Troubleshooting guide
Chapter 11 Troubleshooting Licensing Check Point Licensing Policy
Advanced Technical Reference Guide 4.1 • June 2000 119
Licensing Example 2: Multiple VPN-1/FireWall-1 Gateways
The configuration below shows a network with two FireWall-1 installations: one providing Internet security,
and a second delivering intranet security.
VPN-1/FireWall-1 licensing is based on the total number of protected nodes in the organization. This total
includes all nodes connected to a trusted (internal) network either directly, or indirectly via nested subnets
linked by routers, FireWalled gateways, etc. For the network shown, the intranet FireWall-1 gateway requires a
license that will support “N” nodes. The Internet FireWall-1 gateway requires a license that will protect the total
number of internal nodes: “N+n+1” nodes. The one additional node accounts for the Intranet VPN/FireWall
machine.
Node N
Node A Node B
FW-1Node 1Node 2Node n
FW-1
Intranet
Firewall
Internet Firewall
Router
External Network
Figure 2. Multiple VPN-1/FireWall-1 Gateway Licensing requirements
Licensing Example 3: intermediate proxy behind the VPN-1/FireWall-1 Gateway
The diagram below shows a network that includes a proxy performing network address translation for the
internal nodes.
Node n
Node 2 Node 1
FW-1/
VPN-1
Internal IP
addresses
hidden by the
proxy
Proxy
External Network
Figure 3. Licencing requirements with intermediate proxy behind the VPN-1/FireWall-1 Gateway