Skip to content

Commit

Permalink
Added vWAN custom deployment template
Browse files Browse the repository at this point in the history
  • Loading branch information
@chkp-olgami
chkp-olgami committed Jan 24, 2024
1 parent 9beb622 commit 567f16c
Show file tree
Hide file tree
Showing 2 changed files with 325 additions and 0 deletions.
80 changes: 80 additions & 0 deletions azure/templates/vwan-managed-app/README.md
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,80 @@
# Check Point CloudGuard Network Security for Azure Virtual WAN


Microsoft Azure Virtual WAN is a networking service that enables customers to easily establish optimized large-scale branch connectivity with Azure and the Microsoft global network, providing automated branch-to-branch connectivity.


## Image version
To retrieve the image version, perform an API GET call using the following URLs:

For Security Enforcement (NGTP) license:
```
https://management.azure.com/subscriptions/{subscription_id}/providers/Microsoft.Network/networkVirtualApplianceSkus/checkpoint?api-version=2023-05-01
```

For Full Package (NGTX + S1C) license:
```
https://management.azure.com/subscriptions/{subscription_id}/providers/Microsoft.Network/networkVirtualApplianceSkus/checkpoint-ngtx?api-version=2023-05-01
```


## Output example:
```
{
"etag": "00000000-0000-0000-0000-000000000000",
"name": "checkpoint",
"properties": {
"availableScaleUnits": [
{
"instanceCount": "2",
"scaleUnit": "10"
},
{
"instanceCount": "2",
"scaleUnit": "20"
},
{
"instanceCount": "2",
"scaleUnit": "2"
},
{
"instanceCount": "3",
"scaleUnit": "30"
},
{
"instanceCount": "3",
"scaleUnit": "40"
},
{
"instanceCount": "2",
"scaleUnit": "4"
},
{
"instanceCount": "4",
"scaleUnit": "60"
},
{
"instanceCount": "5",
"scaleUnit": "80"
}
],
"availableVersions": [
"8110.900335.1435",
"8120.900631.1433",
"latest"
],
"marketPlaceLink": "https://aka.ms/Checkpointmarketplace",
"provisioningState": "Succeeded",
"vendor": "checkpoint"
}
}
```

From the output, extract the desired image from the "availableVersions" section (e.g., "8120.900631.1433")

Note: Do not use "latest"


<a href="https://portal.azure.com/#create/Microsoft.Template/uri/https%3A%2F%2Fraw.githubusercontent.com%2FCheckPointSW%2FCloudGuardIaaS%2Fmaster%2Fazure%2Ftemplates%2Fvwan-managed-app%2FmainTemplate.json">
<img src="https://aka.ms/deploytoazurebutton" alt="Deploy to Azure" />
</a>
245 changes: 245 additions & 0 deletions azure/templates/vwan-managed-app/mainTemplate.json
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,245 @@
{
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"hubId": {
"type": "String",
"metadata": {
"description": "The Virtual Wan Hub ID. To get the Hub ID, go to your hub, click on JSON view on the right side, and copy the ID field"
}
},
"tags": {
"defaultValue": {},
"type": "Object"
},
"LicenseType": {
"defaultValue": "Security Enforcement (NGTP)",
"allowedValues": [
"Security Enforcement (NGTP)",
"Full Package (NGTX + S1C)"
],
"type": "String",
"metadata": {
"description": "License type of Check Point CloudGuard"
}
},
"imageVersion": {
"defaultValue": "8120.900631.1433",
"type": "String",
"metadata": {
"description": "The image version that will be used to deploy the solution. To get the image version, make API call to https://management.azure.com/subscriptions/{subscription_id}/providers/Microsoft.Network/networkVirtualApplianceSkus/checkpoint?api-version=2023-05-01"
}
},
"osVersion": {
"defaultValue": "R8120",
"allowedValues": [
"R8110",
"R8120"
],
"type": "String",
"metadata": {
"description": "GAIA OS version"
}
},
"scaleUnit": {
"defaultValue": "2",
"allowedValues": [
"2",
"4",
"10",
"20",
"30",
"40",
"60",
"80"
],
"type": "String",
"metadata": {
"description": "The scale unit size to deploy"
}
},
"bootstrapScript": {
"defaultValue": "",
"type": "String",
"metadata": {
"description": "Bootstrap script"
}
},
"adminShell": {
"defaultValue": "/etc/cli.sh",
"allowedValues": [
"/etc/cli.sh",
"/bin/bash",
"/bin/csh",
"/bin/tcsh"
],
"type": "String",
"metadata": {
"Description": "The default shell for the admin user"
}
},
"sicKey": {
"type": "SecureString",
"metadata": {
"description": "One-time key for Secure Internal Communication"
}
},
"sshPublicKey": {
"type": "SecureString",
"metadata": {
"description": "Paste an OpenSSH public key. You can generate a key pair using SSH-keygen (Linux, OS X, Cygwin) or PuttyGen (Windows)"
}
},
"BGP": {
"defaultValue": "64512",
"type": "String",
"metadata": {
"description": "BGP ASN to peer with Azure Route Service"
}
},
"NVAName": {
"type": "String",
"metadata": {
"description": "NVA name to deploy in the hub"
}
},
"customMetrics": {
"defaultValue": "yes",
"allowedValues": [
"no",
"yes"
],
"type": "String",
"metadata": {
"Description": "Indicates whether Custom Metrics will be used for VMSS Scaling policy and VM monitoring"
}
},
"hubASN": {
"type": "Int",
"metadata": {
"description": "ASN from the Hub. To get the Hub ASN, go to your hub, click the JSON view on the right and copy the virtualRouterAsn field"
}
},
"hubPeers": {
"type": "Array",
"metadata": {
"description": "An array of IP addresses obtained from the Hub object. To get the Hub Peers, go to your hub, click the JSON view on the right and copy the virtualRouterIps field. for example:[\"10.10.32.5\",\"10.10.32.4\"]"
}
},
"smart1CloudTokenA": {
"defaultValue": "",
"type": "SecureString"
},
"smart1CloudTokenB": {
"defaultValue": "",
"type": "SecureString"
},
"smart1CloudTokenC": {
"defaultValue": "",
"type": "SecureString"
},
"smart1CloudTokenD": {
"defaultValue": "",
"type": "SecureString"
},
"smart1CloudTokenE": {
"defaultValue": "",
"type": "SecureString"
},
"applicationResourceName": {
"type": "String"
},
"managedResourceGroupName": {
"type": "String",
"metadata": {
"description": "Managed app resource group Name"
}
}
},
"variables": {
"managedResourceGroupId": "[concat(subscription().id, '/resourceGroups/', parameters('managedResourceGroupName'))]"
},
"resources": [
{
"type": "Microsoft.Solutions/applications",
"apiVersion": "2021-07-01",
"name": "[parameters('applicationResourceName')]",
"location": "[resourceGroup().location]",
"kind": "MarketPlace",
"plan": {
"name": "vwan-app",
"product": "cp-vwan-managed-app",
"publisher": "checkpoint",
"version": "1.0.8"
},
"properties": {
"managedResourceGroupId": "[variables('managedResourceGroupId')]",
"parameters": {
"hubId": {
"value": "[parameters('hubId')]"
},
"tags": {
"value": "[parameters('tags')]"
},
"imageVersion": {
"value": "[parameters('imageVersion')]"
},
"osVersion": {
"value": "[parameters('osVersion')]"
},
"LicenseType": {
"value": "[parameters('LicenseType')]"
},
"scaleUnit": {
"value": "[parameters('scaleUnit')]"
},
"bootstrapScript": {
"value": "[parameters('bootstrapScript')]"
},
"adminShell": {
"value": "[parameters('adminShell')]"
},
"sicKey": {
"value": "[parameters('sicKey')]"
},
"sshPublicKey": {
"value": "[parameters('sshPublicKey')]"
},
"BGP": {
"value": "[parameters('BGP')]"
},
"NVA": {
"value": "[parameters('NVAName')]"
},
"customMetrics": {
"value": "[parameters('customMetrics')]"
},
"location": {
"value": "[resourceGroup().location]"
},
"hubASN": {
"value": "[parameters('hubASN')]"
},
"hubPeers": {
"value": "[parameters('hubPeers')]"
},
"smart1CloudTokenA": {
"value": "[parameters('smart1CloudTokenA')]"
},
"smart1CloudTokenB": {
"value": "[parameters('smart1CloudTokenB')]"
},
"smart1CloudTokenC": {
"value": "[parameters('smart1CloudTokenC')]"
},
"smart1CloudTokenD": {
"value": "[parameters('smart1CloudTokenD')]"
},
"smart1CloudTokenE": {
"value": "[parameters('smart1CloudTokenE')]"
}
}
}
}
]
}

0 comments on commit 567f16c

Please sign in to comment.