Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Highlighted

Endpoint VPN licensing issue

We have VSX cluster and has a VS which has EP VPN enabled running on R77.30 and has been upgraded to R80.30. Since the upgrade the VS EP users are unable to recieve Office mode IP, getting an error that we do not have licenses for office mode. But we do, the management server has 500 licenses. We have tried relicensing and attaching the license to CMA but it did not help. Applied EVALs to CMA with no luck. But if we apply EVAL licenses that are generated with the management IP of the gateways, the VS is able to fetch and see the users. I think it is taking the MOB licenses which give unlimited user licenses under EVAL and OM IP as well. 

Raised a TAC case and has been a week, but with no luck. Still running on EVALs on production. Has anything changed from R77.30 to R80.30 ? 

 

Licenses applied on CMA for VS. 

CPVP-VPS-1-NGX CPVP-VSC-5-NGX+500 CPEP-PERP CPSB-SWB CK-XXXX

CPEP-C-1+500 CPSB-EP-FW+500 CPEP-PERP CPSB-SWB CPSB-NGEP CK-XXXX 

 

Any help would be appreciated. 

0 Kudos
Reply
3 Replies
Highlighted
Admin
Admin

In general, and particularly with multi-domain, some legacy licenses like this will have issues in R8x.
Is your case a TAC case or an Account Services one?
The latter might be more appropriate in this case.

For as long as I remember anyway, gateways need to have a license for Office Mode (either Endpoint License, Mobile Access, or a combination).
For VSX the license is for the physical gateway (not individual VSes).
If I’m reading your license correctly, you have a SecureClient license, which falls under Endpoint and would be equivalent to the modern CPEP-ACCESS SKU (not listed in the Product Catalog but still orderable).

Account Services might be able to help in the short term.
Longer term, work with your local office and trade in these licenses (and other legacy ones) for modern SKUs.

0 Kudos
Reply
Highlighted

Thanks for the reply. The issue was initially with accounts services but they have suggested nothing wrong with the licenses we got and passed the issue onto technical TAC.  

"For VSX the license is for the physical gateway (not individual VSes)." - We have licensed the CMA managing the VS, this was working for years now till we upgraded. The VSX cluster has 4 gateways on it, I don't think we need to purchase set of 4x500 EP licenses and install on the gateways, also only one VS should recieve EP licenses. If we install license at gateway level , how would it know which VS these licenses belong. 

Will go back to accounts services to see if we needed a newer SKU for this. 

Thanks

 

0 Kudos
Reply
Highlighted

I have checked with account services and they confirm the SKU that I got is the right one. CPEP-ACCESS is the one that we see on the user center. When we install , the cplic print shows that licenses mentioned initially. The case is with TAC, waiting on a replication in checkpoint lab. 

0 Kudos
Reply