This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
ABOUT CHECKMATES & FAQ
Create a Post
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Help
nagaraja_cs
Contributor
‎2020-04-30 12:13 AM

Endpoint Security VPN License

Jump to solution

Hi Team,

There are two separate management servers.

1)X.X.X.X -------> To manage Gateways

2)Y.Y.Y.Y -------> To manage Endpoint Security.

We have 'Complete Sandblast package' license which includes 'Endpoint VPN' blade.This license is installed on the server Y.Y.Y.Y 

Now we want to configure VPN.

This VPN will connect to Gateway and there is no VPN client license on Gateways.

In this case,where I should apply the license(on Endpoint Server Y.Y.Y.Y or on Gateway Management X.X.X.X) ?

0 Kudos
2 Solutions

Accepted Solutions
Ruan_Kotze
Advisor
‎2020-04-30 01:57 AM

Jump to solution

When you generate the license on UserCenter there will be two components:
CPSB-SB-EP-VPN
CPSB-COMPLETE

CPSB-SB-EP-VPN gets licensed with the IP of the SMS that manages your gateways.  You obviously need to assign this licensed to that SMS (x.x.x.x) also.

CPSB-COMPLETE gets licensed against your Endpoint SMS (y.y.y.y)

Thanks,
Ruan

View solution in original post

0 Kudos
Ruan_Kotze
Advisor
‎2020-05-28 02:29 AM
In response to nagaraja_cs

Jump to solution

The licensing is per number of total seats (the sum of all VPN clients) connected across all VPN gateways managed by SmartCenter/Management Domain.

My understanding based on sk166032 is that, in your instance, is that you can have 100 users distributed across your 3 clusters in any ratio and it will work.

Remember - the license gets installed on your SMS, not on your gateway.  The license count gets pushed down to each gateway as part of the policy push.

View solution in original post

10 Replies
Chris_Atkinson
Employee
Employee
‎2020-04-30 01:26 AM

Jump to solution

At the time of license activation/generation within Usercenter (Product Center) the Remote Access portion should be split and applied to the NPM IP address.

0 Kudos
Ruan_Kotze
Advisor
‎2020-04-30 01:57 AM

Jump to solution

When you generate the license on UserCenter there will be two components:
CPSB-SB-EP-VPN
CPSB-COMPLETE

CPSB-SB-EP-VPN gets licensed with the IP of the SMS that manages your gateways.  You obviously need to assign this licensed to that SMS (x.x.x.x) also.

CPSB-COMPLETE gets licensed against your Endpoint SMS (y.y.y.y)

Thanks,
Ruan

0 Kudos
nagaraja_cs
Contributor
‎2020-04-30 02:18 AM
In response to Ruan_Kotze

Jump to solution

Hi Ruan,

Thank you for the quick help.

I have already generated the VPN  license with the Endpoint Server IP(Y.Y.Y.Y)

Now can I regenerate the license with SMS IP(X.X.X.X) ?

0 Kudos
Ruan_Kotze
Advisor
‎2020-04-30 02:56 AM
In response to nagaraja_cs

Jump to solution

If you edit your existing license you'll see it's a two step process, so you'll basically be generating two seperate licenses.

Once done and you download the licenses, you'll be able to download them seperately as per sreenshot.

Thanks,
Ruan

Preview file
115 KB
0 Kudos
nagaraja_cs
Contributor
‎2020-05-26 05:01 AM
In response to Ruan_Kotze

Jump to solution

Dear Ruan,

 

We have seat for 100 users EP-VPN.

Now I do have 3 clusters managed by SMS

Should we need to have 3 separate "CPSB-SB-EP-VPN-Complete" package?

Or should we need to generate with Each Cluster IP and attach it by changing one by one on same License?

 

Regards, Nagaaj

0 Kudos
G_W_Albrecht
Legend
Legend
‎2020-05-26 07:23 AM
In response to nagaraja_cs

Jump to solution

No - if you have an EPSS, you have to install part of the license there, as was written here above:

- CPSB-SB-EP-VPN gets licensed with the IP of the SMS that manages your gateways.  You obviously need to assign this licensed to that SMS (x.x.x.x) also.

- CPSB-COMPLETE gets licensed against your Endpoint SMS (y.y.y.y)

The only license needed on the cluster nodes are MAB sslvpn licenses - these are not included in EPS licenses.

 

CCSE CCTE SMB Specialist
0 Kudos
nagaraja_cs
Contributor
‎2020-05-28 01:29 AM
In response to G_W_Albrecht

Jump to solution

Hi Albretch,

 

Thanks for the reply.

Here we have 3 clusters managed by same   management server.

As per  the recommendation,we have added the license(CPSB-SB-EP-VPN) on the management server which is managing the three clusters(VPN gateway).

We have CPSB-SB-EP-VPN license for 100 seats.

Now how these licenses are distributed among these 3 clusters as this license is added on the common management server.

 

 

 

0 Kudos
Ruan_Kotze
Advisor
‎2020-05-28 02:29 AM
In response to nagaraja_cs

Jump to solution

The licensing is per number of total seats (the sum of all VPN clients) connected across all VPN gateways managed by SmartCenter/Management Domain.

My understanding based on sk166032 is that, in your instance, is that you can have 100 users distributed across your 3 clusters in any ratio and it will work.

Remember - the license gets installed on your SMS, not on your gateway.  The license count gets pushed down to each gateway as part of the policy push.

DenisDavila
Explorer
‎2021-10-25 01:22 PM
In response to Ruan_Kotze

Jump to solution

Hi, 

You can explain which is the what is the way to see that the licenses are active, are they seen in the Device & License Information of the cluster?

In my case I already see them active with a print click but there is no way to see them from the smart console.

 

Regards.

0 Kudos
PhoneBoy
Admin
Admin
‎2021-10-25 02:41 PM
In response to DenisDavila

Jump to solution

Try: https://community.checkpoint.com/t5/SmartConsole-Extensions/RAS-VPN-Statistics/m-p/81579/highlight/t... 

0 Kudos