Creating an IAM Role and Policy

  1. Log in to the AWS console and create an IAM role with the name: for example, "bootstrap-Checkpoint-S3-role".

  2. Attach an IAM policy with the name: for example, "bootstrap-Checkpoint-S3-policy". The policy has the following statements.

{
    "Version": "2022-10-17",
    "Statement": [
        {
            "Effect": "Allow",
            "Action": [
                "s3:ListBucket"
            ],
            "Resource": [
                "arn:aws:s3:::*"
            ]
        },
        {
            "Effect": "Allow",
            "Action": [
                "s3:GetObject"
            ],
            "Resource": [
                "arn:aws:s3:::*"
            ]
        }
    ]
}

Creating Bootstrap Bucket Structure

In AWS S3, at the top level create a bucket for bootstrap with a unique name, for example "bootstrap-fortigate-bucket", with the following structure:

bootstrap-checkpoint-bucket/
    init.conf
    license.lic

Upload Config Files

  1. The example init.conf file contains the "Allow All" setup. To download the file, click init.conf.

  2. For the example license.lic file, click license.lic. For Metered AMI, this file is not required.

  3. Upload these two files to your config folder in the bootstrap-checkpoint-bucket.

  4. Navigate to Security > FireNet > Firewall to launch and deploy your Check Point firewall (for AWS or Azure) using the bootstrap configuration (selecting the AWS S3 Bucket option).