AWS CloudFormation Templates

Support Center > Search Results > SecureKnowledge Details

Technical Level

Solution ID	sk111013
Technical Level
Product	CloudGuard for AWS
Version	R77.30, R80.10, R80.20, R80.30, R80.40, R81
OS	Gaia
Platform / Model	AWS
Date Created	14-Apr-2016
Last Modified	30-Nov-2020

Solution

CloudFormation is an Amazon Web Services (AWS) service that enables modeling and setting up resources inside AWS in an automated fashion.

The table below lists CloudFormation templates provided and maintained by Check Point that simplify the deployment of Check Point security solutions in AWS.

You can use these templates as-is or as building blocks for customizing your own templates.

Notes:

You must accept the Software Terms of the relevant Check Point Product AMI in the AWS Marketplace at least once prior to launching the CloudFormation templates. It is not required to actually launch the instance from the Marketplace, but the agreement must be accepted from this location.
Some stacks may "roll back" automatically after 1 hour, with an error "WaitCondition timed out" If this happens, please check Internet access is working, either through AWS (Internet Gateway (IGW) assigned to the VPC, routetables with a default route and assigned to the relevant subnet(s), and Elastic IP (EIP) assigned, etc), or through another method like external proxy, or route to on-prem, for example.

Table of Contents

Security Gateway
Security Cluster
Security Gateway Auto Scaling
Transit Gateway Auto Scaling Group
Security Transit VPC
Transit Gateway Cross Availability Zone Cluster
Cross Availability Zone Cluster
Security Management Server
Multi-Domain Management Server
Security Management Server & Security Gateway (Standalone Deployment)
Gateway Load Balancer (GWLB) Auto Scaling Group
CloudGuard Infinity Next Gateway
General

Security Gateway

Description	Notes	Version	Download	Direct Launch
Deploys and configures a Security Gateway. To deploy the Security Gateway so that it will be automatically provisioned, refer to sk131434.	Creates a new VPC and deploys a Security Gateway into it.	R80.40 and higher
	Creates a new VPC and deploys a Security Gateway into it.	R80.30
	Deploys a Security Gateway into an existing VPC.	R80.40 and higher
	Deploys a Security Gateway into an existing VPC.	R80.30

Security Cluster

Description	Notes	Version	Download	Direct Launch
Deploys and configures two Security Gateways as a Cluster. For more details, refer to sk104418.	Creates a new VPC and deploys a Cluster into it.	R80.40 and higher
	Creates a new VPC and deploys a Cluster into it.	R80.30
	Deploys a Cluster into an existing VPC.	R80.40 and higher
	Deploys a Cluster into an existing VPC.	R80.30

Security Gateway Auto Scaling

Description	Notes	Version	Download	Direct Launch
Deploys and configures the Security Gateways as an AWS Auto Scaling group. For more details, refer to sk112575.	Deploys an Auto Scaling group of Security Gateways into an existing VPC.	R80.40 and higher
		R80.30

Transit Gateway Auto Scaling Group

Description	Notes	Version	Download	Direct Launch
Deploys and configured the Security Gateways as an AWS Auto Scaling group configured for Transit Gateway. For more details, refer to AWS Transit Gateway R80.10 and above Deployment Guide.	Creates a new VPC and deploys an Auto Scaling group of Security Gateways configured for Transit Gateway into it, and an optional, preconfigured Security Management Server to manage them.	R80.40 and higher
		R80.30
	Deploys an Auto Scaling group of Security Gateways configured for Transit Gateway into an existing VPC, and an optional, preconfigured Security Management Server to manage them.	R80.40 and higher
		R80.30

Security Transit VPC

Description	Notes	Version	Download	Direct Launch
Deploys two Security Gateways, each in a different Availability Zone, configured for Transit VPC. For more details, refer to Transit VPC for AWS Deployment Guide.	Creates a new VPC and deploys two Check Point Gateways for a Transit VPC hub into it, and an optional, preconfigured Security Management Server to manage them.	R80.30
	Deploys two Check Point Gateways for a Transit VPC hub into an existing VPC, and an optional, preconfigured Security Management Server to manage them.
	Creates a new VPC and deploys two Security Gateways into it.
	Deploys two Security Gateways into an existing VPC.

Transit Gateway Cross Availability Zone Cluster

Description

Notes

Version

Download

Direct Launch

Deploys two Security Gateways, each in a different Availability Zone, configured for Transit Gateway.

For more details, refer to CloudGuard Transit Gateway High Availability for AWS R80.40 Administration Guide

Creates a new VPC and deploys a Cross Availability Zone Cluster of Security Gateways configured for Transit Gateway into it.

R80.40 and higher

Deploys a Cross Availability Zone Cluster of Security Gateways configured for Transit Gateway into an existing VPC.

R80.40 and higher

Cross Availability Zone Cluster

Description	Notes	Version	Download	Direct Launch
Deploys two Security Gateways, each in a different Availability Zone. For more details, refer to CloudGuard Transit Gateway High Availability for AWS R80.40 Administration Guide	Creates a new VPC and deploys a Cross Availability Zone Cluster of Security Gateways into it.	R80.40 and higher
	Deploys a Cross Availability Zone Cluster of Security Gateways into an existing VPC.	R80.40 and higher

Security Management Server

Description	Notes	Version	Download	Direct Launch
Deploys and configures a Security Management Server. For more details, refer to sk130372.	Deploys a Security Management Server into an existing VPC.	R80.40 and higher
	Deploys a Security Management Server into an existing VPC.	R80.30

Multi-Domain Management Server

Description	Notes	Version	Download	Direct Launch
Deploys and configures a Multi-Domain Security Management Server. For more details, refer to sk143213.	Deploys a Multi-Domain Security Management Server into an existing VPC.	R80.40 and higher
		R80.30

Security Management Server & Security Gateway (Standalone Deployment)

Description	Notes	Version	Download	Direct Launch
Deploys and configures Standalone or a manually configurable instance.	Creates a new VPC and deploys a Standalone or a manually configurable instance into it.	R80.40 and higher
	Deploys a Standalone or a manually configurable instance into an existing VPC.	R80.40 and higher

Gateway Load Balancer (GWLB) Auto Scaling Group

Description	Notes	Version	Download	Direct Launch
Deploys and configures an AWS Auto Scaling group configured for Gateway Load Balancer.	Creates a new VPC and deploys a GWLB, an Auto Scaling Group and an optional Security Management Server into it.	R80.40 and higher	To get the Check Point AWS Gateway Load Balancer (GWLB) solution, contact Check Point local office, or Check Point Support.

CloudGuard Infinity Next Gateway

Description	Notes	Download	Direct Launch
Deploys and configures a CloudGuard Infinity Next Gateway	Creates a new VPC and deploys a CloudGuard Infinity Next Gateway into it.
Deploys and configures a CloudGuard Infinity Next Gateway	Deploys a CloudGuard Infinity Next Gateway into an existing VPC.

General

Description

Download

Direct Launch

Create a IAM Role for Security Management Server

Creates a IAM role in your account preconfigured with permissions to manage resources.

For more details, refer to sk122074.

Current Check Point AMIs

A helper template that returns the latest Check Point AMIs in a given region.

Show/Hide templates for previous versions

Enter the string to filter this table:

Description	Notes	Download	Direct Launch
R77.30 Instance Creates a new VPC and deploys an R77.30 instance. This template does not run the First Time Configuration Wizard.	-
R77.30 Security Gateway Deploys an externally managed R77.30 Security Gateway into an existing VPC. This template will run the First Time Configuration Wizard automatically and configure the machine as a Security Gateway.	-
R77.30 Security Management Server Deploys an R77.30 Security Management Server / Multi-Domain Security Management Server. This template will run the First Time Configuration Wizard automatically and configure the machine as a Security Management server.	User should connect to the machine and configure the Administrator and password for SmartDashboard GUI applications using the "`cpconfig`" command. The "`Password hash`" input parameter that the user can provide in the template is only used for the Gaia Portal login.
R77.30 Security Gateways Creates a new VPC and deploys two R77.30 Security Gateways in it. Each Security Gateway is deployed in a different Availability Zone. This template will run the First Time Configuration Wizard automatically and configure the machines as Security Gateways.	Refer to sk108281.
R80 Security Management Server Deploys an R80 Security Management Server / Multi-Domain Security Management Server. This template will run the First Time Configuration Wizard automatically and configure the machine as a Security Management Server.	The AWS marketplace listing for R80 is available only for customers that are already subscribed. New customers should use R80.10 listing.

CloudFormation Templates are often called CFT by customers and partners.
Check Point Default version widely recommended for all deployment is R80.40 Take 294 with the latest Jumbo Hotfix Accumulator GA Take. R80.40 is initially recommended for customers who are interested in implementing the new features described at the formal announcement.

Give us Feedback

Please rate this document

[1=Worst,5=Best]

Comment
	Submitting rating