- Products
- Learn
- Local User Groups
- Partners
- More
Welcome to Maestro Masters!
Talk to Masters, Engage with Masters, Be a Maestro Master!
Join our TechTalk: Malware 2021 to Present Day
Building a Preventative Cyber Program
Be a CloudMate!
Check out our cloud security exclusive space!
Check Point's Cyber Park is Now Open
Let the Games Begin!
As YOU DESERVE THE BEST SECURITY
Upgrade to our latest GA Jumbo
CheckFlix!
All Videos In One Space
Just wondering if anyone has a good idea how to check license "history" on the gateway as we suddenly lost all contracts and licenses from our VSX, here you can see that all VSX and blade licenses are gone..
Reapplied from local file again but little spooky as no one was logged in. Want to find out what happened
License corruption ? 😎
Penny just dropped! This appliance is under RMA process and replacement arrived yesterday.. As soon as CP updated asset list in UC all the licenses were gone even though we have had not even opened the box..
just because we are synching CMA / mgmt with UC:
OUCH! Not good at all CP! Could have resulted in some major outage...
This had resulted in a big outage last week ! RMA for Recovery BIOS boot, GW node in production as Active in VSX HA Cluster. Replacement has arrived at noon, and during the night, VS Quota went from 10 to 0. No failover happened as the is no license pNote in ClusterXL, TAC declared. All customers VSs went down until a manual failover could be done.
What we have learned: If you do RMA with VSX Clusters, install AllInOne Evals for every GW before the replacement arrives 😎.
@PhoneBoy this does not look right from support point of view - User Centre assets updates by RMA process killing production VSX! Could you find someone in support organisation to look at this?
This is currently escalated - the answer from TAC is clear. More a question of either timing or of procedure - EVAL is easily installed if you know why.
Thanks for raising this!
I am reviewing the process with the relevant teams to understand what needs to be changed/improved.
Sharon Elmashaly
VP, Customer Support
Great, good to hear! Let us know if you need any help / samples @SharonElmashaly
Hello,
I would like to update that after reviewing thousands of RMA events, we found this kind of incident to be extremely rare. Changing the current processes will have an impact on our ability to execute fast, as required in an event of RMA.
However, we are changing the communication and allowing the customer/partner to delay moving of Support and Services until approved explicitly.
This is clearly stated in the new RMA Confirmation Letter:
Dear Customer,
ATTENTION: It is a standard RMA procedure that Software Blades and Support transfer automatically from the Original unit to the Replacement unit upon receipt of delivery enabling the unit to be License ready. If you wish to delay this process, please contact Check Point Hardware Services directly through your ticket and request a delay.
Thank you again for sharing the feedback!
Great, it's probably not the "smoothest" method as it will be prone to human mistakes, but hopefully it helps most of those rare cases from going wrong and affecting production networks
Thank you, this is really needed - in the past, i have had customers aware of such issues that made me instruct CP before the RMA concerning licenses. I would suggest another process instead of delay: Move a full eval license into customers UC and instruct him to install it in the unit to be replaced - 30 days should be enough for a maintenance window at nearly every customer...
Hi Kaspars_Zibarts,
We had the same situation yesterday !
The device was RMA'd months ago. Yesterday all of a sudden all licenses gone. Total VPN outage. Luckily it was a cluster we failed over to the other node(which had its licenses) and everything started working.
Had to log a case and get TAC to re-apply the correct licenses by pointing them to the old RMA'd ck ...and asking that they apply those licenses to the new ck.
Not fun .
We faced the same issue with the two last RMAs, in both cases were not a critical issue, so the appliance was working. We lost the licenses with the RMA process and VPNs stopped working.... big outage.
This process should be reviewed.
Currently a question: What would be the best procedure with a basically working appliance to get the new replacement into production? All preparation and vsx_util reconfigure needed ?
Correct - set up underlaying GAIA interfaces, DNS, routes, license (you can bastartise GAIA backup to do that), then vsx_util_reconfigure. Plus any SSH keys and local scripts/cronjobs if you had any.
In general for VSX:
Indeed the process is being evaluated. We werent aware of this till your report
TNX for raising it
Dorit
About CheckMates
Learn Check Point
Advanced Learning
YOU DESERVE THE BEST SECURITY