Troubleshooting guide

ManualsBrandsBay Networks ManualsComputer equipmentBayRS

121

122

123

124

125

126

127

128

129

130

Chapter 11 Troubleshooting Licensing Resolving Common Licensing Problems

Advanced Technical Reference Guide 4.1 • June 2000 125

There is a new file on VPN-1/FireWall-1 4.1 on NT and UNIX called $FWDIR/conf/cp.macro. It contains

mapping between product SKUs and license features and grouping of features.

Error: "Failed to add license" when trying to add license via the GUI

or "fw putlic" command

The cause for these messages could be one of the following:

1. The license may have been mistyped

2. There are occasionally problems when installing licenses from the GUI

Check your license, and the “fw putlic” command you performed. Note that ‘I’, ‘l’ and ‘1’ are different

characters, and so are ‘0’, ‘O’ and ‘o’.

Also make sure you did not omit any of the features in the feature list.

Try installing the license using the command line ("fw putlic"), which is more reliable.

If the problem is still not solved, contact the Check Point licensing center and ask them to issue a new license.

Inform them that previous license is faulty.

Error:"Nolicensefor<feature>"whentryingtodosomeaction

Usually, the error is due to the fact that the license is issued for the wrong host-id/IP-address

Look at the outputs of: fw printlic , fw printlic -k, fw checklic <feature> and fw

checklic -k feature.

Check these outputs to see if you have this feature both in the license file and in the kernel. If you do not have

the appropriate license, contact your reseller (or

license@checkpoint.com, if you are entitled to direct

support) to obtain one.

In case of an IP address-based license: the IP address should be the one to which the host name is resolved. If

this is an encryption license, it should have the IP address of the interface on which encryption takes place. If

the feature exists in the license file, but does not exist in the kernel, issue fw putlic -k.

If all the license features seem to exist everywhere, and these messages still appear, run the action that you were

trying to perform in debug mode (e.g. fwm –d, fwd -d, fw load -d) and send the debug output to

Check Point Technical Support. This will let them check why FireWall-1 thinks the license is invalid when

performing this action

Error:"Nolicenseforfwm"whentryingtoopenaGUIclient.

In case of a motif GUI, you should obtain a motif license. You can get it for free on

http://license.checkpoint.com by providing your certificate key. You need to get this license for the

Management's IP address.

In case this is a Windows GUI, the feature needed is control. Check if you have that feature, as specified in

Error: "No license for <feature>" when trying to do some action

Error: "No license for encryption", even though no encryption is used

If you are using distributed management (the management station is not on the same machine as the

VPN/FireWall module), you should edit the lib/control.map file on both sides, and replace every

occurrence of fwa1 with skey .

You will still get some messages at startup (that is, whenever fwd is started - on boot-time or fwstart), but

these are just warnings that can be ignored.