diff --git a/modules/nva_into_existing_hub/README.md b/modules/nva_into_existing_hub/README.md
index 6385b50..9b03a7b 100755
--- a/modules/nva_into_existing_hub/README.md
+++ b/modules/nva_into_existing_hub/README.md
@@ -43,6 +43,8 @@ module "example_module" {
admin-shell = "/etc/cli.sh"
sic-key = "xxxxxxxxxxxx"
admin_SSH_key = "ssh-rsa xxxxxxxxxxxxxxxxxxxxxxxx imported-openssh-key"
+ maintenance_mode_password_hash = "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"
+ serial_console_password_hash = "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"
bgp-asn = "64512"
custom-metrics = "yes"
routing-intent-internet-traffic = "yes"
@@ -83,6 +85,8 @@ module "example_module" {
| **admin_shell** | Enables to select different admin shells | string | /etc/cli.sh;
/bin/bash;
/bin/csh;
/bin/tcsh.
**Default:** "/etc/cli.sh" |
| **sic-key** | The Secure Internal Communication one time secret used to set up trust between the gateway object and the management server | string | Only alphanumeric characters are allowed, and the value must be 12-30 characters long. |
| **admin_SSH_key** | The public ssh key used for ssh connection to the NVA GW instances | string | ssh-rsa xxxxxxxxxxxxxxxxxxxxxxxx generated-by-azure. |
+| **serial_console_password_hash** | Optional parameter, used to enable serial console connection. In R81.10 and below, the serial console password is also used as the maintenance mode password. To generate password hash use the command `openssl passwd -6 PASSWORD` on Linux.
**Note:** In Azure Virtual Wan there is currently no serial console on the Network Virtual Appliance, the serial console password will be used as a maintenance mode password in R81.10 and below. | string | |
+| **maintenance_mode_password_hash** | Maintenance mode password hash, relevant only for R81.20 and higher versions. To generate a password hash, use the command `grub2-mkpasswd-pbkdf2` on Linux. | string | |
| **bgp-asn** | The BGP autonomous system number | string | 64512.
**Default:** "64512" |
| **custom-metrics** | Indicates whether CloudGuard Metrics will be use for gateway monitoring | string | yes;
no.
**Default:** "yes" |
| **routing-intent-internet-traffic** | Set routing intent policy to allow internet traffic through the new nva | string | yes;
no.
Please verify routing-intent is configured successfully post-deployment.
**Default:** "yes" |
diff --git a/modules/nva_into_existing_hub/main.tf b/modules/nva_into_existing_hub/main.tf
index 3173004..11e7f57 100755
--- a/modules/nva_into_existing_hub/main.tf
+++ b/modules/nva_into_existing_hub/main.tf
@@ -184,6 +184,12 @@ resource "azapi_resource" "managed-app" {
sshPublicKey = {
value = var.admin_SSH_key
},
+ MaintenanceModePasswordHash = {
+ value = var.maintenance_mode_password_hash
+ },
+ SerialConsolePasswordHash = {
+ value = var.serial_console_password_hash
+ },
BGP = {
value = var.bgp-asn
},
diff --git a/modules/nva_into_existing_hub/variables.tf b/modules/nva_into_existing_hub/variables.tf
index 81da3b9..597cc15 100755
--- a/modules/nva_into_existing_hub/variables.tf
+++ b/modules/nva_into_existing_hub/variables.tf
@@ -117,6 +117,16 @@ variable "admin_SSH_key" {
default = ""
}
+variable "serial_console_password_hash" {
+ description = "Optional parameter, used to enable serial console connection. In R81.10 and below, the serial console password is also used as the maintenance mode password."
+ type = string
+}
+
+variable "maintenance_mode_password_hash" {
+ description = "Maintenance mode password hash, relevant only for R81.20 and higher versions"
+ type = string
+}
+
variable "bgp-asn" {
type = string
default = "64512"
diff --git a/modules/nva_into_new_vwan/README.md b/modules/nva_into_new_vwan/README.md
index 000b656..be47b57 100755
--- a/modules/nva_into_new_vwan/README.md
+++ b/modules/nva_into_new_vwan/README.md
@@ -46,6 +46,8 @@ module "example_module" {
admin-shell = "/etc/cli.sh"
sic-key = "xxxxxxxxxxxx"
admin_SSH_key = "ssh-rsa xxxxxxxxxxxxxxxxxxxxxxxx imported-openssh-key"
+ maintenance_mode_password_hash = "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"
+ serial_console_password_hash = "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"
bgp-asn = "64512"
custom-metrics = "yes"
routing-intent-internet-traffic = "yes"
@@ -89,6 +91,8 @@ module "example_module" {
| **admin_shell** | Enables to select different admin shells | string | /etc/cli.sh;
/bin/bash;
/bin/csh;
/bin/tcsh.
**Default:** "/etc/cli.sh" |
| **sic-key** | The Secure Internal Communication one time secret used to set up trust between the gateway object and the management server | string | Only alphanumeric characters are allowed, and the value must be 12-30 characters long. |
| **admin_SSH_key** | The public ssh key used for ssh connection to the NVA GW instances | string | ssh-rsa xxxxxxxxxxxxxxxxxxxxxxxx generated-by-azure. |
+| **serial_console_password_hash** | Optional parameter, used to enable serial console connection. In R81.10 and below, the serial console password is also used as the maintenance mode password. To generate password hash use the command `openssl passwd -6 PASSWORD` on Linux.
**Note:** In Azure Virtual Wan there is currently no serial console on the Network Virtual Appliance, the serial console password will be used as a maintenance mode password in R81.10 and below. | string | |
+| **maintenance_mode_password_hash** | Maintenance mode password hash, relevant only for R81.20 and higher versions. To generate a password hash, use the command `grub2-mkpasswd-pbkdf2` on Linux. | string | |
| **bgp-asn** | The BGP autonomous system number | string | 64512.
**Default:** "64512" |
| **custom-metrics** | Indicates whether CloudGuard Metrics will be use for gateway monitoring | string | yes;
no.
**Default:** "yes" |
| **routing-intent-internet-traffic** | Set routing intent policy to allow internet traffic through the new nva | string | yes;
no.
Please verify routing-intent is configured successfully post-deployment.
**Default:** "yes" |
diff --git a/modules/nva_into_new_vwan/main.tf b/modules/nva_into_new_vwan/main.tf
index 70c65cc..f2d90f1 100755
--- a/modules/nva_into_new_vwan/main.tf
+++ b/modules/nva_into_new_vwan/main.tf
@@ -197,6 +197,12 @@ resource "azapi_resource" "managed-app" {
sshPublicKey = {
value = var.admin_SSH_key
},
+ MaintenanceModePasswordHash = {
+ value = var.maintenance_mode_password_hash
+ },
+ SerialConsolePasswordHash = {
+ value = var.serial_console_password_hash
+ },
BGP = {
value = var.bgp-asn
},
diff --git a/modules/nva_into_new_vwan/variables.tf b/modules/nva_into_new_vwan/variables.tf
index fc04896..0466e20 100755
--- a/modules/nva_into_new_vwan/variables.tf
+++ b/modules/nva_into_new_vwan/variables.tf
@@ -128,6 +128,16 @@ variable "admin_SSH_key" {
default = ""
}
+variable "serial_console_password_hash" {
+ description = "Optional parameter, used to enable serial console connection. In R81.10 and below, the serial console password is also used as the maintenance mode password."
+ type = string
+}
+
+variable "maintenance_mode_password_hash" {
+ description = "Maintenance mode password hash, relevant only for R81.20 and higher versions."
+ type = string
+}
+
variable "bgp-asn" {
type = string
default = "64512"
diff --git a/modules/vmss_existing_vnet/variables.tf b/modules/vmss_existing_vnet/variables.tf
index 8a2fcf7..9aa526c 100755
--- a/modules/vmss_existing_vnet/variables.tf
+++ b/modules/vmss_existing_vnet/variables.tf
@@ -289,7 +289,7 @@ variable "frontend_port" {
variable "backend_port" {
description = "Port that will be exposed to the external Load Balance"
type = string
- default = "8081"
+ default = "80"
}
variable "frontend_load_distribution" {
diff --git a/modules/vmss_new_vnet/variables.tf b/modules/vmss_new_vnet/variables.tf
index da6b93e..4a05217 100755
--- a/modules/vmss_new_vnet/variables.tf
+++ b/modules/vmss_new_vnet/variables.tf
@@ -278,7 +278,7 @@ variable "frontend_port" {
variable "backend_port" {
description = "Port that will be exposed to the external Load Balance"
type = string
- default = "8081"
+ default = "80"
}
variable "frontend_load_distribution" {