cancel
Showing results for 
Search instead for 
Did you mean: 
Create a Post
Highlighted

Check Point Scale Sets, licensing

Hi,

I am having a hard time on understandig central licesing of scale sets. First off, will I even be able to lab on this using eval lics - or do I need proper lic's ? 

I got a scale set in Azure and the management is on-prem (r80.30). I create eval lics and attach them to the management, and then run 'vsec_lic_cli' .... But then, nothing, there is no licenses available 'No pools of vSEC licenses.' 

So that brings me back to the first question - should I be able to lab on this working with eval's ? Or is there some tips n trickes Im missing out on either with the generation of evals ? (i specify azure on hw during eval creation,,,tried other options to) - or with the usage of vsec_lic_cli in general ? ...  I do understand that there will be different pools if there are different contracs, but for me, eval and lab, there is no contracts.

 

Anyone got any pointers ? 🙂

 

0 Kudos
3 Replies
Admin
Admin

Re: Check Point Scale Sets, licensing

When you initially fire up a gateway instance it should have a 15-day PnP license.
That should work for testing purposes.
Obviously for longer-term use you’ll need more permanent licenses.
0 Kudos

Re: Check Point Scale Sets, licensing

Yes, I know.. But thats not really my issue. 🙂

We do have several customers where we have issues with the vsec licenses distrubution.. using the vsec_lic_cli. This can be customers running on mds or 'standard management'. There are also considerations, at least when looking into mds, about how these pools are set up..how can we report/log/whatever on them - that we want to do lab on.

I have tried creating tons of evals - but I am not able to get them working with the vsec central lic tool.. and is just wondering if anyone has got this working ? Or if its even an option ? Anyone knows of a bug or something ?
0 Kudos

Re: Check Point Scale Sets, licensing

This was a HUGE struggle for me to get working (don't even get me started on the autoprovisioning service!).  Make sure your VMSS gateways have internet access.  Some way, some how.  If they don't have internet access, you're going to have a bad time with licensing and it just won't work for more than a few hours.

Check out sk83520 for a how-to to validate internet connectivity is working.

From an MDS perspective, licensing is still the same steps.  You just have to use the vsec licensing tool to push the license to the gateway.  Make sure you mdsenv into the correct CMA before you run vsec licensing if you connect to the root management IP of your MDS appliance (vs hitting the CMA directly).

Also, make sure the connectivity between your VMSS gateways and MDS is solid.  I struggled with that for a bit until I realized what was broken (crazy intermediate firewall was in the way).

0 Kudos