I am looking for clarification of how the Monitoring blade is licensed for the management and gateways alike.
Is it a part of CPSB-ADN for the gateways?
Monitoring (CPSB-MNTR) is a license for the Security Management Server. As long as the Monitoring blade is present in the SMS license I think the number of monitored gateways allowed tracks with the overall licensed number of managed gateways. So if a Smart-1 405 is allowed by license to manage up to 5 gateways, it can use the Monitoring blade capabilities for up to 5 gateways too. For purposes of counting I would assume every single individual managed gateway object (whether physical or virtual) adds to that licensing count. When the Monitoring feature is enabled on the gateway, it loads up a separate kernel driver called rtm which gathers the statistics needed for the various SmartView Monitor reports.
I know that the Monitoring blade was not always included with all SMS licenses in the past, but everything in the pricelist I can see now indicates it is included with every new SMS license.
-- My Book "Max Power: Check Point Firewall Performance Optimization" Second Edition Coming Soon
Thank you Tim!
It'd be nice for CP to include the mention of Monitoring being Management Server license only in the description of Gateway Licenses, else it is not apparent.
Especially, since the Monitoring blade is only present on Gateways and is not an option on the Management.
Tim, my client has management client running on Windows (I know...). They are on R77.30, but it may have been upgraded repeatedly since time immemorial.
Their license string does not include CPSB-MNTR. Do you know if it is something they should purchase separately, or if CP should re-issue the license for them?
Another question is this: Is there a difference in what the hardware management appliances include in their licenses vs. software, as in this case, or virtual management appliances?
Either the CPSB-MNTR can be added to their existing license or they can trade in their existing SMS license for a new one that has CPSB-MNTR in it. It would be worthwhile to check the cost of doing it either way and see which one is cheapest, also keep in mind that brand new SMS licenses typically include the Compliance and SmartEvent blades for 1 year. Gaia vs. Windows for the SMS OS doesn't matter for licensing.
For Smart-1s vs open hardware for a SMS the licensing does look a little different, but even the smallest SMS license for open hardware (CPSM-NGSM5) always includes the CPSB-MNTR blade now.
One other thing I forgot to mention, if you have a self-managed Check Point appliance (whether standalone or Full HA) the CPSB-MNTR blade is still not included and never has been. It can be added of course, but only a new SMS license in a distributed setup will have the Monitoring blade included.
--My Book "Max Power: Check Point Firewall Performance Optimization"Second Edition Coming Soon
Retrieving data ...