This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Sal_Previtera
Contributor
‎2023-02-13 06:46 AM
Jump to solution

VPN remote access licenses.

 

R81.10 HFA 83 

I do not seem to be able to get a correct answer on what is, the license on our FW mgmt or Firewall gateway cluster required for VPN remote access on Premises.

To clarify, these are NOT Endpoints managed by Endpoint management server ...but Capsule, IPSEC vpn, etc.

Any idea of license name I should look for?

Thanks,

 

 

0 Kudos
1 Solution

Accepted Solutions
PhoneBoy
Admin
Admin
‎2023-02-13 04:29 PM
In response to Sal_Previtera
Jump to solution

If you're just looking for basic remote access with Office Mode support, get a Mobile Access Blade license for the number of concurrent users you expect to connect concurrently.
MAB licenses are sold in 50, 200, or Unlimited packs.
You don't have to enable Mobile Access Blade or otherwise change your existing configuration.
However, each gateway users will connect to need a MAB license.

Note that MAB does NOT offer Endpoint Firewall or Compliance features (except for SCV).
Your existing Endpoint licenses will probably work for that.

View solution in original post

0 Kudos
7 Replies
Chris_Atkinson
Employee Employee
Employee
‎2023-02-13 06:50 AM
Jump to solution

Capsule typically is Mobile Access, however please refer sk67820 for a detailed answer based on the specific VPN client choice.

CCSM R77/R80/ELITE
0 Kudos
PhoneBoy
Admin
Admin
‎2023-02-13 07:11 AM
Jump to solution

The following tool will help identify how many users (of what type) are licensed in your installation: https://community.checkpoint.com/t5/Scripts/Easy-Mobile-User-License-Tool-Replaces-quot-dtps-lic-quo...

0 Kudos
Danny
Champion Champion
Champion
‎2023-02-13 10:40 AM
Jump to solution

Additionally you can verify your current licenses with this tool as recommended in sk166032.

Sal_Previtera
Contributor
‎2023-02-13 01:23 PM
In response to Danny
Jump to solution

Thank you, Danny and Phoneboy....

The enterprise where I work, has decide not to use the full-blown CP ENDPOINT(s) , just CP remote access VPN...

(Please, do not ask me why...LOL).

Would the VPN use the Secure-Remote licenses instead of Endpoint Connect licenses?

Thanks...

REMOTE ACCESS VPN STATS - Current
----------------------------------------------------------------------
Assigned OfficeMode IPs : 198 (Peak: 453)
Capsule/Endpoint VPN Users : 197 (Peak: 455) using Visitor Mode: 2
Capsule Workspace Users : 0 (Peak: 0)
MAB Portal Users : 0 (Peak: 0)
L2TP Users : 0 (Peak: 0)
SNX Users : 0 (Peak: 0)

LICENSES
----------------------------------------------------------------------
SecuRemote Users : 30000
Endpoint Connect Users : 1350
Mobile Access Users : 10
SNX Users :

0 Kudos
PhoneBoy
Admin
Admin
‎2023-02-13 01:36 PM
In response to Sal_Previtera
Jump to solution

If users were using SecuRemote, they would not show up under "Assigned Office Mode" or "Capsule/Endpoint VPN Users" as SecuRemote does NOT support Office Mode.
Which means you clearly have the required licenses necessary for Remote Access.
To confirm exactly what kind of licenses you have, please provide a cplic print from your gateway.

0 Kudos
Sal_Previtera
Contributor
‎2023-02-13 03:10 PM
In response to PhoneBoy
Jump to solution

CPAP-SG2350X CPSB-FW CPSM-C-2 CPSB-VPN CPSB-NPM CPSB-LOGS CPSB-IA CPSB-SSLVPN-5 CPSB-ADNC CPSB-IPS CPSB-URLF CPSB-APCL CPSB-AV CPSB-ABOT-L CPSB-DLP CPSB-ASPM CPSB-CTNT

If I understand you correctly, since Secureremote  does not support OFFICE Mode, then we still need to carry over ENDPOINT license that we currently have 1350...maybe a lot less, since out peek was less 500..to be able to use Office Mode. Thanks

LICENSES
----------------------------------------------------------------------
SecuRemote Users : 30000
Endpoint Connect Users : 1350
Mobile Access Users : 10
SNX Users :

0 Kudos
PhoneBoy
Admin
Admin
‎2023-02-13 04:29 PM
In response to Sal_Previtera
Jump to solution

If you're just looking for basic remote access with Office Mode support, get a Mobile Access Blade license for the number of concurrent users you expect to connect concurrently.
MAB licenses are sold in 50, 200, or Unlimited packs.
You don't have to enable Mobile Access Blade or otherwise change your existing configuration.
However, each gateway users will connect to need a MAB license.

Note that MAB does NOT offer Endpoint Firewall or Compliance features (except for SCV).
Your existing Endpoint licenses will probably work for that.

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    CheckMates Events