This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Blason_R
Leader
Leader
‎2023-09-29 01:48 AM
Jump to solution

Unable to install policy even if I have licenses

Hi Team,

I am facing this weird issue with Cloudguard in Azure. I configured the cluster in Azure and SIC is established on Public IP. I also have installed the eval CENTRAL licenses.

Now when I install the policy on firewall it shows 

Gateway: xxxx-cluster
Policy: Standard
Status: Failed
- fw: no license for 'filter'
- No sufficient licenses installed for Firewall.
--------------------------------------------------------------------------------

This is really surprising to me.

Here is the output for cplic print

Host Expiration Features
4.2xx.x.xx 29Oct2023 CPSG-C-8-U CPSB-FW CPSB-VPN CPSB-IPSA CPSB-DLP CPSB-SSLVPN-U CPSB-IA CPSB-ADNC CPSG-VSX-25S CPSB-SWB CPSB-IPS CPSB-AV CPSB-URLF CPSB-ASPM CSB-CTNT CK-A4FA75AAFA27
4.xx.xx.xx 21Oct2023 CPSG-C-8-U CPSB-FW CPSB-VPN CPSB-IPSA CPSB-DLP CPSB-SSLVPN-U CPSB-IA CPSB-ADNC CPSG-VSX-25S CPSB-SWB CPSB-IPS CPSB-AV CPSB-URLF CPSB-ASPM CSB-CTNT CK-2FF39BB4568C

Thanks and Regards,
Blason R
CCSA,CCSE,CCCS
0 Kudos
1 Solution

Accepted Solutions
Blason_R
Leader
Leader
‎2023-10-01 11:36 PM
In response to the_rock
Jump to solution

Thanks folks for the help - however the issue was with IP addresses. Since that is a Azure deployment by default mgmt server has got two ip addresses attached one is private and other one is public. Since we cut the licenses to Public IP it was giveing that error.

Later account services folks helped me with private Ip of that mgmt server and it resolved the issue.

Thanks and Regards,
Blason R
CCSA,CCSE,CCCS

View solution in original post

6 Replies
G_W_Albrecht
Legend
Legend
‎2023-09-29 02:42 AM
Jump to solution

This is a standard SMS+GW Eval lic - are you sure these do work with CloudGuard Azure ? I would select a vSec / CloudGuard eval license...

CCSE CCTE CCSM SMB Specialist
0 Kudos
Blason_R
Leader
Leader
‎2023-09-29 02:48 AM
In response to G_W_Albrecht
Jump to solution

Yes this is Azure and I have deployed those licenses before. Though let me try with Vsec again

 

Thanks and Regards,
Blason R
CCSA,CCSE,CCCS
0 Kudos
Blason_R
Leader
Leader
‎2023-09-29 03:06 AM
In response to Blason_R
Jump to solution

Nope still no luck!!

 

Host Expiration Features
4.xx.xx.xx 29Oct2023 CPSG-VSEC-NSX+100 CPSB-FW CPSB-VPN CPSB-ADNC CPSB-IPS CPSB-AV CPSB-URLF CPSB-APCL CPSB-ASPM CPSB-ABOT-S CPSB-CTNT CK-4A7F3ACACCA1

Contract Coverage:

# ID Expiration SKU
===+===========+============+====================
1 | UOHYJO4 | 28Nov2023 | CPSB-CTNT-EVAL
+-----------+------------+--------------------
|Covers: CPSG-VSEC-NSX+100 CPSB-FW CPSB-VPN CPSB-ADNC CPSB-IPS CPSB-AV CPSB-URLF CPSB-APCL CPSB-ASPM CPSB-ABOT-S CPSB-CTNT CK-4A7F3ACACCA1
===+===========+============+====================
2 | UN472T2 | 28Nov2023 | CPSB-IPS-EVAL
+-----------+------------+--------------------
|Covers: CPSG-VSEC-NSX+100 CPSB-FW CPSB-VPN CPSB-ADNC CPSB-IPS CPSB-AV CPSB-URLF CPSB-APCL CPSB-ASPM CPSB-ABOT-S CPSB-CTNT CK-4A7F3ACACCA1
===+===========+============+====================

Thanks and Regards,
Blason R
CCSA,CCSE,CCCS
0 Kudos
the_rock
Legend
Legend
‎2023-09-29 03:08 AM
In response to Blason_R
Jump to solution

Here is what Account services sent me recently to apply licenses properly, see below.

Andy

 

Instructions (EXACT email):

 

Dear Andy,

Thank you for contacting Check Point Account Services.

--------------------------------------------------
If you are a Licenser or Admin on the machine's account, please follow the below steps in order to license your product:
 
Please note that this is broken down into 3 stages:
 
A. Generate the license
B. Install the license
C. Update contracts file 
-------------------------------------------------------------------------------------------
A. Generate the license:

1. Login to your UC user > Click "Assets/Info" / "My Check Point" > Click "Product Center" > Select your account(s) from the "Selected Accounts" menu and click Done.
2. Check the box to the left of the line item(s) that require a license generation.
3. Click "License" button that has the key icon.
4. Choose 'Central' license and input the MGMT IP that manages the vSec gateway(s)
5. Complete the rest of the required fields (marked with an asterisk)
6. Click "Activate" button (if re-licensing a product, option will be "Change")
7. Click "Get License Information" and copy the two commands that begin with 'cplic put ...' aside
 ------------------------------------------------------------------------------------------
B. Install the license:

1. Open SSH to the MGMT in expert mode
2. Paste the command which is labeled "For the Security Management Server"
3. Run the command "vsec_lic_cli on"
4. Run the command "vsec_lic_cli"
5. Choose option 1 (Add license)
6. Paste the command labeled "For the Security Gateway:" without the parts "cplic put" and "[module name]".
Example:
1.2.3.4 never dUy6trBX8-jmVyWKQSX-xzdTkVFVT-76nMEXDks cpsg-ve+8 cpsb-base cpsb-fw cpsm-c-2 cpsb-vpn cpsb-adnc cpsb-npm cpsb-logs cpsb-ips cpsb-av cpsb-urlf cpsb-apcl cpsb-aspm cpsb-abot-s cpsb-ctnt CK-ABCDEF1234567
7. The license should be distributed to the GW's - if not manage the distribution through the other commands in "vsec_lic_cli", for more information see:
sk109713

The admin guide:
https://sc1.checkpoint.com/documents/IaaS/WebAdminGuides/EN/CP_CloudGuard_Central_License_Tool_Admin...
-------------------------------------------------------------------------------------------
C. Update Contracts File:

1. Login to your UC user
2. Click "Assets/Info"/"My Check Point" > Click "Download Contract File".
3. In the section titled "Service Contract File Download", select the Account(s) you need your Service Contract File for.
4. Select "Email File" or "Download Now".
5. Login to SmartUpdate
6. From the menu:  select "Licenses & Contracts" > "Update Contracts > "Import File"
7. Browse to the directory where the file is located and click "Open"
8. The file will be added to the respective certificate key(s) 
 
​​​​​​​Finally, to verify the file was successfully installed, run 'cplic print -x' on the command line.
--------------------------------------------------​​​​​​​


Regards,
Check Point Account Services
Phone: (US) +1 972-444-6600, option 3
Email: Support@checkpoint.com

0 Kudos
Blason_R
Leader
Leader
‎2023-10-01 11:36 PM
In response to the_rock
Jump to solution

Thanks folks for the help - however the issue was with IP addresses. Since that is a Azure deployment by default mgmt server has got two ip addresses attached one is private and other one is public. Since we cut the licenses to Public IP it was giveing that error.

Later account services folks helped me with private Ip of that mgmt server and it resolved the issue.

Thanks and Regards,
Blason R
CCSA,CCSE,CCCS
the_rock
Legend
Legend
‎2023-10-02 04:34 AM
In response to Blason_R
Jump to solution

Thats interesting, because I did it that way with public IP in the lab and worked fine, though I used local license, maybe thats why. Anyway, glad its solved, as according to TAC and Account services, when it comes to Azure, licences should be central. They told me local ones do probably work, but not really recommended.

Andy

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    CheckMates Events