Tài liệu Provider-1™ NGX R65 License Upgrade Guide Release Notes docx

pv1_license_upgrade The pv1_license_upgrade command line tool is used to perform license upgrade for Provider-1.. license_upgrade The license_upgrade command line tool is used to perform

Trang 1

Provider-1™ NGX R65 License Upgrade Guide Release Notes

February 28, 2007

In This Document

Overview

It is highly recommended to upgrade all Provider-1™/SiteManager-1™ NG licenses to NGX R65 licenses before upgrading software Provider-1/SiteManager-1 NGX R65 with licenses from previous versions will not function

Licenses for versions prior to NG cannot be upgraded directly to NGX R65 In such a case, you must first upgrade to NG and then upgrade the licenses from NG to NGX R65 licenses

This document will describe the steps required for upgrading Provider-1/SiteManager-1 licenses to NGX R65, as part of the software Upgrade procedure

Software Subscription Requirements

Provider-1 License Upgrade Flow for an MDS Server with Internet Connection page 4

Trang 2

Before You Begin

In the Accounts page, Enterprise Contract column, and in the Products page,

Subscription and Support column, if the account or product is covered, the expiration

date is shown Otherwise, the entry says Join Now, with a link that accesses a quote for

purchasing Enterprise Support

You can purchase an Enterprise Software Subscription for the whole account, in which case all the products in the account will be covered, or you can purchase an Enterprise Software Subscription for individual products

Before You Begin

Before performing a Provider-1/SiteManager-1 license upgrade, it is recommended that you check http://www.checkpoint.com/techsupport/ngx/license_upgrade.html for up to date information and downloads regarding the NGX R65 license upgrade

Supported Versions for Upgrade

For the latest information about supported versions, refer to the NGX R65 Release

Notes.

If your current installation cannot be upgraded directly to NGX R65, you should first upgrade to either R55 or VSX NG AI R2 for VSX installations

pv1_license_upgrade

The pv1_license_upgrade command line tool is used to perform license upgrade for Provider-1

When the tool is run on the MDS, upgraded licenses are obtained from the Check Point User Center Web site for the MDS and for all the CMAs on the MDS This tool makes it simple to automatically upgrade licenses without having to do so manually through the User Center

The pv1_license_upgrade tool is located in:

• Provider-1 NGX R65 CD at: <platform>/LicenseUpgrade/

• NGX R65 installation at: /opt/CPmds-R62/system/license_upgrade/

It is recommended that you check

http://www.checkpoint.com/techsupport/ngx/license_upgrade.html for up to date

information and downloads regarding the NGX R65 license upgrade

Trang 3

license_upgrade

The license_upgrade command line tool is used to perform license upgrade for a single CMA This is the same tool as that used to perform a license upgrade in SmartCenter environments

The license_upgrade tool is located in:

It is recommended that you check

http://www.checkpoint.com/techsupport/ngx/license_upgrade.html for up to date information and downloads regarding the NGX R65 license upgrade

Running the licence_upgrade command line tool displays a menu with a number of options To see all the options, run: license_upgrade

License Upgrade Tool Options

Table 1

Option Definition

[L] View the licenses installed on your machine.

[S] Sends existing licenses to the User Center Web site to simulate the license

upgrade in order to verify that it can be performed A real upgrade is not performed and new licenses are not returned.

[U] Sends existing licenses to the User Center Web site to perform an upgrade (by

default, in online mode) and installs them on the machine.

[C] Reports whether or not there are licenses on the machine that need to be

upgraded.

[O] Performs a license upgrade on a license file that was generated on a machine

with no Internet access to the User Center.

[V] Enables you to view a log of the last license upgrade or the last upgrade

simulation.

Trang 4

Provider-1 License Upgrade Flow for an MDS Server with Internet Connection

Provider-1 License Upgrade Flow for an MDS Server with Internet Connection

Verify whether a license upgrade is required by running the console command

pv1_license_upgrade status For detailed information refer to License Upgrade of the Entire System prior to a Software Upgrade page 5

Trang 5

License Upgrade of the Entire System prior to a Software Upgrade

License Upgrade of the Entire System prior to a Software Upgrade

If a license upgrade is performed before the software upgrade, Check Point products will generate warning messages until all the software on the machine has been

upgraded

In This Section

Before Upgrading Licenses

1 Copy the pv1_license_upgrade and license_upgrade tools and the clic executable

to the MDS version NG machine

These tools are located in the following directories and should be saved in the same location on the MDS version NG machine:

It is recommended that you check http://www.checkpoint.com/techsupport/ngx/license_upgrade.html for up to date information and downloads regarding the NGX R65 license upgrade

2 To run the pv1_license_upgrade tool, please make sure you have root permissions, and that you are in an MDS environment In order to switch to MDS environment run: mdsenv

3 Verify whether a license upgrade is required by running the console command

pv1_license_upgrade status This step reports whether or not there are licenses on the machine that need to be upgraded

After Completing the License Upgrade Process page 8

Trang 6

Upgrade Licenses

Upgrade Licenses

4 When upgrading a license you must perform different steps when an MDS has Internet connectivity and when an MDS does not have Internet connectivity

When an MDS machine has Internet connectivity:

Run the following command line tool on the MDS On SecurePlatform, you must be

in expert mode

• If the MDS is directly connected to the Internet run: pv1_license_upgrade upgrade

• If the MDS is connected to the Internet via a proxy run

pv1_license_upgrade upgrade -y <proxy:port> -w <user_name:pwd> The proxy port number is optional Username and password (if any) are intended for the proxy machine

This step performs the following:

• Collects all the licenses that exist on the MDS machine

• Verifies that all licenses can be upgraded, both for MDS and CMAs

• Fetches updated licenses from the User Center

• Builds a temporary cache file containing the NGX R65 licenses

• Installs upgraded licenses for the MDS and CMAs

When an MDS machine does not have Internet connectivity:

1 On the offline MDS, run the following command line tool:

pv1_license_upgrade export -z <package_file>

On SecurePlatform, run the command in expert mode

The export command packs all licenses on the machine, for all CMAs and the MDS into a single package file

2 Copy the package file (containing the licenses) from the offline MDS to the online machine The online machine does not need to be a Check

Point-installed machine

3 Copy the license_upgrade tool to the online machine and perform one of the following:

• Run the license_upgrade line tool on the online machine:

If the online machine is directly connected to the User Center, run:

license_upgrade upgrade -i <input_file> -c <cache_file>

Trang 7

Upgrade Licenses

If the online machine is connected to the User Center via a proxy, run:

license_upgrade upgrade -y <proxy:port> -w <user_name:pwd> -i

<input_file> -c <cache_file>

Where <input_file> is the package file that is the result of the export operation

• Run the license_upgrade tool on the online machine (wizard mode):

- Press [O] to run the upgrade operation in offline mode

- Enter the name of the exported file with the location of the package file that is the result of the export operation

- Enter the name of the file that will be created with all the upgraded licenses (cache file name)

- Press [Y] when asked "Is this machine connected to the Internet?"

- Press [Y] if you are connected to the internet via a proxy and supply the proxy IP port and username password

- Press [N] if you are not connected via proxy and continue with the upgrade

- Enter the username and password of your User Center Account

This step fetches new licenses from the User Center and puts them in a cache file

4 Copy the cache file (with the new licenses) back to the offline MDS machine

5 Start the MDS in the root shell by running

mdsenv mdsstart

6 Run the following command line on the offline MDS:

pv1_license_upgrade import -c <cache_file>

Where <cache_file> is the file that is the result of the upgrade operation performed on the online machine

As a result, the new CMA and MDS licenses are imported to the MDS

Trang 8

After Completing the License Upgrade Process

After Completing the License Upgrade Process

5 Review the log files from the online machine and the offline machine

When running the pv1_license_upgrade tool the log files are located under

$FWDIR/log/<operation_name>/, where operation name can be upgrade, import, export, status, or simulate

When running the license upgrade tool the log files are located under: $CPDIR/log This log file is generated for the last operation performed

Note:

• License upgrade will fail for products and accounts for which you do not have software subscription

• License upgrade will fail for evaluations

• The following MDS Pro Add-ons are not supported via the pv1_license_upgrade tool:

Table 2

Pro Add-Ons for MDS

10 NG CPPR-PRO-10-NG

Table 3

LS for Pro Add-Ons for MDS

10 NG LS-CPPR-PRO-10-NG

Trang 9

After Completing the License Upgrade Process

To upgrade Pro Add-on licenses:

a) Save the following information:

* Log Files generated by the tool

The location of the files is printed to the screen when running the

pv1_license_upgrade tool

For example, when running pv1_license_upgrade upgrade, part of the output appears as follows:

See details in log files:

- Upgrade operation logs can be viewed at:

/opt/CPmds-R62/log/upgrade/license_upgrade.log

- Import operation logs can be viewed at:

/opt/CPmds-R62/log/import/license_upgrade.log

- Detailed log of the license upgrade tool can be viewed at: /opt/CPmds-R62/log/pv1_license_upgrade.log

* Cache file - $CPDIR/conf/lic_cache.C This file is generated when running pv1_license_upgrade upgrade

b) Contact Account Services at US +1 817 606 6600, option 7 Or, e-mail AccountServices@ts.checkpoint.com, and provide them with the above information

• The Standby CMA repository can not be updated The Standby CMA repository

is in a read only mode Therefore, it is impossible to see the updated licenses

in the SmartUpdate View until the two HA CMAs are synchronized

6 If the license upgrade fails for only one CMA, it is possible to perform

license_upgrade on a single CMA (refer to License Upgrade for a Single CMA

page 10 for more details).

7 Perform the software upgrade to NGX R65 on the MDS Manager, MDS Container, and the MDG

8 Start the MDS by running

mdsenv mdsstart

9 To verify that all the CMAs are running, run:

mdsenv

Trang 10

License Upgrade for a Single CMA

The default cache file location is $CPDIR/conf/lic_cache.C This step imports the NGX R65 licenses from the cache file to the CMA Repositories of every CMA

11 Perform the software upgrade to NGX R65 on the enforcement module machine(s) This step is optional since NGX R65 management can manage the NG version of enforcement points

12 Connect to the MDS using the MDG SmartUpdate component, and for each CMA, delete all obsolete licenses from NGX R65 gateways (Optional)

13 In an MDS HA environment, as an alternative to running pv1_license_upgrade upgrade on all MDSs, you can use the cache file generated on one MDS, on other MDSs, by copying it to the other MDSs and running:

pv1_license_upgrade import -c <cache file name>

This step imports the NGX R65 licenses from the cache file to the CMA Repositories of every CMA

License Upgrade for a Single CMA

In This Section

Before Upgrading Licenses

1 Copy the pv1_license_upgrade and the license_upgrade tools and the clic

executable to the MDS version NG machine

These tools are located in the following directories and should be saved in the same location on the MDS version NG machine:

It is recommended that you check http://www.checkpoint.com/techsupport/ngx/license_upgrade.html for up to date information and downloads regarding the NGX R65 license upgrade

2 At the MDS machine, please make sure you have root permissions and that you are

in a single CMA environment To switch to the CMA environment run:

mdsenv <cma_name>

After Completing the License Upgrade Process page 13

Trang 11

Upgrade Licenses

Upgrade Licenses

3 When upgrading a license you must perform different steps when an MDS has Internet connectivity and when an MDS does not have Internet connectivity

When an MDS machine has Internet connectivity:

Perform one of the following:

• Run the following command at the MDS:

- If the MDS machine is directly connected to the Internet run:

license_upgrade upgrade

- If the MDS machine is connected to the Internet via a proxy run:

license_upgrade upgrade -y <proxy:port> -w <user_name:pwd> The proxy port number is optional Username and password (if any) are intended for the proxy machine

• Run the license_upgrade tool at the online machine (wizard mode):

- Press [U] to perform a license upgrade

- Press [Y] when asked "Is this machine connected to the Internet?"

- Press [Y] if you are connected to the internet via a proxy and supply the proxy

IP port and username password

- Press [N] if you are not connected via proxy and continue with the upgrade

- Enter the user and password of your User Center Account

This step performs the following:

• Collects all the licenses that exist on the CMA

• Fetches updated licenses from the User Center

• Installs an upgraded license for the CMA, and saves upgraded CMA Repository licenses on the CMA

When an MDS machine does not have Internet connectivity:

1 Copy the licenses from this machine to a file using one of the following methods

On SecurePlatform, run the command in expert mode and perform one of the following:

• Run the following command line tool at the offline target machine:

Trang 12

Upgrade Licenses

- Press [E] to copy the licenses to a license file

- Enter the name of the license package file that will be created

- Press [Q] to quit the license upgrade tool

This step packs all licenses on the machine into a single package file

2 Copy the output file package (containing the licenses) from the offline target machine to any online machine The online machine does not need to be a Check Point-installed machine

3 Copy the license_upgrade tool to the online machine

4 Run the command line tool at the online machine:

• If the online machine is directly connected to the User Center, run:

license_upgrade upgrade -i <input_file> -c <cache_file>

• If the online machine is connected to the User Center via a proxy perform one of the following:

- Run: license_upgrade upgrade -y <proxy:port> -w <user_name:pwd> -i <input_file> -c <cache_file>

Where <input_file> is the package file that is the result of the export operation

- Run the license_upgrade tool at the online machine (wizard mode):

• Press [O] to run the upgrade operation in offline mode

• Enter the name of the exported file with the location of the package file that

is the result of the export operation

• Enter the name of the file that will be created with all the upgraded licenses (output file name)

• Press [Y] when asked "Is this machine connected to the Internet?"

• Press [Y] if you are connected to the internet via a proxy and supply the proxy IP port and username password

• Press [N] if you are not connected via proxy and continue with the upgrade

• Enter the username and password of your User Center Account

This step fetches new licenses from the User Center and puts them in a cache file

5 Copy the cache file (with the new CMA licenses) to the offline target machine

Tiêu đề	Provider-1 NGX R65 license upgrade guide release notes
Thể loại	Release notes
Năm xuất bản	2007

Định dạng
Số trang	13
Dung lượng	125,51 KB