Solved: Cisco Firepower Base Licenses Issue

Himanshu_Dwivedi · ‎04-02-2024

I am using Cisco Firepower 1120 in High Availability without FMC. Customer did not purchased additional license license like URL, VPN etc etc. So I think base license covers basic functionality like inferface configuration, NAT etc etc. Customer doesnt have the smart account as for now. I am trying to deploy the configuration, but is is getting failed with Error message, the devices does not contain the base license.

How to get this issue resolved?

Marvin Rhoads · ‎04-02-2024

If you use evaluation mode, the product will continue to have normal functionality (with alarms for the license status).

View solution in original post

Himanshu_Dwivedi · ‎04-02-2024

Okay, suppose the firewall has the Base License and if the Evaluation Period Expires, it will continue its operation without any issue, but can I deploy some changes in firewall?

View solution in original post

Rob Ingram · ‎04-03-2024

@Himanshu_Dwivedi base features will continue to work (ACP, Site-to-Site VPN, NAT etc) without additional licenses. You would be unable to use the features that required additional licensing and you would be unable to deploy changes until you modify your Access Control rules to remove reference to any feature that uses the expired license, such as URL, File, Malware, IPS etc.

View solution in original post

Rob Ingram · ‎04-02-2024

@Himanshu_Dwivedi the device would come with the Base license, unless the device been reimaged? Register the device in Cisco Smart Software Manager

https://www.cisco.com/c/en/us/td/docs/security/firepower/660/fdm/fptd-fdm-config-guide-660/fptd-fdm-license.html

Himanshu_Dwivedi · ‎04-02-2024

Customer do not have smart account as for now. Presently I have take the backup of firewall and downloaded. Then I did Factory Reset and after reooting the firewall, restore the configuration. I believe the firewall will be operation forever, Just a quick question, can we make some changes in the configuration after 90 days?

Marvin Rhoads · ‎04-02-2024

If you use evaluation mode, the product will continue to have normal functionality (with alarms for the license status).

Himanshu_Dwivedi · ‎04-02-2024

Okay, suppose the firewall has the Base License and if the Evaluation Period Expires, it will continue its operation without any issue, but can I deploy some changes in firewall?

Rob Ingram · ‎04-03-2024

@Himanshu_Dwivedi base features will continue to work (ACP, Site-to-Site VPN, NAT etc) without additional licenses. You would be unable to use the features that required additional licensing and you would be unable to deploy changes until you modify your Access Control rules to remove reference to any feature that uses the expired license, such as URL, File, Malware, IPS etc.

Himanshu_Dwivedi · ‎04-03-2024

This means that I can modify the configuration related to S2S VPN and NAT etc, even after license Expired.

Rob Ingram · ‎04-03-2024

@Himanshu_Dwivedi to be clearer you won't be able to deploy changes for the S2S VPN or NAT if you are using licensed features in the Access Control rules and the license has expired, you need to remove reference to them.