Support Center > Search Results > SecureKnowledge Details
Using Custom Data to execute an initialization script when you launch your Check Point Security Gateway in Microsoft Azure
Solution

Introduction

It is now possible to create an initialization script that would be executed the first time you launch your Check Point Security Gateway instance in Microsoft Azure.
This initialization script can be used to set operating system configuration and to automate the Security Gateway's provisioning process.

Prerequisites

It is assumed that the reader is familiar with general Microsoft Azure concepts and services.

Overview

When you launch an instance in Microsoft Azure, you can optionally pass your own custom data to it. The Check Point Security Gateway treats this data as an initialization script. This script can be used to modify operating system settings, as well as to replace the First Time Configuration Wizard configuration process.

Note: If no custom data is supplied at boot time, the machine will boot normally and you would need to complete its configuration manually.

 

Known Limitations

  • This feature is available starting from R77.30.

Configuration Flow

When the Check Point Security Gateway launches for the first time, it fetches the custom data from Microsoft Azure.

The Security Gateway saves the custom data to a temporary script file and then executes it. The output of the script is redirected to /var/log/cloud-user-data file.

Note: The script would only be executed when the instance boots for the first time.

 

Setup

Create your own initialization script to be executed when the instance first launches.

You can use the following script as an example:

#!/bin/bash

clish -c 'set hostname HOSTNAME' -s

config_system -s 'install_security_gw=true&install_ppak=true&install_security_managment=false&ipstat_v6=off&ftw_sic_key=SIC_KEY'

shutdown -r now

Where:

Variable Usage
HOSTNAME The host name.
SIC_KEY Secure Internal communication key - a one-time key used to set up trust with Security Management Server.

This script:

  • Sets the host name
  • Uses the config_system utility to automate the First Time Configuration Wizard process
  • Reboots the instance to complete the installation

Pass the script to Microsoft Azure, when you launch the instance, as explained in Custom Data and Cloud-Init on Microsoft Azure article.


Additional Information and Resources

 

Troubleshooting:

The output of the script is saved to the /var/log/cloud-user-data file.

Give us Feedback
Please rate this document
[1=Worst,5=Best]
Comment