Bootstrap Configuration Example for Check Point Security Gateway in AWS/Azure

This document applies to both AWS and Azure.

Using the bootstrap option significantly simplifies Check Point Security Gateway initial configuration setup.

In this document, we provide a basic bootstrap example for Check Point. Bootstrap Configuration can be a vendor specific script or configuration.

For a manual setup of Check Point in AWS, follow Configuring Check Point in AWS.

For a manual setup of Check Point in Azure, follow Configuring Check Point in Azure.

After you enable Bootstrap Configuration for your AWS or Azure-based Check Point firewall, you can select either AWS S3 Bucket or User Data. If you select AWS S3 Bucket, you must have already completed the following sections in your AWS Console:

If you select User Data, click here to complete the bootstrap configuration.

Ready to Go

Now that you have deployed your firewall instance, your firewall is ready to receive packets. The next step is to validate your configurations in the Check Point Security Gateway, and configure polices for Ingress and Egress inspection.

By default, all traffic is allowed in Check Point that can be verified by launching one instance in PROD Spoke VPC/VNet and DEV Spoke VPC/VNet. Start pinging packets from an instance in DEV Spoke VPC/VNet to the private IP of another instance in PROD Spoke VPC/VNet. The ICMP traffic should go through Check Point and be inspected in the Security Gateway.

Additional References

Check Point Reference Custom Data