As of NetScreen-Security Manager (NSM) Release 2007.3, the NSM product line uses a licensing mechanism to prevent unauthorized access to an unlicensed copy of NSM and to enforce a limit on the maximum number of devices that can be managed by NSM.
The base license (NS-SM-A-BSE and NS-SM-S-BSE) supports 25 devices with HA, including modeled, VSYS, ScreenOS, and IDP. To manage more than 25 devices, a license key must be retrieved from the Juniper License Management Server (LMS) and then installed onto the NSM Server or NSMXpress.
Problem or Goal:
Symptoms & Errors:
Cannot install or upgrade to NSM 2007.3 due to licensing requirements
Do I need a license for more than 25 devices?
How does NSM count the devices?
Where do I find the NSM Serial number?
Do I need a license for NSM Central Manager (CM) or Regional Server?
Below are some Frequently Asked Questions for Licensing on NSM 2007.3
What has changed with licensing on NSM 2007.3?
Starting with NSM 2007.3 the licensing has been changed. Customers need to access the Juniper Networks License Management System (LMS) and provide the NSM serial number to obtain the license for NSM if you manage more than 25 devices.
What is the URL for the License Management system (LMS)?
The License Management System Tool is accessible from the Juniper Support page. Login access is required. Manage Product Licenses
How to retrieve the serial number of NSM for license generation?
The serial number of NSM is not displayed in the software. It can be shown under the list of products registered under your Juniper support account online. Please contact Juniper customer care if unable to obtain the NSM serial number.
How did Juniper Networks manage the NSM license key prior to LMS and the release of 2007.3?
NSM did not enforce the licenses purchased with the product to support a maximum number of devices, but users still needed to purchase additional licenses to support the correct amount of devices.
If I am managing 25 devices or less, do I need a license?
During a new installation, the NSM 2007.3 installer will prompt if you would like to use the NSM base license which supports up to 25 devices and HA mode. It is not required to obtain a license for 25 devices or less.
What if I have more than 25 devices while upgrading NSM to 2007.3?
During an upgrade, the installer will detect the total amount of devices and will only offer to use the base license if the number of devices does not exceed 25. If above 25, the installer will require the license to be input before the upgrade can continue.
Which device types does NSM count towards the total device count?
NSM counts single addition of firewall and IDP as one device. Each VSYS device added to a firewall root device is counted as one device. Clusters are counted as two devices for firewall, and VSYS and IDP
Do I need a license for NSM HA or extended HA support?
The base license can be used for HA up to 25 devices. When requesting an NSM license from the LMS web site, if HA mode is selected when entering license details you will be prompted to enter the “Install ID” of the secondary server in order to generate the appropriate license with HA support for both Gui Servers. The device servers do not require a license to be installed for extended HA (4 server) configurations.
How do I install the license key on NSM?
During the initial installation or upgrade to 2007.3, the installer will prompt if you wish to use the base license or provide an NSM license. Select the option to provide an NSM license, the installer will generate an “Install ID”. Login to the Juniper LMS web site and provide your serial number, “authorization code” and “Install ID”. If you have received paper licenses certificates and do not have an “authorization code”, please call Juniper customer care to provide you an “authorization code”. Save the license file provided by LMS and provide the path to the license file to the NSM installer.
Viewing License Key Information
To view the license key information, in the menu bar, click Tools > NSM License Information
What is the procedure to add a new license after the initial installation or after the device count limit is reached?
License upgrades can be purchased at any time for any supported product. After purchasing a license upgrade, you receive a Right to Use (RTU) certificate containing an authorization code that allows you to log into the LMS system and generate a permanent license key that can be applied to the NSM product. License Keys updates can then be applied from NSM GUI from Tools > NSM License Information
What is the maximum number of devices that can be licensed?
The maximum number of devices allowed for NSM appliances and NSM software installations is 525 devices and 6025 devices, respectively. These numbers include all modeled devices, VSYS devices, and cluster devices.
What happens if I exceed the number of devices?
If you try to add a device after the number of devices added reaches 90% of the license limit, a warning message appears. If you try to add an extra device after the maximum limit is reached, a dialog box appears with the message “Maximum number of supported devices is reached.” You will not be allowed to add devices after reaching the license limit.
Does NSM Central Manager (NS-SM-A-CM) require a License Key?
NSM Central Manager doesn’t require a license key for installation. Enforcement is built into the product.
Does NSM Regional Server require a License Key?
NSM Regional Server is treated like a standard NSM Server and requires a license or the base license.
Are there any differences in license for NSM appliance and Software?
No. Both will be subjected to the same licensing scheme, but their installation methods are different. NSM Software version uses “NSM Installer” to install the new license and NSM appliance version uses the Web UI to install the license. License can also be installed via the NSM GUI after the base installation is completed.
What are the different types of SKUs available for licensing NSM?
NSMXpress appliance base license including 25 devices