diff --git a/azure/templates/marketplace-gateway-load-balancer/createUiDefinition.json b/azure/templates/marketplace-gateway-load-balancer/createUiDefinition.json
index c18748c3..57dd49a1 100644
--- a/azure/templates/marketplace-gateway-load-balancer/createUiDefinition.json
+++ b/azure/templates/marketplace-gateway-load-balancer/createUiDefinition.json
@@ -1361,6 +1361,35 @@
},
"visible": "[steps('network').NSG]"
},
+ {
+ "name": "storageAccountDeployMode",
+ "type": "Microsoft.Common.DropDown",
+ "label": "Storage Account Deployment Mode",
+ "toolTip": "Select your preferred Storage Account deployment mode, New to a new Storage Account, Existing to an existing Storage Account, Managed to managed Storage Account, None to deploy without a Storage Account",
+ "defaultValue": "New",
+ "constraints": {
+ "allowedValues": [
+ {
+ "label": "New",
+ "value": "New"
+ },
+ {
+ "label": "Existing",
+ "value": "Existing"
+ },
+ {
+ "label": "Managed",
+ "value": "Managed"
+ },
+ {
+ "label": "None",
+ "value": "None"
+ }
+ ],
+ "required": true
+ },
+ "visible": true
+ },
{
"name": "addStorageAccountIpRules",
"type": "Microsoft.Common.OptionsGroup",
@@ -1378,9 +1407,48 @@
"value": true
}
],
- "required": true
+ "required": "[equals(steps('network').storageAccountDeployMode, 'New')]"
},
- "visible": true
+ "visible": "[equals(steps('network').storageAccountDeployMode, 'New')]"
+ },
+ {
+ "name": "existingStorageAccount",
+ "type": "Microsoft.Solutions.ResourceSelector",
+ "label": "Storage Account",
+ "defaultValue": "null",
+ "toolTip": "Choose an existing Storage Account",
+ "resourceType": "Microsoft.Storage/storageAccounts",
+ "constraints": {
+ "required": "[equals(steps('network').storageAccountDeployMode, 'Existing')]"
+ },
+ "visible": "[equals(steps('network').storageAccountDeployMode, 'Existing')]"
+ },
+ {
+ "name": "infoExistingStorageAccount",
+ "type": "Microsoft.Common.InfoBox",
+ "visible": "[equals(steps('network').storageAccountDeployMode, 'Existing')]",
+ "options": {
+ "icon": "Info",
+ "text": "The Storage Account must allow network access from the Serial Console feature, for more information - Serial Console Security."
+ }
+ },
+ {
+ "name": "infoManagedStorageAccount",
+ "type": "Microsoft.Common.InfoBox",
+ "visible": "[equals(steps('network').storageAccountDeployMode, 'Managed')]",
+ "options": {
+ "icon": "Info",
+ "text": "Azure will use a managed Storage Account for the deployment, no additional configuration is required."
+ }
+ },
+ {
+ "name": "warningNoneStorageAccount",
+ "type": "Microsoft.Common.InfoBox",
+ "visible": "[equals(steps('network').storageAccountDeployMode, 'None')]",
+ "options": {
+ "icon": "Warning",
+ "text": "Please note that deploying without a Storage Account will not allow you to use the Serial Console feature. For more information - Azure Serial Console."
+ }
}
]
},
@@ -1454,9 +1522,11 @@
"deployNewNSG": "[steps('network').NSG]",
"ExistingNSG": "[steps('network').nsgSelector]",
"NewNsgName": "[steps('network').NSGName]",
+ "storageAccountDeployMode": "[steps('network').storageAccountDeployMode]",
"addStorageAccountIpRules":"[steps('network').addStorageAccountIpRules]",
+ "existingStorageAccountId": "[steps('network').existingStorageAccount]",
"SerialConsolePasswordHash": "[steps('chkp-advanced').AdditionalPassword]",
"MaintenanceModePasswordHash": "[steps('chkp-advanced').MaintenanceModePassword]"
}
}
-}
\ No newline at end of file
+}
diff --git a/azure/templates/marketplace-gateway-load-balancer/mainTemplate.json b/azure/templates/marketplace-gateway-load-balancer/mainTemplate.json
index fa1f9bcf..27a89b22 100644
--- a/azure/templates/marketplace-gateway-load-balancer/mainTemplate.json
+++ b/azure/templates/marketplace-gateway-load-balancer/mainTemplate.json
@@ -399,19 +399,39 @@
"type": "string",
"defaultValue": "[concat(parameters('vmName'),'-nsg')]"
},
+ "storageAccountDeployMode": {
+ "type": "string",
+ "defaultValue": "New",
+ "metadata": {
+ "description": "Choose the Storage Account mode: 'New' creates a new account, 'Existing' uses one already available, 'Managed' provisions a managed account, and 'None' skips account creation."
+ },
+ "allowedValues": [
+ "New",
+ "Existing",
+ "Managed",
+ "None"
+ ]
+ },
"addStorageAccountIpRules": {
"type": "bool",
"metadata": {
- "description": "Add Storage Account IP rules that allow access to the Serial Console only for IPs based on their geographic location, based on https://learn.microsoft.com/en-us/troubleshoot/azure/virtual-machines/serial-console-linux#use-serial-console-with-custom-boot-diagnostics-storage-account-firewall-enabled"
+ "description": "Add Storage Account IP rules that allow access to the Serial Console only for IPs based on their geographic location, based on https://learn.microsoft.com/en-us/troubleshoot/azure/virtual-machines/serial-console-linux#use-serial-console-with-custom-boot-diagnostics-storage-account-firewall-enabled. Only relevant when 'Storage Account Deploy Mode' is set to 'New'."
},
"defaultValue": false
},
"storageAccountAdditionalIps": {
"type": "array",
"metadata": {
- "description": "IPs/CIDRs that are allowed access to the Storage Account. Format should be an array of strings."
+ "description": "IPs/CIDRs that are allowed access to the Storage Account. Format should be an array of strings. Only relevant when 'Storage Account Deploy Mode' is set to 'New'."
},
"defaultValue": []
+ },
+ "existingStorageAccountId": {
+ "type": "string",
+ "metadata": {
+ "description": "The ID of the existing Storage Account. Only relevant when 'Storage Account Deploy Mode' is set to 'Existing'."
+ },
+ "defaultValue": ""
}
},
"variables": {
@@ -1568,6 +1588,7 @@
}
},
{
+ "condition": "[equals(parameters('storageAccountDeployMode'), 'New')]",
"type": "Microsoft.Storage/storageAccounts",
"name": "[variables('storageAccountName')]",
"apiVersion": "2021-06-01",
@@ -1585,7 +1606,7 @@
"sku": {
"name": "[variables('storageAccountType')]"
},
- "kind": "Storage",
+ "kind": "StorageV2",
"tags": "[ if(contains(parameters('tagsByResource'), 'Microsoft.Storage/storageAccounts'), parameters('tagsByResource')['Microsoft.Storage/storageAccounts'], json('{}')) ]"
},
{
@@ -1676,10 +1697,7 @@
]
},
"diagnosticsProfile": {
- "bootDiagnostics": {
- "enabled": "true",
- "storageUri": "[reference(variables('storageAccountId'), '2023-01-01').primaryEndpoints.blob]"
- }
+ "bootDiagnostics": "[if(equals(parameters('storageAccountDeployMode'), 'None'), createObject('enabled', false()), if(equals(parameters('storageAccountDeployMode'), 'Managed'), createObject('enabled', true()), createObject('enabled', true(), 'storageUri', if(equals(parameters('storageAccountDeployMode'), 'New'), reference(variables('storageAccountId'), '2023-01-01').primaryEndpoints.blob, reference(parameters('existingStorageAccountId'), '2023-05-01').primaryEndpoints.blob))))]"
}
},
"overprovision": false
diff --git a/azure/templates/marketplace-ha/createUiDefinition.json b/azure/templates/marketplace-ha/createUiDefinition.json
index fa40e001..c2399b39 100644
--- a/azure/templates/marketplace-ha/createUiDefinition.json
+++ b/azure/templates/marketplace-ha/createUiDefinition.json
@@ -935,7 +935,7 @@
"label": "Availability options",
"defaultValue": "Availability Set",
"toolTip": "Use replicated Cluster VMs in Availability Set or Availability Zones. Note that the load balancers and their IP addresses will be zone redundant in any case.",
- "visible": "[contains(' australiaeast brazilsouth canadacentral centralus eastasia eastus eastus2 francecentral germanywestcentral japaneast koreacentral northeurope norwayeast southafricanorth southcentralus southeastasia swedencentral uksouth usgovvirginia westeurope westus2 westus3 switzerlandnorth qatarcentral centralindia uaenorth italynorth ', concat(' ', location(), ' '))]",
+ "visible": "[contains(' australiaeast brazilsouth canadacentral centralus eastasia eastus eastus2 francecentral germanywestcentral japaneast koreacentral northeurope norwayeast southafricanorth southcentralus southeastasia swedencentral uksouth usgovvirginia westeurope westus2 westus3 switzerlandnorth qatarcentral centralindia uaenorth italynorth', concat(' ', location(), ' '))]",
"constraints": {
"allowedValues": [
{
@@ -1110,7 +1110,7 @@
"name": "floatingIP",
"type": "Microsoft.Common.OptionsGroup",
"label": "Deploy the Load Balancers with floating IP",
- "defaultValue": "No",
+ "defaultValue": "Yes",
"toolTip": "Deploy the Load Balancers with floating IP.",
"constraints": {
"allowedValues": [
@@ -1486,6 +1486,35 @@
},
"visible": "[steps('network').NSG]"
},
+ {
+ "name": "storageAccountDeployMode",
+ "type": "Microsoft.Common.DropDown",
+ "label": "Storage Account Deployment Mode",
+ "toolTip": "Select your preferred Storage Account deployment mode, New to a new Storage Account, Existing to an existing Storage Account, Managed to managed Storage Account, None to deploy without a Storage Account",
+ "defaultValue": "New",
+ "constraints": {
+ "allowedValues": [
+ {
+ "label": "New",
+ "value": "New"
+ },
+ {
+ "label": "Existing",
+ "value": "Existing"
+ },
+ {
+ "label": "Managed",
+ "value": "Managed"
+ },
+ {
+ "label": "None",
+ "value": "None"
+ }
+ ],
+ "required": true
+ },
+ "visible": true
+ },
{
"name": "addStorageAccountIpRules",
"type": "Microsoft.Common.OptionsGroup",
@@ -1503,9 +1532,48 @@
"value": true
}
],
- "required": true
+ "required": "[equals(steps('network').storageAccountDeployMode, 'New')]"
},
- "visible": true
+ "visible": "[equals(steps('network').storageAccountDeployMode, 'New')]"
+ },
+ {
+ "name": "existingStorageAccount",
+ "type": "Microsoft.Solutions.ResourceSelector",
+ "label": "Storage Account",
+ "defaultValue": "null",
+ "toolTip": "Choose an existing Storage Account",
+ "resourceType": "Microsoft.Storage/storageAccounts",
+ "constraints": {
+ "required": "[equals(steps('network').storageAccountDeployMode, 'Existing')]"
+ },
+ "visible": "[equals(steps('network').storageAccountDeployMode, 'Existing')]"
+ },
+ {
+ "name": "infoExistingStorageAccount",
+ "type": "Microsoft.Common.InfoBox",
+ "visible": "[equals(steps('network').storageAccountDeployMode, 'Existing')]",
+ "options": {
+ "icon": "Info",
+ "text": "The Storage Account must allow network access from the Serial Console feature, for more information - Serial Console Security."
+ }
+ },
+ {
+ "name": "infoManagedStorageAccount",
+ "type": "Microsoft.Common.InfoBox",
+ "visible": "[equals(steps('network').storageAccountDeployMode, 'Managed')]",
+ "options": {
+ "icon": "Info",
+ "text": "Azure will use a managed Storage Account for the deployment, no additional configuration is required."
+ }
+ },
+ {
+ "name": "warningNoneStorageAccount",
+ "type": "Microsoft.Common.InfoBox",
+ "visible": "[equals(steps('network').storageAccountDeployMode, 'None')]",
+ "options": {
+ "icon": "Warning",
+ "text": "Please note that deploying without a Storage Account will not allow you to use the Serial Console feature. For more information - Azure Serial Console."
+ }
}
]
},
@@ -1579,7 +1647,9 @@
"deployNewNSG": "[steps('network').NSG]",
"ExistingNSG": "[steps('network').nsgSelector]",
"NewNsgName": "[steps('network').NSGName]",
- "addStorageAccountIpRules": "[steps('network').addStorageAccountIpRules]",
+ "storageAccountDeployMode": "[steps('network').storageAccountDeployMode]",
+ "addStorageAccountIpRules":"[steps('network').addStorageAccountIpRules]",
+ "existingStorageAccountId": "[steps('network').existingStorageAccount]",
"VipsNumber": "[int(steps('network').Vips_Number)]",
"VipNames": "[concat(steps('network').VIP_Names.VIP2_Name, ',', steps('network').VIP_Names.VIP3_Name, ',', steps('network').VIP_Names.VIP4_Name, ',', steps('network').VIP_Names.VIP5_Name, ',', steps('network').VIP_Names.VIP6_Name, ',', steps('network').VIP_Names.VIP7_Name, ',', steps('network').VIP_Names.VIP8_Name, ',', steps('network').VIP_Names.VIP9_Name, ',', steps('network').VIP_Names.VIP10_Name)]",
"SerialConsolePasswordHash": "[steps('chkp-advanced').AdditionalPassword]",
diff --git a/azure/templates/marketplace-ha/mainTemplate.json b/azure/templates/marketplace-ha/mainTemplate.json
index 5d20d746..6468c54b 100644
--- a/azure/templates/marketplace-ha/mainTemplate.json
+++ b/azure/templates/marketplace-ha/mainTemplate.json
@@ -72,7 +72,7 @@
"no",
"yes"
],
- "defaultValue": "no",
+ "defaultValue": "yes",
"metadata": {
"description": "Deploy the Load Balancers with floating IP"
}
@@ -341,19 +341,39 @@
"type": "string",
"defaultValue": ""
},
+ "storageAccountDeployMode": {
+ "type": "string",
+ "defaultValue": "New",
+ "metadata": {
+ "description": "Choose the Storage Account mode: 'New' creates a new account, 'Existing' uses one already available, 'Managed' provisions a managed account, and 'None' skips account creation."
+ },
+ "allowedValues": [
+ "New",
+ "Existing",
+ "Managed",
+ "None"
+ ]
+ },
"addStorageAccountIpRules": {
"type": "bool",
"metadata": {
- "description": "Add Storage Account IP rules that allow access to the Serial Console only for IPs based on their geographic location, based on https://learn.microsoft.com/en-us/troubleshoot/azure/virtual-machines/serial-console-linux#use-serial-console-with-custom-boot-diagnostics-storage-account-firewall-enabled, based on https://learn.microsoft.com/en-us/troubleshoot/azure/virtual-machines/serial-console-linux#use-serial-console-with-custom-boot-diagnostics-storage-account-firewall-enabled"
+ "description": "Add Storage Account IP rules that allow access to the Serial Console only for IPs based on their geographic location, based on https://learn.microsoft.com/en-us/troubleshoot/azure/virtual-machines/serial-console-linux#use-serial-console-with-custom-boot-diagnostics-storage-account-firewall-enabled, based on https://learn.microsoft.com/en-us/troubleshoot/azure/virtual-machines/serial-console-linux#use-serial-console-with-custom-boot-diagnostics-storage-account-firewall-enabled. Only relevant when 'Storage Account Deploy Mode' is set to 'New'."
},
"defaultValue": false
},
"storageAccountAdditionalIps": {
"type": "array",
"metadata": {
- "description": "IPs/CIDRs that are allowed access to the Storage Account. Format should be an array of strings."
+ "description": "IPs/CIDRs that are allowed access to the Storage Account. Format should be an array of strings. Only relevant when 'Storage Account Deploy Mode' is set to 'New'."
},
"defaultValue": []
+ },
+ "existingStorageAccountId": {
+ "type": "string",
+ "metadata": {
+ "description": "The ID of the existing Storage Account. Only relevant when 'Storage Account Deploy Mode' is set to 'Existing'."
+ },
+ "defaultValue": ""
}
},
"variables": {
@@ -1449,6 +1469,7 @@
}
},
{
+ "condition": "[equals(parameters('storageAccountDeployMode'), 'New')]",
"type": "Microsoft.Storage/storageAccounts",
"name": "[variables('storageAccountName')]",
"apiVersion": "2022-09-01",
@@ -1466,7 +1487,7 @@
"sku": {
"name": "[variables('storageAccountType')]"
},
- "kind": "Storage",
+ "kind": "StorageV2",
"tags": "[ if(contains(parameters('tagsByResource'), 'Microsoft.Storage/storageAccounts'), parameters('tagsByResource')['Microsoft.Storage/storageAccounts'], json('{}')) ]"
},
{
@@ -1771,7 +1792,7 @@
},
{
"type": "Microsoft.Compute/virtualMachines",
- "apiVersion": "2022-11-01",
+ "apiVersion": "2023-09-01",
"dependsOn": [
"[resourceId('Microsoft.Storage/storageAccounts', variables('storageAccountName'))]",
"[resourceId('Microsoft.Compute/availabilitySets', variables('availabilitySetName'))]",
@@ -1792,10 +1813,7 @@
"UserData": "[base64(concat(variables('customData')[copyIndex()], 'vnet=\"', if(equals(parameters('vnetNewOrExisting'), 'new'), reference('networkNewSetup').outputs.vnetAddressPrefixes.value[0], reference('networkExistingSetup').outputs.vnetAddressPrefixes.value[0]), '\"', '\n'))]",
"availabilitySet": "[if(not(variables('useAZ')), variables('availabilitySetProperty'), json('null'))]",
"diagnosticsProfile": {
- "bootDiagnostics": {
- "enabled": "true",
- "storageUri": "[reference(resourceId('Microsoft.Storage/storageAccounts/', variables('storageAccountName')), '2023-05-01').primaryEndpoints.blob]"
- }
+ "bootDiagnostics": "[if(equals(parameters('storageAccountDeployMode'), 'None'), createObject('enabled', false()), if(equals(parameters('storageAccountDeployMode'), 'Managed'), createObject('enabled', true()), createObject('enabled', true(), 'storageUri', if(equals(parameters('storageAccountDeployMode'), 'New'), reference(resourceId('Microsoft.Storage/storageAccounts/', variables('storageAccountName')), '2023-05-01').primaryEndpoints.blob, reference(parameters('existingStorageAccountId'), '2023-05-01').primaryEndpoints.blob))))]"
},
"hardwareProfile": {
"vmSize": "[parameters('vmSize')]"
@@ -1897,7 +1915,7 @@
"properties": {
"roleDefinitionId": "[variables('roleDefinitionIds')[if(greater(copyIndex(1), 2), 1, 0)]]",
"scope": "[resourceGroup().id]",
- "principalId": "[reference(resourceId('Microsoft.Compute/virtualMachines/', concat(parameters('vmName'), if(equals(mod(copyIndex(1), 2), 1), '1', '2'))), '2022-11-01', 'Full').identity.principalId]"
+ "principalId": "[reference(resourceId('Microsoft.Compute/virtualMachines/', concat(parameters('vmName'), if(equals(mod(copyIndex(1), 2), 1), '1', '2'))), '2023-09-01', 'Full').identity.principalId]"
},
"tags": "[ if(contains(parameters('tagsByResource'), 'Microsoft.Authorization/roleAssignments'), parameters('tagsByResource')['Microsoft.Authorization/roleAssignments'], json('{}')) ]"
},
@@ -1932,10 +1950,10 @@
"value": "[variables('roleDefinitionIds')[copyIndex()]]"
},
"principalId1": {
- "value": "[reference(resourceId('Microsoft.Compute/virtualMachines/', concat(parameters('vmName'), '1')), '2022-11-01', 'Full').identity.principalId]"
+ "value": "[reference(resourceId('Microsoft.Compute/virtualMachines/', concat(parameters('vmName'), '1')), '2023-09-01', 'Full').identity.principalId]"
},
"principalId2": {
- "value": "[reference(resourceId('Microsoft.Compute/virtualMachines/', concat(parameters('vmName'), '2')), '2022-11-01', 'Full').identity.principalId]"
+ "value": "[reference(resourceId('Microsoft.Compute/virtualMachines/', concat(parameters('vmName'), '2')), '2023-09-01', 'Full').identity.principalId]"
},
"index": {
"value": "[copyIndex()]"
diff --git a/azure/templates/marketplace-management/createUiDefinition.json b/azure/templates/marketplace-management/createUiDefinition.json
index c7780974..375846b4 100644
--- a/azure/templates/marketplace-management/createUiDefinition.json
+++ b/azure/templates/marketplace-management/createUiDefinition.json
@@ -564,7 +564,7 @@
}
]
}
- },
+ },
{
"name": "InfoVMDiskSpace",
"type": "Microsoft.Common.InfoBox",
@@ -716,6 +716,35 @@
"validationMessage": "Only alphanumeric characters are allowed, and the name must be 1-30 characters long."
},
"visible": "[steps('network').NSG]"
+ },
+ {
+ "name": "storageAccountDeployMode",
+ "type": "Microsoft.Common.DropDown",
+ "label": "Storage Account Deployment Mode",
+ "toolTip": "Select your preferred Storage Account deployment mode, New to a new Storage Account, Existing to an existing Storage Account, Managed to managed Storage Account, None to deploy without a Storage Account",
+ "defaultValue": "New",
+ "constraints": {
+ "allowedValues": [
+ {
+ "label": "New",
+ "value": "New"
+ },
+ {
+ "label": "Existing",
+ "value": "Existing"
+ },
+ {
+ "label": "Managed",
+ "value": "Managed"
+ },
+ {
+ "label": "None",
+ "value": "None"
+ }
+ ],
+ "required": true
+ },
+ "visible": true
},
{
"name": "addStorageAccountIpRules",
@@ -734,9 +763,48 @@
"value": true
}
],
- "required": true
+ "required": "[equals(steps('network').storageAccountDeployMode, 'New')]"
},
- "visible": true
+ "visible": "[equals(steps('network').storageAccountDeployMode, 'New')]"
+ },
+ {
+ "name": "existingStorageAccount",
+ "type": "Microsoft.Solutions.ResourceSelector",
+ "label": "Storage Account",
+ "defaultValue": "null",
+ "toolTip": "Choose an existing Storage Account",
+ "resourceType": "Microsoft.Storage/storageAccounts",
+ "constraints": {
+ "required": "[equals(steps('network').storageAccountDeployMode, 'Existing')]"
+ },
+ "visible": "[equals(steps('network').storageAccountDeployMode, 'Existing')]"
+ },
+ {
+ "name": "infoExistingStorageAccount",
+ "type": "Microsoft.Common.InfoBox",
+ "visible": "[equals(steps('network').storageAccountDeployMode, 'Existing')]",
+ "options": {
+ "icon": "Info",
+ "text": "The Storage Account must allow network access from the Serial Console feature, for more information - Serial Console Security."
+ }
+ },
+ {
+ "name": "infoManagedStorageAccount",
+ "type": "Microsoft.Common.InfoBox",
+ "visible": "[equals(steps('network').storageAccountDeployMode, 'Managed')]",
+ "options": {
+ "icon": "Info",
+ "text": "Azure will use a managed Storage Account for the deployment, no additional configuration is required."
+ }
+ },
+ {
+ "name": "warningNoneStorageAccount",
+ "type": "Microsoft.Common.InfoBox",
+ "visible": "[equals(steps('network').storageAccountDeployMode, 'None')]",
+ "options": {
+ "icon": "Warning",
+ "text": "Please note that deploying without a Storage Account will not allow you to use the Serial Console feature. For more information - Azure Serial Console."
+ }
}
]
},
@@ -790,7 +858,7 @@
"bootstrapScript": "[steps('chkp-advanced').bootstrapScript]",
"allowDownloadFromUploadToCheckPoint": "[coalesce(steps('chkp-advanced').allowUploadDownload, 'true')]",
"additionalDiskSizeGB": "[int(steps('chkp-advanced').additionalDiskSizeGB)]",
- "msi": "[steps('chkp-advanced').identityAccessManagement]",
+ "msi" : "[steps('chkp-advanced').identityAccessManagement]",
"diskType": "[if(contains('R81.10' , steps('chkp').cloudGuardVersion) , steps('chkp-advanced').VMDiskTypeOldVersions , steps('chkp-advanced').VMDiskType)]",
"sourceImageVhdUri": "[coalesce(steps('chkp-advanced').sourceImageVhdUri, 'noCustomUri')]",
"enableApi": "[steps('chkp-advanced').enableApi]",
@@ -798,8 +866,10 @@
"tagsByResource": "[steps('tags').tagsByResource]",
"deployNewNSG": "[steps('network').NSG]",
"ExistingNSG": "[steps('network').nsgSelector]",
- "NewNsgName": "[steps('network').NSGName]",
- "addStorageAccountIpRules": "[steps('network').addStorageAccountIpRules]",
+ "NewNsgName": "[steps('network').NSGName]",
+ "storageAccountDeployMode": "[steps('network').storageAccountDeployMode]",
+ "addStorageAccountIpRules":"[steps('network').addStorageAccountIpRules]",
+ "existingStorageAccountId": "[steps('network').existingStorageAccount]",
"SerialConsolePasswordHash": "[steps('chkp-advanced').AdditionalPassword]",
"MaintenanceModePasswordHash": "[steps('chkp-advanced').MaintenanceModePassword]"
}
diff --git a/azure/templates/marketplace-management/mainTemplate.json b/azure/templates/marketplace-management/mainTemplate.json
index 5162511d..0b617ae0 100644
--- a/azure/templates/marketplace-management/mainTemplate.json
+++ b/azure/templates/marketplace-management/mainTemplate.json
@@ -254,19 +254,39 @@
"type": "string",
"defaultValue": "[concat(parameters('vmName'),'-nsg')]"
},
+ "storageAccountDeployMode": {
+ "type": "string",
+ "defaultValue": "New",
+ "metadata": {
+ "description": "Choose the Storage Account mode: 'New' creates a new account, 'Existing' uses one already available, 'Managed' provisions a managed account, and 'None' skips account creation."
+ },
+ "allowedValues": [
+ "New",
+ "Existing",
+ "Managed",
+ "None"
+ ]
+ },
"addStorageAccountIpRules": {
"type": "bool",
"metadata": {
- "description": "Add Storage Account IP rules that allow access to the Serial Console only for IPs based on their geographic location, based on https://learn.microsoft.com/en-us/troubleshoot/azure/virtual-machines/serial-console-linux#use-serial-console-with-custom-boot-diagnostics-storage-account-firewall-enabled"
+ "description": "Add Storage Account IP rules that allow access to the Serial Console only for IPs based on their geographic location, based on https://learn.microsoft.com/en-us/troubleshoot/azure/virtual-machines/serial-console-linux#use-serial-console-with-custom-boot-diagnostics-storage-account-firewall-enabled. Only relevant when 'Storage Account Deploy Mode' is set to 'New'."
},
"defaultValue": false
},
"storageAccountAdditionalIps": {
"type": "array",
"metadata": {
- "description": "IPs/CIDRs that are allowed access to the Storage Account. Format should be an array of strings."
+ "description": "IPs/CIDRs that are allowed access to the Storage Account. Format should be an array of strings. Only relevant when 'Storage Account Deploy Mode' is set to 'New'."
},
"defaultValue": []
+ },
+ "existingStorageAccountId": {
+ "type": "string",
+ "metadata": {
+ "description": "The ID of the existing Storage Account. Only relevant when 'Storage Account Deploy Mode' is set to 'Existing'."
+ },
+ "defaultValue": ""
}
},
"variables": {
@@ -1147,6 +1167,7 @@
}
},
{
+ "condition": "[equals(parameters('storageAccountDeployMode'), 'New')]",
"type": "Microsoft.Storage/storageAccounts",
"name": "[variables('storageAccountName')]",
"apiVersion": "2022-09-01",
@@ -1164,7 +1185,7 @@
"sku": {
"name": "[variables('storageAccountType')]"
},
- "kind": "Storage",
+ "kind": "StorageV2",
"tags": "[ if(contains(parameters('tagsByResource'), 'Microsoft.Storage/storageAccounts'), parameters('tagsByResource')['Microsoft.Storage/storageAccounts'], json('{}')) ]"
},
{
@@ -1261,6 +1282,7 @@
},
{
"condition": "[parameters('deployNewNSG')]",
+ "dependsOn": ["[variables('publicIPAddressId')]"],
"type": "Microsoft.Network/networkSecurityGroups",
"apiVersion": "2020-06-01",
"location": "[variables('location')]",
@@ -1378,6 +1400,20 @@
"priority": "170",
"direction": "Inbound"
}
+ },
+ {
+ "name": "Allow-self-IP-inbound",
+ "properties": {
+ "description": "Allow inbound traffic from the VM's public IP address",
+ "protocol": "*",
+ "sourcePortRange": "*",
+ "destinationPortRange": "*",
+ "sourceAddressPrefix": "[reference(variables('publicIPAddressId')).IpAddress]",
+ "destinationAddressPrefix": "*",
+ "access": "Allow",
+ "priority": "180",
+ "direction": "Inbound"
+ }
}
]
},
@@ -1448,10 +1484,7 @@
"properties": {
"UserData": "[variables('customData64')]",
"diagnosticsProfile": {
- "bootDiagnostics": {
- "enabled": "true",
- "storageUri": "[reference(resourceId('Microsoft.Storage/storageAccounts/', variables('storageAccountName')), '2023-05-01').primaryEndpoints.blob]"
- }
+ "bootDiagnostics": "[if(equals(parameters('storageAccountDeployMode'), 'None'), createObject('enabled', false()), if(equals(parameters('storageAccountDeployMode'), 'Managed'), createObject('enabled', true()), createObject('enabled', true(), 'storageUri', if(equals(parameters('storageAccountDeployMode'), 'New'), reference(resourceId('Microsoft.Storage/storageAccounts/', variables('storageAccountName')), '2023-05-01').primaryEndpoints.blob, reference(parameters('existingStorageAccountId'), '2023-05-01').primaryEndpoints.blob))))]"
},
"hardwareProfile": {
"vmSize": "[parameters('vmSize')]"
diff --git a/azure/templates/marketplace-mds/createUiDefinition.json b/azure/templates/marketplace-mds/createUiDefinition.json
index 607720cd..0ec106d9 100644
--- a/azure/templates/marketplace-mds/createUiDefinition.json
+++ b/azure/templates/marketplace-mds/createUiDefinition.json
@@ -624,6 +624,35 @@
},
"visible": "[steps('network').NSG]"
},
+ {
+ "name": "storageAccountDeployMode",
+ "type": "Microsoft.Common.DropDown",
+ "label": "Storage Account Deployment Mode",
+ "toolTip": "Select your preferred Storage Account deployment mode, New to a new Storage Account, Existing to an existing Storage Account, Managed to managed Storage Account, None to deploy without a Storage Account",
+ "defaultValue": "New",
+ "constraints": {
+ "allowedValues": [
+ {
+ "label": "New",
+ "value": "New"
+ },
+ {
+ "label": "Existing",
+ "value": "Existing"
+ },
+ {
+ "label": "Managed",
+ "value": "Managed"
+ },
+ {
+ "label": "None",
+ "value": "None"
+ }
+ ],
+ "required": true
+ },
+ "visible": true
+ },
{
"name": "addStorageAccountIpRules",
"type": "Microsoft.Common.OptionsGroup",
@@ -641,9 +670,48 @@
"value": true
}
],
- "required": true
+ "required": "[equals(steps('network').storageAccountDeployMode, 'New')]"
},
- "visible": true
+ "visible": "[equals(steps('network').storageAccountDeployMode, 'New')]"
+ },
+ {
+ "name": "existingStorageAccount",
+ "type": "Microsoft.Solutions.ResourceSelector",
+ "label": "Storage Account",
+ "defaultValue": "null",
+ "toolTip": "Choose an existing Storage Account",
+ "resourceType": "Microsoft.Storage/storageAccounts",
+ "constraints": {
+ "required": "[equals(steps('network').storageAccountDeployMode, 'Existing')]"
+ },
+ "visible": "[equals(steps('network').storageAccountDeployMode, 'Existing')]"
+ },
+ {
+ "name": "infoExistingStorageAccount",
+ "type": "Microsoft.Common.InfoBox",
+ "visible": "[equals(steps('network').storageAccountDeployMode, 'Existing')]",
+ "options": {
+ "icon": "Info",
+ "text": "The Storage Account must allow network access from the Serial Console feature, for more information - Serial Console Security."
+ }
+ },
+ {
+ "name": "infoManagedStorageAccount",
+ "type": "Microsoft.Common.InfoBox",
+ "visible": "[equals(steps('network').storageAccountDeployMode, 'Managed')]",
+ "options": {
+ "icon": "Info",
+ "text": "Azure will use a managed Storage Account for the deployment, no additional configuration is required."
+ }
+ },
+ {
+ "name": "warningNoneStorageAccount",
+ "type": "Microsoft.Common.InfoBox",
+ "visible": "[equals(steps('network').storageAccountDeployMode, 'None')]",
+ "options": {
+ "icon": "Warning",
+ "text": "Please note that deploying without a Storage Account will not allow you to use the Serial Console feature. For more information - Azure Serial Console."
+ }
}
]
},
@@ -705,8 +773,10 @@
"tagsByResource": "[steps('tags').tagsByResource]",
"deployNewNSG": "[steps('network').NSG]",
"ExistingNSG": "[steps('network').nsgSelector]",
- "NewNsgName": "[steps('network').NSGName]",
- "addStorageAccountIpRules": "[steps('network').addStorageAccountIpRules]",
+ "NewNsgName": "[steps('network').NSGName]",
+ "storageAccountDeployMode": "[steps('network').storageAccountDeployMode]",
+ "addStorageAccountIpRules":"[steps('network').addStorageAccountIpRules]",
+ "existingStorageAccountId": "[steps('network').existingStorageAccount]",
"SerialConsolePasswordHash": "[steps('chkp-advanced').AdditionalPassword]",
"MaintenanceModePasswordHash": "[steps('chkp-advanced').MaintenanceModePassword]"
}
diff --git a/azure/templates/marketplace-mds/mainTemplate.json b/azure/templates/marketplace-mds/mainTemplate.json
index 814a1832..561efdc2 100644
--- a/azure/templates/marketplace-mds/mainTemplate.json
+++ b/azure/templates/marketplace-mds/mainTemplate.json
@@ -246,19 +246,39 @@
"type": "string",
"defaultValue": "[concat(parameters('vmName'),'-nsg')]"
},
+ "storageAccountDeployMode": {
+ "type": "string",
+ "defaultValue": "New",
+ "metadata": {
+ "description": "Choose the Storage Account mode: 'New' creates a new account, 'Existing' uses one already available, 'Managed' provisions a managed account, and 'None' skips account creation."
+ },
+ "allowedValues": [
+ "New",
+ "Existing",
+ "Managed",
+ "None"
+ ]
+ },
"addStorageAccountIpRules": {
"type": "bool",
"metadata": {
- "description": "Add Storage Account IP rules that allow access to the Serial Console only for IPs based on their geographic location, based on https://learn.microsoft.com/en-us/troubleshoot/azure/virtual-machines/serial-console-linux#use-serial-console-with-custom-boot-diagnostics-storage-account-firewall-enabled"
+ "description": "Add Storage Account IP rules that allow access to the Serial Console only for IPs based on their geographic location, based on https://learn.microsoft.com/en-us/troubleshoot/azure/virtual-machines/serial-console-linux#use-serial-console-with-custom-boot-diagnostics-storage-account-firewall-enabled. Only relevant when 'Storage Account Deploy Mode' is set to 'New'."
},
"defaultValue": false
},
"storageAccountAdditionalIps": {
"type": "array",
"metadata": {
- "description": "IPs/CIDRs that are allowed access to the Storage Account. Format should be an array of strings."
+ "description": "IPs/CIDRs that are allowed access to the Storage Account. Format should be an array of strings. Only relevant when 'Storage Account Deploy Mode' is set to 'New'."
},
"defaultValue": []
+ },
+ "existingStorageAccountId": {
+ "type": "string",
+ "metadata": {
+ "description": "The ID of the existing Storage Account. Only relevant when 'Storage Account Deploy Mode' is set to 'Existing'."
+ },
+ "defaultValue": ""
}
},
"variables": {
@@ -1125,6 +1145,7 @@
}
},
{
+ "condition": "[equals(parameters('storageAccountDeployMode'), 'New')]",
"type": "Microsoft.Storage/storageAccounts",
"name": "[variables('storageAccountName')]",
"apiVersion": "2022-09-01",
@@ -1142,7 +1163,7 @@
"sku": {
"name": "[variables('storageAccountType')]"
},
- "kind": "Storage",
+ "kind": "StorageV2",
"tags": "[ if(contains(parameters('tagsByResource'), 'Microsoft.Storage/storageAccounts'), parameters('tagsByResource')['Microsoft.Storage/storageAccounts'], json('{}')) ]"
},
{
@@ -1426,10 +1447,7 @@
"properties": {
"UserData": "[variables('customData64')]",
"diagnosticsProfile": {
- "bootDiagnostics": {
- "enabled": "true",
- "storageUri": "[reference(resourceId('Microsoft.Storage/storageAccounts/', variables('storageAccountName')), '2023-05-01').primaryEndpoints.blob]"
- }
+ "bootDiagnostics": "[if(equals(parameters('storageAccountDeployMode'), 'None'), createObject('enabled', false()), if(equals(parameters('storageAccountDeployMode'), 'Managed'), createObject('enabled', true()), createObject('enabled', true(), 'storageUri', if(equals(parameters('storageAccountDeployMode'), 'New'), reference(resourceId('Microsoft.Storage/storageAccounts/', variables('storageAccountName')), '2023-05-01').primaryEndpoints.blob, reference(parameters('existingStorageAccountId'), '2023-05-01').primaryEndpoints.blob))))]"
},
"hardwareProfile": {
"vmSize": "[parameters('vmSize')]"
diff --git a/azure/templates/marketplace-single-waap/createUiDefinition.json b/azure/templates/marketplace-single-waap/createUiDefinition.json
index 3ebd285b..42e2ebff 100755
--- a/azure/templates/marketplace-single-waap/createUiDefinition.json
+++ b/azure/templates/marketplace-single-waap/createUiDefinition.json
@@ -67,8 +67,8 @@
"toolTip": "Token can be obtained by logging in to [https://portal.checkpoint.com/](https://portal.checkpoint.com/) –> INFINITY POLICY -> CLOUD -> Profiles",
"constraints": {
"required": true,
- "regex": "^cp-[a-z0-9A-Z-]{72,72}$",
- "validationMessage": "Token should begin with 'cp-' and must be 75 characters long"
+ "regex": "^cp-(([a-z0-9A-Z-]{72,72})|([a-z0-9A-Z-]{75,75}))$",
+ "validationMessage": "Token should begin with 'cp-' and must be 75 or 78 characters long"
},
"options": {
"hideConfirmation": false
diff --git a/azure/templates/marketplace-single-waap/mainTemplate.json b/azure/templates/marketplace-single-waap/mainTemplate.json
index 1d4f4b84..d7704b90 100755
--- a/azure/templates/marketplace-single-waap/mainTemplate.json
+++ b/azure/templates/marketplace-single-waap/mainTemplate.json
@@ -50,7 +50,7 @@
"waapAgentToken": {
"type": "securestring",
"minLength": 75,
- "maxLength": 75,
+ "maxLength": 78,
"metadata": {
"description": "Infinity Next Agent Token"
}
@@ -203,7 +203,7 @@
},
"variables": {
"templateName": "checkpoint_waap",
- "templateVersion": "20210922",
+ "templateVersion": "20211028",
"location": "[parameters('location')]",
"osVersion": "R8040",
"installationType": "waap",
@@ -282,6 +282,9 @@
{
"type": "Microsoft.Storage/storageAccounts",
"name": "[variables('storageAccountName')]",
+ "properties": {
+ "minimalTlsVersion": "TLS1_2"
+ },
"apiVersion": "2021-04-01",
"location": "[variables('location')]",
"sku": {
diff --git a/azure/templates/marketplace-single/createUiDefinition.json b/azure/templates/marketplace-single/createUiDefinition.json
index e8e97e37..94afe822 100644
--- a/azure/templates/marketplace-single/createUiDefinition.json
+++ b/azure/templates/marketplace-single/createUiDefinition.json
@@ -1198,6 +1198,35 @@
},
"visible": "[steps('network').NSG]"
},
+ {
+ "name": "storageAccountDeployMode",
+ "type": "Microsoft.Common.DropDown",
+ "label": "Storage Account Deployment Mode",
+ "toolTip": "Select your preferred Storage Account deployment mode, New to a new Storage Account, Existing to an existing Storage Account, Managed to managed Storage Account, None to deploy without a Storage Account",
+ "defaultValue": "New",
+ "constraints": {
+ "allowedValues": [
+ {
+ "label": "New",
+ "value": "New"
+ },
+ {
+ "label": "Existing",
+ "value": "Existing"
+ },
+ {
+ "label": "Managed",
+ "value": "Managed"
+ },
+ {
+ "label": "None",
+ "value": "None"
+ }
+ ],
+ "required": true
+ },
+ "visible": true
+ },
{
"name": "addStorageAccountIpRules",
"type": "Microsoft.Common.OptionsGroup",
@@ -1215,9 +1244,48 @@
"value": true
}
],
- "required": true
+ "required": "[equals(steps('network').storageAccountDeployMode, 'New')]"
},
- "visible": true
+ "visible": "[equals(steps('network').storageAccountDeployMode, 'New')]"
+ },
+ {
+ "name": "existingStorageAccount",
+ "type": "Microsoft.Solutions.ResourceSelector",
+ "label": "Storage Account",
+ "defaultValue": "null",
+ "toolTip": "Choose an existing Storage Account",
+ "resourceType": "Microsoft.Storage/storageAccounts",
+ "constraints": {
+ "required": "[equals(steps('network').storageAccountDeployMode, 'Existing')]"
+ },
+ "visible": "[equals(steps('network').storageAccountDeployMode, 'Existing')]"
+ },
+ {
+ "name": "infoExistingStorageAccount",
+ "type": "Microsoft.Common.InfoBox",
+ "visible": "[equals(steps('network').storageAccountDeployMode, 'Existing')]",
+ "options": {
+ "icon": "Info",
+ "text": "The Storage Account must allow network access from the Serial Console feature, for more information - Serial Console Security."
+ }
+ },
+ {
+ "name": "infoManagedStorageAccount",
+ "type": "Microsoft.Common.InfoBox",
+ "visible": "[equals(steps('network').storageAccountDeployMode, 'Managed')]",
+ "options": {
+ "icon": "Info",
+ "text": "Azure will use a managed Storage Account for the deployment, no additional configuration is required."
+ }
+ },
+ {
+ "name": "warningNoneStorageAccount",
+ "type": "Microsoft.Common.InfoBox",
+ "visible": "[equals(steps('network').storageAccountDeployMode, 'None')]",
+ "options": {
+ "icon": "Warning",
+ "text": "Please note that deploying without a Storage Account will not allow you to use the Serial Console feature. For more information - Azure Serial Console."
+ }
}
]
},
@@ -1285,7 +1353,9 @@
"deployNewNSG": "[steps('network').NSG]",
"ExistingNSG": "[steps('network').nsgSelector]",
"NewNsgName": "[steps('network').NSGName]",
- "addStorageAccountIpRules":"[steps('network').addStorageAccountIpRules]"
+ "storageAccountDeployMode": "[steps('network').storageAccountDeployMode]",
+ "addStorageAccountIpRules":"[steps('network').addStorageAccountIpRules]",
+ "existingStorageAccountId": "[steps('network').existingStorageAccount]"
}
}
}
diff --git a/azure/templates/marketplace-single/mainTemplate.json b/azure/templates/marketplace-single/mainTemplate.json
index e279137d..0e88f0a5 100644
--- a/azure/templates/marketplace-single/mainTemplate.json
+++ b/azure/templates/marketplace-single/mainTemplate.json
@@ -292,19 +292,39 @@
"type": "string",
"defaultValue": "[concat(parameters('vmName'),'-nsg')]"
},
+ "storageAccountDeployMode": {
+ "type": "string",
+ "defaultValue": "New",
+ "metadata": {
+ "description": "Choose the Storage Account mode: 'New' creates a new account, 'Existing' uses one already available, 'Managed' provisions a managed account, and 'None' skips account creation."
+ },
+ "allowedValues": [
+ "New",
+ "Existing",
+ "Managed",
+ "None"
+ ]
+ },
"addStorageAccountIpRules": {
"type": "bool",
"metadata": {
- "description": "Add Storage Account IP rules that allow access to the Serial Console only for IPs based on their geographic location, based on https://learn.microsoft.com/en-us/troubleshoot/azure/virtual-machines/serial-console-linux#use-serial-console-with-custom-boot-diagnostics-storage-account-firewall-enabled"
+ "description": "Add Storage Account IP rules that allow access to the Serial Console only for IPs based on their geographic location, based on https://learn.microsoft.com/en-us/troubleshoot/azure/virtual-machines/serial-console-linux#use-serial-console-with-custom-boot-diagnostics-storage-account-firewall-enabled. Only relevant when 'Storage Account Deploy Mode' is set to 'New'."
},
"defaultValue": false
},
"storageAccountAdditionalIps": {
"type": "array",
"metadata": {
- "description": "IPs/CIDRs that are allowed access to the Storage Account. Format should be an array of strings."
+ "description": "IPs/CIDRs that are allowed access to the Storage Account. Format should be an array of strings. Only relevant when 'Storage Account Deploy Mode' is set to 'New'."
},
"defaultValue": []
+ },
+ "existingStorageAccountId": {
+ "type": "string",
+ "metadata": {
+ "description": "The ID of the existing Storage Account. Only relevant when 'Storage Account Deploy Mode' is set to 'Existing'."
+ },
+ "defaultValue": ""
}
},
"variables": {
@@ -1230,6 +1250,7 @@
}
},
{
+ "condition": "[equals(parameters('storageAccountDeployMode'), 'New')]",
"type": "Microsoft.Storage/storageAccounts",
"name": "[variables('storageAccountName')]",
"apiVersion": "2022-09-01",
@@ -1247,7 +1268,7 @@
"sku": {
"name": "[variables('storageAccountType')]"
},
- "kind": "Storage",
+ "kind": "StorageV2",
"tags": "[ if(contains(parameters('tagsByResource'), 'Microsoft.Storage/storageAccounts'), parameters('tagsByResource')['Microsoft.Storage/storageAccounts'], json('{}')) ]"
},
{
@@ -1443,10 +1464,7 @@
"properties": {
"UserData": "[base64(concat(variables('customData'), '\n', 'vnet=\"', if(equals(parameters('vnetNewOrExisting'), 'new'), reference('networkNewSetup').outputs.vnetAddressPrefix.value, reference('networkExistingSetup').outputs.vnetAddressPrefix.value), '\"', '\n' ))]",
"diagnosticsProfile": {
- "bootDiagnostics": {
- "enabled": "true",
- "storageUri": "[reference(resourceId('Microsoft.Storage/storageAccounts/', variables('storageAccountName')), '2023-05-01').primaryEndpoints.blob]"
- }
+ "bootDiagnostics": "[if(equals(parameters('storageAccountDeployMode'), 'None'), createObject('enabled', false()), if(equals(parameters('storageAccountDeployMode'), 'Managed'), createObject('enabled', true()), createObject('enabled', true(), 'storageUri', if(equals(parameters('storageAccountDeployMode'), 'New'), reference(resourceId('Microsoft.Storage/storageAccounts/', variables('storageAccountName')), '2023-05-01').primaryEndpoints.blob, reference(parameters('existingStorageAccountId'), '2023-05-01').primaryEndpoints.blob))))]"
},
"hardwareProfile": {
"vmSize": "[parameters('vmSize')]"
diff --git a/azure/templates/marketplace-vmss-waap/createUiDefinition.json b/azure/templates/marketplace-vmss-waap/createUiDefinition.json
index 2ca24a11..51c05e9c 100755
--- a/azure/templates/marketplace-vmss-waap/createUiDefinition.json
+++ b/azure/templates/marketplace-vmss-waap/createUiDefinition.json
@@ -67,8 +67,8 @@
"toolTip": "Token can be obtained by logging in to [https://portal.checkpoint.com/](https://portal.checkpoint.com/) –> INFINITY POLICY -> CLOUD -> Profiles",
"constraints": {
"required": true,
- "regex": "^cp-[a-z0-9A-Z-]{72,72}$",
- "validationMessage": "Token should begin with 'cp-' and must be 75 characters long"
+ "regex": "^cp-(([a-z0-9A-Z-]{72,72})|([a-z0-9A-Z-]{75,75}))$",
+ "validationMessage": "Token should begin with 'cp-' and must be 75 or 78 characters long"
},
"options": {
"hideConfirmation": false
diff --git a/azure/templates/marketplace-vmss-waap/mainTemplate.json b/azure/templates/marketplace-vmss-waap/mainTemplate.json
index df1bc1cf..0b921194 100755
--- a/azure/templates/marketplace-vmss-waap/mainTemplate.json
+++ b/azure/templates/marketplace-vmss-waap/mainTemplate.json
@@ -51,7 +51,7 @@
"waapAgentToken": {
"type": "securestring",
"minLength": 75,
- "maxLength": 75,
+ "maxLength": 78,
"metadata": {
"description": "Infinity Next Agent Token"
}
@@ -73,6 +73,7 @@
"availabilityZonesNum": {
"type": "int",
"allowedValues": [
+ 0,
1,
2,
3
@@ -387,7 +388,7 @@
},
"variables": {
"templateName": "waap_vmss",
- "templateVersion": "20210922",
+ "templateVersion": "20211028",
"location": "[parameters('location')]",
"osVersion": "R8040",
"isBlink": true,
diff --git a/azure/templates/marketplace-vmss/createUiDefinition.json b/azure/templates/marketplace-vmss/createUiDefinition.json
index 2dd112bc..21c1a0b1 100644
--- a/azure/templates/marketplace-vmss/createUiDefinition.json
+++ b/azure/templates/marketplace-vmss/createUiDefinition.json
@@ -116,7 +116,7 @@
"name": "cloudGuardVersion",
"type": "Microsoft.Common.DropDown",
"label": "Version",
- "defaultValue": "r82",
+ "defaultValue": "R82",
"toolTip": "Check Point Recommended version for all deployments is R82",
"constraints": {
"allowedValues": [
@@ -948,7 +948,7 @@
"name": "floatingIP",
"type": "Microsoft.Common.OptionsGroup",
"label": "Deploy the Load Balancers with floating IP",
- "defaultValue": "No",
+ "defaultValue": "Yes",
"toolTip": "Deploy the Load Balancers with floating IP.",
"constraints": {
"allowedValues": [
@@ -1582,6 +1582,35 @@
},
"visible": "[steps('network').NSG]"
},
+ {
+ "name": "storageAccountDeployMode",
+ "type": "Microsoft.Common.DropDown",
+ "label": "Storage Account Deployment Mode",
+ "toolTip": "Select your preferred Storage Account deployment mode, New to a new Storage Account, Existing to an existing Storage Account, Managed to managed Storage Account, None to deploy without a Storage Account",
+ "defaultValue": "New",
+ "constraints": {
+ "allowedValues": [
+ {
+ "label": "New",
+ "value": "New"
+ },
+ {
+ "label": "Existing",
+ "value": "Existing"
+ },
+ {
+ "label": "Managed",
+ "value": "Managed"
+ },
+ {
+ "label": "None",
+ "value": "None"
+ }
+ ],
+ "required": true
+ },
+ "visible": true
+ },
{
"name": "addStorageAccountIpRules",
"type": "Microsoft.Common.OptionsGroup",
@@ -1599,9 +1628,48 @@
"value": true
}
],
- "required": true
+ "required": "[equals(steps('network').storageAccountDeployMode, 'New')]"
},
- "visible": true
+ "visible": "[equals(steps('network').storageAccountDeployMode, 'New')]"
+ },
+ {
+ "name": "existingStorageAccount",
+ "type": "Microsoft.Solutions.ResourceSelector",
+ "label": "Storage Account",
+ "defaultValue": "null",
+ "toolTip": "Choose an existing Storage Account",
+ "resourceType": "Microsoft.Storage/storageAccounts",
+ "constraints": {
+ "required": "[equals(steps('network').storageAccountDeployMode, 'Existing')]"
+ },
+ "visible": "[equals(steps('network').storageAccountDeployMode, 'Existing')]"
+ },
+ {
+ "name": "infoExistingStorageAccount",
+ "type": "Microsoft.Common.InfoBox",
+ "visible": "[equals(steps('network').storageAccountDeployMode, 'Existing')]",
+ "options": {
+ "icon": "Info",
+ "text": "The Storage Account must allow network access from the Serial Console feature, for more information - Serial Console Security."
+ }
+ },
+ {
+ "name": "infoManagedStorageAccount",
+ "type": "Microsoft.Common.InfoBox",
+ "visible": "[equals(steps('network').storageAccountDeployMode, 'Managed')]",
+ "options": {
+ "icon": "Info",
+ "text": "Azure will use a managed Storage Account for the deployment, no additional configuration is required."
+ }
+ },
+ {
+ "name": "warningNoneStorageAccount",
+ "type": "Microsoft.Common.InfoBox",
+ "visible": "[equals(steps('network').storageAccountDeployMode, 'None')]",
+ "options": {
+ "icon": "Warning",
+ "text": "Please note that deploying without a Storage Account will not allow you to use the Serial Console feature. For more information - Azure Serial Console."
+ }
}
]
},
@@ -1689,7 +1757,9 @@
"deployNewNSG": "[steps('network').NSG]",
"ExistingNSG": "[steps('network').nsgSelector]",
"NewNsgName": "[steps('network').NSGName]",
- "addStorageAccountIpRules": "[steps('network').addStorageAccountIpRules]",
+ "storageAccountDeployMode": "[steps('network').storageAccountDeployMode]",
+ "addStorageAccountIpRules":"[steps('network').addStorageAccountIpRules]",
+ "existingStorageAccountId": "[steps('network').existingStorageAccount]",
"SerialConsolePasswordHash": "[steps('chkp-advanced').AdditionalPassword]",
"MaintenanceModePasswordHash": "[steps('chkp-advanced').MaintenanceModePassword]"
}
diff --git a/azure/templates/marketplace-vmss/mainTemplate.json b/azure/templates/marketplace-vmss/mainTemplate.json
index 332c56bb..a989480e 100644
--- a/azure/templates/marketplace-vmss/mainTemplate.json
+++ b/azure/templates/marketplace-vmss/mainTemplate.json
@@ -158,7 +158,7 @@
},
"floatingIP": {
"type": "string",
- "defaultValue": "no",
+ "defaultValue": "yes",
"allowedValues": [
"no",
"yes"
@@ -486,19 +486,39 @@
"type": "string",
"defaultValue": "[concat(parameters('vmName'),'-nsg')]"
},
+ "storageAccountDeployMode": {
+ "type": "string",
+ "defaultValue": "New",
+ "metadata": {
+ "description": "Choose the Storage Account mode: 'New' creates a new account, 'Existing' uses one already available, 'Managed' provisions a managed account, and 'None' skips account creation."
+ },
+ "allowedValues": [
+ "New",
+ "Existing",
+ "Managed",
+ "None"
+ ]
+ },
"addStorageAccountIpRules": {
"type": "bool",
"metadata": {
- "description": "Add Storage Account IP rules that allow access to the Serial Console only for IPs based on their geographic location, based on https://learn.microsoft.com/en-us/troubleshoot/azure/virtual-machines/serial-console-linux#use-serial-console-with-custom-boot-diagnostics-storage-account-firewall-enabled"
+ "description": "Add Storage Account IP rules that allow access to the Serial Console only for IPs based on their geographic location, based on https://learn.microsoft.com/en-us/troubleshoot/azure/virtual-machines/serial-console-linux#use-serial-console-with-custom-boot-diagnostics-storage-account-firewall-enabled. Only relevant when 'Storage Account Deploy Mode' is set to 'New'"
},
"defaultValue": false
},
"storageAccountAdditionalIps": {
"type": "array",
"metadata": {
- "description": "IPs/CIDRs that are allowed access to the Storage Account. Format should be an array of strings."
+ "description": "IPs/CIDRs that are allowed access to the Storage Account. Format should be an array of strings. Only relevant when 'Storage Account Deploy Mode' is set to 'New'."
},
"defaultValue": []
+ },
+ "existingStorageAccountId": {
+ "type": "string",
+ "metadata": {
+ "description": "The ID of the existing Storage Account. Only relevant when 'Storage Account Deploy Mode' is set to 'Existing'."
+ },
+ "defaultValue": ""
}
},
"variables": {
@@ -1683,6 +1703,7 @@
}
},
{
+ "condition": "[equals(parameters('storageAccountDeployMode'), 'New')]",
"type": "Microsoft.Storage/storageAccounts",
"name": "[variables('storageAccountName')]",
"apiVersion": "2021-04-01",
@@ -1700,7 +1721,7 @@
"sku": {
"name": "[variables('storageAccountType')]"
},
- "kind": "Storage",
+ "kind": "StorageV2",
"tags": "[ if(contains(parameters('tagsByResource'), 'Microsoft.Storage/storageAccounts'), parameters('tagsByResource')['Microsoft.Storage/storageAccounts'], json('{}')) ]"
},
{
@@ -1811,10 +1832,7 @@
]
},
"diagnosticsProfile": {
- "bootDiagnostics": {
- "enabled": "true",
- "storageUri": "[reference(variables('storageAccountId'), '2023-01-01').primaryEndpoints.blob]"
- }
+ "bootDiagnostics": "[if(equals(parameters('storageAccountDeployMode'), 'None'), createObject('enabled', false()), if(equals(parameters('storageAccountDeployMode'), 'Managed'), createObject('enabled', true()), createObject('enabled', true(), 'storageUri', if(equals(parameters('storageAccountDeployMode'), 'New'), reference(variables('storageAccountId'), '2023-01-01').primaryEndpoints.blob, reference(parameters('existingStorageAccountId'), '2023-05-01').primaryEndpoints.blob))))]"
}
},
"overprovision": false
diff --git a/azure/templates/nestedtemplates/load-balancers.json b/azure/templates/nestedtemplates/load-balancers.json
index dcdf0ae0..a3fdb935 100644
--- a/azure/templates/nestedtemplates/load-balancers.json
+++ b/azure/templates/nestedtemplates/load-balancers.json
@@ -61,7 +61,7 @@
"appProbeName": "[variables('appName')]",
"appFrontEndProtocol": "tcp",
"appFrontEndPort": 80,
- "appBackEndPort": 8081,
+ "appBackEndPort": 80,
"appHealthProtocol": "tcp",
"ilbHealthProtocol": "tcp",
"lbHealthPort": 8117,
diff --git a/azure/templates/vwan-managed-app/mainTemplate.json b/azure/templates/vwan-managed-app/mainTemplate.json
index 8c9952e6..a2619afb 100644
--- a/azure/templates/vwan-managed-app/mainTemplate.json
+++ b/azure/templates/vwan-managed-app/mainTemplate.json
@@ -92,6 +92,20 @@
"description": "Paste an OpenSSH public key. You can generate a key pair using SSH-keygen (Linux, OS X, Cygwin) or PuttyGen (Windows)"
}
},
+ "MaintenanceModePasswordHash": {
+ "type": "securestring",
+ "defaultValue": "",
+ "metadata": {
+ "Description": "Maintenance mode password hash, relevant only for R81.20 and higher versions"
+ }
+ },
+ "SerialConsolePasswordHash": {
+ "type": "securestring",
+ "defaultValue": "",
+ "metadata": {
+ "Description": "Optional parameter, used to enable serial console connection. In R81.10 and below, the serial console password is also used as the maintenance mode password."
+ }
+ },
"BGP": {
"defaultValue": "64512",
"type": "String",
@@ -212,9 +226,9 @@
},
"planVersion": {
"type": "string",
- "defaultValue": "1.0.22",
+ "defaultValue": "1.0.24",
"metadata": {
- "description": "Always deploy the latest available version of the managed application (e.g., 1.0.22) to ensure optimal performance and compatibility. For a complete list of available versions, refer to: https://support.checkpoint.com/results/sk/sk132192"
+ "description": "Always deploy the latest available version of the managed application (e.g., 1.0.24) to ensure optimal performance and compatibility. For a complete list of available versions, refer to: https://support.checkpoint.com/results/sk/sk132192"
}
}
},
@@ -372,6 +386,12 @@
"sshPublicKey": {
"value": "[parameters('sshPublicKey')]"
},
+ "MaintenanceModePasswordHash": {
+ "value": "[parameters('MaintenanceModePasswordHash')]"
+ },
+ "SerialConsolePasswordHash": {
+ "value": "[parameters('SerialConsolePasswordHash')]"
+ },
"BGP": {
"value": "[parameters('BGP')]"
},