Licensing


Licensing (Description)

Attention!License keys for Versions 6 and 7 are incompatible! Before upgrading to Version 7, you need to request a Version 7 key from your manager.

UserGate Next-Generation Firewall (NGFW) can be licensed:

  • by the number of simultaneous connections;

  • by platform performance parameters.

Licensing by the Number of Simultaneous Connections

The capacity of the system is limited by the number of concurrently connected devices, including terminal server users, except the devices that have their traffic pass through UserGate NGFW using DNAT publishing rules, reverse proxy, web portal, or email traffic protection.

For example, a 100-user license permits concurrent network connections for 100 devices with unique IP addresses. The 101st and subsequent devices will not be able to access the network. There is no limit on the number of user accounts in the system.

Licensing by Platform Performance Parameters

UserGate NGFW can be licensed for unlimited concurrent device connections. System operation is only limited by the performance of the platform purchased and depends on:

  • type of hardware platform (for hardware and software systems);

  • the number of supported virtual machine cores (for a virtual image).

New user sessions are not blocked, performance degrades naturally as the processed traffic increases.

If you try to register invalid hardware with a key with performance limitation, an error will appear: Entered PIN code is licensed for another type of UserGate device, or configuration of this server is not licensed, for example, number of actual CPU cores exceeds the number of CPU cores licensed.

Note If a virtual machine is registered with the valid key and additional cores are added in the future, only the number of cores allowed by the license will be active in the virtual machine.

Additionally Licensed Modules

The following modules can be additionally licensed:

Name

Description

Security Update (SU) Module

The SU module grants the right to receive:

  • UserGate software updates.

  • IPS signature updates

  • L7 application signature updates.

The module is licensed as an annual subscription. After one year, you will need to renew the license to continue receiving updates.

Advanced Threat Protection (ATP) Module

The ATP module includes the following options:

  • Annual subscription to the UserGate URL Filtering website category database

  • Annual subscription to phishing website list, UserGate White List, and UserGate Black List (with ongoing list updates).

  • Annual subscription to UserGate-provided morphological databases.

  • Annual subscription to the Safe Browsing service (ad blocking, search history, safe search, and social media app blocking).

The module is licensed as an annual subscription. After one year:

  • UserGate URL Filtering will stop working.

  • Morphology-based filtering will stop working.

  • The URL lists will continue working but will not be updated.

  • The Safe Browsing service (ad blocking, search history, safe search, and social media app blocking) will stop working.

Mail Security Module

Mail Security includes an annual subscription to email traffic checking using the UserGate antispam module.

UserGate In-Stream Antimalware Module

The module includes an annual subscription to UserGate's in-stream antimalware. After one year, the UserGate antimalware will stop working.

Cluster Module

The module includes a license to allow UserGate devices to operate in cluster mode.

Network Access Control at the NGFW Level Module

This module is designed to work with endpoint devices with UserGate Client software installed, which is one of the components of the UserGate SUMMA ecosystem. A subscription to the module includes:

  • Endpoint network access control at the UserGate NGFW level, when connecting via VPN, based on the results of security compliance checking implemented using HIP profiles.

  • Transferring telemetry of endpoints state to SIEM systems.

  • Access to HIP profiles library updates.

The module is licensed as an annual subscription (up to 5 years). When the subscription expires, the firewall rules configured for NGFW that use HIP profiles as one of the conditions will stop working.

Online License Activation

During online activation, the UserGate device/software accesses the licensing server https://reg2.usergate.com. Technical details is sent to the server, including the UserGate software version number, PIN code, product name, device model, etc. The response is the license term and the list of modules permitted by the license.

If any modules that were previously present in the system are not on this list, they are deactivated and their license is revoked. Newly added modules are activated.

After that, the UserGate device/software checks the license once a day. If everything is OK, nothing happens and the device operates normally. If the license check is successful, this event is recorded in the logs.

If the license servers are unavailable, 14 attempts are made at 120 second intervals. If unsuccessful, the attempts are stopped for 24 hours, followed by 14 more attempts to connect to the activation server again. If the license fails to connect to the activation server during the license validity period, the license is blocked upon expiration (modules with expired license stop working). Each activation server connection error is recorded in the logs.

Online Activation Procedure

To register the product, follow these steps:

Name

Description

Step 1. Go to the Dashboard.

Click the Dashboard icon in the top right corner.

Step 2. Register the product in the License information section.

In the License section, click No license, enter the PIN code, and complete the registration form.

If a NGFW node is in a closed loop without direct access to the Internet, it is possible to activate/update the license through a proxy server. To do this, select Use a proxy server for activation and updates. Then specify the IP address and port of the upstream proxy server. If necessary, specify the login and password for authentication on the proxy server.

A UserGate NGFW license grants the right to use the product forever.

Offline License Activation

Note Available from version 7.1+

If UserGate NGFW cannot access the Internet, the license can be activated offline. NGFW behaves the same way during offline activation when the activation server is unavailable, i.e. the license is blocked when the local time counter expires and the corresponding modules stop working.

Note You need to work with your manager to perform offline activation.

Offline Activation Procedure

Name

Description

Step 1. Open the activation page in your browser.

In the browser go to https://IP-address:8001?features=offline-reg (here IP address is the IP address of the device).

Step 2. Go to the Dashboard.

Go to Dashboard, find the License widget and click No License. Alternatively, you can click Not registered version in the top left corner of the web management interface.

Step 3. Start the offline activation procedure.

In the product activation window, select Begin offline activation and enter your PIN code. Click Next.

Step 4. Receive a query file for offline activation.

The activation wizard will prompt you to download a registration query file. Download the file and forward it to your manager. If you do not know who your manager is, please contact technical support.

Step 5. Wait for your manager to reply with a special response file to complete the offline activation procedure.

The manager should email you the file or use other means to forward it to you in order to complete offline activation.

Step 6. Use the received file to complete the activation procedure.

After you receive the file, open the product activation window and complete license activation: click Finish offline activation and upload the received file.