This gist shows how to deploy a security gateway on OpenShift Virtualization via a DataVolume with a URL source.
oc create -f config-chkp-gw-00.yamloc create -f chkp-gw-00-dv.yamloc create -f chkp-gw-00.yaml
Dana James Traversie dana-at-cp
dana-at-cp
/ OCPv-CHKP-GW.md
Last active
October 31, 2025 16:48
Deploy a CHKP security gateway on OpenShift Virtualization via a DataVolume with a URL source.
dana-at-cp
/ br-ex-network-nad.yaml
Created
September 18, 2025 19:43
Deploy a Check Point CloudGuard Network security gateway in an OpenShift namespace with primary and secondary user defined networks.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| apiVersion: k8s.cni.cncf.io/v1 | |
| kind: NetworkAttachmentDefinition | |
| metadata: | |
| name: br-ex-network | |
| namespace: djtlabz-alpha | |
| spec: | |
| config: '{ | |
| "name":"br-ex-network", | |
| "type":"ovn-k8s-cni-overlay", | |
| "cniVersion":"0.4.0", |
dana-at-cp
/ cloudguard-controller.sh
Last active
September 5, 2025 16:15
Create a service account in a dedicated 'chkp-cloudguard' namespace/project on an openshift cluster for CloudGuard Controller that includes access to: endpoints, pods, services, and nodes.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| oc project chkp-cloudguard | |
| oc create serviceaccount cloudguard-controller | |
| oc create clusterrole endpoint-reader --verb=get,list --resource=endpoints | |
| oc create clusterrolebinding allow-cloudguard-access-endpoints --clusterrole=endpoint-reader --serviceaccount=chkp-cloudguard:cloudguard-controller | |
| oc create clusterrole pod-reader --verb=get,list --resource=pods | |
| oc create clusterrolebinding allow-cloudguard-access-pods --clusterrole=pod-reader --serviceaccount=chkp-cloudguard:cloudguard-controller | |
| oc create clusterrole service-reader --verb=get,list --resource=services | |
| oc create clusterrolebinding allow-cloudguard-access-services --clusterrole=service-reader --serviceaccount=chkp-cloudguard:cloudguard-controller |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| { | |
| "fields": { | |
| "project": { | |
| "key": "D9" | |
| }, | |
| "summary": "${Title}", | |
| "description": "${Description}\n\nh4. Remediation\n${Remediation}\n\nh4. Ruleset Details\n|| ID || Name ||\n| ${Ruleset_ID} | ${Ruleset_Name} |\n\nh4. Environment Details\n|| ID || Type || Name || External ID ||\n| ${Environment_ID} | ${Environment_Type} | ${Environment_Name} | ${Environment_External_ID} |\n\nh4. Entity Details\n|| ID || Type || Name || Region || Network || Tags ||\n| ${Entity_ID} | ${Entity_Type} | ${Entity_Name} | ${Entity_Region} | ${Entity_Network} | ${Entity_Tags} |", | |
| "issuetype": { | |
| "name": "Task" | |
| }, |
dana-at-cp
/ open-web-api.sh
Created
July 29, 2019 20:31
A simple script to open up the Gaia web API
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| # open-web-api.sh | |
| LOG_FILE=/var/log/open-web-api.log | |
| start_time=$(date) | |
| echo "$start_time" > $LOG_FILE |
dana-at-cp
/ gaia-mgmt-ftw-user-data.sh
Created
July 29, 2019 20:22
Gaia FTW cloud-init user data for config_system management images
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| # gaia-mgmt-ftw-user-data.sh | |
| # all set to admin123 | |
| SIC_KEY='admin123' | |
| ADMIN_HASH='$6$0rVzHRkDOMwsB9cP$dm60oGLtEfgNGZK.WiiECa4FP3MPBbhob.oG.a33LyoEZvlbfL.5AFRzKmzRB4OQq0rgDF4JymvibXz3hNB2z/' | |
| ADMIN_PW='admin123' | |
| FTW_LOG=/var/log/ftw.log |
dana-at-cp
/ gaia-ftw-user-data.sh
Created
July 24, 2019 15:45
Gaia FTW cloud-init user data for Blink-enabled and legacy config_system images
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| # gaia-ftw-user-data.sh | |
| # all set to admin123 | |
| SIC_KEY='admin123' | |
| ADMIN_HASH='$6$0rVzHRkDOMwsB9cP$dm60oGLtEfgNGZK.WiiECa4FP3MPBbhob.oG.a33LyoEZvlbfL.5AFRzKmzRB4OQq0rgDF4JymvibXz3hNB2z/' | |
| ADMIN_PW='admin123' | |
| FTW_LOG=/var/log/ftw.log |