About ThreatSync+ NDR Licenses
Applies To: ThreatSync+ NDR
ThreatSync+ NDR extends the existing ThreatSync functionality in WatchGuard Cloud and offers enhanced network detection and response, network device identification, and advanced reporting for Fireboxes, third-party firewalls, and LAN infrastructure.
License Types
ThreatSync+ NDR is licensed for each user.
There are four types of licenses:
Term Licenses
A term license has a set number of
Subscription Licenses
A subscription license enables you and your managed accounts to add
Trial Licenses
Trial licenses of
NFR Licenses (Service Providers only)
A Not for Resale license includes a set number of
Allocation Types
When Service Providers allocate
Term Allocation
When you allocate
Subscription Allocation
When you allocate
Term License Activation
You can activate licenses on the Activate Licenses page on the WatchGuard website. For more information, go to Activate a ThreatSync+ NDR License.
After you activate a ThreatSync+ NDR license, you can review the activated licenses for your account in Support Center on the ThreatSync page. Click the name of a license to view the details and history of that license.
Licenses work differently for WatchGuard Cloud Subscriber and Service Provider accounts.
Subscribers
Subscriber accounts can only have one product license. When a Subscriber account activates a new license key in the Support Center, it is used to modify the current active license. You can use a new license to add
Service Providers
Service Providers can have many product licenses. When a Service Provider activates a new license key, they can use it to modify an active license or add a new, separate license. After activation, the license appears in the Service Provider inventory in WatchGuard Cloud, but the expiration date of the license is tracked separately.
License Renewals
To renew a license or modify an existing license, you purchase a new license and activate it. When you activate the new license, you select whether to add
Co-terming consolidates or merges your term licenses to synchronize renewal dates. When you co-term licenses, a new expiration date is calculated based on the updated
If you have an active subscription license, when you renew a term license, your subscription usage count reduces automatically so that only the
When you extend your license, if you purchased the same number of
To renew with fewer
When you renew the license for fewer
If you have an active subscription license, when you renew or upgrade a term license your subscription usage is automatically updated so that only the
Overallocation
Service Provider accounts could become overallocated when an account they manage allocates more users than there are available in the license. When a Service Provider account becomes overallocated, ThreatSync+ NDR continues to monitor network traffic, but access to the ThreatSync+ NDR management UI is disabled. The current number of users allocated shows on the dashboard.
Devices Exceed License
ThreatSync+ NDR will monitor active network devices for up to two times the number of users in the license. If your license is for 250 users, then ThreatSync+ NDR monitors network data for up to 500 active network devices (for example, workstations, mobile phones, IP phones, servers, cameras, or other IOT devices).
If the number of active devices exceeds the number available for licensed users, a warning message displays in WatchGuard Cloud and ThreatSync+ NDR stops monitoring network traffic for 24 hours. After 24 hours, the number of devices is re-evaluated. If the number is within the limits of the license, then ThreatSync+ NDR starts to monitor network traffic again.
To view a graph of the number of internal devices monitored over time, review the ThreatSync+ NDR monitoring dashboard (Monitor > ThreatSync+ NDR > Network Summary > Total Devices > Devices Over Time).
For more information on ThreatSync+ NDR licensing and enforcement, go to this Knowledge Base article: FAQ on ThreatSync+ NDR Licensing. (external)
License Expiration
ThreatSync+ NDR licenses expire on the expiration date at 00:00 UTC. After a ThreatSync+ NDR termed license expires, there is a seven-day grace period.
- If you renew your license before the grace period ends, no further action is required.
- If you do not renew your license before the grace period ends, ThreatSync+ NDR no longer monitors network traffic and access to the ThreatSync+ NDR management UI is disabled.
If you are a Service Provider with multiple licenses, ThreatSync+ NDR continues to monitor network traffic. After you renew your license, you can access the ThreatSync+ NDR management UI.
For accounts with an active subscription license and a term license, when the termed license expires, users in excess of the termed license are billed as subscription users.