Difference between revisions of "smartupdate license repository commands"
(→cplic del - delete license from repo) |
|||
(23 intermediate revisions by one user not shown) | |||
Line 1: | Line 1: | ||
− | License Database Operations: | + | License Database/repository Operations: |
− | + | ||
− | + | taken from R77 CP_R77_CLI_ReferenceGuide.pdf | |
− | + | ||
− | ''' | + | =='''cplic db_print''' - Print licenses in database/repository== |
+ | '''Description''' | ||
+ | Displays the details of Check Point licenses stored in the license repository on the Security | ||
+ | Management Server. | ||
+ | cplic db_print <object name | -all> [-n noheader] [-x print signatures] [-t type] [-a attached] | ||
+ | |||
+ | =='''cplic db_add''' - add license to device or repository== | ||
+ | '''Description''' | ||
+ | Used to add one or more licenses to the license repository on the Security Management server. When local license are added to the license repository, they are automatically attached to its intended Check Point gateway, '''central licenses need to undergo the attachment process(using cplic put)'''. | ||
cplic db_add < -l license-file | host expiration-date signature SKU/features > | cplic db_add < -l license-file | host expiration-date signature SKU/features > | ||
− | ''' | + | =='''cplic get''' - retrieve/sync repo with remote gateways== |
− | cplic | + | '''Description ''' |
+ | The cplic get command retrieves all licenses from a Security Gateway (or from all Security Gateways) into the license repository on the Security Management Server. '''This command helps you to synchronize the repository with the Check Point Security Gateways'''. When the command is run, all local changes are updated. | ||
+ | cplic get {<ipaddr>|<hostname>|-all} [-v41] | ||
+ | <br>example: pretend there was a hardware failure, and RMA was performed, the new firewall is up and running backup config produced by clish "show configuration" as run on the failed device prior to failure. the backup config doesn't include the license. this is the job of the license repository/database on the management device (smartcenter or provider-1 CMA). however; it will show as attached to the firewall because that was the last license status before the failure. so, to "detach" it in the repo we can run the command as follows... | ||
+ | <br><br>[Expert@chkpmgr1:0]# '''cplic get chkpfw1''' | ||
+ | <br> Getting licenses from chkpfw1 ... | ||
+ | <br>chkpfw1: | ||
+ | <br>Retrieved 1 licenses | ||
+ | <br>Detached 1 licenses | ||
+ | <br>Removed 0 licenses | ||
+ | |||
+ | =='''cplic put''' - add local or attach license remotely== | ||
+ | <br>'''Description ''' | ||
+ | Use the cplic put command to attach one or more central or local license remotely. When this command is executed, the license repository is also updated. | ||
+ | cplic put <object name> [-ip dynamic ip] [-F <output file>] -l <license-file> [<host>] [<expiration date>] [<signature>] [<SKU/feature> | ||
+ | |||
+ | =='''cplic del''' - delete license from repo== | ||
+ | '''WARNING - use with care! deleting a license from an online gateway can cause an outage.''' | ||
+ | <br>'''Description''' | ||
+ | Delete a single Check Point license on a host, including unwanted evaluation, expired, and other licenses. Used for both local and remote machines | ||
+ | cplic del [-F <output file>] <signature> <object name> | ||
− | |||
− | |||
[[category:license]] | [[category:license]] | ||
+ | |||
+ | [[category:cli]] | ||
+ | |||
+ | [[category:smartupdate]] |
Latest revision as of 12:51, 23 June 2018
License Database/repository Operations:
taken from R77 CP_R77_CLI_ReferenceGuide.pdf
Contents |
cplic db_print - Print licenses in database/repository
Description Displays the details of Check Point licenses stored in the license repository on the Security Management Server.
cplic db_print <object name | -all> [-n noheader] [-x print signatures] [-t type] [-a attached]
cplic db_add - add license to device or repository
Description Used to add one or more licenses to the license repository on the Security Management server. When local license are added to the license repository, they are automatically attached to its intended Check Point gateway, central licenses need to undergo the attachment process(using cplic put).
cplic db_add < -l license-file | host expiration-date signature SKU/features >
cplic get - retrieve/sync repo with remote gateways
Description The cplic get command retrieves all licenses from a Security Gateway (or from all Security Gateways) into the license repository on the Security Management Server. This command helps you to synchronize the repository with the Check Point Security Gateways. When the command is run, all local changes are updated.
cplic get {<ipaddr>|<hostname>|-all} [-v41]
example: pretend there was a hardware failure, and RMA was performed, the new firewall is up and running backup config produced by clish "show configuration" as run on the failed device prior to failure. the backup config doesn't include the license. this is the job of the license repository/database on the management device (smartcenter or provider-1 CMA). however; it will show as attached to the firewall because that was the last license status before the failure. so, to "detach" it in the repo we can run the command as follows...
[Expert@chkpmgr1:0]# cplic get chkpfw1
Getting licenses from chkpfw1 ...
chkpfw1:
Retrieved 1 licenses
Detached 1 licenses
Removed 0 licenses
cplic put - add local or attach license remotely
Description
Use the cplic put command to attach one or more central or local license remotely. When this command is executed, the license repository is also updated.
cplic put <object name> [-ip dynamic ip] [-F <output file>] -l <license-file> [<host>] [<expiration date>] [<signature>] [<SKU/feature>
cplic del - delete license from repo
WARNING - use with care! deleting a license from an online gateway can cause an outage.
Description
Delete a single Check Point license on a host, including unwanted evaluation, expired, and other licenses. Used for both local and remote machines
cplic del [-F <output file>] <signature> <object name>