Cisco Firepower Smart License

saxenanitesh8522 · ‎11-10-2019

Hi,

We had a migration of the link and post that the smart license is not getting synced.

We have established the link for the internet again but it doesn’t seem to be working.

Request to know if we reauth or renew the license will there will any outage or it will just update the license communication only?

I have 2 doubts:-

1. ip-client inside --> is this suppose to be inside or outside as my default route is pointing outside. Or will it take inside IP address and go out using the outside interface ip address?

2. license smart renew reauth --> will it just send a reauth request right? it wont delete or go into eval mode for the license?

Thanks,

Regards

Francesco Molino · ‎11-10-2019

Hi

You're talking about ftd with fmc or fdm?
Anyway, smart license is done using the management interface usually. If you force a reauth it won't delete anything, meaning if it can't reauth to smartportal license you'll get out of compliance message but no going back to evaluation mode.

The real question is what change have you done exactly? A new interface for Internet access? Maybe you're missing a nat statement?

Thanks
Francesco
PS: Please don't forget to rate and select as validated answer if this answered your question

saxenanitesh8522 · ‎11-10-2019

Hi,

I am talking about firepower as asa mode.

saxenanitesh8522 · ‎11-10-2019

Hi,

I have done two changes:-

1. my earlier line was ADSL line where i changed to Lease Line --> i can resolve/ping thats not a probilem

2. I have connected management port of the firewall.

I have used ADSL to update the firewall without nat and using outside port.

Francesco Molino · ‎11-10-2019

Do you ping tools.cisco.com from your asa? Have you enabled dns domain lookup on your outside interface?

These are the only things needed to allow communication to Cisco smart licensing portal

Thanks
Francesco
PS: Please don't forget to rate and select as validated answer if this answered your question

saxenanitesh8522 · ‎11-10-2019

yes and it stuck in pending authorization n last communication failed.

my doubt is just that command ip client inside.

n running that command license reauth to start something.

ping is blocked but DNS resolution is happening.

Francesco Molino · ‎11-11-2019

The source should be the outside by default.
Did you do a packet capture on your asa to see if communication is happening?

Thanks
Francesco
PS: Please don't forget to rate and select as validated answer if this answered your question

saxenanitesh8522 · ‎11-24-2019

if we do a reauth or re-register will there be any outage?

Francesco Molino · ‎11-25-2019

You shouldn't get any outage except if the re-register works and you receive a license with less features/bandwidth for example.
To keep your license level you must not unregister completely the device.

Thanks
Francesco
PS: Please don't forget to rate and select as validated answer if this answered your question

saxenanitesh8522 · ‎12-03-2019

Just to update you the issue got resolved.

We had re-register the device with a new token and it worked.

Francesco Molino · ‎12-05-2019

Glad that works!

Thanks
Francesco
PS: Please don't forget to rate and select as validated answer if this answered your question