Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
848
Views
0
Helpful
2
Replies

CML Checkpoint node image .yaml file

LloydD
Level 1
Level 1

‎08-22-2023 02:43 AM

Hi all.

We have a customer who is potentially looking to move from a Checkpoint security gateway (OS/Versioning currently unknown) to FMC (again, FTD device currently unknown but it will be managed through FMC).

To proof of concept this, I am looking to set up a custom Checkpoint node on our CML environment. I have already done similar using a custom Palo Alto node, but I am having difficulty finding a pre-defined Checkpoint image that I can use on CML.
I have found the qcow2 files for most Checkpoint OS versions, so just the yaml missing. Has anyone done something with a checkpoint on CML before and/or is there a checkpoint node image floating around somewhere?

Thanks in advance,

Lloyd

Labels:
0 Helpful
2 Replies 2

balaji.bandi
Hall of Fame
Hall of Fame

‎08-22-2023 03:25 AM

i believe simple YML should work as below :

 

type: qemu
description: CheckPoint Security Gateway VE
name: CP
cpulimit: 1
icon: Checkpoint.png
cpu: 4
ram: 6144
ethernet: 4
console: telnet
qemu_arch: x86_64
qemu_version: 2.12.0
qemu_options: -machine type=pc,accel=kvm -serial mon:stdio -nographic -no-user-config
  -nodefaults -display none -vga std -rtc base=utc

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

0 Helpful

LloydD
Level 1
Level 1
In response to balaji.bandi

‎08-22-2023 03:33 AM

Hi BB,

My only concern with the above is that the names of the interfaces are not included.
I have a .yaml file for the FTDv that I have used on CML and it looks like the following:

id: ftdv
general:
description: Cisco Firepower Threat Defense Virtual
nature: firewall
read_only: false
device:
interfaces:
has_loopback_zero: false
physical:
- Management
- Diagnostic
- Outside
- Inside
- Data1
- Data2
- Data3
- Data4
- Data5
- Data6
serial_ports: 1
default_count: 4
ui:
visible: true
description: |-
Cisco Firepower Threat Defense Virtual (FTDv)

8 GB DRAM, 4 vCPUs

Maximum 10 interfaces, including Management.

[CCO Link](https://www.cisco.com/c/en/us/td/docs/security/firepower/quick_start/kvm/ftdv-kvm-gsg.html)
label_prefix: ftdv-
icon: firewall
label: FTDv
sim:
linux_native:
libvirt_domain_driver: kvm
driver: asav
disk_driver: virtio
ram: 8192
cpus: 4
cpu_limit: 100
nic_driver: virtio
boot:
timeout: 300
completed:
- 'login:'
pyats:
os: fxos
use_in_testbed: true
inherited:
image:
ram: true
cpus: true
cpu_limit: true
data_volume: false
boot_disk_size: false
node:
ram: true
cpus: true
cpu_limit: true
data_volume: false
boot_disk_size: false
configuration:
generator:
driver: asav
provisioning:
volume_name: day0
media_type: iso
files:
- name: day0-config
editable: true
content: |-
#Firepower Threat Defense
{
"EULA": "accept",
"Hostname": "ftdv",
"AdminPassword": "Admin123",
"FirewallMode": "routed",
"DNS1": "",
"DNS2": "",
"DNS3": "",
"IPv4Mode": "manual",
"IPv4Addr": "",
"IPv4Mask": "",
"IPv4Gw": "",
"IPv6Mode": "disabled",
"IPv6Addr": "",
"IPv6Mask": "",
"IPv6Gw": "",
"FmcIp": "",
"FmcRegKey": "",
"FmcNatId": "",
"ManageLocally":"Yes"
}
schema_version: 0.0.1

 

Obviously this looks different to what is included in your comment, but should this still work in CML?

Thanks again for the reply




0 Helpful
Customers Also Viewed These Support Documents