It is now possible to create an initialization script that would be executed the first time you launch your Check Point Security Gateway instance in Microsoft Azure.
This initialization script can be used to set operating system configuration and to automate the Security Gateway's provisioning process.
It is assumed that the reader is familiar with general Microsoft Azure concepts and services.
When you launch an instance in Microsoft Azure, you can optionally pass your own custom data to it. The Check Point Security Gateway treats this data as an initialization script. This script can be used to modify operating system settings, as well as to replace the First Time Configuration Wizard configuration process.
Note: If no custom data is supplied at boot time, the machine will boot normally and you would need to complete its configuration manually.
- This feature is available starting from R77.30.
When the Check Point Security Gateway launches for the first time, it fetches the custom data from Microsoft Azure.
The Security Gateway saves the custom data to a temporary script file and then executes it. The output of the script is redirected to /var/log/cloud-user-data file.
Note: The script would only be executed when the instance boots for the first time.
Create your own initialization script to be executed when the instance first launches.
You can use the following script as an example:
clish -c 'set hostname HOSTNAME' -s
config_system -s 'install_security_gw=true&install_ppak=true&install_security_managment=false&ipstat_v6=off&ftw_sic_key=SIC_KEY'
shutdown -r now
- Sets the host name
- Uses the config_system utility to automate the First Time Configuration Wizard process
- Reboots the instance to complete the installation
Pass the script to Microsoft Azure, when you launch the instance, as explained in Custom Data and Cloud-Init on Microsoft Azure article.
Additional Information and Resources
The output of the script is saved to the /var/log/cloud-user-data file.
This solution is about products that are no longer supported and it will not be updated