Check Point VPN-1/FireWall-1

When obtaining a license, you will get a Certificate Key (CK), which isn't really a license. By entering this CK in your account at Check Point's Usercenter, you will get the "real license" to be imported at the SmartCenter (or at the Firewall, when still using local licensing).

The CK is generated when you have placed your order, which license(s) you need. In general, an order key has different parts, e.g. CPUTM-CKP-3-100 or CPVP-VSC-100. Let's divide this key into different parts:

1. CPVP
   Product Category
2. VSC
   Product Description
3. 100
   Number of protected IP's or users, number of routers, gateways, etc.

Here you find a collection of many categories. Today, there are less categories (e.g. Check Point Express or Check Point Enterprise are no more supported).

CPCES
Check Point Collaborative Enterprise Subscription, Software Subscription available at different levels.

CPDS
General license key for Pointsec products.

CPFW
FireWall, Class of licenses for (additional) products without encryption.

CPGX
FireWall-1 GX, needed for securing GPRS.

CPIS
Check Point InterSpect, appliance for securing the internal network, today for IPS-1 also.

CPMP
Management Product, necessary for e.g. Eventia or Web Intelligence.

CPOS
Check Point Operating System, needed for SecurePlatform Pro.

CPPR
PRovider-1, licenses which are specific for Provider-1, the management tool for Managed Service Providers and very big enterprises.

CPPWR
Products for Check Point Power, mostly unlimited version.

CPSB
Safe@ Box, license for a Safe@ Appliance from Check Point.

CPSM
Site Manager, like Provider-1, but with the option of managing small sites also.

CPTS
Check Point Training Service for attending a training at an ATC (Authorized Training Center), also Check Point Professional Service and Check Point SmartUse.

CPUA
UserAuthority, the system for reduced SignOn by Check Point.

CPUTM
Products for licensing scheme Check Point UTM. UTM stands for Unified Thread Management.

CPVH
Very High performance acceleration for 3DES, license for Accelerator Cards.

CPVP
VPN Product for licensing products esp. for Encryption.

CPWS
Check Point Web Security, e.g. for Check Point Connectra Web Security Gateways.

CSP
Check Point Support Program, necessary for opening troubleshooting Tickets at Check Point.

SMP
Check Point Security Management Portal to manage firewalls centrally.

ST
Licenses for obtaining maintenance for Safe@Office appliances.

STAV
Subscription for Safe@Office products, includes Anti Virus.

SU
Security Updates for Endpoint clients, e.g. Program advisor for Integrity.

WF
Web Filtering for Safe@Office products.

APP-M450
Check Point UTM-1 Appliance, Model 450
Example: CPUTM-APP-M450-EU

APP-M1050
Check Point UTM-1 Appliance, Model 1050
Example: CPUTM-APP-M1050-UK

APP-M2050
Check Point UTM-1 Appliance, Model 2050
Example: CPUTM-APP-M2050-US

CC
ConnectControl, License for Load Balancing of servers behind a gateway, requires at least a license for FireWall-1.
Example: CPFW-CC-1

CCV
Integrity Clientless Security for Connectra, licensed per user. 
Example: CPWS-CCV-U 

CCV-HA
Integrity Clientless Security for Connectra High Availability, licensed per user. 
Example: CPWS-CCV-HA-250 

CKP
Check Point Gateway and Management bundle, licensed per managed Site and the number of users.
Example: CPUTM-CKP-3-250

CKPP
Check Point UTM Power Gateway and Management bundle, licensed per managed Site and the number of users.
Example: CPUTM-CKPP-5-U

CLM
Check Point Customer Log Module Add-on for SmartCenter, for logging and not for pushing rules to the Firewalls or administering objects.
Examples: CPMP-CLM, CPPR-CLM-NG

CMA
Provider-1 Customer Management Add-On (Primary CMA), a "virtual" SmartCenter for managing  objects and rules in Check Point Provider-1, licensed per administered Gateway (1,2, 4, U), a suitable MDS MC is needed. 
Example: CPPR-CMA-4-NG

CPSB
Safe@Office Support Plan, if wanted with Antivirus or web filtering. 
Examples: ST-CPSB-5, STAV-CPSB-10, WF-CPSB-25

CRA-1025, 1050, 1100, 1250, 2100, 2250, 6250, 6500
Check Point Connectra, different hardware, licensed per concurrent users.
Example: CPWS-CRA-2250U-EU 

CRA-1025-HA, 1050-HA, 1100-HA, 1250-HA, 2100-HA, 2250-HA, 6250-HA, 6500-HA
Check Point Connectra, different hardware, licensed per concurrent users.
Example: CPWS-CRA-2250U-EU 

CRA-PS
Connectra 2000 Redundant Power Supply. 
Example: CPWS-CRA-PS-EU

CRS
Check Point Connectra Software, licensed per concurrent users.
Example: CPWS-CRS-250

CRS-HA
Secondary Connectra Software, licensed per concurrent users.
Example: CPWS-CRS-HA-500

CRS-MEDIA
CD with software for Check Point Connectra, includes a Certificate Key for an Evaluation license even if the software is running 15 days for free.
Example: CPWS-CRS-MEDIA-1-NGXR62 

CXL-HA
FireWall-1 GX High Availability, needs appropriate SmartCenter for Management.
Example: CPGX-CXL-HA-1-NG

CXLS
ClusterXL, license for additional Load Sharing, not High Availability only. Licensed by the number of users.
Example: CPMP-CXLS-U

DOC
Courseware for Check Point trainings at ATCs, but also Advanced Technical Reference Guide or even the standard documentation in written form.
Examples: CPTS-DOC-PR-1-NGX, CPMP-DOCS-1-NGXR65

EDGE-SDAV
SmartDefense Services and Antivirus for VPN-1 UTM Edge.
Example: CPUTM-EDGE-SDAV-32

EDGE-W8, W16, W32, WU
EDGE-WG8, WG16, WG32, WGU
VPN-1 UTM Edge Appliance W series for 8, 16, 32 and unlimited users, respectively. Includes WLAN access point.
Example: CPUTM-EDGE-WU-WORLD-EU

EDGE-XG8, XG16, XG32, XU
VPN-1 UTM Edge Appliance X series for 8, 16, 32 and unlimited users, respectively.
Example: CPUTM-EDGE-XG8-EU

EDGE-XG8-IND, XG16-IND, XG32-IND, XU-IND
VPN-1 UTM Industrial Edge Appliance X series for 8, 16, 32 and unlimited users, respectively.
Example: CPUTM-EDGE-XG32-IND-EU

EVA
Check Point Eventia Analyzer, licensed per Gateway/Device.
Example: CPMP-EVA-5

EVA-CORL
Check Point Eventia Additional Correlation Unit.
Example: CPMP-EVA-CORL

EVAL
License for Evaluation, mostly valid for 30 days. All features free for testing.

EVR
Check Point Eventia Reporter, licensed per Gateway/Device.
Example: CPMP-EVR-50

EVS
Check Point Eventia Suite, combination of Eventia Reporter and Eventia Analyzer, licensed per Gateway/Device. 
Example: CPMP-EVS-100

EVS-MEDIA
CD with Check Point Eventia, includes a Certificate Key for an Evaluation license even if the software is running 15 days for free.
Example: CPMP-EVS-MEDIA-1-NGXR63 

FIRM
Software Updates for nodes managed by SMP, valid for one year.
Example: SMP-FIRM-UPD-5USR

FSS
Check Point FireWall-1 SecureServer, Module to protect a single system without IP forwarding enabled, no encryption, SmartCenter for administration needed.
Example: CPFW-FSS-1

GMC
Check Point FireWall-1 GX Management for an unlimited number of GX-Gateways.
Example: CPGX-GMC-U-NG

GX-CMA
FireWall-1 GX CMA for Provider-1.
Example: CPPR-GX-CMA-U-NG 

GX-MEDIA
CD with software for Check Point GX.
Example: CPGX-GX-MEDIA-1-NGX

HVFF
FireWall-1 GX Secondary Module, needs VFF and appropriate SmartCenter for management. 
Example: CPGX-HVFF-U-NG

IAS
Check Point Integrity Advanced Server.
Example: CPIS-IAS-1

IAS-HA
Secondary Integrity Advanced Server for Load Sharing and High Availability.
Example: CPIS-IAS-1

ICS
Check Point Integrity Clientless Security Windows, licensed per user.
Example: CPWS-ICS-100

IDT
Check Point Integrity Desktop, licensed per user.
Example: CPIS-IDT-25

IEPS
Check Point Integrity endpoint suite, licensed per user.
Example: CPUA-UAU-1000

ILX
Check Point Integrity for Linux, licensed per user.
Example: CPIS-ILX-250

INSP-210, 210N, 410, 610, 610F
Check Point InterSpect Appliance. License depends on the Hardware and Type of InterSpect.
Example: CPIS-INSP-610F-EU

INSP-FONIC
InterSpect additional Network Interface with Fail Open, license depends on card and hardware.
Example: CPIS-INSP-FONIC-QC 

INSP-PS
InterSpect redundant Power Supply.
Example: CPIS-INSP-PS-EU

INSP-NIC
InterSpect additional Network Interface, license depends on card and hardware.
Example: CPIS-INSP-NIC-QF-SX

INT
Check Point Integrity, licensed per user.
Example: CPIS-INT-500

IPS-M50C, M200C, M200F, M500C, M500F
Check Point IPS-1 Sensor, license depends on throughput and material.
Example: CPIS-IPS-M500F-EU

IPS-M1000C, M1000F, M2000C, M2000F, 
Check Point IPS-1 Power Sensor, license depends on throughput and material.
Example: CPIS-IPS-M2000F-EU

IPS-SMDF-M50, M200, M500, M1000, M2000
Check Point SmartDefense Services for IPS-1 Sensor, license depends on sensor.
Example: CPIS-IPS-SMDF-M1000

IPV6
IPv6 Add-on for Gateways, needed for the use of this protocol. Currently free of charge.

MDS
Provider-1 Multi Domain Server, divided into Manager/Container (MC), Container (C) or Manager (M, for High Availability only).
Example: CPPR-MDS-MC50-NG

MEDIA
CD with the software, includes a Certificate Key for an Evaluation license even if the software is running 15 days for free.
Example: CPMP-MEDIA-HE-10-NGXR65

MGM-HA
Check Point Management High Availability for SmartCenter UTM, license needed additionally to licenses for two SmartCenters.
Example: CPUTM-MGM-HA

MLM-C10, C25, C50, C100, C200, C250
Provider-1 Multi Domain Log Module for additional central logging in Check Point Provider-1, includes license for a number of CLM, needs a primary MDS for operation.
Example: CPPR-MLM-C200-NG

MOTIF-GUI
Check Point Motif GUI Add-on for SmartCenter under Sun Solaris.
Examples: CPMP-MOTIF-GUI-U, CPPR-MOTIF-GUI-U-NG

OSE
Check Point Open Security Extension, License for managing Access Control Lists (ACLs) for Routers directly with SmartDashboard, available for one or an unlimited number of Routers.
Example: CPFW-OSE-U

PPK
Performance Pack for Linux, Sun Solaris and SecurePlatform, activates SecureXL and can handle more than one CPU.
Example: CPMP-PPK-1

PRE
Provider-1 Enterprise Edition, licensed per Domain.
Example: CPMP-PRE-5

PRO
Pro Add-ons for Provider-1 Multi Domain Server, licensed per CMA.
Example: CPPR-PRO-200-NG

QOS
Check Point FloodGate-1 Add-on for VPN-1 UTM Gateway, licensed per managed Gateway.
Example: CPUTM-QOS-5

SC
License for SmartCenter, available for UTM or Power and licensed for the number of managed sites.
Example: CPPWR-SC-U

SCM
Check Point SecureClient Mobile, licensed per user.
Example: CPVP-SCM-500

SDCS
SmartDefense Services Antivirus and URL filtering Add-on, licensed per site and users.
Example: CPUTM-SDCS-250

SDCS-M450, M1050, M2050
Check Point SmartDefense Services including Antivirus and URL Filter for UTM-1 Gateway for unlimited users.
Example: CPUTM-SDCS-M2050

SMDF
SmartDefense Services, annual subscription for SmartDefense Updates, licensed per site and users.
Examples: CPPWR-SMDF-250, CPWS-SMDF-50

SMDF-210, 410, 610
SmartDefense Services for Check Point InterSpect Appliance.
Example: CPIS-SMDF-610

SMDF-M450, M1050, M2050
SmartDefense Add-on for Check Point UTM-1 Gateway for unlimited users.
Example: CPUTM-SMDF-M1050

SMDF-AV
SmartDefense Services Antivirus Add-on, licensed per site and users.
Example: CPUTM-SMDF-AV-100

SMDF-AV-M450, M1050, M2050
SmartDefense Antivirus Add-on for Check Point UTM-1 Gateway for unlimited users.
Example: CPUTM-SMDF-AV-M1050

SMDF-IEPS
Check Point SmartDefense for Integrity endpoint suite, licensed per user.
Example: SU-SMDF-IEPS-250

SMDF-ISPY
Check Point SmartDefense Anti-Spyware Service, licensed per user.
Example: SU-SMDF-ISPY-500

SMDF-PA
Check Point SmartDefense Program Advisor Service, licensed per user.
Example: SU-SMDF-PA-250

SMDF-URLF
SmartDefense Services URL Filtering Add-on, licensed per site and users.
Example: CPUTM-SMDF-URLF-500

SMDF-URL-M450, M1050, M2050
SmartDefense URL Filtering Add-on for Check Point UTM-1 Gateway for unlimited users.
Example: CPUTM-SMDF-URL-M1050

SMDF-VSX
SmartDefense Services for VPN-1 Power VSX Gateways, licensed per VSX gateway.
Example: CPPWR-SMDF-VSX-100

SMM
Check Point SiteManager-1, consisting of Manager (M) and Container (C).
Example: CPSM-SMM-MC200-NG

SMP
Security Management Portal (SMP) for central management of Safe@Office, licensed per managed Device.
Example: SMP-250

SMPO
Check Point SmartPortal Add-on for SmartCenter UTM.
Example: CPUTM-SMPO

SMUP
Check Point SmartUpdate Add-on for SmartCenter UTM.
Example: CPUTM-SMUP

SMMP
Check Point SmartMap Add-on for SmartCenter UTM.
Example: CPUTM-SMMP

SMDR
Check Point SmartDirectory Add-on for SmartCenter UTM.
Example: CPUTM-SMDR

SNX
Check Point SSL Network Extender for Windows, licensed per user.
Example: CPVP-SNX-25

SPRO
Check Point SecurePlatform, needed for e.g. dynamic routing, licensed per Gateway.
Example: CPOS-SPRO-25

SSV
Check Point SmartView Reporter & Monitor, license to generate reports for one Gateway, consists of Eventia Reporter and SmartView Monitor, license for 500 or unlimited users.
Example: CPMP-SSV-500

ST-CMA
SiteManager-1 Standard CMA (Primary CMA), licensed per CMA.
Example: CPSM-ST-CMA-2-NG

ST-CMA-HA
SiteManager-1 Standard CMA (Secondary CMA), licensed per CMA.
Example: CPSM-ST-CMA-2-HA-NG

SXA
Additional Management Sites for SmartCenter UTM, needed if more than the basically licensed Gateways need to be managed.
Example: CPUTM-SXA-2

UAU
Check Point UserAuthority, licensed per user known in UserAuthority.
Example: CPUA-UAU-500

UFP
Web Filtering for nodes managed by SMP, valid for one year.
Example: SMP-UFP-5USR

VAC-IV
VPN Accelerator Cart IV, used for encryption/decryption in Hardware.
Example: CPVH-VAC-IV 

VFF
Check Point FireWall-1 GX Module, needs GMC.
Example: CPGX-VFF-U-NG 

VFF-HA
FireWall-1 GX HA Bundle, needs GMC.
Example: CPGX-VFF-U-HA-NG 

VMC
VPN-1 SecureClient for Macintosh, licensed per user.
Example: CPVP-VMC-100

VPG
VPN-1 Power Gateway, needs a SmartCenter and is licensed per number of users.
Example: CPPWR-VPG-100

VPG-HA
Additional VPN-1 Power Gateway for High Availabilty, requires a SmartCenter as well as VPG and is licensed per number of users.
Example: CPPWR-VPG-HA-U

VSC
Check Point VPN-1 SecureClient for Windows, licensed per user.
Example: CPVP-VSC-500

VSIEP
Check Point Integrity SecureClient endpoint suite, licensed per user.
Example: CPVP-VSIEP-250

VSI
Check Point Integrity SecureClient, licensed per user.
Example: CPVP-VSI-250 

VSS
Check Point VPN-1 SecureServer, Module to protect a single system without IP forwarding enabled, with encryption, SmartCenter for administration needed.
Example: CPVP-VSS-1

VSTREAM
Vstream Antivirus signature updates for nodes managed by SMP, valid for one year.
Example: SMP-VSTREAM-UPD-5USR

VSX
Virtual System Extension, Deployment of virtual machines to manage different firewalls on one system, important for securing VLANs. Licensed by the number of managed systems.
Example: CPPWR-VSX-100

VSX-CMA
Provider-1 CMA Bundle for Virtual Systems Extension (VSX), licensed per Primary VSX CMA.
Example: CPPR-VSX-CMA-C50-NG 

VSX-CMA-HA
Provider-1 CMA Bundles for Virtual Systems Extension (VSX), licensed per Secondary VSX CMA.
Example: CPPR-VSX-CMA-HA-C100-NG 

VSX-HA
Additional Virtual System Extension, additionally needed to VSX for configuring High Availability.
Example: CPPWR-VSX-HA-100

VSX-MEDIA
CD with software for Check Point VSX, includes a Certificate Key for an Evaluation license even if the software is running 15 days for free.
Example: CPVP-VSX-MEDIA-1-NGX

VUG
VPN-1 UTM Gateway, requires a SmartCenter and is licensed per number of users.
Example: CPUTM-VUG-25

VUG-HA
Additional VPN-1 UTM Gateway, requires a SmartCenter as well as VUG and is licensed per number of users.
Example: CPUTM-VUG-HA-250

VUP
VPN-1 UTM Power Gateway, requires a SmartCenter and is licensed per number of users.
Example: CPUTM-VUP-500

VUP-HA
Additional VPN-1 UTM Power Gateway, requires a SmartCenter as well as VUP and is licensed per number of users.
Example: CPUTM-VUP-HA-500

WIT
Check Point Web Intelligence Add-on for VPN-1 Gateway, licensed per protected web server.
Example: CPMP-WIT-10 

WIT-HA
Web Intelligence Add-on for VPN-1 Secondary Gateway, licensed per protected web server.
Example: CPMP-WIT-HA-10 

Usually, here a number can be found. If the number of protected users is unlimited, a U is shown.

Only "internal users" have to be licensed. This means, every user or IP address crossing the Firewall from an internal IP address (internal net, but also DMZ) has to be licensed. Additionally, servers being contacted from external IP addresses are counted.

If a number of sites is referenced, it's usually the number of Firewalls or Edges which have to be licensed. A Gateway Cluster is one site, even if there is more than one Firewall in use.

Concerning Check Point Connectra or Check Point InterSpect, this number stands for the model. The higher the number, the higher is the performance and flexibility of the appliance.

The version is (mostly) no more listed in the license. Old licenses, upgraded to NGX mostly show a "NG", even if this license is for NGX. The same is the case when licensing Provider-1.
If you have a valid Collaborative Enterprise Subscription (CES) on level STANDARD, you can upgrade to NGX free of charge. If not, please contact your reseller to get a license for NGX. Be aware that a reinstatement fee or additional license fee (if having CES BASIC only) is charged.

If you have upgraded licenses which are not UTM or POWER, please be aware that you will need to upgrade your SmartCenter, if you buy another component like e.g. an additional firewall module. You will need a Power or UTM SmartCenter to manage a Power or UTM firewall.