Types of licenses for SMC servers and NGFW Engines
Each SMC server and NGFW Engine node must have its own license.
- Some NGFW Engines use an NGFW Engine Node license. Other NGFW Engines use role-specific licenses. The correct type of license for each NGFW Engine is generated based on your Management Server proof-of-license (POL) code or the appliance proof-of-serial (POS) code.
- If there is no connection between the Management Server and the License Center, a Forcepoint NGFW appliance can be used without a license for 30 days. After this time, you must generate the licenses manually at the License Center webpage and install them using the Management Client.
- Virtual NGFW Engines do not require a separate license. However, the Master NGFW Engine license limits the number of Virtual Resources that can be created. The limit for the number of Virtual Resources defines how many Virtual NGFW Engines can be created.
- The Management Server’s license might be limited to managing only a specific number of NGFW Engines.
- Forcepoint NGFW Engines deployed in the AWS cloud with the Bring Your Own License image must have a license in the SMC. Forcepoint NGFW Engines deployed in the AWS cloud with the Hourly (pay as you go) image do not require a separate license in the SMC.
- SMC Appliance which is installed from .iso installer to a virtual machine or a hardware other than Forcepoint provided, requires SMC license that includes "Forcepoint NGFW Security Management Center Virtual Appliance" feature pack.
Licenses can be bound to a component in several different ways. The possible binding methods depend on the licensed component and the software version.
| License binding | Description |
|---|---|
| IP address binding | The license is statically bound to the IP address of the licensed component. Note: Only licenses for SMC servers can be bound to an IP address. Existing IP-address-bound licenses for other components continue to
work and can be upgraded. Any new licenses for other components must be bound to the Management Server’s proof-of-license (POL) code.
|
| UIID binding | The license is statically bound to the unique installation identifier (UIID) for the SMC. The UIID is automatically generated when you install the SMC. The UIID is also shown in the properties of
the Management Server, Log Server, or Web Portal Server elements. Note: Only licenses for SMC servers can be bound to the UIID for the SMC.
|
| Management Server proof-of-license (POL) code binding | Licenses are dynamically bound to the Management Server’s proof-of-license (POL) code. You must manually bind Management Server POL-bound licenses to the correct element. Licenses are valid only for components that are managed by the Management Server that has the same POL code. |
| Appliance proof-of-serial (POS) code binding | The license is bound to the unique POS code of a pre-installed Forcepoint NGFW appliance. The appliance identifies itself when contacting the Management Server. The Management Server allows the use of the appliance if the license POS code matches the reported code. The Management Server automatically binds the correct license to the NGFW Engine element based on the POS code. For the Management Server and pre-installed appliances, the Management Server can use this licensing method automatically with new appliances. |
The license types that are available depend on the SMC server or type of NGFW Engine.
| License binding | Description |
|---|---|
| Management Servers | A static IP-address-bound license or a static UIID-bound license. |
| Log Servers | A static IP-address-bound license, a static UIID-bound license, or a dynamic license bound to the Management Server’s POL code |
| Web Portal Servers | |
| Pre-installed Forcepoint NGFW appliances | A license bound to the POS code of the appliance (all current models) or a dynamic license bound to the Management Server’s POL code (older models) |
| NGFW Engines installed on your own hardware | Always a dynamic license bound to the Management Server’s POL code |
| NGFW Engines installed on a virtualization platform | Always a dynamic license bound to the Management Server’s POL code |
| Feature-specific licenses | A dynamic license bound to the Management Server’s POL code or a license bound to the POS code of the appliance depending on the feature |
After the NGFW Engines and the SMC are fully installed, the SMC can automatically download and install future NGFW Engine licenses. For more information about automatic downloading and installation of licenses, see the Forcepoint Next Generation Firewall Product Guide.