- CheckMates
- :
- Products
- :
- CloudMates Products
- :
- Cloud Network Security
- :
- Discussion
- :
- Detach license of decommissioned Firewall.
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Are you a member of CheckMates?
×- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Detach license of decommissioned Firewall.
Hello Experts, I got an interesting scenario wherein the Gateway is decommissioned but the admin forgot to detach license from the gateway. Would like to know how to detach license from a Gateway which is no more alive and cannot come back to life. Any input is much appreciated. Management server is R81, take 65.
- Tags:
- license
Accepted Solutions
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
This must be OpenServer - you have to re-download the product/bundle license (open it , get License Information, click Get Last License), delete the old license from SMS and install the new one:
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
This must be OpenServer - you have to re-download the product/bundle license (open it , get License Information, click Get Last License), delete the old license from SMS and install the new one:
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hello @G_W_Albrecht , Thanks for your reply. I already tried to download and attach the license to new gateway but getting error license already in use. Can you please guide how to delete the license from SMS? In "cplic print" I do not see the license key in question.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Use SmartUpdate to do that.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Already tried from their. It is throwing SIC error which is obvious because Firewall itself doesnot exist.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
No, not remove from GW, remove the SMS part using Detach License !
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi
Where do you receive the message that the license is already in use?
To see the license key use the command cplic print -x
Then, if you want to delete a license, just use cplic del <signature key>
Also consider consulting Check Point Account Services:
Account Services
For questions about support processes, contracts or User Center and licensing, please call Account Services at +1-972-444-6600 and select option 3.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hello @Tal_Paz-Fridman , I was getting error "license already in use" while adding license to another gateway from SmartConsole. I was not able to see the license key on running cplic print -x for some reason. I had to regenerate the license from User Center and this new license worked (I am able to attach). There should be some way to retrieve used license from SMS itself if gateway is no more alive.
Nonetheless, Thankyou everyone for your help!
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Can you attach the output you get from cplic print or cplic print -x command? As @Tal_Paz-Fridman said, best way to delete a license is with cplic del command. I pasted below steps I used to solve odd license issue I had recently in R81.20 lab. Maybe give it a go and see what happens.
Except, in your case, you would do the steps on gateway, not mgmt server.
Andy
https://community.checkpoint.com/t5/Management/License-warning-messages/m-p/169625#M33614
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
>> Except, in your case, you would do the steps on gateway, not mgmt server.
Gateway is decommissioned but the admin forgot to detach license
---> the steps are done on SMS...
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I know I did steps on sms cause thats where I had the issue, but they work same on the fw, as inidicated in the original link. But, since fw was decomissioned, guess the only way really would be via UC, if possible.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
cplic print output will not make much sense since I was not able to see this particular CK in the output and many gateways are managed by the same SMS, so the output is pretty big. Generating new license from UC worked though, so I am find with that.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
While your specific problem is solved now, other readers of this thread may help a hint to the CLI guide regarding cplic and cplic db commands on SMS.
cplic db_print -all -x -t -a
will give you all the nice details about the license database on SMS.
You can deleted already detached licensed with cplic db_rm followed by the signature key, to really clean whatever may be left.
However, in case you have a missmatch regarding an attached central managed gateway license between what SMS (it is attached) and gateway (it is not attached) thinks, in my previous cases, a
cp lic get GATEWAY
resynced that in a way, that SMS has learned from the gateway, resulting in unattached state on both sides. If it is the correct license, you can attach now from SMS and gateway will get it. In case it is not, you can delete it now with db_rm as sayed above and add and attach the new one.
Saying that, I have to admit that there were cases, where even TAC did not found another solution to clear up license mess without deleting licenses directly with (gui)dbedit.