PDA

View Full Version : IPS License Expiration and Impact



avilT
2013-02-11, 22:32
I have a built in IPS on R71.30 gateway. I am in the process of replacing the gateway, so have not renewed the IPS license and now when I try to deploy a new policy I am getting the error as shown in the attached file. Is it going to create any impact on the existing policies?

ShadowPeak.com
2013-02-12, 00:47
I have a built in IPS on R71.30 gateway. I am in the process of replacing the gateway, so have not renewed the IPS license and now when I try to deploy a new policy I am getting the error as shown in the attached file. Is it going to create any impact on the existing policies?

You didn't mention what version of code you are running, but my understanding is that if there is no IPS license present (or it expires) all new signatures acquired via dynamic IPS updates will be set to inactive. Or in other words, any signatures that didn't ship included with the General Availability (GA) version of your release will be set to inactive. While this event is unlikely to really break anything, it does severely impact the protection provided by the IPS feature.

The message is stating that signatures acquired after March of 2009 will be disabled, so I'm guessing you are running R70? Or your gateways started life as R70?

avilT
2013-02-12, 01:37
I am running R71.30 and its a smartdefense I have a very vew IPS signatures enabled. I am not worried about the IPS protection, but othe aspects like access rules/nat will not affect right?

ShadowPeak.com
2013-02-12, 10:52
Other than the policy installation continuing to warn you about the IPS licenses (and there is no way to shut it up) it won't affect the areas you mentioned.

serlud
2013-02-18, 06:56
I am running R71.30 and its a smartdefense I have a very vew IPS signatures enabled. I am not worried about the IPS protection, but othe aspects like access rules/nat will not affect right?

We have open an RFE (about 1 years ago) for disabling this annoyning message every time by policy installation (RFE disable *IPS Contract Expiration window.)
And till now still waiting for CP responce....

avilT
2013-02-18, 22:34
I was able to resolve this error by, downloading the latest contract file from Checkpoint user center and loading it manually in smart update.