Method used to change the license on USG firewalls

2

1. If functions controlled by a license need to be expanded or added, you need to acquire a license file again. Perform the steps for applying for a license file. The license center automatically combines the original license file and the license file for a new feature and generates a new license file.
2. If the previous license file is used on device A and it will be used on device B, seek help from the license management center, by sending the device ESN, LAC, contract No. and change information to license@huawei.com.

Other related questions:
Method used to import the license file on USG firewalls
On the USG2000, USG5000, and USG6000, you need to import the license file (.dat file) to the root directory of the storage device. Generally, you can import the file in FTP mode. For example, when a USG firewall functions as an FTP server, import the license file as follows: system-view, [USG] ftp server enable //Enable the FTP function on the firewall. [USG] aaa [USG-aaa] local-user admin password irreversible-cipher Admin@123 //On the FTP server, configure the FTP user authorization mode, priority, and authorization directory. [USG-aaa] local-user admin service-type ftp [USG-aaa] local-user admin level 3 [USG-aaa] local-user admin ftp-directory flash: [USG-aaa] quit [USG] interface GigabitEthernet 0/0/1 [USG-GigabitEthernet0/0/1] ip address 128.18.90.111 255.255.255.0 //Configure the IP address of the FTP server. [USG-GigabitEthernet0/0/1] quit On the PC, perform the following operations: C:\Documents and Settings\user> ftp 128.18.90.111 //Connect to the server. Trying 128.18.90.111 ... Press CTRL+K to abort Connected to 128.18.90.111. 220 FTP service ready. User(128.18.90.111:(none)):admin 331 Password required for admin. Password: //Enter the password. 230 User logged in. ftp> binary 200 Type set to I. ftp> put xx.dat //Upload the license file.

Method used to view the license information on USG firewalls
On the USG2000, USG5000, and USG6000, you can run the display license command to view the license information. display license Device ESN is: 210235XXXXXXXXXXX The file activated is : hda1:/license.dat //Activated license file The time when activated is : 2010/08/31 11:23:45 //System time when the license file is activated. You can determine whether the license file is activated. VFW: 100 SSL VPN Concurrent User : 500 Content Filtering: Enabled GTP: Enabled IPS: Enabled; service expire time: 2012/06/16 Anti Virus : Enabled; service expire time: 2012/06/16 Anti Spam: Enabled; service expire time: 2012/06/16 Pre-defined URL category query: Enabled; service expire time: 2012/06/16 //License expiration time

Method used to configure the router-on-a-stick on USG firewalls

The router-on-a-stick can address the limited physical interface resources issue. By configuring multiple subinterfaces, corresponding to different VLANs, for a physical interface, a physical interface can enable different VLANs to communicate with each other. For example, you can configure the router-on-a-stick on the USG2000, USG5000, and USG6000 as follows: [USG] interface GigabitEthernet1/0/3.1//Configure subinterface 1. [USG-GigabitEthernet1/0/3.1] vlan-type dot1q 10//Terminate VLAN 10. [USG-GigabitEthernet1/0/3.1] ip address 10.3.1.1 255.255.255.0//Configure the IP address for the subinterface. [USG-GigabitEthernet1/0/3.1] quit [USG] interface GigabitEthernet1/0/3.2//Configure subinterface 2. [USG-GigabitEthernet1/0/3.2] vlan-type dot1q 20//Terminate VLAN 20. [USG-GigabitEthernet1/0/3.2] ip address 10.3.1.1 255.255.255.0//Configure the IP address for the subinterface.


Whether the license upgrade activation code is changed on USG firewalls
The license upgrade activation code is not changed. However, one activation code can be used once only. Generally, the activation code is used when you activate the license file for the first time. If the license version and firewall version are inconsistent after you upgrade the firewall version, you can upgrade the license. You can seek help from the license management center, by sending the device ESN, LAC, contract No. and symptom description to license@huawei.com.

Method used to view the sequence number on USG firewalls
The sequence numbers of the USG2000, USG5000, and USG6000 are classified into the following types: -Equipment sequence number (ESN) -Component sequence number, indicating the sequence number of each component, including the board sequence number, interface subboard sequence number, optical module sequence number, and power module sequence number For the USG2000 and USG5000, check the sequence number as follows: 1. Check the ESN of the device. display firewall esn Device ESN is: 2102359833Z0C80000xx Alternatively, run the following command: display license Device ESN is: 210235XXXXXXXXXXX //Check the ESN. The file activated is : hda1:/license.dat The time when activated is : 2010/08/31 11:23:45 2. Check the ESN of each slot. display elabel [Board Properties] BoardType=SU2Z23UHT BarCode=210235G425Z0A80000xx //Device ESN Item=0235G425 Description=Secospace USG5100,SU2Z23UHT,USG5150BSR Host,with HS General Security Platform Software Manufactured=2010-08-21 VendorName=HuaweiSymantec [Slot_1] /$[ArchivesInfo Version] /$ArchivesInfoVersion=3.0 [Board Properties] BoardType=SU11FSHLB BarCode=02G194D0A40000xx //ESN of the board in slot 1 Item=0302G194 Description=SRG20,SU11FSHLB,2 Channel G.shdsl Interface Board,3*1 For the USG6000, check the sequence number as follows: 1. Check the ESN of the device. display firewall esn Device ESN is: 2102359833Z0C80000xx 2. Check the ESN of all slots of the NGFW. display esn License ESN: 2102359833Z0C80000xx Slot # Type S/N P/N - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 1 SUAZ83UAH 210235G7G70123401230 0235G7G7 2 SUE3E8GF 02G3AC10D5000007 0302G3AC 4 SUE3E4BY 02G3A710D6000007 0302G3A7 8 SUA2E2XSF 02G3C710D6000028 0302G3C7 9 PWR 2102310GQVP0D3000081 02310GQV 10 PWR 2102310GQVP0D3000085 02310GQV 11 RPU 2102359833Z0C800000A 02359833 13 FAN 210212090410D6000034 02120904

If you have more questions, you can seek help from following ways:
To iKnow To Live Chat
Scroll to top