Skip to content

Commit 30e4d16

Browse files
cgns-gitlab-mirror-app[bot]chkp-noamerez
cgns-gitlab-mirror-app[bot]
and
chkp-noamerez
authored
feat(VSECPC-12285): Azure | ARM Templates - Add IPv6 support (management, single) (#538)
Co-authored-by: noamerez <noamerez@checkpoint.com>
1 parent 0ad7658 commit 30e4d16

7 files changed

Lines changed: 1304 additions & 195 deletions

File tree

azure/templates/marketplace-management/createUiDefinition.json

Lines changed: 93 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -725,6 +725,93 @@
725725
}
726726
}
727727
},
728+
{
729+
"name": "enableIpv6",
730+
"type": "Microsoft.Common.OptionsGroup",
731+
"label": "Enable IPv6 Support",
732+
"toolTip": "Enable IPv6 support. For a new Virtual Network you must provide IPv6 prefixes and a static IPv6 NIC address; for an existing Virtual Network we do not modify the VNet or subnet and the static IPv6 NIC address you enter must already be valid in the existing subnet prefix. The management VM NIC will get this static IPv6 when enabled.",
733+
"defaultValue": "No (IPv4 only)",
734+
"constraints": {
735+
"allowedValues": [
736+
{ "label": "No (IPv4 only)", "value": false },
737+
{ "label": "Yes (IPv4 + IPv6)", "value": true }
738+
],
739+
"required": true
740+
},
741+
"visible": true
742+
},
743+
{
744+
"name": "ipv6Section",
745+
"type": "Microsoft.Common.Section",
746+
"label": "IPv6 Configuration",
747+
"visible": "[steps('network').enableIpv6]",
748+
"elements": [
749+
{
750+
"name": "virtualNetworkIpv6AddressPrefix",
751+
"type": "Microsoft.Common.TextBox",
752+
"label": "Virtual Network IPv6 Address Prefix",
753+
"defaultValue": "ace:cab:deca::/48",
754+
"toolTip": "IPv6 address prefix for the virtual network (e.g., ace:cab:deca::/48)",
755+
"constraints": {
756+
"required": "[and(steps('network').enableIpv6, equals(steps('network').virtualNetwork.newOrExisting, 'new'))]",
757+
"regex": "^(([0-9A-Fa-f]{1,4}:){7}[0-9A-Fa-f]{1,4}|([0-9A-Fa-f]{1,4}:){1,7}:|([0-9A-Fa-f]{1,4}:){1,6}:[0-9A-Fa-f]{1,4}|([0-9A-Fa-f]{1,4}:){1,5}(:[0-9A-Fa-f]{1,4}){1,2}|([0-9A-Fa-f]{1,4}:){1,4}(:[0-9A-Fa-f]{1,4}){1,3}|([0-9A-Fa-f]{1,4}:){1,3}(:[0-9A-Fa-f]{1,4}){1,4}|([0-9A-Fa-f]{1,4}:){1,2}(:[0-9A-Fa-f]{1,4}){1,5}|[0-9A-Fa-f]{1,4}:((:[0-9A-Fa-f]{1,4}){1,6})|((:[0-9A-Fa-f]{1,4}){1,7}|:))/(4[8-9]|5[0-9]|6[0-4])$",
758+
"validationMessage": "Enter a valid IPv6 CIDR (e.g., ace:cab:deca::/48)"
759+
},
760+
"visible": "[and(steps('network').enableIpv6, equals(steps('network').virtualNetwork.newOrExisting, 'new'))]"
761+
},
762+
{
763+
"name": "Subnet1Ipv6Prefix",
764+
"type": "Microsoft.Common.TextBox",
765+
"label": "Management Subnet IPv6 Prefix",
766+
"defaultValue": "ace:cab:deca:deed::/64",
767+
"toolTip": "IPv6 address prefix for the management subnet (e.g., ace:cab:deca:deed::/64)",
768+
"constraints": {
769+
"required": "[and(steps('network').enableIpv6, equals(steps('network').virtualNetwork.newOrExisting, 'new'))]",
770+
"regex": "^(([0-9A-Fa-f]{1,4}:){7}[0-9A-Fa-f]{1,4}|([0-9A-Fa-f]{1,4}:){1,7}:|([0-9A-Fa-f]{1,4}:){1,6}:[0-9A-Fa-f]{1,4}|([0-9A-Fa-f]{1,4}:){1,5}(:[0-9A-Fa-f]{1,4}){1,2}|([0-9A-Fa-f]{1,4}:){1,4}(:[0-9A-Fa-f]{1,4}){1,3}|([0-9A-Fa-f]{1,4}:){1,3}(:[0-9A-Fa-f]{1,4}){1,4}|([0-9A-Fa-f]{1,4}:){1,2}(:[0-9A-Fa-f]{1,4}){1,5}|[0-9A-Fa-f]{1,4}:((:[0-9A-Fa-f]{1,4}){1,6})|((:[0-9A-Fa-f]{1,4}){1,7}|:))/64$",
771+
"validationMessage": "Enter a valid IPv6 CIDR (e.g., ace:cab:deca:deed::/64)"
772+
},
773+
"visible": "[and(steps('network').enableIpv6, equals(steps('network').virtualNetwork.newOrExisting, 'new'))]"
774+
},
775+
{
776+
"name": "Subnet1Ipv6StartAddress",
777+
"type": "Microsoft.Common.TextBox",
778+
"label": "Management NIC IPv6 Address (Static)",
779+
"defaultValue": "ace:cab:deca:deed::a",
780+
"toolTip": "[if(equals(steps('network').virtualNetwork.newOrExisting, 'new'), 'Enter the static IPv6 address for the management NIC (no CIDR) within the Management Subnet IPv6 prefix above.', 'Enter the static IPv6 address for the management NIC (no CIDR) inside your existing subnet IPv6 prefix.')]",
781+
"constraints": {
782+
"required": "[steps('network').enableIpv6]",
783+
"regex": "^(([0-9A-Fa-f]{1,4}:){7}[0-9A-Fa-f]{1,4}|([0-9A-Fa-f]{1,4}:){1,7}:|([0-9A-Fa-f]{1,4}:){1,6}:[0-9A-Fa-f]{1,4}|([0-9A-Fa-f]{1,4}:){1,5}(:[0-9A-Fa-f]{1,4}){1,2}|([0-9A-Fa-f]{1,4}:){1,4}(:[0-9A-Fa-f]{1,4}){1,3}|([0-9A-Fa-f]{1,4}:){1,3}(:[0-9A-Fa-f]{1,4}){1,4}|([0-9A-Fa-f]{1,4}:){1,2}(:[0-9A-Fa-f]{1,4}){1,5}|[0-9A-Fa-f]{1,4}:((:[0-9A-Fa-f]{1,4}){1,6})|((:[0-9A-Fa-f]{1,4}){1,7}|:))$",
784+
"validationMessage": "Enter a valid IPv6 address (no CIDR)"
785+
},
786+
"visible": "[steps('network').enableIpv6]"
787+
},
788+
{
789+
"name": "managementGUIClientNetworkIpv6",
790+
"type": "Microsoft.Common.TextBox",
791+
"label": "Allow SmartConsole IPv6 connections from these networks (optional)",
792+
"defaultValue": "::/0",
793+
"toolTip": "Optional IPv6 CIDR(s) for SmartConsole access (e.g., ace:cab:deca:deed::/64). Leave ::/0 to allow all.",
794+
"constraints": {
795+
"required": false,
796+
"regex": "^(([0-9A-Fa-f]{1,4}:){7}[0-9A-Fa-f]{1,4}|([0-9A-Fa-f]{1,4}:){1,7}:|([0-9A-Fa-f]{1,4}:){1,6}:[0-9A-Fa-f]{1,4}|([0-9A-Fa-f]{1,4}:){1,5}(:[0-9A-Fa-f]{1,4}){1,2}|([0-9A-Fa-f]{1,4}:){1,4}(:[0-9A-Fa-f]{1,4}){1,3}|([0-9A-Fa-f]{1,4}:){1,3}(:[0-9A-Fa-f]{1,4}){1,4}|([0-9A-Fa-f]{1,4}:){1,2}(:[0-9A-Fa-f]{1,4}){1,5}|[0-9A-Fa-f]{1,4}(:[0-9A-Fa-f]{1,4}){1,6}|:(:[0-9A-Fa-f]{1,4}){1,7}|::)/(12[0-8]|1[01][0-9]|[1-9][0-9]|[0-9])$",
797+
"validationMessage": "Enter a valid IPv6 network CIDR (e.g., ace:cab:deca:deed::/64)"
798+
},
799+
"visible": "[steps('network').enableIpv6]"
800+
}
801+
]
802+
},
803+
{
804+
"name": "managementGUIClientNetwork",
805+
"type": "Microsoft.Common.TextBox",
806+
"label": "Allow SmartConsole connections from these networks",
807+
"toolTip": "Allow SmartConsole connections from the following CIDR networks, for example: 192.168.1.0/26",
808+
"constraints": {
809+
"required": true,
810+
"regex": "^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\\/([0-9]|[1-2][0-9]|3[0-2]))$",
811+
"validationMessage": "Enter a valid IPv4 network CIDR"
812+
},
813+
"visible": "[equals(steps('chkp-advanced').installationType, 'management')]"
814+
},
728815
{
729816
"name": "NSG",
730817
"type": "Microsoft.Common.OptionsGroup",
@@ -913,7 +1000,12 @@
9131000
"Subnet1StartAddress": "[steps('network').virtualNetwork.subnets.subnet1.startAddress]",
9141001
"vnetNewOrExisting": "[steps('network').virtualNetwork.newOrExisting]",
9151002
"virtualNetworkExistingRGName": "[steps('network').virtualNetwork.resourceGroup]",
916-
"managementGUIClientNetwork": "[steps('chkp').managementGUIClientNetwork]",
1003+
"managementGUIClientNetwork": "[steps('network').managementGUIClientNetwork]",
1004+
"enableIpv6": "[steps('network').enableIpv6]",
1005+
"virtualNetworkIpv6AddressPrefix": "[if(steps('network').enableIpv6, steps('network').ipv6Section.virtualNetworkIpv6AddressPrefix, '')]",
1006+
"Subnet1Ipv6Prefix": "[if(steps('network').enableIpv6, steps('network').ipv6Section.Subnet1Ipv6Prefix, '')]",
1007+
"Subnet1Ipv6StartAddress": "[if(steps('network').enableIpv6, steps('network').ipv6Section.Subnet1Ipv6StartAddress, '')]",
1008+
"managementGUIClientNetworkIpv6": "[if(steps('network').enableIpv6, steps('network').ipv6Section.managementGUIClientNetworkIpv6, '')]",
9171009
"installationType": "[steps('chkp-advanced').installationType]",
9181010
"bootstrapScript": "[steps('chkp-advanced').bootstrapScript]",
9191011
"allowDownloadFromUploadToCheckPoint": "[coalesce(steps('chkp-advanced').allowUploadDownload, 'true')]",

0 commit comments

Comments
 (0)