Checkpoint License error

[dnack]

after i have chnaged the internal network ip addresses, i have this error

FW1: Informatory: the current VPN-1 & FireWall-1 license allows only 25 internal hosts.If this is different from the license you intended to purchase, ensure that you have the correct license

What should i do to the license? What is happening?

thanks

 

[ChrisAC]

The clue is in the word "Informatory". It's just reminding you that you have a 25 node licence, nothing more.

Chris.

**********************
Chris Andrew, CCNA, CCSA
chris@iproute.co.uk
**********************

 

[dnack]

No, now i have this message

FW1: FW-1: too many internal hosts (75) detected. : run "fw lichosts" to get a list of hosts Contact your Check Point VPN-1(TM) & FireWall-1 reseller.

 

[ChrisAC]

The first message was informatory telling you that you have a 25 user licence. Now the firewall is telling you that you have exceeded your licence by having 75 internal nodes protected by the firewall when you only have a licence for 25. So, upgrade your licence!

Chris.

**********************
Chris Andrew, CCNA, CCSA
chris@iproute.co.uk
**********************

 

[Piloria]

This worked on an older version of FW-1 check to see where the licences are coming from (as you changed your IP it may still have old IP addresses in the table.

To get a count type

fw tab -t host_table -s

The entry under # vals corresponds to the number of hosts it has counted.
You can see what IP's are currently being counted against your license by
issuing the following command:

fw lichosts

Rather than reboot the box, you may want to reset FireWall-1 count of IPs.
cpstop, remove the $FWDIR/database/fwd.h and $FWDIR/database/fwd.hosts files
and cpstart FireWall-1.

You can reset the table with

fw tab -t host_table -x.

 

[dnack]

What does this table does? Will any changes be affected to the FW or VPN?



>You can reset the table with
>
>fw tab -t host_table -x.

 

[ChrisAC]

This table simply counts the number of hosts on the network that the firewall can see. As your firewall is licenced in the number of hosts it protects then it must keep a count to see when you are exceeding your licence.

Resetting this table won't affect your firewall but you should be looking at adding a new licence.

Chris.

**********************
Chris Andrew, CCNA, CCSA
chris@iproute.co.uk
**********************

 

[robbiear]

How many internal host devices do you have on your network that need to traverse the firewall to the outside.

If this count exceeds the 25 that you have a license for then you will need to upgrade the license accordingly.

Deleting/Resetting the host table will only provide a short term fix, as soon as you firewall see's more than 25 ip nodes the entire process starts again.

Robbie

*****************************************************************
Richard Robins, CCNA, CCSE, WCSP, NNCSS, ACSE
*****************************************************************

 

[dnack]

The LAN are less than 25 clients. However we have created a remote VPN site. will it be the other 50 came from the remote site ?

 

[robbiear]

The license count is taken on ip addresses traversing the firewall in ana outbound direction, do the remote site users gain internet access only through the vpn tunnel to the central site


Robbie

*****************************************************************
Richard Robins, CCNA, CCSE, WCSP, NNCSS, ACSE
*****************************************************************