I had an issue with a firewall that showed three blades, TP-blades, licensed as “evaluation” and furthermore the license was expired.

The firewall itself, showed the licenses to be alright as shown in the picture below:

Various things were tried in order to solve the issue, but none of them made any difference.

• cplic eval_disable
• Removing all unnecessary licenses
• Verify connectivity to Check Point contracts service (curl_cli [–proxy ] -v -k https://usercenter.checkpoint.com/usercenter/services/ProductCoverageService)
• Disable Plug’n’Play – $CPDIR/bin/cpprod_util CPPROD_SetPnPDisable 1 [1]
• Remove Plug’n’Play config file [1]
• Install an All-in-One eval license

[1] https://community.checkpoint.com/t5/General-Topics/Delete-trail-license/td-p/56751

The solution

The evaluation licenses were still present in the management database and had to be removed manually.
NB: Fiddle around in the database at your own risk. Remember to back up the system before doing anything.

Expert@Mgmt01]: psql_client monitoring postgres
monitoring=# select * from entitlement where exp_date <=’2019-12-27′;
monitoring=# delete from entitlement where blade_name=’Anti-Virus’ and entitlement_status=’Evaluation’;

Edit: The fault could happen due to- or come in tandem with a bug in VSX (sk164917), where certain VS are missing contracts files for IPS, AppCtrl and URL filtering. This bug is fixed in latestest R80.xx HFAs