Hey Magnus, great job, quick 2 Questions. If you do not access to SMS trhorugh Smartconsole, is it possible to add and attach the licence on webui? Another question, you said that in real environement we need to add contract files too. What is the difference license and contract file, why we need to add and attach contract file too? Thanks for your answers.
1: you can add it In CLI, with the email you get when generating the license file there is instructions for it. 2: contract file is 1 file for the environment more or less that include support and subscription updates. Normally done in new installation and from time to time when renewal of if equipment don’t have access to internet. So contract file is normally updated across the whole mgmt server (if you have centralized licenses)
Thank you, For gateways, no I would wait 3-5 jumbo hot fixes. For VSX, no I wait until the HFA is above take 100. For mgmt, Maybe, I would wait a bit more, the stuff I have tested so far works, am running it on production box so far. Our own plan is to upgrade MDS servers during Q1, but gateways we are running R80.30 3.10 kernel, so it will take some time more.
@@DomingosVarela new appliances with normal HA should be well tested by check point. But as always there can be some new issues and bugs. There is no HFA on R81 yet so I would wait a bit more. (Am guessing you go in the freeze period soon over the holidays, so no point is risking something) There are cool features with it so I understand why someone would like to upgrade. It’s a month ago they released the GA, am expecting them to release the first HFA soon.
Am not aware that hard drives in appliances boxes would be encrypted. I myself don’t use appliances boxes so I would ask this question in the checkmate forum :)
Hello, Magnus. One query, please. I currently have an SMS and also a Firewall, which licenses are due to expire on 10Jun2021. Following this video, I have the following doubt:. I already generated a DEMO License, and I already have the syntax "cplic put " My question is: Is it enough to copy this syntax and paste it in the CLI and then save it with a "save config" to be able to know that my licenses are already renewed? Or do I have to do more additional steps? Thank you very much for your help.
Hi! If you want to check licenses in CLI you can check with cplic print (You don’t need to save config when adding licenses) You will also see it within the smartconsole if you go to “gateway & servers” it will be green and pretty when licenses are all good. Keep in mind that you may need to install policy when using central licenses for everything to be updated correctly. I actually have no experience when running the mgmt and FW on the same box, but it should be the same :)
Hi Magnus Viewing for old logs on smartevent which command should i execute . I searched on google with no success. We experiencing low disk space on Smartevent however before cleanup i need to view the time stamps when the logs were generated.
not sure what you mean, if you refering to the logfiles, checking in CLI with like ls -lh would give you date and size of each logfile. I would recommend to gzip the logfiles then they take about 10% space and you could then transfer them to another box for longterm storage.
Central licenses means that you can store them all on the mgmt server even if you have 100 gateways. But license wise each gateway still need its own license file so to say. I always recommend having central, as you bind them towards the mgmt ip so if you need to change topology there is no need to release just because a gw changes ip.
Hello, Magnus. It's very good your video saga, congratulations for it. I am replicating the labs, and I have an observation in this chapter. Indeed, in the SMARTCONSOLE I got the message "evalution license expired", I discarded a demo license, as you indicate in the video, but my observation is that when I copy the command in the CLI of my SMC, and I check the license with "cplic print" I see what I have installed, but I do not see the section "Contract coverage", is this normal? Thank you for your time.
Yes, contract is a different file, if you check your userscenter where u have your licenses. You have a button called download contracts. This need to be downloaded and then added in the GUI. If your mgmt/gw have internet access they will sync this automatically. But for demo licenses it will remain as missing contract.
I want to know If we have dual chassis in HA mode, then either we have to upload contract file for both of the chassis one by one or it will automatically add for both the chassis after downloading it. Please reply
@@MagnusHolmberg-NetSec The reason I asked is I work in VSX environment. I'm totally new to VSX. So, tot of taking some training from you.Can I get your contact number pls? if you can, kindly share to my personal email: ram.patriji@gmail.com
So what you guys think about the new setup :) ?
Better, mate! Thanks!
Seriously this is the best video on RUclips
Thanks Magnus for creating and sharing this very useful content in a impressive and easy way.
Thank you for watching! hope you learned something :)
Thank you for more one lesson/video! Congratulations!
Thank you for watching :)
Great Videos. I like the way tech is presented, clear and precise.
good to see you on Presentation
thank you Rizwan :)
thank you master magnus
You're welcome
Thank you magnus i have learn alot .
Your welcome!
Hey Magnus, great job, quick 2 Questions. If you do not access to SMS trhorugh Smartconsole, is it possible to add and attach the licence on webui? Another question, you said that in real environement we need to add contract files too. What is the difference license and contract file, why we need to add and attach contract file too? Thanks for your answers.
1: you can add it In CLI, with the email you get when generating the license file there is instructions for it.
2: contract file is 1 file for the environment more or less that include support and subscription updates.
Normally done in new installation and from time to time when renewal of if equipment don’t have access to internet.
So contract file is normally updated across the whole mgmt server (if you have centralized licenses)
@@MagnusHolmberg-NetSec thank you, i appreciate your answer
Awesome content again!
Thank you :) thinking that the next video should be about the diff logs that there is.
Smart log /smart view
Audi
Messages
One more great video, thanks!
after using version 81, do you recommend upgrading from version 80.40 to version 81 in the production environment?
Thank you,
For gateways, no I would wait 3-5 jumbo hot fixes.
For VSX, no I wait until the HFA is above take 100.
For mgmt, Maybe, I would wait a bit more, the stuff I have tested so far works, am running it on production box so far.
Our own plan is to upgrade MDS servers during Q1, but gateways we are running R80.30 3.10 kernel, so it will take some time more.
@@MagnusHolmberg-NetSec Thank you very much for sharing your experience and knowledge. I have version 80.40 in production with a 6800 clutter!
@@DomingosVarela new appliances with normal HA should be well tested by check point. But as always there can be some new issues and bugs.
There is no HFA on R81 yet so I would wait a bit more. (Am guessing you go in the freeze period soon over the holidays, so no point is risking something)
There are cool features with it so I understand why someone would like to upgrade. It’s a month ago they released the GA, am expecting them to release the first HFA soon.
Sorry to ask this. I was checking the CPView. I was actually looking on how to determine the hardisk of my CP 13500 if encrypted or not.
Am not aware that hard drives in appliances boxes would be encrypted.
I myself don’t use appliances boxes so I would ask this question in the checkmate forum :)
Great Sir - I want to know How many time can use this evaluation license?
You need to generate a new evaluation licens every 30days,
How many it’s possible to generate I don’t know.
Thanks Magnus
Hello, Magnus.
One query, please.
I currently have an SMS and also a Firewall, which licenses are due to expire on 10Jun2021. Following this video, I have the following doubt:. I already generated a DEMO License, and I already have the syntax "cplic put " My question is: Is it enough to copy this syntax and paste it in the CLI and then save it with a "save config" to be able to know that my licenses are already renewed? Or do I have to do more additional steps?
Thank you very much for your help.
Hi!
If you want to check licenses in CLI you can check with
cplic print
(You don’t need to save config when adding licenses)
You will also see it within the smartconsole if you go to “gateway & servers” it will be green and pretty when licenses are all good.
Keep in mind that you may need to install policy when using central licenses for everything to be updated correctly.
I actually have no experience when running the mgmt and FW on the same box, but it should be the same :)
Hi Magnus
Viewing for old logs on smartevent which command should i execute . I searched on google with no success. We experiencing low disk space on Smartevent however before cleanup i need to view the time stamps when the logs were generated.
not sure what you mean, if you refering to the logfiles, checking in CLI with like ls -lh would give you date and size of each logfile.
I would recommend to gzip the logfiles then they take about 10% space and you could then transfer them to another box for longterm storage.
Hello Magnus Can we add Licences one licences to another gateway if we have central licences
Central licenses means that you can store them all on the mgmt server even if you have 100 gateways.
But license wise each gateway still need its own license file so to say.
I always recommend having central, as you bind them towards the mgmt ip so if you need to change topology there is no need to release just because a gw changes ip.
Hello, Magnus.
It's very good your video saga, congratulations for it.
I am replicating the labs, and I have an observation in this chapter.
Indeed, in the SMARTCONSOLE I got the message "evalution license expired", I discarded a demo license, as you indicate in the video, but my observation is that when I copy the command in the CLI of my SMC, and I check the license with "cplic print" I see what I have installed, but I do not see the section "Contract coverage", is this normal?
Thank you for your time.
Yes, contract is a different file, if you check your userscenter where u have your licenses. You have a button called download contracts. This need to be downloaded and then added in the GUI.
If your mgmt/gw have internet access they will sync this automatically.
But for demo licenses it will remain as missing contract.
I want to know If we have dual chassis in HA mode, then either we have to upload contract file for both of the chassis one by one or it will automatically add for both the chassis after downloading it. Please reply
One licens per box, so either centrally attach it from mgmt or upload to each box
Thanks@@MagnusHolmberg-NetSec
Hi Magnus, do you take training of Checkpoint? If YES, how can I reach you?
Hi, currently i have no plans in holding training other than here on youtube.
i try to share as much knowledge as possible to everyone to use :)
@@MagnusHolmberg-NetSec The reason I asked is I work in VSX environment. I'm totally new to VSX. So, tot of taking some training from you.Can I get your contact number pls? if you can, kindly share to my personal email: ram.patriji@gmail.com
Спасибо, друг!