Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Highlighted
Contributor

Endpoint Security VPN License

Jump to solution

Hi Team,

There are two separate management servers.

1)X.X.X.X -------> To manage Gateways

2)Y.Y.Y.Y -------> To manage Endpoint Security.

We have 'Complete Sandblast package' license which includes 'Endpoint VPN' blade.This license is installed on the server Y.Y.Y.Y 

Now we want to configure VPN.

This VPN will connect to Gateway and there is no VPN client license on Gateways.

In this case,where I should apply the license(on Endpoint Server Y.Y.Y.Y or on Gateway Management X.X.X.X) ?

0 Kudos
Reply
1 Solution

Accepted Solutions
Highlighted
Collaborator

When you generate the license on UserCenter there will be two components:
CPSB-SB-EP-VPN
CPSB-COMPLETE

CPSB-SB-EP-VPN gets licensed with the IP of the SMS that manages your gateways.  You obviously need to assign this licensed to that SMS (x.x.x.x) also.

CPSB-COMPLETE gets licensed against your Endpoint SMS (y.y.y.y)

Thanks,
Ruan

View solution in original post

0 Kudos
Reply
8 Replies
Highlighted
Employee++
Employee++

At the time of license activation/generation within Usercenter (Product Center) the Remote Access portion should be split and applied to the NPM IP address.

0 Kudos
Reply
Highlighted
Collaborator

When you generate the license on UserCenter there will be two components:
CPSB-SB-EP-VPN
CPSB-COMPLETE

CPSB-SB-EP-VPN gets licensed with the IP of the SMS that manages your gateways.  You obviously need to assign this licensed to that SMS (x.x.x.x) also.

CPSB-COMPLETE gets licensed against your Endpoint SMS (y.y.y.y)

Thanks,
Ruan

View solution in original post

0 Kudos
Reply
Highlighted
Contributor

Hi Ruan,

Thank you for the quick help.

I have already generated the VPN  license with the Endpoint Server IP(Y.Y.Y.Y)

Now can I regenerate the license with SMS IP(X.X.X.X) ?

0 Kudos
Reply
Highlighted
Collaborator

If you edit your existing license you'll see it's a two step process, so you'll basically be generating two seperate licenses.

Once done and you download the licenses, you'll be able to download them seperately as per sreenshot.

Thanks,
Ruan

0 Kudos
Reply
Highlighted
Contributor

Dear Ruan,

 

We have seat for 100 users EP-VPN.

Now I do have 3 clusters managed by SMS

Should we need to have 3 separate "CPSB-SB-EP-VPN-Complete" package?

Or should we need to generate with Each Cluster IP and attach it by changing one by one on same License?

 

Regards, Nagaaj

0 Kudos
Reply
Highlighted
Champion
Champion

No - if you have an EPSS, you have to install part of the license there, as was written here above:

- CPSB-SB-EP-VPN gets licensed with the IP of the SMS that manages your gateways.  You obviously need to assign this licensed to that SMS (x.x.x.x) also.

- CPSB-COMPLETE gets licensed against your Endpoint SMS (y.y.y.y)

The only license needed on the cluster nodes are MAB sslvpn licenses - these are not included in EPS licenses.

 

0 Kudos
Reply
Highlighted
Contributor

Hi Albretch,

 

Thanks for the reply.

Here we have 3 clusters managed by same   management server.

As per  the recommendation,we have added the license(CPSB-SB-EP-VPN) on the management server which is managing the three clusters(VPN gateway).

We have CPSB-SB-EP-VPN license for 100 seats.

Now how these licenses are distributed among these 3 clusters as this license is added on the common management server.

 

 

 

0 Kudos
Reply
Highlighted
Collaborator

The licensing is per number of total seats (the sum of all VPN clients) connected across all VPN gateways managed by SmartCenter/Management Domain.

My understanding based on sk166032 is that, in your instance, is that you can have 100 users distributed across your 3 clusters in any ratio and it will work.

Remember - the license gets installed on your SMS, not on your gateway.  The license count gets pushed down to each gateway as part of the policy push.