Thanks @Chris_Atkinson for the response.   Let me see if I understand this right:

  Using a 4 node VSX cluster for 4 VSs  as an example, would it be fair to say we could deploy with these two possible license situations:

Option  1:

node 1 (Primary) has a CPSB-VS-5 license and nodes 2, 3 , & 4 all each need a  CPSB-VS-5-VSLS license.

Option  2:

node 1 (Primary) has a CPSB-VS-5 license and nodes 2, 3 , & 4  also have their own CPSB-VS-5 license

Option 1 licensing truly ties 3 of the members to only run in a VSLS cluster; with node 1 being able to run in a VSLS or as a single standalone VSX gateway.

Option 2 licensing provides all 4 gateways with options to be single VSX gateways or in a VSX/VSLS cluster; providing more options with the licenses in their deployment possibilities....but with a little higher cost 😉

Is that an accurate assessment or am I off?

Thank you @Chris_Atkinson .   Duly noted on the lack of 5 VS package.....my failed attempt for an example breakdown.  Should have just said '10' 😉

The VSLS SKU was something I was not aware of being 'legacy' but that would make sense on why the non-vsls license was recommended to us from our account team.     Can't blame a customer for asking....especially when VSLS was cheaper 😉

thanks again.  

Hi, 

also to check for virtual switch/virtual routers that are not counted as VS License, will they need to be accounted for management server license ? 
example for a management server of 5 gateways, with a single firewall of 10VS license, can the management server manages 5VS( with include of VS0) + 1 virtual switch? (Understand that VS0 is not counted for management license) 

thank you 

regards 

Virtual Switches/Routers are not counted.

VSX Management licensing is outlined in sk119075.

On older versions, routers definitely consumed a VS slot. Any idea when that changed?

how are other blade licenses done in regards to Virtual Systems?

Let's say I need IPS. So I need CPSB-IPS-X2L and CPSB-IPS-X2L-HA (for a large appliance)

Are all Virtual Systems licensed with IPS if I buy these for 'VS0' - or would each individual IPS enabled VS need this license.

Thanks,

Henrik

VS is covered by whichever blades the appliance is licensed for.

Thank you - We have been running on a EBP-NGTP free for all, so did not have to think about it.

This may continue, but I see that we pay for the privilege. Not having an EBP license hurts flexibility of course.

Appliance support can be renewed with CPSB-NGFW-XXX bundle - but links describing license features link to generic https://www.checkpoint.com/products/ page. The description is high level at: "Check Point Next Generation Firewall Gateway Blades Package (including IPS blades and Application Control)" - Or maybe it is exactly this? 🙂

That would mean adding CPSB-ADNC for normal clusterxl and securexl and CPSB-VPN for ipsec (s2s)? or are these included in CPSB-NGFW?

Maybe I am missing an obvious blade license, not sure. 

Thanks

The last page of this document should help:

https://www.checkpoint.com/downloads/products/check-point-appliance-comparison-chart.pdf