Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Maxim_Weinstein
Explorer
Jump to solution

Can't add license or update

I have a standalone 2200 appliance running Gaia R77.30. Since getting it installed, I haven't been able to apply a license or check for updates.

On the update side: I go to "Status and Actions" in CPUSE and get the following:

Error: Could not connect to the Check Point Cloud. Check your connection settings (Default Gateway, DNS and Proxy).
 
[Fri Aug 11 14:58:01 2017]: Didn't find any new packages
[Fri Aug 11 14:57:58 2017]: Checking for new available packages...
[Fri Aug 11 14:57:57 2017]: Received a request to update the available packages. Performing update.

Default gateway appears correct in "IPv4 static routes." DNS primary and secondary servers are set to Google DNS servers. Proxy is disabled, as there's no proxy server in use.

On the license side, I see what appear to be default perpetual licenses for basic functionality. The status reads as License OK. But nothing, not even firewall, is enabled on the main dashboard. I have a license in the UserCenter, and I have attempted to click Add and copy/paste the relevant parts of the .lic file. It parses it correctly (populates the fields appropriately), but then it tells me it's an invalid license file with no further information.

Any help is appreciated!

0 Kudos
1 Solution

Accepted Solutions
PhoneBoy
Admin
Admin

Those messages are consistent with a box that was not configured to be a firewall module.

In R80.10, at least, you get a much nicer message:

[Expert@mgmt:0]# fw stat

Local host is not a FireWall-1 module

I recommend you reimage the appliance. 

View solution in original post

0 Kudos
6 Replies
PhoneBoy
Admin
Admin

Can you provide the output of the CLI command cplic print?

The license is usually tied to the device IP address.

If the IP address of the license doesn't match one of the configured interfaces, the license will be considered invalid.

If this is an eval license, you should be able to generate a new one.

If this is your permanent license, you will need to contact Account Services.

0 Kudos
Maxim_Weinstein
Explorer

Thanks for the help.

The cplic print results are below. If I'm interpreting it correctly, it looks like my licenses are in effect. But then why are all blades greyed out on the Gaia home/dashboard screen? And why can't the box connect to Check Point for CPUSE, license checks, etc.?

Host Expiration Features
10.x.x.100 never CPAP-SG220X CPSB-FW CPSM-C-2 CPSB-VPN CPSB-NPM CPSB-LOGS CPSB-IA CPSB-SSLVPN-5 CPSB-ADNC CPSB-IPS-S1 CPSB-URLF CPSB-APCL-S1 CPSB-AV CPSB-ABOT-S CPSB-ASPM CK-xx-xx-xx-xx-xx-xx
10.x.x.100 never CPAP-SG220X CPSB-FW CPSM-C-2 CPSB-VPN CPSB-NPM CPSB-LOGS CPSB-IA CPSB-SSLVPN-5 CPSB-ADNC CPSB-IPS-S1 CPSB-URLF CPSB-APCL-S1 CPSB-AV CPSB-ABOT-S CPSB-ASPM CK-xx-xx-xx-xx-xx-xx
192.x.x.1 never CPAP-SG220X CPSB-FW CPSM-C-2 CPSB-VPN CPSB-NPM CPSB-LOGS CPSB-IA CPSB-SSLVPN-5 CPSB-ADNC CPSB-IPS-S1 CPSB-URLF CPSB-APCL-S1 CPSB-AV CPSB-ABOT-S CPSB-ASPM CK-xx-xx-xx-xx-xx-xx
192.x.x.1 never CPAP-SG220X CPSB-FW CPSM-C-2 CPSB-VPN CPSB-NPM CPSB-LOGS CPSB-IA CPSB-SSLVPN-5 CPSB-ADNC CPSB-IPS-S1 CPSB-URLF CPSB-APCL-S1 CPSB-AV CPSB-ABOT-S CPSB-ASPM CK-xx-xx-xx-xx-xx-xx

Contract Coverage:

# ID Expiration SKU
===+===========+============+====================
1 | AH3U1FF | 31Aug2017 | CPSB-EBP-TEX
+-----------+------------+--------------------
|Covers: CPAP-SG220X CPSB-FW CPSM-C-2 CPSB-VPN CPSB-NPM CPSB-LOGS CPSB-IA CPSB-SSLVPN-5 CPSB-ADNC CPSB-IPS-S1 CPSB-URLF CPSB-APCL-S1 CPSB-AV CPSB-ABOT-S CPSB-ASPM CK-xx-xx-xx-xx-xx-xx
| CPAP-SG220X CPSB-FW CPSM-C-2 CPSB-VPN CPSB-NPM CPSB-LOGS CPSB-IA CPSB-SSLVPN-5 CPSB-ADNC CPSB-IPS-S1 CPSB-URLF CPSB-APCL-S1 CPSB-AV CPSB-ABOT-S CPSB-ASPM CK-xx-xx-xx-xx-xx-xx
| CPAP-SG220X CPSB-FW CPSM-C-2 CPSB-VPN CPSB-NPM CPSB-LOGS CPSB-IA CPSB-SSLVPN-5 CPSB-ADNC CPSB-IPS-S1 CPSB-URLF CPSB-APCL-S1 CPSB-AV CPSB-ABOT-S CPSB-ASPM CK-xx-xx-xx-xx-xx-xx
| CPAP-SG220X CPSB-FW CPSM-C-2 CPSB-VPN CPSB-NPM CPSB-LOGS CPSB-IA CPSB-SSLVPN-5 CPSB-ADNC CPSB-IPS-S1 CPSB-URLF CPSB-APCL-S1 CPSB-AV CPSB-ABOT-S CPSB-ASPM CK-xx-xx-xx-xx-xx-xx
===+===========+============+====================
2 | FWADU14 | 31Aug2017 | CPSB-EBP-ASPM
+-----------+------------+--------------------
|Covers: CPAP-SG220X CPSB-FW CPSM-C-2 CPSB-VPN CPSB-NPM CPSB-LOGS CPSB-IA CPSB-SSLVPN-5 CPSB-ADNC CPSB-IPS-S1 CPSB-URLF CPSB-APCL-S1 CPSB-AV CPSB-ABOT-S CPSB-ASPM CK-xx-xx-xx-xx-xx-xx
| CPAP-SG220X CPSB-FW CPSM-C-2 CPSB-VPN CPSB-NPM CPSB-LOGS CPSB-IA CPSB-SSLVPN-5 CPSB-ADNC CPSB-IPS-S1 CPSB-URLF CPSB-APCL-S1 CPSB-AV CPSB-ABOT-S CPSB-ASPM CK-xx-xx-xx-xx-xx-xx
| CPAP-SG220X CPSB-FW CPSM-C-2 CPSB-VPN CPSB-NPM CPSB-LOGS CPSB-IA CPSB-SSLVPN-5 CPSB-ADNC CPSB-IPS-S1 CPSB-URLF CPSB-APCL-S1 CPSB-AV CPSB-ABOT-S CPSB-ASPM CK-xx-xx-xx-xx-xx-xx
| CPAP-SG220X CPSB-FW CPSM-C-2 CPSB-VPN CPSB-NPM CPSB-LOGS CPSB-IA CPSB-SSLVPN-5 CPSB-ADNC CPSB-IPS-S1 CPSB-URLF CPSB-APCL-S1 CPSB-AV CPSB-ABOT-S CPSB-ASPM CK-xx-xx-xx-xx-xx-xx
===+===========+============+====================
3 | 7E1G15E | 31Aug2017 | CPSB-EBP-ABOT
+-----------+------------+--------------------
|Covers: CPAP-SG220X CPSB-FW CPSM-C-2 CPSB-VPN CPSB-NPM CPSB-LOGS CPSB-IA CPSB-SSLVPN-5 CPSB-ADNC CPSB-IPS-S1 CPSB-URLF CPSB-APCL-S1 CPSB-AV CPSB-ABOT-S CPSB-ASPM CK-xx-xx-xx-xx-xx-xx
| CPAP-SG220X CPSB-FW CPSM-C-2 CPSB-VPN CPSB-NPM CPSB-LOGS CPSB-IA CPSB-SSLVPN-5 CPSB-ADNC CPSB-IPS-S1 CPSB-URLF CPSB-APCL-S1 CPSB-AV CPSB-ABOT-S CPSB-ASPM CK-xx-xx-xx-xx-xx-xx
| CPAP-SG220X CPSB-FW CPSM-C-2 CPSB-VPN CPSB-NPM CPSB-LOGS CPSB-IA CPSB-SSLVPN-5 CPSB-ADNC CPSB-IPS-S1 CPSB-URLF CPSB-APCL-S1 CPSB-AV CPSB-ABOT-S CPSB-ASPM CK-xx-xx-xx-xx-xx-xx
| CPAP-SG220X CPSB-FW CPSM-C-2 CPSB-VPN CPSB-NPM CPSB-LOGS CPSB-IA CPSB-SSLVPN-5 CPSB-ADNC CPSB-IPS-S1 CPSB-URLF CPSB-APCL-S1 CPSB-AV CPSB-ABOT-S CPSB-ASPM CK-xx-xx-xx-xx-xx-xx
===+===========+============+====================
4 | 4UR6632 | 31Aug2017 | CPES-SS-STANDARD-ADD
+-----------+------------+--------------------
|Covers: CPAP-SG220X CPSB-FW CPSM-C-2 CPSB-VPN CPSB-NPM CPSB-LOGS CPSB-IA CPSB-SSLVPN-5 CPSB-ADNC CPSB-IPS-S1 CPSB-URLF CPSB-APCL-S1 CPSB-AV CPSB-ABOT-S CPSB-ASPM CK-xx-xx-xx-xx-xx-xx
| CPAP-SG220X CPSB-FW CPSM-C-2 CPSB-VPN CPSB-NPM CPSB-LOGS CPSB-IA CPSB-SSLVPN-5 CPSB-ADNC CPSB-IPS-S1 CPSB-URLF CPSB-APCL-S1 CPSB-AV CPSB-ABOT-S CPSB-ASPM CK-xx-xx-xx-xx-xx-xx
| CPAP-SG220X CPSB-FW CPSM-C-2 CPSB-VPN CPSB-NPM CPSB-LOGS CPSB-IA CPSB-SSLVPN-5 CPSB-ADNC CPSB-IPS-S1 CPSB-URLF CPSB-APCL-S1 CPSB-AV CPSB-ABOT-S CPSB-ASPM CK-xx-xx-xx-xx-xx-xx
| CPAP-SG220X CPSB-FW CPSM-C-2 CPSB-VPN CPSB-NPM CPSB-LOGS CPSB-IA CPSB-SSLVPN-5 CPSB-ADNC CPSB-IPS-S1 CPSB-URLF CPSB-APCL-S1 CPSB-AV CPSB-ABOT-S CPSB-ASPM CK-xx-xx-xx-xx-xx-xx
===+===========+============+====================
5 | 1AF0IF2 | 31Aug2017 | CPSB-EBP-TE
+-----------+------------+--------------------
|Covers: CPAP-SG220X CPSB-FW CPSM-C-2 CPSB-VPN CPSB-NPM CPSB-LOGS CPSB-IA CPSB-SSLVPN-5 CPSB-ADNC CPSB-IPS-S1 CPSB-URLF CPSB-APCL-S1 CPSB-AV CPSB-ABOT-S CPSB-ASPM CK-xx-xx-xx-xx-xx-xx
| CPAP-SG220X CPSB-FW CPSM-C-2 CPSB-VPN CPSB-NPM CPSB-LOGS CPSB-IA CPSB-SSLVPN-5 CPSB-ADNC CPSB-IPS-S1 CPSB-URLF CPSB-APCL-S1 CPSB-AV CPSB-ABOT-S CPSB-ASPM CK-xx-xx-xx-xx-xx-xx
| CPAP-SG220X CPSB-FW CPSM-C-2 CPSB-VPN CPSB-NPM CPSB-LOGS CPSB-IA CPSB-SSLVPN-5 CPSB-ADNC CPSB-IPS-S1 CPSB-URLF CPSB-APCL-S1 CPSB-AV CPSB-ABOT-S CPSB-ASPM CK-xx-xx-xx-xx-xx-xx
| CPAP-SG220X CPSB-FW CPSM-C-2 CPSB-VPN CPSB-NPM CPSB-LOGS CPSB-IA CPSB-SSLVPN-5 CPSB-ADNC CPSB-IPS-S1 CPSB-URLF CPSB-APCL-S1 CPSB-AV CPSB-ABOT-S CPSB-ASPM CK-xx-xx-xx-xx-xx-xx
===+===========+============+====================
6 | FW3HTQ9 | 31Aug2017 | CPSB-EBP-URLF
+-----------+------------+--------------------
|Covers: CPAP-SG220X CPSB-FW CPSM-C-2 CPSB-VPN CPSB-NPM CPSB-LOGS CPSB-IA CPSB-SSLVPN-5 CPSB-ADNC CPSB-IPS-S1 CPSB-URLF CPSB-APCL-S1 CPSB-AV CPSB-ABOT-S CPSB-ASPM CK-xx-xx-xx-xx-xx-xx
| CPAP-SG220X CPSB-FW CPSM-C-2 CPSB-VPN CPSB-NPM CPSB-LOGS CPSB-IA CPSB-SSLVPN-5 CPSB-ADNC CPSB-IPS-S1 CPSB-URLF CPSB-APCL-S1 CPSB-AV CPSB-ABOT-S CPSB-ASPM CK-xx-xx-xx-xx-xx-xx
| CPAP-SG220X CPSB-FW CPSM-C-2 CPSB-VPN CPSB-NPM CPSB-LOGS CPSB-IA CPSB-SSLVPN-5 CPSB-ADNC CPSB-IPS-S1 CPSB-URLF CPSB-APCL-S1 CPSB-AV CPSB-ABOT-S CPSB-ASPM CK-xx-xx-xx-xx-xx-xx
| CPAP-SG220X CPSB-FW CPSM-C-2 CPSB-VPN CPSB-NPM CPSB-LOGS CPSB-IA CPSB-SSLVPN-5 CPSB-ADNC CPSB-IPS-S1 CPSB-URLF CPSB-APCL-S1 CPSB-AV CPSB-ABOT-S CPSB-ASPM CK-xx-xx-xx-xx-xx-xx
===+===========+============+====================
7 | W9G7283 | 31Aug2017 | CPSB-EBP-APCL
+-----------+------------+--------------------
|Covers: CPAP-SG220X CPSB-FW CPSM-C-2 CPSB-VPN CPSB-NPM CPSB-LOGS CPSB-IA CPSB-SSLVPN-5 CPSB-ADNC CPSB-IPS-S1 CPSB-URLF CPSB-APCL-S1 CPSB-AV CPSB-ABOT-S CPSB-ASPM CK-xx-xx-xx-xx-xx-xx
| CPAP-SG220X CPSB-FW CPSM-C-2 CPSB-VPN CPSB-NPM CPSB-LOGS CPSB-IA CPSB-SSLVPN-5 CPSB-ADNC CPSB-IPS-S1 CPSB-URLF CPSB-APCL-S1 CPSB-AV CPSB-ABOT-S CPSB-ASPM CK-xx-xx-xx-xx-xx-xx
| CPAP-SG220X CPSB-FW CPSM-C-2 CPSB-VPN CPSB-NPM CPSB-LOGS CPSB-IA CPSB-SSLVPN-5 CPSB-ADNC CPSB-IPS-S1 CPSB-URLF CPSB-APCL-S1 CPSB-AV CPSB-ABOT-S CPSB-ASPM CK-xx-xx-xx-xx-xx-xx
| CPAP-SG220X CPSB-FW CPSM-C-2 CPSB-VPN CPSB-NPM CPSB-LOGS CPSB-IA CPSB-SSLVPN-5 CPSB-ADNC CPSB-IPS-S1 CPSB-URLF CPSB-APCL-S1 CPSB-AV CPSB-ABOT-S CPSB-ASPM CK-xx-xx-xx-xx-xx-xx
===+===========+============+====================
8 | 3RPOO32 | 31Aug2017 | CPSB-EBP-IPS
+-----------+------------+--------------------
|Covers: CPAP-SG220X CPSB-FW CPSM-C-2 CPSB-VPN CPSB-NPM CPSB-LOGS CPSB-IA CPSB-SSLVPN-5 CPSB-ADNC CPSB-IPS-S1 CPSB-URLF CPSB-APCL-S1 CPSB-AV CPSB-ABOT-S CPSB-ASPM CK-xx-xx-xx-xx-xx-xx
| CPAP-SG220X CPSB-FW CPSM-C-2 CPSB-VPN CPSB-NPM CPSB-LOGS CPSB-IA CPSB-SSLVPN-5 CPSB-ADNC CPSB-IPS-S1 CPSB-URLF CPSB-APCL-S1 CPSB-AV CPSB-ABOT-S CPSB-ASPM CK-xx-xx-xx-xx-xx-xx
| CPAP-SG220X CPSB-FW CPSM-C-2 CPSB-VPN CPSB-NPM CPSB-LOGS CPSB-IA CPSB-SSLVPN-5 CPSB-ADNC CPSB-IPS-S1 CPSB-URLF CPSB-APCL-S1 CPSB-AV CPSB-ABOT-S CPSB-ASPM CK-xx-xx-xx-xx-xx-xx
| CPAP-SG220X CPSB-FW CPSM-C-2 CPSB-VPN CPSB-NPM CPSB-LOGS CPSB-IA CPSB-SSLVPN-5 CPSB-ADNC CPSB-IPS-S1 CPSB-URLF CPSB-APCL-S1 CPSB-AV CPSB-ABOT-S CPSB-ASPM CK-xx-xx-xx-xx-xx-xx
===+===========+============+====================
9 | 4Q0HRW0 | 31Aug2017 | CPSB-EBP-AV
+-----------+------------+--------------------
|Covers: CPAP-SG220X CPSB-FW CPSM-C-2 CPSB-VPN CPSB-NPM CPSB-LOGS CPSB-IA CPSB-SSLVPN-5 CPSB-ADNC CPSB-IPS-S1 CPSB-URLF CPSB-APCL-S1 CPSB-AV CPSB-ABOT-S CPSB-ASPM CK-xx-xx-xx-xx-xx-xx
| CPAP-SG220X CPSB-FW CPSM-C-2 CPSB-VPN CPSB-NPM CPSB-LOGS CPSB-IA CPSB-SSLVPN-5 CPSB-ADNC CPSB-IPS-S1 CPSB-URLF CPSB-APCL-S1 CPSB-AV CPSB-ABOT-S CPSB-ASPM CK-xx-xx-xx-xx-xx-xx
| CPAP-SG220X CPSB-FW CPSM-C-2 CPSB-VPN CPSB-NPM CPSB-LOGS CPSB-IA CPSB-SSLVPN-5 CPSB-ADNC CPSB-IPS-S1 CPSB-URLF CPSB-APCL-S1 CPSB-AV CPSB-ABOT-S CPSB-ASPM CK-xx-xx-xx-xx-xx-xx
| CPAP-SG220X CPSB-FW CPSM-C-2 CPSB-VPN CPSB-NPM CPSB-LOGS CPSB-IA CPSB-SSLVPN-5 CPSB-ADNC CPSB-IPS-S1 CPSB-URLF CPSB-APCL-S1 CPSB-AV CPSB-ABOT-S CPSB-ASPM CK-xx-xx-xx-xx-xx-xx
===+===========+============+====================

0 Kudos
PhoneBoy
Admin
Admin

You have a license, good.

You still haven't confirmed that you have an interface configured with either of the IPs (note I masked them along with the MAC address in the output above), but we'll assume you've done this. 

If you have never installed a policy to this gateway before, then the gateway won't be able to access much of anything.

If fw stat says you have either DefaultFilter or InitialPolicy, then this is the situation: these policies block most access to/from the firewall.

If you want to verify connectivity and the like WITHOUT installing a policy, then you can use fw unloadlocal to unload this policy.

The Gaia WebUI will only show the blades that are activated when a real policy is installed (i.e. not DefaultFilter or InitialPolicy).

Once you establish SIC and install a policy from Security Management, the Gaia WebUI will show the blades you have configured in SmartDashboard.

0 Kudos
Maxim_Weinstein
Explorer

Thanks again. The result of fw stat is:

HOST POLICY DATE
Unable to open '/dev/fw0': No such file or directory
Failed to get interface list: No such file or directory
Cannot get interface list: No such file or directory
Failed to get status from localhost

I'm not sure what to make of that. I think I configured the appliance for management and FW to both be installed locally. In that case, perhaps I'm SSHing into the management server instead of the FW? But I SSHed to the IP address of the LAN interface for the firewall, as shown in the Gaia GUI. 😕

0 Kudos
PhoneBoy
Admin
Admin

Those messages are consistent with a box that was not configured to be a firewall module.

In R80.10, at least, you get a much nicer message:

[Expert@mgmt:0]# fw stat

Local host is not a FireWall-1 module

I recommend you reimage the appliance. 

0 Kudos
Maxim_Weinstein
Explorer

Thanks once again. I'll give that a try!

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events