cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
701
Views
0
Helpful
4
Replies

do i require 2 Licences for AMP for 2 x ASA with Firepower HA pair ?

hashimwajid1
Level 3
Level 3

Hi

I am installing 2 x ASA 5525-x with firepower in Active/standby mode. 

i received  

- 1 x PAK for FMC

- 1 x PAK for protection (IPS & AMP)

- 2 x PAK for control  

i added these licences in FMC. after that i added 1st ASA into FMC and assigned Protection, Control & AMP licences. 

while adding 2nd ASA into FMC, It dont show me the option for AMP licence for 2nd device. do i need another PAK for AMP for 2nd device ?

also i got 1 PAK for IPS (protection) but i am able to use it for both devices ? why 

do i need 2 licence (PAK) for AMP for 2 ASA in HA ?

i am using FMC 6.2.1, ASA 9.6.3, SFR 6.2 

while adding FMC Licence, it says i dont need licencing for FMC version that are higher then 6.0 ?

thanks 

                 

                

2 Accepted Solutions

Accepted Solutions

Marvin Rhoads
Hall of Fame
Hall of Fame

You do require a separate subscription (IPS) and PAK (AMP) for each FirePOWER module.

The IPS does not require a PAK or license applied but the terms and conditions you agree to tell you that the subscription is limited to to the devices for which you have purchased a subscription.

http://www.cisco.com/c/dam/en_us/about/doing_business/legal/seula/FirePOWER-services-for-ASA-SEULA.pdf

The AMP license for the second module will need to have its own separate PAK redeemed and license applied from FMC.

FMC is still a licensed product since 6.0 but Cisco does not enforce it via the classic license process. If you use the it with the Smart license portal (for FTD devices etc.), it will show up as licensed there.

View solution in original post

You're welcome.

If you have only redeemed one of two available AMP licenses using your 2-device PAK then - yes - you should be able to go back to the Cisco software traditional licensing portal, redeem the second license and upload it into FMC. After doing that you will be able to apply it to your second FirePOWER module and deploy file policies that require that license.

It is not required to register the FMC (as of version 6.0 and later) license via the classic license method. If you are not using Smart licenses for any of your devices then it is not required to register the FMC license at all. In fact, FMC will not accept a new classic license for itself.

View solution in original post

4 Replies 4

Marvin Rhoads
Hall of Fame
Hall of Fame

You do require a separate subscription (IPS) and PAK (AMP) for each FirePOWER module.

The IPS does not require a PAK or license applied but the terms and conditions you agree to tell you that the subscription is limited to to the devices for which you have purchased a subscription.

http://www.cisco.com/c/dam/en_us/about/doing_business/legal/seula/FirePOWER-services-for-ASA-SEULA.pdf

The AMP license for the second module will need to have its own separate PAK redeemed and license applied from FMC.

FMC is still a licensed product since 6.0 but Cisco does not enforce it via the classic license process. If you use the it with the Smart license portal (for FTD devices etc.), it will show up as licensed there.

hi  marvin

I confirmed that the 1 PAK I received from cisco for IPS & AMP, is actually for 2 devices. but I did mistake and did not select 2 devices while registering on cisco licensing portal for this 1 PAK. this is the reason I am not able to select AMP for 2nd device.

can I download again the license for 2nd device while using already used PAK ( this PAK is for 2 devices, but I used for 1 device)  in cisco site ?

thanks in advance

2nd question

do I register FMC with licensing with smart license, is it compulsory to register FMC, as this FMC is for 10 devices license, but I am not able register it via classic license.

 

You're welcome.

If you have only redeemed one of two available AMP licenses using your 2-device PAK then - yes - you should be able to go back to the Cisco software traditional licensing portal, redeem the second license and upload it into FMC. After doing that you will be able to apply it to your second FirePOWER module and deploy file policies that require that license.

It is not required to register the FMC (as of version 6.0 and later) license via the classic license method. If you are not using Smart licenses for any of your devices then it is not required to register the FMC license at all. In fact, FMC will not accept a new classic license for itself.

hi marvin

you are right, i opened a case with cisco for second AMP licence for 2nd firewall. it seems that i did not receive 2nd license from cisco. 

thanks for your support   

Review Cisco Networking for a $25 gift card