This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
zullo
Explorer
yesterday

Licensing on Cloudguard HA clusters

Hello community!

I'm an avid reader of this community and here is my first post, so thanks in advanced.

CONTEXT: We have several virtual GWs mounted on vmware infra, mainly using VE-NGTP & VE-NGTX licenses all managed centrally. As a standard, all deployments are HA using cluster XL.

QUESTION: After installing many of them. I've seen that some cluster members take up only 1 license in the vsec_lic_cli tool, even though each VM has the same HW specs for each pair.

In the image I attach you can see the different behaviour for cluster MTZ (where each member takes up 4 vCPUS) but on cluster FW-SEDE you see one taking 12 and the other one just 1, even though license pools have enough capacity to assign the whole 12.

OTHER INFO:

Security Management Server R81.20 - Build 016 - HOTFIX_R81_20_JUMBO_HF_MAIN Take: 89

SEDE GW -

version R81.20 - Build 033 - kernel: R81.20 - Build 041

HOTFIX_GAIA_API_AUTOUPDATE - HOTFIX_ENDER_V17_AUTOUPDATE - HOTFIX_R81_20_JUMBO_HF_MAIN Take: 76

 

 

 

 

2 Replies
the_rock
Legend
Legend
yesterday

Hey @zullo 

Not sure if below might be helpful to you, but its exact info Account services sent me couple of years back when I worked with a customer to license CP gateways in Azure. Btw, no images appear to be attached.

Andy

****************************

Please note that this is broken down into 3 stages:
 
A. Generate the license
B. Install the license
C. Update contracts file 
-------------------------------------------------------------------------------------------
A. Generate the license:

1. Login to your UC user > Click "Assets/Info" / "My Check Point" > Click "Product Center" > Select your account(s) from the "Selected Accounts" menu and click Done.
2. Check the box to the left of the line item(s) that require a license generation.
3. Click "License" button that has the key icon.
4. Choose 'Central' license and input the MGMT IP that manages the vSec gateway(s)
5. Complete the rest of the required fields (marked with an asterisk)
6. Click "Activate" button (if re-licensing a product, option will be "Change")
7. Click "Get License Information" and copy the two commands that begin with 'cplic put ...' aside
 ------------------------------------------------------------------------------------------
B. Install the license:

1. Open SSH to the MGMT in expert mode
2. Paste the command which is labeled "For the Security Management Server"
3. Run the command "vsec_lic_cli on"
4. Run the command "vsec_lic_cli"
5. Choose option 1 (Add license)
6. Paste the command labeled "For the Security Gateway:" without the parts "cplic put" and "[module name]".
Example:
1.2.3.4 never dUy6trBX8-jmVyWKQSX-xzdTkVFVT-76nMEXDks cpsg-ve+8 cpsb-base cpsb-fw cpsm-c-2 cpsb-vpn cpsb-adnc cpsb-npm cpsb-logs cpsb-ips cpsb-av cpsb-urlf cpsb-apcl cpsb-aspm cpsb-abot-s cpsb-ctnt CK-ABCDEF1234567
7. The license should be distributed to the GW's - if not manage the distribution through the other commands in "vsec_lic_cli", for more information see:
sk109713

The admin guide:
https://sc1.checkpoint.com/documents/IaaS/WebAdminGuides/EN/CP_CloudGuard_Central_License_Tool_Admin...
-------------------------------------------------------------------------------------------
C. Update Contracts File:

1. Login to your UC user
2. Click "Assets/Info"/"My Check Point" > Click "Download Contract File".
3. In the section titled "Service Contract File Download", select the Account(s) you need your Service Contract File for.
4. Select "Email File" or "Download Now".
5. Login to SmartUpdate
6. From the menu:  select "Licenses & Contracts" > "Update Contracts > "Import File"
7. Browse to the directory where the file is located and click "Open"
8. The file will be added to the respective certificate key(s) 
 
​​​​​​​Finally, to verify the file was successfully installed, run 'cplic print -x' on the command line.

**************************

0 Kudos
Chris_Atkinson
Employee Employee
Employee
yesterday

There is no image/picture attached, definitely need to see the outputs of the license utility etc

CCSM R77/R80/ELITE
0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
UPCOMING CLOUDMATES EVENTS
    Sort by:
    All CloudMates Events