: Offboard IoT Security Subscriptions
Focus
Focus

Offboard IoT Security Subscriptions

Table of Contents

Offboard IoT Security Subscriptions

Deactivate IoT Security licenses, transfer IoT Security subscriptions, or let them expire.
There are three ways to offboard IoT Security services from a firewall:
  • Deactivate the IoT Security license on a firewall and optionally transfer it to another firewall
  • Transfer a firewall from one customer support portal (CSP) account to another
  • Let the subscription expire

Deactivate Firewalls and Transfer Licenses

If you want to remove an IoT Security license from a firewall—and perhaps then use the license on another firewall—you can do so on the Customer Support Portal.
  1. Log in to your Customer Support Portal account.
  2. Disassociate IoT Security licenses from one or more firewalls.
    1. Select License ManagementActivated Licenses, select the license-to-firewall associations that you want to sever based on firewall serial numbers, and then Deactivate Licenses.
    2. Confirm the deactivation.
      If you want to apply the deactivated licenses to other firewalls and you have multiple IoT Security license purchase orders, note the number of available licenses in the orders on the Activate Products page before confirming the deactivation. Then when you return to this page after deactivating licenses, you can tell which order they were returned to because the license number will have increased.
      This dissociates the selected IoT Security licenses from the firewall serial numbers and returns them to the pool of available licenses in the original order on the Activate Products page.
  3. Associate licenses with other firewalls or reassociate them with the same firewalls.
    1. Select Activate ProductsReady for Activation and then click Activate Now for the order with licenses to activate.
    2. Follow the workflow described in Onboard IoT Security.
      When you reach the point in the onboarding workflow when you select firewalls to subscribe to IoT Security, you can see the length of time remaining for each license in the Purchased Term drop-down list. If you want to apply the same license that you just deactivated to another firewall, you’ll notice that its remaining length of unused time will be shorter than other licenses that haven’t yet been put in service. For example, if the original order contains licenses valid for three years and you used a license for one year before deactivating it, you can easily spot it because its remaining validity period will be the only one listed as just two years.

Transfer Firewalls between CSP Accounts

If you have two CSP accounts or are an MSSP managing multiple accounts, you can transfer a firewall from one account to another, perhaps because you’re moving it to a different location managed by a different team with their own account. When you transfer the firewall, all its licenses are transferred along with it. To do this, log in to the CSP and click Devices. Find the device you want to transfer, click its serial number to open a device details pane for it, and then click Transfer Ownership. In the Device Transfer dialog box that appears, enter the destination email address of the owner of the account to which you’re transferring the firewall.

Let the IoT Security Subscription Expire

When a firewall no longer has an IoT Security subscription because it expired (and there is no pending license renewal), IoT Security services for that firewall stop and the connection between IoT Security and the firewall is terminated. IoT Security unsubscribes from the firewall log feed. As a result, it stops receiving and processing logs from that firewall. The firewall stops receiving new policy recommendations and IP address-to-device mappings, and it clears its cached mappings after 200 minutes (about three hours). At that point, none of the device-based policy rules using Device-ID will work and should be removed from your policy set. An efficient way to remove them is to check the Source Device and Destination Device columns on the PoliciesSecurity page and remove all rules that have entries in either of these two columns.