Thanks for your kind support Marvin. Once i applied control license protection, control and URL licensing become enable. 

Dear Marvin,

Hope you are doing great. I have faced a problem today once i attempted to configure a ASA 5516 Firewall with Firepower services.

I have the control license, IPS and AMP license along with Firesight license. I have downloaded the licenses, extract and upload in ASDM. It says license have been submitted successfully. But when i tried to submit the license for Firesight, it became failed. Another problem is I can see the license status in ASDM, But when i try to see it in Firesight Management center 6.2, it doesn't show any license information. I was unable to see my license status in FMC.

PLs suggest us what shall i need to do.

Regards,

Rajiul

Rajiul,

You can only manage a FirePOWER module from one platorm or the other - not both. So if you are using local managment (ASDM) then you cannot use FirePOWER Management Center (FMC).

Also, as of version 6.0, FMC does not require the classic license to be applied to it. If you have one and try to apply it you will get the invalid license type error. You still need a license but it is "right-to-use" and not one that you must (or are able to) install. Newer devices such as FTD do require that you register your FMC with a Smart license via Cisco's licensing portal.

Dear Marvin,

Thnx for your precious suggestions. Shall i do smart licensing for my ASA 5516 or go with classic licensing? I did see my licenses installed in ASDM as i told before, but i was unable to see it in FMC. So what shall i go now? Does the smart licensing will solve my problem or adding the classic licensing?

Regards,

Rajiul

You will need to rehost any classic licenses that you had applied using ASDM.

They still need to be classic licenses. ASA FirePOWER service modules only use classic licenses. It is the newer FTD images that use smart licenses.

The only time you use smart licenses with a native ASA is when it is a logical device on a FirePOWER 4100 or 9300 platform. 

Dear Marvin,

THnx for your suggestion. Forgive me if im asking same question again. Actually i am new in this field and this is my first ASA with FP deployment. I didn't see the license status in FMC 6.2 just because i was also logged in ASDM simultaneously or anything else? Shall i add the license in classic mode in FMC again? I have installed the licenses in ASDM before. does it make any impact?

Sorry again for my apology.

Rajiul

You have to choose which platform you use to manage the FirePOWER module.

If you use ASDM (local management) you license the module from there and only manage it there.

If you use FMC then you must register the module to FMC via the device management menu and define the FMC registration at the module with the 'configure manager add...' command. Likewise, if you are using that mode, FMC is the one and only place you manage the module.

If you start with ASDM and later decide to use FMC, you must rehost the licenses (via Cisco licensing portal) on FMC and then no longer use ASDM for management of the FirePOWER module.

In both scenarios the licenses are classic licenses.

Dear Marvin,

Thnx for your kind reply. I have one issue to ask.

I have the ASA 5516 with FP and it is in production now. I do have some policy for traffic and it is deployed in inside, outside and dmz. I want to redirect traffic to firepower now. Shall i do a new service policy or editing existing policy? Does SFR-Fail open  in service policy do the tasks? Another issue is shall i add the current network (Subnet) in firepower or firepower add this automatically when the traffic passes through the module? PLs need your suggestion regarding traffic redirection to firepower.

Have a nice time.

Rajiul

We normally use the global service policy and match all traffic for inspection by the FirePOWER service module (sfr). 

The quick start guide has step by step instructions here:

http://www.cisco.com/c/en/us/td/docs/security/asa/quick_start/sfr/firepower-qsg.html#pgfId-150498

For cli instructions, you can see the configuration guide here:

http://www.cisco.com/c/en/us/support/docs/security/asa-firepower-services/118644-configure-firepower-00.html#anc12

Hi Marvin Rhoads,

i have ASA 5525X with bundle ,i am facing a problem with license , when i entered the license of firepower via ASDM but when i registers the device in firepower management center it shows unlicensed and disappeared check box of services as well .i highly appreciated your help in this regard.

As noted earlier in this thread, if you manage with FMC you cannot also manage with ASDM.

This means tha when you switch from one to the other you must also migrate your licenses to the new management system.

So in your case you need to rehost the licenses onto FMC and then assign them to the newly registered sensor (ASA FirePOWER module).