Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
ashish_verma
Contributor
Jump to solution

Detach license of decommissioned Firewall.

Hello Experts, I got an interesting scenario wherein the Gateway is decommissioned but the admin forgot to detach license from the gateway. Would like to know how to detach license from a Gateway which is no more alive and cannot come back to life. Any input is much appreciated. Management server is R81, take 65.

0 Kudos
1 Solution

Accepted Solutions
G_W_Albrecht
Legend
Legend

This must be OpenServer - you have to re-download the product/bundle license (open it , get License Information, click Get Last License), delete the old license from SMS and install the new one:

licen.png

CCSE CCTE CCSM SMB Specialist

View solution in original post

0 Kudos
12 Replies
G_W_Albrecht
Legend
Legend

This must be OpenServer - you have to re-download the product/bundle license (open it , get License Information, click Get Last License), delete the old license from SMS and install the new one:

licen.png

CCSE CCTE CCSM SMB Specialist
0 Kudos
ashish_verma
Contributor

Hello @G_W_Albrecht , Thanks for your reply. I already tried to download and attach the license to new gateway but getting error license already in use. Can you please guide how to delete the license from SMS? In "cplic print" I do not see the license key in question. 

0 Kudos
G_W_Albrecht
Legend
Legend

Use SmartUpdate to do that.

CCSE CCTE CCSM SMB Specialist
0 Kudos
ashish_verma
Contributor

Already tried from their. It is throwing SIC error which is obvious because Firewall itself doesnot exist.

0 Kudos
G_W_Albrecht
Legend
Legend

No, not remove from GW, remove the SMS part  using Detach License !

CCSE CCTE CCSM SMB Specialist
0 Kudos
Tal_Paz-Fridman
Employee
Employee

Hi

Where do you receive the message that the license is already in use?

To see the license key use the command cplic print -x

Then, if you want to delete a license, just use cplic del <signature key>

 

Also consider consulting Check Point Account Services:

Account Services

For questions about support processes, contracts or User Center and licensing, please call Account Services at +1-972-444-6600 and select option 3.

https://help.checkpoint.com/

 

0 Kudos
ashish_verma
Contributor

Hello @Tal_Paz-Fridman , I was getting error "license already in use" while adding license to another gateway from SmartConsole. I was not able to see the license key on running cplic print -x for some reason. I had to regenerate the license from User Center and this new license worked (I am able to attach). There should be some way to retrieve used license from SMS itself if gateway is no more alive.

Nonetheless, Thankyou everyone for your help!

0 Kudos
the_rock
Legend
Legend

Can you attach the output you get from cplic print or cplic print -x command? As @Tal_Paz-Fridman said, best way to delete a license is with cplic del command. I pasted below steps I used to solve odd license issue I had recently in R81.20 lab. Maybe give it a go and see what happens.

Except, in your case, you would do the steps on gateway, not mgmt server.

Andy

https://community.checkpoint.com/t5/Management/License-warning-messages/m-p/169625#M33614

0 Kudos
G_W_Albrecht
Legend
Legend

>> Except, in your case, you would do the steps on gateway, not mgmt server.

Gateway is decommissioned but the admin forgot to detach license

---> the steps are done on SMS...

CCSE CCTE CCSM SMB Specialist
0 Kudos
the_rock
Legend
Legend

I know I did steps on sms cause thats where I had the issue, but they work same on the fw, as inidicated in the original link. But, since fw was decomissioned, guess the only way really would be via UC, if possible.

0 Kudos
ashish_verma
Contributor

cplic print output will not make much sense since I was not able to see this particular CK in the output and many gateways are managed by the same SMS, so the output is pretty big.  Generating new license from UC worked though, so I am find with that. 

0 Kudos
Tobias_Moritz
Advisor

While your specific problem is solved now, other readers of this thread may help a hint to the CLI guide regarding cplic and cplic db commands on SMS.

cplic db_print -all -x -t -a

will give you all the nice details about the license database on SMS.

You can deleted already detached licensed with cplic db_rm followed by the signature key, to really clean whatever may be left.

However, in case you have a missmatch regarding an attached central managed gateway license between what SMS (it is attached) and gateway  (it is not attached) thinks, in my previous cases, a

cp lic get GATEWAY

resynced that in a way, that SMS has learned from the gateway, resulting in unattached state on both sides. If it is the correct license, you can attach now from SMS and gateway will get it. In case it is not, you can delete it now with db_rm as sayed above and add and attach the new one.

Saying that, I have to admit that there were cases, where even TAC did not found another solution to clear up license mess without deleting licenses directly with (gui)dbedit.

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.