- Products
- Learn
- Local User Groups
- Partners
- More
CheckMates Fifth Birthday
Celebrate with Us!
days
hours
minutes
seconds
Join the CHECKMATES Everywhere Competition
Submit your picture to win!
Check Point Proactive support
Free trial available for 90 Days!
As YOU DESERVE THE BEST SECURITY
Upgrade to our latest GA Jumbo
The 2022 MITRE Engenuity ATT&CK®
Evaluations Results Are In!
Now Available: SmartAwareness Security Training
Training Built to Educate and Engage
MITRE ATT&CK
Inside Check Point products!
CheckFlix!
All Videos In One Space
Hi Team,
There are two separate management servers.
1)X.X.X.X -------> To manage Gateways
2)Y.Y.Y.Y -------> To manage Endpoint Security.
We have 'Complete Sandblast package' license which includes 'Endpoint VPN' blade.This license is installed on the server Y.Y.Y.Y
Now we want to configure VPN.
This VPN will connect to Gateway and there is no VPN client license on Gateways.
In this case,where I should apply the license(on Endpoint Server Y.Y.Y.Y or on Gateway Management X.X.X.X) ?
When you generate the license on UserCenter there will be two components:
CPSB-SB-EP-VPN
CPSB-COMPLETE
CPSB-SB-EP-VPN gets licensed with the IP of the SMS that manages your gateways. You obviously need to assign this licensed to that SMS (x.x.x.x) also.
CPSB-COMPLETE gets licensed against your Endpoint SMS (y.y.y.y)
Thanks,
Ruan
The licensing is per number of total seats (the sum of all VPN clients) connected across all VPN gateways managed by SmartCenter/Management Domain.
My understanding based on sk166032 is that, in your instance, is that you can have 100 users distributed across your 3 clusters in any ratio and it will work.
Remember - the license gets installed on your SMS, not on your gateway. The license count gets pushed down to each gateway as part of the policy push.
At the time of license activation/generation within Usercenter (Product Center) the Remote Access portion should be split and applied to the NPM IP address.
When you generate the license on UserCenter there will be two components:
CPSB-SB-EP-VPN
CPSB-COMPLETE
CPSB-SB-EP-VPN gets licensed with the IP of the SMS that manages your gateways. You obviously need to assign this licensed to that SMS (x.x.x.x) also.
CPSB-COMPLETE gets licensed against your Endpoint SMS (y.y.y.y)
Thanks,
Ruan
Hi Ruan,
Thank you for the quick help.
I have already generated the VPN license with the Endpoint Server IP(Y.Y.Y.Y)
Now can I regenerate the license with SMS IP(X.X.X.X) ?
Dear Ruan,
We have seat for 100 users EP-VPN.
Now I do have 3 clusters managed by SMS
Should we need to have 3 separate "CPSB-SB-EP-VPN-Complete" package?
Or should we need to generate with Each Cluster IP and attach it by changing one by one on same License?
Regards, Nagaaj
No - if you have an EPSS, you have to install part of the license there, as was written here above:
- CPSB-SB-EP-VPN gets licensed with the IP of the SMS that manages your gateways. You obviously need to assign this licensed to that SMS (x.x.x.x) also.
- CPSB-COMPLETE gets licensed against your Endpoint SMS (y.y.y.y)
The only license needed on the cluster nodes are MAB sslvpn licenses - these are not included in EPS licenses.
Hi Albretch,
Thanks for the reply.
Here we have 3 clusters managed by same management server.
As per the recommendation,we have added the license(CPSB-SB-EP-VPN) on the management server which is managing the three clusters(VPN gateway).
We have CPSB-SB-EP-VPN license for 100 seats.
Now how these licenses are distributed among these 3 clusters as this license is added on the common management server.
The licensing is per number of total seats (the sum of all VPN clients) connected across all VPN gateways managed by SmartCenter/Management Domain.
My understanding based on sk166032 is that, in your instance, is that you can have 100 users distributed across your 3 clusters in any ratio and it will work.
Remember - the license gets installed on your SMS, not on your gateway. The license count gets pushed down to each gateway as part of the policy push.
Hi,
You can explain which is the what is the way to see that the licenses are active, are they seen in the Device & License Information of the cluster?
In my case I already see them active with a print click but there is no way to see them from the smart console.
Regards.
About CheckMates
Learn Check Point
Advanced Learning
YOU DESERVE THE BEST SECURITY