[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[FW1] Licensing FW-1 High Availability




If I already have two firewall module licenses, and I want to add the FW-1
HA  module to allow these two firewall modules to provide a single HA
firewall, should I

(a) purchase an HA upgrade license, or
(b) purchase a (non-upgrade) HA license, or
(c) purchase two of either (a) or (b)?

Once I have the correct license(s), do I register a single certificate key
for HA against the external HA non-unique IP address (on multiple modules),
or multiple certificate keys for HA against the individual external IP
addresses of the firewall modules? (This presumably depends on the answer of
the previous question.)

If the firewall module licenses are limited node licenses, and I've chosen
to register the Internet-facing firewall module interface as the external
interface, CheckPoint's licensing scheme says that I should add the number
of nodes on all the other interfaces. However, the HA interfaces will be the
ones facing the Internet, not the "external" interface I used for the
license. This means it's impossible to have a limited node license on a
highly available firewall setup. This doesn't seem right.

Do I have to use the external address when I define a firewall module in the
management station?

The licensing situation is confusing enough without HA thrown in.

PJDM
----
Peter Mayne, Compaq Computer Australia, Canberra, ACT
These are my opinions, and have nothing to do with Compaq.
Never express yourself more clearly than you are able to think. - Niels Bohr



================================================================================
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
================================================================================