Step 4 - License Installation
-
Quantum Maestro Orchestrators do not require a license.
-
Generate a Security Gateway license for each Security Appliance you connect to a Quantum Maestro Orchestrator
A scalable Network Security System that connects multiple Check Point Security Appliances into a unified system. Synonyms: Orchestrator, Quantum Maestro Orchestrator, Maestro Hyperscale Orchestrator. Acronym: MHO..Procedure
Prepare this summary table for all Security Appliances:
Appliance
IPv4 Address of Sync interface (License IP Address)
MAC Address of Mgmt interface (License CK)
Your description
IPv4 Address of the Sync interface on this appliance
MAC Address of the Mgmt interface on this appliance
Steps:
Step
Instructions
A
Connect to the command line on each Security Appliance.
B
Log in to the Expert mode.
C
Get the IPv4 Address of the Sync interface (copy the value of "
inet addr"):Note - You must generate the license for this IPv4 address.
ifconfig Sync | head -n 2D
Get the MAC Address of the Mgmt interface (copy the value of "
HWaddr"):Note - When you generate the license, you must use this MAC Address as the license CK.
ifconfig Mgmt | grep MgmtE
Generate the license as described in sk163323.
-
If the applicable license exists in the License Repository on the Check Point Management Server, it installs the licenses automatically.
-
If the Check Point Management Server is connected to the Internet, it pulls the licenses from the User Center.
-
If the Check Point Management Server is not connected to the Internet, then follow the procedures below.
Note - In Dual Site, these steps install the licenses on all sites automatically.
Part 1 - Install the license on the Security Group Member that runs as the Single Management Object (SMO)
Step
Instructions
A
B
Log in to the Expert mode.
C
Get the IP address of the Sync interface on the SMO:
asg_blade_config get_smo_ipD
Install the license for the IPv4 address of the SMO 192.0.2.X (see "Notes" below):
cplic put <applicable string>E
Make sure the license is installed:
g_cplic printPart 2 - Install the license on a specific Security Group Member that is not the SMO
Important - You must follow these steps for each Security Appliance in the Security Group.
Step
Instructions
A
Connect to the Gaia OS of the Security Group or Quantum Maestro Orchestrator.
B
Log in to the Expert mode.
C
Connect to a specific Security Appliance with this command:
member <Security Group ID>_<Member ID>D
Get the IPv4 Address of the Sync interface:
ifconfig Sync | head -n 2E
Install the license for the IPv4 address of the Sync interface 192.0.2.X on this specific appliance (see "Notes" below):
cplic put <applicable string>F
Create a copy of the
$CPDIR/conf/cp.licensefile:cp -v $CPDIR/conf/cp.license /var/log/cp.license.copyG
Make sure the copy of the license file is the same as the original license file:
md5sum $CPDIR/conf/cp.license /var/log/cp.license.copyH
Transfer the copy of the license file from this Security Group Member to the SMO:
asg_cp2blades -b 1_01 /var/log/cp.license.copyI
Delete all data from the current license file
$CPDIR/conf/cp.licenseon this Security Group Member:cat $CPDIR/conf/cp.licenseecho > $CPDIR/conf/cp.licensecat $CPDIR/conf/cp.licenseJ
Connect to the Security Group Member that runs as SMO:
member <Security Group ID> <SMO Member ID>K
Add the content of the license file you copied earlier from a specific Security Group Member to the license file on the SMO:
cat $CPDIR/conf/cp.licensecat /var/log/cp.license.copy >> $CPDIR/conf/cp.licensecat $CPDIR/conf/cp.licenseL
Wait for at least 6 minutes.
M
Make sure the license is installed on the specific Security Group Member:
g_cplic print
-
|
|
Notes:
|