Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
650
Views
2
Helpful
5
Replies

FTD PAYG licensing in AWS to enable AES256 Encryption

Go to solution
smithy-au
Level 1
Level 1

‎05-26-2025 06:33 PM

I'm trying to test a FTD in AWS. I'm using the PAYG AMI (ami-04d7dfdc0d700e259). I assumed it would include the required licensing as it a PAYG. Fortinet, PAN, F5 etc include the licensing with their PAYG AMIs.

When I try to add a new IKEv2 policy using AES256, I get the following error: "Usable cryptography types are currently restricted by the licensing status of the device"

How do I enable the full license for the PAYG instance? I need to test an IPSec scenario and only need the device for a few days. It's currently using an Evaluation license - how do I make it use the hourly PAYG license from AWS?

Screenshot 2025-05-27 at 11.25.59 am.png

Screenshot 2025-05-27 at 11.31.26 am.png

0 Helpful
2 Accepted Solutions

Accepted Solutions

Go to solution
ahollifield
VIP
VIP
In response to smithy-au

‎05-28-2025 05:03 AM

No. But it's not about the license. It's about the export control features. Cisco must make sure you are a company who is able to and located in a geography that is allowed to use advanced encryption algorithms.

View solution in original post

Go to solution
Aref Alsouqi
VIP
VIP

‎05-29-2025 02:55 AM

Just to add to what @ahollifield mentioned, the actual licenses will be included in the PAYG subscription, for instance malware, URL filtering, etc will be included without having to buy any smart licenses. However, you still need a smart account to be activate it before you can register the device and it's actually a prerequisite as you can see in the link below:

Cisco Secure Firewall Threat Defense Virtual Getting Started Guide, Version 7.2 and Earlier - Deploy the Threat Defense Virtual on AWS [Cisco Secure Firewall Threat Defense Virtual] - Cisco

View solution in original post

5 Replies 5

Go to solution
ahollifield
VIP
VIP

‎05-27-2025 05:41 AM

You need to register the device to your Smart Account.

0 Helpful

Go to solution
smithy-au
Level 1
Level 1
In response to ahollifield

‎05-27-2025 10:36 PM

But I don't have one. I would have thought the PAYG would cover the license and the compute.

So I need to register for a Smart Account for testing a PAYG instance?

I'm using Terraform to build and automate - can the Smart License also be automated?

0 Helpful

Go to solution
ahollifield
VIP
VIP
In response to smithy-au

‎05-28-2025 05:03 AM

No. But it's not about the license. It's about the export control features. Cisco must make sure you are a company who is able to and located in a geography that is allowed to use advanced encryption algorithms.

Go to solution
smithy-au
Level 1
Level 1

‎05-28-2025 12:31 AM

This is hopeless. I guess I'll stick with my Forti.

0 Helpful

Go to solution
Aref Alsouqi
VIP
VIP

‎05-29-2025 02:55 AM

Just to add to what @ahollifield mentioned, the actual licenses will be included in the PAYG subscription, for instance malware, URL filtering, etc will be included without having to buy any smart licenses. However, you still need a smart account to be activate it before you can register the device and it's actually a prerequisite as you can see in the link below:

Cisco Secure Firewall Threat Defense Virtual Getting Started Guide, Version 7.2 and Earlier - Deploy the Threat Defense Virtual on AWS [Cisco Secure Firewall Threat Defense Virtual] - Cisco

Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card