Re: Cisco Firepower licensing

donnie · ‎03-13-2019

I have the following queries regarding configuring and licensing for Cisco Firepower.

1) Can i configure and manage Cisco Firepower as a normal firewall with high availability (without next gen features such as application control, IPS and URL filtering) using web interface without firepower management center (FMC)?

2) If FMC is deployed in my environment, do i need to activate any licensing before i can use FMC? If yes, can i activate it using my smartnet account?

TIA!

GRANT3779 · ‎03-13-2019

Hi Donnie,

First question would be what model of appliance are we talking about here as FDM is only supported on certain hardware.

1) I have seen deployments of FTD Devices being used with no IPS/URL Filtering etc when pushed out via FMC. This was a specific customer who did not have/want the relevant licenses. One thing to watch out for is the default DNS Policy if going down this route as it will flag an error when you try to push out a policy. This is it due to it (by default) using a licensed feature as part of DNS Policy. You can create a new one and attach that to your ACP to get by this.

I would assume this can also be done via the FDM (On-board manager), but never tried. However, you cannot configure HA if using local FDM.

2) For Smart Licensing I believe you will still need at a bare minimum the device license which are 2 ,10 or 25 device bundles. This is allow you to manage the actual device via the FMC.

Marvin Rhoads · ‎03-13-2019

FDM supports HA as of release 6.3.

GRANT3779 · ‎03-13-2019

Ah thanks for that Marvin. Did not know this.