- CheckMates
- :
- Products
- :
- Harmony
- :
- Endpoint
- :
- MGMT License required for CPEP-ACCESS?
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Are you a member of CheckMates?
×- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
MGMT License required for CPEP-ACCESS?
Hi,
We already have MGMT license cover by CPSM-NGSM25 and CPEP-ACCESS-1Y for 5500 endpoint Security.
from MGMT perspective, is it enough if we purchase only CPSM-NGSM25 for manage CPEP-ACCESS 5500 endpoint?
please advise.
Accepted Solutions
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
See sk116598: Next Generation Endpoint Security Products Licensing:
You need a MGMT license and Access Control and Data Protection package. If you use Cloud Management, you also need the Access Control and Data Protection package and Cloud Management license. But this usually is quoted by CP Sales according to customers demands.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Three different RA license possibilities exist:
- Mobile Access Blade SSL VPN is licensed per concurrent users, so there is no need to release anything
- EPS Server with EP Blades can be cleaned of messed licenses by PSQL commands you receive from TAC
- RA VPN managed by dashboard can be released in expert mode by clearing the users check table:
[Expert@GW]# fw tab -t userc_users -x -y
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Good question!
It is interesting for me too.
And I have additional question. Is it mandatory to use the management system to manage agents if we use this license (CPEP-ACCESS-1Y)?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
See sk116598: Next Generation Endpoint Security Products Licensing:
You need a MGMT license and Access Control and Data Protection package. If you use Cloud Management, you also need the Access Control and Data Protection package and Cloud Management license. But this usually is quoted by CP Sales according to customers demands.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Thanks for your reply.
But why we need Access Control and Data Protection package?
CPEP-ACCESS-1y provide us Firewall and VPN Remote Access (following sk116598). I understand that we attach this license to the management server. But in case when we use only VPN access with the license CPEP-ACCESS-1Y, do we need Endpoint Management? Or can we use unmanaged endpoints only for VPN access (similar to MOB license)?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
You have to decide if you need Endpoint Management Server (with Endpoint Security Clients) or just use Standalone Clients (Endpoint Security VPN). Desktop Firewall and RA VPN do not need an Endpoint Management Server.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
We have 20 CPEP-ACCESS licenses and we want to use standalone clients (without Endpoint Management). In case when 20 hosts connected to the GW and disconnected after some time - when is the license released? And can we release this license manually?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
According to sk33869:
- "Used Licenses" column shows the number of users that have connected in the last 30 days. The Policy Server counts users on a monthly period basis. When the month is over, it resets to "zero". The dtps lic output "Used Licenses" column counts the users according to their name (or DN). This means that the same user is counted only once. The "Used Licenses" column does not display the number of currently connected users. Instead, it displays the number of unique users that have connected to this Policy Server during a month. The intention of the "Used License" column information is not to display how many users are being concurrently connected, but rather to display how many SecureClient users exist.
Users are stored in userc_users - This table holds remote access client's IP address. All connections from this IP address are expected to be encrypted.
Run the below command in expert mode to clear the users check table:
[Expert@GW]# fw tab -t userc_users -x -y
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
The firewall + VPN features of CPEP-ACCESS can be managed with Network Management.
If you need Endpoint Compliance for some reason (instead of SCV), that does require Endpoint Management.
Believe the license is counted for each installed user once they connect and it’s held for 30 days.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
HI Phoneboy,
So in our case if we already have NGSM25 + CPEP-ACESS -1Y for 5500 user, do we need additional license to cover 5500 user if we want to deploy endpoint access control ( firewall, application control, compliance and vpn ) ?
thanks n regards
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Believe Application Control is outside the scope of what Access licenses provide.
In current SKUs you’d probably need SBA Basic licenses and either Endpoint Management or you can leverage SBA Managed from the cloud which comes with SBA Basic licenses.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Thanks for your reply!
You said that license held for 30 days. Can I release it mannualy for some way?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Three different RA license possibilities exist:
- Mobile Access Blade SSL VPN is licensed per concurrent users, so there is no need to release anything
- EPS Server with EP Blades can be cleaned of messed licenses by PSQL commands you receive from TAC
- RA VPN managed by dashboard can be released in expert mode by clearing the users check table:
[Expert@GW]# fw tab -t userc_users -x -y
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hello.
In case of third scenario (RA VPN with standalone Endpoint Security clients in Office Mode connecting to R80.30 security gateway), is it possible to check how many licenses have been given out and to which LDAP users? We have installed CPEP-ACESS -1Y for only 1 seat on our SMS and have Mobile Blade disabled on Security Gateway. For some reason, more than one users are able to connect and obtain office mode IPs. Big bash one-liner command shows this output on security gateway:
REMOTE ACCESS VPN STATS - Current
----------------------------------------------------------------------
Assigned OfficeMode IPs : 9 (Peak: 11)
Capsule/Endpoint VPN Users : 8 (Peak: 12) using Visitor Mode: 7
Capsule Workspace Users : 0 (Peak: 0)
MAB Portal Users : 0 (Peak: 0)
L2TP Users : 0 (Peak: 0)
SNX Users : 0 (Peak: 0)
LICENSES
----------------------------------------------------------------------
SecuRemote Users : 500
Endpoint Connect Users : 1
Mobile Access Users : 5
SNX Users :
How is this possible?
#cplic print from SMS
Host Expiration Features
10.20.100.60 never cpep-c-1+1 cpsb-ep-fw+1 cpep-subscr cpsb-swb cpsb-ngep CK-D7E7DB6F6812
10.20.100.60 never cpvp-vps-1-ngx cpvp-vsc-5-ngx+1 cpep-perp cpsb-swb CK-D7E7DB6F6812
10.20.100.60 never CPSG-VE+8 CPSB-BASE CPSB-FW CPSM-C-2 CPSB-VPN CPSB-NPM CPSB-LOGS CPSB-IA CPSB-ADNC CPSB-SSLVPN-5 CPSB-IPS-S1 CPSB-URLF CPSB-APCL-S1 CPSB-AV CPSB-ABOT-S CPSB-ASPM CPSB-CTNT CK-149823EE8135
10.20.100.60 never CPVP-SNX-5-NGX CPSB-SWB CPSB-ADNC-M CK-149823EE8135
10.20.100.60 never CPSM-C-5 CPSM-NGSM CPSB-WKFL-5 CPSB-NPM CPSB-EPM CPSB-LOGS CPSB-MNTR CPSB-MPTL CPSB-UDIR CPSB-PRVS CPSB-COMP-5 CPSB-COMP-5 CPSB-COMP-5 CPSB-SME-5 CPSB-RPRT-N-C1000 CK-9FDDA77E676A
