You are on page 1of 11

2014 Check Point Software Technologies Ltd. All rights reserved. P.

1




Check Point Software Blade
Quick Licensing Guide







2012 Check Point Software Technologies Ltd. All rights reserved. P. 2



Quick Licensing Guide
Introducing the First Time Configuration Wizard ......................................... 3
Initiating the First Time Configuration Wizard ........................................... 3
Connection to User Center ....................................................................... 4
Automatic Downloads ............................................................................... 4
Appliance Activation ................................................................................. 5
Managing Licenses with SmartUpdate ........................................................ 6
The License Installation Process .............................................................. 6
Additional Functions in SmartUpdate ....................................................... 8
FAQ ............................................................................................................. 9
Licensing Terminology ............................................................................... 10








2012 Check Point Software Technologies Ltd. All rights reserved. P. 3


In this guide, you will find instructions on using the new First Time Configuration Wizard for
activating your Check Point appliance licenses as well as instructions for managing licenses
within SmartUpdate. For product specific information or for additional details, please see
the Getting Started Guide or the Administration Guide for your specific version.

Introducing the First Time Configuration Wizard

In R75.47 and R77, Check Point introduced a new and easy method for activating your
Check Point Appliances through the Gaia First Time Configuration Wizard.

During the configuration wizard, the appliance connects to the Check Point User Center
and downloads all needed licenses and contracts. No further steps are required to license
the appliance.




Initiating the First Time Configuration Wizard

1. Connect a standard network cable to the appliance management interface and to
your management network.
The management interface is marked MGMT.
This interface is preconfigured with the IP address 192.168.1.1.
Note - Make sure that the management interface on the computer is on the same
network subnet as the appliance. For example: IP address 192.168.1.x and Netmask
255.255.255.0. You can change the interface in the WebUI, after you complete the
First Time Configuration Wizard.
2. Open a connection from a browser to the management IP address.
The login page opens.

3. Log in to the system with the default username and password: admin and admin
4. Click Login.
The First Time Configuration Wizard runs.





2012 Check Point Software Technologies Ltd. All rights reserved. P. 4


Connection to User Center

In the Connection to User Center page of the First Time Configuration Wizard of Gaia,
you are prompted to configure the interface which will connect to the Check Point User
Center. Though optional, configuring this connection is necessary in order to activate your
appliance through the configuration wizard.

Note: If the appliance does not have direct internet access, proxy settings can be
configured on the Device Information page in the configuration wizard.


Automatic Downloads

In the First Time Configuration Wizard of Gaia, in the Products page, you have the option
to enable or disable automatic downloads.



Check Point highly recommends that you keep Automatic Downloads enabled. Automatic
Downloads gives you Blade Contract renewal, necessary data updates, and access to the
special cloud services.
Blade Contracts are annual licenses for Software Blades and Check Point product
features. In the absence of a valid local contract, blades and features operate with
limitations.





2012 Check Point Software Technologies Ltd. All rights reserved. P. 5


Data updates and cloud services are required for the full and smooth functionality of
these Software Blades and features: IPS, Application and URL Filtering, Threat
Prevention (Anti-Bot, Anti-Virus, Anti-Spam), Threat Emulation, HTTPS Inspection,
SmartEndpoint and Compliance. The data includes the AppWiki, the Threat Wiki,
Application Database, URL database, and more.

This setting affects the Security Management Server and all its Security Gateways (R77
and higher).

Note: In some cases, the download process sends required minimal data of your Check
Point installation to the Download Center.

If you disable these features in the First Time Configuration Wizard, you can enable it in
Global Properties.

1. Open Global Properties > Security Management Access.
2. Select Automatically download Contracts and other important data.
3. Restart SmartDashboard.
4. Install the Policy

For full details and instructions, see sk94508.

Appliance Activation

From the Appliance Activation page within the First Time Configuration Wizard, you are
provided with the opportunity to activate your appliance immediately or choose to activate
the appliance later.

If you choose Activate later, a 15 day, plug-n-play license is activated. You can activate
your license at a later time either through the appliance WebUI or by generating your
license within the User Center and installing through SmartUpdate (see below for complete
steps).








2012 Check Point Software Technologies Ltd. All rights reserved. P. 6


By choosing Activate now from User Center, your appliance connects to the Check Point
User Center and downloads its permanent license and all service contracts. Confirmation
the licenses were successfully downloaded is immediately visible.


Managing Licenses with SmartUpdate

In SmartUpdate, you can manage all licenses for Check Point products throughout the
organization from your Security Management Server.

The License Installation Process

Installing a license is a three-step process.
1. Generating the License within the Check Point User Center
2. Installing the License in SmartUpdate
3. Attaching Central licenses to the Security Gateway

Generating your License

Check Point Licenses are generated through the Check Point User Center.

To generate your license:
1. Log into the User Center at https://usercenter.checkpoint.com
2. From the My Products pull-down menu, choose My Products Center
3. Select the User Center account in which the product is registered
4. Click Done
The Products Details page will appear
5. Check the box to the left of the product
6. Click the License button
7. Complete all required fields
Note: if generating a Security Gateway product, you will be prompted to select the
License Type. For information on the difference between Central and Local
licensing types, see the FAQ below.
8. Click the License button. (if re-licensing a product, the button will say Change.)






2012 Check Point Software Technologies Ltd. All rights reserved. P. 7


Upon generating your license, an email is generated containing both the License File and
the manual installation command. You can also download the License file from the website
by clicking the Get License button.

Installing your License

Check Point Licenses can be installed through SmartUpdate.

To install your license through SmartUpdate:
1. Launch SmartUpdate
2. Choose the Licenses & Contracts tab
3. From the Launch Menu, choose Licenses & Contracts > Add License > From
File
Note: the name of options may vary slightly between versions.
4. Browse and import the License File
Local licenses will be automatically attached.
Central license will be placed in the License Repository.

Note: the name of options may vary slightly between versions.



Attaching Central Licenses to the Security Gateway

Central licenses will be initially placed in the License Repository when imported into
SmartUpdate. It is necessary to attach the license to the Security Gateway.

To attach a Central license:
1. In SmartUpdate, select the Licenses & Contracts tab
2. Right-click on the Security Gateway object you wish to attach the license to
3. Select Attach
A pop-up menu will appear
4. Select the license you wish to attach
5. Click Attach






2012 Check Point Software Technologies Ltd. All rights reserved. P. 8


No additional steps are required after attaching your licenses.

Additional Functions in SmartUpdate

Updating the Service Contract File

The Service Contract file contains all relevant data pertaining to your service contracts
(IPS, DLP, URL Filtering, etc.). It is necessary to import the contract data into the User
Center for proper entitlement.

To import the Service Contract file:
Launch SmartUpdate
From the Launch menu, choose License & Contracts > Update Contracts > From User
Center
A pop-up window will appear
Enter your User Center credentials

Note: If your Security Management server does not have internet connectivity, it is possible
to log into the User Center and download the Service Contract file. The file can then be
imported into SmartUpdate (Licenses & Contracts > Update Contracts > From File). For
additional details on the Service Contract file, see SecureKnowledge Solution sk33089.

Detaching Licenses

Detaching a license involves detaching a license from the object to which it is attached.
Local licenses detached are automatically deleted from SmartUpdate. Central licenses are
placed in the License Repository and are available to be attached to another Security
Gateway object if/when needed.

To detach a license:
1. In SmartUpdate, select the Licenses & Contracts
2. Right-click on the license you wish to attach
3. Choose Detach
4. Choose to confirm you wish to detach the license


You can manage other license tasks with SmartUpdate. See the Administration Guide for
your software version for additional details.







2012 Check Point Software Technologies Ltd. All rights reserved. P. 9


FAQ

Q. When do I need to generate and install a new license?

A. New licenses should be generated when:
The existing license expires
The license is upgraded.
The IP address of the Security Management or Security Gateway has changed.


Q. I have renewed my service contracts (IPS, DLP, URL Filtering, etc.). What do I need to
do?

A. The Service Contract file needs to be updated. See steps above.

For R75.47, R77 and higher, you can enable the Service Contract file to update
automatically.

1. Open Global Properties > Security Management Access.
2. Select Automatically download Contracts and other important data.
3. Restart SmartDashboard.
4. Install the Policy


Q. What is the difference between Central and Local licenses?

A. Check Point licenses come in two forms, Central and Local.
The Central license is the preferred method of licensing. A Central license ties the
package license to the IP address of the Security Management Server. That means
that there is one IP address for all licenses; that the license remains valid if you
change the IP address of the gateway; and that a license can be taken from one
Check Point Security Gateway and given to another with ease. For maximum
flexibility, it is recommended to use Central licenses.
The Local license is an older method of licensing, however it is still supported by
SmartUpdate. A Local license ties the package license to the IP address of the
specific Check Point Security Gateway, and cannot be transferred to a gateway with
a different IP address.


Q. Can I install my licenses through the CLI?

A. While Check Point does recommend managing your licenses in SmartUpdate, it is
possible to install licenses using the provided cplic installation command found in the
License Confirmation email. Alternatively, you can install the license using the license file
by running the command cplic put l <filename.lic>.









2012 Check Point Software Technologies Ltd. All rights reserved. P. 10


Q. Where are my Endpoint licenses installed?

A. All Endpoint licenses should be generated to and installed on the management server.
Note: the Endpoint VPN Blade (CPSB-EP-VPN) is enforced on the Network Management
server, and should be installed there.

Licensing Terminology

Attach (Blade)
Software Blades are attached to Software Container through the Check Point User
Center. Attaching a Software Blade is a necessary step when your have purchased
an a la carte Blade.

Attach (License)
Licenses are attached to a gateway via SmartUpdate. Attaching a license to a
gateway involves installing the license on the remote gateway, and associating the
license with the specific gateway in the License & Contract Repository.

Central License
A Central License is a license attached to the Security Management Server IP
address, rather than the gateway IP address. The benefits of a Central License are:
Only one IP address is needed for all licenses.
A license can be taken from one gateway and given to another.
The new license remains valid when changing the gateway IP address. There is no
need to create and install a new license.

Certificate Key
The Certificate Key is a string of 12 alphanumeric characters. The number is unique
to each package. For an evaluation license your certificate key can be found inside
the mini pack. For a permanent license you should receive your certificate key from
your reseller.

Detach (License)
Detaching a license from a gateway involves uninstalling the license from the remote
gateway and making the license in the License & Contract Repository available to
any gateway.

Get
Locally installed licenses can be placed in the License & Contract Repository, in
order to update the repository with all licenses across the installation. The Get
operation is a two-way process that places all locally installed licenses in the
License & Contract Repository and removes all locally deleted licenses from the
License & Contract Repository.



License Expiration





2012 Check Point Software Technologies Ltd. All rights reserved. P. 11


Licenses expire on a particular date, or never. After a license has expired, the
functionality of the Check Point package may be impaired.

Local License
A Local License is tied to the IP address of the specific gateway and can only be
used with a gateway or a Security Management Server with the same address.

Software Blade
Software Blades are a logical component in the Software Blade Architecture. Each
Blade enables a specific feature or functionality within the software. Security
Management and Security Gateway Software Blades must be attached to a Software
Container to be licensed. Endpoint Security Software Blades are licensed
independently of the Endpoint Security Container.

a la carte Software blades are Blades which have been purchased independently of
the security solution. For example, if you wish to add the SmartProvisioning feature
to your existing Security Management solution, you would purchase an a la carte
SmartProvisioning blade. The Blade would then be attached to your Security
management container. Note: if desired, it is possible to detach a al carte Blades,
and move to a different server.

Package (predefined) Software blades are Blades which were purchased as part of a
specific solution. It is not possible to detach Blades packages as part of a solution
and use on a different solution.

Software Container
The Software Container is a logical component in the Software Blade Architecture.
There are three types of Software Containers: Security Management, Security
Gateway, and Endpoint Security. The container enables the server functionality, and
defines its purpose e.g, management or gateway. When generated, the license
will contain features for the Software Container as well as all Software Blades which
are attached to the container.