It depends on what part of your license is expiring. If support expires - the firewall will still pass traffic, but you will not be able to call McAfee technical support or download and apply any patches. If a specific component is expiring, you will not be able to download updates (ie AV, IPS etc) and when the engine expires the functionality will no longer work. Do you know specifically what is expiring? you can also contact your McAfee sales rep for a temporary extension of your license and should work to get your license renewed.
Hi dgold, I am talking about the license status you can see in the dashboard console. Furthermore people told me that when that license is expired firewall will enter in a failure mode.
When you install v8 you have a 30-day trial-license. When you install v7 you have a 7-day trial-license. When this license expires you cannot pass traffic through the firewall until you license it (the firewall is in 'failure mode' then).
If you license the firewall fully you will always be able to pass traffic through it (in regards to the license) -- the license feature that controls this is the 'SecureOS' (at v7) or the 'Firewall' (at v8) feature. This license feature should have NO expiration.
Let's say you add a new NIC to your firewall. The FirewallID (v7) or SystemID (v8) changes then (this ID is some kind of hash of the hardware) and the firewall becomes unlicensed and goes into failure mode, until you re-license it.
Your firewall does not go into failure mode if the Support feature of your license expires. You simply cannot install any hotfixes/upgrades if you do not have Support licensed.
Thanks so much sliedl!
sorry to hi-jack this post but i hve a question with regards to license expiry.
with a expired license am i able to join a cluster?
this was fully licensed until recently and we haven gotten the renewal done yet.
when i try to join this firewall to a cluster, It gives the error " unknown error, unable to perform action"
As far as I know, support does not have to be licensed to join a cluster. Unfortunately that error is very generic, so I recommend taking a look at the audit on both firewalls for any failover related errors.