Solved: Re: FTD Smart Licensing Offline Activation

taro75 · ‎04-10-2023

If I have to deploy FTD in an offline (no active internet) how can I activate the smart licenses? Is there any specific part number I can order during the procurement for offline license activation?

Marvin Rhoads · ‎04-15-2023

Internet connectivity is not mandatory during the 90-day evaluation period.

If you require a licensed device past the 90-day period you have two options:

1. The Smart Software Manager (SSM) satellite server as mentioned already in this thread by @Rob Ingram

2. Permanent License Reservation (PLR) - a scheme that requires Cisco account manager to sponsor you for approval and is typically only granted for government and military systems that are kept totally apart from the Internet for security purposes. Details on that can be found here:

https://www.cisco.com/c/en/us/td/docs/security/firepower/660/fdm/fptd-fdm-config-guide-660/fptd-fdm-license.html#id_123878

View solution in original post

Rob Ingram · ‎04-10-2023

@taro75 You can use the Smart Software Manager satellite, which is installed on the customer premises.

https://www.cisco.com/c/en/us/td/docs/wireless/technology/mesh/8-2/b_Smart_Licensing_Deployment_Guide.html

https://www.cisco.com/c/en/us/support/cloud-systems-management/smart-software-manager-satellite/series.html#~tab-downloads

Marvin Rhoads · ‎04-10-2023

Additionally, it will work with the included evaluation license for up to 90 days. No Internet is required for that.

Marius Gunnerud · ‎04-11-2023

Keep in mind also that the FMC will need intermittent access to internet or the smart license satellite server to be able to check and update license status.

--
Please remember to select a correct answer and rate helpful posts

taro75 · ‎04-15-2023

My query is that I do not have any Internet connectivity from firewall to the Internet, is it not possible to get the licenses from Cisco which does not require any Internet connectivity. I can update the IPS signatures offline. Is the Internet connection and verification mandatory with new devices?

Marvin Rhoads · ‎04-15-2023

Internet connectivity is not mandatory during the 90-day evaluation period.

If you require a licensed device past the 90-day period you have two options:

1. The Smart Software Manager (SSM) satellite server as mentioned already in this thread by @Rob Ingram

2. Permanent License Reservation (PLR) - a scheme that requires Cisco account manager to sponsor you for approval and is typically only granted for government and military systems that are kept totally apart from the Internet for security purposes. Details on that can be found here:

https://www.cisco.com/c/en/us/td/docs/security/firepower/660/fdm/fptd-fdm-config-guide-660/fptd-fdm-license.html#id_123878

taro75 · ‎04-15-2023

I need PLR, I believe it's a zero cost item. I need this because firewalls are in plant (OT) setup. Is there any restrictions in getting this license?

Also with smartnet, I am entitled to download FTD OS, SRU VDB, GEODB, LSP etc.

So if I purchase PLR SKU with smartnet contract, what are the other benefits do I get buy purchasing subscription for Threat Defense/URL/Malware etc.

Marvin Rhoads · ‎04-16-2023

The PLR SKU only entitles your Smart Account for downloading that special license type.

Smartnet on a given appliance entitles you to appliance hardware and software (OS, patches, VDB and GeoDB) support, both online and via Cisco TAC.

SRU and LSP are entitlements requiring a Threat (IPS) license. URL License allows you to create policies based on URL categories. Malware license allows you to create File policies that investigate observable files for malware.

taro75 · ‎04-16-2023

My requirement, our firewalls are in offline (no Internet connectivity) environment. In this case I will get smartnet contract support and PLR SKU. I will download the IPS signatures manually, put it in a USB disk and upload to firewall using FDM. Is this achievable?