This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Garrett_DirSec
Advisor
‎2024-04-23 10:22 AM

updated method apply 30day eval key to SPARK SMB GAIA appliance

Hello -- posting this because current sk116465 out of date (or wrong). 

reference sk116465:

Licensing on Quantum Spark appliances

The key point of information in sk116465 specifies that license keys should be issued to localhost (because Quark purchased licenses are issued to MAC address).    Furthermore, the SK specifies that EVAL keys should be issued to localhost as well. 

This is WRONG as of R81.10.10 release.    I have not tested other versions.    I hope the below helps others.  -GA

Procedure to test:

  1. issue 30day eval key to UC account ##.   do NOT enter IP address.
  2. enter UC account and License 30day eval key.
  3. select "LOCAL" and enter loopback address for both (127.0.0.1).
  4. view license details and look for the command-line example for installation of GATEWAY portion of 30day key.
cpfw1>
cpfw1> cplic put 127.0.0.1 23May2024 at2S9jd3J-JjfFkbm46-QR9CfztzC-GiFLb8Xox CPSG-C-8-U CPSB-FW CPSB-VPN CPSB-IPSA CPSB-DLP CPSB-SSLVPN-U CPSB-IA CPSB-ADNC CPSG-VSX-25S CPSB-SWB CPSB-IPS CPSB-AV CPSB-URLF CPSB-ASPM CPSB-APCL CPSB-ABOT CPSB-CTNT CK-F47558932F41
 This license cannot be installed on the local machine:
 The license IP Address does not match any of the local machine's IP Addresses.
 If this license has an IP Address of the Security Management, use SmartUpdate to install it.
cpfw1>
 
 
However, if you following same procedure to provision local license and instead use IP address on SPARK appliance, this works.
 
Note:
  1. the warning msgs about "marketing name"
  2. the existing commercial license on 1500 appliance issued to 127.0.0.1 (using automatic "home phone" activation). 
 
cpfw1> cplic put 10.0.0.254 23May2024 af9tSH7bW-hivfec2AQ-2g2LgtPBX-7J5pNMGFj CPSG-C-8-U CPSB-FW CPSB-VPN CPSB-IPSA CPSB-DLP CPSB-SSLVPN-U CPSB-IA CPSB-ADNC CPSG-VSX-25S CPSB-SWB CPSB-IPS CPSB-AV CPSB-URLF CPSB-ASPM CPSB-APCL CPSB-ABOT CPSB-CTNT CK-37003EAF3318
 failed to get new marketing name from license
 failed to init the marketing name using the license string
 
Host             Expiration  Features
10.0.0.254       24May2024   CPSG-C-8-U CPSB-FW CPSB-VPN CPSB-IPSA CPSB-DLP CPSB-SSLVPN-U CPSB-IA CPSB-ADNC CPSG-VSX-25S CPSB-SWB CPSB-IPS CPSB-AV CPSB-URLF CPSB-ASPM CPSB-APCL CPSB-ABOT CPSB-CTNT CK-37003EAF3318
127.0.0.1        17Dec2024   CPAP-AP1550 CPSB-FW CPSG-C-4-U CPSB-VPN CPSB-SSLVPN-50 CPSB-IA CPSB-ADNC CPSB-ASPM CPSB-APCL-S1 CPSB-IPS-S1 CPSB-URLF CPSB-AV CPSB-ABOT-S CPAP-CLOUD-MGMT CK-00-1C-7F-AD-AB-60
 
 
****  I wanted to validate the commerical "home phone" activation license issued to localhost address could be removed.    **** 
 
Run 'cplic print -x' to get the license signature
 
 
cpfw1> cplic print -x
Host             Expiration  Signature                             Features
10.0.0.254       24May2024   af9tSH7bWhivfec2AQ2g2LgtPBX7J5pNMGFj       CPSG-C-8-U CPSB-FW CPSB-VPN CPSB-IPSA CPSB-DLP CPSB-SSLVPN-U CPSB-IA CPSB-ADNC CPSG-VSX-25S CPSB-SWB CPSB-IPS CPSB-AV CPSB-URLF CPSB-ASPM CPSB-APCL CPSB-ABOT CPSB-CTNT CK-37003EAF3318
127.0.0.1        17Dec2024   aLsW7s9RzEvjuihRQxDZ9P3LzCk2CgUQe2Pf       CPAP-AP1550 CPSB-FW CPSG-C-4-U CPSB-VPN CPSB-SSLVPN-50 CPSB-IA CPSB-ADNC CPSB-ASPM CPSB-APCL-S1 CPSB-IPS-S1 CPSB-URLF CPSB-AV CPSB-ABOT-S CPAP-CLOUD-MGMT CK-00-1C-7F-AD-AB-60
 
*** remove the localhost issued license via signature *** 
 
cpfw1> cplic del
Delete license from local machine:
cplic del [-F <output file>] <signature>
 
Run 'cplic print -x' to get the license signature
 
cpfw1> cplic del aLsW7s9RzEvjuihRQxDZ9P3LzCk2CgUQe2Pf
Host             Expiration  Features
10.0.0.254       24May2024   CPSG-C-8-U CPSB-FW CPSB-VPN CPSB-IPSA CPSB-DLP CPSB-SSLVPN-U CPSB-IA CPSB-ADNC CPSG-VSX-25S CPSB-SWB CPSB-IPS CPSB-AV CPSB-URLF CPSB-ASPM CPSB-APCL CPSB-ABOT CPSB-CTNT CK-37003EAF3318
 
cpfw1>
 
** The only attached license remaining is locally issued gateway portion of 30day eval key *** 
 
cpfw1> cplic print
Host             Expiration  Features
10.0.0.254       24May2024   CPSG-C-8-U CPSB-FW CPSB-VPN CPSB-IPSA CPSB-DLP CPSB-SSLVPN-U CPSB-IA CPSB-ADNC CPSG-VSX-25S CPSB-SWB CPSB-IPS CPSB-AV CPSB-URLF CPSB-ASPM CPSB-APCL CPSB-ABOT CPSB-CTNT CK-37003EAF3318
 
Contract Coverage:
 
 #   ID          Expiration   SKU
===+===========+============+====================
1  | NYVTX8D   | 22Jun2024  | CPSB-TE-EVAL
   +-----------+------------+--------------------
   |Covers:     CPSG-C-8-U CPSB-FW CPSB-VPN CPSB-IPSA CPSB-DLP CPSB-SSLVPN-U CPSB-IA CPSB-ADNC CPSG-VSX-25S CPSB-SWB CPSB-IPS CPSB-AV CPSB-URLF CPSB-ASPM CPSB-APCL CPSB-ABOT CPSB-CTNT CK-37003EAF3318
===+===========+============+====================
2  | L90ZJSP   | 22Jun2024  | CPSB-CTNT-EVAL
   +-----------+------------+--------------------
   |Covers:     CPSG-C-8-U CPSB-FW CPSB-VPN CPSB-IPSA CPSB-DLP CPSB-SSLVPN-U CPSB-IA CPSB-ADNC CPSG-VSX-25S CPSB-SWB CPSB-IPS CPSB-AV CPSB-URLF CPSB-ASPM CPSB-APCL CPSB-ABOT CPSB-CTNT CK-37003EAF3318
===+===========+============+====================
3  | OG2T515   | 26Mar2015  | CPCS-TE-EVAL
   +-----------+------------+--------------------
   |Covers:     CPSG-C-8-U CPSB-FW CPSB-VPN CPSB-IPSA CPSB-DLP CPSB-SSLVPN-U CPSB-IA CPSB-ADNC CPSG-VSX-25S CPSB-SWB CPSB-IPS CPSB-AV CPSB-URLF CPSB-ASPM CPSB-APCL CPSB-ABOT CPSB-CTNT CK-37003EAF3318
===+===========+============+====================
4  | 54VPJ6U   | 22Jun2024  | CPSB-IPS-EVAL
   +-----------+------------+--------------------
   |Covers:     CPSG-C-8-U CPSB-FW CPSB-VPN CPSB-IPSA CPSB-DLP CPSB-SSLVPN-U CPSB-IA CPSB-ADNC CPSG-VSX-25S CPSB-SWB CPSB-IPS CPSB-AV CPSB-URLF CPSB-ASPM CPSB-APCL CPSB-ABOT CPSB-CTNT CK-37003EAF3318
===+===========+============+====================
5  | AZ2NDWR   | 22Jun2024  | CPSB-TEX-EVAL
   +-----------+------------+--------------------
   |Covers:     CPSG-C-8-U CPSB-FW CPSB-VPN CPSB-IPSA CPSB-DLP CPSB-SSLVPN-U CPSB-IA CPSB-ADNC CPSG-VSX-25S CPSB-SWB CPSB-IPS CPSB-AV CPSB-URLF CPSB-ASPM CPSB-APCL CPSB-ABOT CPSB-CTNT CK-37003EAF3318
===+===========+============+====================
6  | AM5RON1   | 22Jun2024  | CPSB-ZP-EVAL
   +-----------+------------+--------------------
   |Covers:     CPSG-C-8-U CPSB-FW CPSB-VPN CPSB-IPSA CPSB-DLP CPSB-SSLVPN-U CPSB-IA CPSB-ADNC CPSG-VSX-25S CPSB-SWB CPSB-IPS CPSB-AV CPSB-URLF CPSB-ASPM CPSB-APCL CPSB-ABOT CPSB-CTNT CK-37003EAF3318
===+===========+============+====================
cpfw1>
 
And displays correctly in the license portion of SPARK WebUI
 
spark-license1.jpg
6 Replies
PhoneBoy
Admin
Admin
‎2024-04-23 10:55 AM

As far as I know, it was never allowed to generate a license to 127.0.0.1.
I always use the LAN IP when I do it, which has always worked.

0 Kudos
Garrett_DirSec
Advisor
‎2024-04-23 10:57 AM
In response to PhoneBoy

Hey @PhoneBoy .    all makes sense in retrospect.   However, everything we talking about in contrary to sk116465. 

0 Kudos
G_W_Albrecht
Legend Legend
Legend
‎2024-04-24 01:54 AM
In response to Garrett_DirSec

Never read sk116465. I also posted these details all here long ago: https://community.checkpoint.com/t5/SMB-Gateways-Spark/1400-1100-1200R-700-600-Appliance-Demo-Units/...

CCSP - CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist
0 Kudos
G_W_Albrecht
Legend Legend
Legend
‎2024-08-27 07:04 AM

You can use only an IF IP that is defined on the box - be the head WAN IP, an IF IP or the WLAN IP. Loopback IP is used in the real 15x0 license (was not used in 7x9/14x0 !), but i think only to adhere to the license format having the IP first, as it contains the MAC and IP does not count here.

CCSP - CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist
0 Kudos
G_W_Albrecht
Legend Legend
Legend
‎2024-08-28 01:07 AM

One very important point has to be added here: The use of AIO 1month eval is not possible with SMBs with Wifi - the license feature CPWIFI-EU is needed but missing from AIO.

CCSP - CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist
0 Kudos
G_W_Albrecht
Legend Legend
Legend
‎2024-08-28 01:14 AM

I did the feedback in the SK!

CCSP - CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist
0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    CheckMates Events
    Top