Solved: Re: FMC Licensing

revrider87 · ‎01-13-2020

Hello,

First post here and I'm hoping someone can provide a bit of guidance.

I've searched around and discussed with my peers and we all seem to have conflicting information around the FMC licensing. I have a customer who currently has 2 5525X's with TAMC that are centrally managed from an 1 virtual FMC that is licensed for 2 devices.

The customer now wants to spin up a very small 3rd site with a 5506X with TAMC that is also managed from the FMC. My impression is that I need to upgrade them from the 2 device license to the 10 device license FS-VMW-10-SW-K9.

.

One of my peers indicated that the "control" license that comes with the firewall can be used in place of this license. My understanding is the control license allows the customer to manage smaller instances locally through the ASDM and that if we want to use the FMC then we will still need to license the additional device attaching to the FMC per this document.

https://www.cisco.com/c/en/us/td/docs/security/firepower/roadmap/firepower-licenseroadmap.html

Based on this link https://www.cisco.com/c/en/us/td/docs/security/firesight/541/firepower-module-user-guide/asa-firepower-module-user-guide-v541/Licensing.html

it does not look like the control license has anything to do with the FMC's ability to manage the firewall.

Thanks for reading!

Sheraz.Salim · ‎01-13-2020

The customer now wants to spin up a very small 3rd site with a 5506X with TAMC that is also managed from the FMC. My impression is that I need to upgrade them from the 2 device license to the 10 device license FS-VMW-10-SW-K9.

Correct

One of my peers indicated that the "control" license that comes with the firewall can be used in place of this license. My understanding is the control license allows the customer to manage smaller instances locally through the ASDM and that if we want to use the FMC then we will still need to license the additional device attaching to the FMC per this document.

https://www.cisco.com/c/en/us/td/docs/security/firepower/roadmap/firepower-licenseroadmap.html

if you are going to manage the 5506-x sfr module from FMC in that case you need TMAC license for 5506-x.

Based on this link https://www.cisco.com/c/en/us/td/docs/security/firesight/541/firepower-module-user-guide/asa-firepower-module-user-guide-v541/Licensing.html

it does not look like the control license has anything to do with the FMC's ability to manage the firewall.

cisco licensing is sometime confusing or not very clear. you need tmac as i said earlier. also note the 5506-x can only support firepower module version 6.2.3 with ASA code 9.9. here

please do not forget to rate.

View solution in original post

Sheraz.Salim · ‎01-13-2020

The customer now wants to spin up a very small 3rd site with a 5506X with TAMC that is also managed from the FMC. My impression is that I need to upgrade them from the 2 device license to the 10 device license FS-VMW-10-SW-K9.

Correct

One of my peers indicated that the "control" license that comes with the firewall can be used in place of this license. My understanding is the control license allows the customer to manage smaller instances locally through the ASDM and that if we want to use the FMC then we will still need to license the additional device attaching to the FMC per this document.

https://www.cisco.com/c/en/us/td/docs/security/firepower/roadmap/firepower-licenseroadmap.html

if you are going to manage the 5506-x sfr module from FMC in that case you need TMAC license for 5506-x.

Based on this link https://www.cisco.com/c/en/us/td/docs/security/firesight/541/firepower-module-user-guide/asa-firepower-module-user-guide-v541/Licensing.html

it does not look like the control license has anything to do with the FMC's ability to manage the firewall.

cisco licensing is sometime confusing or not very clear. you need tmac as i said earlier. also note the 5506-x can only support firepower module version 6.2.3 with ASA code 9.9. here

please do not forget to rate.