Multi-Domain Server Modes

The Central License A Central License is a CloudGuard Security Gateway license. It is deployed and managed on the Security Management Server or Multi-Domain Server and distributed from a license pool to all CloudGuard Security Gateways connected to corresponding Management Servers. tool (vsec_lic_cli) operates in two modes on Multi-Domain Server Dedicated Check Point server that runs Check Point software to host virtual Security Management Servers called Domain Management Servers. Synonym: Multi-Domain Security Management Server. Acronym: MDS.:

Mode	Description
MDS (System) Mode	This is the default mode. The tool uses a Central License issued for the Multi-Domain Server's IP address. The license pool A License Pool is a group of CloudGuard Central Licenses with the same blades and valid contracts. A Security Management Server or Multi-Domain Server can have multiple license pools. Each pool is defined by: - Pool Type - Total Quota - Available Quota - Certificate Keys - Subscribed Security Gateways is created and managed on the Multi-Domain Server. Licenses are distributed to all CloudGuard Gateways managed by Domain Management Servers Virtual Security Management Server that manages Security Gateways for one Domain, as part of a Multi-Domain Security Management environment. Acronym: DMS.. To use the tool in this mode, run: vsec_lic_cli mode mds All vsec_lic_cli commands (see Managing CloudGuard Central Licenses) must run from the Multi-Domain Server context. Important: If you use the Central License tool in MDS (System) Mode on a Multi-Domain Server, make sure each Domain has Internet access. Make sure that DNS and proxy settings are correct. (Proxy settings must be configured in SmartConsole Check Point GUI application used to manage a Check Point environment - configure Security Policies, configure devices, monitor products and events, install updates, and so on. for each Domain. Proxy configuration section is located in the SmartConsole menu under Global Properties.) If you need to change the Multi-Domain Server's IP address in the Central License, make sure you have not reached the limit on IP address change attempts. (If you have reached this limit, contact your sales representative).
Domain Mode	License pools are created and managed on each Domain. Licenses are distributed only to CloudGuard Gateways managed by that Domain. The Central License is generated with the Domain's IP address. To use the tool in this mode, run: vsec_lic_cli mode domain These vsec_lic_cli commands (see Managing CloudGuard Central Licenses) must run from the Multi-Domain Server context only: vsec_lic_cli on vsec_lic_cli off vsec_lic_cli mode mds / domain / status Important - Other vsec_lic_cli commands must run from the Domain Management Server Check Point Single-Domain Security Management Server or a Multi-Domain Security Management Server. context.

Changing Multi-Domain Server Context

• To set the Multi-Domain Server context, run the mdsenv command in the Management Server CLI.

• To set the Domain Management Server context, run the mdsenv <Domain name or IP> command in the Management Server CLI.

Changing Mode

The vsec_lic_cli tool operates either in MDS (System) Mode or Domain Mode.

To see the current mode, run: vsec_lic_cli mode status

To change the mode:

1. Remove all CloudGuard Central Licenses added in the current mode. (See Remove license.)

2. From the Multi-Domain Server context, run: vsec_lic_cli mode <mds|domain>.