Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
jijotms0511
Contributor
Jump to solution

Checkpoint licensing R80.30

Hi All,

Got a checkpoint device 3600 model with R80.30. It is configured as a standalone device. No HA.

Which is the best mode of licensing in the standalone mode  ( local licensing or central)?

Also, we are planning not to use the Mgmt port IP for the licensing and have made one subinterface like eth2.XXXX vlan in the checkpoint as the management IP, which is connected down to the switch. Currently this interface is set as Mgmt interface in the checkpoint. Can we use this subinterface IP for licensing ?

Thanks,

 

 

 

0 Kudos
1 Solution

Accepted Solutions
PhoneBoy
Admin
Admin

Central licensing means "licenses are pushed from management."
Since the gateway and the management are the same on a standalone gateway, a local license is best.

I believe you can license against a VLAN IP, but I haven't tried it myself.
You can use any IP that's associated with a physical interface.

View solution in original post

8 Replies
PhoneBoy
Admin
Admin

Central licensing means "licenses are pushed from management."
Since the gateway and the management are the same on a standalone gateway, a local license is best.

I believe you can license against a VLAN IP, but I haven't tried it myself.
You can use any IP that's associated with a physical interface.

jijotms0511
Contributor
Thank you so much for the Info!
0 Kudos
jijotms0511
Contributor

Hi, One more question on the same. It was identified that , when Checkpoint was connected to the internet for testing after initial config for patch update etc, as per the new feature of checkpoint , the license was automatically updated. At the point of connecting to the cloud the Mgmt Port say was configured like 1.1.1.1 , and it was taken as the License IP ( for generating the same).

But actually we need to use another interface as the management port like ( eth 2.XXXX) vlan interface and say like ip tagged to it is 2.2.2.2

Currently as the IP address cannot be changed as the IP address is already tagged with the license, will there be an issue, if we make the "set an Management" option to make ( eth 2.XXXX) vlan interface and say like ip tagged to it is 2.2.2.2 as the management interface and planning not to connect the Mgmt port. But we will retain the IP for Mgmt as 1.1.1.1 itself?

In this case , so just wanted to confirm when the device is connected to Internet , any issues with the licensing ?

Thanks,

0 Kudos
Maarten_Sjouw
Champion
Champion

As long as the IP of the license is on the gateway it should work, set the interface as the management interface. You can change the IP in the usercenter later.

Regards, Maarten
_Val_
Admin
Admin

You can set up a license to any IP address belonging to your asset. Also, you can change the original IP address with your license in the UserCenter, at least once.

jijotms0511
Contributor

Hi , when we change the IP address in usercenter , do we need to regenerate the license file again or just go to usercenter and update the IP address . Also at Gaia make the new ip set as mgmt?Is My understanding correct ?

0 Kudos
_Val_
Admin
Admin

You need to generate a new one, remove the old one and replace. Just re-generating on UC is not enough

jijotms0511
Contributor

Noted thanks 

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events