[accesslimiter]

Thanks, but this is not what I see and I am getting conflicting information from Checkpoint. CP states the ssl extender license, for VPN-1, is based off the users IP once they connect and stored in a table that gets "refreshed" around 2-4 weeks and is con-current. Since a users IP can change constantly this will cause the ssl extender license count to get erroneously exceeded and the table containing this info needs to be cleared. I assume that a cpstop;cpstart would clear this, not an assumption I want to make, this would cause down time and still not clear this table AFAIK. Unlike secureclient with the policy server group I do not have an option to place licensed ssl extender users in a group. Not being able to restrict which users can and can not use ssl extender also presents a problem.