This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
spinazdoo
Explorer
Thursday

License and Support Expired Behaviors

Hi Check Point,

 

I got a question, which I thought was simple but I was confused about answering it because there was no official statement in the admin guide or SK.

This morning head of CISO asked what happens if the Check Point license expires on the firewall and management side?

I found several links that show in the IPS part that the license has expired but not other features and impacts on the management and firewall itself.

Maybe I missed it, does anyone have a link or official statement about this?

 

Thank you 🙂

0 Kudos
4 Replies
PhoneBoy
Admin
Admin
Friday

The likely reason there is not an official SK about this situation is because Firewall and Management licenses are usually sold as perpetual licenses (thus don’t expire).
They also do not have a contractual component  like Application Control and Threat Prevention, which require a subscription.
The output of cplic print -x from all relevant nodes can be used to confirm your license/contract status for the various features.

If the Firewall license actually expires, the gateway will effectively “fail closed” (loading defaultFilter, which passes no traffic).
If the Management license expires, you will not be able to connect with SmartConsole or the API.
These behaviors can be easily verified by building an environment with evaluation licenses and changing the clock past the expiration date.

0 Kudos
Lesley
Advisor
Advisor
an hour ago

I don't think there is real documentation.

I know for IPS if you enable it, run it with trial and let it expire you will get of course warnings. 

After the warnings the IPS updates stop and IPS also. Only the 'core' protections will stay active. They come from the box it self (after installation of the software) They do not require license. But this is just a small part of IPS. 

For app blade and URL blade I am not 100% sure I think it also depens on the fail-open, fail-closed setting in Smart Console. Also I would expect that the rules that contain application control objects will stop working. 

You can buy a new firewall and it will include: 1 Year SNBT Subscription Builtin. Even if you select a 2 year service plan. So after the one year you either have to renew SNBT or go back to NGTP or NGFW. 

BUT NGFW contain default IPS and application blade. So the question you ask depends on what type of blades. If it is specific IPS and application control you have to follow Phoneboy. Other blades will not be included. And what will happen depends on the blade that will expire and is enabled. 

So it is a valid question and one SK that could explain this would be great. I get this question A LOT from customers and I never can share something official. 

-------
If you like this post please give a thumbs up(kudo)! 🙂
0 Kudos
PhoneBoy
Admin
Admin
18m ago
In response to Lesley

IPS has an SK about it specifically: https://support.checkpoint.com/results/sk/sk44175
So does App Control: https://support.checkpoint.com/results/sk/sk56300

Again, a Firewall or Management license typically don't expire outside of evaluations.

0 Kudos
the_rock
Legend
Legend
14m ago

There is no official statement about it or link/sk. What happens is this...if mgmt license expires, you cant log into smart console, thus you cannot install policy through it. If fw one expires, yes, traffic will still pass, but you cant get new IPS/URLF updatesor make any changes that require valid contract.

Andy

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    CheckMates Events