Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
ANANTADSULE
Participant

Quantam Spark 1550 gateway licensing issue after upgrade R81.10.07

Hello everyone,

I'm facing licensing issue with Quantam Spark 1550 gateway after upgrade R81.10.07(996001430) from R81.10.00(996000575).

There was no issue With firmware R81.10.00(996000575) as HTTPS inspection was working fine but as soon as i upgraded R81.10.07(996001430) HTTPS inspection showing sometimes "Internal system error 1" & "Internal system error 2".

After opened case with TAC (T3),spending many hours in troubleshooting on zoom sessions with TAC T3 engineer suggested me to restore firewall to previous firmware version,but nothing helped me.

QS 1550 gateway "Webgui & cplic print" shows all licenses are valid,but cpstat os -f licensing showing URL & Application filtering license are not entitled. 

 

Thanks & regards.

0 Kudos
30 Replies
G_W_Albrecht
Legend Legend
Legend

I would suggest to try an USB Flash Firmware Upgrade

CCSP - CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist
0 Kudos
the_rock
Legend
Legend

Did you verify with Account services?

0 Kudos
ANANTADSULE
Participant

TAC engineer verified that there is no issue.

0 Kudos
the_rock
Legend
Legend

Right, TAC engineer, but what about someone from Account services (License team)?

Andy

0 Kudos
G_W_Albrecht
Legend Legend
Legend

Only needed if it is not working.

CCSP - CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist
0 Kudos
the_rock
Legend
Legend

I agree, but I still find it odd there is an issue with it, though box seems to be working...bit strange, in my opiniuon.

Andy

0 Kudos
ANANTADSULE
Participant

Nobody is from Account services team,Today i raised a sarvice request to Account services but they replied that it seems to be technical and assined to technical team.

0 Kudos
the_rock
Legend
Legend

Ok, I see what you mean. Thats a bummer, because sounds to me like it could be both. What did TAC engineer say? They dont see any issues? You may need to raise this with your Sales person.

Andy

0 Kudos
Chris_Atkinson
Employee Employee
Employee

What is the contract / entitlement start date?

sk110749: Application Control does not work on Locally managed Gaia Embedded devices

 

 

CCSM R77/R80/ELITE
0 Kudos
ANANTADSULE
Participant

 contract / entitlement start date 29 MAY 2023

0 Kudos
G_W_Albrecht
Legend Legend
Legend

But is URL filtering & Application Control working ? That is the main thing 😉

CCSP - CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist
ANANTADSULE
Participant

Not working.

Issue not resolved even after POA from R&D.

I have done following things.

1]Restored firewall to the factory firmware version is R80.20.15 (992001653) & configured it with wizard & activated license.

Only Threat emulation was showing entittled in CPSTAT OS -F LICENSING

2]Upgraded firmware to the firmware version is R81.10 (996000575) .after ugrading firmware HTTPS INSPECTION started for few minutes & then started bypassing traffic again.

CPSTAT OS -F LICENSING was showing the same results as URLF & APCL is not entittled.

0 Kudos
the_rock
Legend
Legend

Honestly, if I were you, I would try to get both TAC engineer and Account services person on the phone on the same remote and see if this can be solved.

Andy

0 Kudos
ANANTADSULE
Participant

It's seem very difficult because even i unable to connect on call assigned TAC engineer if i want to.

0 Kudos
the_rock
Legend
Legend

I would personally pick up the phone, call them and say it is urgent to fix, because it is.

0 Kudos
ANANTADSULE
Participant

This case is pending from 10 july 2023 till date.

0 Kudos
the_rock
Legend
Legend

Thats not acceptable in my view, you should push for escalation.

0 Kudos
G_W_Albrecht
Legend Legend
Legend

I see no error for URLF & APCL - looks like https inspection has some errors, but there are URLF & APCL logs that look correct...

Can you try the latest firmware R81.10.07 Build 996001430 for 1500 Appliances ?

CCSP - CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist
0 Kudos
ANANTADSULE
Participant

If URLF & APCL not enabled then https inspection will not work as seen in one of SK also told by TAC.

If you look at the post then you will find that issue occurred due to upgrade  R81.10.07 Build 996001430 &  URLF & APCL went not entittled in cpstat os -f licensing but shows valid in webgui & cplic print.

0 Kudos
Tom_Hinoue
Advisor
Advisor

I understand you already checked the "cpstat os -f licensing" command, but what does the following command output give you?

cpstat appi -f subscription_status
cpstat urlf -f subscription_status

If this output tells you the contract is expired, in my experience it's highly an issue with licensing and you should contact Account Services for them to fix it. Even though the status in WEBUI/cplic shows the End-Date, it does not tell you if you have issues like a "blank" period in your contract.

Also maybe you can try manual licensing by uploading the offline license file you can download from Product Center to see if the issue resolves as well.

0 Kudos
ANANTADSULE
Participant

cpstat appi -f subscription_status & cpstat urlf -f subscription_status showing expired.

also tried manual license upload but nothing helped.

0 Kudos
Tom_Hinoue
Advisor
Advisor

Better engage with Account Services again then.
I experienced many cases in the past where there really was an issue with the license file/contract in the end.

the_rock
Legend
Legend

Very valid point.

G_W_Albrecht
Legend Legend
Legend

I second that ! The given information shows a licensing issue (as firmware R80.20.15 does not resolve the issue) If Eval works perfectly, at least the pressure from customer is low.

CCSP - CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist
Tom_Hinoue
Advisor
Advisor

Forgot to mention... did you try adding an EVAL license to see if license is really the issue? Try...

1) From User Center -> Customer Acquisitions -> Product Evaluation, Generate a "ALL-IN-ONE" Evaluation License
2) For the IP Address you can either enter the WAN/LAN IP or just 127.0.0.1
3) Download the license file (CPLicenseFile.lic)
4) Enable bashUser and transfer the EVAL license to gateway to like "/storage"
5) Run the following command to apply the EVAL license

cplic put -l /storage/CPLicenseFile.lic

6) Wait for a few minutes and check the license is valid for the security blades with the following command (e.g. APPI/URL)

cpstat appi -f subscription_status
cpstat urlf -f subscription_status

7) Run the "configload_status" command in Expert and wait for the "configload_status" to show all stats "No Error"

Now check again if the APPI/URL/HTTPS policy is enforced for your connection.
If not, you may want to Enable/Disable blade or just reboot the appliance to check. 

If the EVAL works, then we know it is an issue with the original license. -> Consult with Account Services
If not, then there maybe issue with device status/configuration -> Consult with TAC

 

(2)
ANANTADSULE
Participant

Eval license works perfectly.  

0 Kudos
Tom_Hinoue
Advisor
Advisor

Great!

If EVAL works, then we now know there is high chance of an issue with your devices license, so I recommend you to consult with Account Services again with all the information we have. Good luck!

0 Kudos
starmen2000
Collaborator
Collaborator

It was also same when I did upgrade on smb. only solution that I found to create a license on the usercenter again and apply the lisence file or license code on the SMB. 

0 Kudos
ANANTADSULE
Participant

I didn't find any option to generate new license in usercenter.

Can you please elaborate,how to generate new one.

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events