Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
nagaraja_cs
Contributor
Jump to solution

Endpoint Security VPN License

Hi Team,

There are two separate management servers.

1)X.X.X.X -------> To manage Gateways

2)Y.Y.Y.Y -------> To manage Endpoint Security.

We have 'Complete Sandblast package' license which includes 'Endpoint VPN' blade.This license is installed on the server Y.Y.Y.Y 

Now we want to configure VPN.

This VPN will connect to Gateway and there is no VPN client license on Gateways.

In this case,where I should apply the license(on Endpoint Server Y.Y.Y.Y or on Gateway Management X.X.X.X) ?

0 Kudos
2 Solutions

Accepted Solutions
Ruan_Kotze
Advisor

When you generate the license on UserCenter there will be two components:
CPSB-SB-EP-VPN
CPSB-COMPLETE

CPSB-SB-EP-VPN gets licensed with the IP of the SMS that manages your gateways.  You obviously need to assign this licensed to that SMS (x.x.x.x) also.

CPSB-COMPLETE gets licensed against your Endpoint SMS (y.y.y.y)

Thanks,
Ruan

View solution in original post

0 Kudos
Ruan_Kotze
Advisor

The licensing is per number of total seats (the sum of all VPN clients) connected across all VPN gateways managed by SmartCenter/Management Domain.

My understanding based on sk166032 is that, in your instance, is that you can have 100 users distributed across your 3 clusters in any ratio and it will work.

Remember - the license gets installed on your SMS, not on your gateway.  The license count gets pushed down to each gateway as part of the policy push.

View solution in original post

10 Replies
Chris_Atkinson
Employee Employee
Employee

At the time of license activation/generation within Usercenter (Product Center) the Remote Access portion should be split and applied to the NPM IP address.

CCSM R77/R80/ELITE
0 Kudos
Ruan_Kotze
Advisor

When you generate the license on UserCenter there will be two components:
CPSB-SB-EP-VPN
CPSB-COMPLETE

CPSB-SB-EP-VPN gets licensed with the IP of the SMS that manages your gateways.  You obviously need to assign this licensed to that SMS (x.x.x.x) also.

CPSB-COMPLETE gets licensed against your Endpoint SMS (y.y.y.y)

Thanks,
Ruan

0 Kudos
nagaraja_cs
Contributor

Hi Ruan,

Thank you for the quick help.

I have already generated the VPN  license with the Endpoint Server IP(Y.Y.Y.Y)

Now can I regenerate the license with SMS IP(X.X.X.X) ?

0 Kudos
Ruan_Kotze
Advisor

If you edit your existing license you'll see it's a two step process, so you'll basically be generating two seperate licenses.

Once done and you download the licenses, you'll be able to download them seperately as per sreenshot.

Thanks,
Ruan

0 Kudos
nagaraja_cs
Contributor

Dear Ruan,

 

We have seat for 100 users EP-VPN.

Now I do have 3 clusters managed by SMS

Should we need to have 3 separate "CPSB-SB-EP-VPN-Complete" package?

Or should we need to generate with Each Cluster IP and attach it by changing one by one on same License?

 

Regards, Nagaaj

0 Kudos
G_W_Albrecht
Legend Legend
Legend

No - if you have an EPSS, you have to install part of the license there, as was written here above:

- CPSB-SB-EP-VPN gets licensed with the IP of the SMS that manages your gateways.  You obviously need to assign this licensed to that SMS (x.x.x.x) also.

- CPSB-COMPLETE gets licensed against your Endpoint SMS (y.y.y.y)

The only license needed on the cluster nodes are MAB sslvpn licenses - these are not included in EPS licenses.

 

CCSP - CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist
0 Kudos
nagaraja_cs
Contributor

Hi Albretch,

 

Thanks for the reply.

Here we have 3 clusters managed by same   management server.

As per  the recommendation,we have added the license(CPSB-SB-EP-VPN) on the management server which is managing the three clusters(VPN gateway).

We have CPSB-SB-EP-VPN license for 100 seats.

Now how these licenses are distributed among these 3 clusters as this license is added on the common management server.

 

 

 

0 Kudos
Ruan_Kotze
Advisor

The licensing is per number of total seats (the sum of all VPN clients) connected across all VPN gateways managed by SmartCenter/Management Domain.

My understanding based on sk166032 is that, in your instance, is that you can have 100 users distributed across your 3 clusters in any ratio and it will work.

Remember - the license gets installed on your SMS, not on your gateway.  The license count gets pushed down to each gateway as part of the policy push.

DenisDavila
Explorer

Hi, 

You can explain which is the what is the way to see that the licenses are active, are they seen in the Device & License Information of the cluster?

In my case I already see them active with a print click but there is no way to see them from the smart console.

 

Regards.

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events