IPS has an SK about it specifically: https://support.checkpoint.com/results/sk/sk44175
So does App Control: https://support.checkpoint.com/results/sk/sk56300

Again, a Firewall or Management license typically don't expire outside of evaluations.

I have an interesting one, I have CP1490 local managed. EOL now, contract expired on blades but FW, VPN, Routing and Identity is set to never expire.  But lately been seeing on the notification screen License Activated. License set to expire on Jan 18, 2038.  This was after being provided with a custom build to B163 on site is B160.    
Not sure if this is a firmware issue or something at the backend with Checkpoint. I do get the random notification that my contracts have expired and to contact checkpoint.  

any thoughts? 

That sounds like something at the backend, would not make logical sense if you see 2038 lol

Andy

That’s what I figured wonder if I ignore it or report?  My appliance shows active and registered and as mentioned the blade for firewall is never license 

Personally, if I were you, I would report and not ignore it. To me, thats certainly wrong, but TAC case might be warranted.

Andy

I suspect the reason for the "Expires in 2038 license" has something to do with: https://en.wikipedia.org/wiki/Year_2038_problem
By default, in older versions (R77.x and earlier), we would set the expiration of the Internal CA to current date plus 20 years.
That caused issues that we've since fixed by setting the expiration date of the ICA to a fixed value: https://community.checkpoint.com/t5/SMB-Gateways-Spark/How-reset-to-factory-default-from-maintenance... 
There are likely other bugs that will occur when the actual date gets to 2038 that will cause the unit to fail...that obviously won't get fixed because the units will be EOL.

Therefore, I expect the answer from TAC will be that this is expected behavior.

Right, I keep forgetting thats the "Epocalypse" year haha

Andy

Thanks am aware of the bug and seen the fix for R77.20 which was a link and am above that build number.   But yes when I see my internal CA shows to expire on 2037.  Can I extend my CA beyond 2037 or would it be done automatically by the system? 

https://support.checkpoint.com/results/sk/sk158096

Procedure - If the Internal CA certificate is still valid:

Important Note: You do not need to do steps 1 and 2 of this procedure if you have installed the Jumbo Hotfixes below. Before the release of the Jumbo Hotfix Takes, the Internal CA certificate required a manual renewal process. With these Takes, it will be automatically renewed one year before its expiration date:

• Jumbo Hotfix Accumulator for R81.20 starting from Take 26 
• Jumbo Hotfix Accumulator for R81.10 starting from Take 95
• Jumbo Hotfix Accumulator for R81 starting from Take 82
• Jumbo Hotfix Accumulator for R80.40 starting from Take 198

 

I ran the actual script, but it simply shows now Dec 31, 2037.

Andy

Thanks Andy believe a jumbo fix also existed for R77.20 great than Build x.72956 believe

I think so, yes.

Not currently possible.
Like I said, there are multiple areas (not just the ICA) that will need to be fixed to fully address the Year 2038 problem.
Current hardware/software versions will surely be End of Life by then.

It is something I expect we'll address in due course, but don't know the precise timeframe for doing so.

If you are still running R77.20 in 2037, you have a much bigger problem than expiring ICA, I suspect...

So this got out of context.  Original  Inquiry was to source if others are still using this appliance and same firmware build are they getting this message? I have layers of security edge firewall, tbis appliance is used for switching and routing and works perfectly fine.  Weird that now it starts to throw that message after years of using it with different firmware build. Coincidental that after I put the last private build firmware B163 this message appeared and since no one has the answers.  I will simply revert back to build 160 over the weekend and see if that message goes away.  If it does, something was introduced as a bug If it remains with B160 and while never had it.  This leads me to believe CP backend is throwing these now.  Figured someone on this forum would have the response, rather than why continue to use it.  

Would recommend to replace with supported hardware. I think if you open a case with eol hardware and valid license they cannot proceed with it anyway. 

as mentioned keeping it as a router/switch, main firewall will be supported.   I will open a TAC since they provided the private build since this occurred and will revert to previous image if needed just need to confirm if this is a firmware matter or backend due to being EOL but nonetheless I have time until 2038 to worry.  Was seeking if others in the community that have same devices that are still in usage in a LAB etc. are getting this message. 

Andy,

If FW lic expired you won't be able to install policy to the gateway(s), even if you have a valid SmartCenter lic. and the traffic flows according to the latest policy.

If the contract expires, that happen what you wrote.

Akos

This is an appliance GAIA image local managed and firewall license, IPSEC VPN, identity and advanced routing have a never expire license.    So nothing should stop working.  However my other blades that are software subscription have expired so those features of IPS, Bot etc won’t work and that’s understood.  The question. Is why my gateway is saying license activated. License is set to expire in Jan 18, 2038 ? This only did it after installing a custom build from CP.  if needed I will downgrade back to the last firmware image but will see if issue is related to firmware or backend of CP? 

Thats right and I believe thats what my statement implies too 🙂

Andy