Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
369
Views
1
Helpful
1
Replies

Access control policy inheritance and licensing

Antonio Macia
Level 7
Level 7

‎02-23-2026 06:38 AM

Hi,

We have a hierarchical access policy where the parent policy is applied to some firewalls and child policy to others. On the parent policy we have some rules with IPS functionality enabled and all the firewalls associated to the parent policy have the corresponding Threat license.

On the other hand, we have another child firewall policy without any IPS rule targeting a different firewall thas has no Threat license. I get a licensing issue when deploying because this firewall is inheriting the parent policy even thought the rules with IPS policy has nothign to do with the child firewall. Any way to have a child firewall attached to a child policy without licensing issues? I trying to reduce the number policies, having a single one.

Regards.

0 Helpful
1 Reply 1

Ben Weber
Spotlight
Spotlight

‎03-03-2026 07:30 PM

Hey @Antonio Macia,

Unfortunately, as far as I know, child policies inherit the requirements from the parent policy, which means that you would need to obtain a Threat license for the new firewall. Even if the child policy isn't using the IPS enabled parent policies, the use of IPS policies mandates the attachment of a Threat license for all devices receiving child policies. 

I can't find this explicitly laid out in any Cisco doc, but I am pretty sure that this is how it works. 

- BW
Please rate posts if they have been helpful.
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card