Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
SPM
Contributor

Open Server license deactivation

 

Can licenses on open servers (Management, Gateway, Standalone)  once activated get deactivated from some checks,  verifications?

Are there any verifications of installed license on server with information from usercenter? 

 

 

 

 

 

 

 

6 Replies
HeikoAnkenbrand
Champion Champion
Champion

I don't understand your question 100%.

You have to distinguish between licenses and the contract.

Licenses:
The licenses are valid as long as they are displayed on the management (SmartUpdate) or gateway via "cplic print".

License Expiratio:
Licenses expire on a particular date, or never. After a license has expired, the functionality of the Check Point package may be impaired.

Contract:
The contract can be updated online or by file. Here the licenses are compared with the User Center entries.
The Service Contractfile contains all relevant data pertaining to your service contracts (IPS, DLP, URL Filtering, etc.). It is necessary to import the contract data into the User Center for proper entitlement.

Central License:
A Central License is a license attached to the Security Management Server IP address, rather than the gateway IP address. The benefits of a Central License are: Only one IP address is needed for all licenses. A license can be taken from one gateway and given to another. The new license remains valid when changing the gateway IP address. There is no need to create and install a new license.

Local License :
A Local License is tied to the IP address of the specific gateway and can only be used with a gateway or a Security Management Server with the same address.

Doing:

You can install or remove licenses via "SmartUpdate>Licenses & Contracts" over the management server.
Central licenses will be initially placed in the License Repository when imported into SmartUpdate. It is necessary to attach the license to the Security Gateway.

1) Generating your License in Check Point User Center:
Check Point Licenses are generated through the Check Point User Center.

To generate your license:
1.Log into the User Center at https://usercenter.checkpoint.com
2.From the Assets/Infopull-down menu, choose ProductCenter
3.Select the User Center account in which the product isregistered
4.Click DoneThe Products Detailspage will appear
5.Check the box to the left of the product
6.Click the Licensebutton
7.Complete all required fields
Note:
If generating a Security Gateway product, you will be prompted to select the License Type. For information on the difference between Central and Local licensing types, see sk "What is the difference between the central and local licensing schemes?".
8.Click the Licensebutton.

2a) To attach a Central License on Open Server:
1.In SmartUpdate, select the Licenses & Contracts tab
2.Right-click on the Security Gateway object you wish to attach the license to
3.Select Attach - A pop-up menu will appear
4.Select the license you wish to attach
5.Click Attach

Detaching Licenses:
Detaching a license involves detachinga license from the object to which it is attached. Local licenses detached are automatically deleted from SmartUpdate. Central licenses are placed in the License Repository and are available to be attached to another Security Gateway object if/when needed.

2b) To detach a Central License on Open Server:
1.In SmartUpdate, select the Licenses & Contracts
2.Right-click on the license you wish to attach
3.Choose Detach
4.Choose to confirm you wish to detach the license

If necessary, you can also view, install and delete licenses on the gateway with the"cplic" CLI command.


3) To import the Service Contract file:
Launch SmartUpdateFrom the Launch menu, choose License & Contracts > Update Contracts > From User Center. A pop-up window will appear. Enter your User Center credentials.

 

 

➜ CCSM Elite, CCME, CCTE
0 Kudos
HeikoAnkenbrand
Champion Champion
Champion

More informations to licenses :

Check Point Software Blade - Quick Licensing Guide

➜ CCSM Elite, CCME, CCTE
0 Kudos
SPM
Contributor

OK, thanks for answers but that is not quite what I was asking


Licenses attached to IP address at usercenter. During migration to a new version you need to generate a new license attached to a new IP.

I know, strictly speaking from licensing perspective you cant have running servers with old and new IP

But we are living in a real world and switching to a new servers not an instant process especially in complex and geographically dispersed scenarios.

So basically my question is does checkpoint servers check licenses with information in usercenter (IP address to which license attached) and can they deactivated license if found out that now license attached to a different IP.

I am afraid to end up with situation when you are not fully migrated yet but old servers stopped passing thru traffic

0 Kudos
Maarten_Sjouw
Champion
Champion

You CAN run them at the same time, however is it legal to do so, not really. Will you be sued for it, don't really think so, if you can keep the transition as short as possible..
Regards, Maarten
0 Kudos
Bob_Zimmerman
Authority
Authority

Last I checked, the license shouldn't affect forwarding. You can't push policy to an unlicensed box, but it should keep passing traffic.

My recommendation would be to generate eval licenses. I know I can generate my own 30-day evals, and I know my sales team can generate 90-day evals for me. Intentionally running the same license on two systems is a violation of the license agreement, and evals are probably the best way to accomplish this goal within the agreement.

0 Kudos
G_W_Albrecht
Legend
Legend

Officially supported way of doing that:

1. on new unit, install either an 30 day Eval or use the 14 day PnP Trial license

2. when putting the new unit into production, you will have to re-license to the new IP

3. install the newly generated license and contracts to the new unit

Management IP is used for all centrally managed licenses, only locally licensed GWs have the GW IP in its license. When doing an advanced upgrade of SMS, migrate export always contains the license of the time of the DB export from SMS that has to be removed manually before step 3. Further documents:

sk40993: How to change the IP Address of a Security Management

sk103356: How to renew SIC after changing IP Address of Security Management Server

CCSE CCTE CCSM SMB Specialist
0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events