If you have a multihomed interface with five IPs on it, will Checkpoint count that as five client licenses or one? In other words, is Checkpoint counting unique Mac addresses, or unique IPs?
- posted
16 years ago
If you have a multihomed interface with five IPs on it, will Checkpoint count that as five client licenses or one? In other words, is Checkpoint counting unique Mac addresses, or unique IPs?
None
Neither.
It counts protected hosts, i.e. hosts behind internal interfaces.
The command "fw lichosts" lists hosts which have been conuted against the license.
Sunny
I think we are playing semantical games. What I meant by "client" is "a host behind an internal interface."
So the question was how does Checkpoint determine the presence of a host behind an internal interface? Is it counting the number of IPs on the internal interface, or is counting the number of unique Mac addresses?
This command spits out what looks like a logfile that goes back years. It's a lot of manual work to determine what the current licensed hosts are from that.
There is no mention of Mac addresses in the information that comes to the screen, so you would guess that Checkpoint is counting IPs only.
I suppose the semantics depend on what you mean by "multihomed interface" and "number of IPs on the internal interface".
If a host behind an internal interface generates traffic through the gateway, it's IP address is counted against the license. MAC addresses aren't counted because all hosts behind internal interfaces are counted, not just those on attached networks.
fw lichosts displays one line for each host counted against the license. The timestamp records the first time traffic from that host was seen. I'm not aware of another way to obtain licensed hosts details.
Sunny
Years ago Check Point had to be licensed for all IP's it was protecting. Nowadays, as noted above, IP's are only counted if they traverse the firewall. You should see a log entry of "too many internal hosts" if you have exceeded the license count.
JJ
We have exceeded the license - probably by one or two IPs - but fw lichosts is giving a hugely long logfile as its output, not a short list of currently licensed hosts.
No, fw lichosts is displaying the licensed hosts table, which contains every internal IP that has ever traversed the gateway. Check Point has no concept of "currently licensed hosts".
SecureKnowledge article #sk10200 provides instructions for clearing the table (details vary by platform and version).
Sunny
Are you JJ of Arkan BBS (many years ago)? Sorry for the OT guys - times are hard with the necessity of spamtraps :(. This email addy is valid.
Cheers....j
For a more brief summary try: # fw tab -t host_table (eventually with the -f flag, "fw tab -t host_table -f") or # fw tab -t host_table -s PEAK is the maximum nr of host since the host_table was cleared
see also sk10200
No, sorry.
JJ #2
Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.