Solved: Re: Firepower Management center license

giridar · ‎12-02-2019

All,

Have 2 5525 ASA's with Source Fire with URL/IPS and AV license for both SF modules

planning to bring in a firepower management center virtual appliance to mange SF modules for HA

could advise me on the license that I need to purchase

Marvin Rhoads · ‎12-02-2019

The FMC license is only for FMC to manage the devices. 2 of them in this case.

You need to add the licenses of the managed Firepower service modules themselves into FMC.

If you've already redeemed them for ASDM-based management, then you must rehost them to FMC (using software.cisco.com portal). FMC will then have them available and is used assign them to the Firepower service modules.

FTD devices work similarly except they use Smart licenses instead of PAK-based ones.

View solution in original post

Marvin Rhoads · ‎12-17-2019

Correct you do not need to INSTALL a classic (PAK-based) license for FMC itself since version 6.0.

If you are managing FTD products with your FMC, then you must have it licensed via via the Cisco portal with a Smart software license.

Either way, you are still required to HAVE a license for right-to-use the product since it is not free.

View solution in original post

Marvin Rhoads · ‎12-02-2019

Cisco offers 4 license options for the FMCv. The entry level one covers two devices such as you have.

The SKU (part number) is SF-FMC-VMW-2-K9.

We would typically combine it with a support contract. The part number for that is SF-FMC-VMW-2-K9. The support contract needs an associated term (usually 1, 3 or 5 years).

giridar · ‎12-02-2019

thank you, does SKU SF-FMC-VMW-2-K9 include license for URL/AV an IPS

what about my existing licenses

Marvin Rhoads · ‎12-02-2019

The FMC license is only for FMC to manage the devices. 2 of them in this case.

You need to add the licenses of the managed Firepower service modules themselves into FMC.

If you've already redeemed them for ASDM-based management, then you must rehost them to FMC (using software.cisco.com portal). FMC will then have them available and is used assign them to the Firepower service modules.

FTD devices work similarly except they use Smart licenses instead of PAK-based ones.

giridar · ‎12-08-2019

just another thing, do I need a separate license for FTD

Marvin Rhoads · ‎12-08-2019

Yes, FTD devices require licensing.

Technically you can run them with the free Base software license but almost nobody does so because you would not be availing yourself of many of the available features.

The available Firepower Threat Defense–related licenses and subscriptions include functionality like Security Intelligence and Next-Generation IPS (“T”), Advanced Malware Protection (“M”), and URL Filtering (“C”). They are available singly or in combination and for terms or 1-, 3- or 5-years.

There is also AnyConnect licensing (Plus or Apex) if you want to use remote access VPN.

giridar · ‎12-17-2019

Hi Marvin,

thanks a lot and sorry to trouble

I purchased the license and added the key using classic licensing, but it shows firesight license no longer required for FMC version 6 or higher

please advise

Marvin Rhoads · ‎12-17-2019

Correct you do not need to INSTALL a classic (PAK-based) license for FMC itself since version 6.0.

If you are managing FTD products with your FMC, then you must have it licensed via via the Cisco portal with a Smart software license.

Either way, you are still required to HAVE a license for right-to-use the product since it is not free.

giridar · ‎12-17-2019

thank you very much