Hello, Chris.

Can you explain why I can't "unlink" the GW licenses I have in this environment?

If you notice in the image, every time I click on the license that starts with the name "CPSB..." and I click on the "Detach" action, I get the red alert message.
I don't understand why.

Greetings.

For quick resolution to this, I would get in touch with Account services and Im sure they could sort it out for you in 5 minutes.

We are having a bad experience with the team that is in charge of the licenses, so far, they do not give us a timely attention, that is why I decided to move forward, reviewing and asking through this means. 😞

For some reason the final licenses that were purchased, when they are loaded from the SmartUpdate, and the contract is "called" from this same console, because the contract that appears, is a contract too old, and what it does is that I continue to appear the Cluster equipment "alerted" from the SmartConsole.

Does anyone know how to correct this?

I will send you eval tomorrow to try and see if it works.

In Usercenter / Product Center are the licenses shown with valid expiry dates?

To clarify is it an internal or Check Point team that you are having difficulty with?

Hi Chris.

These are Checkpoint 5000 series appliances.
They are 2 GWs that are in a Cluster.

The "License" was apparently already loaded, because at least when I consult it through the CLI, with the "cplic print -x", I see the final licenses, but in one of the GWs of the Cluster (The primary), the command is also showing me information of the "contract", and the contract that shows me is very old "April/2021", it has no logic.

I tried to call the contract several times from the SmartUpdate, through "Licenses & Contacts -> Update Contacts -> From User Center", but when the process finishes running, it shows me again the same expired contracts from 2021.

This is super weird.

Hello.  I am one of our licensing experts.  Both of these issues can be resolved fairly quickly.

1.  You can use a permanent license or eval with the blade CPSB-NPM.  This will allow access to the Smart Console GUI.  The all-in-one eval is the easiest solution.

2.  The "object not found" error is being caused by a mismatch between the gateway command line and Smart Update.  When you try to delete the license from Smart Update it will check that signature key on the gateway and delete the correlating license.  When it cant find that signature key, you will get that error.  The solution is to launch GUIdbedit and delete the license from there.  

I would be happy to schedule a call and help with any of these issues.  Do you have the ticket # with the licensing team so I could investigate the interactions further?

Hi Kevin.

Yes, my ticket is 60003500792.

It currently generates the licenses, and I uploaded them to the computers.
This task was done in a "CENTRAL" way.

When you query the licenses on both machines, it shows like this.

GW01

GW02

You will notice, that only in the CLI of GW01, I have the result of the definitive license that has already been charged, but in addition I am also shown information of the "contract" that is too old (2021).
In the GW02 no additional information (contract) is shown.

And when you go to the SmartConsole, the Cluster is still "alerted".

Is there any way to correct this?

These are definitive licenses that were purchased for our end customer, which last until June/2023.

Greetings.

why do you want to remove them in the first place?

Hello,

We have definitive licenses that have just been acquired, until June/2023.

The problem is that the licensing partner did not charge them through Checkpoint's UC, and we are being forced to finish generating the licenses and charge them manually.

The problem is that having already generated the licenses, and also uploading them, it keeps calling me to very old "contracts", which I already "deleted" from the license repository from the SmartUpdate.

Then, from the SmartConsole, I still see the red alert, which emphasizes that the IPS is expired.

Any idea how to solve this scenario, please?

Thank you.

Thanks for the update.

There two things to consider in this scenario.  If the new contracts have already been uploaded to the management server there is a chance they were not automatically pushed down to the gateways.  You can fetch the contracts from the management server by running the below command on the gateway; 

#contract_util mgmt

Once this is successful you can run # cplic print -x to verify if the new contracts have been updated.

Second, does the gateway have access to the internet?  IPS requires a one time entitlement check against updates.checkpoint.com to verify the new contract.  If the gateway is in a closed environment this can prevent the new contract from being recognized.

You can run # cpstat os -f licensing and the output provided will be what is reflected on the Smart Console GUI "Device & License Information" page.

Let me know if any of this helps.

Kevin,

Your recommendations were very good.

Already mitigated the alerts, and the updated contract is displayed from the command "cplic print -x".

Visually, from the SmartUpdate, I still see licenses "tied" to my GW, and this causes a bit of annoyance.

How can this be removed, so as not to "mess up" the view?

When I right click on the license object that is "tied" to my GW, and I say "DETACH", I get the alert (I share an image with you)

Could you tell me how to remove it, from the perspective of GuiDBedit (I think I understood you, that this can be corrected from this manager).

Thanks for your support.

Kevin,

I have tried to delete a certificate that should no longer appear "linked" to my GW (I leave you an image).

I am trying to do it through GuiDBedit, but it is impossible to delete the 2 matches I found regarding the certificate I want to delete, and if possible it should not appear visually in the SmartUpdate.

Is it possible to perform this task?

Greetings.

Glad things were able to update!  

I am not sure how to get the objects into read/write mode from read only.  Let me do some investigation.

In Smart Console check the below settings for your user

"Manage and Settings" > Permissions & Administrators.  I believe Common objects needs to be set to "write"

Hello, Kevin.

A query, is there a command similar to #contract_util mgmt, but applied from a Smart-1 box?

I have a Smart-1 box, which is dedicated for the SmartEvent blade, and it is already updated with the final license, but the "contract" is still showing a date too old.

Is there any command that can help me to refresh the contract date?

Regards.

Did you already try:

# cplic contract put -o <file name>.xml

Refer: sk43113