Managing Licenses

For information about the available licenses, see the Harmony Endpoint product catalog.

This chapter includes license information for Endpoint Security Servers and Clients.

All Endpoint Security licenses are physically installed on the Endpoint Security Management Server A Security Management Server that manages your Endpoint Security environment. Includes the Endpoint Security policy management and databases. It communicates with endpoint clients to update their components, policies, and protection data. on your premises.

Endpoint Security Product Licenses

You need to have a license for:

Each Endpoint Security client. The license is per-seat.
The Endpoint Security Management Server Dedicated Check Point server that runs Check Point software to manage the objects and policies in a Check Point environment within a single management Domain. Synonym: Single-Domain Security Management Server..

Demo and Temporary Licenses

These demo and trial Endpoint Security licenses are available:

License type	Explanation
Trial License	A 30 day trial license is automatically installed when you install Endpoint Security. This license lets you use all Endpoint Security components for a limited number of endpoint client seats.
Evaluation	An 30-day evaluation license is available for specified components for a specified number of seats. You must deploy a management evaluation license and an Endpoint Security client evaluation license.
Product	You must purchase a Product license for each Endpoint Security component running on a client. Licenses can be purchased as a Subscription, a contract that is renewed annually, or a one-time purchase.

License type

Explanation

Trial License

A 30 day trial license is automatically installed when you install Endpoint Security.

This license lets you use all Endpoint Security components for a limited number of endpoint client seats.

Evaluation

An 30-day evaluation license is available for specified components for a specified number of seats.

You must deploy a management evaluation license and an Endpoint Security client evaluation license.

Product

You must purchase a Product license for each Endpoint Security component running on a client.

Licenses can be purchased as a Subscription, a contract that is renewed annually, or a one-time purchase.

License Enforcement

License activity conforms to these conditions:

You can add Endpoint Security licenses as required using one of these methods:
- SmartUpdate Legacy Check Point GUI client used to manage licenses and contracts in a Check Point environment. (see Getting and Applying Contracts).
- The Gaia Portal Web interface for the Check Point Gaia operating system. (see the R81.10 Gaia Administration Guide).
- The "cplic" CLI command (see the R81.10 CLI Reference Guide).
- The "cpconfig" CLI command (see the R81.10 CLI Reference Guide)
You can remove a client license by resetting the client or deleting the client using Endpoint Web Management Console. These licenses are returned to the license pool.
Each client gets its Container and Endpoint Security component licenses from a pool of available licenses.
If you have mixed licenses, for example Harmony Basic for Server and Harmony Advanced on Laptops, then each client gets a random license from the pool mixed licenses available.
You can combine licenses to reach the total number of required clients.
License validation occurs when the client sends a SYNC or heartbeat Endpoint clients send "heartbeat" messages to the Endpoint Security Management Server to check the connectivity status and report updates. messages to the server.
When there is no container license, components registration is blocked.

Getting Licenses

This procedure assumes that you have a user account for the Check Point User Center, and that the necessary licenses and contracts are purchased.

To get the license for your Endpoint Security Management Server:

Log in to Check Point User Center.
Click My Products > My Products Center.

The page shows the purchased licenses.

Endpoint Security licenses have these parts in the SKU:
- "CPEP" - Check Point Endpoint Security containers.
- "CPSB" - Check Point component. If the macro string includes the "-SUBSCR" suffix, you must get and apply a contract for this feature. See Getting and Applying Contracts.
For each license:
1. Click the license to open it.
2. In the window that opens, click License.
Fill in the form that opens.
- Make sure that Version is R80 or higher.
- Make sure that the IP Address is the IP address of the Endpoint Security Management Server Check Point Single-Domain Security Management Server or a Multi-Domain Security Management Server..
Click License.

A window opens, showing the license data.
Save the license file.
Add your licenses using one of these methods:
- SmartUpdate (see Getting and Applying Contracts).
- The Gaia Check Point security operating system that combines the strengths of both SecurePlatform and IPSO operating systems. Portal (see the R81.10 Gaia Administration Guide).
- The "cplic" CLI command (see the R81.10 CLI Reference Guide).
- The "cpconfig" CLI command (see the R81.10 CLI Reference Guide).

Getting and Applying Contracts

If the license includes "-SUBSCR", you must download the contract file and apply it to the server.

If the Endpoint Security Management Server has Internet access, it automatically renews contracts.

By default, the Endpoint Security Management Server looks for new contracts every two hours.

To change the default time interval:

Connect to the command line on the Endpoint Security Management Server.
Log in to the Expert mode.

Edit the dl_prof_CNTRCTMNGR.xml file:

vi $CPDIR/conf/downloads/dl_prof_CNTRCTMNGR.xml

Change the "<interval>" value as necessary.
Save the changes in the file and exit the editor.

Restart Check Point services:

cpstop ; cpstart

To apply a contract manually:

Log in to Check Point User Center.
Click Products.
Select Get Contracts File in the drop-down menu at the right of the row.
In the window that opens, save the contract file and click Open.
In SmartConsole Check Point GUI application used to manage a Check Point environment - configure Security Policies, configure devices, monitor products and events, install updates, and so on., open SmartUpdate.

(Start menu > Check Point > SmartUpdate)
Select License & Contracts > Updated Contracts > From File.
In the window that opens, browse to where you saved the contract file and click Open.

The contract is applied to the Endpoint Security Management Server.

If the Endpoint Security Management Server does not have access to the Internet, prepare the contract file download from the User Center differently.

To download a contract to a different computer:

Log in to Check Point User Center.
Click Products > Additional Services.
Select the account of the contract.
Click Email File or Download Now.
When you have the contract file, move it to the Endpoint Security Management Server.

To configure a proxy for Internet access:

If the Endpoint Security Management Server requires a proxy to connect to the internet, configure the proxy details in SmartConsole.

In SmartConsole, open the Endpoint Security Management Server object.
Select Network Management > Proxy.
Select Use custom proxy settings for this network object.
Select Use proxy server and enter the URL and port.
Click OK.
Click the Menu > Install Database > select the Endpoint Security Management Server object > click Install.

License Status

You can see the status of container and component licenses in the Endpoint Web Management Console > Endpoint Settings view > Licenses.

This pane shows the total number of seats and seats in use.

If the number of seats exceeds the number of licenses, you must add the number of licenses shown as Insufficient Seats.

The lower section of the report shows the details of each license including:

License Name and status
Endpoint Security components
Seats in Use
Total seats
Percentage of total licenses in use
Expiration date
IP address of license host