This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
StevePearson
Participant
yesterday

Disappearing licenses

I'm currently building a new management server (VM) to replace existing due to space issues for the logs, and upgrade to R81.20

Current one is an R81.10 vm, managing a clustered pair of 3000 series appliances, and a single gateway plus a cluster of 2 gateways in the oracle cloud. Everything is running fine, all fully and properly licensed.

So, ensured all upgrade tools are up to date on the old one, ran a a migrate server -v R81.20, which completed fine, pulled the file off box and shut it down. Built new box using the same IP's and then installed the latest jumbo, all good.

Next I put the migration file onto it and did a migrate import. (pretty standard stuff, do it dozens of times), this completed successfully and I rebooted it.

As soon as the box booted the phones lit up like Christmas trees!

Logged into SmartConsole and immediately see that the single gateway and cluster gateways in the Oracle cloud are showing Red, and reporting no licenses!

Check this with SmartUpdate, and sure enough, no licenses.

Shutdown the new box and restarted the old box, same thing, no licenses! Grabbed some evals, installed them and instantly the issue was resolved, so left it like this for now to give time to investigate.

The question is, where did they go and why???

No policy was pushed at any time, and no gateways were restarted. The cluster of 3000's onsite were fine!

0 Kudos
5 Replies
Chris_Atkinson
Employee Employee
Employee
yesterday

Presumably you didn't use the exclude license option in the migrste_server operation.

If it were lower than R81.20 JHF T79 then potentially I could understand the Cloudguard portion (additional steps needed - sk181500) but not the physical appliance.

Were you able to successfully reattach the licenses or have you reached out to TAC since?

CCSM R77/R80/ELITE
0 Kudos
StevePearson
Participant
8 hours ago
In response to Chris_Atkinson

No I didn't exclude the licenses when exporting. The missing ones are vsec licenses, so I'm thinking that the vsec_lic_cli state does not come across with the export, so I probably need to turn this on, but it shouldn't have removed the licenses like this.

The only thing I can think of is maybe the gateway checks in with the management and notices that it's different (fingerprint possibly), which has caused it to revoke the licenses?

0 Kudos
Tal_Paz-Fridman
Employee
Employee
8 hours ago
In response to StevePearson

There's the issue detailed in https://support.checkpoint.com/results/sk/sk151794 but should be resolved in newer versions:

Centrally distributed license disappears from CloudGuard Gateways

0 Kudos
StevePearson
Participant
6 hours ago
In response to Tal_Paz-Fridman

Yes I saw this but as you said it should be fixed in later versions.

Could it be moving the management from R81.10 to R81.20 may have upset it maybe?

0 Kudos
the_rock
Legend
Legend
yesterday

Personally, never had that problem. I would double check with TAC.

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    In-Person

    Tue 18 Mar 2025 @ 09:30 AM (EET)

    CheckMates Live Greece
    CheckMates Events