Re: Reactivate Firewall

clinton1 · ‎2023-05-30

As a troubleshooting step, I have decided to reactivate my checkpoint license. The purpose is to regenerate inactive components like threat extraction and content awareness which have remained inactive since the license was purchased. What is the best approach to reactivating an already existing checkpoint license and what are the perks if any? Thanks.

the_rock · ‎2023-05-30

Not sure I understand what you mean by reactivate the license statement? Is the license still valid, ie expiry date? If the license is valid, I personally dont see an issue with any of this.

Andy

Best,
Andy

Tal_Paz-Fridman · ‎2023-05-30

Check Point product licenses apply to two types of products (blades):

Permanent Blades like Firewall (CPSB-FW), IPSec VPN (CPSB-VPN) etc. - these licenses are valid indefinitely (perpetually)

Service Blades like Anti-Virus (CPSB-AV), Anti-Bot (CPSB-ABOT) etc. - these licenses need to be renewed in order to work and to download updates.

Obviously renewing Services Blades – Threat Prevention ones like IPS, Anti-Virus, Anti-Bot, Threat Emulation, Threat Extraction, Zero Phishing and Access Control ones like Application Control and URL Filtering will greatly improve your protection again a wide variety of threats.

clinton1 · ‎2023-05-30

Thanks for your response.

let me be more clear. I run a permanent IPS license which expires on September 30th. The issue is ever since the license was purchased, both threat extraction and content awareness licenses remained inactive. So as a troubleshooting step, someone suggested that maybe the threat extraction and content awareness will become active once the license is reactivated. It's kind of a worry for me because I don't want to disrupt the firewall.

the_rock · ‎2023-05-30

Just for context, below is full eval license with everything available, so you can compare to see what matches on your end

Andy

[Expert@quantum-firewall:0]# cplic print
Host Expiration Features
172.16.10.205 9Jun2023 CPSG-C-8-U CPSB-FW CPSB-VPN CPSB-IPSA CPSB-DLP CPSB-SSLVPN-U CPSB-IA CPSB-ADNC CPSG-VSX-25S CPSB-SWB CPSB-IPS CPSB-AV CPSB-URLF CPSB-ASPM CPSB-APCL CPSB-ABOT CPSB-CTNT CK-F9F160D43D1D

Best,
Andy

clinton1 · ‎2023-05-30

See inactive components in the screenshot for a better understanding

Chris_Atkinson · ‎2023-05-30

More Information is needed...

Please share the "cplic print" output from the gateway CLI and a screenshot of the blades tab from the gateway object properties in SmartConsole.

CCSM R77/R80/ELITE

the_rock · ‎2023-05-30

Based on what you sent, I checked my lab and would confidently say you are good to go.

Andy

Best,
Andy

clinton1 · ‎2023-05-30

when a license shows available but not active just like we see from the screenshot you shared, what can be done to make them active ? my reasons for all this in the first place. I presume all licenses should be active since they were all paid for.

see the cplic print output below

the_rock · ‎2023-05-30

Im 100% positive what it means is that they are available, but NOT activated yet. Reason I say this is because I verified on my gateway and all the ones showing green are enabled, see below

Andy

[Expert@quantum-firewall:0]# enabled_blades
fw vpn cvpn urlf appi ips identityServer SSL_INSPECT mon
[Expert@quantum-firewall:0]#

As you can see, blades I have enabled are:

fw

vpn

mobile access

URL filtering

app control

IPS

Identity awareness

https inspection

and monitoring

Best,
Andy

clinton1 · ‎2023-05-30

Thank you for the feedback.

But if that is the case can you kindly suggest steps for me to activate threat extraction and content awareness blades. Since you suggest that would suffice for solving the problem.

the_rock · ‎2023-05-30

I would confirm 100% with Account services team, but Im 99% sure this is all you need to do (enable and install policy)

Andy

Best,
Andy

Are you a member of CheckMates?

Reactivate Firewall