Endpoint Security Licenses

This chapter includes license information for Endpoint Security Servers and Clients. All Endpoint Security licenses are physically installed on the Endpoint Security Management Server A Security Management Server that manages your Endpoint Security environment. Includes the Endpoint Security policy management and databases. It communicates with endpoint clients to update their components, policies, and protection data..

Endpoint Security Product Licenses

You need to have a license for:

• Every Endpoint Security client. The license is per-seat.

• The Endpoint Security Management Server Dedicated Check Point server that runs Check Point software to manage the objects and policies in a Check Point environment within a single management Domain. Synonym: Single-Domain Security Management Server..

Demo and Temporary Licenses

These demo and trial Endpoint Security licenses are available:

License type	Explanation
Trial License	A 30 day trial license is automatically installed when you install Endpoint Security. This license lets you use all Endpoint Security components for a limited number of endpoint client seats.
Evaluation	An 30-day evaluation license is available for specified components for a specified number of seats. You must deploy a management evaluation license and an Endpoint Security client evaluation license.
Product	You must purchase a Product license for each Endpoint Security component running on a client. Licenses can be purchased as a Subscription, a contract that is renewed annually, or a one-time purchase.

License Enforcement

License activity conforms to these conditions:

• You can add Endpoint Security licenses as required using one of these methods:

  • SmartUpdate Legacy Check Point GUI client used to manage licenses and contracts in a Check Point environment.

  • The Gaia Portal Web interface for the Check Point Gaia operating system.

  • The cplic CLI command

  • The cpconfig command for Windows platforms

• You can remove a client license by resetting the client or deleting the client using SmartEndpoint A Check Point GUI application which connects to the Endpoint Security Management Server, to manage your Endpoint Security environment - to deploy, monitor and configure Endpoint Security clients and policies.. These licenses are returned to the license pool.

• Each client gets its Container and Endpoint Security component licenses from a pool of available licenses.

• You can combine licenses to reach the total number of required clients.

• License validation occurs when the client sends a SYNC or heartbeat Endpoint clients send "heartbeat" messages to the Endpoint Security Management Server to check the connectivity status and report updates. messages to the server.

• When there is no container license, components registration is blocked (R77 Management only)

Getting Licenses

This procedure assumes that you have a user account for the Check Point User Center, and that the necessary licenses and contracts are purchased.

To get the license for your Endpoint Security Management Server:

1. Log in to Check Point User Center.

2. Click My Products > My Products Center.

   The page shows the purchased licenses.

   Endpoint Security licenses have these parts in the SKU:

   • CPEP - Check Point Endpoint Security containers.

   • CPSB - Check Point component. If the macro string includes the -SUBSCR suffix, you must get and apply a contract for this feature. See Getting and Applying Contracts.

3. For each license:

   1. Click the license to open it.

   2. In the window that opens, click License.

4. Fill in the form that opens.

   • Make sure that Version is R80 or higher.

   • Make sure that the IP Address is the IP address of the Endpoint Security Management Server Check Point Single-Domain Security Management Server or a Multi-Domain Security Management Server..

5. Click License.

   A window opens, showing the license data.

6. Save the license file.

7. Add your licenses using one of these methods:

   • SmartUpdate

   • The Gaia Check Point security operating system that combines the strengths of both SecurePlatform and IPSO operating systems. Portal

   • The cplic CLI command

   • The cpconfig command for Windows platforms

Getting and Applying Contracts

If the license includes -SUBSCR, you must download the contract file and apply it to the server. If the Endpoint Security Management Server has Internet access, it automatically renews contracts. By default, the Endpoint Security Management Server looks for new contracts every two hours.

To change the default time interval:

1. Open this file:

   $CPDIR/conf/downloads/dl_prof_CNTRCTMNGR.xml

2. Change the <interval> value as necessary.

3. Run cpstop and cpstart.

To apply a contract manually:

1. Log in to Check Point User Center.

2. Click Products.

3. Select Get Contracts File in the drop-down menu at the right of the row.

4. In the window that opens, save the contract file and click Open.

5. Open SmartUpdate. (Start menu > Check Point > SmartUpdate)

6. Select License & Contracts > Updated Contracts > From File.

7. In the window that opens, browse to where you saved the contract file and click Open.

   The contract is applied to the Endpoint Security Management Server.

If the Endpoint Security Management Server does not have access to the Internet, prepare the contract file download from the User Center differently.

To download a contract to a different computer:

1. In the User Center, click Products > Additional Services.

2. Select the account of the contract.

3. Click Email File or Download Now.

4. When you have the contract file, move it to the Endpoint Security Management Server.

Configuring a Proxy for Internet Access

If the Endpoint Security Management Server requires a proxy to connect to the internet, configure the proxy details in SmartConsole Check Point GUI application used to manage a Check Point environment - configure Security Policies, configure devices, monitor products and events, install updates, and so on..

To configure a proxy for the Endpoint Security Management Server:

1. In SmartConsole, open the Endpoint Security Management Server object.

2. Select Network Management > Proxy.

3. Select Use custom proxy settings for this network object.

4. Select Use proxy server and enter the URL and port.

5. Click OK.

6. Install Database.

License Status

You can see the status of container and component licenses in Endpoint Security Management Server on the Reporting tab > Licenses Report. This pane shows the total number of seats and seats in use. If the number of seats exceeds the number of licenses, you must add the number of licenses shown as Insufficient Seats.

The lower section of the report shows the details of each license including:

• License Name and status

• Endpoint Security components

• Seats in Use

• Total seats

• Percentage of total licenses in use

• Expiration date

• IP address of license host