This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
ABOUT CHECKMATES & FAQ
Create a Post
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Help

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Hiep_Bui
Participant
‎2018-12-05 11:05 PM

License for Multi Domain Management server

Hello,

We are deploying some CP firewalls, 1 Multi domain management server and 1 multi domain Log server. I am a bit confused when getting licenses for the devices.

Multi Domain server:  10.1.1.1

Multi Domain Log server: 10.1.1.2

In Multi domain server, we created 2 domains:

- Domain1, with server = 10.1.1.11, log =10.1.1.12. gateway 1 will be in this domain.

- Domain 2, server = 10.1.1.21, log = 10.1.1.22, gateway 2 will be in this domain

In User center, we have 4 devices: CPSM-NGSM50-MD5 (multi domain server), CPSM-NGSM50-MLOG10 (multi domain log), and 2 gateways.

When registering licenses, which IP addresses should I use?

- for multi domain server: 10.1.1.1?

- for multi domain log server: should I use 10.1.1.1 or 10.1.1.2

- for gateway 1: should I use 10.1.1.1 (multi domain server) or 10.1.1.11 (Domain 1 server)

- for gateway 2: should I use 10.1.1.1 (multi domain server) or 10.1.1.21 (Domain 1 server)

do I have to do anything for Domain 1 server + log server, and Domain 2 server + log server?

I am trying to search in Checkpoint documents but have not found what I need and still confused. Please help to guide me or show me the documents I should look at.

Thanks,

Hiep.

4 Replies
_Val_
Admin
Admin
‎2018-12-06 01:47 AM

The best practice is to license all management with the main IP address of MDS and assign central licenses to domains. Gateways will use central licensing with Domain IP address.

Hiep_Bui
Participant
‎2018-12-06 01:59 AM
In response to _Val_

Hello Valeri,

Thanks for answering my question.

Just to confirm, in my example, I should use 10.1.1.1 for all licenses?

And how to assign central licenses to domains? I have not found out how to do that.

Thanks,

Hiep.

0 Kudos
_Val_
Admin
Admin
‎2018-12-06 02:07 AM
In response to Hiep_Bui

When licensing MDS and domains, you can use central IP for all or local IPs for domain. The process is self-explanatory when you generate the license. Either way will work. When licensing GWs, use Domain MGMT IP for central licensing.

MDSM licenses are described in the Admin Guides. Go to Multi-Domain Security Management Support - Solutions, Documentation, Downloads, Security Alerts , chose your product version and look for Licensing Overview chapter in the admin guide

Danny
Champion
Champion
‎2018-12-12 11:41 AM
In response to _Val_

Well, actually you don't assign central licenses to domains anymore.

The licensing scheme has changed.

You just need to order a CPSM-NGSM container with a CPSB-DMN blade attached like this:

ContainerDescriptionCertificate KeySupport TypeSupport RenewalServices Renewal
CPSM-NGSM50
Next Generation Security Management Software for 50 gateways
Additional Blades
  CPSB-DMN-2525 domains package for Multi-domain Security Management

That's it. The domains (DMS/CMA) won't receive a license anymore. Just the MDS.