06-06-2012 10:55 PM
I'm having some serious problems with our srx 650 dynamic vpn. For some reason the firewall doesn't release the licenses and the users keep getting the error "firewall is out of licenses". We have 25 licenses installed and I am positively sure that all of them is not being used in the middle of the night. Can anyone tell me how to release the licenses without rebooting? I've tried the following:
06-07-2012 03:35 AM
As John said various versions have the licencing not releasing issue. I know 11.1 R4.4 works if you are around or close to that version it may be worthwhile upgrading/downgrading.
You could try the following also:
user@srx>show security dynamic-vpn users
user@srx>clear security dynamic-vpn user ike-id "IKE ID" "Username"
user@srx> start shell
user@srx% rm -rf /var/db/dynamic-vpn-ipsec/tokens-info
06-07-2012 06:57 AM - edited 06-07-2012 06:59 AM
Actually there is no fix availible at the moment (jtac information). It is fixed in 12.3 and they are still investigating if this fix can be ported to earlier releases.
I got following workaround from them:
1. delete /var/db/dynamic-vpn-ipsec/tokens-info 2. perform this cli command: cli> restart web-management 3. uninstall the license and install it back in
What is also working for one customer with a SRX100 is to reboot the system. But i think in your case this is no option for a SRX650 ;-).
Maybe you can open another case and refer to my case (Case #2012-0425-0410).
06-07-2012 08:55 PM - edited 06-07-2012 09:00 PM
I'm running 11.4R2.14. We had problems with the earlier versions also so I can't use them either. And only 11 and above have all the features I need. I've been waiting a working version for over two years now.
Even after i unistalled the license and installed it back they were marked as used. It seems that nothing else than a reboot works so i guess i'll have to do it every night. But thank you all for you help