This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
ma_gorkhali
Contributor
Friday

Checkpoint License

Some of my checkpoint firewalls has successfully been renewed it went up to the usercenter and automatically got updated with the extended date.

 

However, when I jump into smartupdate I do not see service contract getting fetched over.

 

Is service contract and license two different things ? I have usually seen both of them getting updated in the past but looks like license in the firewall has been updated but not the service contract in smartupdate.

0 Kudos
16 Replies
PhoneBoy
Admin
Admin
Friday

Yes, they are two separate things.
The license allows the functionality to be used, the service contract allows you to access ThreatCloud and other updates.
The best place to review the situation is via the CLI (cplic print -x) on the relevant gateway versus SmartUpdate (which has largely been deprecated).

the_rock
Legend
Legend
Friday

Can you send us output of cplic print -x?

Andy

0 Kudos
ma_gorkhali
Contributor
Saturday
In response to the_rock

@the_rock @PhoneBoy  You can find the attached screenshot below

 

cplic-print-devb.png

 

You can see on the gateway itself license has been updated until 14Nov 2025 but the contract has not been fetched in smartupdate

0 Kudos
the_rock
Legend
Legend
Sunday
In response to ma_gorkhali

I agree with @Tal_Paz-Fridman . Based on the output, IPS is indeed covered, but seems URLF is expiring Dec 14th. Here is what I would try, if I were you, in the meantime...just generate local eval license good for 30 days, apply it, install policy and test.

Andy

0 Kudos
ma_gorkhali
Contributor
Sunday
In response to the_rock

Hi @the_rock  we are only adding up IPS as we did downgrade from NGTX to NGFW as we only require IPS.

The only thing is why is it not getting reflected in SmartUpdate ? 

0 Kudos
the_rock
Legend
Legend
Sunday
In response to ma_gorkhali

Honestly, I would call Account services and verify.

Andy

0 Kudos
ma_gorkhali
Contributor
Sunday
In response to the_rock

The TAC engineer that has been assigned to me doesn't know anything frankly telling you. He is providing me SK of R81.20 and telling me to follow it as it clearly mentions that the SK is not for R81.10

0 Kudos
the_rock
Legend
Legend
Sunday
In response to ma_gorkhali

As the saying goes, we cant control other people, we can only control what we do. Dont worry, we are here to help, so Im sure we will figure it out. Btw, what is the sk you are referring to?

Andy

0 Kudos
the_rock
Legend
Legend
Sunday
In response to ma_gorkhali

Btw @ma_gorkhali , thought of something that MAY work. What if you run below from mgmt ssh in expert mode?

contract_util mgmt

That command should allow management to update all gateways managed by it with the right contract info.

Andy

0 Kudos
ma_gorkhali
Contributor
Sunday
In response to the_rock

@the_rock  for service contract I manually pulled from usercenter and uploaded it using smartupdate. 

contract_util mgmt will not work as Maestro is more based on local license rather than central licensing. Correct me if I am wrong

Sadly I am still stuck with Maestro renewal but a new tac engineer came in with new ideas. Let see how it unfolds tomorrow. I will update

0 Kudos
the_rock
Legend
Legend
Monday
In response to ma_gorkhali

K, sounds good!

Andy

0 Kudos
Tal_Paz-Fridman
Employee
Employee
Saturday

Could you also run the following command on the Security Gateway (it uses a somewhat newer I/S relative to SmartUpdate):

cpstat os -f licensing

 

Thanks

0 Kudos
ma_gorkhali
Contributor
Sunday
In response to Tal_Paz-Fridman

This is a maestro-based environment with VSX and we did downgraded the license from NGTP to NGFW on the recent renewal.

One more thing do we need to renew license for the Virtual System as well? We had initially purchased for 10 VS

cpstat.png

0 Kudos
Tal_Paz-Fridman
Employee
Employee
Sunday
In response to ma_gorkhali

 In the output you can see exactly what is covered and what is not (and indeed NGTX blades are no longer covered).

I suggest contacting Account Services 1-972-444-6600 and select option 3 or at help.checkpoint.com 

0 Kudos
ma_gorkhali
Contributor
Sunday
In response to Tal_Paz-Fridman

Hello @Tal_Paz-Fridman , thank you for replying back.

 

Just want to confirm is IPS renewed interms of licensing as well as service contract in my gateway? 

One more thing do we need to renew license for the Virtual System as well? We had initially purchased for 10 VS

0 Kudos
Tal_Paz-Fridman
Employee
Employee
Sunday
In response to ma_gorkhali

So based on the output IPS is covered.

You need to make sure the Security Gateway has access to the Internet to make the check (and also download updates). 

AFAIK the basic license which includes blades like Firewall and IPsec VPN does not need renewing. Only Service Blades like IPS, Anti-Virus, Anti-Bot, Application Control, URL Filtering etc. need updating. 

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    CheckMates Events