Creating an IAM Role and Policy
-
Log in to the AWS console and create an IAM role with the name: for example, "bootstrap-Checkpoint-S3-role".
-
Attach an IAM policy with the name: for example, "bootstrap-Checkpoint-S3-policy". The policy has the following statements.
{ "Version": "2022-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "s3:ListBucket" ], "Resource": [ "arn:aws:s3:::*" ] }, { "Effect": "Allow", "Action": [ "s3:GetObject" ], "Resource": [ "arn:aws:s3:::*" ] } ] }
Creating Bootstrap Bucket Structure
In AWS S3, at the top level create a bucket for bootstrap with a unique name, for example "bootstrap-fortigate-bucket", with the following structure:
bootstrap-checkpoint-bucket/ init.conf license.lic
Upload Config Files
-
The example init.conf file contains the "Allow All" setup. To download the file, click init.conf.
-
For the example license.lic file, click license.lic. For Metered AMI, this file is not required.
-
Upload these two files to your config folder in the bootstrap-checkpoint-bucket.
-
Navigate to Security > FireNet > Firewall to launch and deploy your Check Point firewall (for AWS or Azure) using the bootstrap configuration (selecting the AWS S3 Bucket option).