Support Center > Search Results > SecureKnowledge Details
AWS CloudFormation Templates
Solution

CloudFormation is an Amazon Web Services (AWS) service that enables modeling and setting up resources inside AWS in an automated fashion.

The table below lists CloudFormation templates provided and maintained by Check Point that simplify the deployment of Check Point security solutions in AWS.

You can use these templates as-is or as building blocks for customizing your own templates.

Notes:

  • You must accept the Software Terms of the relevant Check Point Product AMI in the AWS Marketplace at least once prior to launching the CloudFormation templates. It is not required to actually launch the instance from the Marketplace, but the agreement must be accepted from this location.

  • In Paris region (eu-west-3) only t2.xlarge & t2.2xlarge instance types are currently available.

  • The templates below are numbered for convenience and support purposes.

  • Some stacks may "roll back" automatically after 1 hour, with an error "WaitCondition timed out" If this happens, please check Internet access is working, either through AWS (Internet Gateway (IGW) assigned to the VPC, routetables with a default route and assigned to the relevant subnet(s), and Elastic IP (EIP) assigned, etc), or through another method like external proxy, or route to on-prem, for example. 

 

CloudGuard CloudFormation Deployment Options

Enter the string to filter this table:

# Description Notes Download Direct Launch
1 Security Gateway

Deploys and configures a Security Gateway.

To deploy the Security Gateway so that it will be automatically provisioned, refer to sk131434.

Creates a new VPC and deploys a Security Gateway into it.
2 Deploys a Security Gateway into an existing VPC.
3 Security Cluster

Deploys and configures two Security Gateways as a Cluster.

For more details, refer to sk104418.

Creates a new VPC and deploys a Cluster into it.
4 Deploys a Cluster into an existing VPC.
5 Security Gateway Auto Scaling

Deploys and configures the Security Gateways as an AWS Auto Scaling group.

For more details, refer to sk112575.

Deploys an Auto Scaling group of Security Gateways into an existing VPC.
6

Transit Gateway Auto Scaling Group

Deploys and configured the Security Gateways as an AWS Auto Scaling group configured for Transit Gateway.

For more details, refer to AWS Transit Gateway R80.10 and above Deployment Guide.

Creates a new VPC and deploys an Auto Scaling group of Security Gateways configured for Transit Gateway into it, and an optional, preconfigured Security Management Server to manage them.
 7 Deploys an Auto Scaling group of Security Gateways configured for Transit Gateway into an existing VPC, and an optional, preconfigured Security Management Server to manage them.
8 Security Transit VPC

Deploys two Security Gateways, each in a different Availability Zone, configured for Transit VPC.

For more details, refer to Transit VPC for AWS Deployment Guide.

Creates a new VPC and deploys two Check Point Gateways for a Transit VPC hub into it, and an optional, preconfigured Security Management Server to manage them.
9 Deploys two Check Point Gateways for a Transit VPC hub into an existing VPC, and an optional, preconfigured Security Management Server to manage them.
10 Creates a new VPC and deploys two Security Gateways into it.
11 Deploys two Security Gateways into an existing VPC.
12 Security Management Server

Deploys and configures a Security Management Server.

For more details, refer to sk130372.

Deploys a Security Management Server into an existing VPC.
13

Multi-Domain Security Management Server

Deploys and configures a Multi-Domain Security Management Server.

For more details, refer to sk143213.

Deploys a Multi-Domain Security Management Server into an existing VPC.
14 Security Management Server & Security Gateway (Standalone Deployment)

Deploys and configures Standalone or a manually configurable instance.

Supported only with R80.10.

Creates a new VPC and deploys a Standalone or a manually configurable instance into it.
15 Deploys a Standalone or a manually configurable instance into an existing VPC.

 

General

# Description Download Direct Launch
16 Create a IAM Role for Security Management Server

Creates a IAM role in your account preconfigured with permissions to manage resources.

For more details, refer to sk122074.

17 Current Check Point AMIs

A helper template that returns the latest Check Point AMIs in a given region.

 

Show/Hide templates for previous versions

Enter the string to filter this table:

# Description Notes Download Direct Launch
18 R77.30 Instance

Creates a new VPC and deploys an R77.30 instance.
This template does not run the First Time Configuration Wizard.

-
19 R77.30 Security Gateway

Deploys an externally managed R77.30 Security Gateway into an existing VPC. This template will run the First Time Configuration Wizard automatically and configure the machine as a Security Gateway.

-
20 R77.30 Security Management Server

Deploys an R77.30 Security Management Server / Multi-Domain Security Management Server.
This template will run the First Time Configuration Wizard automatically and configure the machine as a Security Management server.

User should connect to the machine and configure the Administrator and password for SmartDashboard GUI applications using the "cpconfig" command.
The "Password hash" input parameter that the user can provide in the template is only used for the Gaia Portal login.
21 R77.30 Security Gateways

Creates a new VPC and deploys two R77.30 Security Gateways in it.
Each Security Gateway is deployed in a different Availability Zone.
This template will run the First Time Configuration Wizard automatically and configure the machines as Security Gateways.

Refer to sk108281.
22 R80 Security Management Server

Deploys an R80 Security Management Server / Multi-Domain Security Management Server.
This template will run the First Time Configuration Wizard automatically and configure the machine as a Security Management Server.

The AWS marketplace listing for R80 is available only for customers that are already subscribed. New customers should use R80.10 listing. 
Applies To:
  • CloudFormation Templates are often called CFT by customers and partners.

Give us Feedback
Please rate this document
[1=Worst,5=Best]
Comment