Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1377
Views
5
Helpful
3
Replies

CISCO ASA 5506-x with Firepower Servies migration to FTP (Firepower Threat Defence)

Go to solution
drughetto
Level 1
Level 1

‎05-04-2017 02:35 AM

Hi own a CISCO 5506-SEC-BUN-K9 with Security Plus License managed by a FireSight Management Center Virtual Appliance and I would like to migrate to the new FTD system.

Despite I read all the documetation I've been able to find, I'm still unsure about what steps have to be carried out to perform such a migration.

It looks like standard licenses have to be converted to Smart Licenses. Then (as far as I understood) only unfulfilled standard licenses can be converted to smart. Also standard account have to be migrated to Smart Account.

First question : In order to convert Standard Account to Smart Account a company email is required. What if I want to use my personal email instead, since I have ASA equipment in my own lab?

Second question : As far as I understand an unfulfilled ASA5506-CTRL-LIC license is needed to be migrated to Smart License to enable "Control + Protection" features on ASA. Is that correct?

Then if I want to enable IPS functionality I need a "Threat" license subscription as L-ASA5506-T-T-1Y. Is that correct too?

Firesight Management Center Virtual Appliance doesn't need a license once migrated to FTD. Correct?

Then I also need a SmartNet contract to download software and to keep ASA updated? I read about a "Smart Net Total Care without RMA Software and installation-focused TAC support only, no RMA or other TAC support", but couldn't find any part number for that one. 

Thanks for your support and your replies.

Nicola

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Marvin Rhoads
Hall of Fame
Hall of Fame
In response to drughetto

‎05-04-2017 07:08 AM

There's not currently a conversion process for the FMC SKUs. The new ones are still pretty fresh out of the gate so I wouldn't rule out this being offered in the future to enable FTD adoption. (just my guess - no rumor of that at this point)

The threat license is one with an associated cost as it includes what was in the old CTRL (free) plus IPS subscription (paid term). So - no - those will not ever be offered as a free conversion.

If you work for a partner you can get the above licenses as limited term lab licenses. If you're doing it on your own though that's not offered.

View solution in original post

0 Helpful
3 Replies 3

Go to solution
Marvin Rhoads
Hall of Fame
Hall of Fame

‎05-04-2017 06:16 AM

I believe you can use your personal email if the Smart Account is for personal use. You do need to have a CCO ID associated with that email address.

You do NOT need to have the CTRL license when using FTD. The new Threat license type covers that along with the IPS term license.

The old FMC SKU (FS-VMW-2-SW-K9) is technically only for management of ASA FirePOWER service modules - not FTD devices (no matter what platform - even a 5506).

There is instead a new Smart license-enabled SKU SF-FMC-VMW-2-K9. That is the same software but the licensing is unrestricted with respect to the type of FirePOWER devices it can manage. The FMC technically does not require a Smart or PAK-based license but it is instead a right-to-use license that you receive by virtue of buying the product. To be entitled to upgrades on it, you need to purchase the associated software support (part number CON-ECMU-SFMMCVWK).

For the ASA (FTD) software there is the traditional hardware with software and TAC support contract as well as the one you mentioned (and many other variations). The two that I'm talking about are:

CON-SNT-ASAK506F
SNTC-8X5XNBD ASA 5506-X with Firepower Threat Defense

CON-SW-ASAK506F
SNTC-NO RMA ASA 5506-X with Firepower Threat Defense

...respectively.

Go to solution
drughetto
Level 1
Level 1
In response to Marvin Rhoads

‎05-04-2017 06:57 AM

Hi Marvin,

thanks a lot for your reply. Just few more questions.

Since I own a FS-VMW-2-SW-K9 license, is it possible to convert it to SF-FMC-VMW-2-K9?

I also have a ASA5506-CTRL-LIC unfulfilled license. Any chance to convert that one too to Threat license?

Thanks

Nicola

0 Helpful

Go to solution
Marvin Rhoads
Hall of Fame
Hall of Fame
In response to drughetto

‎05-04-2017 07:08 AM

There's not currently a conversion process for the FMC SKUs. The new ones are still pretty fresh out of the gate so I wouldn't rule out this being offered in the future to enable FTD adoption. (just my guess - no rumor of that at this point)

The threat license is one with an associated cost as it includes what was in the old CTRL (free) plus IPS subscription (paid term). So - no - those will not ever be offered as a free conversion.

If you work for a partner you can get the above licenses as limited term lab licenses. If you're doing it on your own though that's not offered.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card