This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Beagle15
Employee
Employee
‎2022-01-25 01:48 PM

Can Remote Access IPsec VPN client licenses be shared across SMB and Quantum appliances?

in sk84560 :https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solut...  it says:

In order to use the Endpoint Security VPN client, an Endpoint Security VPN license is purchased. This license is applied to the Management server that manages the Remote Access gateways, and it creates a pool of licenses the Remote Access gateways share. This license is purchased based on the total number of endpoints. It is not a concurrent use license. 

My question is if you already currently have 100 x IPSec vpn client licenses on 1 x SMB appliance and the 5 x default IPsec vpn licenses on 1 x 3600 appliance can all the licenses be pooled together and managed in Smart 1 Cloud and used to terminate vpn tunnels for remote users on either the 3600 or the SMB appliances or is the IPSec tunnel termination linked just to a specific device? ie if you have 5 x IPsec licences on a 1x 3600 can you only terminate the tunnel on that 1x device? From the above sk it seems to imply all IPsec vpn client licenses can be pooled and shared to terminate remote access vpn clients and tunnels to any gateway type? Is that correct?

Can you also clarify what additive means in this article please?

Thank you very much.

0 Kudos
5 Replies
Chris_Atkinson
Employee Employee
Employee
‎2022-01-25 04:49 PM

SMB appliances come with Mobile Access (SSL) licenses that are bound to the appliance and cannot be shared.

If you buy licenses that can be used with Endpoint security VPN then those can be distributed centrally (from Mgmt) for IPSec clients.

Mobile Access licenses cannot be stacked on an Enterprise appliance such as a 3600 i.e.  you cannot buy MOB50 + MOB200 for a total of 250 instead you need to by the next license tier to cover the concurrent licensed needed.

CCSM R77/R80/ELITE
0 Kudos
Beagle15
Employee
Employee
‎2022-01-25 05:02 PM
In response to Chris_Atkinson

Thank you Chris. I was aware of the SSL Mobile Access license. I am only interested in the Ipsec vpn client license. Just to be totally clear you can use an Ipsec vpn client licence from a SMB appliance to terminate a tunnel on a 3600 appliance and vice versa so licences for just the Ipsec VPN client can be pooled regardless of whether they originated from an 3600 or an SMB appliance ie where you terminate the vpn client does not matter? Is my understanding correct? Thanks.

0 Kudos
Chris_Atkinson
Employee Employee
Employee
‎2022-01-25 05:05 PM
In response to Beagle15

SMB gateways don't have transferable VPN licenses.

IPsec Remote "Access VPN" or Endpoint  licenses purchased and applied to mgmt can be shared across appliances within an estate.

CCSM R77/R80/ELITE
0 Kudos
Beagle15
Employee
Employee
‎2022-01-25 05:15 PM
In response to Chris_Atkinson

Hello Chris, 

The sk above does not say this? That is not good news! Why is this not highlighted? I have a client whom has a lot of SMB appliances and a few enterprise appliances and they only want to terminate VPN Licenses on the enterprise appliances so basically they cannot use any of their SMB appliances VPN client licenses at all..... I will speak to the local CP account team and see if they can come to some arrangement. Are there any plans to change this? thanks.

0 Kudos
Chris_Atkinson
Employee Employee
Employee
‎2022-01-25 05:34 PM
In response to Beagle15

SMB appliances only have a built-in MOB license allocation for more than 5 users, at the top of the SK it says that each gateway must have its own MOB license allocation.

Endpoint Security / Access VPN is a different license available separately.

 

CCSM R77/R80/ELITE
0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    CheckMates Events
    Top