This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
kamaladmire1
Contributor
Contributor
‎2026-02-23 08:47 AM
Jump to solution

Eval license for Management Server managing 100 Gateways

Hi Experts,

I’m planning to deploy a temporary (VM based) management server to support a data‑centre transition. It will only be required for a couple of days. Our current management server is managing around 100 gateways, and I need to deploy an additional secondary management server using an evaluation license.

  1. What is the gateway management limit for a Check Point Management Server running on an evaluation license?

  2. After performing a migrate export/import, if the newly deployed management server (VM based) uses a different IP address but still has network reachability to all managed gateways, will this affect SIC trust or require SIC to be re‑established?

  3. Also if the OLD Management is running a different license SKU and NEW Management is on a different License SKU, will this cause a sync issue? 
0 Kudos
2 Solutions

Accepted Solutions
the_rock
MVP Diamond
MVP Diamond
‎2026-02-23 09:04 AM
Jump to solution

  1. What is the gateway management limit for a Check Point Management Server running on an evaluation license? I believe unlimited

  2. After performing a migrate export/import, if the newly deployed management server (VM based) uses a different IP address but still has network reachability to all managed gateways, will this affect SIC trust or require SIC to be re‑established? I dont think thats needed

  3. Also if the OLD Management is running a different license SKU and NEW Management is on a different License SKU, will this cause a sync issue? Im fairly sure it would not cause any issues
Best,
Andy
"Have a great day and if its not, change it"

View solution in original post

0 Kudos
(1)
Bob_Zimmerman
MVP Gold
MVP Gold
‎2026-02-23 09:32 AM
In response to the_rock
Jump to solution

1. The 15-day "plug-and-play" eval license definitely covers an unlimited number of firewalls. The accounts.checkpoint.com > Try Our Products > Product Evaluation > All-In-One Evaluation option should also cover a single management with an unlimited number of firewalls. The Other Evaluation Option offers an MDS eval covering five domains and 50 firewalls, or a CPSB-DMNU000, which should let one CMA manage an unlimited number of firewalls.

2. Changing the management server's IP address like this does not require reestablishing SIC, as SIC is certificate-based. Just keep the same hostname on the management, and it will be fine.

That said, changing the IP may require unloading the policy to allow the connection from the new management. The firewalls get implied rules which allow the management server to talk to them, and the new management's address won't be on the list. It you know the new management's address ahead of time, you can make a dummy secondary management object with that address and push to the firewalls to make them aware of it.

3. License SKU definitely doesn't matter for management sync.

View solution in original post

7 Replies
the_rock
MVP Diamond
MVP Diamond
‎2026-02-23 09:04 AM
Jump to solution

  1. What is the gateway management limit for a Check Point Management Server running on an evaluation license? I believe unlimited

  2. After performing a migrate export/import, if the newly deployed management server (VM based) uses a different IP address but still has network reachability to all managed gateways, will this affect SIC trust or require SIC to be re‑established? I dont think thats needed

  3. Also if the OLD Management is running a different license SKU and NEW Management is on a different License SKU, will this cause a sync issue? Im fairly sure it would not cause any issues
Best,
Andy
"Have a great day and if its not, change it"
0 Kudos
(1)
kamaladmire1
Contributor
Contributor
‎2026-02-23 09:08 AM
In response to the_rock
Jump to solution

thanks for quick response

0 Kudos
the_rock
MVP Diamond
MVP Diamond
‎2026-02-23 09:11 AM
In response to kamaladmire1
Jump to solution

Pleasure to help, any time!

Best,
Andy
"Have a great day and if its not, change it"
0 Kudos
(1)
Bob_Zimmerman
MVP Gold
MVP Gold
‎2026-02-23 09:32 AM
In response to the_rock
Jump to solution

1. The 15-day "plug-and-play" eval license definitely covers an unlimited number of firewalls. The accounts.checkpoint.com > Try Our Products > Product Evaluation > All-In-One Evaluation option should also cover a single management with an unlimited number of firewalls. The Other Evaluation Option offers an MDS eval covering five domains and 50 firewalls, or a CPSB-DMNU000, which should let one CMA manage an unlimited number of firewalls.

2. Changing the management server's IP address like this does not require reestablishing SIC, as SIC is certificate-based. Just keep the same hostname on the management, and it will be fine.

That said, changing the IP may require unloading the policy to allow the connection from the new management. The firewalls get implied rules which allow the management server to talk to them, and the new management's address won't be on the list. It you know the new management's address ahead of time, you can make a dummy secondary management object with that address and push to the firewalls to make them aware of it.

3. License SKU definitely doesn't matter for management sync.

Vanness_Chen
Explorer
‎2026-02-23 07:54 PM
In response to Bob_Zimmerman
Jump to solution

Hi Bob:

Recently, I also have a requirement to migrate an on-premises SMS appliance to a VM.

If the target version is different during the migration (for example, R81.20 → R82), would it still be unnecessary to re-establish SIC?

0 Kudos
emmap
MVP Gold CHKP MVP Gold CHKP
MVP Gold CHKP
‎2026-02-23 08:59 PM
In response to Vanness_Chen
Jump to solution

SIC certificates are retained during an upgrade with migration, no need to reset anything. The R82 install and upgrade guide has the full procedure to follow.

kamaladmire1
Contributor
Contributor
‎2026-02-24 01:41 AM
In response to emmap
Jump to solution

thanks everyone

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    CheckMates Events