Terraform v0.12.29 and AWS Provider version 3.22
Terraform Script for Check Point Cloudguard TGW HA deployment - Recommended for demos or POCs. Assumes you're willing to deploy Mgmt in AWS. Tweak script accordingly should you have on-prem Mgmt. This template creates an AWS TGW environment with:
- 2 spoke VPCs, Spoke 1 Jump instance, Spoke 2 private instance.
- 1 Check Point Mgmt VPC and Mgmt Instance,
- 1 Cloudguard IaaS HA security VPC,
- Relevant VPCs, Subnets RT, TGW attachments,TGW Route Tables
In this example I'm using local credentials file in the provider.tf file. Change path to local credentials file accordingly as well as desired region. It's a best practice not to hardcode your AWS credentials in your script - Other Authentication options for the AWS Provider can be found under the Authentication Section of Terraform AWS Provider Documentation.
It is also assumed that I'm using local backend for state file. Typical Production environment would require remote backend configuration which isn't covered here.
The AWS Provider is downloaded locally as well. Central provider path isn't covered in this example.
- Download the Official Check Point CFTs YAMLs from SK111013 & review accepted values for CFT parameters.
- Update the variables.tf
- Run Terraform init
- Terraform plan
- Terraform apply
-
Once Terraform template deployment is completed, follow steps from page 24/34 to configure the cluster object in Smart Console & Security Policy