Re: Firepower Management center

seckka21 · ‎07-15-2021

Hi

I have a firepower management center with an evaluation licence.i have two ASA with no licence.i have creeate an ips policy but every time i want to deploy it i have that error.i wonder if the ASA really need a licence if i want to deploy ips policy.

rhuysmans · ‎07-15-2021

Hi, not sure if you're using a FirePower module on a 5525 ASA or have re-imaged your 5525 to use the FTD image.

If you want to apply any policy from the FMC you will need to purchase the appropriate licenses from Cisco. Here's a list of those licenses :-

L-ASA5525-TA=
Cisco ASA5525 FirePOWER IPS License

L-ASA5525-TAC=
Cisco ASA5525 FirePOWER IPS and URL Licenses

L-ASA5525-TAM=
Cisco ASA5525 FirePOWER IPS and AMP Licenses

L-ASA5525-TAMC=
Cisco ASA5525 FirePOWER IPS, AMP and URL Licenses

L-ASA5525T-T=
Cisco ASA5525 Threat Defense Threat Protection License

L-ASA5525T-TM=
Cisco ASA5525 Threat Defense Threat and Malware License

L-ASA5525T-TC=
Cisco ASA5525 Threat Defense Threat and URL License

L-ASA5525T-TMC=
Cisco ASA5525 Threat Defense Threat, Malware and URL License

The minimum license you need is the L-ASA5525-TA= (ASA5525 FirePOWER IPS License) or the L-ASA5525T-T= (ASA5525 Threat Defense Threat Protection License), dependent on what image you have on the 5525.

Marvin Rhoads · ‎07-15-2021

The no cost Protect+Control license is required to manage (and deploy any policy to) an ASA Firepower service module. that's in addition to the IPS subscription or File (Malware) and URL Filtering licenses mentioned by @rhuysmans

The Protect+Control license is normally provided if the ASA was purchased with the Firepower service module (or an upgrade kit was purchased).

I don't believe new ones can be ordered (even at no cost) since the product is now past end-of-sales.

seckka21 · ‎07-19-2021

ok thanks very much