Types of licenses for SMC servers and FlexEdge Secure SD-WAN Engines
Each SMC server and Secure SD-WAN Engine node must have its own license.
- Some Secure SD-WAN Engines use an Secure SD-WAN Engine Node license. Other Secure SD-WAN Engines use role-specific licenses. The correct type of license for each Secure SD-WAN Engine is generated based on your Management Server proof-of-license (POL) code or the appliance proof-of-serial (POS) code.
- If there is no connection between the Management Server and the License Center, a Secure SD-WAN Engine appliance can be used without a license for 30 days. After this time, you must generate the licenses manually at the License Center webpage and install them using the Management Client.
- Virtual Secure SD-WAN Engines do not require a separate license. However, the Master Secure SD-WAN Engine license limits the number of Virtual Resources that can be created. The limit for the number of Virtual Resources defines how many Virtual Secure SD-WAN Engines can be created.
- The Management Server’s license might be limited to managing only a specific number of Secure SD-WAN Engines.
- Secure SD-WAN Engines deployed in the AWS cloud with the Bring Your Own License image must have a license in the SMC. Secure SD-WAN Engines deployed in the AWS cloud with the Hourly (pay as you go) image do not require a separate license in the SMC.
- SMC Appliance which is installed from .iso installer to a virtual machine or a hardware other than Forcepoint provided, requires SMC license that includes "Forcepoint FlexEdge Secure SD-WAN Manager Virtual Appliance" feature pack.
Licenses can be bound to a component in several different ways. The possible binding methods depend on the licensed component and the software version.
| License binding | Description |
|---|---|
| IP address binding | The license is statically bound to the IP address of the licensed component. Note: Only licenses for SMC servers can be bound to an IP address. Existing IP-address-bound licenses for other components continue to
work and can be upgraded. Any new licenses for other components must be bound to the Management Server’s proof-of-license (POL) code.
|
| UIID binding | The license is statically bound to the unique installation identifier (UIID) for the SMC. The UIID is automatically generated when you install the SMC. The UIID is also shown in the properties of
the Management Server, Log Server, or Web Portal Server elements. Note: Only licenses for SMC servers can be bound to the UIID for the SMC.
|
| Management Server proof-of-license (POL) code binding | Licenses are dynamically bound to the Management Server’s proof-of-license (POL) code. You must manually bind Management Server POL-bound licenses to the correct element. Licenses are valid only for components that are managed by the Management Server that has the same POL code. |
| Appliance proof-of-serial (POS) code binding | The license is bound to the unique POS code of a pre-installed Secure SD-WAN Engine appliance. The appliance identifies itself when contacting the Management Server. The Management Server allows the use of the appliance if the license POS code matches the reported code. The Management Server automatically binds the correct license to the Secure SD-WAN Engine element based on the POS code. For the Management Server and pre-installed appliances, the Management Server can use this licensing method automatically with new appliances. |
The license types that are available depend on the SMC server or type of Secure SD-WAN Engine.
| License binding | Description |
|---|---|
| Management Servers | A static IP-address-bound license or a static UIID-bound license. |
| Log Servers | A static IP-address-bound license, a static UIID-bound license, or a dynamic license bound to the Management Server’s POL code |
| Web Portal Servers | |
| Pre-installed Secure SD-WAN Engine appliances | A license bound to the POS code of the appliance (all current models) or a dynamic license bound to the Management Server’s POL code (older models) |
| Secure SD-WAN Engines installed on your own hardware | Always a dynamic license bound to the Management Server’s POL code |
| Secure SD-WAN Engines installed on a virtualization platform | Always a dynamic license bound to the Management Server’s POL code |
| Feature-specific licenses | A dynamic license bound to the Management Server’s POL code or a license bound to the POS code of the appliance depending on the feature |
After the Secure SD-WAN Engines and the SMC are fully installed, the SMC can automatically download and install future Secure SD-WAN Engine licenses. For more information about automatic downloading and installation of licenses, see the Forcepoint FlexEdge Secure SD-WAN Product Guide.