Hello @_Val_  the strange thing is 2 of our maestro cluster is updated but  one of the maestro cluster has not updated yet. I can see in the usercenter that the expiry date for the blade has increased. It was renewed 24hrs ago and is it something that takes time ?

Maybe try to receive licenses from usercenter in smartupdate? If there all is good push the policy. 

Hi @Lesley  Do you mean click on 'get all license' under Licenses and Contracts  on the SmartUpdate and then install the policy ?

Something like get all licenses and contracts from userscenter and use there usercenter login where the firewalls are placed in. Have no access to pc now so cannot share screenshot

This should be the one I suspect ? 

Yep, thats it!

I would try what @Lesley suggested.

Andy

It might be that one of the security groups does not have Internet connectivity and cannot update contracts and licenses automatically. If this is the case, look into https://support.checkpoint.com/results/sk/sk163323

Also, try pushing the licenses and contracts from SmartUpdate, as already suggested. 

If neither works, please open a TAC case

Thank you for your reply.

Smart update is currently not able to communicate with usercenter although do have internet access from the SMS itself.

Adding to this SMO does have internet connection and can connect to checkpoint sites

Can you send below output from expert mode of sms?

curl_cli -k www.google.com

Andy

Here you go

From SMO

FROM SMS

So it does have Internet access, but, is PC where smart console installed able to get to the Internet?

Andy

Not the PC doesn't have internet? Is that the reason why I am not being able to fetch the contract using smartupdate ? 

Im fairly sure that is why.

Let me try connecting to smartconsole from the PC where there is internet

I feel confident that will work.

Hello, 

I installed smartconsole in my PC where there is internet connectivity and still could not fetch the contract

It does ask for a credential and my user is a superuser for accessing usercenter or do you we need a admin@domain.com account to pull it through or should the superuser be more than enough ? 

Please refer to https://support.checkpoint.com/results/sk/sk11054 about offline license update.

So when you try from PC that has Internet access and enter yoour UC info, does it give same error? Because when I test in the lab, works 100% of the time.

Andy

Yes, same error exactly the same. I am bit confused what is the issue as the license got updated in most of the firewall in total of 100 plus firewall except for one of the maestro cluster and the SMO for that cluster does have internet connectivity as well. All of those that got updated were automatically updated.

Im with you there, that is a bit puzzling, agree.

Andy

Adding to this I have a different maestro cluster managed by different SMS. Maestro in DEV environment got updated automatically as well but when I try to fetch the contract from the user center I am getting the same error in DEV environment as well

@the_rock @_Val_  @Lesley  Does maestro gateway play any role in fetching out the license. As maestro is more of a local license should the gateway directly be talking with the internet ? 

Looks like the problematic maestro where license was not updating had some connection issue although I was able to curl in the sites . I could see some drop return packets from my proxy so I have forwarded my traffic to another proxy where no drop is been seen right now.

How long does it take for the license to get automatically updated from the usercenter ?

I believe what you were trying to do is technically fetched from the smart console itself, thats why I mentioned last night to try from PC with the Internet access, but you said that did not work either.

Andy

Hello @the_rock yeah it did not that's right

I have raised a case hopefully he solves it and then will post

Keep us posted.

Andy

I understand. Let me do some tests in the lab later on this.

Andy