Terraform GCP | Added single GW into new vpc template

terraform/gcp/single-into-existing-vpc/README.md

@@ -140,7 +140,7 @@ network_enableSctp= false
 network_sctpSourceRanges= [""]
 network_enableEsp= false
 network_espSourceRanges= [""]
-numAdditionalNICs= 0
+numAdditionalNICs= 1
 externalIP= "static"
 internal_network1_network= [""]
 internal_network1_subnetwork  = [""]

terraform/gcp/single-into-existing-vpc/main.tf

@@ -214,5 +214,5 @@ resource "google_compute_instance" "gateway" {
   })
 }
 resource "google_compute_address" "static" {
-  name = "ipv4-address"
+  name = "ipv4-address-${random_string.random_string.result}"
 }

terraform/gcp/single-into-existing-vpc/terraform.tfvars

@@ -34,7 +34,7 @@ network_enableSctp                          = "PLEASE ENTER NETWORK ENABLE SCTP"
 network_sctpSourceRanges                    = "PLEASE ENTER NETWORK SCTP SOURCE RANGES"                                 # [""]
 network_enableEsp                           = "PLEASE ENTER NETWORK ENABLE ESP"                                         # false
 network_espSourceRanges                     = "PLEASE ENTER NETWORK ESP SOURCE RANGES"                                  # [""]
-numAdditionalNICs                           = "PLEASE ENTER NUM ADDITIONAL NICS"                                        # 0
+numAdditionalNICs                           = "PLEASE ENTER NUM ADDITIONAL NICS"                                        # 1
 externalIP                                  = "PLEASE ENTER EXTERNAL IP"                                                # "static"
 internal_network1_network                   = "PLEASE ENTER INTERNAL_NETWORK1_NETWORK"                                  # [""]
 internal_network1_subnetwork                = "PLEASE ENTER INTERNAL_NETWORK1_SUBNETWORK"                               # [""]

terraform/gcp/single-into-existing-vpc/variables.tf

@@ -15,7 +15,7 @@ variable "zone" {
 }
 variable "image_name" {
   type = string
-  description = "The single gateway and management image name"
+  description = "The single gateway and management image name.  You can choose the desired image value from: https://github.com/CheckPointSW/CloudGuardIaaS/blob/master/gcp/deployment-packages/single-byol/images.py"
 }
 variable "installationType" {
   type = string

terraform/gcp/single-into-new-vpc/main.tf

@@ -0,0 +1,90 @@
+provider "google" {
+  credentials = file(var.service_account_path)
+  project     = var.project
+  region      = var.region
+}
+
+resource "random_string" "random_string" {
+  length = 5
+  special = false
+  upper = false
+  keepers = {}
+}
+
+resource "google_compute_network" "network" {
+  name = "${var.prefix}-network-${random_string.random_string.result}"
+  auto_create_subnetworks = false
+}
+
+resource "google_compute_subnetwork" "subnetwork" {
+  name = "${var.prefix}-subnetwork-${random_string.random_string.result}"
+  ip_cidr_range = var.subnetwork_cidr
+  private_ip_google_access = true
+  region = var.region
+  network = google_compute_network.network.id
+}
+
+resource "google_compute_network" "internal_network" {
+  name = "${var.prefix}-internal-network-${random_string.random_string.result}"
+  auto_create_subnetworks = false
+}
+
+resource "google_compute_subnetwork" "internal_subnetwork" {
+  name = "${var.prefix}-internal-subnetwork-${random_string.random_string.result}"
+  ip_cidr_range = var.internal_subnetwork_cidr
+  private_ip_google_access = true
+  region = var.region
+  network = google_compute_network.internal_network.id
+}
+
+
+module "single-into-existing-vpc" {
+  source = "../single-into-existing-vpc"
+
+  service_account_path = var.service_account_path
+  project = var.project
+
+
+  # --- Check Point Deployment---
+  image_name = var.image_name
+  installationType = var.installationType
+  license = var.license
+  prefix = var.prefix
+  management_nic = var.management_nic
+  admin_shell = var.admin_shell
+  admin_SSH_key = var.admin_SSH_key
+  generatePassword = var.generatePassword
+  allowUploadDownload = var.allowUploadDownload
+  sicKey = var.sicKey
+  managementGUIClientNetwork = var.managementGUIClientNetwork
+
+  # --- Quick connect to Smart-1 Cloud ---
+  smart_1_cloud_token = var.smart_1_cloud_token
+
+  # --- Networking ---
+  zone = var.zone
+  network = [google_compute_network.network.name]
+  subnetwork = [google_compute_subnetwork.subnetwork.name]
+  network_enableTcp = var.network_enableTcp
+  network_tcpSourceRanges = var.network_tcpSourceRanges
+  network_enableGwNetwork = var.network_enableGwNetwork
+  network_gwNetworkSourceRanges = var.network_gwNetworkSourceRanges
+  network_enableIcmp = var.network_enableIcmp
+  network_icmpSourceRanges = var.network_icmpSourceRanges
+  network_enableUdp = var.network_enableUdp
+  network_udpSourceRanges = var.network_udpSourceRanges
+  network_enableSctp = var.network_enableSctp
+  network_sctpSourceRanges = var.network_sctpSourceRanges
+  network_enableEsp = var.network_enableEsp
+  network_espSourceRanges = var.network_espSourceRanges
+  numAdditionalNICs = var.numAdditionalNICs
+  externalIP = var.externalIP
+  internal_network1_network = [google_compute_network.internal_network.name]
+  internal_network1_subnetwork = [google_compute_subnetwork.internal_subnetwork.name]
+
+  # --- Instances configuration---
+  machine_type = var.machine_type
+  diskType = var.diskType
+  bootDiskSizeGb = var.bootDiskSizeGb
+  enableMonitoring = var.enableMonitoring
+}

terraform/gcp/single-into-new-vpc/output.tf

@@ -0,0 +1,30 @@
+output "network" {
+  value = google_compute_network.network.name
+}
+output "subnetwork" {
+  value = google_compute_subnetwork.subnetwork.name
+}
+output "internal_network" {
+  value = google_compute_network.internal_network.name
+}
+output "internal_subnetwork" {
+  value = google_compute_subnetwork.internal_subnetwork.name
+}
+output "SIC_key" {
+  value = module.single-into-existing-vpc.SIC_key
+}
+output "ICMP_firewall_rules_name" {
+  value = module.single-into-existing-vpc.ICMP_firewall_rules_name
+}
+output "TCP_firewall_rules_name" {
+  value = module.single-into-existing-vpc.TCP_firewall_rules_name
+}
+output "UDP_firewall_rules_name" {
+  value = module.single-into-existing-vpc.UDP_firewall_rules_name
+}
+output "SCTP_firewall_rules_name" {
+  value = module.single-into-existing-vpc.SCTP_firewall_rules_name
+}
+output "ESP_firewall_rules_name" {
+  value = module.single-into-existing-vpc.ESP_firewall_rules_name
+}

terraform/gcp/single-into-new-vpc/terraform.tfvars

@@ -0,0 +1,45 @@
+# --- Google Provider ---
+service_account_path                        = "PLEASE ENTER SERVICE_ACCOUNT_PATH"                                       # "service-accounts/service-account-file-name.json"
+project                                     = "PLEASE ENTER PROJECT ID"                                                 # "project-id"
+
+# --- Check Point Deployment---
+image_name                                  = "PLEASE ENTER IMAGE_NAME"                                                 # "check-point-r8120-gw-byol-single-631-991001335-v20230622"
+installationType                            = "PLEASE ENTER INSTALLATION TYPE"                                          # "Gateway only"
+license                                     = "PLEASE ENTER LICENSE"                                                    # "BYOL"
+prefix                                      = "PLEASE ENTER PREFIX"                                                     # "chkp-single-tf-"
+management_nic                              = "PLEASE ENTER MANAGEMENT_NIC"                                             # "Ephemeral Public IP (eth0)"
+admin_shell                                 = "PLEASE ENTER ADMIN_SHELL"                                                # "/etc/cli.sh"
+admin_SSH_key                               = "PLEASE ENTER ADMIN_SSH_KEY"                                              # "ssh-rsa xxxxxxxxxxxxxxxxxxxxxxxx imported-openssh-key"
+generatePassword                            = "PLEASE ENTER GENERATE PASSWORD"                                          # false
+allowUploadDownload                         = "PLEASE ENTER ALLOW UPLOAD DOWNLOAD"                                      # false
+sicKey                                      = "PLEASE ENTER SIC KEY"                                                    # ""
+managementGUIClientNetwork                  = "PLEASE ENTER MANAGEMENT GUI CLIENT NETWORK"                              # "0.0.0.0/0"
+
+# --- Quick connect to Smart-1 Cloud ---
+smart_1_cloud_token                         = "PASTE TOKEN FROM SMART-1 CLOUD PORTAL"                                   # ""
+
+# --- Networking---
+region                                      = "PLEASE ENTER REGION"                                                     # "us-central1"
+zone                                        = "PLEASE ENTER ZONE"                                                       # "us-central1-a"
+subnetwork_cidr                             = "PLEASE ENTER SUBNETWORK CIDR"                                            # "10.0.1.0/24"
+network_enableTcp                           = "PLEASE ENTER NETWORK ENABLE TCP"                                         # false
+network_tcpSourceRanges                     = "PLEASE ENTER NETWORK TCP SOURCE RANGES"                                  # []
+network_enableGwNetwork                     = "PLEASE ENTER NETWORK ENABLE GW NETWORK"                                  # false
+network_gwNetworkSourceRanges               = "PLEASE ENTER NETWORK GW NETWORK SOURCE RANGES"                           # []
+network_enableIcmp                          = "PLEASE ENTER NETWORK ENABLE ICMP"                                        # false
+network_icmpSourceRanges                    = "PLEASE ENTER NETWORK ICMP SOURCE RANGES"                                 # []
+network_enableUdp                           = "PLEASE ENTER NETWORK ENABLE UDP"                                         #  false
+network_udpSourceRanges                     = "PLEASE ENTER NETWORK UDP SOURCE RANGES"                                  # []
+network_enableSctp                          = "PLEASE ENTER NETWORK ENABLE SCTP"                                        # false
+network_sctpSourceRanges                    = "PLEASE ENTER NETWORK SCTP SOURCE RANGES"                                 # []
+network_enableEsp                           = "PLEASE ENTER NETWORK ENABLE ESP"                                         # false
+network_espSourceRanges                     = "PLEASE ENTER NETWORK ESP SOURCE RANGES"                                  # []
+numAdditionalNICs                           = "PLEASE ENTER NUM ADDITIONAL NICS"                                        # 1
+externalIP                                  = "PLEASE ENTER EXTERNAL IP"                                                # "static"
+internal_subnetwork_cidr                    = "PLEASE ENTER INTERNAL SUBNETWORK CIDR"                                   # "10.0.2.0/24"
+
+# --- Instances configuration---
+machine_type                                = "PLEASE ENTER MACHINE_TYPE"                                               # "n1-standard-4"
+diskType                                    = "PLEASE ENTER DISK TYPE"                                                  # "SSD Persistent Disk"
+bootDiskSizeGb                              = "PLEASE ENTER BOOT DISK SIZE GB"                                          # 100
+enableMonitoring                            = "PLEASE ENTER ENABLE MONITORING"                                          # false