Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
Bookmark
|
Subscribe
|
5924
Views
5
Helpful
8
Replies

FTDv w/FDM smart licensing question

Go to solution
west33637
Level 1
Level 1

‎08-05-2019 11:52 AM - edited ‎02-21-2020 09:22 AM

Hello all. I have a client who requires an air-gap FTDv deployment. They are using FDM for management. This client cannot use a satellite server, they don't want any communication over the Internet. I know that software version 6.3 provides an air-gap solution using Specific License reservation, but I only see documentation of this with an FMC deployment. 

 

Can the Firepower Device Manager do this Specific License reservation deployment? Or does it need an Internet connection? What are my options in an air-gapped environment that does not use an FMC for management?

 

Thanks,

1 person had this problem
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Marvin Rhoads
Hall of Fame
Hall of Fame
In response to west33637

‎08-05-2019 05:57 PM

As far as I know, using an explicitly defined proxy server is not currently supported. A transparent one should work.

View solution in original post

0 Helpful
8 Replies 8

Go to solution
Marvin Rhoads
Hall of Fame
Hall of Fame

‎08-05-2019 04:38 PM - edited ‎02-05-2020 04:00 AM

Firepower Device Manager (as of the current 6.4.0.3) continues to require either direct Internet access or a Satellite server for Smart Licensing of the FTD device.

I've not heard of plans to change this in the short term. So, for now, FMC management with Specific License Reservation is the only option once the 90-day evaluation license expires.

 

(edit - as of 2020-02-05 a satellite server is not supported with FDM)

Go to solution
nwsplus10
Level 1
Level 1
In response to Marvin Rhoads

‎08-05-2019 04:52 PM - edited ‎08-05-2019 05:00 PM

oops

0 Helpful

Go to solution
west33637
Level 1
Level 1
In response to Marvin Rhoads

‎08-05-2019 05:04 PM

Can they access through a proxy server? Thanks?
0 Helpful

Go to solution
Marvin Rhoads
Hall of Fame
Hall of Fame
In response to west33637

‎08-05-2019 05:57 PM

As far as I know, using an explicitly defined proxy server is not currently supported. A transparent one should work.

0 Helpful

Go to solution
tilo.harder
Level 1
Level 1
In response to Marvin Rhoads

‎02-04-2020 09:14 PM

Hello Marvin,

You stated "Firepower Device Manager (as of the current 6.4.0.3) continues to require either direct Internet access or a Satellite server for Smart Licensing of the FTD device."

Where in FDM can you register with a Satellite?

0 Helpful

Go to solution
Marvin Rhoads
Hall of Fame
Hall of Fame
In response to tilo.harder

‎02-05-2020 03:57 AM

I apologize - I was mistaken earlier.

I recently confirmed with Cisco that Satellite server smart licensing is NOT currently an option when you use FDM management (as of 6.5.0.2 / February 2020). I've suggested that they consider adding the feature but I'm just one voice. If it's important to you, please provide the feedback via your Cisco account manager or partner.

0 Helpful

Go to solution
jimmycher
Level 1
Level 1
In response to Marvin Rhoads

‎04-04-2020 02:28 PM

I've worked on many programs that are air-gapped, and once inside the secured network, devices can never be brought out, (without an act of God).  It should be pretty simple to get a FDM on-prem license, but it's taken me weeks to get it figure out (still haven't).  The fact that FDM uses "management" port in completly seperate contexts makes everything that much harder.  Logically splitting the physical management port is totally asinine.  If you have the chance,  use the ASA, and stay away from FirePower devices.

0 Helpful

Go to solution
Peter Koltl
Level 7
Level 7

‎12-11-2019 04:55 AM

How to register FDM to a satellite server?

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card
Top