From 57c0ad4078681a3b5fa2e37d44425ab10e0e4093 Mon Sep 17 00:00:00 2001 From: natanelm Date: Thu, 24 Jul 2025 19:31:49 +0000 Subject: [PATCH 1/6] VWAN | Updated licenses types --- modules/nva_into_existing_hub/README.md | 4 ++-- modules/nva_into_existing_hub/main.tf | 2 +- modules/nva_into_existing_hub/variables.tf | 4 ++-- modules/nva_into_new_vwan/README.md | 4 ++-- modules/nva_into_new_vwan/main.tf | 2 +- modules/nva_into_new_vwan/variables.tf | 4 ++-- 6 files changed, 10 insertions(+), 10 deletions(-) diff --git a/modules/nva_into_existing_hub/README.md b/modules/nva_into_existing_hub/README.md index 4087bf4..851d3df 100755 --- a/modules/nva_into_existing_hub/README.md +++ b/modules/nva_into_existing_hub/README.md @@ -76,8 +76,8 @@ module "example_module" { | **managed-app-name** | The name of the managed application that will be created | string | The name must begin with a letter or number, end with a letter, number or underscore, and may contain only letters, numbers, underscores, periods, or hyphens.
**Default:** "tf-vwan-managed-app-nva" | | **nva-name** | The name of the NVA that will be created | string | The name must begin with a letter or number, end with a letter, number or underscore, and may contain only letters, numbers, underscores, periods, or hyphens.
**Default:** "tf-vwan-nva" | | **nva-rg-name** | The name of the resource group that will contain the NVA | string | Resource group names only allow alphanumeric characters, periods, underscores, hyphens and parenthesis and cannot end in a period.
**Default:** "tf-vwan-nva-rg" | -| **os-version** | The GAIA os version | string | "R8110";
"R8120";
"R82".
**Default:** "R8120" | -| **license-type** | The Check Point licence type | string | "Security Enforcement (NGTP)";
"Full Package (NGTX + S1C)";
"Full Package Premium (NGTX + S1C++)".
**Default:** "Security Enforcement (NGTP)" | +| **os-version** | The GAIA os version | string | "R8110";
"R8120";
"R82";
**Default:** "R8120" | +| **license-type** | The Check Point licence type | string | "Security Enforcement (NGTP)";
"Full Package (NGTX and Smart1-Cloud)";
"Full Package Premium (NGTX and Smart1-Cloud Premium)".
**Default:** "Security Enforcement (NGTP)" | | **scale-unit** | The scale unit determines the size and number of resources deployed. The higher the scale unit, the greater the amount of traffic that can be handled | string | "2";
"4";
"10";
"20";
"30";
"60";
"80".
**Default:** "2" | | **bootstrap_script** | An optional script to run on the initial boot | string | Bootstrap script example:
"touch /home/admin/bootstrap.txt; echo 'hello_world' > /home/admin/bootstrap.txt".
The script will create bootstrap.txt file in the /home/admin/ and add 'hello word' string into it.
**Default:** "" | | **admin_shell** | Enables to select different admin shells | string | /etc/cli.sh;
/bin/bash;
/bin/csh;
/bin/tcsh.
**Default:** "/etc/cli.sh" | diff --git a/modules/nva_into_existing_hub/main.tf b/modules/nva_into_existing_hub/main.tf index 0d95a50..c0a8dfb 100755 --- a/modules/nva_into_existing_hub/main.tf +++ b/modules/nva_into_existing_hub/main.tf @@ -32,7 +32,7 @@ locals { data "http" "image-versions" { method = "GET" - url = "https://management.azure.com/subscriptions/${var.subscription_id}/providers/Microsoft.Network/networkVirtualApplianceSKUs/checkpoint${var.license-type == "Full Package (NGTX + S1C)" ? "-ngtx" : var.license-type == "Full Package Premium (NGTX + S1C++)" ? "-premium" : ""}?api-version=2020-05-01" + url = "https://management.azure.com/subscriptions/${var.subscription_id}/providers/Microsoft.Network/networkVirtualApplianceSKUs/checkpoint${var.license-type == "Full Package (NGTX and Smart1-Cloud)" ? "-ngtx" : var.license-type == "Full Package Premium (NGTX and Smart1-Cloud Premium)" ? "-premium" : ""}?api-version=2020-05-01" request_headers = { Accept = "application/json" "Authorization" = "Bearer ${local.access_token}" diff --git a/modules/nva_into_existing_hub/variables.tf b/modules/nva_into_existing_hub/variables.tf index 968e2f1..9cd334b 100755 --- a/modules/nva_into_existing_hub/variables.tf +++ b/modules/nva_into_existing_hub/variables.tf @@ -74,8 +74,8 @@ variable "license-type" { type = string default = "Security Enforcement (NGTP)" validation { - condition = contains(["Security Enforcement (NGTP)", "Full Package (NGTX + S1C)", "Full Package Premium (NGTX + S1C++)"], var.license-type) - error_message = "Allowed values for License Type are 'Security Enforcement (NGTP)', 'Full Package (NGTX + S1C)', 'Full Package Premium (NGTX + S1C++)'" + condition = contains(["Security Enforcement (NGTP)", "Full Package (NGTX and Smart1-Cloud)", "Full Package Premium (NGTX and Smart1-Cloud Premium)"], var.license-type) + error_message = "Allowed values for License Type are 'Security Enforcement (NGTP)', 'Full Package (NGTX and Smart1-Cloud)', 'Full Package Premium (NGTX and Smart1-Cloud Premium)'" } } diff --git a/modules/nva_into_new_vwan/README.md b/modules/nva_into_new_vwan/README.md index a4ac6ad..0c85292 100755 --- a/modules/nva_into_new_vwan/README.md +++ b/modules/nva_into_new_vwan/README.md @@ -82,8 +82,8 @@ module "example_module" { | **managed-app-name** | The name of the managed application that will be created | string | The name must begin with a letter or number, end with a letter, number or underscore, and may contain only letters, numbers, underscores, periods, or hyphens.
**Default:** tf-vwan-managed-app | | **nva-name** | The name of the NVA that will be created | string | The name must begin with a letter or number, end with a letter, number or underscore, and may contain only letters, numbers, underscores, periods, or hyphens.
**Default:** tf-vwan-nva | | **nva-rg-name** | The name of the resource group that will contain the NVA | string | Resource group names only allow alphanumeric characters, periods, underscores, hyphens and parenthesis and cannot end in a period.
**Default:** tf-vwan-nva-rg | -| **os-version** | The GAIA os version | string | "R8110";
"R8120";
"R82".
**Default:** "R8120" | -| **license-type** | The Check Point licence type | string | "Security Enforcement (NGTP)";
"Full Package (NGTX + S1C)";
"Full Package Premium (NGTX + S1C++)".
**Default:** "Security Enforcement (NGTP)" | +| **os-version** | The GAIA os version | string | "R8110";
"R8120";
"R82";
**Default:** "R8120" | +| **license-type** | The Check Point licence type | string | "Security Enforcement (NGTP)";
"Full Package (NGTX and Smart1-Cloud)";
"Full Package Premium (NGTX and Smart1-Cloud Premium)".
**Default:** "Security Enforcement (NGTP)" | | **scale-unit** | The scale unit determines the size and number of resources deployed. The higher the scale unit, the greater the amount of traffic that can be handled | string | "2";
"4";
"10";
"20";
"30";
"60";
"80".
**Default:** "2" | | **bootstrap_script** | An optional script to run on the initial boot | string | Bootstrap script example:
"touch /home/admin/bootstrap.txt; echo 'hello_world' > /home/admin/bootstrap.txt".
The script will create bootstrap.txt file in the /home/admin/ and add 'hello word' string into it.
**Default:** "" | | **admin_shell** | Enables to select different admin shells | string | /etc/cli.sh;
/bin/bash;
/bin/csh;
/bin/tcsh.
**Default:** "/etc/cli.sh" | diff --git a/modules/nva_into_new_vwan/main.tf b/modules/nva_into_new_vwan/main.tf index 968ae6b..d148e18 100755 --- a/modules/nva_into_new_vwan/main.tf +++ b/modules/nva_into_new_vwan/main.tf @@ -41,7 +41,7 @@ locals { data "http" "image-versions" { method = "GET" - url = "https://management.azure.com/subscriptions/${var.subscription_id}/providers/Microsoft.Network/networkVirtualApplianceSKUs/checkpoint${var.license-type == "Full Package (NGTX + S1C)" ? "-ngtx" : var.license-type == "Full Package Premium (NGTX + S1C++)" ? "-premium" : ""}?api-version=2020-05-01" + url = "https://management.azure.com/subscriptions/${var.subscription_id}/providers/Microsoft.Network/networkVirtualApplianceSKUs/checkpoint${var.license-type == "Full Package (NGTX and Smart1-Cloud)" ? "-ngtx" : var.license-type == "Full Package Premium (NGTX and Smart1-Cloud Premium)" ? "-premium" : ""}?api-version=2020-05-01" request_headers = { Accept = "application/json" "Authorization" = "Bearer ${local.access_token}" diff --git a/modules/nva_into_new_vwan/variables.tf b/modules/nva_into_new_vwan/variables.tf index b82996b..d2dca04 100755 --- a/modules/nva_into_new_vwan/variables.tf +++ b/modules/nva_into_new_vwan/variables.tf @@ -85,8 +85,8 @@ variable "license-type" { type = string default = "Security Enforcement (NGTP)" validation { - condition = contains(["Security Enforcement (NGTP)", "Full Package (NGTX + S1C)", "Full Package Premium (NGTX + S1C++)"], var.license-type) - error_message = "Allowed values for License Type are 'Security Enforcement (NGTP)', 'Full Package (NGTX + S1C)', 'Full Package Premium (NGTX + S1C++)'" + condition = contains(["Security Enforcement (NGTP)", "Full Package (NGTX and Smart1-Cloud)", "Full Package Premium (NGTX and Smart1-Cloud Premium)"], var.license-type) + error_message = "Allowed values for License Type are 'Security Enforcement (NGTP)', 'Full Package (NGTX and Smart1-Cloud)', 'Full Package Premium (NGTX and Smart1-Cloud Premium)'" } } From cf2199955b310727b335ba118234a9fa565794ae Mon Sep 17 00:00:00 2001 From: natanelm Date: Wed, 6 Aug 2025 13:25:24 +0000 Subject: [PATCH 2/6] VMSS | Resolved Conflict with Minimum Instances Configuration --- modules/vmss_existing_vnet/README.md | 2 ++ modules/vmss_existing_vnet/locals.tf | 16 ++++++++++++++++ modules/vmss_existing_vnet/main.tf | 4 ++-- modules/vmss_new_vnet/README.md | 6 ++++-- modules/vmss_new_vnet/locals.tf | 16 ++++++++++++++++ modules/vmss_new_vnet/main.tf | 4 ++-- 6 files changed, 42 insertions(+), 6 deletions(-) diff --git a/modules/vmss_existing_vnet/README.md b/modules/vmss_existing_vnet/README.md index ec3a871..6ea6307 100755 --- a/modules/vmss_existing_vnet/README.md +++ b/modules/vmss_existing_vnet/README.md @@ -49,6 +49,7 @@ module "example_module" { availability_zones_num = "1" minimum_number_of_vm_instances = 2 maximum_number_of_vm_instances = 10 + number_of_vm_instances = 2 management_name = "mgmt" management_IP = "13.92.42.181" management_interface = "eth1-private" @@ -108,6 +109,7 @@ module "example_module" { | **availability_zones_num** | A list of a single item of the Availability Zone which the Virtual Machine should be allocated in | string | "centralus", "eastus2", "francecentral", "northeurope", "southeastasia", "westeurope", "westus2", "eastus", "uksouth". | | **minimum_number_of_vm_instances** | The minimum number of VMSS instances for this resource | number | Valid values are in the range 0 - 10. | | **maximum_number_of_vm_instances** | The maximum number of VMSS instances for this resource | number | Valid values are in the range 0 - 10. | +| **number_of_vm_instances** | The default number of VMSS instances to deploy. | number | The number of VMSS instances must not be less then `minimum_number_of_vm_instances`. If the number of VMSS is greater then the `maximum_number_of_vm_instances` use the maximum number as default.
**Default**: 2; | | **management_name** | The name of the management server as it appears in the configuration file | string | Field cannot be empty. Only alphanumeric characters or '_'/'-' are allowed, and the name must be 1-30 characters long. | | **management_IP** | The IP address used to manage the VMSS instances | string | A valid IP address. | | **management_interface** | Management option for the Gateways in the VMSS | string | "eth0-public" - Manages the GWs using their external NIC's public IP address;
"eth0-private" - Manages the GWs using their external NIC's private IP address;
"eth1-private" - Manages the GWs using their internal NIC's private IP address.
**Default:** "eth1-private" | diff --git a/modules/vmss_existing_vnet/locals.tf b/modules/vmss_existing_vnet/locals.tf index f391758..302d292 100755 --- a/modules/vmss_existing_vnet/locals.tf +++ b/modules/vmss_existing_vnet/locals.tf @@ -1,4 +1,20 @@ locals { module_name = "vmss_terraform_registry" module_version = "1.0.5" + + // Validate that the minimum number of VM instances is at least 0. + // If not, return an error message. + validate_number_of_vm_instances_range = var.minimum_number_of_vm_instances >= 0 && var.maximum_number_of_vm_instances >= 0 ? 0 : index("error: The minimum and maximum number of VM instances must be at least 0.") + + // Validate that the maximum number of VM instances is greater than or equal to the minimum number of VM instances. + // If not, return an error message. + validate_maximum_number_of_vm_instances = var.maximum_number_of_vm_instances >= var.minimum_number_of_vm_instances ? 0 : index("error: The maximum number of VM instances must be greater than or equal to the minimum number of VM instances.") + + // The number of VM instances should not exceed the maximum allowed. + // If the provided number of instances exceeds the maximum, use the maximum instead. + number_of_vm_instances = var.maximum_number_of_vm_instances >= var.number_of_vm_instances ? var.number_of_vm_instances : var.maximum_number_of_vm_instances + + // Validate the number of VM instances against the minimum requirement. + // If the number of instances is less than the minimum, return an error message. + validate_number_of_vm_instances = local.number_of_vm_instances >= var.minimum_number_of_vm_instances? 0 : index("error: The number of VM instances must be at least ${var.minimum_number_of_vm_instances}.") } diff --git a/modules/vmss_existing_vnet/main.tf b/modules/vmss_existing_vnet/main.tf index 548b8bc..4a7352f 100755 --- a/modules/vmss_existing_vnet/main.tf +++ b/modules/vmss_existing_vnet/main.tf @@ -7,7 +7,7 @@ module "common" { installation_type = var.installation_type module_name = local.module_name module_version = local.module_version - number_of_vm_instances = var.number_of_vm_instances + number_of_vm_instances = local.number_of_vm_instances allow_upload_download = var.allow_upload_download vm_size = var.vm_size disk_size = var.disk_size @@ -217,7 +217,7 @@ resource "azurerm_linux_virtual_machine_scale_set" "vmss" { resource_group_name = module.common.resource_group_name sku = module.common.vm_size zones = local.availability_zones_num_condition - instances = var.number_of_vm_instances + instances = local.number_of_vm_instances overprovision = false dynamic "identity" { diff --git a/modules/vmss_new_vnet/README.md b/modules/vmss_new_vnet/README.md index 35a8320..578a95f 100755 --- a/modules/vmss_new_vnet/README.md +++ b/modules/vmss_new_vnet/README.md @@ -53,6 +53,7 @@ module "example_module" { availability_zones_num = "1" minimum_number_of_vm_instances = 2 maximum_number_of_vm_instances = 10 + number_of_vm_instances = 2 management_name = "mgmt" management_IP = "13.92.42.181" management_interface = "eth1-private" @@ -105,8 +106,9 @@ module "example_module" { | **allow_upload_download** | Automatically download Blade Contracts and other important data. Improve product experience by sending data to Check Point | boolean | true;
false;
| | **authentication_type** | Specifies whether a password authentication or SSH Public Key authentication should be used | string | "Password";
"SSH Public Key";
| | **availability_zones_num** | A list of a single item of the Availability Zone where the Virtual Machine should be allocated | string | "centralus", "eastus2", "francecentral", "northeurope", "southeastasia", "westeurope", "westus2", "eastus", "uksouth"
| -| **minimum_number_of_vm_instances** | The minimum number of VMSS instances for this resource | number | Valid values are in the range 0 - 10
| -| **maximum_number_of_vm_instances** | The maximum number of VMSS instances for this resource | number | Valid values are in the range 0 - 10
| +| **minimum_number_of_vm_instances** | The minimum number of VMSS instances for this resource. | number | Valid values are in the range 0 - 10
| +| **maximum_number_of_vm_instances** | The maximum number of VMSS instances for this resource. | number | Valid values are in the range 0 - 10
| +| **number_of_vm_instances** | The default number of VMSS instances to deploy. | number | The number of VMSS instances must not be less then `minimum_number_of_vm_instances`. If the number of VMSS is greater then the `maximum_number_of_vm_instances` use the maximum number by default.
**Default**: 2; | | **management_name** | The name of the management server as it appears in the configuration file | string | Field cannot be empty. Only alphanumeric characters or '_'/'-' are allowed, and the name must be 1-30 characters long
| | **management_IP** | The IP address used to manage the VMSS instances | string | A valid IP address
| | **management_interface** | Management option for the Gateways in the VMSS | string | "eth0-public" - Manages the GWs using their external NIC's public IP address;
"eth0-private" - Manages the GWs using their external NIC's private IP address;
"eth1-private" - Manages the GWs using their internal NIC's private IP address;
**Default:** "eth1-private" | diff --git a/modules/vmss_new_vnet/locals.tf b/modules/vmss_new_vnet/locals.tf index f391758..302d292 100755 --- a/modules/vmss_new_vnet/locals.tf +++ b/modules/vmss_new_vnet/locals.tf @@ -1,4 +1,20 @@ locals { module_name = "vmss_terraform_registry" module_version = "1.0.5" + + // Validate that the minimum number of VM instances is at least 0. + // If not, return an error message. + validate_number_of_vm_instances_range = var.minimum_number_of_vm_instances >= 0 && var.maximum_number_of_vm_instances >= 0 ? 0 : index("error: The minimum and maximum number of VM instances must be at least 0.") + + // Validate that the maximum number of VM instances is greater than or equal to the minimum number of VM instances. + // If not, return an error message. + validate_maximum_number_of_vm_instances = var.maximum_number_of_vm_instances >= var.minimum_number_of_vm_instances ? 0 : index("error: The maximum number of VM instances must be greater than or equal to the minimum number of VM instances.") + + // The number of VM instances should not exceed the maximum allowed. + // If the provided number of instances exceeds the maximum, use the maximum instead. + number_of_vm_instances = var.maximum_number_of_vm_instances >= var.number_of_vm_instances ? var.number_of_vm_instances : var.maximum_number_of_vm_instances + + // Validate the number of VM instances against the minimum requirement. + // If the number of instances is less than the minimum, return an error message. + validate_number_of_vm_instances = local.number_of_vm_instances >= var.minimum_number_of_vm_instances? 0 : index("error: The number of VM instances must be at least ${var.minimum_number_of_vm_instances}.") } diff --git a/modules/vmss_new_vnet/main.tf b/modules/vmss_new_vnet/main.tf index 559c27a..d365acc 100755 --- a/modules/vmss_new_vnet/main.tf +++ b/modules/vmss_new_vnet/main.tf @@ -7,7 +7,7 @@ module "common" { installation_type = var.installation_type module_name = local.module_name module_version = local.module_version - number_of_vm_instances = var.number_of_vm_instances + number_of_vm_instances = local.number_of_vm_instances allow_upload_download = var.allow_upload_download vm_size = var.vm_size disk_size = var.disk_size @@ -213,7 +213,7 @@ resource "azurerm_linux_virtual_machine_scale_set" "vmss" { resource_group_name = module.common.resource_group_name sku = module.common.vm_size zones = local.availability_zones_num_condition - instances = var.number_of_vm_instances + instances = local.number_of_vm_instances overprovision = false dynamic "identity" { From 4d1f55ce4efe1eea4291c5cb8befb049664efa10 Mon Sep 17 00:00:00 2001 From: itaysu Date: Tue, 19 Aug 2025 15:03:22 +0000 Subject: [PATCH 3/6] Updated default OS versions to R82 --- modules/high_availability_existing_vnet/README.md | 4 ++-- modules/high_availability_new_vnet/README.md | 4 ++-- modules/management_existing_vnet/README.md | 4 ++-- modules/management_new_vnet/README.md | 4 ++-- modules/mds_existing_vnet/README.md | 4 ++-- modules/mds_new_vnet/README.md | 4 ++-- modules/nva_into_existing_hub/README.md | 4 ++-- modules/nva_into_existing_hub/variables.tf | 2 +- modules/nva_into_new_vwan/README.md | 4 ++-- modules/nva_into_new_vwan/variables.tf | 2 +- modules/single_gateway_existing_vnet/README.md | 4 ++-- modules/single_gateway_new_vnet/README.md | 4 ++-- modules/vmss_existing_vnet/README.md | 4 ++-- modules/vmss_new_vnet/README.md | 4 ++-- 14 files changed, 26 insertions(+), 26 deletions(-) diff --git a/modules/high_availability_existing_vnet/README.md b/modules/high_availability_existing_vnet/README.md index 2d28c10..1af448f 100755 --- a/modules/high_availability_existing_vnet/README.md +++ b/modules/high_availability_existing_vnet/README.md @@ -43,8 +43,8 @@ module "example_module" { vm_size = "Standard_D3_v2" disk_size = "110" vm_os_sku = "sg-byol" - vm_os_offer = "check-point-cg-r8110" - os_version = "R8110" + vm_os_offer = "check-point-cg-r82" + os_version = "R82" bootstrap_script = "touch /home/admin/bootstrap.txt; echo 'hello_world' > /home/admin/bootstrap.txt" allow_upload_download = true authentication_type = "Password" diff --git a/modules/high_availability_new_vnet/README.md b/modules/high_availability_new_vnet/README.md index c86384d..55f448d 100755 --- a/modules/high_availability_new_vnet/README.md +++ b/modules/high_availability_new_vnet/README.md @@ -46,8 +46,8 @@ module "example_module" { vm_size = "Standard_D3_v2" disk_size = "110" vm_os_sku = "sg-byol" - vm_os_offer = "check-point-cg-r8110" - os_version = "R8110" + vm_os_offer = "check-point-cg-r82" + os_version = "R82" bootstrap_script = "touch /home/admin/bootstrap.txt; echo 'hello_world' > /home/admin/bootstrap.txt" allow_upload_download = true authentication_type = "Password" diff --git a/modules/management_existing_vnet/README.md b/modules/management_existing_vnet/README.md index 54cd60c..758bc3e 100755 --- a/modules/management_existing_vnet/README.md +++ b/modules/management_existing_vnet/README.md @@ -40,8 +40,8 @@ module "example_module" { vm_size = "Standard_D3_v2" disk_size = "110" vm_os_sku = "mgmt-byol" - vm_os_offer = "check-point-cg-r8110" - os_version = "R8110" + vm_os_offer = "check-point-cg-r82" + os_version = "R82" bootstrap_script = "touch /home/admin/bootstrap.txt; echo 'hello_world' > /home/admin/bootstrap.txt" allow_upload_download = true authentication_type = "Password" diff --git a/modules/management_new_vnet/README.md b/modules/management_new_vnet/README.md index 7cd33e5..3572e5b 100755 --- a/modules/management_new_vnet/README.md +++ b/modules/management_new_vnet/README.md @@ -41,8 +41,8 @@ module "example_module" { vm_size = "Standard_D3_v2" disk_size = "110" vm_os_sku = "mgmt-byol" - vm_os_offer = "check-point-cg-r8110" - os_version = "R8110" + vm_os_offer = "check-point-cg-r82" + os_version = "R82" bootstrap_script = "touch /home/admin/bootstrap.txt; echo 'hello_world' > /home/admin/bootstrap.txt" allow_upload_download = true authentication_type = "Password" diff --git a/modules/mds_existing_vnet/README.md b/modules/mds_existing_vnet/README.md index c85c8ed..584657c 100755 --- a/modules/mds_existing_vnet/README.md +++ b/modules/mds_existing_vnet/README.md @@ -39,8 +39,8 @@ module "example_module" { vm_size = "Standard_D3_v2" disk_size = "110" vm_os_sku = "mgmt-byol" - vm_os_offer = "check-point-cg-r8110" - os_version = "R8110" + vm_os_offer = "check-point-cg-r82" + os_version = "R82" bootstrap_script = "touch /home/admin/bootstrap.txt; echo 'hello_world' > /home/admin/bootstrap.txt" allow_upload_download = true authentication_type = "Password" diff --git a/modules/mds_new_vnet/README.md b/modules/mds_new_vnet/README.md index 49208b9..c4e00ea 100755 --- a/modules/mds_new_vnet/README.md +++ b/modules/mds_new_vnet/README.md @@ -42,8 +42,8 @@ module "example_module" { vm_size = "Standard_D3_v2" disk_size = "110" vm_os_sku = "mgmt-byol" - vm_os_offer = "check-point-cg-r8110" - os_version = "R8110" + vm_os_offer = "check-point-cg-r82" + os_version = "R82" bootstrap_script = "touch /home/admin/bootstrap.txt; echo 'hello_world' > /home/admin/bootstrap.txt" allow_upload_download = true authentication_type = "Password" diff --git a/modules/nva_into_existing_hub/README.md b/modules/nva_into_existing_hub/README.md index 851d3df..77c26d6 100755 --- a/modules/nva_into_existing_hub/README.md +++ b/modules/nva_into_existing_hub/README.md @@ -36,7 +36,7 @@ module "example_module" { managed-app-name = "tf-vwan-managed-app-nva" nva-rg-name = "tf-vwan-nva-rg" nva-name = "tf-vwan-nva" - os-version = "R8120" + os-version = "R82" license-type = "Security Enforcement (NGTP)" scale-unit = "2" bootstrap-script = "touch /home/admin/bootstrap.txt; echo 'hello_world' > /home/admin/bootstrap.txt" @@ -76,7 +76,7 @@ module "example_module" { | **managed-app-name** | The name of the managed application that will be created | string | The name must begin with a letter or number, end with a letter, number or underscore, and may contain only letters, numbers, underscores, periods, or hyphens.
**Default:** "tf-vwan-managed-app-nva" | | **nva-name** | The name of the NVA that will be created | string | The name must begin with a letter or number, end with a letter, number or underscore, and may contain only letters, numbers, underscores, periods, or hyphens.
**Default:** "tf-vwan-nva" | | **nva-rg-name** | The name of the resource group that will contain the NVA | string | Resource group names only allow alphanumeric characters, periods, underscores, hyphens and parenthesis and cannot end in a period.
**Default:** "tf-vwan-nva-rg" | -| **os-version** | The GAIA os version | string | "R8110";
"R8120";
"R82";
**Default:** "R8120" | +| **os-version** | The GAIA os version | string | "R8110";
"R8120";
"R82";
**Default:** "R82" | | **license-type** | The Check Point licence type | string | "Security Enforcement (NGTP)";
"Full Package (NGTX and Smart1-Cloud)";
"Full Package Premium (NGTX and Smart1-Cloud Premium)".
**Default:** "Security Enforcement (NGTP)" | | **scale-unit** | The scale unit determines the size and number of resources deployed. The higher the scale unit, the greater the amount of traffic that can be handled | string | "2";
"4";
"10";
"20";
"30";
"60";
"80".
**Default:** "2" | | **bootstrap_script** | An optional script to run on the initial boot | string | Bootstrap script example:
"touch /home/admin/bootstrap.txt; echo 'hello_world' > /home/admin/bootstrap.txt".
The script will create bootstrap.txt file in the /home/admin/ and add 'hello word' string into it.
**Default:** "" | diff --git a/modules/nva_into_existing_hub/variables.tf b/modules/nva_into_existing_hub/variables.tf index 9cd334b..cfc1268 100755 --- a/modules/nva_into_existing_hub/variables.tf +++ b/modules/nva_into_existing_hub/variables.tf @@ -63,7 +63,7 @@ variable "nva-name" { variable "os-version" { description = "GAIA OS version" type = string - default = "R8120" + default = "R82" validation { condition = contains(["R8110", "R8120", "R82"], var.os-version) error_message = "Allowed values for os-version are 'R8110', 'R8120', 'R82'" diff --git a/modules/nva_into_new_vwan/README.md b/modules/nva_into_new_vwan/README.md index 0c85292..736aa2a 100755 --- a/modules/nva_into_new_vwan/README.md +++ b/modules/nva_into_new_vwan/README.md @@ -39,7 +39,7 @@ module "example_module" { managed-app-name = "tf-vwan-managed-app-nva" nva-rg-name = "tf-vwan-nva-rg" nva-name = "tf-vwan-nva" - os-version = "R8120" + os-version = "R82" license-type = "Security Enforcement (NGTP)" scale-unit = "2" bootstrap-script = "touch /home/admin/bootstrap.txt; echo 'hello_world' > /home/admin/bootstrap.txt" @@ -82,7 +82,7 @@ module "example_module" { | **managed-app-name** | The name of the managed application that will be created | string | The name must begin with a letter or number, end with a letter, number or underscore, and may contain only letters, numbers, underscores, periods, or hyphens.
**Default:** tf-vwan-managed-app | | **nva-name** | The name of the NVA that will be created | string | The name must begin with a letter or number, end with a letter, number or underscore, and may contain only letters, numbers, underscores, periods, or hyphens.
**Default:** tf-vwan-nva | | **nva-rg-name** | The name of the resource group that will contain the NVA | string | Resource group names only allow alphanumeric characters, periods, underscores, hyphens and parenthesis and cannot end in a period.
**Default:** tf-vwan-nva-rg | -| **os-version** | The GAIA os version | string | "R8110";
"R8120";
"R82";
**Default:** "R8120" | +| **os-version** | The GAIA os version | string | "R8110";
"R8120";
"R82";
**Default:** "R82" | | **license-type** | The Check Point licence type | string | "Security Enforcement (NGTP)";
"Full Package (NGTX and Smart1-Cloud)";
"Full Package Premium (NGTX and Smart1-Cloud Premium)".
**Default:** "Security Enforcement (NGTP)" | | **scale-unit** | The scale unit determines the size and number of resources deployed. The higher the scale unit, the greater the amount of traffic that can be handled | string | "2";
"4";
"10";
"20";
"30";
"60";
"80".
**Default:** "2" | | **bootstrap_script** | An optional script to run on the initial boot | string | Bootstrap script example:
"touch /home/admin/bootstrap.txt; echo 'hello_world' > /home/admin/bootstrap.txt".
The script will create bootstrap.txt file in the /home/admin/ and add 'hello word' string into it.
**Default:** "" | diff --git a/modules/nva_into_new_vwan/variables.tf b/modules/nva_into_new_vwan/variables.tf index d2dca04..2759e3f 100755 --- a/modules/nva_into_new_vwan/variables.tf +++ b/modules/nva_into_new_vwan/variables.tf @@ -74,7 +74,7 @@ variable "nva-name" { variable "os-version" { description = "GAIA OS version" type = string - default = "R8120" + default = "R82" validation { condition = contains(["R8110", "R8120", "R82"], var.os-version) error_message = "Allowed values for os-version are 'R8110', 'R8120', 'R82'" diff --git a/modules/single_gateway_existing_vnet/README.md b/modules/single_gateway_existing_vnet/README.md index 88b03ba..c7c3f99 100755 --- a/modules/single_gateway_existing_vnet/README.md +++ b/modules/single_gateway_existing_vnet/README.md @@ -42,8 +42,8 @@ module "example_module" { vm_size = "Standard_D3_v2" disk_size = "110" vm_os_sku = "sg-byol" - vm_os_offer = "check-point-cg-r8110" - os_version = "R8110" + vm_os_offer = "check-point-cg-r82" + os_version = "R82" bootstrap_script = "touch /home/admin/bootstrap.txt; echo 'hello_world' > /home/admin/bootstrap.txt" allow_upload_download = true authentication_type = "Password" diff --git a/modules/single_gateway_new_vnet/README.md b/modules/single_gateway_new_vnet/README.md index 8a9ad92..bca04fd 100755 --- a/modules/single_gateway_new_vnet/README.md +++ b/modules/single_gateway_new_vnet/README.md @@ -42,8 +42,8 @@ module "example_module" { vm_size = "Standard_D3_v2" disk_size = "110" vm_os_sku = "sg-byol" - vm_os_offer = "check-point-cg-r8110" - os_version = "R8110" + vm_os_offer = "check-point-cg-r82" + os_version = "R82" bootstrap_script = "touch /home/admin/bootstrap.txt; echo 'hello_world' > /home/admin/bootstrap.txt" allow_upload_download = true authentication_type = "Password" diff --git a/modules/vmss_existing_vnet/README.md b/modules/vmss_existing_vnet/README.md index 6ea6307..a12b1b2 100755 --- a/modules/vmss_existing_vnet/README.md +++ b/modules/vmss_existing_vnet/README.md @@ -41,8 +41,8 @@ module "example_module" { vm_size = "Standard_D3_v2" disk_size = "100" vm_os_sku = "sg-byol" - vm_os_offer = "check-point-cg-r8110" - os_version = "R8110" + vm_os_offer = "check-point-cg-r82" + os_version = "R82" bootstrap_script = "touch /home/admin/bootstrap.txt; echo 'hello_world' > /home/admin/bootstrap.txt" allow_upload_download = true authentication_type = "Password" diff --git a/modules/vmss_new_vnet/README.md b/modules/vmss_new_vnet/README.md index 578a95f..09a2cf7 100755 --- a/modules/vmss_new_vnet/README.md +++ b/modules/vmss_new_vnet/README.md @@ -45,8 +45,8 @@ module "example_module" { vm_size = "Standard_D3_v2" disk_size = "100" vm_os_sku = "sg-byol" - vm_os_offer = "check-point-cg-r8110" - os_version = "R8110" + vm_os_offer = "check-point-cg-r82" + os_version = "R82" bootstrap_script = "touch /home/admin/bootstrap.txt; echo 'hello_world' > /home/admin/bootstrap.txt" allow_upload_download = true authentication_type = "Password" From 4f399c7bbd2e186243de47ee823d24d1d56fca71 Mon Sep 17 00:00:00 2001 From: natanelm Date: Wed, 20 Aug 2025 13:56:38 +0000 Subject: [PATCH 4/6] VSECPC-10387 | Remove V2, V3 VMs from Terraform templates --- modules/common/variables.tf | 22 ++++++------------- .../high_availability_existing_vnet/README.md | 4 ++-- modules/high_availability_new_vnet/README.md | 4 ++-- modules/management_existing_vnet/README.md | 4 ++-- modules/management_new_vnet/README.md | 4 ++-- modules/mds_existing_vnet/README.md | 4 ++-- modules/mds_new_vnet/README.md | 4 ++-- .../single_gateway_existing_vnet/README.md | 4 ++-- modules/single_gateway_new_vnet/README.md | 4 ++-- modules/vmss_existing_vnet/README.md | 4 ++-- modules/vmss_new_vnet/README.md | 4 ++-- 11 files changed, 27 insertions(+), 35 deletions(-) diff --git a/modules/common/variables.tf b/modules/common/variables.tf index 492ba1b..3bd7088 100755 --- a/modules/common/variables.tf +++ b/modules/common/variables.tf @@ -184,21 +184,13 @@ variable "vm_size" { } locals {// locals for 'vm_size' allowed values - allowed_vm_sizes = ["Standard_DS2_v2", "Standard_DS3_v2", "Standard_DS4_v2", "Standard_DS5_v2", "Standard_F2s", - "Standard_F4s", "Standard_F8s", "Standard_F16s", "Standard_D4s_v3", "Standard_D8s_v3", - "Standard_D16s_v3", "Standard_D32s_v3", "Standard_D64s_v3", "Standard_E4s_v3", "Standard_E8s_v3", - "Standard_E16s_v3", "Standard_E20s_v3", "Standard_E32s_v3", "Standard_E64s_v3", "Standard_E64is_v3", - "Standard_F4s_v2", "Standard_F8s_v2", "Standard_F16s_v2", "Standard_F32s_v2", "Standard_F64s_v2", - "Standard_M8ms", "Standard_M16ms", "Standard_M32ms", "Standard_M64ms", "Standard_M64s", - "Standard_D2_v2", "Standard_D3_v2", "Standard_D4_v2", "Standard_D5_v2", "Standard_D11_v2", - "Standard_D12_v2", "Standard_D13_v2", "Standard_D14_v2", "Standard_D15_v2", "Standard_F2", - "Standard_F4", "Standard_F8", "Standard_F16", "Standard_D4_v3", "Standard_D8_v3", "Standard_D16_v3", - "Standard_D32_v3", "Standard_D64_v3", "Standard_E4_v3", "Standard_E8_v3", "Standard_E16_v3", - "Standard_E20_v3", "Standard_E32_v3", "Standard_E64_v3", "Standard_E64i_v3", "Standard_DS11_v2", - "Standard_DS12_v2", "Standard_DS13_v2", "Standard_DS14_v2", "Standard_DS15_v2", "Standard_D2_v5", "Standard_D4_v5", - "Standard_D8_v5", "Standard_D16_v5","Standard_D32_v5", "Standard_D2s_v5", "Standard_D4s_v5", "Standard_D8s_v5", - "Standard_D16s_v5", "Standard_D2d_v5", "Standard_D4d_v5", "Standard_D8d_v5", "Standard_D16d_v5", "Standard_D32d_v5", - "Standard_D2ds_v5", "Standard_D4ds_v5", "Standard_D8ds_v5", "Standard_D16ds_v5", "Standard_D32ds_v5" +allowed_vm_sizes = ["Standard_F2s", "Standard_F4s", "Standard_F8s", "Standard_F16s", "Standard_M8ms", "Standard_M16ms", + "Standard_M32ms", "Standard_M64ms", "Standard_M64s", "Standard_F2", "Standard_F4", "Standard_F8", + "Standard_F16", "Standard_D2_v5", "Standard_D4_v5", "Standard_D8_v5", "Standard_D16_v5", + "Standard_D32_v5", "Standard_D2s_v5", "Standard_D4s_v5", "Standard_D8s_v5", "Standard_D16s_v5", + "Standard_D2d_v5", "Standard_D4d_v5", "Standard_D8d_v5", "Standard_D16d_v5", "Standard_D32d_v5", + "Standard_D2ds_v5", "Standard_D4ds_v5", "Standard_D8ds_v5", "Standard_D16ds_v5", + "Standard_D32ds_v5" ] // will fail if [var.vm_size] is invalid: validate_vm_size_value = index(local.allowed_vm_sizes, var.vm_size) diff --git a/modules/high_availability_existing_vnet/README.md b/modules/high_availability_existing_vnet/README.md index 1af448f..81538f3 100755 --- a/modules/high_availability_existing_vnet/README.md +++ b/modules/high_availability_existing_vnet/README.md @@ -40,7 +40,7 @@ module "example_module" { smart_1_cloud_token_a = "xxxxxxxxxxxx" smart_1_cloud_token_b = "xxxxxxxxxxxx" sic_key = "xxxxxxxxxxxx" - vm_size = "Standard_D3_v2" + vm_size = "Standard_D4ds_v5" disk_size = "110" vm_os_sku = "sg-byol" vm_os_offer = "check-point-cg-r82" @@ -107,7 +107,7 @@ module "example_module" { | **smart_1_cloud_token_a** | Smart-1 Cloud token to connect automatically ***Member A*** to Check Point's Security Management as a Service. Follow these instructions to connect this member. | string | A valid token copied from the Connect Gateway screen in Smart-1 Cloud portal
| | **smart_1_cloud_token_b** | Smart-1 Cloud token to connect automatically ***Member B*** to Check Point's Security Management as a Service. Follow these instructions to connect this member. | string | A valid token copied from the Connect Gateway screen in Smart-1 Cloud portal
| | **sic_key** | The Secure Internal Communication one-time secret used to set up trust between the cluster object and the management server | string | Only alphanumeric characters are allowed, and the value must be 12-30 characters long
| -| **vm_size** | Specifies the size of Virtual Machine | string | Various valid sizes (e.g., "Standard_DS2_v2", "Standard_D4s_v3", etc.)
| +| **vm_size** | Specifies the size of Virtual Machine | string | Various valid sizes (e.g., "Standard_D4ds_v5", "Standard_D8ds_v5", etc.)
| | **disk_size** | Storage data disk size (GB) | string | A number in the range 100 - 3995 (GB)
| | **vm_os_sku** | A SKU of the image to be deployed | string | "sg-byol" - BYOL license;
"sg-ngtp" - NGTP PAYG license;
"sg-ngtx" - NGTX PAYG license
| | **vm_os_offer** | The name of the image offer to be deployed | string | "check-point-cg-r81.10";
"check-point-cg-r81.20";
"check-point-cg-r82";
| diff --git a/modules/high_availability_new_vnet/README.md b/modules/high_availability_new_vnet/README.md index 55f448d..fcbea2c 100755 --- a/modules/high_availability_new_vnet/README.md +++ b/modules/high_availability_new_vnet/README.md @@ -43,7 +43,7 @@ module "example_module" { smart_1_cloud_token_a = "xxxxxxxxxxxx" smart_1_cloud_token_b = "xxxxxxxxxxxx" sic_key = "xxxxxxxxxxxx" - vm_size = "Standard_D3_v2" + vm_size = "Standard_D4ds_v5" disk_size = "110" vm_os_sku = "sg-byol" vm_os_offer = "check-point-cg-r82" @@ -108,7 +108,7 @@ module "example_module" { | **smart_1_cloud_token_a** | Smart-1 Cloud token to connect automatically ***Member A*** to Check Point's Security Management as a Service. | string | A valid token copied from the Connect Gateway screen in the Smart-1 Cloud portal
| | **smart_1_cloud_token_b** | Smart-1 Cloud token to connect automatically ***Member B*** to Check Point's Security Management as a Service. | string | A valid token copied from the Connect Gateway screen in the Smart-1 Cloud portal
| | **sic_key** | The Secure Internal Communication one-time secret used to set up trust between the cluster object and the management server | string | Only alphanumeric characters are allowed, and the value must be 12-30 characters long
| -| **vm_size** | Specifies the size of the Virtual Machine | string | Various valid sizes (e.g., "Standard_DS2_v2", "Standard_D4s_v3", etc.)
| +| **vm_size** | Specifies the size of the Virtual Machine | string | Various valid sizes (e.g., "Standard_D4ds_v5", "Standard_D8ds_v5", etc.)
| | **disk_size** | Storage data disk size (GB) | string | A number in the range 100 - 3995 (GB)
| | **vm_os_sku** | A SKU of the image to be deployed | string | "sg-byol" - BYOL license;
"sg-ngtp" - NGTP PAYG license;
"sg-ngtx" - NGTX PAYG license;
| | **vm_os_offer** | The name of the image offer to be deployed | string | "check-point-cg-r8110";
"check-point-cg-r8120";
"check-point-cg-r82";
| diff --git a/modules/management_existing_vnet/README.md b/modules/management_existing_vnet/README.md index 758bc3e..bf7548f 100755 --- a/modules/management_existing_vnet/README.md +++ b/modules/management_existing_vnet/README.md @@ -37,7 +37,7 @@ module "example_module" { management_GUI_client_network = "0.0.0.0/0" mgmt_enable_api = "disable" admin_password = "xxxxxxxxxxxx" - vm_size = "Standard_D3_v2" + vm_size = "Standard_D4ds_v5" disk_size = "110" vm_os_sku = "mgmt-byol" vm_os_offer = "check-point-cg-r82" @@ -71,7 +71,7 @@ module "example_module" { | **management_GUI_client_network** | Allowed GUI clients - GUI clients network CIDR | string | | | **mgmt_enable_api** | Enable api access to the management | string | "all";
"management_only";
"gui_clients";
"disable".
**Default:** "disable" | | **admin_password** | The password associated with the local administrator account on each cluster member | string | Password must have 3 of the following: 1 lower case character, 1 upper case character, 1 number, and 1 special character. | -| **vm_size** | Specifies the size of Virtual Machine | string | "Standard_DS2_v2", "Standard_DS3_v2", "Standard_DS4_v2", "Standard_DS5_v2", "Standard_F2s", "Standard_F4s", "Standard_F8s", "Standard_F16s", "Standard_D4s_v3", "Standard_D8s_v3", "Standard_D16s_v3", "Standard_D32s_v3", "Standard_D64s_v3", "Standard_E4s_v3", "Standard_E8s_v3", "Standard_E16s_v3", "Standard_E20s_v3", "Standard_E32s_v3", "Standard_E64s_v3", "Standard_E64is_v3", "Standard_F4s_v2", "Standard_F8s_v2", "Standard_F16s_v2", "Standard_F32s_v2", "Standard_F64s_v2", "Standard_M8ms", "Standard_M16ms", "Standard_M32ms", "Standard_M64ms", "Standard_M64s", "Standard_D2_v2", "Standard_D3_v2", "Standard_D4_v2", "Standard_D5_v2", "Standard_D11_v2", "Standard_D12_v2", "Standard_D13_v2", "Standard_D14_v2", "Standard_D15_v2", "Standard_F2", "Standard_F4", "Standard_F8", "Standard_F16", "Standard_D4_v3", "Standard_D8_v3", "Standard_D16_v3", "Standard_D32_v3", "Standard_D64_v3", "Standard_E4_v3", "Standard_E8_v3", "Standard_E16_v3", "Standard_E20_v3", "Standard_E32_v3", "Standard_E64_v3", "Standard_E64i_v3", "Standard_DS11_v2", "Standard_DS12_v2", "Standard_DS13_v2", "Standard_DS14_v2", "Standard_DS15_v2", "Standard_D2_v5", "Standard_D4_v5", "Standard_D8_v5", "Standard_D16_v5","Standard_D32_v5", "Standard_D2s_v5", "Standard_D4s_v5", "Standard_D8s_v5", "Standard_D16s_v5", "Standard_D2d_v5", "Standard_D4d_v5", "Standard_D8d_v5", "Standard_D16d_v5", "Standard_D32d_v5", "Standard_D2ds_v5", "Standard_D4ds_v5", "Standard_D8ds_v5", "Standard_D16ds_v5", "Standard_D32ds_v5". | +| **vm_size** | Specifies the size of Virtual Machine | string | "Standard_F2s", "Standard_F4s", "Standard_F8s", "Standard_F16s", "Standard_M8ms", "Standard_M16ms", "Standard_M32ms", "Standard_M64ms", "Standard_M64s", "Standard_F2", "Standard_F4", "Standard_F8", "Standard_F16", "Standard_D2_v5", "Standard_D4_v5", "Standard_D8_v5", "Standard_D16_v5","Standard_D32_v5", "Standard_D2s_v5", "Standard_D4s_v5", "Standard_D8s_v5", "Standard_D16s_v5", "Standard_D2d_v5", "Standard_D4d_v5", "Standard_D8d_v5", "Standard_D16d_v5", "Standard_D32d_v5", "Standard_D2ds_v5", "Standard_D4ds_v5", "Standard_D8ds_v5", "Standard_D16ds_v5", "Standard_D32ds_v5". | | **disk_size** | Storage data disk size size(GB) | string | A number in the range 100 - 3995 (GB). | | **vm_os_sku** | A sku of the image to be deployed | string | "mgmt-byol" - BYOL license;
"mgmt-25" - PAYG. | | **vm_os_offer** | The name of the image offer to be deployed | string | "check-point-cg-r8110";
"check-point-cg-r8120";
"check-point-cg-r82". | diff --git a/modules/management_new_vnet/README.md b/modules/management_new_vnet/README.md index 3572e5b..15546fc 100755 --- a/modules/management_new_vnet/README.md +++ b/modules/management_new_vnet/README.md @@ -38,7 +38,7 @@ module "example_module" { management_GUI_client_network = "0.0.0.0/0" mgmt_enable_api = "disable" admin_password = "xxxxxxxxxxxx" - vm_size = "Standard_D3_v2" + vm_size = "Standard_D4ds_v5" disk_size = "110" vm_os_sku = "mgmt-byol" vm_os_offer = "check-point-cg-r82" @@ -70,7 +70,7 @@ module "example_module" { | **management_GUI_client_network** | Allowed GUI clients - GUI clients network CIDR | string | | | **mgmt_enable_api** | Enable API access to the management | string | "all";
"management_only";
"gui_clients";
"disable";
**Default:** "disable" | | **admin_password** | The password associated with the local administrator account on each cluster member | string | Password must have 3 of the following: 1 lower case character, 1 upper case character, 1 number, and 1 special character
| -| **vm_size** | Specifies the size of the Virtual Machine | string | A list of valid VM sizes (e.g., "Standard_DS2_v2", "Standard_DS3_v2", etc.)
| +| **vm_size** | Specifies the size of the Virtual Machine | string | A list of valid VM sizes (e.g., "Standard_D4ds_v5", "Standard_D8ds_v5", etc.)
| | **disk_size** | Storage data disk size (GB) | string | A number in the range 100 - 3995 (GB)
| | **vm_os_sku** | A SKU of the image to be deployed | string | "mgmt-byol" - BYOL license;
"mgmt-25" - PAYG;
| | **vm_os_offer** | The name of the image offer to be deployed | string | "check-point-cg-r8110";
"check-point-cg-r8120";
"check-point-cg-r82";
| diff --git a/modules/mds_existing_vnet/README.md b/modules/mds_existing_vnet/README.md index 584657c..dd6130e 100755 --- a/modules/mds_existing_vnet/README.md +++ b/modules/mds_existing_vnet/README.md @@ -36,7 +36,7 @@ module "example_module" { management_GUI_client_network = "0.0.0.0/0" mds_enable_api = "disable" admin_password = "xxxxxxxxxxxx" - vm_size = "Standard_D3_v2" + vm_size = "Standard_D4ds_v5" disk_size = "110" vm_os_sku = "mgmt-byol" vm_os_offer = "check-point-cg-r82" @@ -76,7 +76,7 @@ module "example_module" { | **management_GUI_client_network** | Allowed GUI clients - GUI clients network CIDR | string | | | **mds_enable_api** | Enable api access to the mds | string | "all";
"management_only";
"gui_clients";
"disable".
**Default:** "disable" | | **admin_password** | The password associated with the local administrator account on the mds | string | Password must have 3 of the following: 1 lower case character, 1 upper case character, 1 number, and 1 special character. | -| **vm_size** | Specifies the size of Virtual Machine | string | "Standard_DS2_v2", "Standard_DS3_v2", "Standard_DS4_v2", "Standard_DS5_v2", "Standard_F2s", "Standard_F4s", "Standard_F8s", "Standard_F16s", "Standard_D4s_v3", "Standard_D8s_v3", "Standard_D16s_v3", "Standard_D32s_v3", "Standard_D64s_v3", "Standard_E4s_v3", "Standard_E8s_v3", "Standard_E16s_v3", "Standard_E20s_v3", "Standard_E32s_v3", "Standard_E64s_v3", "Standard_E64is_v3", "Standard_F4s_v2", "Standard_F8s_v2", "Standard_F16s_v2", "Standard_F32s_v2", "Standard_F64s_v2", "Standard_M8ms", "Standard_M16ms", "Standard_M32ms", "Standard_M64ms", "Standard_M64s", "Standard_D2_v2", "Standard_D3_v2", "Standard_D4_v2", "Standard_D5_v2", "Standard_D11_v2", "Standard_D12_v2", "Standard_D13_v2", "Standard_D14_v2", "Standard_D15_v2", "Standard_F2", "Standard_F4", "Standard_F8", "Standard_F16", "Standard_D4_v3", "Standard_D8_v3", "Standard_D16_v3", "Standard_D32_v3", "Standard_D64_v3", "Standard_E4_v3", "Standard_E8_v3", "Standard_E16_v3", "Standard_E20_v3", "Standard_E32_v3", "Standard_E64_v3", "Standard_E64i_v3", "Standard_DS11_v2", "Standard_DS12_v2", "Standard_DS13_v2", "Standard_DS14_v2", "Standard_DS15_v2", "Standard_D2_v5", "Standard_D4_v5", "Standard_D8_v5", "Standard_D16_v5","Standard_D32_v5", "Standard_D2s_v5", "Standard_D4s_v5", "Standard_D8s_v5", "Standard_D16s_v5", "Standard_D2d_v5", "Standard_D4d_v5", "Standard_D8d_v5", "Standard_D16d_v5", "Standard_D32d_v5", "Standard_D2ds_v5", "Standard_D4ds_v5", "Standard_D8ds_v5", "Standard_D16ds_v5", "Standard_D32ds_v5". | +| **vm_size** | Specifies the size of Virtual Machine | string | "Standard_F2s", "Standard_F4s", "Standard_F8s", "Standard_F16s", "Standard_M8ms", "Standard_M16ms", "Standard_M32ms", "Standard_M64ms", "Standard_M64s", "Standard_F2", "Standard_F4", "Standard_F8", "Standard_F16", "Standard_D2_v5", "Standard_D4_v5", "Standard_D8_v5", "Standard_D16_v5","Standard_D32_v5", "Standard_D2s_v5", "Standard_D4s_v5", "Standard_D8s_v5", "Standard_D16s_v5", "Standard_D2d_v5", "Standard_D4d_v5", "Standard_D8d_v5", "Standard_D16d_v5", "Standard_D32d_v5", "Standard_D2ds_v5", "Standard_D4ds_v5", "Standard_D8ds_v5", "Standard_D16ds_v5", "Standard_D32ds_v5". | | **disk_size** | Storage data disk size size(GB) | string | A number in the range 100 - 3995 (GB). | | **vm_os_sku** | A sku of the image to be deployed | string | "mgmt-byol" - BYOL license;
"mgmt-25" - PAYG. | | **vm_os_offer** | The name of the image offer to be deployed | string | "check-point-cg-r8110";
"check-point-cg-r8120";
"check-point-cg-r82". | diff --git a/modules/mds_new_vnet/README.md b/modules/mds_new_vnet/README.md index c4e00ea..d33e471 100755 --- a/modules/mds_new_vnet/README.md +++ b/modules/mds_new_vnet/README.md @@ -39,7 +39,7 @@ module "example_module" { management_GUI_client_network = "0.0.0.0/0" mds_enable_api = "disable" admin_password = "xxxxxxxxxxxx" - vm_size = "Standard_D3_v2" + vm_size = "Standard_D4ds_v5" disk_size = "110" vm_os_sku = "mgmt-byol" vm_os_offer = "check-point-cg-r82" @@ -78,7 +78,7 @@ module "example_module" { | **management_GUI_client_network** | Allowed GUI clients - GUI clients network CIDR | string | | | **mds_enable_api** | Enable api access to the mds | string | "all";
"management_only";
"gui_clients";
"disable".
**Default:** "disable" | | **admin_password** | The password associated with the local administrator account on the mds | string | Password must have 3 of the following: 1 lower case character, 1 upper case character, 1 number, and 1 special character. | -| **vm_size** | Specifies the size of Virtual Machine | string | "Standard_DS2_v2", "Standard_DS3_v2", "Standard_DS4_v2", "Standard_DS5_v2", "Standard_F2s", "Standard_F4s", "Standard_F8s", "Standard_F16s", "Standard_D4s_v3", "Standard_D8s_v3", "Standard_D16s_v3", "Standard_D32s_v3", "Standard_D64s_v3", "Standard_E4s_v3", "Standard_E8s_v3", "Standard_E16s_v3", "Standard_E20s_v3", "Standard_E32s_v3", "Standard_E64s_v3", "Standard_E64is_v3", "Standard_F4s_v2", "Standard_F8s_v2", "Standard_F16s_v2", "Standard_F32s_v2", "Standard_F64s_v2", "Standard_M8ms", "Standard_M16ms", "Standard_M32ms", "Standard_M64ms", "Standard_M64s", "Standard_D2_v2", "Standard_D3_v2", "Standard_D4_v2", "Standard_D5_v2", "Standard_D11_v2", "Standard_D12_v2", "Standard_D13_v2", "Standard_D14_v2", "Standard_D15_v2", "Standard_F2", "Standard_F4", "Standard_F8", "Standard_F16", "Standard_D4_v3", "Standard_D8_v3", "Standard_D16_v3", "Standard_D32_v3", "Standard_D64_v3", "Standard_E4_v3", "Standard_E8_v3", "Standard_E16_v3", "Standard_E20_v3", "Standard_E32_v3", "Standard_E64_v3", "Standard_E64i_v3", "Standard_DS11_v2", "Standard_DS12_v2", "Standard_DS13_v2", "Standard_DS14_v2", "Standard_DS15_v2", "Standard_D2_v5", "Standard_D4_v5", "Standard_D8_v5", "Standard_D16_v5","Standard_D32_v5", "Standard_D2s_v5", "Standard_D4s_v5", "Standard_D8s_v5", "Standard_D16s_v5", "Standard_D2d_v5", "Standard_D4d_v5", "Standard_D8d_v5", "Standard_D16d_v5", "Standard_D32d_v5", "Standard_D2ds_v5", "Standard_D4ds_v5", "Standard_D8ds_v5", "Standard_D16ds_v5", "Standard_D32ds_v5". | +| **vm_size** | Specifies the size of Virtual Machine | string | "Standard_F2s", "Standard_F4s", "Standard_F8s", "Standard_F16s", "Standard_M8ms", "Standard_M16ms", "Standard_M32ms", "Standard_M64ms", "Standard_M64s", "Standard_F2", "Standard_F4", "Standard_F8", "Standard_F16", "Standard_D2_v5", "Standard_D4_v5", "Standard_D8_v5", "Standard_D16_v5","Standard_D32_v5", "Standard_D2s_v5", "Standard_D4s_v5", "Standard_D8s_v5", "Standard_D16s_v5", "Standard_D2d_v5", "Standard_D4d_v5", "Standard_D8d_v5", "Standard_D16d_v5", "Standard_D32d_v5", "Standard_D2ds_v5", "Standard_D4ds_v5", "Standard_D8ds_v5", "Standard_D16ds_v5", "Standard_D32ds_v5". | | **disk_size** | Storage data disk size size(GB) | string | A number in the range 100 - 3995 (GB). | | **vm_os_sku** | A sku of the image to be deployed | string | "mgmt-byol" - BYOL license;
"mgmt-25" - PAYG. | | **vm_os_offer** | The name of the image offer to be deployed | string | "check-point-cg-r8110";
"check-point-cg-r8120";
"check-point-cg-r82". | diff --git a/modules/single_gateway_existing_vnet/README.md b/modules/single_gateway_existing_vnet/README.md index c7c3f99..286c527 100755 --- a/modules/single_gateway_existing_vnet/README.md +++ b/modules/single_gateway_existing_vnet/README.md @@ -39,7 +39,7 @@ module "example_module" { admin_password = "xxxxxxxxxxxx" smart_1_cloud_token = "xxxxxxxxxxxx" sic_key = "xxxxxxxxxxxx" - vm_size = "Standard_D3_v2" + vm_size = "Standard_D4ds_v5" disk_size = "110" vm_os_sku = "sg-byol" vm_os_offer = "check-point-cg-r82" @@ -84,7 +84,7 @@ module "example_module" { | **admin_password** | The password associated with the local administrator account on the gateway | string | Password must have 3 of the following: 1 lower case character, 1 upper case character, 1 number, and 1 special character. | | **smart_1_cloud_token** | Smart-1 Cloud token to connect automatically ***Gateway*** to Check Point's Security Management as a Service.

Follow these instructions to quickly connect this member to Smart-1 Cloud - [SK180501](https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk180501) | string | A valid token copied from the Connect Gateway screen in Smart-1 Cloud portal. | | **sic_key** | The Secure Internal Communication one time secret used to set up trust between the gateway object and the management server | string | Only alphanumeric characters are allowed, and the value must be 12-30 characters long. | -| **vm_size** | Specifies the size of Virtual Machine | string | "Standard_DS2_v2", "Standard_DS3_v2", "Standard_DS4_v2", "Standard_DS5_v2", "Standard_F2s", "Standard_F4s", "Standard_F8s", "Standard_F16s", "Standard_D4s_v3", "Standard_D8s_v3", "Standard_D16s_v3", "Standard_D32s_v3", "Standard_D64s_v3", "Standard_E4s_v3", "Standard_E8s_v3", "Standard_E16s_v3", "Standard_E20s_v3", "Standard_E32s_v3", "Standard_E64s_v3", "Standard_E64is_v3", "Standard_F4s_v2", "Standard_F8s_v2", "Standard_F16s_v2", "Standard_F32s_v2", "Standard_F64s_v2", "Standard_M8ms", "Standard_M16ms", "Standard_M32ms", "Standard_M64ms", "Standard_M64s", "Standard_D2_v2", "Standard_D3_v2", "Standard_D4_v2", "Standard_D5_v2", "Standard_D11_v2", "Standard_D12_v2", "Standard_D13_v2", "Standard_D14_v2", "Standard_D15_v2", "Standard_F2", "Standard_F4", "Standard_F8", "Standard_F16", "Standard_D4_v3", "Standard_D8_v3", "Standard_D16_v3", "Standard_D32_v3", "Standard_D64_v3", "Standard_E4_v3", "Standard_E8_v3", "Standard_E16_v3", "Standard_E20_v3", "Standard_E32_v3", "Standard_E64_v3", "Standard_E64i_v3", "Standard_DS11_v2", "Standard_DS12_v2", "Standard_DS13_v2", "Standard_DS14_v2", "Standard_DS15_v2", "Standard_D2_v5", "Standard_D4_v5", "Standard_D8_v5", "Standard_D16_v5","Standard_D32_v5", "Standard_D2s_v5", "Standard_D4s_v5", "Standard_D8s_v5", "Standard_D16s_v5", "Standard_D2d_v5", "Standard_D4d_v5", "Standard_D8d_v5", "Standard_D16d_v5", "Standard_D32d_v5", "Standard_D2ds_v5", "Standard_D4ds_v5", "Standard_D8ds_v5", "Standard_D16ds_v5", "Standard_D32ds_v5". | +| **vm_size** | Specifies the size of Virtual Machine | string | "Standard_F2s", "Standard_F4s", "Standard_F8s", "Standard_F16s", "Standard_M8ms", "Standard_M16ms", "Standard_M32ms", "Standard_M64ms", "Standard_M64s", "Standard_F2", "Standard_F4", "Standard_F8", "Standard_F16", "Standard_D2_v5", "Standard_D4_v5", "Standard_D8_v5", "Standard_D16_v5","Standard_D32_v5", "Standard_D2s_v5", "Standard_D4s_v5", "Standard_D8s_v5", "Standard_D16s_v5", "Standard_D2d_v5", "Standard_D4d_v5", "Standard_D8d_v5", "Standard_D16d_v5", "Standard_D32d_v5", "Standard_D2ds_v5", "Standard_D4ds_v5", "Standard_D8ds_v5", "Standard_D16ds_v5", "Standard_D32ds_v5". | | **disk_size** | Storage data disk size size(GB) | string | A number in the range 100 - 3995 (GB). | | **vm_os_sku** | A sku of the image to be deployed | string | "sg-byol" - BYOL license;
"sg-ngtp" - NGTP PAYG license;
"sg-ngtx" - NGTX PAYG license. | | **vm_os_offer** | The name of the image offer to be deployed | string | "check-point-cg-r8110";
"check-point-cg-r8120";
"check-point-cg-r82". | diff --git a/modules/single_gateway_new_vnet/README.md b/modules/single_gateway_new_vnet/README.md index bca04fd..6b8e149 100755 --- a/modules/single_gateway_new_vnet/README.md +++ b/modules/single_gateway_new_vnet/README.md @@ -39,7 +39,7 @@ module "example_module" { admin_password = "xxxxxxxxxxxx" smart_1_cloud_token = "xxxxxxxxxxxx" sic_key = "xxxxxxxxxxxx" - vm_size = "Standard_D3_v2" + vm_size = "Standard_D4ds_v5" disk_size = "110" vm_os_sku = "sg-byol" vm_os_offer = "check-point-cg-r82" @@ -80,7 +80,7 @@ module "example_module" { | **admin_password** | The password associated with the local administrator account on the gateway | string | Password must have 3 of the following: 1 lower case character, 1 upper case character, 1 number, and 1 special character | | **smart_1_cloud_token** | Smart-1 Cloud token to connect automatically ***Gateway*** to Check Point's Security Management as a Service. Follow these instructions to quickly connect this member to Smart-1 Cloud | string | A valid token copied from the Connect Gateway screen in Smart-1 Cloud portal | | **sic_key** | The Secure Internal Communication one-time secret used to set up trust between the gateway object and the management server | string | Only alphanumeric characters are allowed, and the value must be 12-30 characters long | -| **vm_size** | Specifies the size of Virtual Machine | string | Various valid sizes (e.g., "Standard_DS2_v2", "Standard_D4s_v3", etc.) | +| **vm_size** | Specifies the size of Virtual Machine | string | Various valid sizes (e.g., "Standard_D4ds_v5", "Standard_D8ds_v5", etc.) | | **disk_size** | Storage data disk size (GB) | string | A number in the range 100 - 3995 (GB) | | **vm_os_sku** | A SKU of the image to be deployed | string | "sg-byol" - BYOL license;
"sg-ngtp" - NGTP PAYG license;
"sg-ngtx" - NGTX PAYG license | | **vm_os_offer** | The name of the image offer to be deployed | string | "check-point-cg-r8110";
"check-point-cg-r8120";
"check-point-cg-r82"; | diff --git a/modules/vmss_existing_vnet/README.md b/modules/vmss_existing_vnet/README.md index a12b1b2..6f05587 100755 --- a/modules/vmss_existing_vnet/README.md +++ b/modules/vmss_existing_vnet/README.md @@ -38,7 +38,7 @@ module "example_module" { backend_lb_IP_address = 4 admin_password = "xxxxxxxxxxxx" sic_key = "xxxxxxxxxxxx" - vm_size = "Standard_D3_v2" + vm_size = "Standard_D4ds_v5" disk_size = "100" vm_os_sku = "sg-byol" vm_os_offer = "check-point-cg-r82" @@ -98,7 +98,7 @@ module "example_module" { | **backend_lb_IP_address** | Is a whole number that can be represented as a binary integer with no more than the number of digits remaining in the address after the given prefix | string | Starting from 5-th IP address in a subnet. For example: subnet - 10.0.1.0/24, backend_lb_IP_address = 4 , the LB IP is 10.0.1.4. | | **admin_password** | The password associated with the local administrator account on each cluster member | string | Password must have 3 of the following: 1 lower case character, 1 upper case character, 1 number, and 1 special character. | | **sic_key** | The Secure Internal Communication one time secret used to set up trust between the cluster object and the management server | string | Only alphanumeric characters are allowed, and the value must be 12-30 characters long. | -| **vm_size** | Specifies the size of Virtual Machine | string | "Standard_DS2_v2", "Standard_DS3_v2", "Standard_DS4_v2", "Standard_DS5_v2", "Standard_F2s", "Standard_F4s", "Standard_F8s", "Standard_F16s", "Standard_D4s_v3", "Standard_D8s_v3", "Standard_D16s_v3", "Standard_D32s_v3", "Standard_D64s_v3", "Standard_E4s_v3", "Standard_E8s_v3", "Standard_E16s_v3", "Standard_E20s_v3", "Standard_E32s_v3", "Standard_E64s_v3", "Standard_E64is_v3", "Standard_F4s_v2", "Standard_F8s_v2", "Standard_F16s_v2", "Standard_F32s_v2", "Standard_F64s_v2", "Standard_M8ms", "Standard_M16ms", "Standard_M32ms", "Standard_M64ms", "Standard_M64s", "Standard_D2_v2", "Standard_D3_v2", "Standard_D4_v2", "Standard_D5_v2", "Standard_D11_v2", "Standard_D12_v2", "Standard_D13_v2", "Standard_D14_v2", "Standard_D15_v2", "Standard_F2", "Standard_F4", "Standard_F8", "Standard_F16", "Standard_D4_v3", "Standard_D8_v3", "Standard_D16_v3", "Standard_D32_v3", "Standard_D64_v3", "Standard_E4_v3", "Standard_E8_v3", "Standard_E16_v3", "Standard_E20_v3", "Standard_E32_v3", "Standard_E64_v3", "Standard_E64i_v3", "Standard_DS11_v2", "Standard_DS12_v2", "Standard_DS13_v2", "Standard_DS14_v2", "Standard_DS15_v2", "Standard_D2_v5", "Standard_D4_v5", "Standard_D8_v5", "Standard_D16_v5","Standard_D32_v5", "Standard_D2s_v5", "Standard_D4s_v5", "Standard_D8s_v5", "Standard_D16s_v5", "Standard_D2d_v5", "Standard_D4d_v5", "Standard_D8d_v5", "Standard_D16d_v5", "Standard_D32d_v5", "Standard_D2ds_v5", "Standard_D4ds_v5", "Standard_D8ds_v5", "Standard_D16ds_v5", "Standard_D32ds_v5". | +| **vm_size** | Specifies the size of Virtual Machine | string | "Standard_F2s", "Standard_F4s", "Standard_F8s", "Standard_F16s", "Standard_M8ms", "Standard_M16ms", "Standard_M32ms", "Standard_M64ms", "Standard_M64s", "Standard_F2", "Standard_F4", "Standard_F8", "Standard_F16", "Standard_D2_v5", "Standard_D4_v5", "Standard_D8_v5", "Standard_D16_v5","Standard_D32_v5", "Standard_D2s_v5", "Standard_D4s_v5", "Standard_D8s_v5", "Standard_D16s_v5", "Standard_D2d_v5", "Standard_D4d_v5", "Standard_D8d_v5", "Standard_D16d_v5", "Standard_D32d_v5", "Standard_D2ds_v5", "Standard_D4ds_v5", "Standard_D8ds_v5", "Standard_D16ds_v5", "Standard_D32ds_v5". | | **disk_size** | Storage data disk size size(GB) must be 100 for versions R81.20 and below | string | A number in the range 100 - 3995 (GB).
**Default:** 100 | | **vm_os_sku** | A sku of the image to be deployed | string | "sg-byol" - BYOL license;
"sg-ngtp" - NGTP PAYG license;
"sg-ngtx" - NGTX PAYG license. | | **vm_os_offer** | The name of the image offer to be deployed | string | "check-point-cg-r8110";
"check-point-cg-r8120";
"check-point-cg-r82". | diff --git a/modules/vmss_new_vnet/README.md b/modules/vmss_new_vnet/README.md index 09a2cf7..6a23897 100755 --- a/modules/vmss_new_vnet/README.md +++ b/modules/vmss_new_vnet/README.md @@ -42,7 +42,7 @@ module "example_module" { backend_lb_IP_address = 4 admin_password = "xxxxxxxxxxxx" sic_key = "xxxxxxxxxxxx" - vm_size = "Standard_D3_v2" + vm_size = "Standard_D4ds_v5" disk_size = "100" vm_os_sku = "sg-byol" vm_os_offer = "check-point-cg-r82" @@ -97,7 +97,7 @@ module "example_module" { | **backend_lb_IP_address** | A whole number that can be represented as a binary integer with no more than the number of digits remaining in the address after the given prefix | number | Starting from the 5th IP address in a subnet. For example: subnet - 10.0.1.0/24, backend_lb_IP_address = 4, the LB IP is 10.0.1.4
| | **admin_password** | The password associated with the local administrator account on each cluster member | string | Password must have 3 of the following: 1 lowercase character, 1 uppercase character, 1 number, and 1 special character
| | **sic_key** | The Secure Internal Communication one-time secret used to set up trust between the cluster object and the management server | string | Only alphanumeric characters are allowed, and the value must be 12-30 characters long
| -| **vm_size** | Specifies the size of Virtual Machine | string | A list of valid VM sizes, e.g., "Standard_DS2_v2", "Standard_D4s_v3", "Standard_D64s_v3", etc.
| +| **vm_size** | Specifies the size of Virtual Machine | string | A list of valid VM sizes, e.g., "Standard_D4ds_v5", "Standard_D8ds_v5", etc.
| | **disk_size** | Storage data disk size (GB) must be 100 for versions R81.20 and below | string | A number in the range 100 - 3995 (GB)
**Default:** 100 | | **vm_os_sku** | A SKU of the image to be deployed | string | "sg-byol" - BYOL license;
"sg-ngtp" - NGTP PAYG license;
"sg-ngtx" - NGTX PAYG license;
| | **vm_os_offer** | The name of the image offer to be deployed | string | "check-point-cg-r8110";
"check-point-cg-r8120";
"check-point-cg-r82";
| From 5476eb32d0002b19024d0e2053fe7e01f174abe2 Mon Sep 17 00:00:00 2001 From: danhe Date: Mon, 25 Aug 2025 12:31:14 +0000 Subject: [PATCH 5/6] Rename HA module to ha_terraform for improved clarity and consistency --- modules/high_availability_existing_vnet/locals.tf | 2 +- modules/high_availability_new_vnet/locals.tf | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/modules/high_availability_existing_vnet/locals.tf b/modules/high_availability_existing_vnet/locals.tf index 2b41872..b652c45 100755 --- a/modules/high_availability_existing_vnet/locals.tf +++ b/modules/high_availability_existing_vnet/locals.tf @@ -1,4 +1,4 @@ locals { - module_name = "high_availability" + module_name = "ha_terraform" module_version = "1.0.5" } diff --git a/modules/high_availability_new_vnet/locals.tf b/modules/high_availability_new_vnet/locals.tf index 7e60623..b652c45 100755 --- a/modules/high_availability_new_vnet/locals.tf +++ b/modules/high_availability_new_vnet/locals.tf @@ -1,4 +1,4 @@ locals { - module_name = "high_availability_terraform_registry" + module_name = "ha_terraform" module_version = "1.0.5" } From ec936ae88b60e54013917a4e27354c25daca0ae4 Mon Sep 17 00:00:00 2001 From: natanelm Date: Sun, 31 Aug 2025 14:06:32 +0000 Subject: [PATCH 6/6] VMSS | Added support for public IP prefix --- .../high_availability_existing_vnet/README.md | 2 +- modules/high_availability_new_vnet/README.md | 2 +- modules/management_existing_vnet/README.md | 2 +- modules/management_new_vnet/README.md | 2 +- modules/mds_existing_vnet/README.md | 2 +- modules/mds_new_vnet/README.md | 2 +- modules/nva_into_existing_hub/README.md | 2 +- modules/nva_into_new_vwan/README.md | 2 +- .../single_gateway_existing_vnet/README.md | 2 +- modules/single_gateway_new_vnet/README.md | 2 +- modules/vmss_existing_vnet/README.md | 19 ++++++++++++++++++- modules/vmss_existing_vnet/main.tf | 9 +++++++++ modules/vmss_existing_vnet/variables.tf | 18 ++++++++++++++++++ modules/vmss_new_vnet/README.md | 19 ++++++++++++++++++- modules/vmss_new_vnet/main.tf | 9 +++++++++ modules/vmss_new_vnet/variables.tf | 18 ++++++++++++++++++ 16 files changed, 100 insertions(+), 12 deletions(-) diff --git a/modules/high_availability_existing_vnet/README.md b/modules/high_availability_existing_vnet/README.md index 81538f3..ff6fcda 100755 --- a/modules/high_availability_existing_vnet/README.md +++ b/modules/high_availability_existing_vnet/README.md @@ -23,7 +23,7 @@ provider "azurerm" { module "example_module" { source = "CheckPointSW/cloudguard-network-security/azure//modules/high_availability_existing_vnet" - version = "1.0.4" + version = "1.0.5" tenant_id = "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx" source_image_vhd_uri = "noCustomUri" diff --git a/modules/high_availability_new_vnet/README.md b/modules/high_availability_new_vnet/README.md index fcbea2c..684e9c5 100755 --- a/modules/high_availability_new_vnet/README.md +++ b/modules/high_availability_new_vnet/README.md @@ -29,7 +29,7 @@ provider "azurerm" { module "example_module" { source = "CheckPointSW/cloudguard-network-security/azure//modules/high_availability_new_vnet" - version = "1.0.4" + version = "1.0.5" tenant_id = "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx" source_image_vhd_uri = "noCustomUri" diff --git a/modules/management_existing_vnet/README.md b/modules/management_existing_vnet/README.md index bf7548f..c23f0c4 100755 --- a/modules/management_existing_vnet/README.md +++ b/modules/management_existing_vnet/README.md @@ -24,7 +24,7 @@ provider "azurerm" { module "example_module" { source = "CheckPointSW/cloudguard-network-security/azure//modules/management_existing_vnet" - version = "1.0.4" + version = "1.0.5" source_image_vhd_uri = "noCustomUri" resource_group_name = "checkpoint-mgmt-terraform" diff --git a/modules/management_new_vnet/README.md b/modules/management_new_vnet/README.md index 15546fc..69b4f81 100755 --- a/modules/management_new_vnet/README.md +++ b/modules/management_new_vnet/README.md @@ -26,7 +26,7 @@ provider "azurerm" { module "example_module" { source = "CheckPointSW/cloudguard-network-security/azure//modules/management_new_vnet" - version = "1.0.4" + version = "1.0.5" source_image_vhd_uri = "noCustomUri" resource_group_name = "checkpoint-mgmt-terraform" diff --git a/modules/mds_existing_vnet/README.md b/modules/mds_existing_vnet/README.md index dd6130e..bbd08ff 100755 --- a/modules/mds_existing_vnet/README.md +++ b/modules/mds_existing_vnet/README.md @@ -23,7 +23,7 @@ provider "azurerm" { module "example_module" { source = "CheckPointSW/cloudguard-network-security/azure//modules/mds_existing_vnet" - version = "1.0.4" + version = "1.0.5" source_image_vhd_uri = "noCustomUri" resource_group_name = "checkpoint-mds-rg-terraform" diff --git a/modules/mds_new_vnet/README.md b/modules/mds_new_vnet/README.md index d33e471..b9fc739 100755 --- a/modules/mds_new_vnet/README.md +++ b/modules/mds_new_vnet/README.md @@ -26,7 +26,7 @@ provider "azurerm" { module "example_module" { source = "CheckPointSW/cloudguard-network-security/azure//modules/mds_new_vnet" - version = "1.0.4" + version = "1.0.5" source_image_vhd_uri = "noCustomUri" diff --git a/modules/nva_into_existing_hub/README.md b/modules/nva_into_existing_hub/README.md index 77c26d6..7ac491f 100755 --- a/modules/nva_into_existing_hub/README.md +++ b/modules/nva_into_existing_hub/README.md @@ -22,7 +22,7 @@ provider "azurerm" { module "example_module" { source = "CheckPointSW/cloudguard-network-security/azure//modules/nva_into_existing_hub" - version = "1.0.4" + version = "1.0.5" authentication_method = "Service Principal" client_secret = "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx" diff --git a/modules/nva_into_new_vwan/README.md b/modules/nva_into_new_vwan/README.md index 736aa2a..4997749 100755 --- a/modules/nva_into_new_vwan/README.md +++ b/modules/nva_into_new_vwan/README.md @@ -24,7 +24,7 @@ provider "azurerm" { module "example_module" { source = "CheckPointSW/cloudguard-network-security/azure//modules/nva_into_new_vwan" - version = "1.0.4" + version = "1.0.5" authentication_method = "Service Principal" client_secret = "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx" diff --git a/modules/single_gateway_existing_vnet/README.md b/modules/single_gateway_existing_vnet/README.md index 286c527..64ba5e6 100755 --- a/modules/single_gateway_existing_vnet/README.md +++ b/modules/single_gateway_existing_vnet/README.md @@ -23,7 +23,7 @@ provider "azurerm" { module "example_module" { source = "CheckPointSW/cloudguard-network-security/azure//modules/single_gateway_existing_vnet" - version = "1.0.4" + version = "1.0.5" source_image_vhd_uri = "noCustomUri" resource_group_name = "checkpoint-single-gw-terraform" diff --git a/modules/single_gateway_new_vnet/README.md b/modules/single_gateway_new_vnet/README.md index 6b8e149..bc34f48 100755 --- a/modules/single_gateway_new_vnet/README.md +++ b/modules/single_gateway_new_vnet/README.md @@ -25,7 +25,7 @@ provider "azurerm" { module "example_module" { source = "CheckPointSW/cloudguard-network-security/azure//modules/single_gateway_new_vnet" - version = "1.0.4" + version = "1.0.5" source_image_vhd_uri = "noCustomUri" resource_group_name = "checkpoint-single-gw-terraform" diff --git a/modules/vmss_existing_vnet/README.md b/modules/vmss_existing_vnet/README.md index 6f05587..51987a5 100755 --- a/modules/vmss_existing_vnet/README.md +++ b/modules/vmss_existing_vnet/README.md @@ -24,7 +24,7 @@ provider "azurerm" { module "example_module" { source = "CheckPointSW/cloudguard-network-security/azure//modules/vmss_existing_vnet" - version = "1.0.4" + version = "1.0.5" subscription_id = "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx" source_image_vhd_uri = "noCustomUri" @@ -59,6 +59,9 @@ module "example_module" { backend_load_distribution = "Default" enable_custom_metrics = true enable_floating_ip = false + use_public_ip_prefix = false + create_public_ip_prefix = false + existing_public_ip_prefix_id = "" deployment_mode = "Standard" admin_shell = "/etc/cli.sh" serial_console_password_hash = "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx" @@ -79,6 +82,17 @@ module "example_module" { ``` enable_custom_metrics = true ``` +- To create new public IP prefix for the public IP: + ``` + use_public_ip_prefix = true + create_public_ip_prefix = true + ``` +- To use an existing public IP prefix for the public IP: + ``` + use_public_ip_prefix = true + create_public_ip_prefix = false + existing_public_ip_prefix_id = "public IP prefix resource id" + ``` ### Module's variables: @@ -119,6 +133,9 @@ module "example_module" { | **notification_email** | An email address to notify about scaling operations | string | Leave empty double quotes or enter a valid email address. | | **enable_custom_metrics** | Indicates whether Custom Metrics will be used for VMSS Scaling policy and VM monitoring | boolean | true;
false.
**Default:** true | | **enable_floating_ip** | Indicates whether the load balancers will be deployed with floating IP | boolean | true;
false.
**Default:** false | +| **use_public_ip_prefix** | Indicates whether the public IP resources will be deployed with public IP prefix. | boolean | true;
false;
**Default:** false | +| **create_public_ip_prefix** | Indicates whether the public IP prefix will be created or an existing one will be used. | boolean | true;
false;
**Default:** false | +| **existing_public_ip_prefix_id** | The existing public IP prefix resource ID. | string | Existing public IP prefix resource ID
**Default:** "" | | **deployment_mode** | Indicates which load balancer need to be deployed. External + Internal(Standard), only External, only Internal | string | Standard;
External;
Internal.
**Default:** "Standard" | | **admin_shell** | Enables to select different admin shells | string | /etc/cli.sh;
/bin/bash;
/bin/csh;
/bin/tcsh.
**Default:** "/etc/cli.sh" | | **serial_console_password_hash** | Optional parameter, used to enable serial console connection in case of SSH key as authentication type, to generate password hash use the command 'openssl passwd -6 PASSWORD' on Linux and paste it here | string | | diff --git a/modules/vmss_existing_vnet/main.tf b/modules/vmss_existing_vnet/main.tf index 4a7352f..14dac00 100755 --- a/modules/vmss_existing_vnet/main.tf +++ b/modules/vmss_existing_vnet/main.tf @@ -52,6 +52,14 @@ resource "random_id" "random_id" { } } +resource "azurerm_public_ip_prefix" "public_ip_prefix" { + count = var.use_public_ip_prefix && var.create_public_ip_prefix ? 1 : 0 + name = "${module.common.resource_group_name}-ipprefix" + location = module.common.resource_group_location + resource_group_name = module.common.resource_group_name + prefix_length = 30 +} + resource "azurerm_public_ip" "public-ip-lb" { count = var.deployment_mode != "Internal" ? 1 : 0 name = "${var.vmss_name}-app-1" @@ -60,6 +68,7 @@ resource "azurerm_public_ip" "public-ip-lb" { allocation_method = var.vnet_allocation_method sku = var.sku domain_name_label = "${lower(var.vmss_name)}-${random_id.random_id.hex}" + public_ip_prefix_id = var.use_public_ip_prefix ? (var.create_public_ip_prefix ? azurerm_public_ip_prefix.public_ip_prefix[0].id : var.existing_public_ip_prefix_id) : null } resource "azurerm_lb" "frontend-lb" { diff --git a/modules/vmss_existing_vnet/variables.tf b/modules/vmss_existing_vnet/variables.tf index 7192af1..7330cd3 100755 --- a/modules/vmss_existing_vnet/variables.tf +++ b/modules/vmss_existing_vnet/variables.tf @@ -368,6 +368,24 @@ variable "enable_floating_ip" { default = false } +variable "use_public_ip_prefix" { + description = "Indicates whether the public IP resources will be deployed with public IP prefix." + type = bool + default = false +} + +variable "create_public_ip_prefix" { + description = "Indicates whether the public IP prefix will created or an existing will be used." + type = bool + default = false +} + +variable "existing_public_ip_prefix_id" { + description = "The existing public IP prefix resource id." + type = string + default = "" +} + variable "nsg_id" { description = "NSG ID - Optional - if empty use default NSG" default = "" diff --git a/modules/vmss_new_vnet/README.md b/modules/vmss_new_vnet/README.md index 6a23897..8666171 100755 --- a/modules/vmss_new_vnet/README.md +++ b/modules/vmss_new_vnet/README.md @@ -29,7 +29,7 @@ provider "azurerm" { module "example_module" { source = "CheckPointSW/cloudguard-network-security/azure//modules/vmss_new_vnet" - version = "1.0.4" + version = "1.0.5" subscription_id = "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx" source_image_vhd_uri = "noCustomUri" @@ -63,6 +63,9 @@ module "example_module" { backend_load_distribution = "Default" enable_custom_metrics = true enable_floating_ip = false + use_public_ip_prefix = false + create_public_ip_prefix = false + existing_public_ip_prefix_id = "" deployment_mode = "Standard" admin_shell = "/etc/cli.sh" serial_console_password_hash = "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx" @@ -78,6 +81,17 @@ module "example_module" { ``` enable_custom_metrics = true ``` +- To create new public IP prefix for the public IP: + ``` + use_public_ip_prefix = true + create_public_ip_prefix = true + ``` +- To use an existing public IP prefix for the public IP: + ``` + use_public_ip_prefix = true + create_public_ip_prefix = false + existing_public_ip_prefix_id = "public IP prefix resource id" + ``` ## Deploy Without Public IP @@ -118,6 +132,9 @@ module "example_module" { | **notification_email** | An email address to notify about scaling operations | string | Leave empty double quotes or enter a valid email address
| | **enable_custom_metrics** | Indicates whether Custom Metrics will be used for VMSS Scaling policy and VM monitoring | boolean | true;
false;
| | **enable_floating_ip** | Indicates whether the load balancers will be deployed with floating IP | boolean | true;
false;
| +| **use_public_ip_prefix** | Indicates whether the public IP resources will be deployed with public IP prefix. | boolean | true;
false;
**Default:** false | +| **create_public_ip_prefix** | Indicates whether the public IP prefix will be created or an existing one will be used. | boolean | true;
false;
**Default:** false | +| **existing_public_ip_prefix_id** | The existing public IP prefix resource ID. | string | Existing public IP prefix resource ID
**Default:** "" | | **deployment_mode** | Indicates which load balancer needs to be deployed. External + Internal (Standard), only External, only Internal | string | Standard;
External;
Internal;
**Default:** "Standard" | | **admin_shell** | Enables selecting different admin shells | string | /etc/cli.sh;
/bin/bash;
/bin/csh;
/bin/tcsh;
**Default:** "/etc/cli.sh" | | **serial_console_password_hash** | Optional parameter, used to enable serial console connection in case of SSH key as authentication type | string | | diff --git a/modules/vmss_new_vnet/main.tf b/modules/vmss_new_vnet/main.tf index d365acc..76b226a 100755 --- a/modules/vmss_new_vnet/main.tf +++ b/modules/vmss_new_vnet/main.tf @@ -49,6 +49,14 @@ resource "random_id" "random_id" { } } +resource "azurerm_public_ip_prefix" "public_ip_prefix" { + count = var.use_public_ip_prefix && var.create_public_ip_prefix ? 1 : 0 + name = "${module.common.resource_group_name}-ipprefix" + location = module.common.resource_group_location + resource_group_name = module.common.resource_group_name + prefix_length = 30 +} + resource "azurerm_public_ip" "public-ip-lb" { count = var.deployment_mode != "Internal" ? 1 : 0 name = "${var.vmss_name}-app-1" @@ -57,6 +65,7 @@ resource "azurerm_public_ip" "public-ip-lb" { allocation_method = module.vnet.allocation_method sku = var.sku domain_name_label = "${lower(var.vmss_name)}-${random_id.random_id.hex}" + public_ip_prefix_id = var.use_public_ip_prefix ? (var.create_public_ip_prefix ? azurerm_public_ip_prefix.public_ip_prefix[0].id : var.existing_public_ip_prefix_id) : null } resource "azurerm_lb" "frontend-lb" { diff --git a/modules/vmss_new_vnet/variables.tf b/modules/vmss_new_vnet/variables.tf index 1ecda9d..d4277c8 100755 --- a/modules/vmss_new_vnet/variables.tf +++ b/modules/vmss_new_vnet/variables.tf @@ -357,6 +357,24 @@ variable "enable_floating_ip" { default = false } +variable "use_public_ip_prefix" { + description = "Indicates whether the public IP resources will be deployed with public IP prefix." + type = bool + default = false +} + +variable "create_public_ip_prefix" { + description = "Indicates whether the public IP prefix will created or an existing will be used." + type = bool + default = false +} + +variable "existing_public_ip_prefix_id" { + description = "The existing public IP prefix resource id." + type = string + default = "" +} + variable "subscription_id" { description = "Subscription ID" type = string