- CheckMates
- :
- Products
- :
- Quantum
- :
- Threat Prevention
- :
- Support Renewal Warning on Gateways
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Are you a member of CheckMates?
×- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Support Renewal Warning on Gateways
Hello,
I have 6 Products in my environment 4 Gateways and 2 Mgmt Servers. It is a DC/DR Setup with 2 Gateways and 1 Mgmt in each Data Center. Suddenly i am getting a license expiration warning on Antivirus and Antibot Blades in 2 of the 4 Gateways only. When i checked the SmartAccount along with the built in blades there are additional blades with 2 year support for Antivirus and Antibot Blades available. My Question is why i am getting this warning in only 2 of the 4 gateways , also as i can see additional blades available in the account will they be incorporated automatically once the built in one expires ? What are the after effects if the license/support expiration ? will it affect production environment ?
Thanks
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I would suggest to open a ticket with Account Services and have them look into and correct it !
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I assume that when you check "Blades" tab you have total 4 AntiBot and 4 AntiVirus blades and 2 of each are Available to attach.
Open AV/AB blades details check spare ones and attach each of them or to Gateway(local) or to SMS managing GW(central).
This process recently became more simple and you shouldn't have problems figuring it out. Check IPs carefully as you have limited number of changes available 😉
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
There are a total of 6 AV and 6 AB blades and they are already attached to the gateway...when i click on each gateway individually i can see them under additional blades category...Moreover this expiration is warning is appearing only for 2 out of a total of 4 Gateways and all of them have similar licensing
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I had this exact problem after our past two renewals. First, I would make sure that the Gateways showing the license warning for AB/AV can, in fact, connect to Check Point. The first time I encountered this, we had upgraded the GW's to R80 right after the renewal and the "phone home" behavior definitely changed after the upgrade. These GW's sat behind other Firewalls, so I had to write access rules explicitly allowing the traffic. If you look in your logs for traffic sourced from the Gateways and/or Gateway Cluster object, you should be able to spot those connections.
I would also make sure your Contract file is up to date. Once you know your contracts are good. Go to the command line of the GW and run "contract_util mgmt". This should force the Gateway to update its contract file with the one on the management server. Hopefully, one of these steps will help you.
The second time this happened, I went many rounds between TAC and Account Services and no one could find a problem with licenses or validation on our GWs. The issue was determined to be "cosmetic" and once we passed the previous expiration date, the Gateways' Licenses cleared out and started showing the correct expiration without any warnings. It was very strange and a little troublesome waiting to see if something was going to break, but it did exactly what CP said it would.
Worst case, you can generate an all-in-one eval license and put it on the Gateway if it doesn't clear. You may want to have one or two on hand in case you need to drop them on.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Thanks Daniel,
I checked the license information in the user center for the impacted gateway, i can see there are 2 sections there - 1) Built in Blades and 2) Additional Blades
in Built in Blades the AB/AV is showing expiration in 2019 but the same blades are present in the Addtional Blades category with an expiration date of 2023. I am not sure why the additional blades are not included when they are already attached.
Moreover in the management center the CPSB-COMP-5-1Y blade is expiring soon. My question is once these blades expires will i loose connectivity through smartconsole ?
Thanks
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Seeing the 2019 expiration in one place and a later (2023) expiration in another was the same "cosmetic" symptom we saw.
If you haven't already, I would still suggest opening a ticket with Account Services just in case. I'd hate to lead you down the wrong road saying something will be ok when it may not be 😀
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I am presently working with the client experiencing similar issues:
All of a sudden, only all IPS licenses reported that the Evaluation will expire in ## of days.
There were never dedicated evaluation licenses installed on these gateways and the dates were way out of initial 15 days grace period.
Needless to say, prior to that, all of the gateways were properly licensed.
All but one gateways re-registered two days past expiration and started showing expiration date on IPS only.
One of the gateways refused to re-license and I had to follow sk105757 to clear the cache and re-fetch the license.
Perhaps coincidentally, this same gateway is now having number of issues related to IPS, such as "HTTP parsing error occurred, bypass request", "Countries DB download has failed" and no logs shown for the rules in the Threat Prevention policy.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
When that is done, close Smart Update.
Now ssh to the gateway and go into Expert mode.
type: contract_util mgmt
Wait for a couple of hours, if the problem still persists after this, contact CP account services.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
The issue got resolved with the help of tech support so i thought i will update the cause here as well...
The issue was only cosmetic where the user center was displaying the original contract and its ending date...if a secondary contract or support for blades was purchased it amends into that contract but it only activates after the current one expires and hence it will show a cosmetic warning message in the smartconsole for the time being...this can be confirmed by running cplic print to observe the support end dates and if the expected dates are there then there is nothing to worry about.