Describe the issue
CheckPoint has announced a new version of the Firewall manager. We want to upgrade but we don't like the "reuse the existing VM and click upgrade in the UI" approach. We prefer to IaC the upgrade and roll out a fresh AMI VM. The issue is we need to figure this out.
Additional context
Ensure that the configuration is not lost
The AMIs are configured by the SEA, although we may want to consider terraform
Definition of done
Talk to Ryan Jaeger and see if there was any consideration for AMI upgrades. We will likely need to provide feedback upstream.
Back up the firewall and firewall manager configurations, for reapplication on the new instances (include policies in the backup)
Update the SEA config, re-run the state machine
Create a pattern for re-running some automation to get a fresh updated VM AMI firewall manager appliance
Consider this pattern for the firewalls too, and think forward to how this could affect policies updates that we have consumed from secops (we don't want to lose them)
Use AWS ECF Dev for developing this pattern
Upgrade the Check Point Firewall Manager in LZ0
Document the pattern in private cloudops-internal in markdown and review with Carles
Look at linked ticket, create extra well formed tickets if needed
lukegonis
commented
11 months ago
Describe the issue CheckPoint has announced a new version of the Firewall manager. We want to upgrade but we don't like the "reuse the existing VM and click upgrade in the UI" approach. We prefer to IaC the upgrade and roll out a fresh AMI VM. The issue is we need to figure this out.
Additional context
Definition of done