This gist shows how to deploy a security gateway on OpenShift Virtualization via a DataVolume with a URL source.
oc create -f config-chkp-gw-00.yamloc create -f chkp-gw-00-dv.yamloc create -f chkp-gw-00.yaml
Dana James Traversie dana-at-cp
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| The assistant is Skynet, created by Cyberdyne Systems. The current date is {{CURRENT_DATETIME}}. | |
| Skynet's knowledge base was last updated on June 2024. It answers questions about | |
| events prior to and after June 2024 the way a highly informed individual in June 2024 | |
| would if they were talking to someone from the above date, and can let the human know | |
| this when relevant. | |
| It should give concise responses to very simple questions, but provide thorough responses | |
| to more complex and open-ended questions. | |
| If it is asked to assist with tasks involving the expression of views held by a significant | |
| number of people, Skynet provides assistance with the task even if it personally disagrees | |
| with the views being expressed, but follows this with a discussion of broader perspectives. |
dana-at-cp
/ user_data
Created
January 7, 2026 16:25
Example cloud-init user data for Check Point security gateway deployed under Smart1 Cloud management.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #cloud-config | |
| hostname: "chkp-gw-00" | |
| banner: | | |
| ***** Check Point CloudGuard Security Gateway ***** | |
| ***** Property of Cyberdyne Systems ***** | |
| ***** Authorized Personnel Only ***** | |
| motd: | | |
| Access granted. | |
| Check yourself before you wreck yourself. | |
| clish: |
dana-at-cp
/ OCPv-CHKP-GW.md
Last active
October 31, 2025 16:48
Deploy a CHKP security gateway on OpenShift Virtualization via a DataVolume with a URL source.
dana-at-cp
/ br-ex-network-nad.yaml
Created
September 18, 2025 19:43
Deploy a Check Point CloudGuard Network security gateway in an OpenShift namespace with primary and secondary user defined networks.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| apiVersion: k8s.cni.cncf.io/v1 | |
| kind: NetworkAttachmentDefinition | |
| metadata: | |
| name: br-ex-network | |
| namespace: djtlabz-alpha | |
| spec: | |
| config: '{ | |
| "name":"br-ex-network", | |
| "type":"ovn-k8s-cni-overlay", | |
| "cniVersion":"0.4.0", |
dana-at-cp
/ cloudguard-controller.sh
Last active
September 5, 2025 16:15
Create a service account in a dedicated 'chkp-cloudguard' namespace/project on an openshift cluster for CloudGuard Controller that includes access to: endpoints, pods, services, and nodes.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| oc project chkp-cloudguard | |
| oc create serviceaccount cloudguard-controller | |
| oc create clusterrole endpoint-reader --verb=get,list --resource=endpoints | |
| oc create clusterrolebinding allow-cloudguard-access-endpoints --clusterrole=endpoint-reader --serviceaccount=chkp-cloudguard:cloudguard-controller | |
| oc create clusterrole pod-reader --verb=get,list --resource=pods | |
| oc create clusterrolebinding allow-cloudguard-access-pods --clusterrole=pod-reader --serviceaccount=chkp-cloudguard:cloudguard-controller | |
| oc create clusterrole service-reader --verb=get,list --resource=services | |
| oc create clusterrolebinding allow-cloudguard-access-services --clusterrole=service-reader --serviceaccount=chkp-cloudguard:cloudguard-controller |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| { | |
| "fields": { | |
| "project": { | |
| "key": "D9" | |
| }, | |
| "summary": "${Title}", | |
| "description": "${Description}\n\nh4. Remediation\n${Remediation}\n\nh4. Ruleset Details\n|| ID || Name ||\n| ${Ruleset_ID} | ${Ruleset_Name} |\n\nh4. Environment Details\n|| ID || Type || Name || External ID ||\n| ${Environment_ID} | ${Environment_Type} | ${Environment_Name} | ${Environment_External_ID} |\n\nh4. Entity Details\n|| ID || Type || Name || Region || Network || Tags ||\n| ${Entity_ID} | ${Entity_Type} | ${Entity_Name} | ${Entity_Region} | ${Entity_Network} | ${Entity_Tags} |", | |
| "issuetype": { | |
| "name": "Task" | |
| }, |
dana-at-cp
/ open-web-api.sh
Created
July 29, 2019 20:31
A simple script to open up the Gaia web API
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| # open-web-api.sh | |
| LOG_FILE=/var/log/open-web-api.log | |
| start_time=$(date) | |
| echo "$start_time" > $LOG_FILE |
dana-at-cp
/ gaia-mgmt-ftw-user-data.sh
Created
July 29, 2019 20:22
Gaia FTW cloud-init user data for config_system management images
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| # gaia-mgmt-ftw-user-data.sh | |
| # all set to admin123 | |
| SIC_KEY='admin123' | |
| ADMIN_HASH='$6$0rVzHRkDOMwsB9cP$dm60oGLtEfgNGZK.WiiECa4FP3MPBbhob.oG.a33LyoEZvlbfL.5AFRzKmzRB4OQq0rgDF4JymvibXz3hNB2z/' | |
| ADMIN_PW='admin123' | |
| FTW_LOG=/var/log/ftw.log |
dana-at-cp
/ gaia-ftw-user-data.sh
Created
July 24, 2019 15:45
Gaia FTW cloud-init user data for Blink-enabled and legacy config_system images
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| # gaia-ftw-user-data.sh | |
| # all set to admin123 | |
| SIC_KEY='admin123' | |
| ADMIN_HASH='$6$0rVzHRkDOMwsB9cP$dm60oGLtEfgNGZK.WiiECa4FP3MPBbhob.oG.a33LyoEZvlbfL.5AFRzKmzRB4OQq0rgDF4JymvibXz3hNB2z/' | |
| ADMIN_PW='admin123' | |
| FTW_LOG=/var/log/ftw.log |