Web Intelligence Licensing?

lammbo · #1 (**permalink**) 2007-07-30

Distributed environment: SmartCenter is HA and all gateways are Active/Passive HA. R60/HFA_04 all the way *except R63 Eventia*

Hopefully, this will be an easy one for someone who already had this issue.

I tried to deploy some WI features a few nights ago. When I tried to verify my policy, it hung on verification and never would finish (waited for a while and tried multiple times with same result).

I have 2 ea. CPMP-WIT-U-NGX and 2 ea. CPMP-HWIT-U-NGX. What I do know is that I wanted 2 sites to be able to have unlimited web servers and the gateways are HA - and so are the licenses. But when they are imported using centralized management via SmartUpdate, they attach directly to SmartCenter, with nothing in the repository to attach to gateways themselves.

So... Where from here? Well, how about the good old CP knowledgebase!
_________________________________________
Solution ID: #sk31381

Product: Web Intelligence
Version: NG AI R55W, NGX
Last Modified: 06-Jun-2007
Solution
VPN-1 Pro NGX R60A

When activated, Web Intelligence generates one license. The license should be installed on the SmartCenter Server. This license is not additive, and a SmartDefense contract is needed to obtain Web Intelligence updates.

An NGX Security gateway or gateway cluster requires a Web Intelligence license if it enforces one or more of the following protections:

* Malicious Code Protector
* LDAP Injection
* SQL Injection
* Command Injection
* Directory Listing
* Error Concealment
* ASCII Only Request
* Header Spoofing
* HTTP Methods
_____________________________________________

Well, that's as clear as mud!!! If it generates one license and auto-attaches to the SmartCenter, how can I apply any part of the 4 licenses to the gateways/cluster? Those 4 items in blue are exactly what I'm trying to enforce.

AAAAARRRRRRRRGGGGGGGHHHHHHHH!

lammbo · #2 (**permalink**) 2007-07-30

Opened a case with my VAR, who opened one with CP... This is what I now know.

My SmartCenter is HA
WIT license applies to Primary SmartCenter
WIT-HA license applies to Secondary (HA) SmartCenter (and just like with HA SmartCenter Licenses, must be assigned to the IP for this server and cannot be centrally managed)

WIT is NEVER applied to a gateway (?unless it's also your SmartCenter?)

The other 2 I have - well, let's just say I NEVER needed them and will be having a nice chat about 100% trade-in credit for the licenses and some other concession for paying support and maintenance for 2 years when they told me what I needed to buy - nuff said!

Anyway, my issue is still an issue and I'm sending in my DB to go in the CP test lab now. Will update this post once I know the cause and cure.

lammbo · #3 (**permalink**) 3 Weeks Ago

Just correcting this misinformation I was given back then...

Web Intelligence is licensed per gateway. An HA cluster is 2 nodes and therefore requires 2 licenses. I was sold what I needed and not extra. The license for the HA node is discounted with a 20% price break. CP's Price list clearly states this information (now).

chillyjim · #4 (**permalink**) 3 Weeks Ago

On this topic, this is the list I received yesterday for what requires a WI license

As for licensing, the following defenses require WI license:
malicious code protector
sql injection
command injection
ldap injection
header spoofing
http methods
directory listing
error concealment

Thread Tools
Show Printable Version Email this Page
Display Modes
Linear Mode Switch to Hybrid Mode Switch to Threaded Mode

Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)