + "value": "no" + }, + { + "label": "Yes", + "value": "yes" + } ] }, - "osPlatform": "Linux", - "imageReference": { - "publisher": "checkpoint", - "offer": "check-point-cg-r82", - "sku": "sg-byol" + "visible": "[equals(steps('chkp-advanced').instanceLevelPublicIP, 'yes')]" + }, + { + "name": "createNewIPPrefix", + "type": "Microsoft.Common.OptionsGroup", + "label": "Create new IP prefiex", + "toolTip": "Create new or existsing Public IP Prefix", + "defaultValue": "No", + "constraints": { + "allowedValues": [ + { + "label": "No", + "value": "no" + }, + { + "label": "Yes", + "value": "yes" + } + ] }, - "count": "[steps('autoprovision').vmCount]" + "visible": "[equals(steps('chkp-advanced').publicIPPrefix, 'yes')]" }, { - "name": "R82vmSizeUiNGTP", - "type": "Microsoft.Compute.SizeSelector", - "visible": "[and(equals(steps('chkp').cloudGuardVersion, 'R82'), contains(steps('chkp').R80Offer, '(NGTP)'))]", - "label": "Virtual machine size", - "toolTip": "The VM size of the Security Gateway", - "recommendedSizes": [ - "Standard_D4ds_v5", - "Standard_D4d_v5" - ], + "name": "IPv4Length", + "type": "Microsoft.Common.DropDown", + "label": "IPv4 IP prefix length", + "defaultValue": "/31 (2 addresses)", + "toolTip": "Choose the length of the IP prefix for IP v4.", + "multiselect": false, + "selectAll": false, + "filter": false, + "multiLine": false, "constraints": { - "allowedSizes": [ - "Standard_D4_v4", - "Standard_D8_v4", - "Standard_D16_v4", - "Standard_D32_v4", - "Standard_D48_v4", - "Standard_D64_v4", - "Standard_D4s_v4", - "Standard_D8s_v4", - "Standard_D16s_v4", - "Standard_D32s_v4", - "Standard_D48s_v4", - "Standard_D64s_v4", - "Standard_D2_v5", - "Standard_D4_v5", - "Standard_D8_v5", - "Standard_D16_v5", - "Standard_D32_v5", - "Standard_D2s_v5", - "Standard_D4s_v5", - "Standard_D8s_v5", - "Standard_D16s_v5", - "Standard_D2d_v5", - "Standard_D4d_v5", - "Standard_D8d_v5", - "Standard_D16d_v5", - "Standard_D32d_v5", - "Standard_D2ds_v5", - "Standard_D4ds_v5", - "Standard_D8ds_v5", - "Standard_D16ds_v5", - "Standard_D32ds_v5", - "Standard_DS2_v2", - "Standard_DS3_v2", - "Standard_DS4_v2", - "Standard_DS5_v2", - "Standard_F2s", - "Standard_F4s", - "Standard_F8s", - "Standard_F16s", - "Standard_D4s_v3", - "Standard_D8s_v3", - "Standard_D16s_v3", - "Standard_D32s_v3", - "Standard_D64s_v3", - "Standard_E4s_v3", - "Standard_E8s_v3", - "Standard_E16s_v3", - "Standard_E20s_v3", - "Standard_E32s_v3", - "Standard_E64s_v3", - "Standard_E64is_v3", - "Standard_F4s_v2", - "Standard_F8s_v2", - "Standard_F16s_v2", - "Standard_F32s_v2", - "Standard_F64s_v2", - "Standard_M8ms", - "Standard_M16ms", - "Standard_M32ms", - "Standard_M64ms", - "Standard_M64s", - "Standard_D2_v2", - "Standard_D3_v2", - "Standard_D4_v2", - "Standard_D5_v2", - "Standard_D11_v2", - "Standard_D12_v2", - "Standard_D13_v2", - "Standard_D14_v2", - "Standard_D15_v2", - "Standard_F2", - "Standard_F4", - "Standard_F8", - "Standard_F16", - "Standard_D4_v3", - "Standard_D8_v3", - "Standard_D16_v3", - "Standard_D32_v3", - "Standard_D64_v3", - "Standard_E4_v3", - "Standard_E8_v3", - "Standard_E16_v3", - "Standard_E20_v3", - "Standard_E32_v3", - "Standard_E64_v3", - "Standard_E64i_v3", - "Standard_DS11_v2", - "Standard_DS12_v2", - "Standard_DS13_v2", - "Standard_DS14_v2", - "Standard_DS15_v2" + "allowedValues": [ + { + "label": "/28 (16 addresses)", + "value": "/28 (16 addresses)" + }, + { + "label": "/29 (8 addresses)", + "value": "/29 (8 addresses)" + }, + { + "label": "/30 (4 addresses)", + "value": "/30 (4 addresses)" + }, + { + "label": "/31 (2 addresses)", + "value": "/31 (2 addresses)" + } + ], + "required": true + }, + "visible": "[equals(steps('chkp-advanced').createNewIPPrefix, 'yes')]" + }, + { + "name": "ipPrefixLengthWarning", + "type": "Microsoft.Common.InfoBox", + "visible": "[equals(steps('chkp-advanced').createNewIPPrefix, 'yes')]", + "options": { + "icon": "Warning", + "text": "[concat('NOTE: The VMSS will not be allowed to contain more than ', if(equals(steps('chkp-advanced').IPv4Length, '/31 (2 addresses)'), '2', if(equals(steps('chkp-advanced').IPv4Length, '/30 (4 addresses)'), '4', if(equals(steps('chkp-advanced').IPv4Length, '/29 (8 addresses)'), '8', if(equals(steps('chkp-advanced').IPv4Length, '/28 (16 addresses)'), '16', '0')))), ' instances')]" + } + }, + { + "name": "ipPrefixExistingResourceId", + "type": "Microsoft.Common.TextBox", + "label": "Enter an existing IP prefix resource id", + "toolTip": "The resource id of an existing public IP prefix.", + "multiLine": false, + "constraints": { + "regex": "^[a-z0-9A-Z -.:/n]{1,}$", + "validationMessage": "Only alphanumeric characters, hyphens, spaces, periods, and colons are allowed.", + "required": true + }, + "visible": "[equals(steps('chkp-advanced').createNewIPPrefix, 'no')]" + }, + { + "name": "externalCommunicationInfoBox", + "type": "Microsoft.Common.InfoBox", + "visible": "[and(equals(steps('chkp-advanced').instanceLevelPublicIP, 'no'), equals(steps('chkp-advanced').deploymentMode, 'ILBOnly'))]", + "options": { + "icon": "Warning", + "text": "For outbound inspection it is mandatory to deploy an external load balancer and/or instance level public IP addresses." + } + }, + { + "name": "lbsTargetRGName", + "type": "Microsoft.Common.TextBox", + "visible": "[equals(steps('chkp-advanced').upgrading, 'yes')]", + "label": "Target load balancers resource group name", + "defaultValue": "", + "toolTip": "The name of the Target Load Balancers Resource Group.", + "constraints": { + "required": true, + "regex": "^[a-z0-9A-Z_\\-\\.\\/\\(\\)]", + "validationMessage": "Resource Group only allow alphanumeric characters, periods, underscores, hyphens, slash, and parenthesis" + } + }, + { + "name": "elbResourceId", + "type": "Microsoft.Common.TextBox", + "visible": "[and(equals(steps('chkp-advanced').upgrading, 'yes'), not(equals(steps('chkp-advanced').deploymentMode, 'ILBOnly')))]", + "label": "Target external load balancer resource ID", + "defaultValue": "", + "toolTip": "The Resource ID of the Target External Load Balancer.", + "constraints": { + "required": true, + "regex": "^[a-z0-9A-Z_\\-\\.\\/\\(\\)]", + "validationMessage": "Resource Id only allow alphanumeric characters, periods, underscores, hyphens, slash, and parenthesis" + } + }, + { + "name": "elbBEAddressPoolName", + "type": "Microsoft.Common.TextBox", + "visible": "[and(equals(steps('chkp-advanced').upgrading, 'yes'), not(equals(steps('chkp-advanced').deploymentMode, 'ILBOnly')))]", + "label": "Target external load balancer's backend pool name", + "toolTip": "The name of the target external load Balancer's Backend Pool.", + "constraints": { + "required": true, + "regex": "^[a-z0-9A-Z_\\-\\.\\/\\(\\)]", + "validationMessage": "Only alphanumeric characters, periods, underscores, hyphens, slash, and parenthesis are allowed" + } + }, + { + "name": "ilbResourceId", + "type": "Microsoft.Common.TextBox", + "visible": "[and(equals(steps('chkp-advanced').upgrading, 'yes'), not(equals(steps('chkp-advanced').deploymentMode, 'ELBOnly')))]", + "label": "Target internal load balancer resource ID", + "defaultValue": "", + "toolTip": "The Resource ID of the Target Internal Load Balancer.", + "constraints": { + "required": true, + "regex": "^[a-z0-9A-Z_\\-\\.\\/\\(\\)]", + "validationMessage": "Resource Id only allow alphanumeric characters, periods, underscores, hyphens, slash, and parenthesis" + } + }, + { + "name": "ilbBEAddressPoolName", + "type": "Microsoft.Common.TextBox", + "visible": "[and(equals(steps('chkp-advanced').upgrading, 'yes'), not(equals(steps('chkp-advanced').deploymentMode, 'ELBOnly')))]", + "label": "Target internal load balancer's backend pool name", + "toolTip": "The name of the target internal load balancer's backend pool.", + "constraints": { + "required": true, + "regex": "^[a-z0-9A-Z_\\-\\.\\/\\(\\)]", + "validationMessage": "Only alphanumeric characters, periods, underscores, hyphens, slash, and parenthesis are allowed" + } + }, + { + "name": "mgmtInterfaceOpt1", + "type": "Microsoft.Common.DropDown", + "label": "Management interface and IP address", + "defaultValue": "Backend NIC's private IP address", + "visible": "[equals(steps('chkp-advanced').instanceLevelPublicIP, 'yes')]", + "toolTip": "Manage the Gateways in the Scale Set via the instance's external (eth0) or internal (eth1) NIC and with public or private IP.", + "constraints": { + "allowedValues": [ + { + "label": "Backend NIC's private IP address", + "value": "eth1-private" + }, + { + "label": "Frontend NIC's public IP address", + "value": "eth0-public" + }, + { + "label": "Frontend NIC's private IP address", + "value": "eth0-private" + } ] - }, - "osPlatform": "Linux", - "imageReference": { - "publisher": "checkpoint", - "offer": "check-point-cg-r82", - "sku": "sg-ngtp" - }, - "count": "[steps('autoprovision').vmCount]" + } }, { - "name": "R82vmSizeUiNGTX", - "type": "Microsoft.Compute.SizeSelector", - "visible": "[and(equals(steps('chkp').cloudGuardVersion, 'R82'), contains(steps('chkp').R80Offer, '(NGTX)'))]", - "label": "Virtual machine size", - "toolTip": "The VM size of the Security Gateway", - "recommendedSizes": [ - "Standard_D4ds_v5", - "Standard_D4d_v5" - ], + "name": "mgmtInterfaceOpt2", + "type": "Microsoft.Common.DropDown", + "label": "Management interface and IP address", + "defaultValue": "Backend NIC's private IP address", + "visible": "[equals(steps('chkp-advanced').instanceLevelPublicIP, 'no')]", + "toolTip": "Manage the Gateways in the Scale Set via the instance's external (eth0) or internal (eth1) NIC's private IP address.", "constraints": { - "allowedSizes": [ - "Standard_D4_v4", - "Standard_D8_v4", - "Standard_D16_v4", - "Standard_D32_v4", - "Standard_D48_v4", - "Standard_D64_v4", - "Standard_D4s_v4", - "Standard_D8s_v4", - "Standard_D16s_v4", - "Standard_D32s_v4", - "Standard_D48s_v4", - "Standard_D64s_v4", - "Standard_D2_v5", - "Standard_D4_v5", - "Standard_D8_v5", - "Standard_D16_v5", - "Standard_D32_v5", - "Standard_D2s_v5", - "Standard_D4s_v5", - "Standard_D8s_v5", - "Standard_D16s_v5", - "Standard_D2d_v5", - "Standard_D4d_v5", - "Standard_D8d_v5", - "Standard_D16d_v5", - "Standard_D32d_v5", - "Standard_D2ds_v5", - "Standard_D4ds_v5", - "Standard_D8ds_v5", - "Standard_D16ds_v5", - "Standard_D32ds_v5", - "Standard_DS2_v2", - "Standard_DS3_v2", - "Standard_DS4_v2", - "Standard_DS5_v2", - "Standard_F2s", - "Standard_F4s", - "Standard_F8s", - "Standard_F16s", - "Standard_D4s_v3", - "Standard_D8s_v3", - "Standard_D16s_v3", - "Standard_D32s_v3", - "Standard_D64s_v3", - "Standard_E4s_v3", - "Standard_E8s_v3", - "Standard_E16s_v3", - "Standard_E20s_v3", - "Standard_E32s_v3", - "Standard_E64s_v3", - "Standard_E64is_v3", - "Standard_F4s_v2", - "Standard_F8s_v2", - "Standard_F16s_v2", - "Standard_F32s_v2", - "Standard_F64s_v2", - "Standard_M8ms", - "Standard_M16ms", - "Standard_M32ms", - "Standard_M64ms", - "Standard_M64s", - "Standard_D2_v2", - "Standard_D3_v2", - "Standard_D4_v2", - "Standard_D5_v2", - "Standard_D11_v2", - "Standard_D12_v2", - "Standard_D13_v2", - "Standard_D14_v2", - "Standard_D15_v2", - "Standard_F2", - "Standard_F4", - "Standard_F8", - "Standard_F16", - "Standard_D4_v3", - "Standard_D8_v3", - "Standard_D16_v3", - "Standard_D32_v3", - "Standard_D64_v3", - "Standard_E4_v3", - "Standard_E8_v3", - "Standard_E16_v3", - "Standard_E20_v3", - "Standard_E32_v3", - "Standard_E64_v3", - "Standard_E64i_v3", - "Standard_DS11_v2", - "Standard_DS12_v2", - "Standard_DS13_v2", - "Standard_DS14_v2", - "Standard_DS15_v2" + "allowedValues": [ + { + "label": "Backend NIC's private IP address", + "value": "eth1-private" + }, + { + "label": "Frontend NIC's private IP address", + "value": "eth0-private" + } + ] + } + }, + { + "name": "availabilityZonesNum", + "type": "Microsoft.Common.DropDown", + "label": "Number of Availability Zones to use", + "defaultValue": "None", + "toolTip": "The number of avalability zones to use for the scale set. Note that the load balancers and their IP addresses will be zone redundant in any case.", + "visible": "[contains(' australiaeast brazilsouth canadacentral centralus eastasia eastus eastus2 francecentral germanywestcentral japaneast koreacentral northeurope norwayeast southafricanorth southcentralus southeastasia swedencentral uksouth usgovvirginia westeurope westus2 westus3 switzerlandnorth qatarcentral centralindia uaenorth italynorth ', concat(' ', location(), ' '))]", + "constraints": { + "allowedValues": [ + { + "label": "None", + "value": 0 + }, + { + "label": "One zone", + "value": 1 + }, + { + "label": "Two zones", + "value": 2 + }, + { + "label": "Three zones", + "value": 3 + } + ] + } + }, + { + "name": "customMetrics", + "type": "Microsoft.Common.OptionsGroup", + "label": "Enable CloudGuard metrics", + "defaultValue": "Yes", + "toolTip": "Enable CloudGuard metrics in order to send statuses and statistics collected from VMSS instances to the Azure Monitor service.", + "constraints": { + "allowedValues": [ + { + "label": "No", + "value": "no" + }, + { + "label": "Yes", + "value": "yes" + } ] }, - "osPlatform": "Linux", - "imageReference": { - "publisher": "checkpoint", - "offer": "check-point-cg-r82", - "sku": "sg-ngtx" - }, - "count": "[steps('autoprovision').vmCount]" + "visible": true }, { "name": "adminShell", @@ -1647,23 +1692,6 @@ ] } }, - { - "name": "sicKeyUi", - "type": "Microsoft.Common.PasswordBox", - "label": { - "password": "SIC Key", - "confirmPassword": "Confirm SIC Key" - }, - "toolTip": "Set the Secure Internal Communication one time secret used to set up trust between the gateway and the management server.", - "constraints": { - "required": true, - "regex": "^[a-z0-9A-Z]{12,30}$", - "validationMessage": "Only alphanumeric characters are allowed, and the value must be 12-30 characters long." - }, - "options": { - "hideConfirmation": false - } - }, { "name": "SerialPasswordInfoBox", "type": "Microsoft.Common.InfoBox", @@ -1674,11 +1702,11 @@ } }, { - "visible": "[bool(basics('auth').sshPublicKey)]", + "visible": "[bool(basics('auth').sshPublicKey)]", "name": "EnableSerialConsolePassword", "type": "Microsoft.Common.OptionsGroup", "label": "Enable Serial console password", - "defaultValue": "Yes", + "defaultValue": "No", "toolTip": "A unique password hash to enable VM connection via serial console.", "constraints": { "allowedValues": [ @@ -1697,7 +1725,7 @@ "name": "AdditionalPassword", "type": "Microsoft.Common.PasswordBox", "toolTip": "Serial console password hash, used to enable password authentication (using serial console). To generate password hash use the command 'openssl passwd -6 PASSWORD'", - "visible": "[and(bool(basics('auth').sshPublicKey), steps('chkp').EnableSerialConsolePassword)]", + "visible": "[and(bool(basics('auth').sshPublicKey), steps('chkp-advanced').EnableSerialConsolePassword)]", "label": { "password": "Password hash", "confirmPassword": "Confirm password" @@ -1714,34 +1742,14 @@ { "name": "MaintenanceModeInfoBox", "type": "Microsoft.Common.InfoBox", - "visible": "[and(bool(basics('auth').password), not(contains('R81.10', steps('chkp').cloudGuardVersion)))]", + "visible": "[and(bool(basics('auth').password), not(contains('R81.10', steps('autoprovision').cloudGuardVersion)))]", "options": { "icon": "Info", "text": "Check Point recommends setting a maintenance-mode password for recovery purposes." } }, { - "visible": "[not(contains('R81.10', steps('chkp').cloudGuardVersion))]", - "name": "EnableMaintenanceMode", - "type": "Microsoft.Common.OptionsGroup", - "label": "Enable Maintenance Mode", - "defaultValue": "Yes", - "toolTip": "A unique password hash to enable VM maintenance mode.", - "constraints": { - "allowedValues": [ - { - "label": "Yes", - "value": true - }, - { - "label": "No", - "value": false - } - ] - } - }, - { - "visible": "[and(not(contains('R81.10', steps('chkp').cloudGuardVersion)), steps('chkp').EnableMaintenanceMode)]", + "visible": "[not(contains('R81.10', steps('autoprovision').cloudGuardVersion))]", "name": "MaintenanceModePassword", "type": "Microsoft.Common.PasswordBox", "defaultValue": "", @@ -1751,7 +1759,6 @@ "confirmPassword": "Confirm Password" }, "constraints": { - "required": true, "validationMessage": "The value must be the output of the hash command." }, "options": { @@ -1798,7 +1805,7 @@ "type": "Microsoft.Common.OptionsGroup", "label": "VM disk type", "toolTip": "Type of CloudGuard disk.", - "visible": "[not(contains('R81.10' , steps('chkp').cloudGuardVersion))]", + "visible": "[not(contains('R81.10' , steps('autoprovision').cloudGuardVersion))]", "defaultValue": "Premium", "constraints": { "allowedValues": [ @@ -1818,7 +1825,7 @@ "type": "Microsoft.Common.OptionsGroup", "label": "VM disk type", "toolTip": "Type of CloudGuard disk.", - "visible": "[contains('R81.10' , steps('chkp').cloudGuardVersion)]", + "visible": "[contains('R81.10' , steps('autoprovision').cloudGuardVersion)]", "defaultValue": "Standard", "constraints": { "allowedValues": [ @@ -1833,6 +1840,15 @@ ] } }, + { + "name": "InfoVMDiskSpace", + "type": "Microsoft.Common.InfoBox", + "visible": "[not(contains('R81.10 R81.20', steps('autoprovision').cloudGuardVersion))]", + "options": { + "icon": "Info", + "text": "See Adding disk space in CloudGuard for instructions on adding additional disk space " + } + }, { "name": "additionalDiskSizeGB", "type": "Microsoft.Common.TextBox", @@ -1843,7 +1859,7 @@ "regex": "^([0-9]|[1-9][0-9]|[1-9][0-9][0-9]|[1-2][0-9][0-9][0-9]|3[0-8][0-9][0-9]|399[0-5])$", "validationMessage": "Select a number between 0 and 3995" }, - "visible": "[not(contains('R81.10 R81.20', steps('chkp').cloudGuardVersion))]" + "visible": "[not(contains('R81.10 R81.20', steps('autoprovision').cloudGuardVersion))]" }, { "name": "useCustomImageUri", @@ -1872,11 +1888,11 @@ "label": "Development Image URI", "toolTip": "The URI of the blob containing the development image", "constraints": { - "required": "[equals(steps('chkp').useCustomImageUri, 'Yes')]", + "required": "[equals(steps('chkp-advanced').useCustomImageUri, 'Yes')]", "regex": "^[a-z0-9A-Z_\\-\\.\\:\\/]{1,500}.vhd$", "validationMessage": "Only alphanumeric characters and '_','-','.',':','/' are allowed, the value must be 1-500 characters long and must end with .vhd. " }, - "visible": "[equals(steps('chkp').useCustomImageUri, 'Yes')]" + "visible": "[equals(steps('chkp-advanced').useCustomImageUri, 'Yes')]" } ] }, @@ -1919,7 +1935,7 @@ }, "constraints": { "minAddressPrefixSize": "/29", - "minAddressCount": "[steps('autoprovision').maxVmCount]", + "minAddressCount": "[steps('chkp-advanced').maxVmCount]", "requireContiguousAddresses": false } }, @@ -1931,7 +1947,7 @@ }, "constraints": { "minAddressPrefixSize": "/29", - "minAddressCount": "[steps('autoprovision').maxVmCount]", + "minAddressCount": "[steps('chkp-advanced').maxVmCount]", "requireContiguousAddresses": false } } @@ -2016,6 +2032,15 @@ "name": "tags", "label": "Tags", "elements": [ + { + "name": "InfoTags", + "type": "Microsoft.Common.InfoBox", + "visible": "true", + "options": { + "icon": "Info", + "text": "Check Point automatically configures all tags required by the solution\nOPTIONAL: Additional tags can be added below" + } + }, { "name": "tagsByResource", "type": "Microsoft.Common.TagsByResource", @@ -2039,35 +2064,35 @@ "authenticationType": "[basics('auth').authenticationType]", "adminPassword": "[basics('auth').password]", "sshPublicKey": "[basics('auth').sshPublicKey]", - "upgrading": "[steps('autoprovision').upgrading]", + "upgrading": "[steps('chkp-advanced').upgrading]", "vmName": "[basics('gatewayScaleSetNameUi')]", - "instanceCount": "[steps('autoprovision').vmCount]", - "maxInstanceCount": "[steps('autoprovision').maxVmCount]", + "instanceCount": "[steps('chkp-advanced').vmCount]", + "maxInstanceCount": "[steps('chkp-advanced').maxVmCount]", "managementServer": "[steps('autoprovision').managementServer]", "configurationTemplate": "[steps('autoprovision').configurationTemplate]", - "adminEmail": "[steps('autoprovision').adminEmail]", - "deploymentMode": "[steps('autoprovision').deploymentMode]", - "instanceLevelPublicIP": "[steps('autoprovision').instanceLevelPublicIP]", - "lbsTargetRGName": "[steps('autoprovision').lbsTargetRGName]", - "elbResourceId": "[steps('autoprovision').elbResourceId]", - "elbTargetBEAddressPoolName": "[steps('autoprovision').elbBEAddressPoolName]", - "ilbResourceId": "[steps('autoprovision').ilbResourceId]", - "ilbTargetBEAddressPoolName": "[steps('autoprovision').ilbBEAddressPoolName]", - "mgmtInterfaceOpt1": "[steps('autoprovision').mgmtInterfaceOpt1]", - "mgmtInterfaceOpt2": "[steps('autoprovision').mgmtInterfaceOpt2]", + "adminEmail": "[steps('chkp-advanced').adminEmail]", + "deploymentMode": "[steps('chkp-advanced').deploymentMode]", + "instanceLevelPublicIP": "[steps('chkp-advanced').instanceLevelPublicIP]", + "lbsTargetRGName": "[steps('chkp-advanced').lbsTargetRGName]", + "elbResourceId": "[steps('chkp-advanced').elbResourceId]", + "elbTargetBEAddressPoolName": "[steps('chkp-advanced').elbBEAddressPoolName]", + "ilbResourceId": "[steps('chkp-advanced').ilbResourceId]", + "ilbTargetBEAddressPoolName": "[steps('chkp-advanced').ilbBEAddressPoolName]", + "mgmtInterfaceOpt1": "[steps('chkp-advanced').mgmtInterfaceOpt1]", + "mgmtInterfaceOpt2": "[steps('chkp-advanced').mgmtInterfaceOpt2]", "mgmtIPaddress": "[steps('autoprovision').mgmtIPaddress]", - "appLoadDistribution": "[steps('autoprovision').appLoadDistribution]", - "ilbLoadDistribution": "[steps('autoprovision').ilbLoadDistribution]", - "availabilityZonesNum": "[coalesce(steps('autoprovision').availabilityZonesNum, int('0'))]", - "customMetrics": "[steps('autoprovision').customMetrics]", - "cloudGuardVersion": "[concat(steps('chkp').cloudGuardVersion, ' - ', coalesce(steps('chkp').R80Offer, 'Bring Your Own License'))]", - "vmSize": "[coalesce(steps('chkp').R8110vmSizeUiBYOL, steps('chkp').R8110vmSizeUiNGTP, steps('chkp').R8110vmSizeUiNGTX, steps('chkp').R8120vmSizeUiBYOL, steps('chkp').R8120vmSizeUiNGTP, steps('chkp').R8120vmSizeUiNGTX, steps('chkp').R82vmSizeUiBYOL, steps('chkp').R82vmSizeUiNGTP, steps('chkp').R82vmSizeUiNGTX)]", - "sicKey": "[steps('chkp').sicKeyUi]", - "bootstrapScript": "[steps('chkp').bootstrapScript]", - "allowDownloadFromUploadToCheckPoint": "[coalesce(steps('chkp').allowUploadDownload, 'true')]", - "additionalDiskSizeGB": "[int(steps('chkp').additionalDiskSizeGB)]", - "diskType": "[if(contains('R81.10' , steps('chkp').cloudGuardVersion) , steps('chkp').VMDiskTypeOldVersions , steps('chkp').VMDiskType)]", - "sourceImageVhdUri": "[coalesce(steps('chkp').sourceImageVhdUri, 'noCustomUri')]", + "appLoadDistribution": "[steps('chkp-advanced').appLoadDistribution]", + "ilbLoadDistribution": "[steps('chkp-advanced').ilbLoadDistribution]", + "availabilityZonesNum": "[coalesce(steps('chkp-advanced').availabilityZonesNum, int('0'))]", + "customMetrics": "[steps('chkp-advanced').customMetrics]", + "cloudGuardVersion": "[concat(steps('autoprovision').cloudGuardVersion, ' - ', coalesce(steps('autoprovision').R80Offer, 'Bring Your Own License'))]", + "vmSize": "[coalesce(steps('autoprovision').R8110vmSizeUiBYOL, steps('autoprovision').R8110vmSizeUiNGTP, steps('autoprovision').R8110vmSizeUiNGTX , steps('autoprovision').R8120vmSizeUiBYOL, steps('autoprovision').R8120vmSizeUiNGTP, steps('autoprovision').R8120vmSizeUiNGTX, steps('autoprovision').R82vmSizeUiBYOL, steps('autoprovision').R82vmSizeUiNGTP, steps('autoprovision').R82vmSizeUiNGTX)]", + "sicKey": "[steps('autoprovision').sicKeyUi]", + "bootstrapScript": "[steps('chkp-advanced').bootstrapScript]", + "allowDownloadFromUploadToCheckPoint": "[coalesce(steps('chkp-advanced').allowUploadDownload, 'true')]", + "additionalDiskSizeGB": "[int(steps('chkp-advanced').additionalDiskSizeGB)]", + "diskType": "[if(contains('R81.10' , steps('autoprovision').cloudGuardVersion) , steps('chkp-advanced').VMDiskTypeOldVersions , steps('chkp-advanced').VMDiskType)]", + "sourceImageVhdUri": "[coalesce(steps('chkp-advanced').sourceImageVhdUri, 'noCustomUri')]", "virtualNetworkName": "[steps('network').virtualNetwork.name]", "virtualNetworkAddressPrefixes": "[steps('network').virtualNetwork.addressPrefixes]", "vnetNewOrExisting": "[steps('network').virtualNetwork.newOrExisting]", @@ -2077,19 +2102,19 @@ "subnet2Name": "[steps('network').virtualNetwork.subnets.subnet2.name]", "subnet2Prefix": "[steps('network').virtualNetwork.subnets.subnet2.addressPrefix]", "subnet2StartAddress": "[steps('network').virtualNetwork.subnets.subnet2.startAddress]", - "floatingIP": "[steps('autoprovision').floatingIP]", - "IPv4Length": "[steps('autoprovision').IPv4Length]", - "publicIPPrefix": "[steps('autoprovision').publicIPPrefix]", - "createNewIPPrefix": "[steps('autoprovision').createNewIPPrefix]", - "ipPrefixExistingResourceId": "[steps('autoprovision').ipPrefixExistingResourceId]", - "adminShell": "[steps('chkp').adminShell]", + "floatingIP": "[steps('chkp-advanced').floatingIP]", + "IPv4Length": "[steps('chkp-advanced').IPv4Length]", + "publicIPPrefix": "[steps('chkp-advanced').publicIPPrefix]", + "createNewIPPrefix": "[steps('chkp-advanced').createNewIPPrefix]", + "ipPrefixExistingResourceId": "[steps('chkp-advanced').ipPrefixExistingResourceId]", + "adminShell": "[steps('chkp-advanced').adminShell]", "tagsByResource": "[steps('tags').tagsByResource]", "deployNewNSG": "[steps('network').NSG]", "ExistingNSG": "[steps('network').nsgSelector]", "NewNsgName": "[steps('network').NSGName]", "addStorageAccountIpRules": "[steps('network').addStorageAccountIpRules]", - "SerialConsolePasswordHash": "[steps('chkp').AdditionalPassword]", - "MaintenanceModePasswordHash": "[steps('chkp').MaintenanceModePassword]" + "SerialConsolePasswordHash": "[steps('chkp-advanced').AdditionalPassword]", + "MaintenanceModePasswordHash": "[steps('chkp-advanced').MaintenanceModePassword]" } } } diff --git a/terraform/aws/autoscale-gwlb/variables.tf b/terraform/aws/autoscale-gwlb/variables.tf index 82e7396a..f357e9e4 100644 --- a/terraform/aws/autoscale-gwlb/variables.tf +++ b/terraform/aws/autoscale-gwlb/variables.tf @@ -22,11 +22,19 @@ variable "prefix" { type = string description = "(Optional) Instances name prefix" default = "" + validation { + condition = length(var.prefix) <= 40 + error_message = "Prefix can not exceed 40 characters." + } } variable "asg_name" { type = string description = "Autoscaling Group name" - default = "Check-Point-ASG-tf" + default = "Check-Point-Security-Gateway-AutoScaling-Group-tf" + validation { + condition = length(var.asg_name) <= 100 + error_message = "Autoscaling Group name can not exceed 100 characters." + } } // --- VPC Network Configuration --- diff --git a/terraform/aws/autoscale/variables.tf b/terraform/aws/autoscale/variables.tf index 2244fcbb..5bba8b07 100755 --- a/terraform/aws/autoscale/variables.tf +++ b/terraform/aws/autoscale/variables.tf @@ -22,11 +22,19 @@ variable "prefix" { type = string description = "(Optional) Instances name prefix" default = "" + validation { + condition = length(var.prefix) <= 40 + error_message = "Prefix can not exceed 40 characters." + } } variable "asg_name" { type = string description = "Autoscaling Group name" - default = "Check-Point-ASG-tf" + default = "Check-Point-Security-Gateway-AutoScaling-Group-tf" + validation { + condition = length(var.asg_name) <= 100 + error_message = "Autoscaling Group name can not exceed 100 characters." + } } // --- VPC Network Configuration --- diff --git a/terraform/aws/modules/custom-autoscale/variables.tf b/terraform/aws/modules/custom-autoscale/variables.tf index a99cb9a5..b7e5ac65 100755 --- a/terraform/aws/modules/custom-autoscale/variables.tf +++ b/terraform/aws/modules/custom-autoscale/variables.tf @@ -5,11 +5,19 @@ variable "prefix" { type = string description = "(Optional) Instances name prefix" default = "" + validation { + condition = length(var.prefix) <= 40 + error_message = "Prefix can not exceed 40 characters." + } } variable "asg_name" { type = string description = "Autoscaling Group name" - default = "Check-Point-ASG-tf" + default = "Check-Point-Security-Gateway-AutoScaling-Group-tf" + validation { + condition = length(var.asg_name) <= 100 + error_message = "Autoscaling Group name can not exceed 100 characters." + } } // --- VPC Network Configuration --- diff --git a/terraform/aws/qs-autoscale-master/variables.tf b/terraform/aws/qs-autoscale-master/variables.tf index 35071b1c..a9d3f60c 100755 --- a/terraform/aws/qs-autoscale-master/variables.tf +++ b/terraform/aws/qs-autoscale-master/variables.tf @@ -23,11 +23,19 @@ variable "prefix" { type = string description = "(Optional) Instances name prefix" default = "" + validation { + condition = length(var.prefix) <= 40 + error_message = "Prefix can not exceed 40 characters." + } } variable "asg_name" { type = string description = "Autoscaling Group name" - default = "Check-Point-ASG-tf" + default = "Check-Point-Security-Gateway-AutoScaling-Group-tf" + validation { + condition = length(var.asg_name) <= 100 + error_message = "Autoscaling Group name can not exceed 100 characters." + } } // --- Network Configuration --- variable "vpc_cidr" { diff --git a/terraform/aws/qs-autoscale/variables.tf b/terraform/aws/qs-autoscale/variables.tf index b1539ba3..807d00c1 100755 --- a/terraform/aws/qs-autoscale/variables.tf +++ b/terraform/aws/qs-autoscale/variables.tf @@ -23,11 +23,19 @@ variable "prefix" { type = string description = "(Optional) Instances name prefix" default = "" + validation { + condition = length(var.prefix) <= 40 + error_message = "Prefix can not exceed 40 characters." + } } variable "asg_name" { type = string description = "Autoscaling Group name" - default = "Check-Point-ASG-tf" + default = "Check-Point-Security-Gateway-AutoScaling-Group-tf" + validation { + condition = length(var.asg_name) <= 100 + error_message = "Autoscaling Group name can not exceed 100 characters." + } } // --- General Settings --- variable "vpc_id" {