Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 

Easy Mobile User License Tool - Replaces "dtps lic"

HeikoAnkenbrand
Champion
Champion

emlt123.JPG

Introduction
In the past days I have been working on a CLI script that can display all Secure Client, SSL VPN  and Mobile Access Portal license information centrally. This script creates a new command on the management server to read the licenses. It displays all Secure Client, SSL VPN and Mobile Access Portal licenses in total (sum). Furthermore if a connection to the gateway can be established, it can read out the currently used user
...;
TO ACCESS CHECKMATES TOOLBOX it's simple and free

Disclaimer: Check Point does not provide maintenance services or technical or customer support for third party content provided on this Site, including in CheckMates Toolbox. See also our Third Party Software Disclaimer.




1 Solution

Accepted Solutions

HeikoAnkenbrand
Champion
Champion

Now in v0.6 with new parameter and features:

Syntax  Description
sclic -g The option -g shows all possible remote gateways from the topology (for option <remote gateway ip address>)
sclic - s <remote gateway ip address>  The option -s shows the number of logged in users and the peak value of the gateway for Secure Client, SSLVPN, Mobile Access Portal. Furthermore, existing licenses on the management server are disp
...;
TO ACCESS CHECKMATES TOOLBOX it's simple and free


33 Replies

Harry_Morgan
Contributor

Hi @HeikoAnkenbrand,

This is a very nice solution and it works great.

;
TO ACCESS CHECKMATES TOOLBOX it's simple and free


Jan_Elbers
Participant

Hi  @HeikoAnkenbrand 

I have another SuggestionYou could also include the used office mode IP addresses:-)

fw tab -t om_assigned_ips -s

Regards

Jan

 

;
TO ACCESS CHECKMATES TOOLBOX it's simple and free


MattElkington
Participant

I'm not sure this will always work.

I have encountered Endpoint licenses with the key format "CPVP-VSC-25-NGX" instead of "CPVP-VSC-5-NGX+30", and your one line specifically search for "CPVP-VSC-5-NGX+"

 

For instance (anonymised, but from an actual manager):

 


   1.2.3.4 never CPVP-VPS-1-NGX CPVP-VSC-5-NGX+100 CPEP-SUBSCR CPSB-SWB CK-1ABCD123A123 1.2.3.4 never CPVP-VPS-1-NGX CPVP-VSC-5-NGX+30 CPEP-SUBSCR CPSB-SWB CK-1ABCD123A123 1.2.3.4 never CPVP-VPS-1-NGX CPVP-VSC-25-NGX CPE
...;
TO ACCESS CHECKMATES TOOLBOX it's simple and free


HeikoAnkenbrand
Champion
Champion

I will extend the script.

;
TO ACCESS CHECKMATES TOOLBOX it's simple and free


HeikoAnkenbrand
Champion
Champion

Hi @MattElkington,

THX for the information. I have modified the scripts accordingly. Can you test it again.

Regards

Heiko

;
TO ACCESS CHECKMATES TOOLBOX it's simple and free


MattElkington
Participant

Hi  @HeikoAnkenbrand , thanks, I gave it a test and it didn't show any up.


   Secure Client licenses (CPVP-VSC-5-NGX): 140 Secure Client licenses (CPVP-VSC-25-NGX):
  

 

I think you're not checking the string correctly.

With CPVP-VSC-25-NGX it's the 25 which changes to reflect the number of seats, so you can't check for CPVP-VSC-25-NGX, as there probably exist CPVP-VSC-50-NGX and CPVP-VSC-100-NGX out there.

My regex skills aren't good enough to work out how to extract just t

...;
TO ACCESS CHECKMATES TOOLBOX it's simple and free


HeikoAnkenbrand
Champion
Champion

It works fine with your textfile:-)

 


   [Expert]# cat test.txt |grep never | grep -o -E "CPVP-VSC-25-NGX|CPVP-VSC-50-NGX|CPVP-VSC-100-NGX" | sed 's/CPVP-VSC-//g' | sed 's/-NGX//g' | awk '{ total1 = total1 + $1 } END { print total1 }' 50
  

I can see the 50 CPVP-VSC-25-NGX licenses.

 

;
TO ACCESS CHECKMATES TOOLBOX it's simple and free


MattElkington
Participant

   echo -n "Secure Client licenses (CPVP-VSC-5-NGX+xx): "; cplic print |grep never | grep -v -E "CPVP-VSC-[0-9]+-NGX " |grep -o -E "CPVP-VSC-5-NGX+........" |sed 's/CPVP-VSC-5-NGX+//g' |awk '{ total = total + $1 } END { print total }'; echo -n "Secure Client licenses (CPVP-VSC-xx-NGX): "; cplic print |grep never | grep -o -E "CPVP-VSC-[0-9]+-NGX " | sed 's/CPVP-VSC-//g' | sed 's/-NGX//g' | awk '{ total1 = total1 + $1 } END { print total1 }' ; echo "User Center Key:"; cplic print |grep ne
...;
TO ACCESS CHECKMATES TOOLBOX it's simple and free


HeikoAnkenbrand
Champion
Champion

Hi @MattElkington,

FYI:

I made a CLI command from the onliner.
You can now also check the used licenses on the gateway 🙂

Regards

Heiko

;
TO ACCESS CHECKMATES TOOLBOX it's simple and free


HeikoAnkenbrand
Champion
Champion

I found this on a license:

CPVP-VPS-1-NGX CPVP-VSC-25-NGX CPVP-VSC-5-NGX+25 CPEP-SUBSCR CPSB-SWB CK-XXXXXXXXXX

Hmmm

;
TO ACCESS CHECKMATES TOOLBOX it's simple and free


0 Kudos

mike123
Participant

Hi  @HeikoAnkenbrand,

nice tool!

Maybe you can also add SNX and MOB licenses.

Best Regards

Mike

;
TO ACCESS CHECKMATES TOOLBOX it's simple and free


0 Kudos

HeikoAnkenbrand
Champion
Champion

Now for following:
- Secure Client licenses
- Mobile Access Portal licenses
- SSLVPN licenses

;
TO ACCESS CHECKMATES TOOLBOX it's simple and free


sabil
Participant

Hi  @HeikoAnkenbrand

great job!

Best greetings
Sabil

 

;
TO ACCESS CHECKMATES TOOLBOX it's simple and free


0 Kudos

Fernando_Lopez
Explorer

Great Work!

Does it work for VSX?

Regards!

;
TO ACCESS CHECKMATES TOOLBOX it's simple and free


0 Kudos

HeikoAnkenbrand
Champion
Champion

Hi  @Fernando_Lopez 

I still have some ideas!

- Support for VSX will follow.
- Automatic detection of all gateways with a selection list

Regards
Heiko

;
TO ACCESS CHECKMATES TOOLBOX it's simple and free


Arne_Boettger
Contributor

Hi,

is there any way to help you make it work with VSX?

I am asking because this would be very helpful for us.

Kind regards,

Arne

;
TO ACCESS CHECKMATES TOOLBOX it's simple and free


uror
Contributor

Hi  @HeikoAnkenbrand,

The automatic installation is great, but you may need a firewall rule from SMS to internet.

;
TO ACCESS CHECKMATES TOOLBOX it's simple and free


0 Kudos

HeikoAnkenbrand
Champion
Champion

New in v0.5:

- shows gateways from the topology (IP, gateway name) as list ( option -g)

- read endpoint VPN user statistics from gateway -> centralized from management server 

- now for Endpoint VPN User (old Secure Client), SSL VPN user and MOB user statistics

- now for Endpoint VPN- , SSL VPN- and MOB licenses

 

;
TO ACCESS CHECKMATES TOOLBOX it's simple and free


Wolfgang
Leader
Leader

@HeikoAnkenbrand 

how about including the VPN licenses coming with every SandBlast Agent license?

SandBlast-license.PNG

Wolfgang

;
TO ACCESS CHECKMATES TOOLBOX it's simple and free


0 Kudos

HeikoAnkenbrand
Champion
Champion

Hi @Wolfgang.

THX - Is included in v0.5

SC_Bild10.JPG

;
TO ACCESS CHECKMATES TOOLBOX it's simple and free


0 Kudos

HeikoAnkenbrand
Champion
Champion

Now in v0.6 with new parameter and features:

Syntax  Description
sclic -g The option -g shows all possible remote gateways from the topology (for option <remote gateway ip address>)
sclic - s <remote gateway ip address>  The option -s shows the number of logged in users and the peak value of the gateway for Secure Client, SSLVPN, Mobile Access Portal. Furthermore, existing licenses on the management server are disp
...;
TO ACCESS CHECKMATES TOOLBOX it's simple and free


Kleber_Castella
Explorer

great script, is it possible to include the percentage of CPU utilization of the gateway?

;
TO ACCESS CHECKMATES TOOLBOX it's simple and free


0 Kudos

libin
Explorer

Does this script is compatible in the MDS environment? 

;
TO ACCESS CHECKMATES TOOLBOX it's simple and free


0 Kudos

Martin_Raska
Advisor
Heiko, you are TOP as always :-), thanks for the script. ;
TO ACCESS CHECKMATES TOOLBOX it's simple and free


0 Kudos

marcinw
Participant

Hi,

It doesn't work for me I run it from "curl_cli", at the end when I try run command "sclic" I get notification "command not found", admin has UID 0  if it is relevant. thank you for help 

Marcin

;
TO ACCESS CHECKMATES TOOLBOX it's simple and free


0 Kudos

_Val_
Admin
Admin

First command downloads the script. Of course, if you cannot download it, you cannot then execute it either. 
To help you,  @HeikoAnkenbrand added the script itself in the post, after these words:

Or "copy and past" the following script block to your management server...

;
TO ACCESS CHECKMATES TOOLBOX it's simple and free


0 Kudos

mmunford_5701
Explorer

Hi Heiko, 

 

In my environment, it does not count the VPN license units in the attached screenshot...

 

 

;
TO ACCESS CHECKMATES TOOLBOX it's simple and free


0 Kudos

Christian_Koehl
Contributor

Hello Heiko,

When running your one-liner to download and install the script, it is copied to /usr/local/bin. This location is not in $PATH.

It may be better located in /usr/bin as this location is in $PATH.

Best regards,

Christian

;
TO ACCESS CHECKMATES TOOLBOX it's simple and free


Pentesec_Suppor
Explorer

Hello,

 

How does one update or delete this script. Is just replacing/deleting the file is enough?

 

Regards,
Jev

;
TO ACCESS CHECKMATES TOOLBOX it's simple and free


0 Kudos