Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
zbaka
Explorer

After upgrage of Security GW from R80.10 to R80.40 License tatus shows "Not entitled"

After upgrade of Security GW from R80.10 to R80.40 License status shows "Not entitled" in GAIA portal. Policy installation is not working (besides that everything including SIC is fine). In GAIA under Licenses if I click "offline activation" I do see the License and the License Status says: "License OK" (which is odd, as the main screen says "Not Entitled"). The firewall doesn't have connectivity to the internet (thus the User Center), but the management server does. We are using central licensing.

After rolling back to the backup snapshot the License works fine.

Any idea what could be the issue?

 

Click to Expand

[Expert@xxxxx-sec:0]# cpstat os -f licensing

 

Licensing table
------------------------------------------------------------------------------------------------------------------- -----------------------------------------------------------------------------------------------------
|ID |Blade name |Entitlement status|Expiration date|Expiration impact |Blade activation|Total quota|Used quota|
------------------------------------------------------------------------------------------------------------------- -----------------------------------------------------------------------------------------------------
| 0|Firewall |Not Entitled | 4294967295|Firewall blade is not entitled. Access Control policy installation will fail (current policy will be kept).| 1| 0| 0|
| 1|IPSec VPN |Not Entitled | 4294967295| | 0| 0| 0|
| 2|IPS |Not Entitled | 4294967295| | 0| 0| 0|
| 3|Anti-Spam & Email Security|Not Entitled | 4294967295| | 0| 0| 0|
| 4|Application Control |Not Entitled | 4294967295| | 0| 0| 0|
| 5|URL Filtering |Not Entitled | 4294967295| | 0| 0| 0|
| 6|Anti-Virus |Not Entitled | 4294967295| | 0| 0| 0|
| 7|Anti-Bot |Not Entitled | 4294967295| | 0| 0| 0|
| 8|Threat Emulation Local |Not Entitled | 4294967295| | 0| 0| 0|
| 9|Threat Emulation Cloud |Not Entitled | 4294967295| | 0| 0| 0|
| 10|Threat Extraction |Not Entitled | 4294967295| | 0| 0| 0|
| 11|Data Loss Prevention |Not Entitled | 4294967295| | 0| 0| 0|
| 13|Content Awareness |Not Entitled | 4294967295| | 0| 0| 0|
|2000|Mobile Access |Not Entitled | 4294967295| | 0| 0| 0|
------------------------------------------------------------------------------------------------------------------- -----------------------------------------------------------------------------------------------------

Account ID:
Package description:
Container CK:
CK Signature:
Container SKU:
Support level:
Support expiration:
Activation status: 2

 

 

0 Kudos
6 Replies
PhoneBoy
Admin
Admin

What does cplic print have to say?
Licensing and contracts should survive an upgrade.

zbaka
Explorer

The cplic print provides the same output as you see in the screenshot:

 

[Expert@xxx-sec:0]# cplic print
Host Expiration Features
x.x.x.x never CPAP-SG580X CPSB-FW CPSM-C-2 CPSB-VPN CPSB-NPM CPSB-LOGS ...

It's a Checkpoint 5800 appliance.

0 Kudos
PhoneBoy
Admin
Admin

Is this merely a cosmetic issue?
In other words, does the appliance function normally otherwise despite this error?
This probably requires a TAC case as, yeah, something in the license doesn't look quite right.

0 Kudos
zbaka
Explorer

To be honest, the above cplic print output is after rolling back to the initial working state, but my assumption is that the same output would be after the upgrade (i didn't check it at that time, only via the GAIA portal which suggest the same). Pushing policy wasn't possible so it is not just a cosmetic issue. I am opening a support case meanwhile. Thanks anyway, will come back with the solution once we have it.

0 Kudos
the_rock
Champion
Champion

What is the model of the appliance? I never been a licensing guru, but SKU from the screenshot you posted looks a bit off for the regular firewall license. Btw, @PhoneBoy is correct, licensing always survives the upgrade process / reboot.

0 Kudos
G_W_Albrecht
Legend
Legend

I assume that the GW  after upgrade failed to reach checkpoint UC to validate licenses - error should be visible in boot process...

CCSE CCTE SMB Specialist
0 Kudos