New license warnings: "Your "ETF" key will expire in under 90 day(s). "

Bryan Hance · ‎05-30-2019

Hello,

My C170's are suddenly sending warnings re: "Your "ETF" key will expire in under 90 day(s). "

I've never heard of this key or ETF in any context re: licensing whatsoever. Anybody have any clues here?

All I've found is this:

https://www.cisco.com/c/en/us/td/docs/security/ces/user_guide/esa_user_guide_12-0/b_ESA_Admin_Guide_ces_12_0/b_ESA_Admin_Guide_ces_12_0_chapter_0110001.html

" The External Threat Feeds (ETF) framework allows the Cisco Email Security Gateway to consume external threat information in STIX format communicated over TAXII protocol. "

Ken Stieers · ‎05-30-2019

Weird since ETF is new on 12.0 and 170s shouldn't be able to get 12.0...

https://www.cisco.com/c/dam/en/us/td/docs/security/esa/esa12-0/ESA_12-0_Release_Notes.pdf

pg 2 has a bit more about ETF, pg 9 says your 170s shouldn't get it...

You don't have a key listed in the Feature Keys page, right?

Bryan Hance · ‎05-30-2019

Correct, nothing listing "ESA" or anything like that in feature keys ...I'm wondering if this is just a one off warning in error.

Ken Stieers · ‎05-30-2019

Might be...

If you get another one at 60/45/30, I'd probably open a case...

dmccabej · ‎05-30-2019

I believe the EFT key (External Threat Feeds) is added to any new/renewed license. As Ken mentioned, your C170 won't be able to upgrade beyond 11.0.x so it won't hurt anything either way as it will not be utilized. If you're insistent on it being removed then you can always reach out to licensing and ask them if that would be possible.

Thanks!

-Dennis M.