Types of licenses for SMC servers and Security Engines
Each SMC server and Security Engine node must have its own license.
- Some Security Engines use an Security Engine Node license. Other Security Engines use role-specific licenses. The correct type of license for each Security Engine is generated based on your Management Server proof-of-license (POL) code or the appliance proof-of-serial (POS) code.
- If there is no connection between the Management Server and the License Center, a Security Engine appliance can be used without a license for 30 days. After this time, you must generate the licenses manually at the License Center webpage and install them using the SMC Client.
- Virtual Security Engines do not require a separate license. However, the Master Security Engine license limits the number of Virtual Resources that can be created. The limit for the number of Virtual Resources defines how many Virtual Security Engines can be created.
- The Management Server’s license might be limited to managing only a specific number of Security Engines.
- Security Engines deployed in the AWS cloud with the Bring Your Own License image must have a license in the SMC. Security Engines deployed in the AWS cloud with the Hourly (pay as you go) image do not require a separate license in the SMC.
Licenses can be bound to a component in several different ways. The possible binding methods depend on the licensed component and the software version.
| License binding | Description |
|---|---|
| IP address binding | The license is statically bound to the IP address of the licensed component. Note: Only licenses for SMC servers can be bound to an IP address. Existing IP-address-bound licenses for other components continue to
work and can be upgraded. Any new licenses for other components must be bound to the Management Server’s proof-of-license (POL) code.
|
| UIID binding | The license is statically bound to the unique installation identifier (UIID) for the SMC. The UIID is automatically generated when you install the SMC. The UIID is also shown in the properties of
the Management Server or Log Server elements. Note: Only licenses for SMC servers
can be bound to the UIID for the SMC.
|
| Management Server proof-of-license (POL) code binding | Licenses are dynamically bound to the Management Server’s proof-of-license (POL) code. You must manually bind Management Server POL-bound licenses to the correct element. Licenses are valid only for components that are managed by the Management Server that has the same POL code. |
| Appliance proof-of-serial (POS) code binding | The license is bound to the unique POS code of a pre-installed Forcepoint Network Security Platform appliance. The appliance identifies itself when contacting the Management Server. The Management Server allows the use of the appliance if the license POS code matches the reported code. The Management Server automatically binds the correct license to the Security Engine element based on the POS code. For the Management Server and pre-installed appliances, the Management Server can use this licensing method automatically with new appliances. |
The license types that are available depend on the SMC server or type of Security Engine.
| License binding | Description |
|---|---|
| Management Servers | A static IP-address-bound license or a static UIID-bound license. |
| Log Servers | A static IP-address-bound license, a static UIID-bound license, or a dynamic license bound to the Management Server’s POL code |
| Pre-installed Forcepoint Network Security Platform appliances | A license bound to the POS code of the appliance (all current models) or a dynamic license bound to the Management Server’s POL code (older models) |
| Security Engines installed on your own hardware | Always a dynamic license bound to the Management Server’s POL code |
| Security Engines installed on a virtualization platform | Always a dynamic license bound to the Management Server’s POL code |
| Feature-specific licenses | A dynamic license bound to the Management Server’s POL code or a license bound to the POS code of the appliance depending on the feature |
After the Security Engines and the SMC are fully installed, the SMC can automatically download and install future Security Engine licenses. For more information about automatic downloading and installation of licenses, see the Forcepoint Network Security Platform Product Guide.