Check Point Firewall basics - How to add and generate licens files.

Video Statistics and Information

Video

Captions Word Cloud

Reddit Comments

Captions

all right the time has come evaluation license has expired so it's time to add a new license and i will show you how to do it so first of all you see that you cannot log into the smart console at all so can we login to the gui at all and the management station as well so we have it here admin and then our password and here you can do a command called show license status and we see nothing and if you go into expert mode the correct command is to write cp lick print and this will show nothing and if we go into um well our gateways the gateways were actually installed later so they should still have license so show license lice oh yeah they are r8 to 30. well leave it log into expert mode and here cp lick print cpe like print and we see that the tri license is expired in three days and on the management station it's already expired so let's create some new ones to generate licenses you need to be partner but you can also ask your checkpoint representative if you can get some evil license so under checkpoints website you can go to support center and maybe you get the login prompt done and you see i'm already logged in and then i will go to my checkpoint product center and here you need to select an account so more or less have a demo account here and well let's take this one so then you take evaluation and then we will do product evaluation because we want the complete license we don't want to just test the blade you can test the blade like ips or antibot or something then you can do evaluation blades but we will do product evaluation and then i will do an all in one next and here i will select my account here you need to put in the ipaddress of the management station and we want to have centralized licenses we can do this later about 192 168 1.200 and then i need to put my email address and in my case well i'm a partner and partner name is teletube i will filter some of this out but this is for testing qualification in lab and in this case i don't want checkpoint to call me get evaluation okay so we have created an email license and um well we are not able to go into smart console so how can we fix this well either you can add it in cli so you can go to here you can add this string and yes that's reference you also get an email but here you can do this one for the management station we will do it from the cli because we cannot get into the management station smart console right now for the gateways we will do it in the giveaway so you can see both ways there is actually no difference of it but um well let's try it so we take this one and we go into our windows 10 machine our management station and then we just paste it in and if we now do cp lick print well then we can see the license here and it's expired 40 not october so we did get 30 days and we can see here what it covers so in this case this is a manifestation and it's unlimited so that's very nice and there is a few more here it's like logs this is for ad integrations this is for workflow i don't think workflow still exists uh this is something that we want back checkpoint has removed it it was existing like r77 and i guess the license still needs to work for r7 what do we have more here well we have reporting we have mobile access we have compliance compliance is something that we can show later on we have eps well we have a lot of things so let's try to log into the console again hopefully this works and for the gateways we want to create error licenses for them as well and we will do them as central licenses because well we don't want to put licenses on the boxes themselves we want to license everything to the management station so we have a central place where we manage all the license okay so here you have the cluster and this is complaining on the license so if we see here we have license status that gateway number two he has no license at all he's expired for fire one it's not expired for anti-buttons on because we did activate it later so we did get the few days extra uh for gateway one uh it's about to expire i actually needed to reinstall gateway one so that's why this one has a later date and this is of course something that you can do you can reinstall your products and then you get new days but as i we are a partner i have the possibility to create my own licenses so i think it's easier for me to just create licenses if we try to install the policy then we have one gateway that actually has no licenses and then we have another one that has a few days more but the install policy and this should fail because you shouldn't be able to install the policy and this will fail because one gateway we will be able to install it on and the other one not and they should be able to have the same on both so let's see if this is working hopefully not so this is failed this was succeeding because this actually have a license but then both of them should fail because they should be the same and the reason for this is because when we select install policy we pick that both members should be the same you can deselect this but that's something that you only do when you do upgrades so here we see that the installation progress is still continuing and this will hopefully fail and it will complain that well there is no valid [Music] hopefully they say the same you can add new licenses or view it in a smart update and i will show you that later or well in two minutes um so now this has failed we can press details so this one did fail because we don't have any license so that's to be expected and if both gateways would have the same license everything would say fame here because of application control and threat prevention is installed in different cases well here it was installed on this member but then on the cluster itself well it's failing and it's this one here install each selected gateways independently for gateway clusters if installation on the cluster member failed do not install that on the cluster so more or less it has failed well let's go into smart update so smart update is under the console so this is not part of um this is not part of the new new client so to say so we need to go to manage licenses and packages and we have never been in here and this is the old client style this is from well r70 something this is the r77 gui but i mean it has been existing for a long long time and under licenses and contract we can see that we are on trial period and when they are expiring we can do like this view menu bar and i normally want to have like this license and view repository and then you can do get license and you can do this on on all if you have real licenses it will show up so here we see the the license that we just put on and you can see details about it and when it's expired and if it has a contract we don't have a contract because we have ever licenses so if you do it in real production you actually need to add a contract as well let's license the both gateways so we need to create eval licenses for them because we can try to do attach plates here but we have we have no licenses that is available here this is all in all in one and we need two more so my checkpoint product center and then product evaluation and either you can do like this select product and you can pick like while we want the security gateway well that's nice so we do we can do this one we do a security gateway uh all software gateway blades select next we want to put it in this one i will send it to my personal email and i'm a partner and it's i will i will remove this this information so you cannot see it get the eval and we will do one more select product and we will do security gateway next i will use the same get the violation i will show you what's the difference between this because you see that it's not the same field we didn't put in any ip addresses also so that's something that we need to put in here and um well soon so then we go back into the product center and we go under our account and evaluation and we see here that we have two that is not licensed yet so press here and here we have our two gateways and let's try to license them the same time so just do license and here we will select central you can do it locally but i strongly advise you against this always do centrally and then you pick the ipaddress of the management station so 192 168 1.200 and the hardware and brand well we are in vmware so let's see do we have any vmware uh no so i will pick hp and it's gaia and um well i don't need any license well we can do cp gateway one then license and here's the second one so if you do license many at the same time you will get like 30 50 whatever and do the same and we select hp in this case and we do cp gateway 2 license and then we have these two and we do get license file and we can do it as a single file get license and we download it on the that one yeah that's good and just to show you where to get the contract file if you have a contract file meaning that you have a real license well when you are here you can do like this click and then that button and get contract file then we get your contract for all your account and this is what i normally use so that works then we are back in our windows 10 machine and this is the smart update and we want to import the license file that we just downloaded so license and contract ad license and then it's here share folder downloads cp license file and open the file contains four licenses two license has been added to the license repository so far trying to attach to license so let's try to attach them well then you go into gateway number one and attach license here you see the first problem we don't see the tag so if you want to put the specific license on a specific gateway well then you need to know for example let's see uh when it was generated what time excuse will not help you uh the ipad is it will be the same on everything because you're using central license you can do like this instead you can do it the other way so here you have the certificate key and this is unique so you can go back to user account and evaluations and valid here for example here you have one so 562 in the end five six two five six two and that was uh a gateway number two and then we want to attach the license so and this should be on gateway number two and you see that the core has been modified and when it doesn't have a license it goes to one core and you see that the license has been changed from permitting 1 to 16 and the machine has four so maybe you need to reboot the box if you adding like a bigger license that has more cores and your because you can do upgrades like this if for example you have a machine with 16 cores but from start you only bought like four cores then you can add a new license with 16 cores and more or less open those cores but you need to you need to reboot the gateway to utilize this new course anyway so we have that one and we have one more here central license c27 let's assume that's gateway number one so attach license to gateway number one so here we have trial period this will go away automatically because now we have this evaluation license and we have the expiration date of 14 september so we have the licenses now so let's try to install so install policy ah we see here that our automatic ips updated start to run well you can have multiple tasks going in the same time in the same management station so it's no problem and we have this installation in progress on our cluster hopefully this should work maybe we need to install it two times i'm not sure uh firewall policy installation must be performed before the blade specific policy installation well we need to install this one first then well i think it will work if we just do it two times this can be somewhat annoying if you if you are more smarter than me well turn off uh threat prevention policy when you do this first time and then just do the standard policy and then you install one more time with the threat prevention then it will not work so succeed succeed succeed and we need to do this one more time because we didn't get in the threat prevention policy so install again what i didn't mention here this one you can deselect this one first time just install and this should hopefully work if not well maybe i should return my ccse all right so it's installed well let's log into the gateway and see if we can see the licenses um so if we log into this gateway reconnect and then we can do expert and we do cp lick prints and here we can see that we have the license but you see it's referencing the management server ipads well that's because we have central licenses we don't want local licenses if you want local licenses then you always need to like remember which ipad as you should put it on for the specific gateways that's just the hassle do central licenses it will save you a bunch of time um okay so here we can see like this is the security gateway and it's an eight core and it's unlimited number of users this is the firewall blades vpn dlp vpn with unlimited users identity awareness i think this is advanced networking like ospf and so on ips antivirus url filtering and the spam application control antibot and this one is just a reference key so more or less this gateway has now the possibility to run all the blades um did we miss anything well we don't have uh fret extraction i think that's a different license so if we go in here and just the product evaluation i think there is a threat extraction maybe yeah here sandblast and threat extraction same with this one if we go back here vsx is not included here it's also different license so if you want to lab with vsx you actually need to generate this type of license plus an additional license for the vsx function and vsx is this one virtual system packages so that's one you you need to use so that's it with this how to install a license on the gateway and management station and i hope you like my new green screen i'm really happy about it well you get to see my face when i do these videos so bad luck for you but i think it's quite funny hope to see in the next one take care bye

Info

Channel: Magnus Holmberg

Views: 3,172

Rating: undefined out of 5

Keywords: ccsa, ccse, checkpoint, check point, cyber security, network, secuirty, firewall, checkpoint training, r80, r80.40, checkpoint firewall, checkpoint firewall training videos

Id: 9H7qLmQvcy4

Channel Id: undefined

Length: 21min 9sec (1269 seconds)

Published: Sun Aug 16 2020