Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
?
Solved

SSG Lisence issue

Posted on 2011-10-27
16
Medium Priority
?
1,358 Views
Last Modified: 2012-05-12
I've downloaded SSG 520 trial key but i can not see any difference between lisenced and not lisenced device.

what is the diffrence menu is same and properties also.
0
Comment
Question by:3XLcom
  • 8
  • 8
16 Comments
 
LVL 18

Expert Comment

by:deimark
ID: 37043267
The license only enables further features bud.

Can you tell me what license you have isntalled?

We can view the current capability of the device using "get license-key"

The output shows the sesion count available, tunnels it can have plus any subscriptions, ie AV, AS, deep inspection etc.  It will also show when your subs license expire.
0
 

Author Comment

by:3XLcom
ID: 37043299
This is my lisence key details.

but i can not see any difference before get the lisence and after get the lisence
SSG520-> get license-key
uf_key              : xxxxxxxxxxxxxx
expire date: 2011/11/26

anti_spam_key       : xxxxxxxxxxxxxx
expire date: 2011/11/26

av_v2_key           : xxxxxxxxxxxxxx
expire date: 2011/11/26

di_db_key           : xxxxxxxxxxxxxx
expire date: 2011/11/26

Model:              Advanced
Sessions:           128064 sessions
Capacity:           unlimited number of users
NSRP:               ActiveActive
VPN tunnels:        500 tunnels
Vsys:               None
Vrouters:           11 virtual routers
Zones:              60 zones
VLANs:              125 vlans
Drp:                Enable
Deep Inspection:    Enable
Deep Inspection Database Expire Date: 2011/11/26
Signature pack:     Standard Deep Inspection Pack
IDP:                Disable
AV:                 Enable(1)
Anti-Spam:          Enable(1)
Url Filtering:      Expire Date: 2011/11/26

Update server url: nextwave.netscreen.com/key_retrieval
License key auto update : Disabled
Auto update interval : 0 days

Open in new window

0
 
LVL 18

Expert Comment

by:deimark
ID: 37043325
I can see some utm licenses there bud. The av, di etc. all with a short expiry time which looks like an eval for the utm features. Is that what you ordered?
0
The Lifecycle Approach to Managing Security Policy

Managing application connectivity and security policies can be achieved more effectively when following a framework that automates repeatable processes and ensures that the right activities are performed in the right order.

 

Author Comment

by:3XLcom
ID: 37043396
This is just eval. lisence to understand where is the difference. but i cannot see anything more then updating db s
for ex. deep inspection system what is the difference before and after or av they were working before lisence update
0
 
LVL 18

Expert Comment

by:deimark
ID: 37043584
Can you post the output of your licenses before and after the addition of the new license ?  I suspect there is a difference but it may be slight.
0
 

Author Comment

by:3XLcom
ID: 37043973
how should i get that you want ?before i install this lisence machine completely brand new and there was no lisence uploaded
0
 
LVL 18

Expert Comment

by:deimark
ID: 37044032
OK, can you post the licenses that you did install then?

I need to have something to work with here, I need to be able to compare where I can
0
 

Author Comment

by:3XLcom
ID: 37044401
I've installed lisence via request trial key option not with a file
0
 
LVL 18

Expert Comment

by:deimark
ID: 37044451
OK, the output just looks like you have added the following keys (or at least updated them)

SSG520-> get license-key
uf_key              : xxxxxxxxxxxxxx
expire date: 2011/11/26

anti_spam_key       : xxxxxxxxxxxxxx
expire date: 2011/11/26

av_v2_key           : xxxxxxxxxxxxxx
expire date: 2011/11/26

di_db_key           : xxxxxxxxxxxxxx
expire date: 2011/11/26

These allow temporary use of the AV, DI, AS and UF features until 26th November.

I suspect that these are what was updated however without knowing what licenses you had before I cant confirm this.
0
 

Author Comment

by:3XLcom
ID: 37044769
I had no lisence before when i try
SSG520-> get license-key
before i retreive this lisences i got following message

no lisence file found

sth. like this.
0
 
LVL 18

Expert Comment

by:deimark
ID: 37044828
THats iuncorrect.

Get license-key WILL ALWAYS supply at least the below output.

Model:              Advanced
Sessions:           128064 sessions
Capacity:           unlimited number of users
NSRP:               ActiveActive
VPN tunnels:        500 tunnels
Vsys:               None
Vrouters:           11 virtual routers
Zones:              60 zones
VLANs:              125 vlans
Drp:                Enable
Deep Inspection:    Enable
Deep Inspection Database Expire Date: 2011/11/26
Signature pack:     Standard Deep Inspection Pack
IDP:                Disable
AV:                 Enable(1)
Anti-Spam:          Enable(1)
Url Filtering:      Expire Date: 2011/11/26

Update server url: nextwave.netscreen.com/key_retrieval
License key auto update : Disabled
Auto update interval : 0 days

In short, you have not really answered our questions or made it clear what you are looking for here so I don't know how I can help you further.

Basically, explain more of what your question is
0
 

Author Comment

by:3XLcom
ID: 37045090
Is there any features list of lisences. Basically i could not see any difference between and after installing lisences
0
 
LVL 18

Expert Comment

by:deimark
ID: 37045271
SSG520-> get license-key
uf_key              : xxxxxxxxxxxxxx
expire date: 2011/11/26

anti_spam_key       : xxxxxxxxxxxxxx
expire date: 2011/11/26

av_v2_key           : xxxxxxxxxxxxxx
expire date: 2011/11/26

di_db_key           : xxxxxxxxxxxxxx
expire date: 2011/11/26

This is the additional feature set of the attached licenses.

Model:              Advanced
Sessions:           128064 sessions
Capacity:           unlimited number of users
NSRP:               ActiveActive
VPN tunnels:        500 tunnels
Vsys:               None
Vrouters:           11 virtual routers
Zones:              60 zones
VLANs:              125 vlans
Drp:                Enable
Deep Inspection:    Enable
Deep Inspection Database Expire Date: 2011/11/26
Signature pack:     Standard Deep Inspection Pack
IDP:                Disable
AV:                 Enable(1)
Anti-Spam:          Enable(1)
Url Filtering:      Expire Date: 2011/11/26

This is the actual capabilities of the devcie itself.  Some options there are licensed as well for example, we can add to the session count and VPN tunnels that the device is capable of handling with an advanced or enhanced licenses.

For the above, as I mentionend before, you have a valid sunscription enabled for DI,. AV, AS and UF.

I ask again, what ius your quesdtion as you are not being clear in what you are after.

You said that you cannot see any difference in the licenses after you installed a new license, but you havent said what these new licenses are?  What features are you trying to test here?  What is your objective with the new licenses?

If you cannot answer any of the above, then we cannot help you if you dont know what you want
0
 

Author Comment

by:3XLcom
ID: 37045436
For example deep inspection how should i test the difference
0
 
LVL 18

Accepted Solution

by:
deimark earned 2000 total points
ID: 37045464
How to test all the features of the UTM functionality on screenos is a very large subject and cant be answered here in general terms sadly.

Have a look at http://www.juniper.net/techpubs/software/screenos/screenos6.2.0/index.html, specifically    

Concepts & Examples ScreenOS Reference Guide: Vol 4, Attack Detection and Defense Mechanisms

This will let you know what each feature does and also how to configure this.

0
 

Author Closing Comment

by:3XLcom
ID: 37048738
thnx
0

Featured Post

Concerto Cloud for Software Providers & ISVs

Can Concerto Cloud Services help you focus on evolving your application offerings, while delivering the best cloud experience to your customers? From DevOps to revenue models and customer support, the answer is yes!

Learn how Concerto can help you.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

The DROP (Spamhaus Don't Route Or Peer List) is a small list of IP address ranges that have been stolen or hijacked from their rightful owners. The DROP list is not a DNS based list.  It is designed to be downloaded as a file, with primary intention…
A 2007 NCSA Cyber Security survey revealed that a mere 4% of the population has a full understanding of firewalls. As business owner, you should be part of that 4% that has a full understanding.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
When cloud platforms entered the scene, users and companies jumped on board to take advantage of the many benefits, like the ability to work and connect with company information from various locations. What many didn't foresee was the increased risk…
Suggested Courses

579 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question