Sie zeigen eine alte Version dieser Seite an. Zeigen Sie die aktuelle Version an.

Unterschiede anzeigen Seitenhistorie anzeigen

« Vorherige Version anzeigen Version 5 Nächste Version anzeigen »


Description:

SPLA is available for vFirewalls running at least LCOS FX 11.1RU2 or LCOS FX-I 1.2Rel. This article provides guidance for picking the correct license and explains a few special scenarios that do not apply to hardware appliances.

Requirements:

  • LANCOM R&S®Unified vFirewall
  • LCOS FX as of version 11.1RU2
  • LCOS FX-I as of version 1.2 REL
  • Aktive SPLA for your Project

    To use SPLA you first need to enable SPLA on your project. If that has not happened yet, please get in touch with your sales representative.

How vFirewall licenses work:

LANCOM vFirewalls are different from hardware appliances in that the user is able to assign as much or as little hardware resources to the appliance as he needs.

The license for a vFirewall needs to be chosen to fit the resources available to the underlying VM.

If the underlying VM offers more resources than the license allows for, the license will be rejected.

The following table shows how much resources a VM may offer for a given vFirewall size. The shown values are for clarification. Refer to current price list or LMC user interface for binding values).

Ressource

vFirewall- S

vFirewall- M

vFirewall- L

vFirewall- XL

max CPU Cores

1

2

4

16

max RAM [GB]

4

8

16

64

max Users

20

100

200

500

max VLANs

16

32

64

256

  • You can always select a license that allows for more resources that your VM offers.
  • If your VM exceeds even one of the limits, you need to choose a bigger license or restrict your VM.

Choose license:

1. Open the Device Details page and click the Overview tab.

2. In the Licence Info tab, click the Select licence button.

3. You will now be prompted to select the desired vFirewall licence size.

4. To select a licence size, click the Select button in the corresponding column.

Choosing the right license - A positive example:

In this positive example, the specifications of the VM are as follows:

  • 4 CPU Cores
  • 8GB RAM


Refer to the table above to find the right licence.

We start on the left with a vFirewall-S, the most affordable licence.

  • vFirewall-S
    • does not allow for more than one CPU core
    • does not allow for more than 4 GB of RAM 
    •  Result: You need a larger license.
  • vFirewall-M
    • does not  allow for more than 2 CPU cores
    • would allow for 8 GB of RAM 
    • Result: You still need a larger license, because of the CPU restrictions.
  • vFirewall-L
    • allows for our 4 CPU cores
    • allows for our 8 GB of RAM and would even allow to go as high as 16 GB
    • Result: This is the most economical choice.
  • vFirewall-XL
    • Result: Would also be applicable, because it allows for even more resources.


Choosing the right license - A negative example:

In this negative example, the specifications of the VM are as follows:

  • 4 CPU Cores
  • 8 GB RAM

If you select the vFirewall-S licence, the licence will only allow the firewall to run on VMs that have no more than one CPU core and no more than 4 GB of RAM.

However, the VM offers more resources and vFirewall will reject the licence (see the following figure). To use the additional VM performance, you must purchase a larger licence.

If your request is denied, you can also check the system log of the vFirewall. You should find a log entry describing the problem, such as

or

Wenn Sie eine Lizenz ausgewählt haben, die nicht groß genug ist, können Sie jederzeit zum Lizenzauswahlfenster in der LMC zurückkehren, um eine geeignete Lizenz auszuwählen.

Changing the Size of Your vFirewall

An advantage of using a VM as a host to your firewall is the option to adapt its configuration, depending on how much resources are actually required. SPLA makes this even easier by offering flexible billing and quick and simple license file deployment.

However, when changing the hardware of your VM you need to take special care in order to prevent interruptions from the restrictions mentioned above.

The necessary procedure depends on whether you want to upgrade (allocate more resources) or downgrade (allocate fewer resources) your VM.

Upgrade: Add More Resources

Just adding resources to your VM would void the license because of the license size restrictions mentioned in the beginning section of this article. After booting the firewall with the extra CPU cores or RAM the existing license would be rejected. Follow these steps to avoid such problems:

  1. Go to the license selection screen in the LMC and pick a license matching the resource layout you wish to upgrade the VM to. The beginning section of this article will help you identifying the minimum license size.
  2. After the license is applied, shut down the vFirewall and adjust the VM's settings.

Boot the firewall again. Everything should be running as it used to, only faster.

Downgrade: Remove Extra Resources

Removing extra resources is less of an issue, because your current license will always keep working with fewer resources than you used before. Still, you don't want to pay more than necessary. Follow these steps to avoid problems.

  1. Shut down the vFirewall and reduce the resources as desired.
  2. Boot up the firewall.

Go to the license selection screen in the LMC and pick a smaller license that is still large enough to meet the requirements determined by the VM configuration.

Examples

Let's look at some examples.

Upgrade: Add Extra Main Memory

Our vFirewall is currently configured as such

  • vFirewall-M
  • 2  CPU cores
  • 8GB RAM

We want to add another 8GB of RAM, making it a total of 16GB. We'll proceed as follows:

  1. On the license selection screen in the LMC we'll find the smallest vFirewall flavor that meets the requirements of the new resource layout. vFirewall-L allows for 4 CPU cores and 16GB of RAM. Since we're still only using 2 CPU cores and are still within the 16GB RAM limit for a vFirewall-L. This is the size we'll select.
  2. We're waiting for the license to be applied. Afterwards, we shut down our VM and can now increase the RAM to 16GB.
  3. We now boot the firewall again. That's all we need to do.

Downgrade: Removing Extra Main Memory

Our vFirewall is currently configured as such

  • vFirewall-L
  • 2  CPU cores
  • 16GB RAM

It's summer time and people are on holiday. The vFirewall does not need 16GB of RAM for now, 8GB will do for a few weeks. We want to decrease the main memory to 8GB. We'll proceed as follows:

  1. Shut down the vFirewall and reduce the RAM to 8GB.
  2. Boot up the vFirewall.
  3. We'll go to the license selection screen in the LMC and find the smallest vFirewall flavor that meets the requirements of the new resource layout. vFirewall-M allows for 2 CPU cores and 8GB of RAM. Since we'reonly using 2 CPU cores and have reduced our RAM we're within the limits for a vFirewall-M. This is the size we'll select. That's it.

Tips and Tricks

It could happen that the license selection screen in the LMC already shows the values you wish to apply (i.e. vFirewall size and license flavor), and clicking them again won't trigger a license rollout to your device. But, for whatever reason, you do want an immediate license rollout to your device. In this case, just briefly select a different license flavor (e.g. "Basic" instead of "Full"). Afterwards, change back to the desired flavor.


More articles on this topic:

 

 

All LANCOM products and software versions are subject to LANCOM Software Lifecycle Management.
You can find information on our website at https://www.lancom-systems.com/products/firmware/software-lifecycle-management

© 2025 LANCOM Systems GmbH