High Availability Environment
In a High Availability (HA) environment, you may need to run some vsec_lic_cli commands (see Managing CloudGuard Central Licenses) on both the Primary (Active) and Secondary (Standby) Management Servers or Multi-Domain Servers. (In such cases, the tool displays instruction messages on the screen.Otherwise, information syncs automatically between the HA machines.)
High Availability Management Server
In this HA configuration, the Central License
A Central License is a CloudGuard Security Gateway license. It is deployed and managed on the Security Management Server or Multi-Domain Server and distributed from a license pool to all CloudGuard Security Gateways connected to corresponding Management Servers. tool can only manage, add, remove, and distribute licenses from the Active Management Server Check Point Single-Domain Security Management Server or a Multi-Domain Security Management Server..
|
|
Important - In versions R81.20 with Jumbo HFA Take 26 and higher, you must add and remove licenses on Standby Management Servers using the Example
From the Standby Management Server, run:
|
High Availability Multi-Domain Server
On a HA Multi-Domain Server Dedicated Check Point server that runs Check Point software to host virtual Security Management Servers called Domain Management Servers. Synonym: Multi-Domain Security Management Server. Acronym: MDS., the Central License tool runs in two modes: MDS (System) Mode or Domain Mode (see Multi-Domain Server Modes).
-
In Domain Mode, you can manage licenses only from the Active Domain Server
The only Domain Management Server in a Management High Availability deployment that can manage a specified Domain. (CMA). -
In MDS (System) Mode, each Multi-Domain Server manages licenses for Security Gateways connected to its Active Domain Servers (CMAs). For Security Gateways managed by secondary Multi-Domain Servers, perform license management operations from each corresponding Multi-Domain Server.
Distributing Licenses to Security Gateways in MDS (System) Mode
In MDS (System) Mode, you add, manage and distribute licenses from the Active Multi-Domain Server. The licenses are then automatically synchronized between all Standby Multi-Domain Servers (it can take a maximum of 3 minutes). You can also run Sync Now from the SmartConsole Check Point GUI application used to manage a Check Point environment - configure Security Policies, configure devices, monitor products and events, install updates, and so on. to synchronize the licenses instantly. After that, each Multi-Domain Server distributes the licenses to all Security Gateways connected to its Active Domain Servers (CMAs).
|
|
Important - In versions R81.20 with Jumbo HFA Take 26 and higher, you must add and remove licenses on all secondary Multi-Domain Servers using the |
This example shows how to add licenses and distribute them on the HA Multi-Domain Server:
On the Primary Multi-Domain Server, run:
-
vsec_lic_cli on -
vsec_lic_cli add <license string related to the IP of the primary MDS> -
vsec_lic_cli distribute
On the Secondary Multi-Domain Server, run:
-
vsec_lic_cli on -
In versions R81.20 with Jumbo HFA Take 26 and higher, run:
cplic put <The same license string related to the IP of the primary MDS> -
vsec_lic_cli distribute
This example shows how to remove a license from the HA Multi-Domain Server:
On the Primary Multi-Domain Server run:
-
vsec_lic_cli on -
vsec_lic_cli remove <license CK> -
vsec_lic_cli distribute
On the Secondary Multi-Domain Server run:
-
vsec_lic_cli on -
In versions R81.20 with Jumbo HFA Take 26 and higher, run:
cplic del <license signature>To find the license signature, use one of these commands on the Secondary Multi-Domain Server:
-
cplic print -n -x | grep <the CK of the license deleted on the primary MDS> -
mgmt_cli -r true show central-licenses
-
-
vsec_lic_cli distribute
|
|
Notes:
|
