CloudFormation is an Amazon Web Services (AWS) service that enables modeling and setting up resources inside AWS in an automated fashion.

The table below lists CloudFormation templates provided and maintained by Check Point that simplify the deployment of Check Point security solutions in AWS.

You can use these templates as-is or as building blocks for customizing your own templates.

Notes:

• You must accept the Software Terms of the relevant Check Point Product AMI in the AWS Marketplace at least once prior to launching the CloudFormation templates. It is not required to actually launch the instance from the Marketplace, but the agreement must be accepted from this location.

• Some stacks may "roll back" automatically after 1 hour, with an error "WaitCondition timed out" If this happens, please check Internet access is working, either through AWS (Internet Gateway (IGW) assigned to the VPC, routetables with a default route and assigned to the relevant subnet(s), and Elastic IP (EIP) assigned, etc), or through another method like external proxy, or route to on-prem, for example. 
  
   

Table of Contents

• Security Gateway
• Security Cluster
• Security Gateway Auto Scaling
• Transit Gateway Auto Scaling Group
• Security Transit VPC
• Transit Gateway Cross Availability Zone Cluster
• Cross Availability Zone Cluster
• Security Management Server
• Multi-Domain Management Server
• Security Management Server & Security Gateway (Standalone Deployment)
• Gateway Load Balancer (GWLB) Auto Scaling Group
• CloudGuard Infinity Next Gateway
• General

Security Gateway

Description	Notes	Version	Download	Direct Launch
Deploys and configures a Security Gateway. To deploy the Security Gateway so that it will be automatically provisioned, refer to sk131434.	Creates a new VPC and deploys a Security Gateway into it.	R80.40 and higher
		R80.30
	Deploys a Security Gateway into an existing VPC.	R80.40 and higher
		R80.30

 

Security Cluster

Description	Notes	Version	Download	Direct Launch
Deploys and configures two Security Gateways as a Cluster. For more details, refer to sk104418.	Creates a new VPC and deploys a Cluster into it.	R80.40 and higher
		R80.30
	Deploys a Cluster into an existing VPC.	R80.40 and higher
		R80.30

 

Security Gateway Auto Scaling

Description	Notes	Version	Download	Direct Launch
Deploys and configures the Security Gateways as an AWS Auto Scaling group. For more details, refer to sk112575.	Deploys an Auto Scaling group of Security Gateways into an existing VPC.	R80.40 and higher
		R80.30

 

Transit Gateway Auto Scaling Group

Description	Notes	Version	Download	Direct Launch
Deploys and configured the Security Gateways as an AWS Auto Scaling group configured for Transit Gateway. For more details, refer to AWS Transit Gateway R80.10 and above Deployment Guide.	Creates a new VPC and deploys an Auto Scaling group of Security Gateways configured for Transit Gateway into it, and an optional, preconfigured Security Management Server to manage them.	R80.40 and higher
		R80.30
	Deploys an Auto Scaling group of Security Gateways configured for Transit Gateway into an existing VPC, and an optional, preconfigured Security Management Server to manage them.	R80.40 and higher
		R80.30

 

Security Transit VPC

Description	Notes	Version	Download	Direct Launch
Deploys two Security Gateways, each in a different Availability Zone, configured for Transit VPC. For more details, refer to Transit VPC for AWS Deployment Guide.	Creates a new VPC and deploys two Check Point Gateways for a Transit VPC hub into it, and an optional, preconfigured Security Management Server to manage them.	R80.30
	Deploys two Check Point Gateways for a Transit VPC hub into an existing VPC, and an optional, preconfigured Security Management Server to manage them.
	Creates a new VPC and deploys two Security Gateways into it.
	Deploys two Security Gateways into an existing VPC.

Transit Gateway Cross Availability Zone Cluster

Description	Notes	Version	Download	Direct Launch
Deploys two Security Gateways, each in a different Availability Zone, configured for Transit Gateway. For more details, refer to CloudGuard Transit Gateway High Availability for AWS R80.40 Administration Guide	Creates a new VPC and deploys a Cross Availability Zone Cluster of Security Gateways configured for Transit Gateway into it.	R80.40 and higher
	Deploys a Cross Availability Zone Cluster of Security Gateways configured for Transit Gateway into an existing VPC.	R80.40 and higher

Cross Availability Zone Cluster

Description	Notes	Version	Download	Direct Launch
Deploys two Security Gateways, each in a different Availability Zone. For more details, refer to CloudGuard Transit Gateway High Availability for AWS R80.40 Administration Guide	Creates a new VPC and deploys a Cross Availability Zone Cluster of Security Gateways into it.	R80.40 and higher
	Deploys a Cross Availability Zone Cluster of Security Gateways into an existing VPC.	R80.40 and higher

Security Management Server

Description	Notes	Version	Download	Direct Launch
Deploys and configures a Security Management Server. For more details, refer to sk130372.	Deploys a Security Management Server into an existing VPC.	R80.40 and higher
		R80.30

 

Multi-Domain Management Server

Description	Notes	Version	Download	Direct Launch
Deploys and configures a Multi-Domain Security Management Server. For more details, refer to sk143213.	Deploys a Multi-Domain Security Management Server into an existing VPC.	R80.40 and higher
		R80.30

Security Management Server & Security Gateway (Standalone Deployment)

Description	Notes	Version	Download	Direct Launch
Deploys and configures Standalone or a manually configurable instance.	Creates a new VPC and deploys a Standalone or a manually configurable instance into it.	R80.40 and higher
	Deploys a Standalone or a manually configurable instance into an existing VPC.	R80.40 and higher

Gateway Load Balancer (GWLB) Auto Scaling Group

Description	Notes	Version	Download	Direct Launch
Deploys and configures an AWS Auto Scaling group configured for Gateway Load Balancer in a Centralized Security VPC. For more details, refer to CloudGuard Network for AWS Centralized Gateway Load Balancer R80.40 Deployment Guide	Creates a new VPC and deploys into it a Gateway Load Balancer, Check Point CloudGuard IaaS Security Gateway Auto Scaling Group, and optionally a Security Management Server.	R80.40
Deploys and configures an AWS Auto Scaling group configured for Gateway Load Balancer in a Centralized Security VPC for Transit Gateway. For more details, refer to CloudGuard Network for AWS Gateway Load Balancer Security VPC for Transit Gateway R80.40 Deployment Guide	Creates a new VPC and deploys into it a Gateway Load Balancer, Check Point CloudGuard IaaS Security Gateway Auto Scaling Group, and optionally a Security Management Server, Gateway Load Balancer Endpoints and NAT Gateways for each AZ, for Transit Gateway.	R80.40

CloudGuard Infinity Next Gateway

Description	Notes	Download	Direct Launch
Deploys and configures a CloudGuard Infinity Next Gateway	Creates a new VPC and deploys a CloudGuard Infinity Next Gateway into it.
	Deploys a CloudGuard Infinity Next Gateway into an existing VPC.

General

Description	Download	Direct Launch
Create a IAM Role for Security Management Server Creates a IAM role in your account preconfigured with permissions to manage resources. For more details, refer to sk122074.
Current Check Point AMIs A helper template that returns the latest Check Point AMIs in a given region.

• CloudFormation Templates are often called CFT by customers and partners.
  
  
• Check Point Default version widely recommended for all deployment is R80.40 Take 294 with the latest Jumbo Hotfix Accumulator GA Take. R80.40 is initially recommended for customers who are interested in implementing the new features described at the formal announcement.