No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

License Usage Guide

HUAWEI USG6000, USG9500, NGFW Module

Rate and give feedback :
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
Limitations and Precautions for License

Limitations and Precautions for License

Read this section carefully before you configure a license.

Configuration Description of Automatic Online Activation and License Trial Functions

The automatic online activation and license trial functions can be configured only on the web UI.

Dual-System License Consistency Description

In hot standby scenarios, information, such as license control item types, resource quantities, expiration dates of intrusion prevention, antivirus, and URL remote query update services and license statuses on the active and standby firewalls must be consistent.

If active/standby switchover occurs, hot standby services may be affected. For example, if the number of licensed resources on the active firewall is greater than that on the standby firewall, service resource usage might be affected after active/standby switchover. To prevent such conditions, ensure that the license control items and license status on the active and standby firewalls are consistent in hot standby scenarios.

Application License Description

The ESN application description on the USG9500 is as follows:

  • The USG9500 allows obtaining a license using the ESN of the MPU or backplane. You can run the display esn command to view the MPU ESN or the display esn all or display license esn command to view the backplane ESN (the BackPlane value in the command output). Using the backplane ESN to apply for a license is recommended. This is because the MPU fault rate is higher than the backplane fault rate. If you apply for a license using the MPU's ESN, you must re-apply for a license after replacing the faulty MPU. In the case of dual MPUs, you have to use two ESNs to apply for a license. If either MPU is faulty, you must replace the license.
  • In the dual-MPU scenario, if you use the MPU ESN to obtain a license, you must provide the ESNs of both MPUs. If you use only the ESN of the active MPU to apply for and activate a license file, you must re-apply for a license file using the ESNs of both active and standby MPUs, and activate the new license file.

Activating the License Description

In a scenario with dual MPUs, if you run the license active command to activate a license file, the FW automatically copies the license file from the active MPU to the standby MPU, requiring no manual intervention. This guarantees that the license files, license file names, and license file storage paths on the two MPUs are the same. However, if you run the license revoke command to revoke the license file on the active MPU, the license file on the standby MPU is still valid. That is, the standby MPU can still properly process services after active/standby switchover.

With dual MPUs, renaming the license file or changing the license file path only on the active or standby MPU after the license file is activated is not allowed. Otherwise, services may be interrupted after an active/standby MPU switchover.

The license file is stored on the CF card of the device. After being activated, the license file cannot be manually deleted from the CF card during the device operating. If the CF card is damaged after the license file is activated or the license file is deleted mistakenly from the BootROM, the license file can still be used if the device does not restarted. If the device restarts, the license file is lost on the FW, interrupting services. In this case, the FW sends alarm FWLCNS_1.3.6.1.4.1.2011.6.122.16.5.19 hwLicenseFileLose to inform you to re-upload the license file to the CF card and activate it.

License Alarm Description

  • License 1.2 file: After the file expires, there is a 60-day grace period. After the grace period expires, the license file immediately becomes invalid. After the license file enters the grace period, the system sends a FWLCNS_1.3.6.1.4.1.2011.6.122.16.5.7 hwLicenseFileExpired alarm every day to notify you that your license file has expired and how many days are left before the grace period expires. If some license control items have expired, the system sends a FWLCNS_1.3.6.1.4.1.2011.6.122.16.5.9 hwLicenseFeatureExpired alarm.
  • License 1.0 file: The intrusion prevention, antivirus, and URL remote query items do not have grace periods. In the 30 days before one of these control items expires, the system sends a FWLCNS_1.3.6.1.4.1.2011.6.122.16.5.11 hwLicenseFileWillExpired alarm every day to notify you that the license file is about to expire.
    NOTE:

    From V500R001C30 supports this alarm.

    Except intrusion prevention, antivirus, and URL remote query items, other control items each have a 60-day grace period. After the license file enters the grace period, the system sends a FWLCNS_1.3.6.1.4.1.2011.6.122.16.5.7 hwLicenseFileExpired alarm every day to notify you that your license file has expired and how many days are left before the grace period expires.

Libver=1.0 in the *.dat license file indicates that the license file is a License 1.0 file, and Libver=1.2 indicates that the license file is a License 1.2 file.

Description of Mappings Between License Files and Device Versions

After the upgrade from USG6000 V100R001C30 or USG9500 V300R001 to V500R001C30, you can continue to use the original license files and do not need to apply for new ones. Certain control items of earlier and later versions are different in the way they are controlled by licenses. Therefore, these control items in the license files may become unavailable after upgrade. For example, SSL proxy is not controlled by a license in an earlier version. In a later version, however, SSL proxy is controlled by the content security component control item. Therefore, the SSL proxy function becomes unavailable after upgrade, and you must apply for a new license.

In device version rollback, after the license file of a later version is loaded to the software system of an earlier version, the license file becomes unavailable. This is because this later version may have certain new BOMs that cannot be parsed by the software system of the earlier version added.

Translation
Download
Updated: 2019-04-30

Document ID: EDOC1100015347

Views: 12508

Downloads: 198

Average rating:
This Document Applies to these Products
Related Documents
Related Version
Share
Previous Next