This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
nagaraja_cs
Contributor
‎2020-04-30 12:13 AM
Jump to solution

Endpoint Security VPN License

Hi Team,

There are two separate management servers.

1)X.X.X.X -------> To manage Gateways

2)Y.Y.Y.Y -------> To manage Endpoint Security.

We have 'Complete Sandblast package' license which includes 'Endpoint VPN' blade.This license is installed on the server Y.Y.Y.Y 

Now we want to configure VPN.

This VPN will connect to Gateway and there is no VPN client license on Gateways.

In this case,where I should apply the license(on Endpoint Server Y.Y.Y.Y or on Gateway Management X.X.X.X) ?

0 Kudos
2 Solutions

Accepted Solutions
Ruan_Kotze
MVP Gold
MVP Gold
‎2020-04-30 01:57 AM
Jump to solution

When you generate the license on UserCenter there will be two components:
CPSB-SB-EP-VPN
CPSB-COMPLETE

CPSB-SB-EP-VPN gets licensed with the IP of the SMS that manages your gateways.  You obviously need to assign this licensed to that SMS (x.x.x.x) also.

CPSB-COMPLETE gets licensed against your Endpoint SMS (y.y.y.y)

Thanks,
Ruan

View solution in original post

0 Kudos
Ruan_Kotze
MVP Gold
MVP Gold
‎2020-05-28 02:29 AM
In response to nagaraja_cs
Jump to solution

The licensing is per number of total seats (the sum of all VPN clients) connected across all VPN gateways managed by SmartCenter/Management Domain.

My understanding based on sk166032 is that, in your instance, is that you can have 100 users distributed across your 3 clusters in any ratio and it will work.

Remember - the license gets installed on your SMS, not on your gateway.  The license count gets pushed down to each gateway as part of the policy push.

View solution in original post

10 Replies
Chris_Atkinson
MVP Gold CHKP MVP Gold CHKP
MVP Gold CHKP
‎2020-04-30 01:26 AM
Jump to solution

At the time of license activation/generation within Usercenter (Product Center) the Remote Access portion should be split and applied to the NPM IP address.

CCSM R77/R80/ELITE
0 Kudos
Ruan_Kotze
MVP Gold
MVP Gold
‎2020-04-30 01:57 AM
Jump to solution

When you generate the license on UserCenter there will be two components:
CPSB-SB-EP-VPN
CPSB-COMPLETE

CPSB-SB-EP-VPN gets licensed with the IP of the SMS that manages your gateways.  You obviously need to assign this licensed to that SMS (x.x.x.x) also.

CPSB-COMPLETE gets licensed against your Endpoint SMS (y.y.y.y)

Thanks,
Ruan

0 Kudos
nagaraja_cs
Contributor
‎2020-04-30 02:18 AM
In response to Ruan_Kotze
Jump to solution

Hi Ruan,

Thank you for the quick help.

I have already generated the VPN  license with the Endpoint Server IP(Y.Y.Y.Y)

Now can I regenerate the license with SMS IP(X.X.X.X) ?

0 Kudos
Ruan_Kotze
MVP Gold
MVP Gold
‎2020-04-30 02:56 AM
In response to nagaraja_cs
Jump to solution

If you edit your existing license you'll see it's a two step process, so you'll basically be generating two seperate licenses.

Once done and you download the licenses, you'll be able to download them seperately as per sreenshot.

Thanks,
Ruan

Preview file
115 KB
0 Kudos
nagaraja_cs
Contributor
‎2020-05-26 05:01 AM
In response to Ruan_Kotze
Jump to solution

Dear Ruan,

 

We have seat for 100 users EP-VPN.

Now I do have 3 clusters managed by SMS

Should we need to have 3 separate "CPSB-SB-EP-VPN-Complete" package?

Or should we need to generate with Each Cluster IP and attach it by changing one by one on same License?

 

Regards, Nagaaj

0 Kudos
G_W_Albrecht
MVP Silver
MVP Silver
‎2020-05-26 07:23 AM
In response to nagaraja_cs
Jump to solution

No - if you have an EPSS, you have to install part of the license there, as was written here above:

- CPSB-SB-EP-VPN gets licensed with the IP of the SMS that manages your gateways.  You obviously need to assign this licensed to that SMS (x.x.x.x) also.

- CPSB-COMPLETE gets licensed against your Endpoint SMS (y.y.y.y)

The only license needed on the cluster nodes are MAB sslvpn licenses - these are not included in EPS licenses.

 

CCSP - CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist
0 Kudos
nagaraja_cs
Contributor
‎2020-05-28 01:29 AM
In response to G_W_Albrecht
Jump to solution

Hi Albretch,

 

Thanks for the reply.

Here we have 3 clusters managed by same   management server.

As per  the recommendation,we have added the license(CPSB-SB-EP-VPN) on the management server which is managing the three clusters(VPN gateway).

We have CPSB-SB-EP-VPN license for 100 seats.

Now how these licenses are distributed among these 3 clusters as this license is added on the common management server.

 

 

 

0 Kudos
Ruan_Kotze
MVP Gold
MVP Gold
‎2020-05-28 02:29 AM
In response to nagaraja_cs
Jump to solution

The licensing is per number of total seats (the sum of all VPN clients) connected across all VPN gateways managed by SmartCenter/Management Domain.

My understanding based on sk166032 is that, in your instance, is that you can have 100 users distributed across your 3 clusters in any ratio and it will work.

Remember - the license gets installed on your SMS, not on your gateway.  The license count gets pushed down to each gateway as part of the policy push.

DenisDavila
Explorer
‎2021-10-25 01:22 PM
In response to Ruan_Kotze
Jump to solution

Hi, 

You can explain which is the what is the way to see that the licenses are active, are they seen in the Device & License Information of the cluster?

In my case I already see them active with a print click but there is no way to see them from the smart console.

 

Regards.

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    CheckMates Events