Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
3252
Views
0
Helpful
7
Replies

ISE-PIC licensing with Cisco Firepower

mjohnston@ncta.com
Level 1
Level 1

‎03-11-2022 12:26 PM

We recently updated our Cisco Firepower FMC and ASA sensor to version 7.X and realized the the User Agent software is no longer supported. I've been researching this and it seems that the new alternative is to use the ISE product. We have active support for the FMC and the ASA's. Is licensing for ISE included with the firepower licensing? We really only use for correlation between user logins and any detected events but it would be nice to have that functionality.

0 Helpful
7 Replies 7

tjezer
Level 1
Level 1

‎03-11-2022 01:34 PM

Hi mjohnston@ncta.com ,

It's correct, the user agent is reaching its end of support period. FMC version 6.6 is the last version with which you can enable the user agent.

To get the Active Directory passive authentication, you'll need to install the ISE-PIC.

After install this VM, you can use the evaluation license for 90 days, and then you'll need to buy the licenses as below:

R-ISE-PIC-VM-K9= (just for 3k parallel sessions);

L-ISE-PIC-UPG= (300k parallel sessions);

Note that I'm assuming you haven't an active ISE on your network.

Hope this helps!

Regards,

0 Helpful

Massimo Baschieri
Level 3
Level 3

‎03-11-2022 10:07 PM

if your fmc is under smartnet you can have ise-pic license for free, there is a specific code to order which I can't remember, but I'm sure that with a quick search you'll find it

0 Helpful

hslai
Cisco Employee
Cisco Employee

‎03-12-2022 06:13 PM

The info is in End-of-Life and End-of-Support for the Cisco Firepower User Agent 

0 Helpful

Marvin Rhoads
Hall of Fame
Hall of Fame

‎03-14-2022 03:05 AM

The free ISE-PIC offer is only for customers who have purchased hardware FMC or FMCv 300. The SKU for that is L-FMC-ISE-PIC.

Otherwise it must be purchased using the SKUs @tjezer mentioned.

0 Helpful

twbrooks4
Level 1
Level 1
In response to Marvin Rhoads

‎09-11-2025 08:41 PM - edited ‎09-11-2025 08:59 PM

Marvin, does that make sense from a Cisco client satisfaction perspective?
Would Cisco offer ISE-PIC to replace the Firepower User Agent for only the large FMC licenses, but not for small FMC licenses? I'm not so sure.

If you revisit page 4 of the bulletin. https://www.cisco.com/c/en/us/products/collateral/security/firesight-management-center/bulletin-c25-744508.pdf 

It states that FMC PIDs not listed in the Table above ... please use the standard ISE-PIC PIDs. R-ISE-PIC-VM-K9 (under 3k) and L-ISE-PIC-UPG= for (Up to 300k) - 

As long as the FMC Support Contract is in force, it does not exclude any FMC PIDs.

The bulletin is truly hard to read. 

 

0 Helpful

Marvin Rhoads
Hall of Fame
Hall of Fame
In response to twbrooks4

‎09-12-2025 08:46 AM

@twbrooks4 you are asking about a 4-year old issue. Since then, Cisco has added the FREE "User Control with the Passive Identity Agent" feature, available in FMC 7.6 and later. 

Reference: https://www.cisco.com/c/en/us/td/docs/security/secure-firewall/management-center/device-config/760/management-center-device-config-76/m_user-control-with-the-passive-identity-agent.html

0 Helpful

Chakshu Piplani
Cisco Employee
Cisco Employee

‎03-14-2022 09:01 AM

You can refer to this doc:

https://www.cisco.com/c/en/us/products/collateral/security/firesight-management-center/bulletin-c25-744508.pdf

 

Customers with a physical or virtual (FMCv25, FMCv300) Firepower Management Center appliance as mentioned in Table 1 with active support contracts will be eligible to receive Cisco ISE-PIC at no additional cost.

 

Regards,

Chakshu

 

Hope that helps!

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card