PDA

View Full Version : CPAP-SG4208



*tomo*
2016-02-03, 06:41
Hi all,

I have CPAP-SG4208 model appliance, which in description says "Check Point 4200 Appliance with FW, VPN, IA, ADNC, MOB, IPS, APCL and DLP"
Can I buy extra blade license? And use this blade of course. URLF for example. Or I'm only allowed to extend one year blades which came with appliance?

Thanks

ShadowPeak.com
2016-02-03, 08:55
Hi all,

I have CPAP-SG4208 model appliance, which in description says "Check Point 4200 Appliance with FW, VPN, IA, ADNC, MOB, IPS, APCL and DLP"
Can I buy extra blade license? And use this blade of course. URLF for example. Or I'm only allowed to extend one year blades which came with appliance?

Thanks

The FW, VPN, IA, ADNC, MOB blades are perpetual and never expire; you will be able to use those indefinitely. The IPS, APCL and DLP blades are subscription-based and must be purchased year after year to continue using them. By default when asking a reseller for a renewal, all perpetual blades will be kept under support and all subscription blades will be renewed. However if you are not currently using some of the subscription blades (run "enabled_blades" on the firewall to check), not renewing the unused subscription blades can save quite a bit of money. You can add any additional blades you like as long as they are compatible with the current function of the box (i.e. Security Management Server, Security Gateway or both).

*tomo*
2016-02-04, 06:33
The FW, VPN, IA, ADNC, MOB blades are perpetual and never expire; you will be able to use those indefinitely. The IPS, APCL and DLP blades are subscription-based and must be purchased year after year to continue using them. By default when asking a reseller for a renewal, all perpetual blades will be kept under support and all subscription blades will be renewed. However if you are not currently using some of the subscription blades (run "enabled_blades" on the firewall to check), not renewing the unused subscription blades can save quite a bit of money. You can add any additional blades you like as long as they are compatible with the current function of the box (i.e. Security Management Server, Security Gateway or both).

Hi,

Tnx, that was my logic too, but now funny part. I actually have valid contract for extra blades, but when I try to enable any of blades that are not inititally included, I can't install policy with message that I don't have valid license. I tried to update service contract via smart update and cli with same result. No go.
cplic print shows:

Contract Coverage:

# ID Expiration SKU
===+===========+============+====================
1 | H2S7RR4 | 2Mar2016 | CPSB-ASPM-S-1Y
+-----------+------------+--------------------
|Covers: CPVP-SNX-5-NGX CPSB-SWB CPSB-ADNC-M
| cpap-sg420x cpsb-fw cpsm-c-2 cpsb-vpn cpsb-npm cpsb-logs cpsb-ia cpsb-sslvpn-5 cpsb-adnc cpsb-dlp cpsb-ips-s1 cpsb-apcl-s1
===+===========+============+====================
2 | RH3S5G3 | 2Mar2016 | CPSB-AV-S-1Y
+-----------+------------+--------------------
|Covers: CPVP-SNX-5-NGX CPSB-SWB CPSB-ADNC-M
| cpap-sg420x cpsb-fw cpsm-c-2 cpsb-vpn cpsb-npm cpsb-logs cpsb-ia cpsb-sslvpn-5 cpsb-adnc cpsb-dlp cpsb-ips-s1 cpsb-apcl-s1
===+===========+============+====================
3 | 1F6IPO0 | 2Mar2016 | CPCES-CO-STANDARD-ADD
+-----------+------------+--------------------
|Covers: CPVP-SNX-5-NGX CPSB-SWB CPSB-ADNC-M
| cpap-sg420x cpsb-fw cpsm-c-2 cpsb-vpn cpsb-npm cpsb-logs cpsb-ia cpsb-sslvpn-5 cpsb-adnc cpsb-dlp cpsb-ips-s1 cpsb-apcl-s1
===+===========+============+====================
4 | 345SD2U | 2Mar2016 | CPSB-APCL-S-1Y
+-----------+------------+--------------------
|Covers: CPVP-SNX-5-NGX CPSB-SWB CPSB-ADNC-M
| cpap-sg420x cpsb-fw cpsm-c-2 cpsb-vpn cpsb-npm cpsb-logs cpsb-ia cpsb-sslvpn-5 cpsb-adnc cpsb-dlp cpsb-ips-s1 cpsb-apcl-s1
===+===========+============+====================
5 | 3GPQ3AQ | 2Mar2016 | CPSB-URLF-S-1Y
+-----------+------------+--------------------
|Covers: CPVP-SNX-5-NGX CPSB-SWB CPSB-ADNC-M
| cpap-sg420x cpsb-fw cpsm-c-2 cpsb-vpn cpsb-npm cpsb-logs cpsb-ia cpsb-sslvpn-5 cpsb-adnc cpsb-dlp cpsb-ips-s1 cpsb-apcl-s1
===+===========+============+====================
6 | AEGUYU4 | 2Mar2016 | CPSB-IPS-S-1Y
+-----------+------------+--------------------
|Covers: CPVP-SNX-5-NGX CPSB-SWB CPSB-ADNC-M
| cpap-sg420x cpsb-fw cpsm-c-2 cpsb-vpn cpsb-npm cpsb-logs cpsb-ia cpsb-sslvpn-5 cpsb-adnc cpsb-dlp cpsb-ips-s1 cpsb-apcl-s1
===+===========+============+====================
7 | A0W4AYU | 2Mar2016 | CPSB-ABOT-S-1Y
+-----------+------------+--------------------
|Covers: CPVP-SNX-5-NGX CPSB-SWB CPSB-ADNC-M
| cpap-sg420x cpsb-fw cpsm-c-2 cpsb-vpn cpsb-npm cpsb-logs cpsb-ia cpsb-sslvpn-5 cpsb-adnc cpsb-dlp cpsb-ips-s1 cpsb-apcl-s1

10661067

It is 4200 apliance running Gaia R75.46 with smartcenter and firewall on it.

mcnallym
2016-02-04, 21:12
Well I cannot see AntiBot or Anti-Virus or URL license in your contract coverage part. can see cpsb-dlp, cpsb-apcl-s1, but not the equivalent parts for Antibot or Anti-Virus, i.e. cpsb-abot etc

Have you relicensed in User Centre and attached the new license with the additional blades onto the Appliances, or simply downloaded the servicecontract.xml contract file.

*tomo*
2016-02-05, 06:10
Have you relicensed in User Centre and attached the new license with the additional blades onto the Appliances, or simply downloaded the servicecontract.xml contract file.

No I didn't, I thought that new contract is enough. I guess it is enough when you don't add/remove blades. Solved. Thanks man.

PhoneBoy
2016-02-05, 18:39
Both a license and a contract are needed to use the annual software blades.
The appliance license allows you to turn the blades on.
The contract allows you to access the data needed to drive the blades (URL categorization, compromised hosts/URLs, etc).

I'm not sure why a license is still needed since the NGTP blades are largely useless without a contract anyway.
The IPS Blade is the only NGTP blade with some allowed usage without a contract.