cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
895
Views
4
Helpful
3
Replies

License for Cisco ASA 5516 Firepower IPS, AMP and URL

Hello all,

My company is having two ASA5516 firewalls. It was installed with IPS as well as using the FMCv, and also enabled with Cisco AnyConnect too. All are licensed.

I was wondering if this Cisco ASA5516 FirePower IPS, AMP and URL license [L-ASA5516-TAMC=] can be taken away, so the Cisco Firewalls can keep on running?

The reason is that the licenses are going to be renew in about two months time. However, we are undergoing a discussion to upgrade our firewalls into another models or even other brands. It could take around 2 to 3 months until the new firewalls deployed.

So it could be a bit waste if we decided not to go further on keeping this firewalls as you know this licenses costs much when comparing to the other Nexus switches. So we can keep our firewalls running as is, and without those features only for less than a month, it should be fine. I just worry about if the firewall cannot run without the feature enabled etc.

Thanks in advance.

Timothy

1 Accepted Solution
3 Replies 3

Thanks a lot.

If I am not wrong, most of the features can still be used. The only thing is either cannot update the database from the latest. Some features cannot be used or being outdated if the time period passed for some time, the system will prompt me for this alert.

Regards,

Timothy

If the licenses expire the firewall will continue to operate as normal.  However, as you mentioned, everything that require a subscription will no longer work.  That would mean VDB updates, Geolocation updates AMP cloud based services.  Another thing you will need to consider is that if any of your ACP rules are configured to use either IPS, AMP, or URL filtering, that requires one of these licenses, you will not be able to deploy any configuration changes until you have removed these from all configuration.

If you do not expect to make any changes during the 2 - 3 months before changing the firewalls, then you can just let the firewalls run until they are swapped out.

--
Please remember to select a correct answer and rate helpful posts
Review Cisco Networking for a $25 gift card