Difference between revisions of "smartupdate license repository commands"

From cpwiki.net
Jump to: navigation, search
Check Point Profressional Services
(add local or attach license remotely)
(cplic del - delete license from repo)
 
(19 intermediate revisions by one user not shown)
Line 3: Line 3:
 
taken from R77 CP_R77_CLI_ReferenceGuide.pdf
 
taken from R77 CP_R77_CLI_ReferenceGuide.pdf
  
==Print licenses in database/repository==
+
=='''cplic db_print''' - Print licenses in database/repository==
 +
'''Description'''
 +
Displays the details of Check Point licenses stored in the license repository on the Security
 +
Management Server.
 
  cplic db_print <object name | -all> [-n noheader] [-x print signatures] [-t type] [-a attached]
 
  cplic db_print <object name | -all> [-n noheader] [-x print signatures] [-t type] [-a attached]
  
==add license to device or repository==
+
=='''cplic db_add''' - add license to device or repository==
'''cplic db_add'''
+
'''Description'''
cplic db_add < -l license-file | host expiration-date signature SKU/features >
+
<br>'''Description'''
+
 
Used to add one or more licenses to the license repository on the Security Management server. When local license are added to the license repository, they are automatically attached to its intended Check Point gateway, '''central licenses need to undergo the attachment process(using cplic put)'''.
 
Used to add one or more licenses to the license repository on the Security Management server. When local license are added to the license repository, they are automatically attached to its intended Check Point gateway, '''central licenses need to undergo the attachment process(using cplic put)'''.
 +
cplic db_add < -l license-file | host expiration-date signature SKU/features >
  
==retrieve/sync repo with remote gateways==
+
=='''cplic get''' - retrieve/sync repo with remote gateways==
'''cplic get'''
+
'''Description '''
<br>'''Description '''
+
 
The cplic get command retrieves all licenses from a Security Gateway (or from all Security Gateways) into the license repository on the Security Management Server. '''This command helps you to synchronize the repository with the Check Point Security Gateways'''. When the command is run, all local changes are updated.
 
The cplic get command retrieves all licenses from a Security Gateway (or from all Security Gateways) into the license repository on the Security Management Server. '''This command helps you to synchronize the repository with the Check Point Security Gateways'''. When the command is run, all local changes are updated.
 +
cplic get {<ipaddr>|<hostname>|-all} [-v41]
 +
<br>example: pretend there was a hardware failure, and RMA was performed, the new firewall is up and running backup config produced by clish "show configuration" as run on the failed device prior to failure. the backup config doesn't include the license. this is the job of the license repository/database on the management device (smartcenter or provider-1 CMA). however; it will show as attached to the firewall because that was the last license status before the failure. so, to "detach" it in the repo we can run the command as follows...
 +
<br><br>[Expert@chkpmgr1:0]# '''cplic get chkpfw1'''
 +
<br> Getting licenses from chkpfw1 ...
 +
<br>chkpfw1:
 +
<br>Retrieved 1 licenses
 +
<br>Detached  1 licenses
 +
<br>Removed  0 licenses
  
==add local or attach license remotely==
+
=='''cplic put''' - add local or attach license remotely==
'''cplic put'''
+
 
<br>'''Description '''
 
<br>'''Description '''
 
Use the cplic put command to attach one or more central or local license remotely. When this command is executed, the license repository is also updated.
 
Use the cplic put command to attach one or more central or local license remotely. When this command is executed, the license repository is also updated.
 
 
  cplic put <object name> [-ip dynamic ip] [-F <output file>] -l <license-file> [<host>] [<expiration date>] [<signature>] [<SKU/feature>
 
  cplic put <object name> [-ip dynamic ip] [-F <output file>] -l <license-file> [<host>] [<expiration date>] [<signature>] [<SKU/feature>
  
 +
=='''cplic del''' - delete license from repo==
 +
'''WARNING - use with care! deleting a license from an online gateway can cause an outage.'''
 +
<br>'''Description'''
 +
Delete a single Check Point license on a host, including unwanted evaluation, expired, and other licenses. Used for both local and remote machines
 +
  cplic del [-F <output file>] <signature> <object name>
  
'''Remove license from database'''
 
cplic db_rm <signature>
 
  
 +
[[category:license]]
  
 +
[[category:cli]]
  
 
+
[[category:smartupdate]]
 
+
 
+
[[category:license]]
+

Latest revision as of 12:51, 23 June 2018

License Database/repository Operations:

taken from R77 CP_R77_CLI_ReferenceGuide.pdf

Contents

cplic db_print - Print licenses in database/repository

Description Displays the details of Check Point licenses stored in the license repository on the Security Management Server.

cplic db_print <object name | -all> [-n noheader] [-x print signatures] [-t type] [-a attached]

cplic db_add - add license to device or repository

Description Used to add one or more licenses to the license repository on the Security Management server. When local license are added to the license repository, they are automatically attached to its intended Check Point gateway, central licenses need to undergo the attachment process(using cplic put).

cplic db_add < -l license-file | host expiration-date signature SKU/features >

cplic get - retrieve/sync repo with remote gateways

Description The cplic get command retrieves all licenses from a Security Gateway (or from all Security Gateways) into the license repository on the Security Management Server. This command helps you to synchronize the repository with the Check Point Security Gateways. When the command is run, all local changes are updated.

cplic get {<ipaddr>|<hostname>|-all} [-v41]


example: pretend there was a hardware failure, and RMA was performed, the new firewall is up and running backup config produced by clish "show configuration" as run on the failed device prior to failure. the backup config doesn't include the license. this is the job of the license repository/database on the management device (smartcenter or provider-1 CMA). however; it will show as attached to the firewall because that was the last license status before the failure. so, to "detach" it in the repo we can run the command as follows...

[Expert@chkpmgr1:0]# cplic get chkpfw1
Getting licenses from chkpfw1 ...
chkpfw1:
Retrieved 1 licenses
Detached 1 licenses
Removed 0 licenses

cplic put - add local or attach license remotely


Description Use the cplic put command to attach one or more central or local license remotely. When this command is executed, the license repository is also updated.

cplic put <object name> [-ip dynamic ip] [-F <output file>] -l <license-file> [<host>] [<expiration date>] [<signature>] [<SKU/feature>

cplic del - delete license from repo

WARNING - use with care! deleting a license from an online gateway can cause an outage.
Description Delete a single Check Point license on a host, including unwanted evaluation, expired, and other licenses. Used for both local and remote machines

 cplic del [-F <output file>] <signature> <object name>