R70's cp.macro: Some great finds!

Hello great friends! I pulled apart an R70 cp.macro and made some interesting finds. Enjoy. No need for an introduction, just read on.



Find 1: The Advanced Networking Blade includes the ConnectControl feature

ConnectControl enables server load-balancing similar to what Radware or F5 devices might provide (but less feature rich). On the UTM/Power price list ConnectControl is normally $8,000. If ConnectControl is going to be useful to you, then the ADN blade just made a massive leap in value.

#DESCRIPT#CPSB-ADN#Advanced Networking blade: Quality of Service, Dynamic Routing and Multicast support, Server load balancing

MACRO ::CPSB-ADN        CPTC-FGM-U-NGX CPFW-CC-U-NGX



Find 2: 

(a) Management HA is included in all Security Management Containers, previously SmartCenter 

This explains why Management HA disappeared from the price list and also soothes the pain of the SmartCenter price increase. 

(b) Container SKUs exits for SKUs that are not on the price list

The SKUs in italics are on the price list.

MACRO ::CPSM-C-1        CPSM-REMOTE-1-NGX CPMP-HA-MGMT-NGX

MACRO ::CPSM-C-2        CPMP-REMOTE-2-NGX CPMP-HA-MGMT-NGX

MACRO ::CPSM-C-3        CPMP-REMOTE-2-NGX CPSM-REMOTE-1-NGX CPMP-HA-MGMT-NGX

MACRO ::CPSM-C-5        CPMP-REMOTE-4-NGX CPSM-REMOTE-1-NGX CPMP-HA-MGMT-NGX

MACRO ::CPSM-C-10*       CPMP-REMOTE-10-NGX CPMP-HA-MGMT-NGX  

MACRO ::CPSM-C-25*       CPMP-REMOTE-5-NGX CPMP-REMOTE-20-NGX  CPMP-HA-MGMT-NGX

MACRO ::CPSM-C-50       CPMP-REMOTE-20-NGX CPMP-REMOTE-20-NGX CPMP-REMOTE-10-NGX CPMP-HA-MGMT-NGX

MACRO ::CPSM-C-150      CPMP-REMOTE-20-NGX CPMP-REMOTE-20-NGX CPMP-REMOTE-20-NGX CPMP-REMOTE-20-NGX CPMP-REMOTE-20-NGX CPMP-REMOTE-20-NGX CPMP-REMOTE-20-NGX CPMP-REMOTE-10

MACRO ::CPSM-C-U*        CPSM-REMOTE-U-NGX CPMP-HA-MGMT-NGX



Find 3: SmartMap is now included in all Security Management Containers (as part of the NPM blade)

Many of us wondered where it had gone, well, we've found it!

#DESCRIPT#CPSB-NPM#Network Policy Management blade

MACRO ::CPSB-NPM        CPMP-SCT-1-NGX CPMP-VPE-U-NGX



Find 4: Some blades will, once licensed, produce a management server component/license and a gateway (module) component/license

This has no commercial impact, only an operational one. Is it a big issue? No not really. Just worth knowing before hand

MACRO ::CPSB-ADN        CPTC-FGM-U-NGX CPFW-CC-U-NGX (management)

MACRO ::CPSB-ADN-M      CPOS-SPRO-U-NGX (module)

MACRO ::CPSB-ACCL       CPMP-PPK-1-NGX CPMP-CXL-HA-U-NGX CPVP-CPLS-1-NGX (management)

MACRO ::CPSB-ACCL-M     CPMP-CXLS-U-NGX (module)


Find 5: The Security Gateway containers provide 50, 500, 5000 & 5000 SecuRemote licenses respectively.

For what it's worth, SecuRemote is included. 

MACRO ::CPSG-C-1-50     CPMP-MC-Base-NGX CPSG-50 CPVP-VSR-50-NGX

MACRO ::CPSG-C-2-500    CPMP-MC-2-NGX CPSG-500 CPVP-VSR-500-NGX CPSG-500

MACRO ::CPSG-C-4-U      CPMP-MC-4-NGX CPSG-U CPVP-VSR-5000-NGX

MACRO ::CPSG-C-8-U      CPMP-MC-8-NGX CPSG-U CPVP-VSR-5000-NGX



Find 6: Although there is no container SKU that uses it, there is a CPSG-250 sku in the cp.macro. 

This is an observation only, and not intended to set expectation that a 250 user gateway container will ever ship. 

MACRO ::CPSG-C-1-50     CPMP-MC-Base-NGX CPSG-50 CPVP-VSR-50-NGX

MACRO ::CPSG-C-2-500    CPMP-MC-2-NGX CPSG-500 CPVP-VSR-500-NGX CPSG-500

MACRO ::CPSG-C-4-U      CPMP-MC-4-NGX CPSG-U CPVP-VSR-5000-NGX

MACRO ::CPSG-50         fw1:6.0:hosts50

MACRO ::CPSG-250        fw1:6.0:medium250 <== Here

MACRO ::CPSG-500        fw1:6.0:medium500



Find 7: The SM1001 is in fact the $1000 CLM from the UTM/Power price list

You might want to order your CLMs sooner rather than later

MACRO   ::CPMP-CLM-1-NGX        fw1:6.0:clm

MACRO ::CPSB-LOGS       CPMP-CLM-1-NGX




Find 8: There are no SKUs in the cp.macro for the bundled container licenses. 

Initially I assumed this meant that you could buy a container license and then split the blades out of it, but after some though, I doubt this will be the case. Simply I believe the bundled SKUs will produce an unsplittable compound license:
e.g. For an SG203 the license might look:   192.168.1.1 never c4f2335c7ab CPSG-C-2-500 CPSB-FW CPSB-VPN CPSB-IPS CK-ABC123DEF456

If you purchase a bundled gateway container licenses, I'd love to see the feature string 

#DESCRIPT#CPSG-C-1-50#Security Gateway Container for Security Gateways with 1 core and up to 50 users with FireWall blade
#DESCRIPT#CPSG-C-2-500#Security Gateway Container for Security Gateways with 2 cores and up to 500 users with FireWall blade
#DESCRIPT#CPSG-C-4-U#Security Gateway Container for Security Gateways with 4 core and Unlimited users with FireWall blade
#DESCRIPT#CPSG-C-8-U#Security Gateway Container for Security Gateways with 8 core and Unlimited users with FireWall blade
MACRO ::CPSG-C-1-50     CPMP-MC-Base-NGX CPSG-50 CPVP-VSR-50-NGX
MACRO ::CPSG-C-2-500    CPMP-MC-2-NGX CPSG-500 CPVP-VSR-500-NGX CPSG-500
MACRO ::CPSG-C-4-U      CPMP-MC-4-NGX CPSG-U CPVP-VSR-5000-NGX
MACRO ::CPSG-C-8-U      CPMP-MC-8-NGX CPSG-U CPVP-VSR-5000-NGX


Find 9: Old licenses are still there

Meaning that all this nonsense about having to upgrade your licenses to blades to use R70 is just that.
(Although I wouldn't be surprised if R70 enforces a contracts file now. I don't know the answer either way, I am simply noting my feeling here).

For example, a VPN-1 UTM/Power feature string is something like this: CPMP-VPG-XL-NGX CPXP-CI-VPX-U-NGX CPVP-VPS-1-NGX

And if you look hard, you'll find each of them there. Do the same test with your own licenses to be sure.


egrep "CPMP\-VPG\-XL\-NGX|CPXP\-CI\-VPX\-U\-NGX|CPVP\-VPS\-1\-NGX" ./cp.macro


The above will do it, but the output's a little big  to post here ;)






Thanks for reading, and for those of you who are extra nosey, you might want to take a look yourself. There are some other things in there that I didn't publish.


21 Mar 2009 22:00
Please feel welcome to leave comments