Licensing Endpoint Security in R70

This document is outdated since Check Point has introduced an Endpoint Security Software Blade for licensing further Service Blades.
Please refer to this document instead!

*Platform:*	Any platform for Check Point VPN-1/FireWall-1
*Product:*	Check Point R70
Problem:	There are many RAS clients available, but licensing them is often not clear.
*About the licenses:*	In earlier times, licensing of RAS Clients has been easy: SecuRemote is basically for free, SecureClient needs a license per user at the Policy Server. SecuRemote isn't supported any more. Most of the current products are licensed 'per seat' - meaning the system the client is installed on. So a user with 2 PCs needs two licenses, two users using the same PC need only one license. Special conditions when licensing them with Check Point Connectra and/or SNX! Now, each VPN client needs to be licensed using Endpoint Security Secure Access License e.g. CPEP-SA-1-1TO99 This license is necessary for using each of these configurations: - Check Point Endpoint Security Secure Access The follower of the 'Integrity Secure Client', requiring the (included) Endpoint Security Server. Many checks to be configured, including firewall policy, application control and VPN. - Check Point SecureClient The 'good old' SecureClient with basic checks and a rulebase to be defined per user group. There is one default user group. Using Office Mode is optional. - Check Point Endpoint Connect The new flexible VPN client, offering VPN only. No more security features included. - SSL Network Extender (SNX) Using the SSL Network Extender is reasonable when no VPN client can be installed. SNX uses ActiveX or Java to tunnel all traffic via HTTPS to the Security Gateway. The known license for SecureClient isn't valid for Check Point R70, so a Trade In is necessary.

Check Point VPN-1/FireWall-1

How to license Remote Access Clients