CPUG

The Check Point User Group

A Resource For The Check Point Community.  Fast.  Useful.  Independent.

1. Come to CPUG CON 2008 EUROPE in Switzerland on September 8th - 9th!
    Two days full of technical content for Check Point administrators in the beautiful Swiss Alps!
    We already have sign-ups from twelve different countries!
2. CCSA/CCSE One-Week Dual-Certification Training Course with CPUG in San Francisco!
    Courses Starting 7/14, 8/25, 10/6, 11/3, 12/8, (2009) 1/19, 2/9, 3/9, 4/6, 5/4, 6/8, 7/6, 8/3, 9/7.
3. Corrent S3500 SecureXL Turbocards For Sale - Last Six Remaining - Get Your Spares!
4. Join Us On LinkedIn - We now have a CPUG group.


Go Back   CPUG: The Check Point User Group > Check Point Firewall-1/VPN-1 And Related Products > Licensing
Reload this Page License to Internal Interface
Register FAQ Members List Calendar Search Today's Posts Mark Forums Read

Reply
 
LinkBack Thread Tools Display Modes
  #1 (permalink)  
Old 2006-12-18
avilT avilT is offline
Member
  
Join Date: 2006-03-14
Posts: 71
Rep Power: 3
avilT has an average reputation (10+)
Default License to Internal Interface
Hi,
Is it possible to bind the checkpoint license to internal interface? Right now I have it bound to external interface. Due to movement the public IP will change. So is it possible to bind the new license to internal interface so that in future movement I need not worry about the license.
Thanks
Av
Reply With Quote
  #2 (permalink)  
Old 2006-12-19
northlandboy northlandboy is offline
Senior Member
  
Join Date: 2006-07-28
Location: New Zealand
Posts: 747
Rep Power: 2
northlandboy has an average reputation (10+)
Default Re: License to Internal Interface
Is this a standalone combined management/enforcement point? If it is, then yes, you can license it to any IP address that is valid on the system.

If you've got separate management and enforcement, then use central licensing, and license to the mgmt IP.
Reply With Quote
  #3 (permalink)  
Old 2006-12-19
avilT avilT is offline
Member
  
Join Date: 2006-03-14
Posts: 71
Rep Power: 3
avilT has an average reputation (10+)
Default Re: License to Internal Interface
Its Checkpoint NG FP3 on Nokia IP330 and management/Log server on Windows 2000 Server. Can I bind the license to the internal interface?
Thanks
Reply With Quote
  #4 (permalink)  
Old 2006-12-19
RayPesek RayPesek is offline
Senior Member
  
Join Date: 2006-03-19
Location: Northern Ohio
Posts: 862
Rep Power: 3
RayPesek has an average reputation (10+)
Default Re: License to Internal Interface
You do not want to do that. You get a "central" license for the Nokia box. It will show the IP of the SmartCenter. You then use SmartUpdate to "attach" the license to the Nokia (which should be set up in the SmartCenter using its external IP address).

If you need to change the external IP of the Nokia, you use SmartUpdate to "detach" the license, make your IP changes and "attach" it to the Nokia again. With central licensing, there is no Check Point involvement needed to change external IP addresses.

Ray
Reply With Quote
  #5 (permalink)  
Old 2006-12-24
avilT avilT is offline
Member
  
Join Date: 2006-03-14
Posts: 71
Rep Power: 3
avilT has an average reputation (10+)
Default Re: License to Internal Interface
Thank you once again. Does it mean that
1. If you are installing license on Nokia module (Local License) License must be bind to the external interface of the firewall.
2. With Smartupdate (central license) the license can be bound to the management IP of the Nokia module.

Thank you very much
Reply With Quote
  #6 (permalink)  
Old 2006-12-25
RayPesek RayPesek is offline
Senior Member
  
Join Date: 2006-03-19
Location: Northern Ohio
Posts: 862
Rep Power: 3
RayPesek has an average reputation (10+)
Default Re: License to Internal Interface
You should license the external IP address.

Central licenses, regardless of the product or function, are issued to the IP address of the SmartCenter and then assigned (attached) to the modules as needed. This makes the IP address of the module itself irrelevant. You never need to re-license anything through Check Point as long as the SmartCenter IP address does not change.

HTH,

Ray
Reply With Quote
  #7 (permalink)  
Old 2007-01-27
avilT avilT is offline
Member
  
Join Date: 2006-03-14
Posts: 71
Rep Power: 3
avilT has an average reputation (10+)
Default Re: License to Internal Interface
That means, in the case of Central Licensing, if I issue cplic print command on the fw module what IP it should display? firewall manager IP?
Also is Central Licensing requires additional cost?
Thank You
Reply With Quote
  #8 (permalink)  
Old 2007-01-27
RayPesek RayPesek is offline
Senior Member
  
Join Date: 2006-03-19
Location: Northern Ohio
Posts: 862
Rep Power: 3
RayPesek has an average reputation (10+)
Default Re: License to Internal Interface
I don't know what the command line will show, however the central licensing option is free and the preferred method.

Ray
Reply With Quote
Reply

« Previous Thread | Next Thread »
Thread Tools
Display Modes
Linear Mode Linear Mode

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are Off
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are On



All times are GMT -7. The time now is 22:28.

Contact Us - CPUG Home Page - Archive - Top

Powered by vBulletin® Version 3.7.2
Copyright ©2000 - 2008, Jelsoft Enterprises Ltd.
LinkBacks Enabled by vBSEO 3.0.0