https://community.cisco.com/t5/network-security/ftd-payg-licensing-in-aws-to-enable-aes256-encryption/m-p/5293919#M1121147 <P>I'm trying to test a FTD in AWS. I'm using the PAYG AMI (ami-04d7dfdc0d700e259). I assumed it would include the required licensing as it a PAYG. Fortinet, PAN, F5 etc include the licensing with their PAYG AMIs.</P><P>When I try to add a new IKEv2 policy using AES256, I get the following error: "Usable cryptography types are currently restricted by the licensing status of the device"<BR /><BR />How do I enable the full license for the PAYG instance? I need to test an IPSec scenario and only need the device for a few days. It's currently using an Evaluation license - how do I make it use the hourly PAYG license from AWS?<BR /><BR /><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="Screenshot 2025-05-27 at 11.25.59 am.png" style="width: 541px;"><img src="https://community.cisco.com/t5/image/serverpage/image-id/245459i31972A57FB1A9B60/image-size/large?v=v2&amp;px=999" role="button" title="Screenshot 2025-05-27 at 11.25.59 am.png" alt="Screenshot 2025-05-27 at 11.25.59 am.png" /></span><BR /><BR /><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="Screenshot 2025-05-27 at 11.31.26 am.png" style="width: 316px;"><img src="https://community.cisco.com/t5/image/serverpage/image-id/245460i93653F252F2278CB/image-size/large?v=v2&amp;px=999" role="button" title="Screenshot 2025-05-27 at 11.31.26 am.png" alt="Screenshot 2025-05-27 at 11.31.26 am.png" /></span></P> Tue, 27 May 2025 01:33:55 GMT smithy-au 2025-05-27T01:33:55Z https://community.cisco.com/t5/network-security/ftd-payg-licensing-in-aws-to-enable-aes256-encryption/m-p/5293919#M1121147 <P>I'm trying to test a FTD in AWS. I'm using the PAYG AMI (ami-04d7dfdc0d700e259). I assumed it would include the required licensing as it a PAYG. Fortinet, PAN, F5 etc include the licensing with their PAYG AMIs.</P><P>When I try to add a new IKEv2 policy using AES256, I get the following error: "Usable cryptography types are currently restricted by the licensing status of the device"<BR /><BR />How do I enable the full license for the PAYG instance? I need to test an IPSec scenario and only need the device for a few days. It's currently using an Evaluation license - how do I make it use the hourly PAYG license from AWS?<BR /><BR /><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="Screenshot 2025-05-27 at 11.25.59 am.png" style="width: 541px;"><img src="https://community.cisco.com/t5/image/serverpage/image-id/245459i31972A57FB1A9B60/image-size/large?v=v2&amp;px=999" role="button" title="Screenshot 2025-05-27 at 11.25.59 am.png" alt="Screenshot 2025-05-27 at 11.25.59 am.png" /></span><BR /><BR /><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="Screenshot 2025-05-27 at 11.31.26 am.png" style="width: 316px;"><img src="https://community.cisco.com/t5/image/serverpage/image-id/245460i93653F252F2278CB/image-size/large?v=v2&amp;px=999" role="button" title="Screenshot 2025-05-27 at 11.31.26 am.png" alt="Screenshot 2025-05-27 at 11.31.26 am.png" /></span></P> Tue, 27 May 2025 01:33:55 GMT https://community.cisco.com/t5/network-security/ftd-payg-licensing-in-aws-to-enable-aes256-encryption/m-p/5293919#M1121147 smithy-au 2025-05-27T01:33:55Z https://community.cisco.com/t5/network-security/ftd-payg-licensing-in-aws-to-enable-aes256-encryption/m-p/5294102#M1121155 <P>You need to register the device to your Smart Account.</P> Tue, 27 May 2025 12:41:56 GMT https://community.cisco.com/t5/network-security/ftd-payg-licensing-in-aws-to-enable-aes256-encryption/m-p/5294102#M1121155 ahollifield 2025-05-27T12:41:56Z https://community.cisco.com/t5/network-security/ftd-payg-licensing-in-aws-to-enable-aes256-encryption/m-p/5294345#M1121160 <P>But I don't have one. I would have thought the PAYG would cover the license and the compute.</P><P>So I need to register for a Smart Account for testing a PAYG instance?</P><P>I'm using Terraform to build and automate - can the Smart License also be automated?</P> Wed, 28 May 2025 05:36:17 GMT https://community.cisco.com/t5/network-security/ftd-payg-licensing-in-aws-to-enable-aes256-encryption/m-p/5294345#M1121160 smithy-au 2025-05-28T05:36:17Z https://community.cisco.com/t5/network-security/ftd-payg-licensing-in-aws-to-enable-aes256-encryption/m-p/5294385#M1121162 <P>This is hopeless. I guess I'll stick with my Forti.</P> Wed, 28 May 2025 07:31:21 GMT https://community.cisco.com/t5/network-security/ftd-payg-licensing-in-aws-to-enable-aes256-encryption/m-p/5294385#M1121162 smithy-au 2025-05-28T07:31:21Z https://community.cisco.com/t5/network-security/ftd-payg-licensing-in-aws-to-enable-aes256-encryption/m-p/5294502#M1121168 <P>No. But it's not about the license. It's about the export control features. Cisco must make sure you are a company who is able to and located in a geography that is allowed to use advanced encryption algorithms.</P> Wed, 28 May 2025 12:03:39 GMT https://community.cisco.com/t5/network-security/ftd-payg-licensing-in-aws-to-enable-aes256-encryption/m-p/5294502#M1121168 ahollifield 2025-05-28T12:03:39Z https://community.cisco.com/t5/network-security/ftd-payg-licensing-in-aws-to-enable-aes256-encryption/m-p/5294806#M1121189 <P>Just to add to what&nbsp;<a href="https://community.cisco.com/t5/user/viewprofilepage/user-id/199513">@ahollifield</a>&nbsp;mentioned, the actual licenses will be included in the PAYG subscription, for instance malware, URL filtering, etc will be included without having to buy any smart licenses. However, you still need a smart account to be activate it before you can register the device and it's actually a prerequisite as you can see in the link below:</P> <P><A href="https://www.cisco.com/c/en/us/td/docs/security/firepower/quick_start/consolidated_ftdv_gsg/ftdv-gsg/m_ftdv_aws_gsg.html#con_7759445" target="_blank">Cisco Secure Firewall Threat Defense Virtual Getting Started Guide, Version 7.2 and Earlier - Deploy the Threat Defense Virtual on AWS [Cisco Secure Firewall Threat Defense Virtual] - Cisco</A></P> Thu, 29 May 2025 09:55:53 GMT https://community.cisco.com/t5/network-security/ftd-payg-licensing-in-aws-to-enable-aes256-encryption/m-p/5294806#M1121189 Aref Alsouqi 2025-05-29T09:55:53Z