Cisco FTD Evaluation Mode

bhavin-vadodaria — Tue, 30 Dec 2025 11:41:40 GMT

Hello Team,

I am testing a Cisco Firepower 1010 physical appliance running FTD 7.2.5 in standalone mode. The device is currently in Evaluation mode (no licenses applied).

Observed behavior:

Internet traffic works when allowed in Access Control.
Internet traffic doesnt work when blocked below allowed rules in Access Control.
Malware test URLs (EICAR) are not blocked
Threat / malware sites are allowed
All URLs appear as Uncategorized in event logs
“Malware & File” policy option is not visible in GUI
URL category-based rules never match

I have verified:

Access Control policies are applied correctly
DNS and HTTP/HTTPS are allowed when configured under ports however doesnt work when allowed under Applications.
Logging is enabled
SSL decryption is disabled

My questions:

Are Malware, URL Filtering, and IPS enforcement disabled by design in Evaluation mode?
Is a valid Malware / URL / Threat license mandatory for:
- Malware blocking
- URL categorization
- Talos reputation verdicts?
Is it expected that all URLs show as Uncategorized without URL license?

Please confirm if this behavior is expected and license-dependent, or if there is any limitation specific to FTD 7.2.5.

Thank you.

Re: Cisco FTD Evaluation Mode

Cristian Matei — Tue, 30 Dec 2025 12:22:49 GMT

Hi,

It needs to work, however you need to first perform content updates, for URL and Malware. Also, from device configuration, ensure all licenses are checked.

Thanks,

Cristian.

Re: Cisco FTD Evaluation Mode

bhavin-vadodaria — Thu, 01 Jan 2026 10:53:17 GMT

Thank you for an update. Yes, but before performing content updates or anything make sure NTP is in sync to get all the updates.

topic Cisco FTD Evaluation Mode in Network Security

Cisco FTD Evaluation Mode

Re: Cisco FTD Evaluation Mode

Re: Cisco FTD Evaluation Mode