Somewhat OT - Firewall Licencing

Discussion in 'Windows Networking' started by TheScullster, Feb 29, 2008.

  1. TheScullster

    TheScullster Guest

    Hi all

    We have been using a Checkpoint Firewall for a few years and the licencing
    method is a pain.
    Do all firewalls work in the same way?


    Our firewall is licenced for 50 users.
    However, instead of considering the number of concurrent users, it simply
    stores all ip addresses that have used the device.
    This means that:
    a) the DHCP scope has to be real tight to avoid any overspill
    b) when you want to retire one piece of kit and replace with another, you
    can't afford the luxury of overlap and have to re-assign static ips on
    change over

    Maybe I'm just tight, but the current setup seems so inflexible.
    I get the ISP emailing to say we are over our allocated licence level, but
    if I get their tech department to check genuine on-going usage we are always
    well below the 50 limit.

    TheScullster, Feb 29, 2008
    1. Advertisements

  2. TheScullster

    Newell White Guest

    No - time to find another supplier![/QUOTE]
    Newell White, Feb 29, 2008
    1. Advertisements

  3. I use Sonicwalls, and although the concurrent usage tracking is sometimes a
    little flaky? (licenses aren't always released when you wish) it doesn't
    work as your Checkpoint does. Look at the Sonicwall PRO 2040 - at 50
    users, you really should be getting an unlimited node device. Just make sure
    you keep your maintenance/support contract paid up annually.
    Lanwench [MVP - Exchange], Feb 29, 2008
  4. TheScullster

    beoweolf Guest

    Checkpoint, like many other software subscription services does keep an
    account of numbers of subscribers. As the administrator it is your job to
    increase (or decrease) license counts to match your user community.

    Just because the "current" users actively logged on is below the 50
    threshold, it is more or less irrelevant, what is at issue is the total
    number of potential nodes. I have used Checkpoint too, it is a PITA to have
    to actually manually update the count, but that is how they encourage truth
    from their subscribers. As mentioned, if you are unwilling to abide by the
    license agreement, it may be time to find a lesser firewall solution

    On a personal note: it don't think the alternatives are anywhere near as
    flexible or as feature rich as Checkpoint. If you haven't assessed your
    license needed since it was installed, several years ago, it may be time to
    get those additional licenses. Think of this way - its no more or less
    onerous than getting a volume license agreement from MS for servers, if your
    connections are above the license you can use a management package that will
    check for actual concurrent users on the system, but that is not what the
    license is are complaining about a technicality. Go to your
    accounting dept. give them the facts and let them make the decision. Its a
    pain, but its more of a pain to be found in a non-compliant license state.
    Remember, there are bounty hunters out there!
    beoweolf, Mar 3, 2008
  5. TheScullster

    andyj0809 Guest

    I'd suggest migrating to a juniper SSG solution. fully intergrated
    high performance box with full user licensing as standard.
    no seperate hw and sw to support - makes life a breeze. I'd be happy
    to send you a quote!
    andyj0809, Mar 13, 2008
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.