CPUG: The Check Point User Group

Resources for the Check Point Community, by the Check Point Community.


Tim Hall has done it again! He has just released the 2nd edition of "Max Power".
Rather than get into details here, I urge you to check out this announcement post.
It's a massive upgrade, and well worth checking out. -E

 

Results 1 to 18 of 18

Thread: Provider-1 NGx R65 and licensing issue

  1. #1
    Join Date
    2006-09-26
    Posts
    3,121
    Rep Power
    15

    Default Provider-1 NGx R65 and licensing issue

    Hi All,

    I just notice a few things with Provider-1NGx R65. I have a brand new P-1
    NGx R65 running on SPLAT for testing purposes:

    1) After logging into the P-1 via the MDG, and the P-1 has a 15 days eval
    license, I can NOT add the permanent license into the Provider-1 via the
    MDG. Even though my license is completely valid, it keeps telling me that my
    license is invalid. The only way for me to add the license into this P-1
    Manager+Container is to do it from the command line "cplic put -l mc-license.lic".

    2) the same thing applied when I create a new CMA in this P-1 M+C box,
    it will not let add the license during the CMA creation process, telling me that
    I have an invalid license. The only option I have is NOT to start the CMA
    after creation is to from the command line:
    a- mdsenv cma_ip
    b- cplic put -l cma-license.lic
    c - mdsenv
    d - mdsstart_customer cma_ip

    We currently have P-1 NGx R61 with HFA_01 running on Redhat Linux ES
    and we are debating whether we should upgrade to NGx R65 because we only
    have a single CMA on the NGx MDS infrastructure at the moment. We are
    projecting to have about 250 CMAs on this M+C P-1 in the future. But the
    minor things I have found in NGx R65 gives me second thought whether I should proceed with the upgrade to P-1 NGx R65.

    Anyone who is testing P-1 NGx R65 and found issues with it, can you share
    them with me off-line, if possible.

    Thank you very much in advance.

  2. #2
    Join Date
    2006-06-08
    Posts
    21
    Rep Power
    0

    Default Re: Provider-1 NGx R65 and licensing issue

    R65 Splat works perfectly fine here...

  3. #3
    Join Date
    2006-02-18
    Posts
    38
    Rep Power
    0

    Default Re: Provider-1 NGx R65 and licensing issue

    I am using SPLAT R65, for P-1 license, it does not accept license through P-1 license tab, you need to use cplic put cmd to add license.

    There is no issue with SPLAT P-1 as of now.

  4. #4
    Join Date
    2007-07-27
    Posts
    153
    Rep Power
    11

    Default Re: Provider-1 NGx R65 and licensing issue

    cciesec2006,

    I am experiencing the same issue on R65 on Solaris! I've asked our checkpoint 3rd party support guys and they haven't provided a useful explantion. Did you find out why the MDG does not allow the attachement of MDS and CMA licenses?

    Cheers once again
    Mike

  5. #5
    Join Date
    2007-02-27
    Posts
    80
    Rep Power
    12

    Default Re: Provider-1 NGx R65 and licensing issue

    I think this is a bug - they have to added via the CLI

  6. #6
    Join Date
    2007-07-27
    Posts
    153
    Rep Power
    11

    Default Re: Provider-1 NGx R65 and licensing issue

    Yep, it's a BUG. It's fixed in HFA_02 (it's mentioned in the release notes)

  7. #7
    Join Date
    2006-02-18
    Posts
    38
    Rep Power
    0

    Default Re: Provider-1 NGx R65 and licensing issue

    Hi,
    I have noticed one more problem, CMA with evel license and holds lot of other firewall's permanent license.

    The CMA eval license got expired and fwm service stopped unable to detach licese , unable to attach.

    Some how mange to attach one more license thorugh CLI, still not able to access CMA through smartcenter.

    We have esclated to check point more than 15 days over still there is no resolutions.

  8. #8
    Join Date
    2008-02-07
    Posts
    2
    Rep Power
    0

    Default Re: Provider-1 NGx R65 and licensing issue

    Hello,

    I have just installed Provider-1 R65 HFA_02 on SPLAT. Despite the hot fix, I encounter the same problem with licenses :

    - I had to attached MDS license through cplic command line, because it didn't work with MDG. Same for CMA : I managed to attached license through local Smart Update only (didn't work with MDG smart update)

    - MDG SmartUpdate doesn't manage to see CMA licenses correctly once they are attached. However, I have no problem with Firewall Modules license.


    If you have some information about this bug...Many thanks in advance !

  9. #9
    Join Date
    2007-07-27
    Posts
    153
    Rep Power
    11

    Default Re: Provider-1 NGx R65 and licensing issue

    Hi Toubib,

    You are correct, the hotfix does not fix the MDG license issue. It claims too though....

    Testing-123

  10. #10
    Join Date
    2008-02-07
    Posts
    2
    Rep Power
    0

    Default Re: Provider-1 NGx R65 and licensing issue

    Hi Testing-123,

    Thanks for your answer. We will have to wait next Hot Fix then....

    Of course, it's not the only bug I have noticed : the MDG displays one of my CMA stopped while it is started (mdsstat result shows that all processes are up).

    For now, I didn't found any post regarding this issue...


    Toubib.

  11. #11
    Join Date
    2007-02-10
    Posts
    52
    Rep Power
    12

    Default Re: Provider-1 NGx R65 and licensing issue

    Hi guys,

    Am new to Provider-1 (have been working with Checkpoint for years though) and we're having a few teathing troubles with a new system. Will be raising an official support call on Monday but was wondering if any of you guys have a solution to this? We have a new P-1 R65 system based on the SPLAT 2.6 (need to use this to support the hardware). Am seeing the same issues as above plus a couple more:

    1) Can't install licenses via the MDG (MDS or CMA). Have managed to install both CMA and MDS licenses via the command line and they now appear in cplic print, however ama bit concerned as the MDG still says the CMA's are on the 15 day trial period.
    2) When I do try and install CMA licenses via the MDG, the error I get is "Failed to connect. Check SIC status".

    I think there may be a more fundamental problem though as on the General page of the MDG, it says "Disconnected" next to the MDS and both the CMA's say stopped even though I can connect to all of them and install policies!

    Also, in Smartview Monitor on a CMA, it shows the CMA as being "Disconnected" even though that is how I am connecting! Am seeing no drops on the NOC firewall and am currently operating an open rulebase between the Provider-1 system and CMA IP addresses and the VSX firewall modules were testing with.

    Thanks for any help,

    Jon

  12. #12
    Join Date
    2007-03-07
    Location
    Detroit, Michigan
    Posts
    154
    Rep Power
    12

    Default Re: Provider-1 NGx R65 and licensing issue

    With regards to these issues, you need to open a case with Check Point. There is at least one HF you need to make this issue go away.

    ####


    I think there may be a more fundamental problem though as on the General page of the MDG, it says "Disconnected" next to the MDS and both the CMA's say stopped even though I can connect to all of them and install policies!

    Also, in Smartview Monitor on a CMA, it shows the CMA as being "Disconnected" even though that is how I am connecting! Am seeing no drops on the NOC firewall and am currently operating an open rulebase between the Provider-1 system and CMA IP addresses and the VSX firewall modules were testing with.

  13. #13
    Join Date
    2007-02-10
    Posts
    52
    Rep Power
    12

    Default Re: Provider-1 NGx R65 and licensing issue

    Thanks for the reply, will get round to sorting it tomorrow. Glad to know it's not me being an idiot :)

    Will keep you posted.

    Jon

  14. #14
    Join Date
    2007-02-10
    Posts
    52
    Rep Power
    12

    Default Re: Provider-1 NGx R65 and licensing issue

    Just an update on this. One thing that I forgot to mention was that we are managing an R65 VSX from the Provider-1. It turns out that the issue was with the R65 VSX management plug in, it's not supported on P-1 2.6 (found this out from Checkpoint support!). After a re-installed we noticed that it worked fine until this was installed, apparently there is a hotfix being developed but there is no release date as yet.

    Hope this helps someone else!

  15. #15
    Join Date
    2005-08-29
    Location
    Upstate NY
    Posts
    2,720
    Rep Power
    15

    Default Re: Provider-1 NGx R65 and licensing issue

    Currently there is no support for Plugins on 2.6. You may want to check with your SE to get on the EA program for the 2.6 HFA (I have no idea where it stands).

  16. #16
    Join Date
    2006-03-08
    Location
    Lausanne
    Posts
    1,028
    Rep Power
    14

    Default Re: Provider-1 NGx R65 and licensing issue

    Hi, endeed this is what happens in R65 P1.

    It is a GUI bug that CP promices to fix with the nearest HFA.

    Meanwhile use CMD to put licenses onto the system.

    Valeri Loukine
    CCMA-0019



    Quote Originally Posted by cciesec2006 View Post
    Hi All,

    I just notice a few things with Provider-1NGx R65. I have a brand new P-1
    NGx R65 running on SPLAT for testing purposes:

    1) After logging into the P-1 via the MDG, and the P-1 has a 15 days eval
    license, I can NOT add the permanent license into the Provider-1 via the
    MDG. Even though my license is completely valid, it keeps telling me that my
    license is invalid. The only way for me to add the license into this P-1
    Manager+Container is to do it from the command line "cplic put -l mc-license.lic".

    2) the same thing applied when I create a new CMA in this P-1 M+C box,
    it will not let add the license during the CMA creation process, telling me that
    I have an invalid license. The only option I have is NOT to start the CMA
    after creation is to from the command line:
    a- mdsenv cma_ip
    b- cplic put -l cma-license.lic
    c - mdsenv
    d - mdsstart_customer cma_ip

    We currently have P-1 NGx R61 with HFA_01 running on Redhat Linux ES
    and we are debating whether we should upgrade to NGx R65 because we only
    have a single CMA on the NGx MDS infrastructure at the moment. We are
    projecting to have about 250 CMAs on this M+C P-1 in the future. But the
    minor things I have found in NGx R65 gives me second thought whether I should proceed with the upgrade to P-1 NGx R65.

    Anyone who is testing P-1 NGx R65 and found issues with it, can you share
    them with me off-line, if possible.

    Thank you very much in advance.

  17. #17
    Join Date
    2006-03-08
    Location
    Lausanne
    Posts
    1,028
    Rep Power
    14

    Default Re: Provider-1 NGx R65 and licensing issue

    CP is whell aware of this. They will bring the fix with the next HFA. As I have been told, they do not consider this as an urgent issue.

    Valeri Loukine,
    CCMA-0019

    Quote Originally Posted by sisu-up View Post
    With regards to these issues, you need to open a case with Check Point. There is at least one HF you need to make this issue go away.

    ####


    I think there may be a more fundamental problem though as on the General page of the MDG, it says "Disconnected" next to the MDS and both the CMA's say stopped even though I can connect to all of them and install policies!

    Also, in Smartview Monitor on a CMA, it shows the CMA as being "Disconnected" even though that is how I am connecting! Am seeing no drops on the NOC firewall and am currently operating an open rulebase between the Provider-1 system and CMA IP addresses and the VSX firewall modules were testing with.

  18. #18
    Join Date
    2007-09-13
    Location
    Heidelberg, Germany
    Posts
    16
    Rep Power
    0

    Default Re: Provider-1 NGx R65 and licensing issue

    We ran into the same issue here even with latest MDG (NGX R65 HFA_01 Build 620601015) and a fresh P-1 installation.

    SR at Checkpoint has been closed with following statement:

    "Licensing documentation has not been developed as most users already use the command line to install the license on the MDS as a standard practice."

    Maybe we just have to wait for the next major release... ;-)

    Cheers
    Michael

Similar Threads

  1. Replies: 4
    Last Post: 2010-08-05, 09:19
  2. Provider-1 Licensing ?
    By CPWotcha in forum Licensing
    Replies: 8
    Last Post: 2010-03-30, 13:58
  3. Licensing issue when using secondary HA
    By ChadB in forum Management High Availability
    Replies: 1
    Last Post: 2009-04-02, 18:09
  4. Licensing issue
    By confusex in forum Check Point IP Appliances and IPSO (Formerly Sold By Nokia)
    Replies: 3
    Last Post: 2007-01-19, 06:42
  5. licensing issue
    By starmanone in forum Licensing
    Replies: 2
    Last Post: 2006-09-01, 04:22

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •