cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
354
Views
3
Helpful
7
Replies

Cisco Firepower Base Licenses Issue

I am using Cisco Firepower 1120 in High Availability without FMC. Customer did not purchased additional license license like URL, VPN etc etc. So I think base license covers basic functionality like inferface configuration, NAT etc etc. Customer doesnt have the smart account as for now. I am trying to deploy the configuration, but is is getting failed with Error message, the devices does not contain the base license.

 

How to get this issue resolved?

3 Accepted Solutions

Accepted Solutions

If you use evaluation mode, the product will continue to have normal functionality (with alarms for the license status).

MarvinRhoads_0-1712059813622.png

 

View solution in original post

Okay, suppose the firewall has the Base License and if the Evaluation Period Expires, it will continue its operation without any issue, but can I deploy some changes in firewall?

View solution in original post

@Himanshu_Dwivedi base features will continue to work (ACP, Site-to-Site VPN, NAT etc) without additional licenses. You would be unable to use the features that required additional licensing and you would be unable to deploy changes until you modify your Access Control rules to remove reference to any feature that uses the expired license, such as URL, File, Malware, IPS etc.

 

View solution in original post

7 Replies 7

@Himanshu_Dwivedi the device would come with the Base license, unless the device been reimaged? Register the device in Cisco Smart Software Manager

https://www.cisco.com/c/en/us/td/docs/security/firepower/660/fdm/fptd-fdm-config-guide-660/fptd-fdm-license.html

 

Customer do not have smart account as for now. Presently I have take the backup of firewall and downloaded. Then I did Factory Reset and after reooting the firewall, restore the configuration. I believe the firewall will be operation forever, Just a quick question, can we make some changes in the configuration after 90 days? 

If you use evaluation mode, the product will continue to have normal functionality (with alarms for the license status).

MarvinRhoads_0-1712059813622.png

 

Okay, suppose the firewall has the Base License and if the Evaluation Period Expires, it will continue its operation without any issue, but can I deploy some changes in firewall?

@Himanshu_Dwivedi base features will continue to work (ACP, Site-to-Site VPN, NAT etc) without additional licenses. You would be unable to use the features that required additional licensing and you would be unable to deploy changes until you modify your Access Control rules to remove reference to any feature that uses the expired license, such as URL, File, Malware, IPS etc.

 

This means that I can modify the configuration related to S2S VPN and NAT etc, even after license Expired.

@Himanshu_Dwivedi to be clearer you won't be able to deploy changes for the S2S VPN or NAT if you are using licensed features in the Access Control rules and the license has expired, you need to remove reference to them.

 

Review Cisco Networking products for a $25 gift card