Subscription Licensing

Technical Guide

FEATURE OVERVIEW AND CONFIGURATION GUIDE

Subscription Licensing

IntroductionThis guide describes AlliedWare Plus Subscription Licensing for the Next-Generation Firewall (NGFW) and its configuration.

The AlliedWare Plus NGFW, combined with advanced threat protection and mitigation measures, provides an Unified Threat Management (UTM) system with a range of security features. Various features will be offered on a subscription basis, where the user will need to pay licensing fees on a recurring basis in order for the feature to continue operating as well as receive definition updates. For example, the Web Control and Antivirus features depend on third parties to generate signature files to block particular URLs or filter out viruses, where new updates are required on a regular basis.

ContentsIntroduction .............................................................................................................................................................................1

Products and software version that apply to this guide........................................................................2

Capability Response File ...................................................................................................................................................2

Log Messages for Subscription Licensing ................................................................................................................2

Log message for license expiry warnings ......................................................................................................3

Log message for license expiry notifications ...............................................................................................3

Log message for license activation ....................................................................................................................3

Configuration Example......................................................................................................................................................4

alliedtelesis.com xC613-22030-00 REV B

Capability Response File

Products and software version that apply to this guide

This Guide applies to AlliedWare Plus Subscription Licensing for the NGFW, running version 5.4.5 or later.

However, implementation varies between products. To see whether a product supports a feature or command, see the following documents:

The product’s Datasheet

The AlliedWare Plus Datasheet

The product’s Command Reference

These documents are available from the above links on our website at alliedtelesis.com.

Feature support may change in later software versions. For the latest information, see the above documents.

Capability Response File

The subscription licenses are contained in a file called Capability Response File (CRF). The CRFs are tied to a device's serial number and contain all the information about the subscription licenses that have been allocated to the device. A single CRF contains all of the licenses for a device. The CRF is created by the Allied Telesis Download Center as part of the licensing process, which can be loaded onto the device and processed to activate a feature. The CRFs can be obtained from the Allied Telesis Download Center.

Log Messages for Subscription Licensing

The following types of log messages can be printed for Subscription Licensing.

The log to warn that a license is due to expire soon.

The log to indicate when a license has expired.

The log to indicate when a (future-dated) license has now become active.

Licenses start at 00:00:00 UTC on the start date. Licenses expire at 23:59:59 UTC on the expiry date. License checks occur on boot and at 23:59:59 UTC daily.

You may see these log messages after the initialization processes when you boot up the device. You can also set up appropriate syslog monitoring to look for these messages. For more information about log messages, see the Logging Feature Overview and Configuration Guide.

Page 2 | Subscription Licensing

Log Messages for Subscription Licensing

Log message for license expiry warnings

The following output is an example log message when a subscription license is due to expire.

The specified license will expire at the specified local time which is determined by the timezone (if any) that is set on the device. Unless further licensing is acquired before then, the feature enabled by this license will no longer work. You need to contact your authorized Allied Telesis distributor or reseller for further licensing.

Warning messages will be printed in the log 28 days, 21 days, 14 days, 7 days and 1 day prior to a license expiring. You will also receive notification emails about impending license expiry from the Allied Telesis Download Center prior to a license expiring.

Log message for license expiry notifications

The following output is an example log message when a subscription license has expired.

The installed subscription license has reached its expiration date. The licensed features will no longer operate. You need to contact your authorized Allied Telesis distributor or reseller for further licensing.

You will receive a notification email from Allied Telesis Download Center about license expiry.

Log message for license activation

The following output is an example log message when a subscription license has been successfully activated.

The installed license has reached its activation date, so the licensed features will now be able to operate.

licensing[1204]: License 'IP Reputation (Emerging Threats)' is due to expire in 7 days at Wed Feb 24 23:59:59 2016

licensing[1212]: License IP Reputation (Emerging Threats) expired. All features associated with this license have been deactivated

licensing[1208]: License IP Reputation (Emerging Threats) activated. All features associated with this license have been started.

Subscription Licensing | Page 3

Configuration Example

Configuration ExampleThe following example shows how to configure Subscription Licensing for the NGFW on your device.

Step 1: Downloading CRF.

You can download the CRF from the Allied Telesis Download Center by using either an administrator account or the appropriate user account for the device. To obtain an account, you can contact your customer support representative for more information.

After you have landed onto the Download Central Homepage, you can locate the device by clicking Search Devices from the Devices menu on the left as shown in Figure 1, “Search Devices page,” on page 4. You can select the appropriate device by clicking the serial number from the Serial Number list as shown in Figure 2, “View Device page,” on page 5.

Figure 1: Search Devices page

From the View Device page, you can download the CRF file by clicking the Download Capability Response link. You should see a pop-up window as shown in Figure 3, “Opening CRF,” on page 5, which allows you to either open or download the CRF file. CRFs are saved as .bin files that can be renamed for convenience.

If you cannot see the pop-up window, you may need to check your web browser’s settings and make sure the pop-up window is not blocked by the web browser.

Page 4 | Subscription Licensing

Configuration Example

Figure 2: View Device page

Figure 3: Opening CRF

Step 2: Activating CRF.

After you have downloaded the CRF, you can transfer it onto the device’s flash storage by any preferred method. For example, you can use the copy (URL) command to copy the CRF file from a USB device to the flash storage.

To list the non-hidden files in the root of the USB device, enter the commands below:

awplus#dir usb

Below is an example output:

awplus#dir usb 2386 -rwx Apr 24 2015 10:11:46 A05050G144700002.bin

Subscription Licensing | Page 5

Configuration Example

To copy the CRF file from the USB device into the flash storage, use the commands below:

awplus#copy usb flash

Below is an example output:

Alternatively, you can copy the CRF file from a TFTP server into the flash storage. Note that you need to ensure that you can connect to the TFTP server. For example, you can copy the CRF file from the TFTP server with IP address 192.168.1.254 into the flash storage by using the following commands:

awplus#copy tftp flash

Below is an example output:

To list the URL of the CRF file in the flash storage, use the commands below:

awplus#dir *.bin

Below is an example output:

Once the CRF is present in the device’s local storage, you can activate it by using the following command.

awplus#license update <CRF-url>

Below is an example:

awplus#copy usb flashEnter source path with file name[]:A05050G144700002.binCopying...Successful operation

awplus#ping 192.168.1.254 repeat 2PING 192.168.1.254 (192.168.1.254) 56(84) bytes of data.64 bytes from 192.168.1.254: icmp_req=1 ttl=64 time=0.200 ms64 bytes from 192.168.1.254: icmp_req=2 ttl=64 time=0.184 ms

--- 192.168.1.254 ping statistics ---2 packets transmitted, 2 received, 0% packet loss, time 999msrtt min/avg/max/mdev = 0.184/0.192/0.200/0.008 msawplus#copy tftp flashEnter source host name []:192.168.1.254Enter source path with file name[]:A05050G144700002.binEnter destination file name[A05050G144700002.bin]:Copying...Successful operation

awplus#dir A05050G144700002.bin 2386 -rwx Apr 24 2015 10:20:53 flash:/A05050G144700002.bin

awplus#license update A05050G144700002.bin

Page 6 | Subscription Licensing

If the CRF is valid and is tied to the serial of the device, this command will succeed and the licenses will be activated on the device.

Note that no messages will print if the CRF is imported successfully.

Step 3: Verifying CRF Activation.

Once a valid CRF has been activated on the device, you can verify it by using the following command.

awplus#show license external

Below is an example output from the console. Note that the time shown in the example is local time which is automatically converted from UTC time. Also note that the show license external command only shows licenses that are currently activated.

awplus#show license externalLicensed features:

Application Control (Procera) Start date : 24-Feb-2015 12:00AM Expiry date : 24-Feb-2016 11:59PMWeb Control (Digital Arts) Start date : 24-Feb-2015 12:00AM Expiry date : 24-Feb-2016 11:59PM

C613-22030-00 REV B

North America Headquarters | 19800 North Creek Parkway | Suite 100 | Bothell | WA 98011 | USA | T: +1 800 424 4284 | F: +1 425 481 3895Asia-Pacifi c Headquarters | 11 Tai Seng Link | Singapore | 534182 | T: +65 6383 3832 | F: +65 6383 3830EMEA & CSA Operations | Incheonweg 7 | 1437 EK Rozenburg | The Netherlands | T: +31 20 7950020 | F: +31 20 7950021

alliedtelesis.com© 2015 Allied Telesis Inc. All rights reserved. Information in this document is subject to change without notice. All company names, logos, and product designs that are trademarks or registered trademarks are the property of their respective owners.