Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
LostBoY
Advisor

Support Renewal Warning on Gateways

Hello,

I have 6 Products in my environment 4 Gateways and 2 Mgmt Servers. It is a DC/DR Setup with 2 Gateways and 1 Mgmt in each Data Center. Suddenly i am getting a license expiration warning on Antivirus and Antibot Blades in 2 of the 4 Gateways only. When i checked the SmartAccount along with the built in blades there are additional blades with 2 year support for Antivirus and Antibot Blades available. My Question is why i am getting this warning in only 2 of the 4 gateways , also as i can see additional blades available in the account will they be incorporated automatically once the built in one expires ? What are the after effects if the license/support expiration ? will it affect production environment ?

 

Thanks

0 Kudos
10 Replies
G_W_Albrecht
Legend Legend
Legend

I  would suggest to open a ticket with Account Services and have them look into and correct it !

CCSP - CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist
0 Kudos
KS
Contributor

Attach spare blades to gateways that don't have them.
I assume that when you check "Blades" tab you have total 4 AntiBot and 4 AntiVirus blades and 2 of each are Available to attach.
Open AV/AB blades details check spare ones and attach each of them or to Gateway(local) or to SMS managing GW(central).
This process recently became more simple and you shouldn't have problems figuring it out. Check IPs carefully as you have limited number of changes available 😉
LostBoY
Advisor

Thanks,
There are a total of 6 AV and 6 AB blades and they are already attached to the gateway...when i click on each gateway individually i can see them under additional blades category...Moreover this expiration is warning is appearing only for 2 out of a total of 4 Gateways and all of them have similar licensing
0 Kudos
Daniel_Taney
Advisor

I had this exact problem after our past two renewals. First, I would make sure that the Gateways showing the license warning for AB/AV can, in fact, connect to Check Point. The first time I encountered this, we had upgraded the GW's to R80 right after the renewal and the "phone home" behavior definitely changed after the upgrade. These GW's sat behind other Firewalls, so I had to write access rules explicitly allowing the traffic. If you look in your logs for traffic sourced from the Gateways and/or Gateway Cluster object, you should be able to spot those connections. 

I would also make sure your Contract file is up to date. Once you know your contracts are good. Go to the command line of the GW and run "contract_util mgmt". This should force the Gateway to update its contract file with the one on the management server. Hopefully, one of these steps will help you.

The second time this happened, I went many rounds between TAC and Account Services and no one could find a problem with licenses or validation on our GWs. The issue was determined to be "cosmetic" and once we passed the previous expiration date, the Gateways' Licenses cleared out and started showing the correct expiration without any warnings. It was very strange and a little troublesome waiting to see if something was going to break, but it did exactly what CP said it would.

Worst case, you can generate an all-in-one eval license and put it on the Gateway if it doesn't clear. You may want to have one or two on hand in case you need to drop them on. 

 

R80 CCSA / CCSE
LostBoY
Advisor

Thanks Daniel,

I checked the license information in the user center for the impacted gateway, i can see there are 2 sections there - 1) Built in Blades and 2) Additional Blades

in Built in Blades the AB/AV is showing expiration in 2019  but the same blades are present in the Addtional Blades category with an expiration date of 2023. I am not sure why the additional blades are not included when they are already attached.

Moreover in the management center the CPSB-COMP-5-1Y  blade is expiring soon. My question is once these blades expires will i loose connectivity through smartconsole ? 

 

Thanks

0 Kudos
Daniel_Taney
Advisor

Seeing the 2019 expiration in one place and a later (2023) expiration in another was the same "cosmetic" symptom we saw.

If you haven't already, I would still suggest opening a ticket with Account Services just in case. I'd hate to lead you down the wrong road saying something will be ok when it may not be 😀

R80 CCSA / CCSE
Vladimir
Champion
Champion

I am presently working with the client experiencing similar issues:

All of a sudden, only all IPS licenses reported that the Evaluation will expire in ## of days.

There were never dedicated evaluation licenses installed on these gateways and the dates were way out of initial 15 days grace period.

Needless to say, prior to that, all of the gateways were properly licensed.

All but one gateways re-registered two days past expiration and started showing expiration date on IPS only.

One of the gateways refused to re-license and I had to follow sk105757 to clear the cache and re-fetch the license.

Perhaps coincidentally, this same gateway is now having number of issues related to IPS, such as "HTTP parsing error occurred, bypass request", "Countries DB download has failed" and no logs shown for the rules in the Threat Prevention policy.

0 Kudos
LostBoY
Advisor

hard to understand the behaviour tbh... i have opened a ticket with account services..will update here the cause and solution
0 Kudos
Maarten_Sjouw
Champion
Champion

The process is actually quite simple, first thing you do is go into the Manage Licenses and Packages (SmartUpdate) tool, from there you first remove all contracts for the impacted gateway, then update contracts from UserCenter.
When that is done, close Smart Update.
Now ssh to the gateway and go into Expert mode.
type: contract_util mgmt
Wait for a couple of hours, if the problem still persists after this, contact CP account services.
Regards, Maarten
LostBoY
Advisor

The issue got resolved with the help of tech support so i thought i will update the cause here as well...

 

The issue was only cosmetic where the user center was displaying the original contract and its ending date...if a secondary contract or support for blades was purchased it amends into that contract but it only activates after the current one expires and hence it will show a cosmetic warning message in the smartconsole for the time being...this can be confirmed by running cplic print to observe the support end dates and if the expected dates are there then there is nothing to worry about.

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events