| Home Prev |  cOS Core Getting Started Guide for KVM
|
Next |
|---|
Each virtual copy of cOS Core running under KVM requires a unique license file to be installed. Without a license, cOS Core will function for only 2 hours from startup in demo mode (demonstration mode). To end demo mode, a valid license file must be installed.
The following should be noted for license installation with cOS Core running in a virtual environment:
From the 4th quarter of 2021, all new licenses for cOS Core in virtual environments are subscription based Security as a Service (SECaaS) licenses. This means that only the license installation procedure described in this section can be used.
The first time a SECaaS license is installed, it must be done manually.
SECaaS licenses require Internet access by cOS Core.
Internet access is required for SECaaS license installation, as well as for continuously verifying and updating licenses. cOS Core must also have a public DNS server configured for the resolution of FQDNs.
Updates to the original license are installed automatically across the Internet and this is enabled by default.
Registering a SECaaS License on MyClavister
Before a SECaaS license becomes active, it must first be registered in the relevant MyClavister account. This requires the following steps:Go to the Clavister website and log into MyClavister.
Select Register new license.
Select the License Number and SECaaS ID option.
Enter the license number and SECaaS ID for the license (these codes are supplied by Clavister).
Press Register License.
An Older Non-SECaaS License Must First Be Deleted
If an older, non-SECaaS license is already installed, it must be deleted using the command:Device:/> license -removeDevice:/> reconfInstalling a SECaaS License
Following registration and the deletion of any non-SECaaS license, a SECaaS license can be installed by automatically downloading it from the license server to cOS Core. To initiate this, enter the following CLI console command either remotely with SSH or using the local console:Device:/> license -secaas_add <secaas-system-id> <secaas-reg-key>From cOS Core version 14.00.04 onwards, the above procedure is also possible using the WebUI by going to Status > Maintenance > License and filling in the SECaaS codes then pressing Register.
Note that installation of a SECaaS license along with example CLI console output is also covered by an article in the Clavister Knowledge Base at the following link:
https://kb.clavister.com/336145229
Deleting a SECaaS License
If a SECaaS license is to be deleted, the steps are the following:Disconnect cOS Core from the Internet, otherwise cOS Core may automatically reinstall the license.
Enter the CLI console command:
Device:/> license -remove
Perform a reconfiguration operation with the command:
Device:/> reconf
After the reconfiguration operation completes, enter the command:
Device:/> license -secaas_remove
cOS Core will now automatically restart without the SECaaS license and SECaaS functions present.
License Verification and Updating
Once a SECaaS license is installed, cOS Core will check every 4 hours that the license is valid and also check for any license updates. It does this by contacting the Clavister Service Provider Network (SPN) across the Internet.If a newer license is found, cOS Core will download it and install it immediately. If verification fails the firewall will enter lockdown mode and only management access will be possible. A verification failure might be caused by license expiry, a faulty license file or a blacklisted license.
Reduced Functionality Mode
If cOS Core with a SECaaS license cannot contact the Clavister SPN for a period of 6 hours, it will enter reduced functionality mode. This mode means that cOS Core operates as before but with the following restrictions:The maximum total throughput of the firewall becomes 1 Mbps.
All log message generation is disabled except for log messages related to licenses.
More information about cOS Core licenses can be found in the cOS Core Administration Guide.
