Amer Networks E5Web GUI User Manual

Warning: More restrictive licenses can cause lockdown

If a more restrictive license is loaded into cOS Core so that the existing number of an
object type exceeds the limit of the new license, this will cause lockdown to occur. This
situation must then be resolved by either the administrator reverting to the old license or
editing the configuration to reduce the number of objects to be within the limits of the
new license.

SCP License Uploading

When a license file needs to be uploaded to the security gateway, SCP can be used.

Only one license file can exist on the Clavister Security Gateway. The name of the file is not
mandatory, and neither is the location since cOS Core will detect the file by examining its
contents. By convention, the license file should be called license.lic and it is uploaded to the top
level of the cOS Core directory structure.

Under Linux the SCP upload command to a security gateway called sgw_name might be:

> scp license.lic user@sgw_name:license.lic

Under windows the SCP upload would be done using an appropriate utility with SCP support.

The License Maximum Connections Should Be Adequate

The cOS Core license file specifies the maximum number of concurrent traffic connections that
cOS Core will allow. This is the parameter Max Connections in the file. It is important to have the
appropriate value for this parameter so that it is never exceeded.

If the limit is exceeded then a connection table full condition occurs and the action specified by
the advanced setting Connection Replace is followed.

By default, this action is ReplaceLog which means that the log message connection_table_full is
generated and the oldest connection is dropped by cOS Core to allow the new connection to
succeed.

See Section 12.4, “State Settings” for more information about the Connection Replace setting.

Replacing Licenses

If an installed license needs to be replaced, similar procedures are followed to upload it into the
security gateway. Replacement may be required because of license expiry or a change in the
capabilities allowed by a license such as becoming part of an HA cluster. The new license simply
overwrites the old.

The automatic methods of license installation described above are not available for replacement
and it requires the new license to be first downloaded to a computer and then uploaded with the
Web Interface or SCP.

Replacing Hardware

If the hardware unit is replaced with another unit but the same license is to be used, the same
procedures should be followed for installing the license in the new unit. The separate Hardware
Replacement Guide covers this topic in detail.

Chapter 2: Management and Maintenance

124