This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
LeeBingKang
Advisor
‎2023-07-31 09:14 PM
Jump to solution

Proper way to insert license to a Gaia OS security gateway that manage by Smart1-Cloud

Hi All,

 

I would like to seek your advice on the proper way to insert license on a Gaia OS security gateway that managed by Smart1 Cloud and the whole story is like this:

 

Recently, I had a project whereby upgrade and split a standalone firewall into distributed mode (managed by smart1-cloud).

Upgrade process done successfully and the firewall able to establish MaaS tunnel and also SIC to the smart1-cloud.

However, we faced a minor roadblock on the insert license whereby we don't know which ip address we should put into the license with certain reasons below:

a. usually we will put the firewall object ip address into the license, but we can't make it as the firewall object in the smart1-cloud is MaaS tunnel ip and this ip will change if the MaaS tunnel reset (In the case of firewall down due to RMA, etc)

 

b. we also not confirm whether put other physical interface as license ip is recommended.

 

Lastly, please let me know if you need any further information from me on this post.

 

Thank you.

0 Kudos
1 Solution

Accepted Solutions
Chris_Atkinson
Employee Employee
Employee
‎2023-07-31 10:41 PM
Jump to solution

In Smart-1 Cloud the Management Server holds an internal IP address, which is inaccessible from the outside.

Usually it is not necessary to know or use the Management IP address, but in some cases you are required to provide it.

Because the Management IP address is internal, it is the same for all deployments.

Therefore, when required to use the Management IP address, such as Central License, use this IP address: 100.64.0.52.

Source: https://sc1.checkpoint.com/documents/Infinity_Portal/WebAdminGuides/EN/Check-Point-SmartCloud-Admin-...

CCSM R77/R80/ELITE

View solution in original post

7 Replies
Chris_Atkinson
Employee Employee
Employee
‎2023-07-31 10:41 PM
Jump to solution

In Smart-1 Cloud the Management Server holds an internal IP address, which is inaccessible from the outside.

Usually it is not necessary to know or use the Management IP address, but in some cases you are required to provide it.

Because the Management IP address is internal, it is the same for all deployments.

Therefore, when required to use the Management IP address, such as Central License, use this IP address: 100.64.0.52.

Source: https://sc1.checkpoint.com/documents/Infinity_Portal/WebAdminGuides/EN/Check-Point-SmartCloud-Admin-...

CCSM R77/R80/ELITE
LeeBingKang
Advisor
‎2023-07-31 11:24 PM
In response to Chris_Atkinson
Jump to solution

Hi Chris and thanks for your reply. May i know what should we do if the license for the security gateway is local license?

0 Kudos
Chris_Atkinson
Employee Employee
Employee
‎2023-07-31 11:44 PM
In response to LeeBingKang
Jump to solution

Is there a reason central license can't  be generated / used?

CCSM R77/R80/ELITE
0 Kudos
LeeBingKang
Advisor
‎2023-07-31 11:50 PM
In response to Chris_Atkinson
Jump to solution

Hi Chris. I think there is no issue on the central license, and i just wonder how to apply the license if we use local license.

0 Kudos
Chris_Atkinson
Employee Employee
Employee
‎2023-07-31 11:56 PM
In response to LeeBingKang
Jump to solution

Local license is a legacy method with limitations (refer: sk62685).

CCSM R77/R80/ELITE
0 Kudos
LeeBingKang
Advisor
‎2023-08-01 12:50 AM
In response to Chris_Atkinson
Jump to solution

Hi Chris. thank you for your information provided just now and i have go through the SK.

 

I will give a try to change the license IP to 100.64.0.52 and attached the firewall to see if its work or not.

 

I will give my update on next Monday.

0 Kudos
LeeBingKang
Advisor
‎2023-08-06 10:29 PM
In response to LeeBingKang
Jump to solution

Hi @Chris_Atkinson , the way you mentioned is working fine.

 

Thank you for your help and kind patience on my reply.

Upcoming Events

    CheckMates Events