feat(VSECPC-12276): Add Support to AWS R82.10 version (#531)

chkp-natanelm · chkp-yizhako · web-flow · commit df30c60ec9fb · 2026-01-06T08:30:08.000+02:00
Co-authored-by: yizhako &lt;yizhako@checkpoint.com&gt;
diff --git a/aws/templates/asg/autoscale-master.yaml b/aws/templates/asg/autoscale-master.yaml
@@ -506,6 +506,9 @@ Parameters:
       - R82-BYOL
       - R82-PAYG-NGTP
       - R82-PAYG-NGTX
+      - R82.10-BYOL
+      - R82.10-PAYG-NGTP
+      - R82.10-PAYG-NGTX
   Shell:
     Description: Change the admin shell to enable advanced command line configuration.
     Type: String
diff --git a/aws/templates/asg/autoscale.yaml b/aws/templates/asg/autoscale.yaml
@@ -419,6 +419,9 @@ Parameters:
       - R82-BYOL
       - R82-PAYG-NGTP
       - R82-PAYG-NGTX
+      - R82.10-BYOL
+      - R82.10-PAYG-NGTP
+      - R82.10-PAYG-NGTX
   Shell:
     Description: Change the admin shell to enable advanced command line configuration.
     Type: String
diff --git a/aws/templates/cluster/cluster-master.yaml b/aws/templates/cluster/cluster-master.yaml
@@ -423,6 +423,9 @@ Parameters:
       - R82-BYOL
       - R82-PAYG-NGTP
       - R82-PAYG-NGTX
+      - R82.10-BYOL
+      - R82.10-PAYG-NGTP
+      - R82.10-PAYG-NGTX
   Shell:
     Description: Change the admin shell to enable advanced command line configuration.
     Type: String
diff --git a/aws/templates/cluster/cluster.yaml b/aws/templates/cluster/cluster.yaml
@@ -418,6 +418,9 @@ Parameters:
       - R82-BYOL
       - R82-PAYG-NGTP
       - R82-PAYG-NGTX
+      - R82.10-BYOL
+      - R82.10-PAYG-NGTP
+      - R82.10-PAYG-NGTX
   Shell:
     Description: Change the admin shell to enable advanced command line configuration.
     Type: String
diff --git a/aws/templates/cross-az-cluster/cross-az-cluster-master.yaml b/aws/templates/cross-az-cluster/cross-az-cluster-master.yaml
@@ -428,6 +428,9 @@ Parameters:
       - R82-BYOL
       - R82-PAYG-NGTP
       - R82-PAYG-NGTX
+      - R82.10-BYOL
+      - R82.10-PAYG-NGTP
+      - R82.10-PAYG-NGTX
   Shell:
     Description: Change the admin shell to enable advanced command line configuration.
     Type: String
diff --git a/aws/templates/cross-az-cluster/cross-az-cluster.yaml b/aws/templates/cross-az-cluster/cross-az-cluster.yaml
@@ -433,6 +433,9 @@ Parameters:
       - R82-BYOL
       - R82-PAYG-NGTP
       - R82-PAYG-NGTX
+      - R82.10-BYOL
+      - R82.10-PAYG-NGTP
+      - R82.10-PAYG-NGTX
   Shell:
     Description: Change the admin shell to enable advanced command line configuration.
     Type: String
diff --git a/aws/templates/geo-cluster/geo-cluster-master.yaml b/aws/templates/geo-cluster/geo-cluster-master.yaml
@@ -440,6 +440,9 @@ Parameters:
       - R82-BYOL
       - R82-PAYG-NGTP
       - R82-PAYG-NGTX
+      - R82.10-BYOL
+      - R82.10-PAYG-NGTP
+      - R82.10-PAYG-NGTX
   Shell:
     Description: Change the admin shell to enable advanced command line configuration.
     Type: String
diff --git a/aws/templates/geo-cluster/geo-cluster.yaml b/aws/templates/geo-cluster/geo-cluster.yaml
@@ -434,6 +434,9 @@ Parameters:
       - R82-BYOL
       - R82-PAYG-NGTP
       - R82-PAYG-NGTX
+      - R82.10-BYOL
+      - R82.10-PAYG-NGTP
+      - R82.10-PAYG-NGTX
   Shell:
     Description: Change the admin shell to enable advanced command line configuration.
     Type: String
diff --git a/aws/templates/gwlb-asg/gwlb-master.yaml b/aws/templates/gwlb-asg/gwlb-master.yaml
@@ -49,8 +49,8 @@ Metadata:
           - GatewayMaintenancePasswordHash
           - GatewaySICKey
           - ControlGatewayOverPrivateOrPublicAddress
+          - IPMode
           - AllocatePublicAddress
-          - EnableIPv6Traffic
           - CloudWatch
           - GatewayBootstrapScript
       - Label:
@@ -82,6 +82,8 @@ Metadata:
         default: Auto Scaling Group Public Subnet 4
       KeyName:
         default: Key name
+      IPMode:
+        default: IP Configuration Mode
       EnableVolumeEncryption:
         default: Enable environment volume encryption
       VolumeSize:
@@ -156,8 +158,6 @@ Metadata:
         default: Gateways addresses
       AutoScaleGroupName:
         default: Auto Scale Group name
-      EnableIPv6Traffic:
-        default: Add support for IPv6 traffic inspection
 Parameters:
   AvailabilityZones:
     Description: List of Availability Zones (AZs) to use for the subnets in the VPC. Select at least two.
@@ -553,6 +553,9 @@ Parameters:
       - R82-BYOL
       - R82-PAYG-NGTP
       - R82-PAYG-NGTX
+      - R82.10-BYOL
+      - R82.10-PAYG-NGTP
+      - R82.10-PAYG-NGTX
   GatewayPasswordHash:
     Description: Admin user's password hash (use command "openssl passwd -6 PASSWORD" to get the PASSWORD's hash). (optional)
     Type: String
@@ -585,13 +588,13 @@ Parameters:
     AllowedValues:
       - true
       - false
-  EnableIPv6Traffic:
-    Description: Enables inspection of IPv6 traffic encapsulated within IPv4 Geneve tunnels, ensuring proper handling of IPv6 traffic on IPv4 autoscale gateways (supported on version R81.20 with JHF 99 and above).
+  IPMode:
+    Description: Specifies the IP mode for inspection of traffic encapsulation in IPv4 Geneve headers. When set to DualStack, both IPv4 and IPv6 traffic are inspected. For supported versions and Jumbo Hotfix requirements, refer to the admin guide. 
     Type: String
-    Default: false
     AllowedValues:
-      - true
-      - false
+      - IPv4
+      - DualStack
+    Default: IPv4
   CloudWatch:
     Description: Report Check Point specific CloudWatch metrics.
     Type: String
@@ -736,6 +739,8 @@ Parameters:
       - R81.20-PAYG
       - R82-BYOL
       - R82-PAYG
+      - R82.10-BYOL
+      - R82.10-PAYG
   ManagementPasswordHash:
     Description: Admin user's password hash (use command "openssl passwd -6 PASSWORD" to get the PASSWORD's hash). (optional)
     Type: String
@@ -778,12 +783,12 @@ Conditions:
   3AZs: !Or [!Equals [!Ref NumberOfAZs, 3], !Condition 4AZs]
   DeployManagement: !Equals [!Ref ManagementDeploy, true]
   GenerateAutoScalingName: !Equals [!Ref AutoScaleGroupName, ""]
-  EnableIPv6: !Equals [!Ref EnableIPv6Traffic, true]
+  IsIPv6Enabled: !Not [!Equals [!Ref IPMode, "IPv4"]]
 Resources:
   VPCStack:
     Type: AWS::CloudFormation::Stack
     Properties:
-      TemplateURL: !If [EnableIPv6, https://cgi-cfts.s3.amazonaws.com/utils/vpc-ipv6.yaml, https://cgi-cfts.s3.amazonaws.com/utils/vpc.yaml]
+      TemplateURL: !If [IsIPv6Enabled, https://cgi-cfts.s3.amazonaws.com/utils/vpc-ipv6.yaml, https://cgi-cfts.s3.amazonaws.com/utils/vpc.yaml]
       Parameters:
         AvailabilityZones: !Join [',' , !Ref AvailabilityZones]
         NumberOfAZs: !Ref NumberOfAZs
@@ -843,7 +848,7 @@ Resources:
         AdminCIDR: !Ref AdminCIDR
         GatewayManagement: !Ref GatewayManagement
         GatewaysAddresses: !Ref GatewaysAddresses
-        EnableIPv6Traffic: !Ref EnableIPv6Traffic
+        IPMode: !Ref IPMode
 Outputs:
   VPCID:
     Description: VPC ID.
diff --git a/aws/templates/gwlb-asg/gwlb.yaml b/aws/templates/gwlb-asg/gwlb.yaml
@@ -45,7 +45,7 @@ Metadata:
           - GatewaySICKey
           - ControlGatewayOverPrivateOrPublicAddress
           - AllocatePublicAddress
-          - EnableIPv6Traffic
+          - IPMode
           - CloudWatch
           - GatewayBootstrapScript
       - Label:
@@ -67,6 +67,8 @@ Metadata:
         default: Gateways subnets
       KeyName:
         default: Key name
+      IPMode:
+        default: IP Configuration Mode  
       EnableVolumeEncryption:
         default: Enable environment volume encryption
       VolumeSize:
@@ -141,8 +143,6 @@ Metadata:
         default: Gateways addresses
       AutoScaleGroupName:
         default: Auto Scale Group name
-      EnableIPv6Traffic:
-        default: Add support for IPv6 traffic inspection
 Parameters:
   VPC:
     Description: Select an existing VPC.
@@ -503,6 +503,9 @@ Parameters:
       - R82-BYOL
       - R82-PAYG-NGTP
       - R82-PAYG-NGTX
+      - R82.10-BYOL
+      - R82.10-PAYG-NGTP
+      - R82.10-PAYG-NGTX
   GatewayPasswordHash:
     Description: Admin user's password hash (use command "openssl passwd -6 PASSWORD" to get the PASSWORD's hash). (optional)
     Type: String
@@ -542,13 +545,13 @@ Parameters:
     AllowedValues:
       - true
       - false
-  EnableIPv6Traffic:
-    Description: Enables inspection of IPv6 traffic encapsulated within IPv4 Geneve tunnels, ensuring proper handling of IPv6 traffic on IPv4 autoscale gateways (supported on version R81.20 with JHF 99 and above).
+  IPMode:
+    Description: Specifies the IP mode for inspection of traffic encapsulation in IPv4 Geneve headers. When set to DualStack, both IPv4 and IPv6 traffic are inspected. For supported versions and Jumbo Hotfix requirements, refer to the admin guide. 
     Type: String
-    Default: false
     AllowedValues:
-      - true
-      - false
+      - IPv4
+      - DualStack
+    Default: IPv4
   GatewayBootstrapScript:
     Description: An optional script with semicolon (;) separated commands to run on the initial boot. (optional)
     Type: String
@@ -686,6 +689,8 @@ Parameters:
       - R81.20-PAYG
       - R82-BYOL
       - R82-PAYG
+      - R82.10-BYOL
+      - R82.10-PAYG
   ManagementPasswordHash:
     Description: Admin user's password hash (use command "openssl passwd -6 PASSWORD" to get the PASSWORD's hash). (optional)
     Type: String
@@ -718,24 +723,23 @@ Parameters:
     Description: Allow gateways only from this network to communicate with the Security Management Server.
     Type: String
     AllowedPattern: '^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\/([0-9]|[1-2][0-9]|3[0-2]))$'
-    AutoScaleGroupName:
-      Conditions:
+  AutoScaleGroupName:
       Description: The Name of the Auto Scaling Group. (optional)
       Type: String
       Default: ""
       MaxLength: 100
-    Conditions:
+Conditions:
   DeployManagement: !Equals [!Ref ManagementDeploy, true]
   VolumeEncryption: !Equals [!Ref EnableVolumeEncryption, true]
   GenerateAutoScalingName: !Equals [!Ref AutoScaleGroupName, ""]
-  EnableIPv6: !Equals [!Ref EnableIPv6Traffic, true]
+  IsIPv6Enabled: !Not [!Equals [!Ref IPMode, "IPv4"]]
 Resources:
   GatewayLoadBalancer:
     Type: AWS::ElasticLoadBalancingV2::LoadBalancer
     Properties:
       Type: gateway
       Name: !Ref GWLBName
-      IpAddressType: !If [EnableIPv6, dualstack, ipv4]
+      IpAddressType: !If [IsIPv6Enabled, dualstack, ipv4]
       LoadBalancerAttributes:
         - Key: load_balancing.cross_zone.enabled
           Value: !Ref CrossZoneLoadBalancing
@@ -811,6 +815,7 @@ Resources:
         GatewayBootstrapScript: !Ref GatewayBootstrapScript
         ManagementServer: !Ref ManagementServer
         ConfigurationTemplate: !Ref ConfigurationTemplate
+        IPMode: !Ref IPMode
   ManagementStack:
     Type: AWS::CloudFormation::Stack
     Condition: DeployManagement
diff --git a/aws/templates/gwlb-asg/qs-gwlb-master.yaml b/aws/templates/gwlb-asg/qs-gwlb-master.yaml
@@ -658,6 +658,9 @@ Parameters:
       - R82-BYOL
       - R82-PAYG-NGTP
       - R82-PAYG-NGTX
+      - R82.10-BYOL
+      - R82.10-PAYG-NGTP
+      - R82.10-PAYG-NGTX
   GatewayPasswordHash:
     Description: Admin user's password hash (use command "openssl passwd -6 PASSWORD" to get the PASSWORD's hash). (optional)
     Type: String
@@ -905,6 +908,8 @@ Parameters:
       - R81.20-PAYG
       - R82-BYOL
       - R82-PAYG
+      - R82.10-BYOL
+      - R82.10-PAYG
   ManagementPasswordHash:
     Description: Admin user's password hash (use command "openssl passwd -6 PASSWORD" to get the PASSWORD's hash). (optional)
     Type: String
diff --git a/aws/templates/gwlb-asg/qs-gwlb.yaml b/aws/templates/gwlb-asg/qs-gwlb.yaml
@@ -563,6 +563,9 @@ Parameters:
       - R82-BYOL
       - R82-PAYG-NGTP
       - R82-PAYG-NGTX
+      - R82.10-BYOL
+      - R82.10-PAYG-NGTP
+      - R82.10-PAYG-NGTX
   GatewayPasswordHash:
     Description: Admin user's password hash (use command "openssl passwd -6 PASSWORD" to get the PASSWORD's hash). (optional)
     Type: String
@@ -810,6 +813,8 @@ Parameters:
       - R81.20-PAYG
       - R82-BYOL
       - R82-PAYG
+      - R82.10-BYOL
+      - R82.10-PAYG
   ManagementPasswordHash:
     Description: Admin user's password hash (use command "openssl passwd -6 PASSWORD" to get the PASSWORD's hash). (optional)
     Type: String
diff --git a/aws/templates/gwlb-asg/tgw-gwlb-master.yaml b/aws/templates/gwlb-asg/tgw-gwlb-master.yaml
@@ -642,6 +642,9 @@ Parameters:
       - R82-BYOL
       - R82-PAYG-NGTP
       - R82-PAYG-NGTX
+      - R82.10-BYOL
+      - R82.10-PAYG-NGTP
+      - R82.10-PAYG-NGTX
   GatewayPasswordHash:
     Description: Admin user's password hash (use command "openssl passwd -6 PASSWORD" to get the PASSWORD's hash). (optional)
     Type: String
@@ -894,6 +897,8 @@ Parameters:
       - R81.20-PAYG
       - R82-BYOL
       - R82-PAYG
+      - R82.10-BYOL
+      - R82.10-PAYG
   ManagementPasswordHash:
     Description: Admin user's password hash (use command "openssl passwd -6 PASSWORD" to get the PASSWORD's hash). (optional)
     Type: String
diff --git a/aws/templates/gwlb-asg/tgw-gwlb.yaml b/aws/templates/gwlb-asg/tgw-gwlb.yaml
@@ -597,6 +597,9 @@ Parameters:
       - R82-BYOL
       - R82-PAYG-NGTP
       - R82-PAYG-NGTX
+      - R82.10-BYOL
+      - R82.10-PAYG-NGTP
+      - R82.10-PAYG-NGTX
   GatewayPasswordHash:
     Description: Admin user's password hash (use command "openssl passwd -6 PASSWORD" to get the PASSWORD's hash). (optional)
     Type: String
@@ -866,6 +869,8 @@ Parameters:
       - R81.20-PAYG
       - R82-BYOL
       - R82-PAYG
+      - R82.10-BYOL
+      - R82.10-PAYG
   ManagementPasswordHash:
     Description: Admin user's password hash (use command "openssl passwd -6 PASSWORD" to get the PASSWORD's hash). (optional)
     Type: String
diff --git a/aws/templates/management/management-master.yaml b/aws/templates/management/management-master.yaml
@@ -402,6 +402,8 @@ Parameters:
       - R81.20-PAYG
       - R82-BYOL
       - R82-PAYG
+      - R82.10-BYOL
+      - R82.10-PAYG
   Shell:
     Description: Change the admin shell to enable advanced command line configuration.
     Type: String
diff --git a/aws/templates/management/management.yaml b/aws/templates/management/management.yaml
@@ -391,6 +391,8 @@ Parameters:
       - R81.20-PAYG
       - R82-BYOL
       - R82-PAYG
+      - R82.10-BYOL
+      - R82.10-PAYG
   Shell:
     Description: Change the admin shell to enable advanced command line configuration.
     Type: String
diff --git a/aws/templates/mds/mds-master.yaml b/aws/templates/mds/mds-master.yaml
@@ -390,6 +390,7 @@ Parameters:
       - R81.10-BYOL
       - R81.20-BYOL
       - R82-BYOL
+      - R82.10-BYOL
   Shell:
     Description: Change the admin shell to enable advanced command line configuration.
     Type: String
diff --git a/aws/templates/mds/mds.yaml b/aws/templates/mds/mds.yaml
@@ -380,6 +380,7 @@ Parameters:
       - R81.10-BYOL
       - R81.20-BYOL
       - R82-BYOL
+      - R82.10-BYOL
   Shell:
     Description: Change the admin shell to enable advanced command line configuration.
     Type: String
diff --git a/aws/templates/single-gw/gateway.yaml b/aws/templates/single-gw/gateway.yaml
@@ -418,6 +418,9 @@ Parameters:
       - R82-BYOL
       - R82-PAYG-NGTP
       - R82-PAYG-NGTX
+      - R82.10-BYOL
+      - R82.10-PAYG-NGTP
+      - R82.10-PAYG-NGTX
   Shell:
     Description: Change the admin shell to enable advanced command line configuration.
     Type: String
diff --git a/aws/templates/standalone/standalone-master.yaml b/aws/templates/standalone/standalone-master.yaml
diff --git a/aws/templates/standalone/standalone.yaml b/aws/templates/standalone/standalone.yaml
diff --git a/aws/templates/tgw-asg/tgw-asg-master.yaml b/aws/templates/tgw-asg/tgw-asg-master.yaml
diff --git a/aws/templates/tgw-asg/tgw-asg.yaml b/aws/templates/tgw-asg/tgw-asg.yaml
diff --git a/aws/templates/tgw-cross-az-cluster/tgw-cross-az-cluster-master.yaml b/aws/templates/tgw-cross-az-cluster/tgw-cross-az-cluster-master.yaml
diff --git a/aws/templates/tgw-cross-az-cluster/tgw-cross-az-cluster.yaml b/aws/templates/tgw-cross-az-cluster/tgw-cross-az-cluster.yaml
diff --git a/aws/templates/tgw-ha/tgw-ha-master.yaml b/aws/templates/tgw-ha/tgw-ha-master.yaml
diff --git a/aws/templates/tgw-ha/tgw-ha.yaml b/aws/templates/tgw-ha/tgw-ha.yaml
