- Products
- Learn
- Local User Groups
- Partners
-
More
Celebrate the New Year
With CheckMates!
Value of Security
Vendor Self-Awareness
Join Us for CPX 360
23-24 February 2021
Important certificate update to CloudGuard Controller, CME,
and Azure HA Security Gateways
How to Remediate Endpoint & VPN
Issues (in versions E81.10 or earlier)
Mobile Security
Buyer's Guide Out Now
Important! R80 and R80.10
End Of Support around the corner (May 2021)
I'm looking for Bash command to show the number of permitted (licensed) cores of any Check Point GAiA system, even when CoreXL is not enabled.
Thanks in advance!
I created this one-liner:
case `cpstat os | grep "Appliance Name" | tr -s ' ' | cut -c17-21` in Check) grep -c ^processor /proc/cpuinfo;; *) cplic print -p 2>/dev/null | tr ' ' '\n' | grep fw1:6.0:mc_all_ | cut -c 16- | awk '{ sum += $1 } END { print sum }';; esac
and added it to our Common Check Point Commands (ccc) script.
Scripting is cool, but why not simplify it, by using the good old CLI command?
fw ctl get int fwlic_num_of_allowed_cores
fwlic_num_of_allowed_cores = 16
It’s encoded in the license string, which means cplic print -p should show it.
I created this one-liner:
case `cpstat os | grep "Appliance Name" | tr -s ' ' | cut -c17-21` in Check) grep -c ^processor /proc/cpuinfo;; *) cplic print -p 2>/dev/null | tr ' ' '\n' | grep fw1:6.0:mc_all_ | cut -c 16- | awk '{ sum += $1 } END { print sum }';; esac
and added it to our Common Check Point Commands (ccc) script.
On my system, the above command shows I am licensed for 16 cores, which I know to be false.
My system has two CPSG-CPSM-EVAL licenses, each of which contains 8 cores.
Also, one of the licenses is expired
Licensed cores are NOT additive, either.
Licensed cores are NOT additive?
What is this SmartUpdate message meaning then:
I added a 4-Core license to an 8-Core Eval license and are told to licensed for 12 cores now. This means licensed cores are additive, no?
Technically they're not supposed to be.
Well.. I can see CoreXL technically using all 12 cores.
might be just a glitch with eval license
Technically this was the only way to license more than 8 cores before bigger core number came out
I found another issue with my one-liner when SMT is enabled:
The license contains just a string for 8 cores. However, with SMT enabled 16 cores are shown on the system and CoreXL actively uses them. Looks like I need to advance my one-liner a little more.
Did you try rebooting this system. Number of cores is checked during boot against the license. Any chance you have had eval and did not reboot after it expired?
In case gateway is using "new" license string where some features cannot be found in cp.macro, it gives you following output:
[Expert@GWA:0]# cplic print -p | tr ' ' '\n' | grep fw1:6.0:mc_all_ | cut -c 16- | awk '{ sum += $1 } END { print sum }'
Warning: Can't find ::CPSB-CTNT in cp.macro. License version might be not compatible
8
Its okay, eval license might contain more features than known and supported with the version you use
Jozko Mrkvicka : Could you please try if the following command resolves the Warning message?
cplic print -p 2>/dev/null | tr ' ' '\n' | grep fw1:6.0:mc_all_ | cut -c 16- | awk '{ sum += $1 } END { print sum }'
Hi Danny Jung,
Yes, it is solved now
[Expert@GWA:0]# cplic print -p 2>/dev/null | tr ' ' '\n' | grep fw1:6.0:mc_all_ | cut -c 16- | awk '{ sum += $1 } END { print sum }'
8
[Expert@GWA:0]#
You can update CCC with this updated syntax.
Thank you.
Added in version 3.3 of our Common Check Point Commands (ccc) script.
Lol, was about to answer just that
Scripting is cool, but why not simplify it, by using the good old CLI command?
fw ctl get int fwlic_num_of_allowed_cores
fwlic_num_of_allowed_cores = 16
On my 1490, that command returns 100000
On my regular gateway (which runs the standard All-in-One eval), it returns 16.
100000 - that's the way to go
About CheckMates
Learn Check Point
Advanced Learning
WELCOME TO THE FUTURE OF CYBER SECURITY