Using Custom Data to execute an initialization script when you launch your Check Point Security Gateway in Microsoft Azure

Support Center > Search Results > SecureKnowledge Details

Technical Level

Solution ID	sk105242
Technical Level
Product	vSEC for Azure
Version	R77.30 (EOL)
OS	Gaia
Platform / Model	Azure
Date Created	16-Mar-2015
Last Modified	29-Jul-2018

Solution

Introduction

It is now possible to create an initialization script that would be executed the first time you launch your Check Point Security Gateway instance in Microsoft Azure.
This initialization script can be used to set operating system configuration and to automate the Security Gateway's provisioning process.

Prerequisites

It is assumed that the reader is familiar with general Microsoft Azure concepts and services.

Overview

When you launch an instance in Microsoft Azure, you can optionally pass your own custom data to it. The Check Point Security Gateway treats this data as an initialization script. This script can be used to modify operating system settings, as well as to replace the First Time Configuration Wizard configuration process.

Note: If no custom data is supplied at boot time, the machine will boot normally and you would need to complete its configuration manually.

Known Limitations

This feature is available starting from R77.30.

Configuration Flow

When the Check Point Security Gateway launches for the first time, it fetches the custom data from Microsoft Azure.

The Security Gateway saves the custom data to a temporary script file and then executes it. The output of the script is redirected to /var/log/cloud-user-data file.

Note: The script would only be executed when the instance boots for the first time.

Setup

Create your own initialization script to be executed when the instance first launches.

You can use the following script as an example:

#!/bin/bash

clish -c 'set hostname HOSTNAME' -s

config_system -s 'install_security_gw=true&install_ppak=true&install_security_managment=false&ipstat_v6=off&ftw_sic_key=SIC_KEY'

shutdown -r now

Where:

Variable	Usage
`HOSTNAME`	The host name.
`SIC_KEY`	Secure Internal communication key - a one-time key used to set up trust with Security Management Server.

This script:

Sets the host name
Uses the config_system utility to automate the First Time Configuration Wizard process
Reboots the instance to complete the installation

Pass the script to Microsoft Azure, when you launch the instance, as explained in Custom Data and Cloud-Init on Microsoft Azure article.

Additional Information and Resources

Custom Data in Microsoft Azure: http://azure.microsoft.com/blog/2014/04/21/custom-data-and-cloud-init-on-windows-azure
sk69701 - How to run the First Time Configuration Wizard through CLI in Gaia
Examples on how to use this in PowerShell and in ARM templates: (Check Point templates are now available as marketplace solution templates.)

Troubleshooting:

The output of the script is saved to the /var/log/cloud-user-data file.

This solution is about products that are no longer supported and it will not be updated

Give us Feedback

Please rate this document

[1=Worst,5=Best]

Comment
	Submitting rating