This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
skandshus
Advisor
Advisor
‎2023-08-31 01:01 PM

Harmony endpoint Remote-access and remote-access License

Confused here.

Hoping you can help.

 

i bought Harmony endpoint back in the days and i was told from the local check point office that it included remote access to my gateway so i did not need to purchase that seperately.

 

but after i have 30 people working from home now, suddenly i get a message saying that there isnt enough licenses when trying to connect to my VSX gateway..

 

it will only allow 5 client to connect,(default amount)

i have reached out to my local SE office but the people there does not seem to know how to fix this, and they told that i was able to go to the user center and re-download the license, but if i do that, my license will stop going to harmony cloud because licensing will require an ip adresse i must type in my user center before i can download my ip address.

 

So does anybody know how the actual approach here is. i feel like check-point is making a lot of guess work and not actually helping me achieve my goal.


See attached photo. Right now my harmony endpoint is licenses for Cloud. but how do i generate the license so i can install it on my VSX setup so i can allow remote access to more than the 5 user which are defalt allowed connection

Preview file
90 KB
0 Kudos
8 Replies
G_W_Albrecht
Legend Legend
Legend
‎2023-09-05 02:26 AM

Strange - according to the license you have 25 seats for VPN available, and did last licensing on August 31st. So you need more licenses (included 5 seat license VSC-5 will not add up). I would suggest to contact Account Services first to resolve that only 5 seat license VSC-5 is working instead of the NGX+25 add on RA VPN license. Do all users have EP client installed ?

CCSP - CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist
0 Kudos
skandshus
Advisor
Advisor
‎2023-09-05 02:41 AM
In response to G_W_Albrecht

Yep

My harmony mgmt server is in the cloud, so if i "license" my VPN license it will change the license and remove the cloud ip in the user center= removing licenses from harmony portal, which isnt something i would like 🙂

 

are you saying that the 5 licenses that you get default will get "removed" upon replacing with a license which holds x number of VPN seats? so if i need 30. i cant buy 25 and use the default 5? i have to pay for 30?

0 Kudos
G_W_Albrecht
Legend Legend
Legend
‎2023-09-05 03:33 AM
In response to skandshus

We had the same issue with a customer only last week ! The solution was to re-license the license VPN part only to the SMS central licensing IP and keep the Endpoint license as it is. I would suggest to make Account  Services do that as we had some issues (SMS IP was overwritten by Cloud IP during licensing) - although we made it work after all 😎

The included 5 users is a MAB / SSL VPN license for concurrent users and  will not add to the EP RA VPN per seat license ! You can buy only CP-HAR-ENDPOINT-LICENSE additional 5 seats to get 30 users licensed.

CCSP - CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist
0 Kudos
emmap
Employee
Employee
‎2023-09-05 02:37 AM

The licenses that you've highlighted there need to be licensed to the IP address of the management server managing the VSX. It'll then email you the 'cplic put' string to paste in to your mgmt server. When you license them, it will ask if you want them all licensed to the same IP - you don't, as you want to separate the VPN side from the rest of the endpoint stuff (assuming your endpoints are not managed from the same mgmt server as your VSX is).

0 Kudos
skandshus
Advisor
Advisor
‎2023-09-05 02:43 AM
In response to emmap

is there any SK's or anything like that explaining this.

i find it really tough to find good information on how to actually do this.


but to understand
I need to go to user center and license it to my mgmt server? which is an internal ip adresse in my case?

and then i dont have to license the actual gateway needed for this? is there a specific reason for this, when i usually have to license my gateway, but in this specific case it seems like im not supposed to license the gateways actually providing the vpn feature.

 

and how do i avoid removing my license from the harmony portal, as creating a license file in my user center would override the current cloud ip 164.x.x.x with my local mgmt server= removing my licenses from all my current user in the harmony endpoint cloud portal.

0 Kudos
G_W_Albrecht
Legend Legend
Legend
‎2023-09-05 03:16 AM
In response to skandshus

Open an SR# with Account  services ! They should be able to correct any license issues  and explain the best way to use the licenses.

CCSP - CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist
0 Kudos
Chris_Atkinson
Employee Employee
Employee
‎2023-09-05 04:21 AM
In response to skandshus

The Remote Access portion should reference the IP of the management server for the gateways, this allows multiple gateways in the environment to share/use this entitlement (seat count).

Environments that have separate gateway & endpoint management servers are licensed this way, cloud managed Harmony endpoint is simply a variation / extension of this use case.

As Emma said when you go through the licensing it will ask you to which IP each portion should be associated with if not the same. For Endpoint portion you specify the 164.x.x.x address and for VPN it's your SMS IP.

This allows you both to obtain the file to attach to VPN license to your management and to sync your infinity portal with the UC for the Harmony Endpoint entitlement.

(I'll reply with some specific steps later if it would be helpful for you just not at a PC currently)

CCSM R77/R80/ELITE
0 Kudos
Chris_Atkinson
Employee Employee
Employee
‎2023-09-05 05:42 AM
In response to Chris_Atkinson

1.) After Login into Support Center navigate to Product Center ensuring you have the account selected in which your Harmony Endpoint licensing resides.

2.) Click on or select your Harmony Endpoint row from the list and click "License" a new screen will appear titled License - Step 1 of 1

3.) Under License Information select "License for Cloud Management" toggling this will change (reduce) the lower portion of your view.

4.) Under the section "Please select the features you would like to license" there should be two options shown as follows:

CPSB-SB-EP-VPN (Endpoint VPN Blade)
CPSB-SBA-HARMONY

Each asks you to supply an IP address for the VPN field use your <SMS_IP> and for Harmony field use 164.100.1.8 (for Cloud Managed)

5.) Click "License" the screen will refresh and an email will be issued with further instructions. Namely to ensure your Infinity Portal account is associated with this UC account and to Sync it.

6.) If the email itself doesn't contain a license file attached simply return to product center, inspect the license line you just activated by clicking into it again.
(Don't worry if it hasn't immediately updated showing an IP address in the main product center view as there can be a lag but you should see this detail on the next screen.)

7.) Navigate to the "License Information" tab review the Module IP for each portion it should be different and choose "Get Last License"

8.) The screen will refresh and yield a table of options, simply select the "CPSB-SB-EP-VPN" line from those listed and click "Get License File".

9.) A license file for the Remote Access VPN license will be downloaded to your PC for attaching to your Management Server.

 

If you have any questions please ask (or consult Account Services as needed).

CCSM R77/R80/ELITE

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    CheckMates Events