6.5. Installing a License

Each virtual copy of cOS Core running under KVM requires a unique license file to be installed. Without a license, cOS Core will function for only 2 hours from startup in demo mode (demonstration mode). To end demo mode, a valid license file must be installed.

The following should be noted for license installation with cOS Core running in a virtual environment:

Registering a SECaaS License on MyClavister

Before a SECaaS license becomes active, it must first be registered in the relevant MyClavister account. This requires the following steps:

  1. Go to the Clavister website and log into MyClavister.

  2. Select Register new license.

  3. Select the License Number and SECaaS ID option.

  4. Enter the license number and SECaaS ID for the license (these codes are supplied by Clavister).

  5. Press Register License.

An Older Non-SECaaS License Must First Be Deleted

If an older, non-SECaaS license is already installed, it must be deleted using the command:
Device:/> license -remove
This should be followed by a reconfiguration command:
Device:/> reconf

Installing a SECaaS License

Following registration and the deletion of any non-SECaaS license, a SECaaS license can be installed by automatically downloading it from the license server to cOS Core. To initiate this, enter the following CLI console command either remotely with SSH or using the local console:
Device:/> license -secaas_add <secaas-system-id> <secaas-reg-key>

From cOS Core version 14.00.04 onwards, the above procedure is also possible using the WebUI by going to Status > Maintenance > License and filling in the SECaaS codes then pressing Register.

Note that installation of a SECaaS license along with example CLI console output is also covered by an article in the Clavister Knowledge Base at the following link:


Deleting a SECaaS License

If a SECaaS license is to be deleted, the steps are the following:

  1. Disconnect cOS Core from the Internet, otherwise cOS Core may automatically reinstall the license.

  2. Enter the CLI console command:

    Device:/> license -remove

  3. Perform a reconfiguration operation with the command:

    Device:/> reconf

  4. After the reconfiguration operation completes, enter the command:

    Device:/> license -secaas_remove

  5. cOS Core will now automatically restart without the SECaaS license and SECaaS functions present.

License Verification and Updating

Once a SECaaS license is installed, cOS Core will check every 4 hours that the license is valid and also check for any license updates. It does this by contacting the Clavister Service Provider Network (SPN) across the Internet.

If a newer license is found, cOS Core will download it and install it immediately. If verification fails the firewall will enter lockdown mode and only management access will be possible. A verification failure might be caused by license expiry, a faulty license file or a blacklisted license.

Reduced Functionality Mode

If cOS Core with a SECaaS license cannot contact the Clavister SPN for a period of 6 hours, it will enter reduced functionality mode. This mode means that cOS Core operates as before but with the following restrictions:

More information about cOS Core licenses can be found in the cOS Core Administration Guide.