The license monitoring function in InCenter deals with the display of deployed licenses and the monitoring of the node system resources that are controlled by the parameters in licenses.

Note that the site licensing related features described in this section apply only to NetShield nodes.

The importing of license files and associating InCenter License objects with a file is described previously in Section 13.1, License Handling.

Displaying License Objects

A summary of all License objects can be displayed with the license -show command and the type of each license is shown in the Type column:

admin@InCenter:/> license -show
   Name        Type    Comments
-  ----------  ------  --------
   myLicense1  Node
   myLicense2  Site

Using the license command with no parameters will display further details with the licenses also broken down by type:

admin@InCenter:/> license
Site Licenses:
Name        Registration Key     Limits
----------  -------------------  ---------------------------------
myLicense2  1856-1121-1331-1234  IPsecFwb: 10Mbps TotalFwb: 20Mbps 
Node Licenses:
Name        Registration Key     MAC Address
----------  -------------------  -----------------
myLicense1  2191-7212-1154-3298  ca-fe-ba-00-22-21

Note that site licenses are shown with a summary of the aggregate limits. Node licenses are tied to the Ethernet interface MAC address shown.

Displaying Individual License Objects

Once a License object has been created, the contents of its associated license file can be viewed with the license <license-name> command. The output will be of a different form depending on if a site license or a node license is being displayed.

The following is an example of a site license:

admin@InCenter:/> license myLicense1
Property                            Value
----------------------------------  ------------------------
                     LICENSE_TYPE:  FIREWALL
                    REGISTERED_TO:  Name-of-Customer
                 REGISTRATION_KEY:  0000-1111-1111-2222
                REGISTRATION_DATE:  2018-12-09
                    LAST_MODIFIED:  2018-12-09
                      ISSUED_DATE:  2018-12-09
                           OEM_ID:  4
             UPGRADES_VALID_UNTIL:  2019-12-09
          TECHNICAL_SUPPORT_UNTIL:  2019-12-09
                     SITE_LICENSE:  2
                    DISPLAY_BRAND:  Clavister 
                    DISPLAY_MODEL:  Clavister Next Generation Firewall 
                               OS:  1
                         PROP_BGP:  1
                        PROP_CONN:  30000000
                      PROP_DETNAT:  1
                    PROP_DIAMINSP:  1
                     PROP_GTPINSP:  1
                  PROP_IKETUNNELS:  2000
                     PROP_IPSECTP:  10
                        PROP_OSPF:  1
                    PROP_SCTPINSP:  1
                     PROP_SIPINSP:  1
                  PROP_THROUGHPUT:  20
                        PROP_VLAN:  4096
Nodes using license: my-node1
Monitored limits (2019-02-01T01:24:40+0100):
IPsecFWb 2Mbps out of 5Mbps
TotalFWb 5Mbps out of 7Mbps
Total license violations detected: 115

The contents of a site license will now be explained using the example above. Node licenses will not be discussed further in this section since they will follow the normal rules for a license.

A Site License Has Aggregate Throughput Limits

A site license has throughput limits associated with it which are shown at the bottom of the license output above along with how much of the limit is being used. The limits consist of the following:

However, it should be noted that these limits apply to the aggregate traffic throughput of all the nodes that have that site license assigned to them in InCenter. They would only apply to a single node if the site license was associated with just that node and no others.

Site License Aggregated Traffic Values are not Real-time

It should be noted that the aggregated throughput values calculated by InCenter are not real-time. They are calculated by summing the average throughput for each node over a 5 minute window. The time of the computation is given at the end of the license listing (such as the one above) in the line beginning Monitored limits. Both the monitored node throughput and the aggregated values are stored in InCenter for a period of time.

Examining site License Limits and Limit Violations

The -violations options of the license command can provide a list of license limits along with any limit violations. Adding the -num option limits the number of violations displayed. The example below displays the last 5 violations that occurred for all licenses along with the limits for those licenses:

admin@InCenter:/> license -violations -num=5
Registration Key     Limits
-------------------  ------------------------------------------
0000-1111-1111-2222  IPsecFWb: 0/10Mbps, TotalFWb: 24.73/20Mbps
0000-1111-1111-2222  IPsecFWb: 0/10Mbps, TotalFWb: 24.81/20Mbps
0000-1111-1111-2222  IPsecFWb: 0/10Mbps, TotalFWb: 24.81/20Mbps
0000-1111-1111-2222  IPsecFWb: 0/10Mbps, TotalFWb: 24.8/20Mbps
0000-1111-1111-2222  IPsecFWb: 0/10Mbps, TotalFWb: 24.67/20Mbps
Showing violations 1-5 out of 115.

Note that the output above has had the right-hand side truncated to fit on the page. The exact time of the violation is usually shown in an additional column on the right.

If the -num option is omitted then just the last 20 violations that occurred are displayed.