CloudGuard Central Licensing

In This Section: License Distribution Managing CloudGuard Central Licenses

License Distribution

Item	Description
Licenses that can be managed in pools	Virtual security licenses for public and private clouds. Licenses with the same contract blade package. Note - Licenses with different contract blades will be in separate pools. The first license pool that is created is configured as the default pool. The licenses from the default pool are attached to CloudGuard Gateways.
Gateways that receive a license from the pool	CloudGuard Gateways on the public and private cloud. The supported Hypervisors in the private cloud are VMware ESXi, Hyper-V and KVM. The supported modules in the public cloud are AWS, Microsoft Azure, Google Cloud Platform and vCloud Air.
Gateways that receive a license	New CloudGuard Gateways receive the license from the pool after policy installation. Existing CloudGuard Gateways receive the license immediately after the license is added.
Distribution	CloudGuard licenses are attached from the license pool to CloudGuard Gateway. The distribution procedure is permissive. Gateways will be issued a license even when the pool no longer has licenses available.

Managing CloudGuard Central Licenses

CloudGuard central license is disabled by default. When it is disabled, licenses are not distributed automatically to new CloudGuard Gateways. Existing licenses, however, remain on the CloudGuard Gateways.

Operation	CLI command
Enable the CloudGuard license	vsec_lic_cli on
Disable the CloudGuard license	vsec_lic_cli off
Manage the CloudGuard license pool	vsec_lic_cli

The vsec_lic_cli tool is exclusively for managing CloudGuard licenses, and other tools should not be used at the same time. CloudGuard licenses that were already added with other tools, such as SmartUpdate, are automatically added to the pools.

The vSEC License Manager Menu shows these options:

1. Add a license
2. Remove a license
3. View license usage
4. Run license distribution
5. Configure automatic license distribution
6. Generate a core usage report

Adding a License

You can add a central license to the license pool with the IP address of a Security Management Server, Multi-Domain Server or Domain Management Server.

The license is added to the pool to match the contract blade. Use the User Center to automatically match the blade to the contract, or attach the contracts manually with SmartUpdate.

A license in a default pool will be distributed to the CloudGuard Gateway as needed.

Removing a License

When you remove a license from the pool, it is also removed from all CloudGuard Gateways, which have the license.

Viewing License Usage

With the Central Licensing feature, you can see usage details of the CloudGuard Gateways in the pool.

This information is available:

• Quota of cores
• Unused cores
• Security Gateways licensed in the pool

Running License Distribution

Distribution of licenses to the CloudGuard Gateways is done automatically, once a day.

If you need the license attached immediately, you can run the distribution manually.

You can monitor these changes on the CloudGuard Gateways and licenses:

• New CloudGuard Gateways
• Core changes on existing CloudGuard Gateways
• Contract changes on existing licenses

After distribution of the licenses, a CloudGuard Gateway that did not have a license will now have one.

Configuring Automatic License Distribution for Security Gateways

You can enable or disable the CloudGuard Gateway from receiving a license automatically.

Generating a Core Usage Report

You can generate a CSV file with an hourly core usage report for each CloudGuard Gateway.