How Does Checkpoint Count Up IPs for Licensing?

If you have a multihomed interface with five IPs on it, will Checkpoint count that as five client licenses or one? In other words, is Checkpoint counting unique Mac addresses, or unique IPs?

Reply to
Will
Loading thread data ...

None

Neither.

It counts protected hosts, i.e. hosts behind internal interfaces.

The command "fw lichosts" lists hosts which have been conuted against the license.

Sunny

Reply to
Sunny

I think we are playing semantical games. What I meant by "client" is "a host behind an internal interface."

So the question was how does Checkpoint determine the presence of a host behind an internal interface? Is it counting the number of IPs on the internal interface, or is counting the number of unique Mac addresses?

This command spits out what looks like a logfile that goes back years. It's a lot of manual work to determine what the current licensed hosts are from that.

There is no mention of Mac addresses in the information that comes to the screen, so you would guess that Checkpoint is counting IPs only.

Reply to
Will

I suppose the semantics depend on what you mean by "multihomed interface" and "number of IPs on the internal interface".

If a host behind an internal interface generates traffic through the gateway, it's IP address is counted against the license. MAC addresses aren't counted because all hosts behind internal interfaces are counted, not just those on attached networks.

fw lichosts displays one line for each host counted against the license. The timestamp records the first time traffic from that host was seen. I'm not aware of another way to obtain licensed hosts details.

Sunny

Reply to
Sunny

Years ago Check Point had to be licensed for all IP's it was protecting. Nowadays, as noted above, IP's are only counted if they traverse the firewall. You should see a log entry of "too many internal hosts" if you have exceeded the license count.

JJ

Reply to
JJ

We have exceeded the license - probably by one or two IPs - but fw lichosts is giving a hugely long logfile as its output, not a short list of currently licensed hosts.

Reply to
Will

No, fw lichosts is displaying the licensed hosts table, which contains every internal IP that has ever traversed the gateway. Check Point has no concept of "currently licensed hosts".

SecureKnowledge article #sk10200 provides instructions for clearing the table (details vary by platform and version).

Sunny

Reply to
Sunny
16 December 2007 19:26 JJ broadcast thus:

Are you JJ of Arkan BBS (many years ago)? Sorry for the OT guys - times are hard with the necessity of spamtraps :(. This email addy is valid.

Cheers....j

Reply to
Jamin Davis

For a more brief summary try: # fw tab -t host_table (eventually with the -f flag, "fw tab -t host_table -f") or # fw tab -t host_table -s PEAK is the maximum nr of host since the host_table was cleared

see also sk10200

Reply to
Robby Cauwerts

No, sorry.

JJ #2

Reply to
JJ

Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.