Discussion:
NG "No valid license found..."
(too old to reply)
Bob Morrison
2003-06-28 16:57:55 UTC
Permalink
I have just moved my Checkpoint NG FP1 server to a new site and changed IP
addresses ... have re-licensed, new licenses were accepted fine in
Configuration gui, but I keep getting "No valid license found in Management
Server "localhost" when trying to log on to policy editor.

I know password is OK because I got in to Policy Editor before changing IP
addresses.

IP has been changed in Policy , on external NIC and in license. Am I missing
something?

Thanks
Bob Morrison
Grand Cayman
***@cwco.com
Bob Morrison
2003-06-28 17:22:38 UTC
Permalink
I can't get into the rulebase because I can't get into the policy editor ..

Is there another way?
have you changed the IP address of the Firewall object within the
rulebase???
that's more than likely the case here...
Post by Bob Morrison
I have just moved my Checkpoint NG FP1 server to a new site and changed IP
addresses ... have re-licensed, new licenses were accepted fine in
Configuration gui, but I keep getting "No valid license found in
Management
Post by Bob Morrison
Server "localhost" when trying to log on to policy editor.
I know password is OK because I got in to Policy Editor before changing IP
addresses.
IP has been changed in Policy , on external NIC and in license. Am I
missing
Post by Bob Morrison
something?
Thanks
Bob Morrison
Grand Cayman
David Clothier
2003-06-28 19:09:56 UTC
Permalink
on the machine, go to the $FWDIR and type: fwunloadlocal

it'll unload the security policy and allow you on.. or it should
Post by Bob Morrison
I can't get into the rulebase because I can't get into the policy editor ..
Is there another way?
have you changed the IP address of the Firewall object within the
rulebase???
that's more than likely the case here...
Post by Bob Morrison
I have just moved my Checkpoint NG FP1 server to a new site and
changed
Post by Bob Morrison
IP
Post by Bob Morrison
addresses ... have re-licensed, new licenses were accepted fine in
Configuration gui, but I keep getting "No valid license found in
Management
Post by Bob Morrison
Server "localhost" when trying to log on to policy editor.
I know password is OK because I got in to Policy Editor before
changing
Post by Bob Morrison
IP
Post by Bob Morrison
addresses.
IP has been changed in Policy , on external NIC and in license. Am I
missing
Post by Bob Morrison
something?
Thanks
Bob Morrison
Grand Cayman
Bob Morrison
2003-06-29 16:21:13 UTC
Permalink
Nope ... hope this screendump gives you some more clues, I'm at the end of
my rope ...
===============================================================
C:\WINNT\FW1\5.0\bin>fw ver
This is Check Point VPN-1(TM) & FireWall-1(R) NG Feature Pack 1 Build 51129

C:\WINNT\FW1\5.0\bin>fwunloadlocal
'fwunloadlocal' is not recognized as an internal or external command,
operable program or batch file.

C:\WINNT\FW1\5.0\bin>fw unload local
Uninstall Security Policy from local: No license for remote uninstall

C:\WINNT\FW1\5.0\bin>fw unload
Uninstall: Must specify target(s)

C:\WINNT\FW1\5.0\bin>fw unload localhost

Uninstalling Security Policy from ***@FIREWALL
fwarp_initialize_myself: Cannot retrieve self object

fwarp_delete_entries_win2k: unable to initialize

Done.

C:\WINNT\FW1\5.0\bin>fw unload firewall

Uninstalling Security Policy from ***@FIREWALL
fwarp_initialize_myself: Cannot retrieve self object

fwarp_delete_entries_win2k: unable to initialize

Done.

C:\WINNT\FW1\5.0\bin>

===============================================================
Thanks! Bob
Post by David Clothier
on the machine, go to the $FWDIR and type: fwunloadlocal
it'll unload the security policy and allow you on.. or it should
Post by Bob Morrison
I can't get into the rulebase because I can't get into the policy editor
..
Post by Bob Morrison
Is there another way?
have you changed the IP address of the Firewall object within the
rulebase???
that's more than likely the case here...
Post by Bob Morrison
I have just moved my Checkpoint NG FP1 server to a new site and
changed
Post by Bob Morrison
IP
Post by Bob Morrison
addresses ... have re-licensed, new licenses were accepted fine in
Configuration gui, but I keep getting "No valid license found in
Management
Post by Bob Morrison
Server "localhost" when trying to log on to policy editor.
I know password is OK because I got in to Policy Editor before
changing
Post by Bob Morrison
IP
Post by Bob Morrison
addresses.
IP has been changed in Policy , on external NIC and in license. Am I
missing
Post by Bob Morrison
something?
Thanks
Bob Morrison
Grand Cayman
Bob Morrison
2003-06-30 20:31:14 UTC
Permalink
Ray,

You had me excited there for a minute, but no luck ... see following:
===============================================================

Microsoft Windows 2000 [Version 5.00.2195]
(C) Copyright 1985-2000 Microsoft Corp.

C:\>fw unloadlocal
Unknown command "unloadlocal"
Usage:
fw ver [-h] ... # Display version
fw kill [-sig_no] procname # Send signal to a daemon
fw putkey ... # Client server keys
fw sam ... # Control sam server
fw load [opts] [filter-file|rule-base] targets # Install Policy on targets
fw unload [opts] targets # Uninstall targets
fw dbload [targets] # Download the database
fw fetch targets # Fetch last policy
fw tab [-h] ... # Kernel tables content
fw monitor [-h] ... # Monitor VPN-1/FW-1 traffic
fw ctl [args] # Control kernel
fw lichosts # Display protected hosts
fw log [-h] ... # Display logs
fw logswitch [-h target] [+|-][oldlog] # Create a new log file;
# the old log is moved
fw repairlog ... # Log index recreation
fw logexport [-h] ... # Export log to ascii file
fw mergefiles ... # log files merger
fw gen [-RouterType [-import]] rule-base # Generate an inspection
# script or a router
access-list

fw dbexport [-h] ... # Export the database
fw ikecrypt <key> <password> # Crypt a secret with a key
# (for the dbexport command)
fw dbimport [-h] ... # Import to database


C:\>
===============================================================

Bob.
You tried all of the possible combinations except the correct one. :-)
fw unloadlocal
Ray
Post by Bob Morrison
Nope ... hope this screendump gives you some more clues, I'm at the end of
my rope ...
===============================================================
C:\WINNT\FW1\5.0\bin>fw ver
This is Check Point VPN-1(TM) & FireWall-1(R) NG Feature Pack 1 Build
51129
Post by Bob Morrison
C:\WINNT\FW1\5.0\bin>fwunloadlocal
'fwunloadlocal' is not recognized as an internal or external command,
operable program or batch file.
C:\WINNT\FW1\5.0\bin>fw unload local
Uninstall Security Policy from local: No license for remote uninstall
C:\WINNT\FW1\5.0\bin>fw unload
Uninstall: Must specify target(s)
C:\WINNT\FW1\5.0\bin>fw unload localhost
fwarp_initialize_myself: Cannot retrieve self object
fwarp_delete_entries_win2k: unable to initialize
Done.
C:\WINNT\FW1\5.0\bin>fw unload firewall
fwarp_initialize_myself: Cannot retrieve self object
fwarp_delete_entries_win2k: unable to initialize
Done.
C:\WINNT\FW1\5.0\bin>
===============================================================
Thanks! Bob
Post by David Clothier
on the machine, go to the $FWDIR and type: fwunloadlocal
it'll unload the security policy and allow you on.. or it should
Post by Bob Morrison
I can't get into the rulebase because I can't get into the policy
editor
Post by Bob Morrison
Post by David Clothier
..
Post by Bob Morrison
Is there another way?
have you changed the IP address of the Firewall object within the
rulebase???
that's more than likely the case here...
Post by Bob Morrison
I have just moved my Checkpoint NG FP1 server to a new site and
changed
Post by Bob Morrison
IP
Post by Bob Morrison
addresses ... have re-licensed, new licenses were accepted fine in
Configuration gui, but I keep getting "No valid license found in
Management
Post by Bob Morrison
Server "localhost" when trying to log on to policy editor.
I know password is OK because I got in to Policy Editor before
changing
Post by Bob Morrison
IP
Post by Bob Morrison
addresses.
IP has been changed in Policy , on external NIC and in license.
Am
I
Post by Bob Morrison
Post by David Clothier
Post by Bob Morrison
missing
Post by Bob Morrison
something?
Thanks
Bob Morrison
Grand Cayman
Norman Zhang
2003-06-30 20:42:27 UTC
Permalink
"Bob Morrison" wrote in message...
Post by Bob Morrison
===============================================================
Microsoft Windows 2000 [Version 5.00.2195]
(C) Copyright 1985-2000 Microsoft Corp.
C:\>fw unloadlocal
Unknown command "unloadlocal"
Did you try to reinitialize SIC? Also you may want to use FP3 instead of FP1
(that is if you have the upgrade contract).

Norman
Ray
2003-07-01 12:31:16 UTC
Permalink
Is the management server separate from the firewall? If so, you have to run
"fw unloadlocal" on the firewall box, not the management server. Use a
console cable, SSH or something.

Ray
Post by Bob Morrison
Ray,
===============================================================
Microsoft Windows 2000 [Version 5.00.2195]
(C) Copyright 1985-2000 Microsoft Corp.
C:\>fw unloadlocal
Unknown command "unloadlocal"
fw ver [-h] ... # Display version
fw kill [-sig_no] procname # Send signal to a daemon
fw putkey ... # Client server keys
fw sam ... # Control sam server
fw load [opts] [filter-file|rule-base] targets # Install Policy on targets
fw unload [opts] targets # Uninstall targets
fw dbload [targets] # Download the database
fw fetch targets # Fetch last policy
fw tab [-h] ... # Kernel tables content
fw monitor [-h] ... # Monitor VPN-1/FW-1 traffic
fw ctl [args] # Control kernel
fw lichosts # Display protected hosts
fw log [-h] ... # Display logs
fw logswitch [-h target] [+|-][oldlog] # Create a new log file;
# the old log is moved
fw repairlog ... # Log index recreation
fw logexport [-h] ... # Export log to ascii file
fw mergefiles ... # log files merger
fw gen [-RouterType [-import]] rule-base # Generate an inspection
# script or a router
access-list
fw dbexport [-h] ... # Export the database
fw ikecrypt <key> <password> # Crypt a secret with a key
# (for the dbexport command)
fw dbimport [-h] ... # Import to database
C:\>
===============================================================
Bob.
You tried all of the possible combinations except the correct one. :-)
fw unloadlocal
Ray
Post by Bob Morrison
Nope ... hope this screendump gives you some more clues, I'm at the
end
Post by Bob Morrison
of
Post by Bob Morrison
my rope ...
===============================================================
C:\WINNT\FW1\5.0\bin>fw ver
This is Check Point VPN-1(TM) & FireWall-1(R) NG Feature Pack 1 Build
51129
Post by Bob Morrison
C:\WINNT\FW1\5.0\bin>fwunloadlocal
'fwunloadlocal' is not recognized as an internal or external command,
operable program or batch file.
C:\WINNT\FW1\5.0\bin>fw unload local
Uninstall Security Policy from local: No license for remote uninstall
C:\WINNT\FW1\5.0\bin>fw unload
Uninstall: Must specify target(s)
C:\WINNT\FW1\5.0\bin>fw unload localhost
fwarp_initialize_myself: Cannot retrieve self object
fwarp_delete_entries_win2k: unable to initialize
Done.
C:\WINNT\FW1\5.0\bin>fw unload firewall
fwarp_initialize_myself: Cannot retrieve self object
fwarp_delete_entries_win2k: unable to initialize
Done.
C:\WINNT\FW1\5.0\bin>
===============================================================
Thanks! Bob
Post by David Clothier
on the machine, go to the $FWDIR and type: fwunloadlocal
it'll unload the security policy and allow you on.. or it should
Post by Bob Morrison
I can't get into the rulebase because I can't get into the policy
editor
Post by Bob Morrison
Post by David Clothier
..
Post by Bob Morrison
Is there another way?
have you changed the IP address of the Firewall object within the
rulebase???
that's more than likely the case here...
Post by Bob Morrison
I have just moved my Checkpoint NG FP1 server to a new site and
changed
Post by Bob Morrison
IP
Post by Bob Morrison
addresses ... have re-licensed, new licenses were accepted
fine
Post by Bob Morrison
in
Post by Bob Morrison
Post by David Clothier
Post by Bob Morrison
Post by Bob Morrison
Configuration gui, but I keep getting "No valid license found in
Management
Post by Bob Morrison
Server "localhost" when trying to log on to policy editor.
I know password is OK because I got in to Policy Editor before
changing
Post by Bob Morrison
IP
Post by Bob Morrison
addresses.
IP has been changed in Policy , on external NIC and in license.
Am
I
Post by Bob Morrison
Post by David Clothier
Post by Bob Morrison
missing
Post by Bob Morrison
something?
Thanks
Bob Morrison
Grand Cayman
Ray
2003-07-01 14:01:45 UTC
Permalink
<scratching head> Have you tried the internal IP instead of "localhost"?

Ray
No, they are located on the same PC ...
Post by Ray
Is the management server separate from the firewall? If so, you have to
run
Post by Ray
"fw unloadlocal" on the firewall box, not the management server. Use a
console cable, SSH or something.
Ray
Post by Bob Morrison
Ray,
===============================================================
Microsoft Windows 2000 [Version 5.00.2195]
(C) Copyright 1985-2000 Microsoft Corp.
C:\>fw unloadlocal
Unknown command "unloadlocal"
fw ver [-h] ... # Display version
fw kill [-sig_no] procname # Send signal to a
daemon
Post by Ray
Post by Bob Morrison
fw putkey ... # Client server keys
fw sam ... # Control sam server
fw load [opts] [filter-file|rule-base] targets # Install Policy on
targets
Post by Bob Morrison
fw unload [opts] targets # Uninstall targets
fw dbload [targets] # Download the database
fw fetch targets # Fetch last policy
fw tab [-h] ... # Kernel tables content
fw monitor [-h] ... # Monitor VPN-1/FW-1
traffic
Post by Bob Morrison
fw ctl [args] # Control kernel
fw lichosts # Display protected
hosts
Post by Ray
Post by Bob Morrison
fw log [-h] ... # Display logs
fw logswitch [-h target] [+|-][oldlog] # Create a new log file;
# the old log is moved
fw repairlog ... # Log index recreation
fw logexport [-h] ... # Export log to ascii
file
Post by Ray
Post by Bob Morrison
fw mergefiles ... # log files merger
fw gen [-RouterType [-import]] rule-base # Generate an inspection
# script or a router
access-list
fw dbexport [-h] ... # Export the database
fw ikecrypt <key> <password> # Crypt a secret with
a
Post by Ray
key
Post by Bob Morrison
# (for the dbexport
command)
Post by Bob Morrison
fw dbimport [-h] ... # Import to database
C:\>
===============================================================
Bob.
You tried all of the possible combinations except the correct one. :-)
fw unloadlocal
Ray
Post by Bob Morrison
Nope ... hope this screendump gives you some more clues, I'm at the
end
Post by Bob Morrison
of
Post by Bob Morrison
my rope ...
===============================================================
C:\WINNT\FW1\5.0\bin>fw ver
This is Check Point VPN-1(TM) & FireWall-1(R) NG Feature Pack 1
Build
Post by Ray
Post by Bob Morrison
51129
Post by Bob Morrison
C:\WINNT\FW1\5.0\bin>fwunloadlocal
'fwunloadlocal' is not recognized as an internal or external
command,
Post by Ray
Post by Bob Morrison
Post by Bob Morrison
operable program or batch file.
C:\WINNT\FW1\5.0\bin>fw unload local
Uninstall Security Policy from local: No license for remote
uninstall
Post by Ray
Post by Bob Morrison
Post by Bob Morrison
C:\WINNT\FW1\5.0\bin>fw unload
Uninstall: Must specify target(s)
C:\WINNT\FW1\5.0\bin>fw unload localhost
fwarp_initialize_myself: Cannot retrieve self object
fwarp_delete_entries_win2k: unable to initialize
Done.
C:\WINNT\FW1\5.0\bin>fw unload firewall
fwarp_initialize_myself: Cannot retrieve self object
fwarp_delete_entries_win2k: unable to initialize
Done.
C:\WINNT\FW1\5.0\bin>
===============================================================
Thanks! Bob
Post by David Clothier
on the machine, go to the $FWDIR and type: fwunloadlocal
it'll unload the security policy and allow you on.. or it should
Post by Bob Morrison
I can't get into the rulebase because I can't get into the
policy
Post by Ray
Post by Bob Morrison
editor
Post by Bob Morrison
Post by David Clothier
..
Post by Bob Morrison
Is there another way?
have you changed the IP address of the Firewall object
within
Post by Ray
the
Post by Bob Morrison
Post by Bob Morrison
Post by David Clothier
Post by Bob Morrison
rulebase???
that's more than likely the case here...
Post by Bob Morrison
I have just moved my Checkpoint NG FP1 server to a new
site
Post by Ray
and
Post by Bob Morrison
Post by Bob Morrison
Post by David Clothier
changed
Post by Bob Morrison
IP
Post by Bob Morrison
addresses ... have re-licensed, new licenses were accepted
fine
Post by Bob Morrison
in
Post by Bob Morrison
Post by David Clothier
Post by Bob Morrison
Post by Bob Morrison
Configuration gui, but I keep getting "No valid license
found
Post by Ray
in
Post by Bob Morrison
Post by Bob Morrison
Post by David Clothier
Post by Bob Morrison
Management
Post by Bob Morrison
Server "localhost" when trying to log on to policy editor.
I know password is OK because I got in to Policy Editor
before
Post by Ray
Post by Bob Morrison
Post by Bob Morrison
Post by David Clothier
changing
Post by Bob Morrison
IP
Post by Bob Morrison
addresses.
IP has been changed in Policy , on external NIC and in
license.
Post by Bob Morrison
Am
I
Post by Bob Morrison
Post by David Clothier
Post by Bob Morrison
missing
Post by Bob Morrison
something?
Thanks
Bob Morrison
Grand Cayman
Bob Morrison
2003-07-01 14:21:17 UTC
Permalink
Result: "Cannot unload an IP address, use module name instead."

I'm thinking reinstall ... :)
Post by Ray
<scratching head> Have you tried the internal IP instead of "localhost"?
Ray
No, they are located on the same PC ...
Post by Ray
Is the management server separate from the firewall? If so, you have to
run
Post by Ray
"fw unloadlocal" on the firewall box, not the management server. Use a
console cable, SSH or something.
Ray
Post by Bob Morrison
Ray,
===============================================================
Microsoft Windows 2000 [Version 5.00.2195]
(C) Copyright 1985-2000 Microsoft Corp.
C:\>fw unloadlocal
Unknown command "unloadlocal"
fw ver [-h] ... # Display version
fw kill [-sig_no] procname # Send signal to a
daemon
Post by Ray
Post by Bob Morrison
fw putkey ... # Client server keys
fw sam ... # Control sam server
fw load [opts] [filter-file|rule-base] targets # Install Policy on
targets
Post by Bob Morrison
fw unload [opts] targets # Uninstall targets
fw dbload [targets] # Download the
database
Post by Ray
Post by Bob Morrison
fw fetch targets # Fetch last policy
fw tab [-h] ... # Kernel tables
content
Post by Ray
Post by Bob Morrison
fw monitor [-h] ... # Monitor VPN-1/FW-1
traffic
Post by Bob Morrison
fw ctl [args] # Control kernel
fw lichosts # Display protected
hosts
Post by Ray
Post by Bob Morrison
fw log [-h] ... # Display logs
fw logswitch [-h target] [+|-][oldlog] # Create a new log
file;
Post by Ray
Post by Bob Morrison
# the old log is moved
fw repairlog ... # Log index recreation
fw logexport [-h] ... # Export log to ascii
file
Post by Ray
Post by Bob Morrison
fw mergefiles ... # log files merger
fw gen [-RouterType [-import]] rule-base # Generate an
inspection
Post by Ray
Post by Bob Morrison
# script or a router
access-list
fw dbexport [-h] ... # Export the database
fw ikecrypt <key> <password> # Crypt a secret with
a
Post by Ray
key
Post by Bob Morrison
# (for the dbexport
command)
Post by Bob Morrison
fw dbimport [-h] ... # Import to database
C:\>
===============================================================
Bob.
You tried all of the possible combinations except the correct one.
:-)
Post by Ray
Post by Bob Morrison
fw unloadlocal
Ray
Post by Bob Morrison
Nope ... hope this screendump gives you some more clues, I'm at
the
Post by Ray
end
Post by Bob Morrison
of
Post by Bob Morrison
my rope ...
===============================================================
C:\WINNT\FW1\5.0\bin>fw ver
This is Check Point VPN-1(TM) & FireWall-1(R) NG Feature Pack 1
Build
Post by Ray
Post by Bob Morrison
51129
Post by Bob Morrison
C:\WINNT\FW1\5.0\bin>fwunloadlocal
'fwunloadlocal' is not recognized as an internal or external
command,
Post by Ray
Post by Bob Morrison
Post by Bob Morrison
operable program or batch file.
C:\WINNT\FW1\5.0\bin>fw unload local
Uninstall Security Policy from local: No license for remote
uninstall
Post by Ray
Post by Bob Morrison
Post by Bob Morrison
C:\WINNT\FW1\5.0\bin>fw unload
Uninstall: Must specify target(s)
C:\WINNT\FW1\5.0\bin>fw unload localhost
fwarp_initialize_myself: Cannot retrieve self object
fwarp_delete_entries_win2k: unable to initialize
Done.
C:\WINNT\FW1\5.0\bin>fw unload firewall
fwarp_initialize_myself: Cannot retrieve self object
fwarp_delete_entries_win2k: unable to initialize
Done.
C:\WINNT\FW1\5.0\bin>
===============================================================
Thanks! Bob
Post by David Clothier
on the machine, go to the $FWDIR and type: fwunloadlocal
it'll unload the security policy and allow you on.. or it should
Post by Bob Morrison
I can't get into the rulebase because I can't get into the
policy
Post by Ray
Post by Bob Morrison
editor
Post by Bob Morrison
Post by David Clothier
..
Post by Bob Morrison
Is there another way?
have you changed the IP address of the Firewall object
within
Post by Ray
the
Post by Bob Morrison
Post by Bob Morrison
Post by David Clothier
Post by Bob Morrison
rulebase???
that's more than likely the case here...
Post by Bob Morrison
I have just moved my Checkpoint NG FP1 server to a new
site
Post by Ray
and
Post by Bob Morrison
Post by Bob Morrison
Post by David Clothier
changed
Post by Bob Morrison
IP
Post by Bob Morrison
addresses ... have re-licensed, new licenses were accepted
fine
Post by Bob Morrison
in
Post by Bob Morrison
Post by David Clothier
Post by Bob Morrison
Post by Bob Morrison
Configuration gui, but I keep getting "No valid license
found
Post by Ray
in
Post by Bob Morrison
Post by Bob Morrison
Post by David Clothier
Post by Bob Morrison
Management
Post by Bob Morrison
Server "localhost" when trying to log on to policy editor.
I know password is OK because I got in to Policy Editor
before
Post by Ray
Post by Bob Morrison
Post by Bob Morrison
Post by David Clothier
changing
Post by Bob Morrison
IP
Post by Bob Morrison
addresses.
IP has been changed in Policy , on external NIC and in
license.
Post by Bob Morrison
Am
I
Post by Bob Morrison
Post by David Clothier
Post by Bob Morrison
missing
Post by Bob Morrison
something?
Thanks
Bob Morrison
Grand Cayman
Pascal - ja nog een ja
2003-07-02 10:28:44 UTC
Permalink
OK, here's some good news ... I got the firewall module to uninstall
... problem was that not all network cards were connected to devices,
once i hooked all cables up to hubs it worked.
Bad news ... still cannot log onto Policy Editor (same error ...no
valid license found ...)
use CPconfig to apply the license to the managment server as the GUI
does not facilitate that too well.
No, don't use CPConfig, use SmartUpdate :)
Even if your license is "expired" or not valid, you should be able to
login to your management server using SmartUpdate. This way you can
easily use central licensing on the machine.

SmartUpdate is a client, just in case...

Greets
Pascal
"Rick Hardy" @remove>
2003-06-30 21:13:11 UTC
Permalink
Are you saying that the management server is not licensed? I haven't worked
with NG, but on 4.1, you would do an 'fw putlic', with the proper parameters
to add a license, or fw 'printlic' to view the license.

Does NG have the same type of command line options?? I rarely used the GUI
for things like licenses, and keys. I always prefered the manual command
line option, as it seemed to be more reliabe.
Post by Bob Morrison
I have just moved my Checkpoint NG FP1 server to a new site and changed IP
addresses ... have re-licensed, new licenses were accepted fine in
Configuration gui, but I keep getting "No valid license found in Management
Server "localhost" when trying to log on to policy editor.
I know password is OK because I got in to Policy Editor before changing IP
addresses.
IP has been changed in Policy , on external NIC and in license. Am I missing
something?
Thanks
Bob Morrison
Grand Cayman
Ray
2003-07-01 12:33:46 UTC
Permalink
On NG, when the management server is separate from the firewall, you usually
put the licenses on the management server IP, not the firewall. This makes
it easy to re-IP the firewall or to manage multiple firewalls from the same
management server. The NG GUI for licensing is very good.


Ray
Post by "Rick Hardy" @remove>
Are you saying that the management server is not licensed? I haven't worked
with NG, but on 4.1, you would do an 'fw putlic', with the proper parameters
to add a license, or fw 'printlic' to view the license.
Does NG have the same type of command line options?? I rarely used the GUI
for things like licenses, and keys. I always prefered the manual command
line option, as it seemed to be more reliabe.
Post by Bob Morrison
I have just moved my Checkpoint NG FP1 server to a new site and changed IP
addresses ... have re-licensed, new licenses were accepted fine in
Configuration gui, but I keep getting "No valid license found in
Management
Post by Bob Morrison
Server "localhost" when trying to log on to policy editor.
I know password is OK because I got in to Policy Editor before changing IP
addresses.
IP has been changed in Policy , on external NIC and in license. Am I
missing
Post by Bob Morrison
something?
Thanks
Bob Morrison
Grand Cayman
David Barker
2003-07-15 13:32:44 UTC
Permalink
Sound like you're trying to run Check Point Enterprise with the small office
license. Currently the latest version of Small Office Web Edition is FP2.
You can't run the enterprise product with the small office license.

"Effective immediately, VPN-1/FireWall-1 SmallOffice gateways no longer
include SmartCenter-1. For single gateway management, customers deploying
VPN-1 SmallOffice Web Edition can use the included Web-based management for
simple firewall and site-to-site VPN management. The Web edition deploys on
appliances, Linux open servers and SecurePlatform. Customers deploying VPN-1
SmallOffice Standard Edition and those preferring more sophisticated
management capabilities can order SmartCenter-1 from the price list."
I'm having similar problems on SecurePlatform NG AI with a SmallOffice
License.
No Valid license found in SmartCenter Server: 'xxx.xxx.xxx.xxx'
This is a new installation and I've tried several reinstallations with no
luck. I've tried appliing the license both with the SmartUpdate GUI and
the
command line, also both local and central licensing has been tried.
The firewall is resolving it's own IP address to the external and licensed
interface... If I remove all licenses and just run on a Eval license
everything works just fine.
This setup is a stand alone management and module on same box.
CPVP-VSO-50-NG and CPVP-VSC-25-NG
Anyone? I'm really lost for ideas on this one...
Best regards,
Jan-Ivar Hansen
iTet AS, Norway
Post by Bob Morrison
I have just moved my Checkpoint NG FP1 server to a new site and changed IP
addresses ... have re-licensed, new licenses were accepted fine in
Configuration gui, but I keep getting "No valid license found in
Management
Post by Bob Morrison
Server "localhost" when trying to log on to policy editor.
I know password is OK because I got in to Policy Editor before changing IP
addresses.
IP has been changed in Policy , on external NIC and in license. Am I
missing
Post by Bob Morrison
something?
Thanks
Bob Morrison
Grand Cayman
Continue reading on narkive:
Loading...