cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
4024
Views
55
Helpful
4
Replies

Is unregistered FTD still functional?

h.dam
Beginner
Beginner

Hello all,

We have a FTD A/P pair registered after purchase. They are working well until last month. They have lost the licenses without reason and became unregistered.

This is the first time I met after more than ten years pratices on Cisco devices.

I'd like to know the following if you guys can help me:

1/ What are the potential causes to make them lost?

2/ If the FTD are unregistered, can they continue to work as before, eg. to permit/deny traffic flow according to the policy? (I noticed that I cannot apply changes)

Thank you very much.

2 Accepted Solutions

Accepted Solutions

Marvin Rhoads
VIP Community Legend VIP Community Legend
VIP Community Legend

You may be affected by this field notice:

https://www.cisco.com/c/en/us/support/docs/field-notices/721/fn72103.html

As you noticed, policy changes are not allowed without any license. Existing Access Control Policies will continue to work.

View solution in original post

Marvin Rhoads
VIP Community Legend VIP Community Legend
VIP Community Legend

I've found that even if you have 7.0.1 you may still need to "remove the certificate file at /etc/sf/gch/call_home_ca and restart the Smart Licensing Agent (sla) process to resume communications with Cisco Smart Software Manager (CSSM)".

Please refer to the field notice that I linked earlier for the step-by-step instructions.

View solution in original post

4 Replies 4

Marvin Rhoads
VIP Community Legend VIP Community Legend
VIP Community Legend

You may be affected by this field notice:

https://www.cisco.com/c/en/us/support/docs/field-notices/721/fn72103.html

As you noticed, policy changes are not allowed without any license. Existing Access Control Policies will continue to work.

Hello Marvin,

Thank you very much for the document.

My FTDs are v7.0.1.But I didn't find this version in the document.

As I understood, there are two solutions. 1/ software upgrade 2/ import the IdenTrust Commercial CA certificate

In my case, which solution do I need to do?

 

Regards

Marvin Rhoads
VIP Community Legend VIP Community Legend
VIP Community Legend

I've found that even if you have 7.0.1 you may still need to "remove the certificate file at /etc/sf/gch/call_home_ca and restart the Smart Licensing Agent (sla) process to resume communications with Cisco Smart Software Manager (CSSM)".

Please refer to the field notice that I linked earlier for the step-by-step instructions.

OK

Thank you very much.

 

Regards

 

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Recognize Your Peers