CheckPoint R62 Provider1 License Upgrade Document

8/15/2019 CheckPoint R62 Provider1 License Upgrade Document

1/13

1

Provider-1 NGX R62

License Upgrade Guide

Release NotesAugust 2, 2006

In This Document

OverviewIt is highly recommended to upgrade all Provider-1/SiteManager-1 NG licenses to NGXR62 licenses before upgrading software. Provider-1/SiteManager-1 NGX R62 with

licenses from previous versions will not function.

Licenses for versions prior to NG cannot be upgraded directly to NGX R62. In such a

case, you must first upgrade to NG and then upgrade the licenses from NG to NGX R62

licenses.

This document will describe the steps required for upgrading Provider-1/SiteManager-1licenses to NGX R62, as part of the software Upgrade procedure.

Software Subscription Requirements

The license upgrade procedure is available to purchasers of any of the Enterprise

Software Subscription services. License upgrade will fail for products and accounts for

which you do not have software subscription. You can see the exact products andaccounts for which you have software subscription by looking in your User Center

account.

Overview page 1

Before You Begin page 2

Supported Versions for Upgrade page 2

pv1_license_upgrade page 2

license_upgrade page 3

Provider-1 License Upgrade Flow for an MDS Server with Internet Connection page 4

License Upgrade for a Single CMA page 10
http://www.checkpoint.com/techsupport/ng_application_intelligence/releasenotes.htmlhttp://www.checkpoint.com/techsupport/ng_application_intelligence/releasenotes.html


2/13

Before You Begin

Provider-1 NGX R61 License Upgrade Guide. Last Update August 2, 2006 2

In the Accounts page, Enterprise Contract column, and in the Products page,

Subscription and Support column, if the account or product is covered, the expiration

date is shown. Otherwise, the entry says Join Now, with a link that accesses a quote for

purchasing Enterprise Support.

You can purchase an Enterprise Software Subscription for the whole account, in which

case all the products in the account will be covered, or you can purchase an Enterprise

Software Subscription for individual products.

Before You BeginBefore performing a Provider-1/SiteManager-1 license upgrade, it is recommended that

you check http://www.checkpoint.com/techsupport/ngx/license_upgrade.html for up to

date information and downloads regarding the NGX R62 license upgrade.

Supported Versions for Upgrade

For the latest information about supported versions, refer to to Provider-1/SiteManager-1NGX R62 Release Notes.

If your current installation can not be upgraded directly to NGX R62, you should first

upgrade to either R55 or VSX NG AI R2 for VSX installations.

pv1_license_upgradeThe pv1_license_upgrade command line tool is used to perform license upgrade forProvider-1.

When the tool is run on the MDS, upgraded licenses are obtained from the Check Point

User Center Web site for the MDS and for all the CMAs on the MDS. This tool makes it

simple to automatically upgrade licenses without having to do so manually through the

User Center.

The pv1_license_upgrade tool is located in:

Provider-1 NGX R62 CD at: /LicenseUpgrade/

NGX R62 installation at: /opt/CPmds-R62/system/license_upgrade/

It is recommended that you check

http://www.checkpoint.com/techsupport/ngx/license_upgrade.html for up to date

information and downloads regarding the NGX R62 license upgrade.
http://www.checkpoint.com/techsupport/ngx/license_upgrade.htmlhttp://www.checkpoint.com/techsupport/ngx/license_upgrade.htmlhttp://www.checkpoint.com/techsupport/ngx/license_upgrade.htmlhttp://www.checkpoint.com/techsupport/ngx/license_upgrade.html


3/13

license_upgrade


license_upgradeThe license_upgrade command line tool is used to perform license upgrade for a single

CMA. This is the same tool as that used to perform a license upgrade in SmartCenterenvironments.

The license_upgrade tool is located in:






Running the licence_upgrade command line tool displays a menu with a number ofoptions. To see all the options, run: license_upgrade.

License Upgrade Tool Options

Table 1

Option Definition

[L] View the licenses installed on your machine.

[S] Sends existing licenses to the User Center Web site to simulate the license

upgrade in order to verify that it can be performed. A real upgrade is not

performed and new licenses are not returned.

[U] Sends existing licenses to the User Center Web site to perform an upgrade (bydefault, in online mode) and installs them on the machine.

[C] Reports whether or not there are licenses on the machine that need to be

upgraded.

[O] Performs a license upgrade on a license file that was generated on a machine

with no Internet access to the User Center.

[V] Enables you to view a log of the last license upgrade or the last upgrade

simulation.
http://www.checkpoint.com/techsupport/ngx/license_upgrade.htmlhttp://www.checkpoint.com/techsupport/ngx/license_upgrade.html


4/13

Provider-1 License Upgrade Flow for an MDS Server with Internet Connection


Provider-1 License Upgrade Flow for an MDSServer with Internet Connection

Verify whether a license upgrade is required by running the console commandpv1_license_upgrade status. For detailed information refer to License Upgrade of theEntire System prior to a Software Upgrade page 5.


5/13

License Upgrade of the Entire System prior to a Software Upgrade


License Upgrade of the Entire System prior to aSoftware UpgradeIf a license upgrade is performed before the software upgrade, Check Point products

will generate warning messages until all the software on the machine has been

upgraded.

In This Section

Before Upgrading Licenses

1. Copy the pv1_license_upgrade and license_upgrade tools and the clic executableto the MDS version NG machine.

These tools are located in the following directories and should be saved in the same

location on the MDS version NG machine:






2. To run the pv1_license_upgrade tool, please make sure you have root permissions,and that you are in an MDS environment. In order to switch to MDS environment

run: mdsenv.

3. Verify whether a license upgrade is required by running the console commandpv1_license_upgradestatus.

This step reports whether or not there are licenses on the machine that need to be

upgraded.

Before Upgrading Licenses page 5

Upgrade Licenses page 6

After Completing the License Upgrade Process page 8


6/13

Upgrade Licenses


Upgrade Licenses

4. When upgrading a license you must perform different steps when an MDS has

Internet connectivity and when an MDS does not have Internet connectivity.

When an MDS machine has Internet connectivity:

Run the following command line tool on the MDS. On SecurePlatform, you must be

in expert mode.

If the MDS is directly connected to the Internet run: pv1_license_upgradeupgrade.

If the MDS is connected to the Internet via a proxy runpv1_license_upgrade upgrade -y -w .

The proxy port number is optional. Username and password (if any) are

intended for the proxy machine.

This step performs the following:

Collects all the licenses that exist on the MDS machine.

Verifies that all licenses can be upgraded, both for MDS and CMAs.

Fetches updated licenses from the User Center.

Builds a temporary cache file containing the NGX R62 licenses.

Installs upgraded licenses for the MDS and CMAs.

When an MDS machine does not have Internet connectivity:

1. On the offline MDS, run the following command line tool:

pv1_license_upgrade export -z

On SecurePlatform, run the command in expert mode.

The export command packs all licenses on the machine, for all CMAs and theMDS into a single package file.

2. Copy the package file (containing the licenses) from the offline MDS to the

online machine. The online machine does not need to be a CheckPoint-installed machine.

3. Copy the license_upgrade tool to the online machine and perform one of thefollowing:

Run the license_upgrade line tool on the online machine:

If the online machine is directly connected to the User Center, run:

license_upgrade upgrade -i -c


7/13

Upgrade Licenses


If the online machine is connected to the User Center via a proxy, run:

license_upgrade upgrade -y -w -i -c Where is the package file that is the result of the exportoperation.

Run the license_upgrade tool on the online machine (wizard mode):

- Press [O] to run the upgrade operation in offline mode.

- Enter the name of the exported file with the location of the package file

that is the result of the export operation.

- Enter the name of the file that will be created with all the upgradedlicenses (cache file name).

- Press [Y] when asked "Is this machine connected to the Internet?".

- Press [Y] if you are connected to the internet via a proxy and supply theproxy IP port and username password.

- Press [N] if you are not connected via proxy and continue with the

upgrade.- Enter the username and password of your User Center Account.

This step fetches new licenses from the User Center and puts them in a cache

file.

4. Copy the cache file (with the new licenses) back to the offline MDS machine.

5. Start the MDS in the root shell by running

mdsenvmdsstart

6. Run the following command line on the offline MDS:

pv1_license_upgrade import -c

Where is the file that is the result of the upgrade operationperformed on the online machine.

As a result, the new CMA and MDS licenses are imported to the MDS.


8/13

After Completing the License Upgrade Process



5. Review the log files from the online machine and the offline machine.

When running the pv1_license_upgrade tool the log files are located under$FWDIR/log//, where operation name can be upgrade, import,export, status, or simulate.

When running the license upgrade tool the log files are located under: $CPDIR/log.This log file is generated for the last operation performed.

Note:

License upgrade will fail for products and accounts for which you do not havesoftware subscription.

License upgrade will fail for evaluations.

The following MDS Pro Add-ons are not supported via the pv1_license_upgrade

tool:

Table 2

Pro Add-Ons for MDS

Customer Version Part Number

10 NG CPPR-PRO-10-NG






Table 3

LS for Pro Add-Ons for MDS

Customer Version Part Number

10 NG LS-CPPR-PRO-10-NG







9/13



To upgrade Pro Add-on licenses:

a) Save the following information:

* Log Files generated by the tool.

The location of the files is printed to the screen when running thepv1_license_upgrade tool.For example, when running pv1_license_upgrade upgrade, part of theoutput appears as follows:

See details in log files:-------------------------- Upgrade operation logs can be viewed at:

/opt/CPmds-R62/log/upgrade/license_upgrade.log- Import operation logs can be viewed at:/opt/CPmds-R62/log/import/license_upgrade.log- Detailed log of the license upgrade tool can be viewed at:/opt/CPmds-R62/log/pv1_license_upgrade.log

* Cache file - $CPDIR/conf/lic_cache.C. This file is generated when

running pv1_license_upgrade upgrade.

b) Contact Account Services at US +1 817 606 6600, option 7. Or, e-mail

[email protected], and provide them with the aboveinformation.

The Standby CMA repository can not be updated. The Standby CMA repository

is in a read only mode. Therefore, it is impossible to see the updated licensesin the SmartUpdate View until the two HA CMAs are synchronized.

6. If the license upgrade fails for only one CMA, it is possible to perform

license_upgrade on a single CMA. (refer to License Upgrade for a Single CMApage 10for more details).

7. Perform the software upgrade to NGX R62 on the MDS Manager, MDS Container,

and the MDG.

8. Start the MDS by running

mdsenvmdsstart

9. To verify that all the CMAs are running, run:

mdsenvmdsstat

10.Run the following command line tool at the MDS:



10/13

License Upgrade for a Single CMA


The default cache file location is $CPDIR/conf/lic_cache.C.

This step imports the NGX R62 licenses from the cache file to the CMA

Repositories of every CMA.

11.Perform the software upgrade to NGX R62 on the enforcement module machine(s).

This step is optional since NGX R62 management can manage the NG version of

enforcement points.

12.Connect to the MDS using the MDG SmartUpdate component, and for each CMA,

delete all obsolete licenses from NGX R62 gateways. (Optional)

13. In an MDS HA environment, as an alternative to running pv1_license_upgrade

upgrade on all MDSs, you can use the cache file generated on one MDS, on otherMDSs, by copying it to the other MDSs and running:



Repositories of every CMA.

License Upgrade for a Single CMAIn This Section

Before Upgrading Licenses

1. Copy the pv1_license_upgrade and the license_upgrade tools and the clicexecutable to the MDS version NG machine.

These tools are located in the following directories and should be saved in the same

location on the MDS version NG machine:






2. At the MDS machine, please make sure you have root permissions and that you are

in a single CMA environment. To switch to the CMA environment run:

mdsenv .

Before Upgrading Licenses page 10

Upgrade Licenses page 11

After Completing the License Upgrade Process page 13


11/13

Upgrade Licenses


Upgrade Licenses

3. When upgrading a license you must perform different steps when an MDS has

Internet connectivity and when an MDS does not have Internet connectivity.

When an MDS machine has Internet connectivity:

Perform one of the following:

Run the following command at the MDS:

- If the MDS machine is directly connected to the Internet run:

license_upgrade upgrade.

- If the MDS machine is connected to the Internet via a proxy run:license_upgrade upgrade -y -w .

The proxy port number is optional. Username and password (if any) are

intended for the proxy machine.

Run the license_upgrade tool at the online machine (wizard mode):

- Press [U] to perform a license upgrade.

- Press [Y] when asked "Is this machine connected to the Internet?".- Press [Y] if you are connected to the internet via a proxy and supply the proxyIP port and username password.

- Press [N] if you are not connected via proxy and continue with the upgrade.

- Enter the user and password of your User Center Account.

This step performs the following:

Collects all the licenses that exist on the CMA.

Fetches updated licenses from the User Center.

Installs an upgraded license for the CMA, and saves upgraded CMA

Repository licenses on the CMA.

When an MDS machine does not have Internet connectivity:

1. Copy the licenses from this machine to a file using one of the following

methods.

On SecurePlatform, run the command in expert mode and perform one of the

following:

Run the following command line tool at the offline target machine:

license_upgrade export -z .

From the menu of options select:

- Press [U] to run the upgrade operation.- Press [N] to specify that you don't have an internet connection.


12/13

Upgrade Licenses


- Press [E] to copy the licenses to a license file.- Enter the name of the license package file that will be created.

- Press [Q] to quit the license upgrade tool.

This step packs all licenses on the machine into a single package file.2. Copy the output file package (containing the licenses) from the offline target

machine to any online machine. The online machine does not need to be a

Check Point-installed machine.

3. Copy the license_upgrade tool to the online machine.

4. Run the command line tool at the online machine:

If the online machine is directly connected to the User Center, run:license_upgrade upgrade -i -c

If the online machine is connected to the User Center via a proxy perform

one of the following:

- Run: license_upgrade upgrade -y -w -i -c

Where is the package file that is the result of the export

operation.

- Run the license_upgrade tool at the online machine (wizard mode):

Press [O] to run the upgrade operation in offline mode.

Enter the name of the exported file with the location of the package file that

is the result of the export operation.

Enter the name of the file that will be created with all the upgraded

licenses (output file name).

Press [Y] when asked "Is this machine connected to the Internet?".

Press [Y] if you are connected to the internet via a proxy and supply theproxy IP port and username password.

Press [N] if you are not connected via proxy and continue with the upgrade.

Enter the username and password of your User Center Account.

This step fetches new licenses from the User Center and puts them in a cache

file.

5. Copy the cache file (with the new CMA licenses) to the offline target machine.


13/13



6. Perform one of the following:

Run the following command line on the offline target machine:

license_upgrade import -c

Run the license_upgrade tool on the offline machine (wizard mode)

- Press [U] to run the Upgrade operation.

- Press [N] when asked "Is this machine connected to the Internet?".

- Press [I] to import the output file with all the upgraded licenses back tothe SmartCenter.

- Enter the cache file name with all the upgraded licenses.


repository.


4. Please refer to step 5 in License Upgrade of the Entire System prior to a Software

Upgrade page 5.

Documents

CheckPoint R62 Provider1 License Upgrade Document