CloudFormation is an Amazon Web Services (AWS) service that enables modeling and setting up resources inside AWS in an automated fashion.

The table below lists CloudFormation templates provided and maintained by Check Point that simplify the deployment of Check Point security solutions in AWS.

You can use these templates as-is or as building blocks for customizing your own templates.

Notes:

• You must accept the Software Terms of the relevant Check Point Product AMI in the AWS Marketplace at least once prior to launching the CloudFormation templates. It is not required to actually launch the instance from the Marketplace, but the agreement must be accepted from this location.

• Some stacks may "roll back" automatically after 1 hour, with an error "WaitCondition timed out" If this happens, please check Internet access is working, either through AWS (Internet Gateway (IGW) assigned to the VPC, routetables with a default route and assigned to the relevant subnet(s), and Elastic IP (EIP) assigned, etc), or through another method like external proxy, or route to on-prem, for example. 
  
   

Table of Contents

• Gateway Load Balancer (GWLB) Auto Scaling Group
• Security Gateway
• Security Cluster
• Security Gateway Auto Scaling
• Transit Gateway Auto Scaling Group
• Transit Gateway Cross Availability Zone Cluster
• Cross Availability Zone Cluster
• Security Management Server
• Multi-Domain Management Server
• Security Management Server & Security Gateway (Standalone Deployment)
• CloudGuard AppSec 
• CloudGuard AppSec Auto Scaling Group
• General

Gateway Load Balancer (GWLB) Auto Scaling Group

Description	Notes	Version	CloudFormation Templat Download	Direct Launch
Deploys and configures an AWS Auto Scaling group configured for Gateway Load Balancer in a Centralized Security VPC. For more details, refer to CloudGuard Network for AWS Centralized Gateway Load Balancer R80.40 Deployment Guide	Creates a new VPC and deploys into it a Gateway Load Balancer, Check Point CloudGuard IaaS Security Gateway Auto Scaling Group, and optionally a Security Management Server.	R80.40
Deploys and configures an AWS Auto Scaling group configured for Gateway Load Balancer in a Centralized Security VPC for Transit Gateway. For more details, refer to CloudGuard Network for AWS Gateway Load Balancer Security VPC for Transit Gateway R80.40 Deployment Guide	Creates a new VPC and deploys into it a Gateway Load Balancer, Check Point CloudGuard IaaS Security Gateway Auto Scaling Group, and optionally a Security Management Server, Gateway Load Balancer Endpoints and NAT Gateways for each AZ, for Transit Gateway.	R80.40

Security Gateway

Description	Notes	Version	Terraform link	CloudFormation Template Download	Direct Launch
Deploys and configures a Security Gateway. To deploy the Security Gateway so that it will be automatically provisioned, refer to sk131434.	Creates a new VPC and deploys a Security Gateway into it.	R80.40 and higher
	Deploys a Security Gateway into an existing VPC.	R80.40 and higher

 

Security Cluster

Description	Notes	Version	Terraform link	CloudFormation Template  Download	Direct Launch
Deploys and configures two Security Gateways as a Cluster. For more details, refer to the CloudGuard Network for AWS Security Cluster R80.20 and Higher Deployment Guide.	Creates a new VPC and deploys a Cluster into it.	R80.40 and higher
	Deploys a Cluster into an existing VPC.	R80.40 and higher

 

Security Gateway Auto Scaling

Description	Notes	Version	Terraform link	CloudFormation Template Download	Direct Launch
Deploys and configures the Security Gateways as an AWS Auto Scaling group. For more details, refer to the CloudGuard Network Auto Scaling for AWS R80.20 and Higher Deployment Guide.	Deploys an Auto Scaling group of Security Gateways into an existing VPC.	R80.40 and higher

 

Transit Gateway Auto Scaling Group

Description	Notes	Version	Terraform link	CloudFormation Template Download	Direct Launch
Deploys and configured the Security Gateways as an AWS Auto Scaling group configured for Transit Gateway. For more details, refer to AWS Transit Gateway R80.10 and above Deployment Guide.	Creates a new VPC and deploys an Auto Scaling group of Security Gateways configured for Transit Gateway into it, and an optional, preconfigured Security Management Server to manage them.	R80.40 and higher
	Deploys an Auto Scaling group of Security Gateways configured for Transit Gateway into an existing VPC, and an optional, preconfigured Security Management Server to manage them.	R80.40 and higher

Transit Gateway Cross Availability Zone Cluster

Description	Notes	Version	CloudFormation Template Download	Direct Launch
Deploys two Security Gateways, each in a different Availability Zone, configured for Transit Gateway. For more details, refer to CloudGuard Transit Gateway High Availability for AWS R80.40 Administration Guide	Creates a new VPC and deploys a Cross Availability Zone Cluster of Security Gateways configured for Transit Gateway into it.	R80.40 and higher
	Deploys a Cross Availability Zone Cluster of Security Gateways configured for Transit Gateway into an existing VPC.	R80.40 and higher

Cross Availability Zone Cluster

Description	Notes	Version	CloudFormation Template Download	Direct Launch
Deploys two Security Gateways, each in a different Availability Zone. For more details, refer to CloudGuard Transit Gateway High Availability for AWS R80.40 Administration Guide	Creates a new VPC and deploys a Cross Availability Zone Cluster of Security Gateways into it.	R80.40 and higher
	Deploys a Cross Availability Zone Cluster of Security Gateways into an existing VPC.	R80.40 and higher

Security Management Server

Description	Notes	Version	Terraform link	CloudFormation Template  Download	Direct Launch
Deploys and configures a Security Management Server. For more details, refer to sk130372.	Deploys a Security Management Server into an existing VPC.	R80.40 and higher

 

Multi-Domain Management Server

Description	Notes	Version	Terraform link	CloudFormation Template  Download	Direct Launch
Deploys and configures a Multi-Domain Security Management Server. For more details, refer to sk143213.	Deploys a Multi-Domain Security Management Server into an existing VPC.	R80.40 and higher

Security Management Server & Security Gateway (Standalone Deployment)

Description	Notes	Version	Terraform link	CloudFormation Template  Download	Direct Launch
Deploys and configures Standalone or a manually configurable instance.	Creates a new VPC and deploys a Standalone or a manually configurable instance into it.	R80.40 and higher
	Deploys a Standalone or a manually configurable instance into an existing VPC.	R80.40 and higher

CloudGuard AppSec

Description	Notes	CloudFormation Template  Download	Direct Launch
Deploys and configures a CloudGuard Infinity Next Gateway	Creates a new VPC and deploys a CloudGuard Infinity Next Gateway into it.
	Deploys a CloudGuard Infinity Next Gateway into an existing VPC.

CloudGuard AppSec Auto Scaling Group

Description	Notes	CloudFormation Template  Download	Direct Launch
Deploys and configures a CloudGuard Infinity Next Gateway as an AWS Auto Scaling Group	Creates a new VPC and deploys the Auto Scaling Group into it.
	Deploys the Auto Scaling Group into an existing VPC.

General

Description	CloudFormation Template  Download	Terraform link	Direct Launch
Create a IAM Role for Security Management Server Creates a IAM role in your account preconfigured with permissions to manage resources. For more details, refer to sk122074.
Current Check Point AMIs A helper template that returns the latest Check Point AMIs in a given region.

CloudFormation templates for previous versions can be found in CloudGuard Network Security GitHub repository:

1. R80.30 CloudFormation templates

2. R77.30, R80 CloudFormation templates

Notes:

• CloudFormation Templates are often called CFT by customers and partners.
  
  
• Check Point Default version widely recommended for all deployment is R81.10 with the latest Jumbo Hotfix Accumulator GA Take. R81.10 is initially recommended for customers who are interested in implementing the new features described at the formal announcement.