CheckPointSW · cgns-gitlab-mirror-app · Feb 8, 2026 · Feb 8, 2026
diff --git a/aws/templates/management/README.md b/aws/templates/management/README.md
@@ -1,5 +1,5 @@
-
 ## Security Management Server
+
 <table>
     <thead>
         <tr>
@@ -24,10 +24,11 @@
 In order to check the template version, please refer to [sk125252](https://support.checkpoint.com/results/sk/sk125252#ToggleR8120gateway)
 
 | Template Version | Description                                                                                                   |
-|------------------|---------------------------------------------------------------------------------------------------------------|
+| ---------------- | ------------------------------------------------------------------------------------------------------------- |
+| 20260208         | Add IPv6 support via IPMode variable: "IPv4" and "DualStack"                                                  |
 | 20240704         | - R80.40 version deprecation.<br/>- R81 version deprecation.                                                  |
 | 20240519         | Add support for requiring use instance metadata service version 2 (IMDSv2) only                               |
-| 20230923         | Add support for C5d instance type                                                                             | 
+| 20230923         | Add support for C5d instance type                                                                             |
 | 20230521         | - Change default shell for the admin user to /etc/cli.sh<br/>- Add description for reserved words in hostname |
 | 20221123         | Templates version 20221120 and above support R81.20                                                           |
 | 20220606         | New instance type support                                                                                     |

diff --git a/aws/templates/management/management-master.yaml b/aws/templates/management/management-master.yaml
@@ -1,6 +1,6 @@
 AWSTemplateFormatVersion: 2010-09-09
 Description: |
-  Deploys a Check Point Management Server into a new VPC (20260101)
+  Deploys a Check Point Management Server into a new VPC (20260205)
   See sk130372 administration guide for detailed deployment and configuration steps.
 Metadata:
   AWS::CloudFormation::Interface:
@@ -24,6 +24,7 @@ Metadata:
           - VPCCIDR
           - PublicSubnet1CIDR
           - ManagementName
+          - IPMode
           - AllocatePublicAddress
           - VolumeSize
           - VolumeType
@@ -57,8 +58,10 @@ Metadata:
         default: Management Instance type
       KeyName:
         default: Key name
+      IPMode:
+        default: IP Configuration Mode
       AllocatePublicAddress:
-        default: Allocate an Elastic IP
+        default: Allocate an Elastic IPv4 address (Irrelevant for IPv6 only mode)
       VolumeSize:
         default: Root volume size (GB)
       VolumeType:
@@ -319,6 +322,13 @@ Parameters:
     Type: AWS::EC2::KeyPair::KeyName
     MinLength: 1
     ConstraintDescription: must be the name of an existing EC2 KeyPair.
+  IPMode:
+    Description: Specifies the IP mode for the Management and AWS resources.
+    Type: String
+    AllowedValues:
+      - IPv4
+      - DualStack
+    Default: IPv4
   AllocatePublicAddress:
     Description: Allocate an elastic IP for the Management.
     Type: String
@@ -451,15 +461,15 @@ Parameters:
       - true
       - false
   AdminCIDR:
-    Description: Allow web, SSH, and graphical clients only from this network to communicate
+    Description: Allow web, SSH, and graphical clients only from this network to communicate (IPv4 or IPv6 CIDR)
       with the Management Server.
     Type: String
-    AllowedPattern: '^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\/([0-9]|[1-2][0-9]|3[0-2]))$'
+    AllowedPattern: '^((25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\/(3[0-2]|[12]?[0-9])|([0-9a-fA-F]{0,4}:){2,7}([0-9a-fA-F]{0,4}|((25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.){3}(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?))\/([0-9]|[1-9][0-9]|1[0-1][0-9]|12[0-8]))$'
   GatewaysAddresses:
-    Description: Allow gateways only from this network to communicate with the Management
+    Description: Allow gateways only from this network to communicate with the Management (IPv4 or IPv6 CIDR)
       Server.
     Type: String
-    AllowedPattern: '^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\/([0-9]|[1-2][0-9]|3[0-2]))$'
+    AllowedPattern: '^((25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\/(3[0-2]|[12]?[0-9])|([0-9a-fA-F]{0,4}:){2,7}([0-9a-fA-F]{0,4}|((25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.){3}(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?))\/([0-9]|[1-9][0-9]|1[0-1][0-9]|12[0-8]))$'
   GatewayManagement:
     Description: Select 'Over the internet' if any of the gateways you wish to manage
       are not directly accessed via their private IP address.
@@ -484,23 +494,28 @@ Parameters:
     Default: 0.pool.ntp.org
     AllowedPattern: '[\.a-zA-Z0-9\-]*'
 Conditions:
-  EIP: !Equals [!Ref AllocatePublicAddress, true]
+  IsIPv6Enabled: !Not [!Equals [!Ref IPMode, "IPv4"]]
+  IsIPv4Enabled: !Not [!Equals [!Ref IPMode, "IPv6"]]
+  AllocatePublicIPv4:
+    !And [!Equals [!Ref AllocatePublicAddress, true], !Condition IsIPv4Enabled]
 Resources:
   VPCStack:
     Type: AWS::CloudFormation::Stack
     Properties:
-      TemplateURL: https://cgi-cfts.s3.amazonaws.com/utils/vpc.yaml
+      TemplateURL:
+        !If [IsIPv6Enabled, https://cgi-cfts.s3.amazonaws.com/utils/vpc-ipv6.yaml, https://cgi-cfts.s3.amazonaws.com/utils/vpc.yaml]
       Parameters:
         AvailabilityZones: !Ref AvailabilityZone
         NumberOfAZs: 1
         VPCCIDR: !Ref VPCCIDR
         PublicSubnet1CIDR: !Ref PublicSubnet1CIDR
         CreatePrivateSubnets: false
         CreateAttachmentSubnets: false
+        IPMode: !Ref IPMode
   ManagementStack:
     Type: AWS::CloudFormation::Stack
     Properties:
-      TemplateURL: https://cgi-cfts.s3.us-east-1.amazonaws.com/management/management.yaml
+      TemplateURL: https://cgi-cfts.s3.amazonaws.com/management/management.yaml
       Parameters:
         VPC: !GetAtt VPCStack.Outputs.VPCID
         ManagementSubnet: !GetAtt VPCStack.Outputs.PublicSubnet1ID
@@ -531,16 +546,17 @@ Resources:
         ManagementBootstrapScript: !Ref ManagementBootstrapScript
         NTPPrimary: !Ref NTPPrimary
         NTPSecondary: !Ref NTPSecondary
+        IPMode: !Ref IPMode
 Outputs:
   PublicAddress:
-    Condition: EIP
-    Description: The public address of the management server.
+    Condition: AllocatePublicIPv4
+    Description: The public address of the Management Server.
     Value: !GetAtt ManagementStack.Outputs.PublicAddress
   SSH:
-    Condition: EIP
-    Description: SSH command to the management server.
+    Condition: AllocatePublicIPv4
+    Description: SSH command.
     Value: !GetAtt ManagementStack.Outputs.SSH
   URL:
-    Condition: EIP
-    Description: URL to the management server portal.
-    Value: !GetAtt ManagementStack.Outputs.URL
+    Condition: AllocatePublicIPv4
+    Description: URL to the portal.
+    Value: !GetAtt ManagementStack.Outputs.URL