A10_GLM_PERP_GUIDE

Global License Manager User Guide
June, 2024
© 2024 A10 Networks, Inc. All rights reserved.
Information in this document is subject to change without notice.
PATENT PROTECTION
A10 Networks, Inc. products are protected by patents in the U.S. and elsewhere. The following website is provided
to satisfy the virtual patent marking provisions of various jurisdictions including the virtual patent marking
provisions of the America Invents Act. A10 Networks, Inc. products, including all Thunder Series products, are
protected by one or more of U.S. patents and patents pending listed at:
a10-virtual-patent-marking.
TRADEMARKS
A10 Networks, Inc. trademarks are listed at: a10-trademarks
CONFIDENTIALITY
This document contains confidential materials proprietary to A10 Networks, Inc. This document and information
and ideas herein may not be disclosed, copied, reproduced or distributed to anyone outside A10 Networks, Inc.
without prior written consent of A10 Networks, Inc.
DISCLAIMER
This document does not create any express or implied warranty about A10 Networks, Inc. or about its products or
services, including but not limited to fitness for a particular use and non-infringement. A10 Networks, Inc. has made
reasonable efforts to verify that the information contained herein is accurate, but A10 Networks, Inc. assumes no
responsibility for its use. All information is provided "as-is." The product specifications and features described in
this publication are based on the latest information available; however, specifications are subject to change without
notice, and certain features may not be available upon initial product release. Contact A10 Networks, Inc. for
current information regarding its products or services. A10 Networks, Inc. products and services are subject to A10
Networks, Inc. standard terms and conditions.
ENVIRONMENTAL CONSIDERATIONS
Some electronic components may possibly contain dangerous substances. For information on specific component
types, please contact the manufacturer of that component. Always consult local authorities for regulations
regarding proper disposal of electronic components in your area.
FURTHER INFORMATION
For additional information about A10 products, terms and conditions of delivery, and pricing, contact your nearest
A10 Networks, Inc. location, which can be found by visiting www.a10networks.com.
Table of Contents
Overview 5
Licensing 5
Modular License 6
Features and Advantages 7
Acquiring a Trial License 8

Creating a GLM Account 9
Request Add-On Licenses from ACOS 10
Web URL Classification and Reputation License 10
IP Threat Intelligence License 10
Application Visibility License 11
IPsec License 12
Requesting IPsec VPN License 12
IPSec Perpetual License 13
Obtaining a Trial License 14
Obtaining your License Activation Key 18

Obtaining your UUID/UID/Host ID 19
Obtaining an ACOS UUID 19
Obtaining ACOS UUID from the GUI 20
Obtaining ACOS UUID from the CLI 20
Obtaining an aGalaxy UUID 21
Signing Into GLM 22
Activation Key License Installation 23
Installing Activation Key 23
Activation Key Installation from the GUI 23
Activation Key Installation from the CLI 25
aGalaxy Activation Key License Installation 33
URL Classification License Installation 34
Verifying URL Classification License on an ACOS device 36
3
Global License Manager User Guide
Contents
Activating the URL Classification Database 36

Verifying the URL Classification Library 37
Enabling IPsec Perpetual License on GLM 37
Upgrading IPsec Perpetual License 38
Verifying Modular License Activation 42
Verifying License Activation Using GUI 43
Verifying License Activation Using CLI 43
Viewing Allocated Hardware Parameters 44
Managing GLM Licenses 52

User Account Options 52
Authorizing Licenses for Other Users 53
Authorizing Account for Other Users 54
Modifying User Settings 54
Working with Existing Licenses 54
Migrating an Existing License 55
Dealing with an Invalid License 55
Renewing a URL Classification License 56
Support and Resources 59
Obtaining Technical Assistance 59
Return Merchandise Authorization Requests 60
Resource Downloads 61
4
Overview
The A10 appliances can be provisioned under one of the following licenses:
l Perpetual License - Under this license, the ACOS appliances are provided with all
hardware and software capabilities irrespective of the business requirements.
l Modular License - Under this software-driven license, the ACOS appliances can be
customized as per your business needs. Modular license is enforced on all new
devices. For more information, see Modular License.
NOTE:
l The older devices will continue to operate with the Perpetual
license (and no license in the case of Hardware Thunder).
l Switching from a modular license to a non-modular license is not
supported on vThunder devices.
This document provides a step-by-step procedure on how to obtain an activation

key license for your A10 appliance using A10 Networks’ Global License Manager
(GLM) after A10 Networks approves the order, along with instructions on how to
import your activation key license to your A10 appliance.
Licensing
The Global License Manager (GLM) is the master licensing and billing system for A10
Networks’ appliances. The GLM is managed by A10 Networks and is the primary
portal to use to obtain an activation key license for purchased appliances. This
uniform resource locater (URL) may also be used to create trial licenses, manage
existing assets, track license status, request Return Merchandise Authorizations
(RMA), and access installation resources such as updated patches for various A10
appliances. The URL is https://glm.a10networks.com/.
5
Global License Manager User Guide Feedback
Overview
Figure 1 : Initial Global License Manager Sign In Page
Modular License
The Modular license provides a license-driven performance model that enables
tiering of the hardware platform (for example: Low, Medium and High). The tiering
provides agility to upgrade from a lower-end performance model to a higher-end
performance model without changing the hardware platform.
You have the flexibility to customize the hardware performance by selecting the
license (for example: Low, Medium and High) that suits your needs. Based on the
license selected, the following device parameters are allocated:
l Number of CPU Cores
l Number and type of ports
l Bandwidth
l Memory
l SSL Chipset: Software Only / QAT / N5
The allocation of these hardware parameters drive the device performance

characteristics such as the number of Layer 4/Layer 7 sessions, the number of
Connections-Per-Second (CPS), the Packets-Per-Second (PPS), the throughput, and so
on.
NOTE: The naming convention for the license types i.e., Low, Medium and High
is subject to change. It is mentioned here only as an example.
6
Overview
Features and Advantages

This software-driven license provides the following features and advantages:
l Enables the hardware platform to be provisioned with one the following products
without changing the hardware:
o Application Delivery Controller (ADC)
o Carrier Grade NAT (CGN)
o Convergent Firewall (CFW)
o Threat Protection System (TPS)
o Secure Socket Layer Insight (SSLi)
For example, based on the license selected, the TH4440 device can be provisioned
with either TH4440-ADC or TH4440-CGN.
Additionally, Application Delivery Controller – Modular (ADCM) product is also
available. Unlike the ADC, a device provisioned with ADC-M does not support
CGNAT functionality; it only supports the ADC functionality. Tiering is enabled for
this product as well.
l Provides performance-based tiering for these products. For example, in case of the
ADC products, ADC-Low, ADC-Medium, and ADC-High licenses are available to
provision the desired performance model. Each performance model has different
number of hardware parameters such as ports, bandwidth, CPU, and memory
based on the license selected.
l Offers the pay as you grow model. You need to pay only for the selected
performance model instead of the whole package. Additionally, the operational
cost of hardware logistics and re-deployment are reduced.
l Offers the flexibility to choose the performance model (Low, Medium or High) as
per your business requirements.
l Provides easy license upgrading and downgrading capability without changing the
hardware platform. For example, you can change from ADC-Low to ADC-High, by
raising a request with the A10 sales team.
NOTE: The naming convention for the license types i.e., Low, Medium and High
is subject to change. It is mentioned here only as an example.
7
Acquiring a Trial License
A10 Networks offers a trial license for a number of its appliances.

An ACOS user can easily request licenses, using a new or existing GLM account. If
the Unique User ID is available on a GLM organization, ACOS provides a license or
trial for that organization. Users from a different organization can also request a
license. A new user is created for the username and organization along with a trial
license ID.
The following topics are covered:

Creating a GLM Account 9
Request Add-On Licenses from ACOS 10
Obtaining a Trial License 14
8
Creating a GLM Account

To obtain a trial license for the various appliances, a GLM account is required.
To create a GLM account:
1. Access the GLM portal https://glm.a10networks.com/ .
2. In the Sign In page, click Don’t have an account?
The Start your free trial today! page is displayed.
3. In the Start your free trial today! page, enter the required details and accept the
End User License and Services Agreement by selecting the field.
4. Click Submit.
An email will be sent to your email address.
5. Follow the instructions provided in the email and click Confirm my account to
confirm your account.
For future use, the login name is the user’s email from which the account
information is received.
6. Log into GLM to acquire a trial license.
9
Request Add-On Licenses from ACOS

ACOS has Third party add on licenses which offer 90 day trial periods. It is possible to
request a trial or permanent license and can be initiated from the ACOS CLI or
management GUI.
User can request a license by clicking a Request Trial button on GUI. The license will
be issued immediately, and installed so that trial can begin right away.
NOTE: This quick trial license is valid for ACOS Thunder Hardware, VM-
vThunder and Container Thunder.
However, the IPSEC VPN license is provided only after approval by
system administrator.
The 90 day trial license is available for:

l Web URL Classification and Reputation License
l IP Threat Intelligence License
l Application Visibility License
Web URL Classification and Reputation License

Web URL Classification and Reputation enables web traffic to be classified into one
or more web categories and given a reputation index. Security policies based on web
classification and reputation may be defined to deny, decrypt, inspect, proxy, steer,
or log. Example web categories include financial services, health and medicine, bot-
nets, and malware. Reputation index indicates whether the URL is trustworthy, low
risk, medium risk, suspicious or high risk.
IP Threat Intelligence License

IP Threat Intelligence enhances firewall capabilities by blocking incoming and
outgoing connections to known malicious sites. It may also be used to identify
compromised hosts within the network. Malicious IP addresses are categorized by
attack type and are dynamically updated to adapt to a changing threat environment.
10
Application Visibility License

Application Visibility enables traffic to be classified by a combination of deep packet
inspection and behavior analysis. Application security policies provide control over
individual or groups of similar applications permitted to use the network.
Applications are identified and categorized into groups such as peer-to-peer,
multimedia, social networking, and anonymizers. Periodic updates allow evolving and
new applications to be identified.
The following functions are available when license is enabled:
l Trial licenses can be requested and immediately obtained only if they have never
been issued before for the used device.
l Trial license requests can be initiated from Thunder CLI, GUI or ACT GUI
l For vThunder or cThunder, a trial can be requested.
l Trial license request can be initiated from Harmony to Thunder.
l Thunder license request does not require Thunder administrator to login to the
GLM.
l ACOS records the unique device ID/Serial number, model, that is requesting the
license, the IP address, GLM account, time of license request, time of license issue,
type of request
(initiated by Thunder), type of license, and then provides the trial license.
l Thunder administrator can create a GLM account if one doesn't exist already only
from
Thunder hardware device.
l Thunder administrator can create a GLM account from Thunder and make a license
request so GLM GUI need not be accessed.
l Thunder administrator can use an existing GLM account as well.
11
IPsec License
Requesting IPsec VPN License

Customers can request and obtain trial licenses from the ACOS device directly from
Thunder ACOS CFW. Customers can request the trial license for IPSEC VPN, but it
must be approved by A10 Sales and Purchase. The IPsec VPN license must be
requested before it can be used and is available for vThunder and cThunder trial
licenses.
To get an IPSEC VPN license:
l The user must submit a request to A10 SOA or approver be processed.
l License must be approved by A10 before it can be issued to user.
l IPsec VPN license requests must be sent to approvers.
l Once IPsec VPN license is approved and issued, the device will automatically
update and download the license if it is connected to the Internet.
12
IPSec Perpetual License

Starting from ACOS 4.1.4-GR1-P2, the IPsec perpetual license must be obtained from
GLM and installed on the device for IPsec functionality to work. The Convergent
Firewall (CFW) platforms no longer enable IPsec functionality by default.
So, if you are trying to obtain the IPsec Perpetual license from the GLM and installing
it on the device, see the following sections:
1. Obtain your UUID/Host ID. See Obtaining your UUID/UID /Host ID .
2. Sign in to GLM. See Signing Into GLM.
3. Activate your device’s Host ID to obtain an activation key. See Activating your
Appliance To Obtain Activation Key License .
4. Follow one of the following ways to activate the license on your ACOS device:
l Importing the IPsec Perpetual License on your device using CLI. See Importing a
License to ACOS 4.1.x and Later through the CLI.
l Enabling the IPsec Perpetual License on GLM. See Enabling IPsec Perpetual License
on GLM.
l Importing the IPsec Perpetual License using GUI. This is supported only on
vThunder. See ACOS Activation Key License Installation from the GUI.
l Upgrading to ACOS 4.1.4-GR1-P2 from old releases and preserve IPsec
configurations. See Upgrading IPsec Perpetual License .
13
Obtaining a Trial License

The section provides a step-by-step process for acquiring a trial license through
ACOS GUI:
1. From the Licenses page, click Add Trial License or +License if licenses already exist
for your account.
Figure 2 : GLM Request Trial License
The trial licenses for all A10 products are displayed as shown in the following
figure.
14
Figure 3 : Trial Licenses for A10 Products
2. You can acquire the trial license of the desired product by clicking Start Free Trial.
In the following example, VTHUNDER TRIAL 5 MBPS product is considered. Click
Start Free Trial for this product. The License Overview page for this product is
displayed as shown in the following figure.
15
Figure 4 : License Overview Page
3. On the License Overview page, click Activations, and then click Activate
(highlighted in the following figure).
Figure 5 : License Activation Page
The Activate Appliance page is displayed as shown in the following figure.
16
Figure 6 : Activate Appliances Page
4. On the Activate Appliance page, enter the appliance Universally Unique Identifier
(UUID) in the Appliance UUID field, and then click Activate Appliance.
When the activation key is generated, Done button is enabled.
5. Click Done.
The Activation Key is displayed as shown in the following figure.
Figure 7 : Trail License Activation Key
6. Copy the license activation key and proceed to Activation Key License
Installation, to install the trial license.
17
Obtaining your License Activation Key
The following provides a walk-through for obtaining the license activation key after
A10 Networks has processed a request for your appliance and completed the order
(after the 30 day trial period).
NOTE: If you have an existing trial license or license that you wish to migrate,
see Working with Existing Licenses.
The overall steps are summarized below:

1. Before you begin, you must obtain your UUID/UID/Host ID. Skip this step if you
already have this; if not, go to Obtaining your UUID/UID /Host ID for more
information.
2. Sign in to GLM. See Signing Into GLM.
3. Activate your device to obtain an activation key. See Activating your Appliance
To Obtain Activation Key License .
4. Activate the license on your system. See Activation Key License Installation.
Modular License
The above-mentioned installation steps are applicable for Modular license as well.
However, after installing the Modular license, you can must verify license activation
and device parameter allocation. For more information, see Verifying Modular
License Activation.
NOTE: Switching from modular license to non-modular license is not

supported on vThunder devices
18
Obtaining your UUID/UID/Host ID

To obtain an activation key license, you must activate your appliance through GLM
which requires a Universally Unique Identifier (UUID), also known as the Unique
Identifier (UID) or “Host ID”. Use the appropriate steps for your version of ACOS to
locate your UUID/UID/Host ID.
NOTE: The Host ID is not the user-configurable system hostname. It is a 40-

digit hexadecimal number that appears similar to the following:
5172DE29D49EE3C101C7A0CD54FB8A0B6EC92CEE
Obtaining an ACOS UUID

To obtain the UUID, use one of the following methods:
l Obtaining ACOS UUID from the GUI
l Obtaining ACOS UUID from the CLI
NOTE: ACOS 4.0.1 and 4.02 releases currently do not support the ability to
display the Host ID/UID via the GUI. To capture the UID, you must run
the CLI show license uid command, as described in Obtaining ACOS
UUID from the CLI.
CAUTION: The Host ID/UID is dependent on the file-system on which the

vThunder instance is installed. For any reason, if the file-system is
changed, the Host ID/UID will change, invaliding a license. The
following actions can result in a modified Host ID/UID, which will
invalidate an installed vThunder license.
l Migrate a VM from one system to another

l Upgrade the underlying hypervisor
l Upgrade the hard drive
19
CAUTION: If you choose to take any of these actions, you will need to obtain and
install a new vThunder license.
Obtaining ACOS UUID from the GUI

If you are running an ACOS 4.1.1 release:
1. Navigate to System > Admin.
2. Click on the Licensing tab, if not already selected, and the “Host ID” is displayed.
If you are running an ACOS 4.0.3 release or an ACOS 4.1.0 release:
1. Navigate to System > Maintenance > Licenses.
2. Click Upgrade, and the “Host ID” is displayed.
If you are running an ACOS 2.7.x release:
1. Click Config Mode and navigate to System > Maintenance > License.
2. The Host ID field appears near the top of the page.
Obtaining ACOS UUID from the CLI

To obtain the UUID/UID/Host ID from the CLI:
1. Establish a connection to the ACOS device through the management interface.
2. Access the Privileged EXEC (enable) level or any configuration level of the CLI.
3. Enter the following command: show license uid.
4. Copy the entire UID, which is the hexadecimal string displayed by the CLI.
20
Obtaining an aGalaxy UUID

The only way to obtain the UUID from an aGalaxy appliance is from the GUI.
aGalaxy UUID from GUI
If you are running an aGalaxy 3.0.4 release:
1. Navigate to System > Setting.
2. Click on the Licensing tab.
3. Copy the UUID.
If you are running an aGalaxy 3.0.2 or 3.0.3 release:
1. Navigate to System > License.
2. Copy the UUID. The location is pointed to in the following figure.
Figure 8 : aGalaxy UUID Location
21
Signing Into GLM

1. Upon purchase of an appliance, you will receive an email from the A10 Networks
listing the following:
l Information on your order, such as bandwidth and number of appliances
ordered. In case of Modular License, information such as the performance
model selected (Low, Medium, or High) and the allocated hardware parameters
(number of CPUs, number and type of ports, memory, bandwidth, and SSL
chipset) is mentioned.
l License Entitlement Token
l Registration Link to request A10 Networks Support and Services
l Appliance Activation Link
2. Log into the GLM portal https://glm.a10networks.com/ and perform the
following:
a. In the Email field, enter your email address.
b. In the Password field, enter a password for your account.
An email will be sent to you for the email address provided in Step Signing
Into GLM.
c. Click Confirm my account. For future use, the login name is the email from
which you received the account information.
3. Return to the original email and select Click here to activate an appliance. This
will take you back to the GLM to begin the appliance activation process that will
provide you with the activation key license.
22
Activation Key License Installation

This section provides the various methods for installing the activation key, also
known as your license, for the various appliances.

Installing Activation Key 23
aGalaxy Activation Key License Installation 33
URL Classification License Installation 34
Enabling IPsec Perpetual License on GLM 37
Upgrading IPsec Perpetual License 38
Verifying Modular License Activation 42
Installing Activation Key

To install the activation key for an appliance, use one of the following methods:
l Activation Key Installation from the GUI
l Activation Key Installation from the CLI
For SoftAX appliances, the installation of a new license for ACOS 2.7.x series or 4.0.x
series will result in the renaming within the serial number field of “SoftAX” to
“vThunder”.
NOTE: ACOS 4.0.1 and ACOS 4.1.0 releases do NOT support the ability to
activate an appliance through the GUI. To activate the license, run the
CLI import license as described in Activation Key Installation from
the CLI.
Activation Key Installation from the GUI

To enter the license from the ACOS GUI, do the following:
1. Establish a connection to the ACOS device through the management interface.
2. Navigate as follows:
23
Activating the license on 4.1.4-GR1-P2 or later releases.

a. Navigate to System > Admin.
b. Click on the Licensing tab. The Licensing window is displayed.
Figure 9 : Licensing Window
c. Select one of the following ways to enter the activation:

l Copy/Paste — Copy the text of the activation key license and paste it into
the blank field. Then, click Submit.
l Upload Text File — If the activation key license is saved as a text file, you
can click Choose File, navigate to the text file, and then click Upload File.
l Upload License file from Remote Server - Click Remote Import to import a
license file from a remote server.
If you are running an ACOS 4.1.1 release, do the following:
a. Navigate to System > Admin.
b. Click on the Licensing tab, if it isn’t already selected.
Select one of the following ways to enter the activation:
l Upload Text File - If the activation key license is saved as a text file, you can
click Choose File, navigate to the text file, and then click Upload File.
24
l Copy/Paste - Copy the activation key license, paste it into the blank field,
and then click Submit.
If you are running an ACOS 4.1.0 release, do the following:
a. The GUI is not supported. Follow the CLI instructions in Importing a License
to ACOS 4.1.x and Later through the CLI.
If you are running an ACOS 4.0.2 or 4.0.3 release, do the following:
a. Navigate to System > Maintenance > Licenses.
b. Click Upgrade.
c. Paste the entire text of the activation key license into the Definition field.
d. Click the Upgrade button.
If you are running an ACOS 2.7.x release:
a. Click Config Mode and navigate to System > Maintenance > License.
b. Click Install to expand the field.
c. Paste the entire text of the activation key license into the License field.
d. Click Update.
Following the upgrade, reboot your appliance and check the version to verify the
update.
Activation Key Installation from the CLI

To install the activation key license using the ACOS CLI, based on the ACOS version,
follow one of the listed procedures.
l Importing a License to ACOS 4.1.4 GR1-P2 and Later through the CLI
l Importing a License to ACOS 2.7.x-4.0.x through the CLI
l Importing a License to ACOS 4.1.x and Later through the CLI
Importing a License to ACOS 414 GR1-P2 and Later through the CLI
When running an ACOS 4.1.4 GR1-P2 or later, perform the following:
25
2. Save the activation key license file sent by A10 Networks onto a server that can
be locally accessed over the network by your appliance.
3. Enter the following command to install the license:
import glm-license file-name url
The file-name is the name of the activation key license file received from A10
Networks. The URL specifies the file transfer protocol, the username (if required),
and directory path.
You can enter the entire URL on the command line or press Enter to display a
prompt for each part of the URL. If you enter the entire URL and a password is
required, you will still be prompted for the password. To enter the entire URL:
l tftp://host/file
l ftp://[user@]host[:port]/file
l scp://[user@]host/file
l sftp://[user@]host/file
4. Close your CLI session.

5. Open a new CLI session.
7. Enter the show license-info command to verify the activation key license
installation.
For example;
TH7650-1#show license-info
Host ID : 4BD78D258E47EBA6E0E0458E8CAA9BC9183C72D4
USB ID : Not Available
Billing Serials: vTh5c3b2c9840000, vTh64420a9070000
Token : Not Available
Product : CFW
Platform : Thunder Series Unified Application Service Gateway
Burst : Disabled
GLM Ping Interval In Hours : 24
26
-----------------------------------------------------------------------
-------------
Enabled Licenses Expiry Date (UTC) Notes
-----------------------------------------------------------------------
-------------
SLB None
CGN None
GSLB None
RC None
DAF None
WAF None
SSLI None
DCFW None
GIFW None
URLF None
AAM None
FP None
WEBROOT N/A Requires an additional
Webroot license.
THREATSTOP N/A Requires an additional
ThreatSTOP license.
QOSMOS N/A Requires an additional
QOSMOS license.
WEBROOT_TI N/A Requires an additional
Webroot Threat Intel license.
CYLANCE N/A Requires an additional
Cylance license.
IPSEC_VPN None
NOTE: Reboot ACOS after verification to ensure the full functionality of

ACOS features.
CLI Example
l Thunder- AX series
1. Log onto the CLI, access the Privileged EXEC level, and display the license host ID:
login as: admin
27
Using keyboard-interactive authentication.

Password:
Last login: Mon May 1 21:23:14 2020 from 172.16.137.157
ACOS system is ready now.

[type ? for help]
TH3030S-AX3>enable
Password:
TH3030S-AX3#show license uid
A0C774C33831F0A5FB9961EA5EDCF31330FB91A6
2. Import and installs the license.

TH3030S-AX3#import glm-license IPsec_33395-10.16.21.108.txt use-mgmt-
port scp://root:[email protected]/home/deyue/IPsec_33395-
10.16.21.108.txt
License successfully updated, please log out and log back in to access
license features
Done.
TH3030S-AX3#
3. Close the existing CLI session and open a new CLI session.
The following enhanced command verifies license installation and lists the set of
licenses and information.
For example;
28
Importing a License to ACOS 4.1.x and Later through the CLI

When running an ACOS 4.1.x release or later, perform the following:
be locally accessed over the network by your appliance.
import glm-license file-name url
and directory path.
required, you will still be prompted for the password. To enter the entire URL:
l tftp://host/file
29

7. Enter the show license-info command to verify the activation key license
installation.
NOTE: Reboot ACOS after verification to ensure the full functionality of ACOS
features.
CLI Example
l vThunder:
1. Log onto the CLI, access the Privileged EXEC level, and display the license host ID:
login as: admin
Password:
Last login: Mon Feb 1 21:23:14 2020 from 172.16.137.157
ACOS system is ready now.
[type ? for help]
vThunder>enable
Password:
vThunder#show license uid
A0C774C33831F0A5FB9961EA5EDCF31330FB91A6
2. Import and installs the license.

vThunder#import glm-license license_example.lic use-mgmt-port
scp://[email protected]/home/user/license_example.lic
3. Close the existing CLI session and open a new CLI session.
30
The following enhanced command verifies license installation and lists the set of
licenses and information about them:
vThunder(config)#show license-info
Host ID : 5BBB01EX264EXAMPLECB3C2FE42E02384EE8C527
Product : CFW
-----------------------------------------------------------------------
-------------
Enabled Licenses Expiry Date Notes
-----------------------------------------------------------------------
-------------
SLB None
CGN None
GSLB None
RC None
DAF None
WAF None
SSLI None
DCFW None
GIFW None
URLF None
IPSEC None
AAM None
FP None
WEBROOT None Requires an additional
Webroot license.
THREATSTOP None Requires an additional
ThreatSTOP license.
NOTE: The WEBROOT and THREATSTOP fields are not applicable and must
be checked separately.
Importing a License to ACOS 2.7.x-4.0.x through the CLI

When running an ACOS 2.7.x-4.0.x release, do the following:
31
be locally accessed by your appliance over the network.
import licensefile-name url
and directory path.
required, you will still be prompted for the password. The available options and
their individual parameters are:
l tftp://host/file

7. Enter the following command to verify license installation:
show license
NOTE: Reboot ACOS after verification to ensure the full functionality of

ACOS features.
CLI Example
The following commands log onto the CLI, access the Privileged EXEC level, and
display the license Host ID:
login as: admin
Password:***
32
Last login: Mon Aug 2 07:58:10 2010
[type ? for help]
vThunder>enable
Password:******** <blank by default>
vThunder#show license uid
5172DE29D49EE3C101C7A0CD54FB8A0B6EC92CEE
The following command installs the activation key license:

vThunder#import license softax-lic1.txt
tftp://192.168.1.101/licenses/softax-lic1.txt
After closing your existing CLI session, open a new CLI session. The following
command verifies the activation key license installation:
vThunder#show license
Feature Installed: bandwidth
: 200 Mbps
Version: 1.01
Exp date: permanent
Host ID: 5172DG29E49EE3C102C7A0CD54FB8A0B6EC92CEE
aGalaxy Activation Key License Installation

The activation key license installation can be done only through the GUI interface.
Take the following steps:
If you are running an aGalaxy 3.0.4 release:
1. Navigate to System > Settings, click on the Licensing tab, then click Submit.
If you are running an aGalaxy 3.0.2 or 3.0.3 release:
1. Navigate to System > License, and click Submit.
There are two ways to enter the activation:
a. Upload text file - If the activation key license is saved as a text file, you can
click Browse (aGalaxy 3.0.2, 3.0.3) or Choose File (aGalaxy 3.0.4), navigate to
33
the text file, and then click Upload.

b. Copy/Paste - Copy the text of the activation key license and paste it into the
blank field. Then, click Submit.
2. Click Submit.
URL Classification License Installation

To install your URL Classification License, take the following steps:
NOTE: The URL Classification License is only applicable for 4.x.
The URL Classification License offers the following subscription:

l Cloud-based (plus local) - Covers the top 20 billion URLs (with local caching)
For more information on common usage for an URL Classification License, see the
“SSLi Web Categories Bypass” section in the SSL Insight Configuration Guide.
1. Configure your ACOS device with a valid ip route and domain name server (DNS).
An example configuration is provided below. Use the show run ip command to
verify your configuration.
ACOS(config)#ip route 0.0.0.0 /0 192.168.200.1

ACOS(config)#ip dns primary 192.168.1.100
ACOS(config)#
ACOS(config)#show run ip
!Section configuration: 69 bytes
!
ip route 0.0.0.0 /0 192.168.200.1
!
ip dns primary 192.168.1.100
Take the following step to confirm the connection of the management port
interface with the
internet:
ACOS(config)# ping 8.8.8.8 use-mgmt-port
PING 8.8.8.8 (8.8.8.8) 56(84) bytes of data.
64 bytes from 8.8.8.8: icmp_seq=1 ttl=56 time=9.26 ms
34

--- 8.8.8.8 ping statistics ---
5 packets transmitted, 5 received, 0% packet loss, time 4013ms
rtt min/avg/max/mdev = 9.178/9.212/9.266/0.091 ms
To confirm DNS is working, take the step shown to check if pinging

glm.a10networks.com directs the ping to amazonaws.com.
ACOS(config)# ping glm.a10networks.com use-mgmt-port
PING elb050911-1708050023.us-east-1.elb.amazonaws.com (54.225.155.192)
56(84)
bytes of data.
2. Ensure that the ACOS device has access to the following URLs through the
management port interface.
l https://glm.a10networks.com/
l database.brightcloud.com
l service.brightcloud.com
3. If not already set, use the CLI clock command to configure the correct time and
date, or configure it through the GUI from System >Settings >Time.
4. Save your URL Classification license file on an accessible server.
5. Enter global configuration mode, by taking the following steps:
ACOS>enable
Password:
ACOS#config
ACOS(config)#
6. Enter the web-category sub-command mode by entering web-category, and

configure the use of the management port for communication with the
BrightCloud servers using the use-mgmt-port CLI command. Finally, enter the CLI
command exit, to return to the global configuration mode.
ACOS(config)#web-category
ACOS(config-web-category)#use-mgmt-port
ACOS(config-web-category)#exit
35
ACOS(config)#
7. Import your URL Classification license file using the CLI command at the global
configuration mode level. The file-name is the name of the URL Classification
license file.
import web-category-licensefile-name
The following example shows the output when the URL Classification license file has
been imported.
ACOS(config)#import web-category-license test.json use-mgmt-port
scp://[email protected]/home/example/lic_test/test_URL_C.json
Password []?
Done.
Verifying URL Classification License on an ACOS device

Enter the show web-category license CLI command to verify that the URL
Classification license has been imported onto your ACOS device.
The following output example shows a relevant line (highlighted in blue) of a
successful URL Classification license installation.
ACOS(config)#show web-category license
Module Status : Disabled
License Status : License is valid
License Type : Trial License
License Expiry : 2017-02-16 00:00:00 PST
Remaining Period : 86 d 0 hrs 12 min 46 sec
Grace Period Status : Grace period is not available
Grace Period : Grace period is not available
UUID/SN : SoftAX1000001429
Activating the URL Classification Database

The URL Classification license must first be enabled in order to utilize the database.
Use the enable CLI command from the web-category configuration mode to enable
web-category functionality.
ACOS(config-web-category)#
ACOS(config-web-category)#enable
36
Verifying the URL Classification Library

The URL Classification database installation can be verified by using the following
show web-category database CLI command. An example output is provided as
follows:
ACOS(config-web-category)# show web-category database
Database Name : full_bcdb_4.827.bin
Database Status : Active
Database Size : 351 MB
Database Version : 827
Last Update Time : Wed Jul 6 19:39:59 2016
Next Update Time : Fri Jul 8 00:00:22 2016
Connection Status : GOOD
Last Successful Connection : Thu Jul 7 00:39:22 2016
Enabling IPsec Perpetual License on GLM

To enable the license on GLM:
1. Configure your ACOS device with a valid domain name server (DNS).
An example configuration is provided below. Use the show run ip command to
verify your configuration.
ACOS(config)#ip dns primary 8.8.8.8
2. Configure the user management port interface.

ACOS(config)#glm use-mgmt-port
3. Enable the glm requests.

ACOS(config)#glm enable-requests
The QOSMOS license is successfully updated. Please log out and log back
in to the ACOS device to access the license features vThcee6ed6d60000
IPSEC_VPN License successfully updated, please log out and log back in
to access license features vThcee6ed6d60000
4. Enter the #show license-info command to validate the license information.
37
5. Reboot the system to enable the IPsec license.
Upgrading IPsec Perpetual License

Starting from ACOS 4.1.4-GR1-P2, the IPsec perpetual license must be obtained from
GLM and installed on the device for IPsec functionality to work. The Convergent
Firewall (CFW) platforms no longer enable IPsec functionality by default.
To upgrade Thunder to 4.1.4-GR1-P2 from old releases and preserve IPsec
configurations, perform the following:
1. Reboot the system.
NOTE: After upgrading, upon first boot, DO NOT save the running-config
into startup-config.
2. Enter the #sh license-info command.
38
NOTE: After upgrading, at first boot, there will be no IPsec license, and
IPsec related configurations are not in running-config as shown
below:
39
3. Import IPsec license.
4. Validate the IPsec License by #show license-info command.
40
NOTE: The IPsec license is working in “None” status.
5. Reload the system by #do reload command.
NOTE: In TH3030S-AX3 system prompts the user to save, select “no”, then
select “yes” to reload
6. Validate the IPsec configuration by entering #diffstartup-config running-
41
config command.
NOTE: All IPsec related configurations are in the running-config, it is the

same as startup-config.
Verifying Modular License Activation

You can verify the license activation using GUI as well as CLI.

Verifying License Activation Using GUI 43
42
Verifying License Activation Using CLI 43

Viewing Allocated Hardware Parameters 44
Verifying License Activation Using GUI

Navigate to System > Admin > Licensing. The Licensing window is displayed. The
Product field in this window indicates the performance model enforced (ADC, CFW,
CGN, SSLi, TPS, and so on). Similarly, the highlighted four fields in the License Info
indicate the device parameters allocated for the device.
Figure 10 : Licensing Page
Verifying License Activation Using CLI

To verify the license activation, enter the show license-info command as shown
below:
ACOS(config)# show license-info
Host ID : BF3440EF368CE033082921AE8E033F1566D6FD7A
Billing Serials: vTh72b4c5d6e0000
Product : Software-Driven-License
Platform : vThunder
Burst : Disabled
Version : Unlimited
------------------------------------------------------------------------
43
------------------------------------------------------------------------
SLB None
CGN None
GSLB None
RC None
DAF None
WAF None
SSLI None
DCFW None
GIFW None
URLF None
AAM None
FP None
WEBROOT N/A Requires an additional Webroot license.
THREATSTOP N/A Requires an additional ThreatSTOP license.
QOSMOS N/A Requires an additional QOSMOS license.
WEBROOT_TI N/A Requires an additional Webroot Threat
Intel license.
IPSEC_VPN N/A Requires an additional IPsec VPN license.
A10_TI N/A Requires an additional A10 Threat Intel
license.
10 cores Allowed 09-July-2024
90000 Mbps Bandwidth 09-July-2024
51200 MB memory Allowed 09-July-2024
8 Connectivity Allowed 09-July-2024 Valid-Types: 8 x 40G_Fiber
2 N5 HW SSL allowed 09-July-2024
The Product field in the above output indicates that this is a software-driven license
i.e., Modular license. Similarly, the last five lines of the output indicate the device
parameters allocated.
Viewing Allocated Hardware Parameters

After activating the license, you can view the allocated device parameters using the
show license-info command. This topic describes how to check additional details of
these allocated parameters.
44
CPU Cores
To check the number and the type of CPU Cores allocated, use the show cpu
command as shown below. In this example, 10 CPU Cores are allocated.
ACOS(config)# show cpu
Time: May-17-2021, 22:36
1Sec 5Sec 10Sec 30Sec 60Sec
-------------------------------------------------------------------------
Control1 11% 10% 10% 10% 10%
Control2 9% 10% 10% 11% 11%
Data1 0% 0% 0% 0% 0%
Data2 0% 0% 0% 0% 0%
Data3 0% 0% 0% 0% 0%
Data4 0% 0% 0% 0% 0%
Data5 0% 0% 0% 0% 0%
Data6 0% 0% 0% 0% 0%
Data7 0% 0% 0% 0% 0%
Data8 0% 0% 0% 0% 0%
Data9 0% 0% 0% 0% 0%
Port Connectivity
To check the ports (number and the type) allocated, use the show interfaces brief
command as shown below. In this example, Port 1 to 8 (of type 40G) are allocated;
the others are disabled.
ACOS(config)# show interfaces brief
Port Link Dupl Speed Trunk Vlan Encap MAC IP Address IPs Flags
Name
--------------------------------------------------------------------------
mgmt Up Full 1000 N/A N/A N/A 001f.a00e.6c30 10.67.1.234/24 1
1 Up Full 40000 none Tag N/A 001f.a00e.6c38 0.0.0.0/0 0
2 Up Full 40000 none Tag N/A 001f.a00e.6c39 0.0.0.0/0 0
3 Up Full 40000 none Tag N/A 001f.a00e.6c3a 0.0.0.0/0 0
4 Up Full 40000 1 Tag N/A 001f.a00e.6c3b 0.0.0.0/0 0
5 Down None None none 1 N/A 001f.a00e.6c3c 0.0.0.0/0 0
6 Down None None none 1 N/A 001f.a00e.6c3d 0.0.0.0/0 0
7 Down None None none 1 N/A 001f.a00e.6c3e 0.0.0.0/0 0
8 Down None None none 1 N/A 001f.a00e.6c3f 30.1.0.11/16 1
45
9 Disb None None none 1 N/A 001f.a00e.6c40 0.0.0.0/0 0

ve20 Up N/A N/A N/A 20 N/A 001f.a00e.6c3c 20.20.20.20/24 1
ve123 Up N/A N/A N/A 123 N/A 001f.a00e.6c43 1.1.1.234/24 1
You cannot access more than 8 ports. When the 9th port is accessed, a restricted
connectivity license message is displayed as shown below:
ACOS(config)# interface ethernet 9
ACOS(config-if:ethernet:9)# enable
Interface specified does not have connectivity license. Connectivity
license count is exceeded.
ACOS(config-if:ethernet:9)#
If you want to access Port 9, you need to disable an allocated port (from 1 to 8). In
this example, the 9th port can be accessed only after disabling the 8th port as shown
below:
ACOS(config-if:ethernet:8)# disable
ACOS(config-if:ethernet:8)# exit
ACOS(config-if:ethernet:9)# enable
ACOS(config-if:ethernet:9)#
Now, use the show interfaces brief command to check the 9th Port.
ACOS(config)# show interfaces brief
Port Link Dupl Speed Trunk Vlan Encap MAC IP Address IPs Flags
Name
--------------------------------------------------------------------------
-
mgmt Up Full 1000 N/A N/A N/A 001f.a00e.6c30 10.67.1.234/24
1
1 Up Full 40000 none Tag N/A 001f.a00e.6c38 0.0.0.0/0
0
46
2 Up Full 40000 none Tag N/A 001f.a00e.6c39 0.0.0.0/0

0
3 Up Full 40000 none Tag N/A 001f.a00e.6c3a 0.0.0.0/0
0
4 Up Full 40000 1 Tag N/A 001f.a00e.6c3b 0.0.0.0/0
0
5 Down None None none 1 N/A 001f.a00e.6c3c 0.0.0.0/0
0
6 Down None None none 1 N/A 001f.a00e.6c3d 0.0.0.0/0
0
7 Down None None none 1 N/A 001f.a00e.6c3e 0.0.0.0/0
0
8 Disb None None none 1 N/A 001f.a00e.6c3f 0.0.0.0/0
0
9 Down None None none 1 N/A 001f.a00e.6c40 0.0.0.0/0
0
10 Disb None None none 1 N/A 001f.a00e.6c41 0.0.0.0/0
0
0
0
0
0
1
0
ve20 Up N/A N/A N/A 20 N/A 001f.a00e.6c3c 20.20.20.20/24
1
ve123 Up N/A N/A N/A 123 N/A 001f.a00e.6c43 1.1.1.234/24
1
If you need additional connectivity (more than the allocated ports), contact the A10
sales team to upgrade the license.
47
NOTE: Port splitting is only supported for ports that have connectivity license.
Additionally, port splitting is disabled when the port connectivity
license expires.
Memory
To check the memory allocated, use the show memory command as shown below:
ACOS# show memory system
Total(KB) Free Shared Buffers Cached Usage
--------------------------------------------------------------------------
130201220 45862090 0 74264 814346 64.70%
The Total field indicates the total system memory. Free memory = Licensed Memory
(Total Memory) - Used Memory
Bandwidth Limit
Before installing the license, the bandwidth is restricted to 1Mbps. Based on the
license installed, the bandwidth limit is configured. If the traffic exceeds this
configured threshold limit (at runtime), the packets are dropped.
The BW Limit Drop field of the show slb switch command indicates the number of
packets dropped due to exceeded bandwidth.
To extend the allocated bandwidth limit, you can enable bursting in vThunder, and
Bare Metal devices. This ensures that the packets are never dropped.
NOTE: You can enable the burst mode only if you have purchased the FlexPool
License along with the FlexPool Burst License.
To enable burst, enter glm burst command in the configuration mode as shown
below:
ACOS(config)# glm burst
Enter the show license-info command to verify that bursting is enabled.

ACOS(config)# show license-info
Host ID : BF3440EF368CE033082921AE8E033F1566D6FD7A
Billing Serials: vTh72b4c5d6e0000
48

Product : CFW
Burst : Enabled
SSL Chipset
This parameter decides how the SSL processing takes place on the device. SSL
processing can either be software-based or hardware-based. In case of hardware-
based processing, you can select one of the following Hardware Acceleration
modules:
l Quick Assist Technology (QAT) by Intel
l Nitrox V (N5)
NOTE: Even if the device has the Hardware Acceleration modules, they can be
accessed only if the appropriate SSL parameters are set for the license.
The last line of the show license-info command indicates if these modules are
accessible. Consider the following show license-info command example (only the
last five lines):
This indicates that only software-based SSL processing is allowed.
SSL SW is only Allowed 09-July-2024
This indicates that 2 Nitrox modules are allocated for hardware-based SSL processing.
2 N5 HW SSL Allowed 09-July-2024
Additionally, to check the Hardware Acceleration module details, use the show slb
ssl stats command as shown below:
ACOS(config)# show slb ssl stats
49
SSL module: Hardware

Number of SSL modules: 2
SSL module 1
Number of enabled crypto engines: 40
Number of available crypto engines: 40
Number of requests handled: 6
SSL module 2
Number of enabled crypto engines: 40
Number of available crypto engines: 40
Number of requests handled: 0
Current clientside SSL connections: 0
Total clientside SSL connections: 0
Current serverside SSL connections: 0
Total serverside SSL connections: 0
Total Non SSL Bypass connections: 0
Total times of stateful session reuse in client ssl: 0
Total times of stateful session reuse in server ssl: 0
Total times of stateless session reuse in client ssl: 0
Total times of stateless session reuse in server ssl: 0
Total clientside early data connections: 0
Total serverside early data connections: 0
Total clientside failed early data connections: 0
Total serverside failed early data connections: 0
Failed SSL handshakes: 0
Failed crypto operations: 0
SSL memory usage: 8665 bytes
SSL server certificate errors: 0
SSL client certificate authorization failed: 0
SSL fail CA verification 0
HW Context Memory Total Count 12582912
HW Context Memory in Use 0
HW Context Memory alloc failed 0
HW ring full 0
Record too big 0
Total client ssl context malloc failures: 0
Maximum SSL contexts N/A
Current SSL contexts in use 0
Static SSL contexts in use 0
Dynamic SSL contexts in use 0
SSL Forward Proxy
50
Bypass Failsafe SSL sessions: 0

Bypass Username sessions: 0
Bypass AD-Group sessions: 0
Bypass SNI sessions: 0
Bypass Certificate subject sessions: 0
Bypass Certificate issuer sessions: 0
Bypass Certificate SAN sessions: 0
Bypass NO SNI sessions: 0
Reset NO SNI sessions: 0
Bypass ESNI sessions: 0
Drop ESNI sessions: 0
Bypass Client Auth sessions: 0
In this output, the first line SSL module: Hardware indicates that the SSL processing
occurs in the hardware modules. For further details on the command output, refer to
the Command Line Interface Reference guide.
51
Managing GLM Licenses

User Account Options 52
Working with Existing Licenses 54
Support and Resources 59
User Account Options

GLM offers flexibility by allowing its users to authorize licenses or their account to
other users. This can be useful for organizations with numerous departments to
allow delegation of responsibilities to the proper resources.

Authorizing Licenses for Other Users 53
Authorizing Account for Other Users 54
Modifying User Settings 54
52
Authorizing Licenses for Other Users

To authorize other users to use the licenses for your account, take the following
steps from the Licensing page:
1. From the Licenses page, click on the license you wish to give authorization access
to.
2. On the License Overview page, click on Authorizations followed by clicking on
Manage Users.
3. On the Manage Authorized Users page, in the Authorized Users field, enter the
email address of the user you wish to give license access to.
4. (Optional) To add more users, click on Add New User to generate another
Authorized Users field and repeat step 3.
5. When done, click Update License.
Figure 11 : Manage Authorized Users Page
53
Authorizing Account for Other Users

To authorize other users to access your account, take the following steps:
1. Click on the profile icon and click on Account Info.
2. Click on Users in the left column menu.
3. Click on + Add User on the right upper corner.
On the New User page, fill out the following information for the new user of this
account:
1. In the Name field, enter the name of the new user.
2. In the Email field, enter the email address of the new user.
3. Click Create User.
An email will be sent to the user with a link to confirm this new account.
Modifying User Settings

To change your user settings:
1. Click on the Profile icon.
2. Click Profile and then click Settings.
3. On the Edit User page, make any changes to update your profile, and click Update
User to finish.
Working with Existing Licenses

Migrating an Existing License 55
Dealing with an Invalid License 55
Renewing a URL Classification License 56
54
Migrating an Existing License

To transfer an existing standard license to another appliance, the license must be
revoked from the current appliance before this license can be activated for a new
appliance.
NOTE: If the current appliance is provisioned under the standard license, the
new device will continue to operate with the standard license. Modular
licensing is not enforced on such appliances.
To revoke the license for migration, you will need to send a Return Merchandise
Authorization (RMA) request through GLM (Return Merchandise Authorization
Requests) where A10 Networks will review and take action on the RMA request.
After you have confirmed that the RMA request has been approved, the existing
license may be migrated onto another appliance.
NOTE: When submitting the RMA request for license migration, ensure the
following information is included in the Reason for RMA Request field:
l State that the request is for license migration.

l Planned date for license migration.
l The original Host ID/UID/UUID.
If you experience any further issues after your license has been revoked, please
contact A10’s Technical Assistance Center (TAC) or your local sales representative.
Dealing with an Invalid License

A vThunder license can become invalid if the file-system changes. Common examples
that result in a modified UUID include the following:
l Migrating a VM from one system to another
l Upgrading the hypervisor
l Upgrading the hard drive
55
If your vThunder instance develops an invalid license, obtain the new UUID according
to the instructions, see Obtaining your UUID/UID /Host ID , and send a request to
A10 Support to acquire a new license.
NOTE: The bring your own license (BYOL) for AWS vThunder is not affected by
a changing UUID.
Renewing a URL Classification License

To renew your URL Classification License, you will need to contact your local sales
representative. While URL Classification Licenses have a grace period of 30 days after
the license expiry date, it is strongly recommended to get a renewal before this date.
In term license, the ACOS notifies the controller (CAP APP) and Syslog, (SNMP) of
license expiry at 30, 15, 10, 5, 4, 3, 2, 1 days before expiry, and daily from the day of
expiry until the grace period ends. When the grace period ends, it deactivates all
modules that do not have a valid license.
When a license is renewed, the renewal is applied to the license expiry date.
To check the status of your URL Classification License, use the following command
show web-category license
or
show license-info
The following is a sample output of what appears when running the command,
highlighting the pertinent section related to license renewal:
ACOS(config)# show web-category license
Module Status : Disabled
License Status : License is valid
License Type : Term License
License Expiry : 2017-08-22 01:00:00 GMT
Remaining period : License has expired
Grace period Status : License in Grace period
Grace period : 24 d 0 hrs 48 min 13 sec
UUID/SN : AX26000310020010
56
NOTE: The status of the license and the expiry date appears, along with grace
period information and your UUID.
The following is a sample output of what appears when running the command for a
CFW product:
ACOS#show license-info
Host ID : CD8AEDDB8EA74129D8C5424E2F10504EA458D734
Billing Serials: vThfc40ac4f90000
Product : CFW
Burst : Disabled
--------------------------------------------------------------------------
----------
--------------------------------------------------------------------------
----------
SLB 11-October-2022
CGN 11-October-2022
GSLB 11-October-2022
RC 11-October-2022
DAF 11-October-2022
WAF 11-October-2022
SSLI 11-October-2022
DCFW 11-October-2022
GIFW 11-October-2022
URLF 11-October-2022
AAM 11-October-2022
FP 11-October-2022
WEBROOT N/A Requires an additional Webroot
license.
THREATSTOP N/A Requires an additional
ThreatSTOP license.
QOSMOS 11-October-2022
WEBROOT_TI N/A Requires an additional Webroot
Threat Intel license.
57
CYLANCE N/A Requires an additional Cylance

license.
IPSEC_VPN N/A Requires an additional IPsec
VPN license.
The term license is for the term 1 year, 3 years, and 5 years with product CFW. ACOS
also deactivates all the modules corresponding to revoked licenses.
When contacting your local sales representative, you will need to provide the UUID
of your ACOS device which can be obtained by running the show web-category
license command. Based upon whether your utilization of a URL Classification
License is online or offline, you will need to take one of the following steps to
proceed with renewal.
l Online - Your ACOS device routinely connects to GLM.
Contact your local sales representative to renew your license. Once your sales
representative has fulfilled your order, your license will be updated upon its next
connection with GLM. Should you wish to update your URL Classification License
immediately after fulfillment of the order, disable then re-enable the web-category
by taking the following steps from the global configuration level:
ACOS(config-web-category)# no enable
ACOS(config-web-category)# enable
NOTE: Updating your URL Classification License immediately upon

fulfillment of the renewal order is strongly recommended if the grace
period remaining is less than 24 hours.
l Offline - Your ACOS device does not connect to GLM.

When your sales representative has processed your order, a license file will be
provided to you. Once the license file has been obtained, follow the steps in URL
Classification License Installation to update your URL Classification License. After
installation is complete, make sure to enable your device by following the
instructions in Activating the URL Classification Database .
58
Support and Resources

Obtaining Technical Assistance 59
Return Merchandise Authorization Requests 60
Resource Downloads 61
Obtaining Technical Assistance

For all customers, partners, resellers, and distributors who hold valid A10 Networks
Regular and Technical Support service contracts, the A10 Networks Technical
Assistance Center provides support services online and over the phone. To facilitate
services, please have your Billing Serial Number available when you contact us.
To locate your billing serial number, take the following steps from the Licensing page:
1. Click on the License of the appliance for which you wish to obtain technical
support.
2. On the License Overview page, click on Billing Serial Numbers.
The information for the Billing Serial Number is displayed here as shown in below
figure.
Figure 12 : Billing Serial Number Information
59
Return Merchandise Authorization Requests

For common software licensing issues, customers can issue a Return Merchandise
Authorization (RMA) request to reach A10 Networks directly. Reasons for an RMA
request can include:
1. The license activation error (Example: An incorrect UUID was entered.)
2. The Activation key is incompatible with the version of ACOS running on the
appliance.
3. The incorrect product received. (Examples include a product with the wrong
bandwidth, wrong aGalaxy device, or an incorrect URL class subscription.)
4. The transfer of a vThunder license.
To send a Return Merchandise Authorization (RMA) request, on the Overview page of
the License selected, click Request RMA. On the New RMA Request page, in the
Reason For RMA Request field, enter the reason for the request and click Agree.
If you have no pending RMAs, a new RMA will be issued after 15 minutes.
If you have one pending RMA, a new RMA will be issued after an hour.
If you have two or more pending RMAs, a new RMA will be issued after 12 hours.
If you have three or more pending RMAs, contact A10’s Technical Assistance center
(TAC) or your local sales representative.
NOTE: An RMA request on GLM requires that the appliance is activated. You
must also agree to the terms to uninstall the existing license on the
appliance.
If you are issuing an RMA request on a previously purchased vThunder which needs
to be migrated, in the Reason for RMA Request field, please provide the following
information:
l State that the request is for license migration.
l The planned date for license migration.
l The original Host ID/UID/UUID.
60
NOTE: If the existing appliance is provisioned under the Perpetual license, the
RMA device issued will continue to operate with the Perpetual license.
Modular licensing is not enforced on such RMA appliances.
Resource Downloads
To access available vThunder or Local License Proxy resources, click on the Profile
icon and click on Downloads.
Figure 13 : Downloads Page
61
©2024 A10 Networks, Inc. All rights reserved. A10 Networks, the A10 Networks logo, ACOS, A10 Thunder,
Thunder TPS, A10 Harmony, SSLi and SSL Insight are trademarks or registered trademarks of A10 Networks, Inc. in
the United States and other countries. All other trademarks are property of their respective owners. A10
Networks assumes no responsibility for any inaccuracies in this document. A10 Networks reserves the right to
change, modify, transfer, or otherwise revise this publication without notice. For the full list of trademarks, visit:
Contact Us
www.a10networks.com/company/legal/trademarks/.

A10_GLM_PERP_GUIDE

Uploaded by

Document Informationclick to expand document informationA10_GLM_PERP_GUIDE

Document Informationclick to expand document information

Copyright:

Available Formats

A10_GLM_PERP_GUIDE

Uploaded by

Document Information

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

A10_GLM_PERP_GUIDE

Uploaded by

Copyright:

Available Formats

Global License Manager User Guide

Acquiring a Trial License 8

Obtaining your License Activation Key 18

Activating the URL Classification Database 36

Managing GLM Licenses 52

This document provides a step-by-step procedure on how to obtain an activation

Figure 1 : Initial Global License Manager Sign In Page

The allocation of these hardware parameters drive the device performance

Features and Advantages

A10 Networks offers a trial license for a number of its appliances.

The following topics are covered:

Creating a GLM Account

Request Add-On Licenses from ACOS

The 90 day trial license is available for:

Web URL Classification and Reputation License

IP Threat Intelligence License

Application Visibility License

Requesting IPsec VPN License

IPSec Perpetual License

Obtaining a Trial License

Figure 3 : Trial Licenses for A10 Products

Figure 4 : License Overview Page

The Activate Appliance page is displayed as shown in the following figure.

Figure 6 : Activate Appliances Page

The overall steps are summarized below:

NOTE: Switching from modular license to non-modular license is not

Obtaining your UUID/UID/Host ID

NOTE: The Host ID is not the user-configurable system hostname. It is a 40-

Obtaining an ACOS UUID

CAUTION: The Host ID/UID is dependent on the file-system on which the

l Migrate a VM from one system to another

Obtaining ACOS UUID from the GUI

Obtaining ACOS UUID from the CLI

Obtaining an aGalaxy UUID

Signing Into GLM

Activation Key License Installation

The following topics are covered:

Installing Activation Key

Activation Key Installation from the GUI

Activating the license on 4.1.4-GR1-P2 or later releases.

c. Select one of the following ways to enter the activation:

Activation Key Installation from the CLI

4. Close your CLI session.

NOTE: Reboot ACOS after verification to ensure the full functionality of

Using keyboard-interactive authentication.

ACOS system is ready now.

2. Import and installs the license.

Importing a License to ACOS 4.1.x and Later through the CLI

4. Close your CLI session.

ACOS system is ready now.

[type ? for help]

2. Import and installs the license.

Importing a License to ACOS 2.7.x-4.0.x through the CLI

4. Close your CLI session.

NOTE: Reboot ACOS after verification to ensure the full functionality of

Last login: Mon Aug 2 07:58:10 2010

[type ? for help]

The following command installs the activation key license: